Nextcloud: integrate Talk & Whiteboard; adjust ports & healthchecks

- Enable Spreed (Talk); signaling via /standalone-signaling/ - STUN/TURN: move STUN to 3480 (3479 occupied by BBB), keep TURN 5350 reserved - docker-compose: expose internal WS ports; explicit TURN port mapping - Healthchecks: add nc-based TCP checks (roles/docker-container/templates/healthcheck/nc.yml.j2) - Nginx: location proxy to talk:8081 - Schema: add talk_* secrets (turn/signaling/internal) - Plugins: configure spreed/whiteboard via vars/*; remove old task files - Ports matrix (group_vars/all/09_ports.yml) updated/commented Conversation: https://chatgpt.com/share/68b61a6a-e1dc-800f-b793-4aa600bc0166
2025-09-10 04:25:20 +02:00 · 2025-09-02 00:13:23 +02:00
parent 7ca8b7c71d
commit ce3fe1cd51
13 changed files with 107 additions and 51 deletions
--- a/roles/web-app-nextcloud/vars/main.yml
+++ b/roles/web-app-nextcloud/vars/main.yml
@@ -63,9 +63,13 @@ NEXTCLOUD_TALK_IMAGE:               "{{ applications | get_app_conf(application_
 NEXTCLOUD_TALK_VERSION:             "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}"
 NEXTCLOUD_TALK_ENABLED:             "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}"
 NEXTCLOUD_TALK_STUN_PORT:           "{{ ports.public.stun[application_id] }}"
-NEXTCLOUD_TALK_WS_PORT:             "{{ ports.localhost.websocket[application_id] }}"
-NEXTCLOUD_TALK_DOMAIN:              "{{ domains[application_id].talk }}"
+NEXTCLOUD_TALK_DOMAIN:              "{{ NEXTCLOUD_DOMAIN }}"
+NEXTCLOUD_TALK_LOCATION:            "/standalone-signaling/"
+NEXTCLOUD_TALK_URL:                 "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_LOCATION ] | url_join }}"
+NEXTCLOUD_TALK_INTERNAL_PORT:       "8081"
+NEXTCLOUD_TALK_INT_TURN_PORT:       "3478"

+### Whiteboard
 NEXTCLOUD_WHITEBOARD_CONTAINER:     "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.name') }}"
 NEXTCLOUD_WHITEBOARD_IMAGE:         "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.image') }}"
 NEXTCLOUD_WHITEBOARD_VERSION:       "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.version') }}"
@@ -77,7 +81,6 @@ NEXTCLOUD_WHITEBOARD_URL:           "{{ [ NEXTCLOUD_URL, NEXTCLOUD_WHITEBOARD_LO

 ### Collabora
 NEXTCLOUD_COLLABORA_URL:            "{{ domains | get_url('web-svc-collabora', WEB_PROTOCOL) }}"
-# NEXTCLOUD_COLLABORA_ENABLED:        "{{ applications | get_app_conf(application_id, 'plugins.richdocuments.enabled') }}"

 ## User Configuration
 NEXTCLOUD_DOCKER_USER_id:           82                                                            # UID of the www-data user
--- a/roles/web-app-nextcloud/vars/plugins/spreed.yml
+++ b/roles/web-app-nextcloud/vars/plugins/spreed.yml
@@ -0,0 +1,23 @@
+plugin_configuration:
+  - appid: "spreed"
+    configkey: "signaling_servers"
+    configvalue:
+      - server: "{{ NEXTCLOUD_TALK_URL }}"
+        verify: true
+        # optional:
+        alias: "primary"
+
+  # STUN
+  - appid: "spreed"
+    configkey: "stun_servers"
+    configvalue:
+      - "stun:{{ NEXTCLOUD_TALK_DOMAIN }}:{{ NEXTCLOUD_TALK_STUN_PORT }}"
+
+  # TURN with REST-Secret (used by Talk/Coturn)
+  - appid: "spreed"
+    configkey: "turn_servers"
+    configvalue:
+      - server: "turn:{{ NEXTCLOUD_TALK_DOMAIN }}:{{ NEXTCLOUD_TALK_STUN_PORT }}?transport=udp"
+        secret: "{{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') }}"
+        ttl: 86400
+        protocols: "udp,tcp"
--- a/roles/web-app-nextcloud/vars/plugins/whiteboard.yml
+++ b/roles/web-app-nextcloud/vars/plugins/whiteboard.yml
@@ -0,0 +1,8 @@
+plugin_configuration:
+  - appid: "whiteboard"
+    configkey: "collabBackendUrl"
+    configvalue: "{{ NEXTCLOUD_WHITEBOARD_URL }}"
+
+  - appid: "whiteboard"
+    configkey: "jwt_secret_key"
+    configvalue: "{{ NEXTCLOUD_WHITEBOARD_JWT }}"