Nextcloud Talk: fix virtual-background web check by

- adding explicit MIME types for .wasm and .tflite in internal Nginx
- relaxing CSP (script-src: allow 'unsafe-eval') for WebAssembly
- removing obsolete turnserver draft.
Details: https://chatgpt.com/share/68d7dd39-50b8-800f-ab59-cfb1d3cf07cb

roles/web-app-nextcloud/config/main.yml

@@ -3,9 +3,11 @@ server:
   csp:
     flags:
       style-src:
-        unsafe-inline: true
+        unsafe-inline:  true
       script-src-elem:
-        unsafe-inline: true
+        unsafe-inline:  true
+      script-src:
+        unsafe-eval:    true
     whitelist:
       font-src:
         - "data:"
@@ -21,44 +23,44 @@ server:
     aliases: []
 docker:
   volumes:
-    data: nextcloud_data
+    data:                   nextcloud_data
   services:
     redis:
-      enabled: true
+      enabled:              true
     database:
-      enabled: true
+      enabled:              true
     nextcloud:
-      name:               "nextcloud"
+      name:                 "nextcloud"
-      image:              "nextcloud"
+      image:                "nextcloud"
-      version:            "production-fpm-alpine"
+      version:              "production-fpm-alpine"
       backup:
-        no_stop_required: true
+        no_stop_required:   true
-      cpus:               "2.0"
+      cpus:                 "2.0"
-      mem_reservation:    "2g"
+      mem_reservation:      "2g"
-      mem_limit:          "3g"
+      mem_limit:            "3g"
-      pids_limit:         512
+      pids_limit:           512
     proxy: 
-      name:               "nextcloud-proxy"
+      name:                 "nextcloud-proxy"
-      image:              "nginx"
+      image:                "nginx"
-      version:            "alpine"
+      version:              "alpine"
       backup:
-        no_stop_required: true
+        no_stop_required:   true
     cron:
-      name:               "nextcloud-cron"
+      name:                 "nextcloud-cron"
     talk:
-      name:               "nextcloud-talk"
+      name:                 "nextcloud-talk"
-      image:              "nextcloud/aio-talk"
+      image:                "nextcloud/aio-talk"
-      version:            "latest"
+      version:              "latest"
       backup:
-        no_stop_required: false
+        no_stop_required:   false
       turn_server:
         onboard_enabled:    true
         standalone_enabled: true
       network_mode:         host
     whiteboard:
-      name:               "nextcloud-whiteboard"
+      name:                 "nextcloud-whiteboard"
-      image:              "ghcr.io/nextcloud-releases/whiteboard"
+      image:                "ghcr.io/nextcloud-releases/whiteboard"
-      version:            "latest"
+      version:              "latest"
       backup:
         no_stop_required: true
   enabled:  "{{ applications | get_app_conf('web-app-nextcloud', 'features.oidc', False) }}"   # Activate OIDC for Nextcloud

roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft

@@ -1,14 +0,0 @@
-<?php
-# Activates the turn server
-# @see https://nextcloud-talk.readthedocs.io/en/latest/TURN/
-
-return [
-  'turn_servers' => [
-    [
-        'host' => 'coturn',
-        'port' => {{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }},
-        'secret' => 'my-secret-key',
-        'protocols' => 'udp,tcp'
-    ],
-  ],
-];

roles/web-app-nextcloud/templates/nginx/docker.conf.j2

@@ -18,7 +18,9 @@ http {
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
     types {
-        application/javascript mjs;
+        application/javascript   mjs;
+        application/wasm         wasm;
+        application/octet-stream tflite;
     }
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '