{% include 'roles/docker-compose/templates/base.yml.j2' %}
  
  coturn:
{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: {{ COTURN_IMAGE }}:{{ COTURN_VERSION }}
    container_name: {{ COTURN_VOLUME }}
    ports:
      - "{{ COTURN_TURN_PORT }}:{{ COTURN_TURN_PORT }}/udp"
      - "{{ COTURN_TURN_PORT }}:{{ COTURN_TURN_PORT }}/tcp"
      - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/tcp"
      - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/udp"
      - "{{ COTURN_RELAY_PORT_RANGE }}/udp"
    volumes:
      - "{{ COTURN_TLS_CERT_PATH }}:{{ COTURN_TLS_CERT_PATH }}:ro"
      - "{{ COTURN_TLS_KEY_PATH }}:{{ COTURN_TLS_KEY_PATH }}:ro"
    command: >
      --use-auth-secret
      --static-auth-secret="${COTURN_STATIC_AUTH_SECRET}"
      --lt-cred-mech
      --user="${COTURN_USER_NAME}:${COTURN_USER_PASSWORD}"
      --log-file=stdout
      --external-ip={{ networks.internet.ip4 }}
{% if networks.internet.ip6|default('') %}
      --external-ip={{ networks.internet.ip6 }}
{% endif %}
      --realm="${COTURN_REALM}"
      --fingerprint
      --total-quota=100
      --stale-nonce
      --no-multicast-peers
      --no-cli
      --no-tcp-relay
      --min-port={{ COTURN_RELAY_PORT_START }}
      --max-port={{ COTURN_RELAY_PORT_END }}
      --cert={{ COTURN_TLS_CERT_PATH }}
      --pkey={{ COTURN_TLS_KEY_PATH }}
      --cipher-list=DEFAULT
      --dh2066
{% include 'roles/docker-container/templates/networks.yml.j2' %}

{% include 'roles/docker-compose/templates/networks.yml.j2' %}