Refactor TURN/STUN handling:

- Split internal/external Coturn for BBB and Nextcloud
- Added dedicated relay port ranges per app
- Updated env and compose overrides for coturn
- Ensure coturn role is loaded conditionally
- Standardize credential/env passing for coturn
@See https://chatgpt.com/share/68d6f376-4878-800f-b4f7-62822caa49ea

roles/web-svc-coturn/config/main.yml

@@ -1,3 +1,4 @@
+username: coturnconsumer
 server:
   domains:
     canonical:
@@ -10,4 +11,4 @@ docker:
     redis:
       enabled:  false
     database: 
-      enabled:  false
+      enabled:  false

roles/web-svc-coturn/tasks/01_core.yml

@@ -0,0 +1,3 @@
+- name: "Load 'sys-stk-semi-stateless' for '{{ application_id }}'"
+  include_role:
+    name: sys-stk-semi-stateless

roles/web-svc-coturn/tasks/main.yml

@@ -1,4 +1,6 @@
 ---
-- name: "Load 'sys-stk-semi-stateless' for '{{ application_id }}'"
-  include_role:
-    name: sys-stk-semi-stateless
+- block:
+  - name: "Load core functions for '{{ application_id }}'"
+    include_tasks: 01_core.yml
+  - include_tasks: utils/run_once.yml
+  when: run_once_web_svc_coturn is not defined

roles/web-svc-coturn/templates/docker-compose.yml.j2

@@ -11,17 +11,19 @@
       - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/tcp"
       - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/udp"
       - "{{ COTURN_RELAY_PORT_RANGE }}/udp"
+      - "{{ COTURN_TLS_CERT_PATH }}:{{ COTURN_TLS_CERT_PATH }}:ro"
+      - "{{ COTURN_TLS_KEY_PATH }}:{{ COTURN_TLS_KEY_PATH }}:ro"
     command: >
       --use-auth-secret
-      --static-auth-secret={{ COTURN_STATIC_AUTH_SECRET }}
+      --static-auth-secret=${ COTURN_STATIC_AUTH_SECRET }
       --lt-cred-mech
-      --user={{ COTURN_USER_NAME }}:{{ COTURN_USER_PASSWORD }}
+      --user=${ COTURN_USER_NAME }:${ COTURN_USER_PASSWORD }
       --log-file=stdout
       --external-ip={{ networks.internet.ip4 }}
 {% if networks.internet.ip6|default('') %}
       --external-ip={{ networks.internet.ip6 }}
 {% endif %}
-      --realm={{ COTURN_REALM }}
+      --realm=${ COTURN_REALM }
       --fingerprint
       --total-quota=100
       --stale-nonce

roles/web-svc-coturn/templates/env.j2

@@ -0,0 +1,4 @@
+COTURN_STATIC_AUTH_SECRET={{ COTURN_STATIC_AUTH_SECRET }}
+COTURN_USER_NAME={{ COTURN_USER_NAME }}
+COTURN_USER_PASSWORD={{ COTURN_USER_PASSWORD }}
+COTURN_REALM={{ COTURN_REALM }} 

roles/web-svc-coturn/vars/main.yml

@@ -19,7 +19,7 @@ COTURN_RELAY_PORT_END:      "{{ ports.public.relay_port_ranges[application_id ~
 COTURN_RELAY_PORT_RANGE:    "{{ COTURN_RELAY_PORT_START }}-{{ COTURN_RELAY_PORT_END }}"
 
 ## Credentials 
-COTURN_USER_NAME:           "{{ applications | get_app_conf(application_id, 'credentials.user_name') }}"
+COTURN_USER_NAME:           "{{ applications | get_app_conf(application_id, 'username') }}"
 COTURN_USER_PASSWORD:       "{{ applications | get_app_conf(application_id, 'credentials.user_password') }}"
 COTURN_STATIC_AUTH_SECRET:  "{{ applications | get_app_conf(application_id, 'credentials.auth_secret') }}"