Wire Conduit to advertise usage of the Coturn TURN server

Fixes spantaleev#3089
KarolosLykos · Mar 5, 2024 · e428498 · e428498
1 parent 343ace3
commit e428498
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 1 deletion.
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
@@ -4883,7 +4883,33 @@ matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service
 
 matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}"
 
-matrix_conduit_container_network: "{{ matrix_homeserver_container_network }}"
+# Even if TURN doesn't support TLS (it does by default),
+# it doesn't hurt to try a secure connection anyway.
+#
+# When Let's Encrypt certificates are used (the default case),
+# we don't enable `turns` endpoints, because WebRTC in Element can't talk to them.
+# Learn more here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
+matrix_conduit_turn_uris: |
+  {{
+    []
+    +
+    [
+      'turns:' + matrix_server_fqn_matrix + '?transport=udp',
+      'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
+    ] if matrix_coturn_enabled and matrix_coturn_tls_enabled and matrix_playbook_ssl_retrieval_method != 'lets-encrypt' else []
+    +
+    [
+      'turn:' + matrix_server_fqn_matrix + '?transport=udp',
+      'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
+    ] if matrix_coturn_enabled else []
+  }}
+
+matrix_conduit_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
+
+matrix_conduit_systemd_required_services_list: |
+  {{
+    (['docker.service'])
+  }}
 
 ######################################################################
 #

diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 # Conduit is a simple, fast and reliable chat server powered by Matrix
+# Project source code URL: https://gitlab.com/famedly/conduit
 # See: https://conduit.rs
 
 matrix_conduit_enabled: true
@@ -66,3 +67,10 @@ matrix_conduit_trusted_servers:
 
 # How many requests Conduit sends to other servers at the same time
 matrix_conduit_max_concurrent_requests: 100
+
+# TURN integration.
+# See: https://gitlab.com/famedly/conduit/-/blob/next/TURN.md
+matrix_conduit_turn_uris: []
+matrix_conduit_turn_secret: ''
+matrix_conduit_turn_username: ''
+matrix_conduit_turn_password: ''
diff --git a/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2 b/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2
@@ -53,3 +53,15 @@ log = "info,state_res=warn,rocket=off,_=off,sled=off"
 
 address = "0.0.0.0"
 
+turn_uris = {{ matrix_conduit_turn_uris | to_json }}
+
+{% if matrix_conduit_turn_secret != '' %}
+turn_secret = {{ matrix_conduit_turn_secret | to_json }}
+{% endif %}
+
+# If you have your TURN server configured to use a username and password
+# you can provide these information too. In this case comment out `turn_secret above`!
+{% if matrix_conduit_turn_username != '' or matrix_conduit_turn_password != '' %}
+turn_username = {{ matrix_conduit_turn_username | to_json }}
+turn_password = {{ matrix_conduit_turn_password | to_json }}
+{% endif %}