app/matrix: add coturn deployment
TURN server is required for proper cross-NAT voice/video calls via
Matrix.
Change-Id: I8182292dd8ef30690ae4b9487c22aedcff098710
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1387
Reviewed-by: informatic <informatic@hackerspace.pl>
diff --git a/app/matrix/lib/matrix-ng.libsonnet b/app/matrix/lib/matrix-ng.libsonnet
index 0b60f10..17ad751 100644
--- a/app/matrix/lib/matrix-ng.libsonnet
+++ b/app/matrix/lib/matrix-ng.libsonnet
@@ -95,6 +95,7 @@
local wellKnown = import "./wellknown.libsonnet";
local synapse = import "./synapse.libsonnet";
local mediaRepo = import "./media-repo.libsonnet";
+local coturn = import "./coturn.libsonnet";
{
local app = self,
@@ -115,6 +116,7 @@
appserviceTelegram: "dock.mau.dev/tulir/mautrix-telegram@sha256:c6e25cb57e1b67027069e8dc2627338df35d156315c004a6f2b34b6aeaa79f77",
wellKnown: "registry.k0.hswaw.net/q3k/wellknown:1611960794-adbf560851a46ad0e58b42f0daad7ef19535687c",
mediaRepo: "turt2live/matrix-media-repo:v1.2.8",
+ coturn: "coturn/coturn:4.5.2-r11-alpine",
},
# OpenID Connect provider configuration.
@@ -193,6 +195,23 @@
# List of administrative users MXIDs (used in matrix-media-repo only)
admins: [],
+
+ # Deploy coturn STUN/TURN server
+ coturn: {
+ enable: false,
+ config: {
+ domain: error "coturn.config.domain must be set",
+
+ # Default to public domain - this may be adjusted when multiple
+ # turn servers are deployed.
+ realm: self.domain,
+
+ # Set this to assigned LoadBalacer IP for correct NAT resolution
+ loadBalancerIP: null,
+
+ authSecret: { secretKeyRef: { name: "coturn", key: "auth_secret" } },
+ },
+ },
},
# DEPRECATED: this needs to be removed in favor of namespace.Contain() in
@@ -279,6 +298,17 @@
},
} else {},
+ coturn: if cfg.coturn.enable then coturn {
+ ns: app.namespace,
+ cfg+: {
+ storageClassName: cfg.storageClassName,
+ image: cfg.images.coturn,
+ realm: cfg.coturn.config.realm,
+ loadBalancerIP: cfg.coturn.config.loadBalancerIP,
+ authSecret: cfg.coturn.config.authSecret,
+ },
+ } else null,
+
synapse: synapse {
ns: app.namespace,
postgres: app.postgres3,