From 75d476267e2d7e377c027f2d0f747abcf8bc0d99 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sat, 27 Sep 2025 12:14:57 +0200 Subject: [PATCH] Optimized Nextcloud variables --- roles/web-app-nextcloud/config/main.yml | 6 +- .../web-app-nextcloud/tasks/01_fullstack.yml | 2 +- roles/web-app-nextcloud/tasks/main.yml | 2 - .../tasks/plugins/spreed.yml | 1 + .../config/turnserver.config.php.j2.draft | 2 +- .../templates/docker-compose.yml.j2 | 14 ++--- roles/web-app-nextcloud/templates/env.j2 | 14 ++--- .../templates/nginx/docker.conf.j2 | 8 +-- roles/web-app-nextcloud/vars/main.yml | 60 +++++++++++-------- .../web-app-nextcloud/vars/plugins/spreed.yml | 2 +- 10 files changed, 60 insertions(+), 51 deletions(-) diff --git a/roles/web-app-nextcloud/config/main.yml b/roles/web-app-nextcloud/config/main.yml index df7a7a96..c429db80 100644 --- a/roles/web-app-nextcloud/config/main.yml +++ b/roles/web-app-nextcloud/config/main.yml @@ -51,8 +51,10 @@ docker: version: "latest" backup: no_stop_required: false - internal: true - network_mode: host + turn_server: + onboard_enabled: true + standalone_enabled: true + network_mode: host whiteboard: name: "nextcloud-whiteboard" image: "ghcr.io/nextcloud-releases/whiteboard" diff --git a/roles/web-app-nextcloud/tasks/01_fullstack.yml b/roles/web-app-nextcloud/tasks/01_fullstack.yml index 9f5cc595..c7493705 100644 --- a/roles/web-app-nextcloud/tasks/01_fullstack.yml +++ b/roles/web-app-nextcloud/tasks/01_fullstack.yml @@ -33,5 +33,5 @@ - name: create internal nextcloud nginx configuration template: src: "nginx/docker.conf.j2" - dest: "{{ [docker_compose.directories.volumes, 'nginx.conf'] | path_join }}" + dest: "{{ NEXTCLOUD_HOST_NGINX_SRC }}" notify: restart nextcloud nginx service diff --git a/roles/web-app-nextcloud/tasks/main.yml b/roles/web-app-nextcloud/tasks/main.yml index 319c373c..800c3f5c 100644 --- a/roles/web-app-nextcloud/tasks/main.yml +++ b/roles/web-app-nextcloud/tasks/main.yml @@ -35,5 +35,3 @@ plugin_key: "{{ plugin_item.key }}" plugin_value: "{{ plugin_item.value }}" when: NEXTCLOUD_PLUGINS_ENABLED - - diff --git a/roles/web-app-nextcloud/tasks/plugins/spreed.yml b/roles/web-app-nextcloud/tasks/plugins/spreed.yml index ad05ff89..5bc34c28 100644 --- a/roles/web-app-nextcloud/tasks/plugins/spreed.yml +++ b/roles/web-app-nextcloud/tasks/plugins/spreed.yml @@ -5,3 +5,4 @@ flush_handlers: true when: - run_once_web_svc_coturn is not defined + - NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED | bool diff --git a/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft b/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft index 5707ae9f..c937f1bc 100644 --- a/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft +++ b/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft @@ -5,7 +5,7 @@ return 'turn_servers' => [ [ 'host' => 'coturn', - 'port' => 3478, + 'port' => {{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}, 'secret' => 'my-secret-key', 'protocols' => 'udp,tcp' ] diff --git a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 b/roles/web-app-nextcloud/templates/docker-compose.yml.j2 index 417c0e1e..d4b98aee 100644 --- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2 @@ -7,9 +7,9 @@ driver: journald restart: {{ DOCKER_RESTART_POLICY }} ports: - - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}" + - "127.0.0.1:{{ NEXTCLOUD_PORT }}:{{ container_port }}" volumes: - - "{{ docker_compose.directories.volumes }}nginx.conf:/etc/nginx/nginx.conf:ro" + - "{{ NEXTCLOUD_HOST_NGINX_SRC }}:/etc/nginx/nginx.conf:ro" volumes_from: - application {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %} @@ -37,9 +37,9 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} ipv4_address: 192.168.102.69 -{% if NEXTCLOUD_TALK_SERVICE_ENABLED %} +{% if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %} talk: -{% set container_port = NEXTCLOUD_TALK_PORT_INTERNAL %} +{% set container_port = NEXTCLOUD_TALK_SIGNALING_PORT %} {% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %} image: "{{ NEXTCLOUD_TALK_IMAGE }}:{{ NEXTCLOUD_TALK_VERSION }}" @@ -48,9 +48,9 @@ network_mode: {{ NEXTCLOUD_TALK_NETWORK_MODE }} {% if NEXTCLOUD_TALK_NETWORK_MODE == 'bridge' %} ports: - - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_INT_TURN_PORT }}/tcp - - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_INT_TURN_PORT }}/udp - - {{ NEXTCLOUD_TALK_RELAY_PORT_RANGE }}:{{ NEXTCLOUD_TALK_RELAY_PORT_RANGE }}/udp + - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}/tcp + - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}/udp + - {{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE }}/udp expose: - "{{ container_port }}" networks: diff --git a/roles/web-app-nextcloud/templates/env.j2 b/roles/web-app-nextcloud/templates/env.j2 index 2fa87660..7b40574a 100644 --- a/roles/web-app-nextcloud/templates/env.j2 +++ b/roles/web-app-nextcloud/templates/env.j2 @@ -24,7 +24,7 @@ MAIL_FROM_ADDRESS= "{{ users['no-reply'].username }}" MAIL_DOMAIN= "{{ SYSTEM_EMAIL.DOMAIN }}" # Initial Admin Data -NEXTCLOUD_ADMIN_USER= "{{ NEXTCLOUD_ADMINISTRATOR_USER }}" +NEXTCLOUD_ADMIN_USER= "{{ NEXTCLOUD_ADMINISTRATOR_USERNAME }}" NEXTCLOUD_ADMIN_PASSWORD= "{{ NEXTCLOUD_ADMINISTRATOR_PASSWORD }}" # Security @@ -43,15 +43,15 @@ REDIS_PORT= 6379 # Talk Configuration NC_DOMAIN={{ NEXTCLOUD_DOMAIN }} TALK_HOST={{ NEXTCLOUD_TALK_DOMAIN }} -TURN_SECRET={{ NEXTCLOUD_TALK_TURN_SECRET }} +TURN_SECRET={{ NEXTCLOUD_TALK_TURN_ONBOARD_SECRET }} SIGNALING_SECRET={{ NEXTCLOUD_TALK_SIGNALING_SECRET }} INTERNAL_SECRET={{ NEXTCLOUD_TALK_INTERNAL_SECRET }} TZ={{ HOST_TIMEZONE }} -TALK_PORT={{ NEXTCLOUD_TALK_INT_TURN_PORT }} -TURN_MIN_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_START }} -TURN_MAX_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_END }} -COTURN_MIN_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_START }} -COTURN_MAX_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_END }} +TALK_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }} +TURN_MIN_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }} +TURN_MAX_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }} +COTURN_MIN_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }} +COTURN_MAX_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }} {% endif %} {% if NEXTCLOUD_WHITEBOARD_ENABLED %} diff --git a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 index c98f6fd7..4bd10531 100644 --- a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 +++ b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 @@ -190,12 +190,12 @@ http { proxy_read_timeout 3600; } -{% if NEXTCLOUD_TALK_SERVICE_ENABLED %} - location {{ NEXTCLOUD_TALK_LOCATION }} { +{% if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %} + location {{ NEXTCLOUD_TALK_SIGNALING_LOCATION }} { {% if NEXTCLOUD_TALK_NETWORK_MODE == 'host' %} - proxy_pass http://host.docker.internal:{{ NEXTCLOUD_TALK_PORT_INTERNAL }}/; + proxy_pass http://host.docker.internal:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/; {% else %} - proxy_pass http://talk:{{ NEXTCLOUD_TALK_PORT_INTERNAL }}/; + proxy_pass http://talk:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/; {% endif %} proxy_http_version 1.1; proxy_set_header Host $host; diff --git a/roles/web-app-nextcloud/vars/main.yml b/roles/web-app-nextcloud/vars/main.yml index 83811f6a..88f0d419 100644 --- a/roles/web-app-nextcloud/vars/main.yml +++ b/roles/web-app-nextcloud/vars/main.yml @@ -8,16 +8,15 @@ database_password: "{{ applications | get_app_conf(application_ database_type: "mariadb" # Database flavor # Nextcloud + ## General NEXTCLOUD_DOMAIN: "{{ domains | get_domain(application_id) }}" NEXTCLOUD_PORT: "{{ ports.localhost.http[application_id] }}" NEXTCLOUD_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" -NEXTCLOUD_PLUGINS_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}" -NEXTCLOUD_ADMINISTRATOR_USERNAME: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}" - ## Plugins NEXTCLOUD_PLUGIN_ITEMS: "{{ applications | get_app_conf(application_id, 'plugins') | dict2items }}" +NEXTCLOUD_PLUGINS_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}" ## Paths @@ -25,6 +24,7 @@ NEXTCLOUD_PLUGIN_ITEMS: "{{ applications | get_app_conf(application_ NEXTCLOUD_HOST_CONF_ADD_PATH: "{{ [ docker_compose.directories.volumes, 'infinito' ] | path_join }}" # This folder is the path to which the additive configurations will be copied NEXTCLOUD_HOST_INCL_PATH: "{{ [ docker_compose.directories.volumes, 'includes.php' ] | path_join }}" # Path to the instruction file on the host. Responsible for loading the additional configurations NEXTCLOUD_HOST_NGINX_PATH: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, NEXTCLOUD_DOMAIN ~ '.conf' ] | path_join }}" # Nginx path for proxy conf +NEXTCLOUD_HOST_NGINX_SRC: "{{ [ docker_compose.directories.volumes, 'nginx.conf' ] | path_join }}" ## Control Node NEXTCLOUD_CNODE_PLUGIN_VARS_PATH: "{{ [role_path, 'vars/plugins/'] | path_join }}" # Folder in which the files for the plugin configuration are stored @@ -38,8 +38,8 @@ NEXTCLOUD_DOCKER_CONF_ADD_PATH: "{{ [ NEXTCLOUD_DOCKER_CONF_DIRECTORY, 'infi NEXTCLOUD_DOCKER_INCL_PATH: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations ## Administrator -NEXTCLOUD_ADMINISTRATOR_USER: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}" NEXTCLOUD_ADMINISTRATOR_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}" +NEXTCLOUD_ADMINISTRATOR_USERNAME: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}" ## Docker @@ -57,29 +57,37 @@ NEXTCLOUD_PROXY_VERSION: "{{ applications | get_app_conf(application_ ### Cron NEXTCLOUD_CRON_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name') }}" -### Talk -#### Service -_NEXTCLOUD_COTURN_STANDALONE_ROLE: 'web-svc-coturn' -NEXTCLOUD_TALK_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}" -NEXTCLOUD_TALK_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}" -NEXTCLOUD_TALK_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}" -NEXTCLOUD_TALK_PLUGIN_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}" -NEXTCLOUD_TALK_SERVICE_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.internal') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}" -NEXTCLOUD_TALK_TURN_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') if NEXTCLOUD_TALK_SERVICE_ENABLED else applications | get_app_conf(_NEXTCLOUD_COTURN_STANDALONE_ROLE, 'credentials.auth_secret') }}" -NEXTCLOUD_TALK_SIGNALING_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_signaling_secret') }}" -NEXTCLOUD_TALK_INTERNAL_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_internal_secret') }}" -NEXTCLOUD_TALK_LOCATION: "/standalone-signaling/" -NEXTCLOUD_TALK_PORT_INTERNAL: "8081" -NEXTCLOUD_TALK_INT_TURN_PORT: "3478" -NEXTCLOUD_TALK_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}" -NEXTCLOUD_TALK_RELAY_PORT_END: "{{ ports.public.relay_port_ranges[application_id ~ '_end' ] }}" -NEXTCLOUD_TALK_RELAY_PORT_RANGE: "{{ NEXTCLOUD_TALK_RELAY_PORT_START }}-{{ NEXTCLOUD_TALK_RELAY_PORT_END }}" -NEXTCLOUD_TALK_NETWORK_MODE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.network_mode') }}" +### Talk -# Connection -NEXTCLOUD_TALK_STUN_PORT: "{{ ports.public.stun_turn[application_id] if NEXTCLOUD_TALK_SERVICE_ENABLED else ports.public.stun_turn[_NEXTCLOUD_COTURN_STANDALONE_ROLE] }}" -NEXTCLOUD_TALK_DOMAIN: "{{ NEXTCLOUD_DOMAIN if NEXTCLOUD_TALK_SERVICE_ENABLED else (domains | get_domain(_NEXTCLOUD_COTURN_STANDALONE_ROLE)) }}" -NEXTCLOUD_TALK_SIGNALING_URL: "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_LOCATION ] | url_join }}" +#### General +NEXTCLOUD_TALK_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}" +NEXTCLOUD_TALK_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}" +NEXTCLOUD_TALK_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}" +NEXTCLOUD_TALK_PLUGIN_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}" +NEXTCLOUD_TALK_NETWORK_MODE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.network_mode') }}" +NEXTCLOUD_TALK_INTERNAL_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_internal_secret') }}" +NEXTCLOUD_TALK_DOMAIN: "{{ NEXTCLOUD_DOMAIN if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else (domains | get_domain(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE)) }}" + +#### Signaling +NEXTCLOUD_TALK_SIGNALING_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_signaling_secret') }}" +NEXTCLOUD_TALK_SIGNALING_LOCATION: "/standalone-signaling/" +NEXTCLOUD_TALK_SIGNALING_PORT: "8081" +NEXTCLOUD_TALK_SIGNALING_URL: "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_SIGNALING_LOCATION ] | url_join }}" + +#### Turn (Onboard) +NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.onboard_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}" +NEXTCLOUD_TALK_TURN_ONBOARD_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else applications | get_app_conf(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE, 'credentials.auth_secret') }}" +NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT: "{{ ports.public.stun_turn[application_id] }}" +NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}" +NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END: "{{ ports.public.relay_port_ranges[application_id ~ '_end' ] }}" +NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE: "{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }}-{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }}" + +#### Stun +NEXTCLOUD_TALK_STUN_PORT: "{{ ports.public.stun_turn[application_id] if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else ports.public.stun_turn[NEXTCLOUD_TALK_TURN_STANDALONE_ROLE] }}" + +#### Coturn (Standalone) +NEXTCLOUD_TALK_TURN_STANDALONE_ROLE: 'web-svc-coturn' +NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.standalone_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}" ### Whiteboard NEXTCLOUD_WHITEBOARD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.name') }}" diff --git a/roles/web-app-nextcloud/vars/plugins/spreed.yml b/roles/web-app-nextcloud/vars/plugins/spreed.yml index 370a8d66..97d3a3d5 100644 --- a/roles/web-app-nextcloud/vars/plugins/spreed.yml +++ b/roles/web-app-nextcloud/vars/plugins/spreed.yml @@ -20,7 +20,7 @@ plugin_configuration: configvalue: "{{ [ { 'server': NEXTCLOUD_TALK_DOMAIN ~ ':' ~ NEXTCLOUD_TALK_STUN_PORT ~ '?transport=udp', - 'secret': NEXTCLOUD_TALK_TURN_SECRET, + 'secret': NEXTCLOUD_TALK_TURN_ONBOARD_SECRET, 'ttl': 86400, 'protocols': 'udp,tcp' }