commit 690ed45f66f3a79a73ee48dbd176e1f51b77b315
author Piotr Dobrowolski <informatic@hackerspace.pl> Sat May 07 11:27:24 2022 +0200
committer informatic <informatic@hackerspace.pl> Wed Sep 28 23:01:35 2022 +0000
tree eafb9bca8e7ac0c54b77302c42ad5d18e4f76625
parent b39edc32564fd4848b84e429a162e2c7aefd6692

app/matrix: add coturn deployment

TURN server is required for proper cross-NAT voice/video calls via
Matrix.

Change-Id: I8182292dd8ef30690ae4b9487c22aedcff098710
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1387
Reviewed-by: informatic <informatic@hackerspace.pl>

app/matrix/lib/matrix-ng.libsonnet

diff --git a/app/matrix/lib/matrix-ng.libsonnet b/app/matrix/lib/matrix-ng.libsonnet
index 0b60f10..17ad751 100644
--- a/app/matrix/lib/matrix-ng.libsonnet
+++ b/app/matrix/lib/matrix-ng.libsonnet
@@ -95,6 +95,7 @@
 local wellKnown = import "./wellknown.libsonnet";
 local synapse = import "./synapse.libsonnet";
 local mediaRepo = import "./media-repo.libsonnet";
+local coturn = import "./coturn.libsonnet";
 
 {
     local app = self,
@@ -115,6 +116,7 @@
             appserviceTelegram: "dock.mau.dev/tulir/mautrix-telegram@sha256:c6e25cb57e1b67027069e8dc2627338df35d156315c004a6f2b34b6aeaa79f77",
             wellKnown: "registry.k0.hswaw.net/q3k/wellknown:1611960794-adbf560851a46ad0e58b42f0daad7ef19535687c",
             mediaRepo: "turt2live/matrix-media-repo:v1.2.8",
+            coturn: "coturn/coturn:4.5.2-r11-alpine",
         },
 
         # OpenID Connect provider configuration.
@@ -193,6 +195,23 @@
 
         # List of administrative users MXIDs (used in matrix-media-repo only)
         admins: [],
+
+        # Deploy coturn STUN/TURN server
+        coturn: {
+            enable: false,
+            config: {
+                domain: error "coturn.config.domain must be set",
+
+                # Default to public domain - this may be adjusted when multiple
+                # turn servers are deployed.
+                realm: self.domain,
+
+                # Set this to assigned LoadBalacer IP for correct NAT resolution
+                loadBalancerIP: null,
+
+                authSecret: { secretKeyRef: { name: "coturn", key: "auth_secret" } },
+            },
+        },
     },
 
     # DEPRECATED: this needs to be removed in favor of namespace.Contain() in
@@ -279,6 +298,17 @@
         },
     } else {},
 
+    coturn: if cfg.coturn.enable then coturn {
+        ns: app.namespace,
+        cfg+: {
+            storageClassName: cfg.storageClassName,
+            image: cfg.images.coturn,
+            realm: cfg.coturn.config.realm,
+            loadBalancerIP: cfg.coturn.config.loadBalancerIP,
+            authSecret: cfg.coturn.config.authSecret,
+        },
+    } else null,
+
     synapse: synapse {
         ns: app.namespace,
         postgres: app.postgres3,