Optimized Nextcloud variables

Conversation: https://chatgpt.com/share/68d74e25-c068-800f-ae20-d0e34ac8ee12

roles/web-app-bigbluebutton/config/main.yml

@@ -24,8 +24,12 @@ credentials: {}
 docker:
   services:
     bigbluebutton:
-      repository: "https://github.com/kevinveenbirkenbach/bigbluebutton-docker.git"
+      repository:     "https://github.com/kevinveenbirkenbach/bigbluebutton-docker.git"
-      version:    "bbb3.0"
+      version:        "bbb3.0"
+      recording:
+        enabled:      true  # Enable recordings of sessions
+        cleanup:      true  # Auto-Cleanup Recordings
+        max_age_days: 30    # Cleanup recording after this amount of days
     database:
       # This is set to true to pass integration test, doesn't have any other function
       enabled:    true

roles/web-app-bigbluebutton/templates/docker-compose.override.yml.j2

@@ -29,11 +29,6 @@ services:
       --cert=${COTURN_TLS_CERT_PATH}
       --pkey=${COTURN_TLS_KEY_PATH}
 {% endif %}
-{% if BBB_GREENLIGHT_ENABLED | bool %}
-  greenlight:
-{% set container_port = 3000 %}
-{% include 'roles/docker-container/templates/healthcheck/nc.yml.j2' %}
-{% endif %}
 {% if BBB_COLLABORA_ENABLED | bool %}
   bbb-web:
     depends_on:

roles/web-app-bigbluebutton/templates/env.j2

@@ -22,14 +22,9 @@ ENABLE_GREENLIGHT={{ BBB_GREENLIGHT_ENABLED | lower }}
 #ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=true
 
 # Recording
-# IMPORTANT: this is currently a big privacy issues, because it will
+ENABLE_RECORDING={{ BBB_RECORDING_ENABLED | lower }}
-# record everything which happens in the conference, even when the button
+REMOVE_OLD_RECORDING={{ BBB_RECORDING_CLEANUP_ENABLED | lower }}
-# suggets, that it does not.
+RECORDING_MAX_AGE_DAYS={{ BBB_RECORDING_MAX_AGE_DAYS }}
-# https://github.com/bigbluebutton/bigbluebutton/issues/9202
-# make sure that you get peoples consent, before they join a room
-ENABLE_RECORDING=false
-REMOVE_OLD_RECORDING=true
-RECORDING_MAX_AGE_DAYS=365
 
 # ====================================
 # SECRETS
@@ -174,27 +169,17 @@ OAUTH2_REDIRECT=
 # For information about setting up LDAP, see:
 #
 #   https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth
-#
+
-#   LDAP_SERVER=ldap.example.com
-#   LDAP_PORT=389
-#   LDAP_METHOD=plain
-#   LDAP_UID={{ LDAP.USER.ATTRIBUTES.ID }}
-#   LDAP_BASE=dc=example,dc=com
-#   LDAP_AUTH=simple
-#   LDAP_BIND_DN=cn=admin,dc=example,dc=com
-#   LDAP_PASSWORD=password
-#   LDAP_ROLE_FIELD=ou
-#   LDAP_FILTER=(&(attr1=value1)(attr2=value2))
 LDAP_SERVER="{{ LDAP.SERVER.DOMAIN }}"
 LDAP_PORT="{{ LDAP.SERVER.PORT }}"
-LDAP_METHOD=
+# LDAP_METHOD=plain
 LDAP_UID={{ LDAP.USER.ATTRIBUTES.ID }}
 LDAP_BASE="{{ LDAP.DN.ROOT }}"
 LDAP_BIND_DN="{{ LDAP.DN.ADMINISTRATOR.DATA }}"
 LDAP_AUTH=password
 LDAP_PASSWORD="{{ LDAP.BIND_CREDENTIAL }}"
-LDAP_ROLE_FIELD=
+# LDAP_ROLE_FIELD=ou
-LDAP_FILTER=
+# LDAP_FILTER=(&(attr1=value1)(attr2=value2))
 {% endif %}
 
 # ====================================

roles/web-app-bigbluebutton/vars/main.yml

@@ -43,11 +43,16 @@ BBB_RELAY_PORT_START:                 "{{ ports.public.relay_port_ranges[applica
 BBB_RELAY_PORT_END:                   "{{ ports.public.relay_port_ranges[application_id ~ '_end'] }}"
 BBB_RELAY_PORT_RANGE:                 "{{ BBB_RELAY_PORT_START }}-{{ BBB_RELAY_PORT_END }}"
 
-# Collabora
+## Collabora
 BBB_COLLABORA_ENABLED:                "{{ applications | get_app_conf(application_id, 'docker.services.collabora.internal') }}"
 BBB_COLLABORA_URL:                    "{{ 'https://collabora:9980/cool' if BBB_COLLABORA_ENABLED else (domains | get_url('web-svc-collabora', WEB_PROTOCOL)) }}"
 
-## Switchs
+### Recording
+BBB_RECORDING_ENABLED:                "{{ applications | get_app_conf(application_id, 'docker.services.'~ entity_name ~'.recording.enabled') }}"
+BBB_RECORDING_CLEANUP_ENABLED:        "{{ applications | get_app_conf(application_id, 'docker.services.'~ entity_name ~'.recording.cleanup') }}"
+BBB_RECORDING_MAX_AGE_DAYS:           "{{ applications | get_app_conf(application_id, 'docker.services.'~ entity_name ~'.recording.max_age_days') }}"
+
+## Additional Switchs
 
 ### Network
 BBB_IP6_ENABLED:                      "{{ applications | get_app_conf(application_id, 'server.ip6_enabled') }}"
@@ -57,4 +62,4 @@ BBB_GREENLIGHT_ENABLED:               "{{ applications | get_app_conf(applicatio
 
 ### SSO
 BBB_LDAP_ENABLED:                     "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
-BBB_OIDC_ENABLED:                     "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
+BBB_OIDC_ENABLED:                     "{{ applications | get_app_conf(application_id, 'features.oidc') }}"

roles/web-app-nextcloud/config/main.yml

@@ -51,8 +51,10 @@ docker:
       version:            "latest"
       backup:
         no_stop_required: false
-      internal:           false
+      turn_server:
-      network_mode:       host
+        onboard_enabled:    true
+        standalone_enabled: true
+      network_mode:         host
     whiteboard:
       name:               "nextcloud-whiteboard"
       image:              "ghcr.io/nextcloud-releases/whiteboard"

roles/web-app-nextcloud/tasks/01_fullstack.yml

@@ -33,5 +33,5 @@
 - name: create internal nextcloud nginx configuration
   template:
     src:  "nginx/docker.conf.j2" 
-    dest: "{{ [docker_compose.directories.volumes, 'nginx.conf'] | path_join }}"
+    dest: "{{ NEXTCLOUD_HOST_NGINX_SRC }}"
   notify: restart nextcloud nginx service

roles/web-app-nextcloud/tasks/main.yml

@@ -35,5 +35,3 @@
     plugin_key:   "{{ plugin_item.key }}"
     plugin_value: "{{ plugin_item.value }}"
   when: NEXTCLOUD_PLUGINS_ENABLED
-
-

roles/web-app-nextcloud/tasks/plugins/spreed.yml

@@ -5,3 +5,4 @@
     flush_handlers: true
   when:    
     - run_once_web_svc_coturn is not defined
+    - NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED | bool

roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft

@@ -5,7 +5,7 @@
 return 'turn_servers' => [
     [
         'host' => 'coturn',
-        'port' => 3478,
+        'port' => {{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }},
         'secret' => 'my-secret-key',
         'protocols' => 'udp,tcp'
     ]

roles/web-app-nextcloud/templates/docker-compose.yml.j2

@@ -7,16 +7,19 @@
       driver: journald
     restart: {{ DOCKER_RESTART_POLICY }}
     ports:
-      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"
+      - "127.0.0.1:{{ NEXTCLOUD_PORT }}:{{ container_port }}"
     volumes:
-        - "{{ docker_compose.directories.volumes }}nginx.conf:/etc/nginx/nginx.conf:ro"
+        - "{{ NEXTCLOUD_HOST_NGINX_SRC }}:/etc/nginx/nginx.conf:ro"
     volumes_from:
       - application
-
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2'  %}
-{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
     networks:
       default:
         ipv4_address: 192.168.102.67
+{% if NEXTCLOUD_TALK_NETWORK_MODE == 'host' %}
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+{% endif %}
 
   application:
     image: "{{ NEXTCLOUD_IMAGE }}:{{ NEXTCLOUD_VERSION }}"
@@ -34,20 +37,20 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
         ipv4_address: 192.168.102.69
 
-{% if NEXTCLOUD_TALK_SERVICE_ENABLED %}
+{% if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
   talk:
-{% set container_port = NEXTCLOUD_TALK_PORT_INTERNAL %}
+{% set container_port = NEXTCLOUD_TALK_SIGNALING_PORT %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
 {% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
     image: "{{ NEXTCLOUD_TALK_IMAGE }}:{{ NEXTCLOUD_TALK_VERSION }}"
     container_name: {{ NEXTCLOUD_TALK_CONTAINER }}
     init: true
-    network_mode: {{ COTURN_NETWORK_MODE }}
+    network_mode: {{ NEXTCLOUD_TALK_NETWORK_MODE }}
 {% if NEXTCLOUD_TALK_NETWORK_MODE == 'bridge' %}
     ports:
-      - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_INT_TURN_PORT }}/tcp
+      - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}/tcp
-      - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_INT_TURN_PORT }}/udp
+      - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}/udp
-      - {{ NEXTCLOUD_TALK_RELAY_PORT_RANGE }}:{{ NEXTCLOUD_TALK_RELAY_PORT_RANGE }}/udp
+      - {{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE }}/udp
     expose:
       - "{{ container_port }}"
     networks:

roles/web-app-nextcloud/templates/env.j2

@@ -24,7 +24,7 @@ MAIL_FROM_ADDRESS=              "{{ users['no-reply'].username }}"
 MAIL_DOMAIN=                    "{{ SYSTEM_EMAIL.DOMAIN }}"
 
 # Initial Admin Data
-NEXTCLOUD_ADMIN_USER=           "{{ NEXTCLOUD_ADMINISTRATOR_USER }}"
+NEXTCLOUD_ADMIN_USER=           "{{ NEXTCLOUD_ADMINISTRATOR_USERNAME }}"
 NEXTCLOUD_ADMIN_PASSWORD=       "{{ NEXTCLOUD_ADMINISTRATOR_PASSWORD }}"
 
 # Security
@@ -41,18 +41,17 @@ REDIS_PORT=                     6379
 
 {% if NEXTCLOUD_TALK_PLUGIN_ENABLED %}
 # Talk Configuration
-# @todo move it to an own env file for encapsulation reasons
 NC_DOMAIN={{ NEXTCLOUD_DOMAIN }}
 TALK_HOST={{ NEXTCLOUD_TALK_DOMAIN }}
-TURN_SECRET={{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') }}
+TURN_SECRET={{ NEXTCLOUD_TALK_TURN_ONBOARD_SECRET }}
-SIGNALING_SECRET={{ applications | get_app_conf(application_id, 'credentials.talk_signaling_secret') }}
+SIGNALING_SECRET={{ NEXTCLOUD_TALK_SIGNALING_SECRET }}
-INTERNAL_SECRET={{ applications | get_app_conf(application_id, 'credentials.talk_internal_secret') }}
+INTERNAL_SECRET={{ NEXTCLOUD_TALK_INTERNAL_SECRET }}
 TZ={{ HOST_TIMEZONE }}
-TALK_PORT={{ NEXTCLOUD_TALK_INT_TURN_PORT }}
+TALK_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}
-TURN_MIN_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_START }}
+TURN_MIN_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }}
-TURN_MAX_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_END }}
+TURN_MAX_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }}
-COTURN_MIN_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_START }}
+COTURN_MIN_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }}
-COTURN_MAX_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_END }}
+COTURN_MAX_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }}
 {% endif %}
 
 {% if NEXTCLOUD_WHITEBOARD_ENABLED %}

roles/web-app-nextcloud/templates/nginx/docker.conf.j2

@@ -190,9 +190,13 @@ http {
             proxy_read_timeout 3600;
         }
 
-{% if NEXTCLOUD_TALK_SERVICE_ENABLED %}
+{% if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
-        location {{ NEXTCLOUD_TALK_LOCATION }} {
+        location {{ NEXTCLOUD_TALK_SIGNALING_LOCATION }} {
-            proxy_pass         http://talk:{{ NEXTCLOUD_TALK_PORT_INTERNAL }}/;
+{% if NEXTCLOUD_TALK_NETWORK_MODE == 'host' %}
+            proxy_pass http://host.docker.internal:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
+{% else %}
+            proxy_pass http://talk:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
+{% endif %}
             proxy_http_version 1.1;
             proxy_set_header   Host              $host;
             proxy_set_header   Upgrade           $http_upgrade;

roles/web-app-nextcloud/vars/main.yml

@@ -8,16 +8,15 @@ database_password:                  "{{ applications | get_app_conf(application_
 database_type:                      "mariadb"                                                                                   # Database flavor
 
 # Nextcloud 
+
 ## General 
 NEXTCLOUD_DOMAIN:                   "{{ domains | get_domain(application_id) }}"
 NEXTCLOUD_PORT:                     "{{ ports.localhost.http[application_id] }}"
 NEXTCLOUD_URL:                      "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 
-NEXTCLOUD_PLUGINS_ENABLED:          "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}"
-NEXTCLOUD_ADMINISTRATOR_USERNAME:   "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
-
 ## Plugins
 NEXTCLOUD_PLUGIN_ITEMS:             "{{ applications | get_app_conf(application_id, 'plugins') | dict2items }}"
+NEXTCLOUD_PLUGINS_ENABLED:          "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}"
 
 ## Paths
 
@@ -25,6 +24,7 @@ NEXTCLOUD_PLUGIN_ITEMS:             "{{ applications | get_app_conf(application_
 NEXTCLOUD_HOST_CONF_ADD_PATH:       "{{ [ docker_compose.directories.volumes, 'infinito' ] | path_join }}"              # This folder is the path to which the additive configurations will be copied
 NEXTCLOUD_HOST_INCL_PATH:           "{{ [ docker_compose.directories.volumes, 'includes.php' ] | path_join }}"          # Path to the instruction file on the host. Responsible for loading the additional configurations
 NEXTCLOUD_HOST_NGINX_PATH:          "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, NEXTCLOUD_DOMAIN ~ '.conf' ] | path_join }}"  # Nginx path for proxy conf
+NEXTCLOUD_HOST_NGINX_SRC:           "{{ [ docker_compose.directories.volumes, 'nginx.conf' ] | path_join }}" 
 
 ## Control Node
 NEXTCLOUD_CNODE_PLUGIN_VARS_PATH:   "{{ [role_path, 'vars/plugins/'] | path_join }}"                                 # Folder in which the files for the plugin configuration are stored
@@ -38,8 +38,8 @@ NEXTCLOUD_DOCKER_CONF_ADD_PATH:     "{{ [ NEXTCLOUD_DOCKER_CONF_DIRECTORY, 'infi
 NEXTCLOUD_DOCKER_INCL_PATH:         "/tmp/includes.php"                                                   # Path to the temporary file which will be included to the config.php to load the additional configurations
 
 ## Administrator
-NEXTCLOUD_ADMINISTRATOR_USER:       "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
 NEXTCLOUD_ADMINISTRATOR_PASSWORD:   "{{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}"
+NEXTCLOUD_ADMINISTRATOR_USERNAME:   "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
 
 ## Docker
 
@@ -57,25 +57,37 @@ NEXTCLOUD_PROXY_VERSION:            "{{ applications | get_app_conf(application_
 ### Cron
 NEXTCLOUD_CRON_CONTAINER:           "{{ applications | get_app_conf(application_id, 'docker.services.cron.name') }}"
 
-### Talk 
+### Talk
-#### Service
-NEXTCLOUD_TALK_CONTAINER:           "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}"
-NEXTCLOUD_TALK_IMAGE:               "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}"
-NEXTCLOUD_TALK_VERSION:             "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}"
-NEXTCLOUD_TALK_PLUGIN_ENABLED:      "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}"
-NEXTCLOUD_TALK_SERVICE_ENABLED:     "{{ applications | get_app_conf(application_id, 'docker.services.talk.internal') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}"
-NEXTCLOUD_TALK_LOCATION:            "/standalone-signaling/"
-NEXTCLOUD_TALK_PORT_INTERNAL:       "8081"
-NEXTCLOUD_TALK_INT_TURN_PORT:       "3478"
-NEXTCLOUD_TALK_RELAY_PORT_START:    "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}"
-NEXTCLOUD_TALK_RELAY_PORT_END:      "{{ ports.public.relay_port_ranges[application_id ~ '_end'  ] }}"
-NEXTCLOUD_TALK_RELAY_PORT_RANGE:    "{{ NEXTCLOUD_TALK_RELAY_PORT_START }}-{{ NEXTCLOUD_TALK_RELAY_PORT_END }}"
-NEXTCLOUD_TALK_NETWORK_MODE:        "{{ applications | get_app_conf(application_id, 'docker.services.talk.network_mode') }}"
 
-# Connection
+#### General
-NEXTCLOUD_TALK_STUN_PORT:           "{{ ports.public.stun_turn_tls[application_id] }}"
+NEXTCLOUD_TALK_CONTAINER:             "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}"
-NEXTCLOUD_TALK_DOMAIN:              "{{ NEXTCLOUD_DOMAIN }}"
+NEXTCLOUD_TALK_IMAGE:                 "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}"
-NEXTCLOUD_TALK_URL:                 "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_LOCATION ] | url_join }}"
+NEXTCLOUD_TALK_VERSION:               "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}"
+NEXTCLOUD_TALK_PLUGIN_ENABLED:        "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}"
+NEXTCLOUD_TALK_NETWORK_MODE:          "{{ applications | get_app_conf(application_id, 'docker.services.talk.network_mode') }}"
+NEXTCLOUD_TALK_INTERNAL_SECRET:       "{{ applications | get_app_conf(application_id, 'credentials.talk_internal_secret') }}"
+NEXTCLOUD_TALK_DOMAIN:                "{{ NEXTCLOUD_DOMAIN if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else (domains | get_domain(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE)) }}"
+
+#### Signaling
+NEXTCLOUD_TALK_SIGNALING_SECRET:      "{{ applications | get_app_conf(application_id, 'credentials.talk_signaling_secret') }}"
+NEXTCLOUD_TALK_SIGNALING_LOCATION:    "/standalone-signaling/"
+NEXTCLOUD_TALK_SIGNALING_PORT:        "8081"
+NEXTCLOUD_TALK_SIGNALING_URL:         "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_SIGNALING_LOCATION ] | url_join }}"
+
+#### Turn (Onboard)
+NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED:          "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.onboard_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED  else false }}"
+NEXTCLOUD_TALK_TURN_ONBOARD_SECRET:           "{{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else applications | get_app_conf(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE, 'credentials.auth_secret') }}"
+NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT:        "{{ ports.public.stun_turn[application_id] }}"
+NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}"
+NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END:   "{{ ports.public.relay_port_ranges[application_id ~ '_end'  ] }}"
+NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE: "{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }}-{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }}"
+
+#### Stun
+NEXTCLOUD_TALK_STUN_PORT:                     "{{ ports.public.stun_turn[application_id] if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else ports.public.stun_turn[NEXTCLOUD_TALK_TURN_STANDALONE_ROLE] }}"
+
+#### Coturn (Standalone)
+NEXTCLOUD_TALK_TURN_STANDALONE_ROLE:          'web-svc-coturn'
+NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED:       "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.standalone_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED  else false }}"
 
 ### Whiteboard
 NEXTCLOUD_WHITEBOARD_CONTAINER:     "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.name') }}"

roles/web-app-nextcloud/vars/plugins/spreed.yml

@@ -1,23 +1,32 @@
 plugin_configuration:
+  # signaling_servers: JSON object
   - appid: "spreed"
     configkey: "signaling_servers"
-    configvalue:
+    configvalue: "{{ {
-      - server: "{{ NEXTCLOUD_TALK_URL }}"
+        'servers': [ { 'server': NEXTCLOUD_TALK_SIGNALING_URL, 'verify': True, 'alias': 'primary' } ],
-        verify: true
+        'secret':  NEXTCLOUD_TALK_SIGNALING_SECRET
-        # optional:
+      } | to_json }}"
-        alias: "primary"
 
-  # STUN
+  # stun_servers: JSON array of strings
   - appid: "spreed"
     configkey: "stun_servers"
-    configvalue:
+    configvalue: "{{ [
-      - "stun:{{ NEXTCLOUD_TALK_DOMAIN }}:{{ NEXTCLOUD_TALK_STUN_PORT }}"
+        NEXTCLOUD_TALK_DOMAIN ~ ':' ~ NEXTCLOUD_TALK_STUN_PORT
+      ] | to_json }}"
 
-  # TURN with REST-Secret (used by Talk/Coturn)
+  # turn_servers: JSON array of objects
   - appid: "spreed"
     configkey: "turn_servers"
-    configvalue:
+    configvalue: "{{ [
-      - server: "turn:{{ NEXTCLOUD_TALK_DOMAIN }}:{{ NEXTCLOUD_TALK_STUN_PORT }}?transport=udp"
+        {
-        secret: "{{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') }}"
+          'server': NEXTCLOUD_TALK_DOMAIN ~ ':' ~ NEXTCLOUD_TALK_STUN_PORT ~ '?transport=udp',
-        ttl: 86400
+          'secret': NEXTCLOUD_TALK_TURN_ONBOARD_SECRET,
-        protocols: "udp,tcp"
+          'ttl': 86400,
+          'protocols': 'udp,tcp'
+        }
+      ] | to_json }}"
+
+  # internal secret (plain string)
+  - appid: "spreed"
+    configkey: "internal_secret"
+    configvalue: "{{ NEXTCLOUD_TALK_INTERNAL_SECRET }}"