/
turnserver.yml
32 lines (31 loc) · 1.35 KB
/
turnserver.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
# tasks file to start turnserver container
- name: "{{ 'Create' if (state is undefined or 'absent' not in state) else 'Terminate' }} the turnserver container"
docker_container:
name: 'turn_server'
image: "{{ 'serverror' if ansible_architecture == 'aarch64' else 'instrumentisto' }}/coturn:{{ docker_turnserver_image | default('latest') }}"
restart_policy: 'unless-stopped'
command: >
-n
--log-file=stdout
--external-ip=$(detect-external-ip)
--tls-listening-port=5349
--no-cli
--no-tlsv1
--no-tlsv1_1
--fingerprint
--use-auth-secret
--static-auth-secret={{ lookup('password', '{{ nextcloud_credential_store }}/talk_secret chars=ascii_letters,digits length=32') | lower }}
--realm={{ nextcloud_server_fqdn }}
--total-quota=100
--bps-capacity=0
--stale-nonce
--cert=/etc/ssl/nextcloud/ssl/{{ nextcloud_server_fqdn }}.crt
--pkey=/etc/ssl/nextcloud/ssl/{{ nextcloud_server_fqdn }}.key
--cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
--no-multicast-peers
volumes:
- '{{ traefik_config_dir }}:/etc/ssl/nextcloud:ro'
- 'turnserver-data-vol:/var/lib/coturn:rw'
network_mode: host
state: '{{ state | default("started") }}'