From 9a49e7aa3bcd0a44921695c4b39ecd72f2a5f835 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Fri, 28 Feb 2025 15:00:38 +0100
Subject: [PATCH] Added coturn draft

---
 group_vars/all/07_applications.yml            |  6 ++
 roles/docker-coturn/README.md                 |  9 +++
 roles/docker-coturn/tasks/main.yml            | 14 ++++
 .../templates/docker-compose.yml.j2           | 69 +++++++++++++++++++
 roles/docker-coturn/templates/env.j2          |  0
 roles/docker-coturn/vars/main.yml             |  3 +
 .../config/turnserver.config.php.j2.draft     | 11 +++
 7 files changed, 112 insertions(+)
 create mode 100644 roles/docker-coturn/README.md
 create mode 100644 roles/docker-coturn/tasks/main.yml
 create mode 100644 roles/docker-coturn/templates/docker-compose.yml.j2
 create mode 100644 roles/docker-coturn/templates/env.j2
 create mode 100644 roles/docker-coturn/vars/main.yml
 create mode 100644 roles/docker-nextcloud/templates/config/turnserver.config.php.j2.draft

diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml
index 2ebfa4bb..72cada37 100644
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@@ -63,6 +63,12 @@ defaults_applications:
     database:
       central_storage:                True
 
+  coturn:                     # @todo implement                
+    credentials:
+      user:       turnuser
+      # password:             # Need to be defined in invetory file
+      # secret:               # Need to be defined in invetory file
+
   ## Discourse:
   discourse:
     network:              "discourse_default"     # Name of the docker network
diff --git a/roles/docker-coturn/README.md b/roles/docker-coturn/README.md
new file mode 100644
index 00000000..245777e8
--- /dev/null
+++ b/roles/docker-coturn/README.md
@@ -0,0 +1,9 @@
+# DRAFT role docker-coturn
+setup an coturn server based on https://hub.docker.com/r/coturn/coturn
+
+## todo
+
+Needs to be implemented so that Nextcloud Talk works
+
+## author 
+[Kevin Veen-Birkenbach](https://www.veen.world)
\ No newline at end of file
diff --git a/roles/docker-coturn/tasks/main.yml b/roles/docker-coturn/tasks/main.yml
new file mode 100644
index 00000000..58d85582
--- /dev/null
+++ b/roles/docker-coturn/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: "include docker-central-database"
+  include_role: 
+    name: docker-central-database
+
+- name: "include role nginx-domain-setup for {{application_id}}"
+  include_role:
+    name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
+
+- name: "copy docker-compose.yml and env file"
+  include_tasks: copy-docker-compose-and-env.yml
diff --git a/roles/docker-coturn/templates/docker-compose.yml.j2 b/roles/docker-coturn/templates/docker-compose.yml.j2
new file mode 100644
index 00000000..c8ea6f40
--- /dev/null
+++ b/roles/docker-coturn/templates/docker-compose.yml.j2
@@ -0,0 +1,69 @@
+services:
+
+{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+
+  application:
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+    image: "gitea/gitea:{{applications.gitea.version}}"
+    ports:
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
+      - "{{ports.public.ssh[application_id]}}:22"
+    volumes:
+      - data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://127.0.0.1:3000"]
+      interval: 1m
+      timeout: 10s
+      retries: 3
+{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
+
+{% include 'templates/docker/compose/volumes.yml.j2' %}
+  data:
+
+{% include 'templates/docker/compose/networks.yml.j2' %}
+  coturn:
+    image: coturn/coturn
+    restart: always
+    network_mode: "host"  # Nutzt die Host-IP für externe Erreichbarkeit (optional)
+    ports:
+      - "3478:3478/udp"
+      - "3478:3478/tcp"
+      - "5349:5349/tcp"
+      - "5349:5349/udp"
+      - "49152-65535:49152-65535/udp"  # TURN-Relay-Ports (wichtig!)
+    #volumes:                         # In case customized config is required
+    #   - coturn-config:/etc/coturn
+    environment:
+      - TURN_PORT=3478
+      - TURN_PORT_TLS=5349
+      - TURN_SECRET=my-secret-key
+      - TURN_USER=turnuser
+      - TURN_PASSWORD=turnpassword
+    command: >
+      --log-file=stdout
+      --external-ip=$(detect-external-ip)
+      --lt-cred-mech
+      --user=turnuser:turnpassword
+      --realm=nextcloud
+      --total-quota=100
+      --stale-nonce
+      --no-multicast-peers
+      --denied-peer-ip=0.0.0.0-0.255.255.255
+      --denied-peer-ip=10.0.0.0-10.255.255.255
+      --denied-peer-ip=100.64.0.0-100.127.255.255
+      --denied-peer-ip=169.254.0.0-169.254.255.255
+      --denied-peer-ip=172.16.0.0-172.31.255.255
+      --denied-peer-ip=192.0.0.0-192.0.0.255
+      --denied-peer-ip=192.88.99.0-192.88.99.255
+      --denied-peer-ip=192.168.0.0-192.168.255.255
+      --denied-peer-ip=198.18.0.0-198.19.255.255
+      --denied-peer-ip=198.51.100.0-198.51.100.255
+      --denied-peer-ip=203.0.113.0-203.0.113.255
+      --denied-peer-ip=240.0.0.0-255.255.255.255
+
+volumes:
+  nextcloud:
+  coturn-config:
diff --git a/roles/docker-coturn/templates/env.j2 b/roles/docker-coturn/templates/env.j2
new file mode 100644
index 00000000..e69de29b
diff --git a/roles/docker-coturn/vars/main.yml b/roles/docker-coturn/vars/main.yml
new file mode 100644
index 00000000..4e8722ac
--- /dev/null
+++ b/roles/docker-coturn/vars/main.yml
@@ -0,0 +1,3 @@
+application_id:     "coturn"
+#database_password:  "{{gitea_database_password}}"
+#database_type:      "mariadb"
\ No newline at end of file
diff --git a/roles/docker-nextcloud/templates/config/turnserver.config.php.j2.draft b/roles/docker-nextcloud/templates/config/turnserver.config.php.j2.draft
new file mode 100644
index 00000000..c01f85d4
--- /dev/null
+++ b/roles/docker-nextcloud/templates/config/turnserver.config.php.j2.draft
@@ -0,0 +1,11 @@
+<?php
+# Activates the turn server
+# @see https://nextcloud-talk.readthedocs.io/en/latest/TURN/
+return 'turn_servers' => [
+    [
+        'host' => 'coturn',
+        'port' => 3478,
+        'secret' => 'my-secret-key',
+        'protocols' => 'udp,tcp'
+    ]
+];
\ No newline at end of file