Flesh out coturn config, autodiscover external IP

2020-05-12 15:10:59 +01:00 · 2020-05-12 15:10:59 +01:00 · 0793106447
parent 166e000b12
commit 0793106447
7 changed files with 49 additions and 6 deletions
--- a/ansible/files/bin/snikket-turn-addresses
+++ b/ansible/files/bin/snikket-turn-addresses
@ -0,0 +1,24 @@
+#!/usr/bin/env lua
+
+package.path = package.path:gsub("([^;]*)(?[^;]*)","%1prosody/%2;%1%2");
+package.cpath = package.cpath:gsub("([^;]*)(?[^;]*)","%1prosody/%2;%1%2");
+
+package.loaded["net.server"] = require "net.server_epoll";
+local net = require "util.net";
+local ip = require "util.ip";
+local dns = require "net.dns";
+
+local addresses = net.local_addresses();
+
+local ip_addr = ip.new_ip(addresses[1]);
+
+if not ip_addr.private then
+	-- Not a private address, no mapping needed
+	print(ip_addr);
+else
+	local dns_record = dns.lookup(arg[1], ip_addr.proto == "IPv6" and "AAAA" or "A");
+	if #dns_record == 0 then
+		os.exit(1);
+	end
+	print(dns_record[1].a.."/"..tostring(ip_addr));
+end
--- a/ansible/files/bin/start-coturn.sh
+++ b/ansible/files/bin/start-coturn.sh
@ -9,6 +9,10 @@ while ! test -f "$CERTFILE" -a -f "$KEYFILE"; do
  echo ".";
 done

+TURN_EXTERNAL_IP="$(snikket-turn-addresses "$SNIKKET_DOMAIN")"
+
+
 exec /usr/bin/turnserver -c /etc/turnserver.conf --prod \
     --static-auth-secret="$(cat /snikket/prosody/turn-auth-secret)" \
-     --cert="$CERTFILE" --pkey "$KEYFILE"
+     --cert="$CERTFILE" --pkey "$KEYFILE" -r "$SNIKKET_DOMAIN" \
+     -X "$TURN_EXTERNAL_IP"
--- a/ansible/files/turnserver.conf
+++ b/ansible/files/turnserver.conf
@ -90,3 +90,10 @@ no-multicast-peers
 # See also options cli-ip and cli-port.
 #
 no-cli
+
+# SQLite database file name.
+#
+# Default file name is /var/db/turndb or /usr/local/var/db/turndb or
+# /var/lib/turn/turndb.
+#
+userdb=/snikket/prosody/turndb
--- a/ansible/snikket.yml
+++ b/ansible/snikket.yml
@ -10,4 +10,5 @@
    - import_tasks: tasks/cron.yml
    - import_tasks: tasks/certs.yml
    - import_tasks: tasks/mail.yml
+    - import_tasks: tasks/coturn.yml
    - import_tasks: tasks/scripts.yml
--- a/ansible/tasks/coturn.yml
+++ b/ansible/tasks/coturn.yml
@ -5,6 +5,13 @@
    name: coturn
    state: present
    install_recommends: yes
+
+- name: "Install dnsutils package"
+  apt:
+    name: dnsutils
+    state: present
+    install_recommends: no
+
 - name: "Disable coturn service"
  service:
    name: coturn
@ -17,8 +24,3 @@
  copy:
    src: ../files/turnserver.conf
    dest: /etc/turnserver.conf
- name: Deploy coturn start script
-  copy:
-    src: ../files/start-coturn.sh
-    dest: /usr/local/bin/
-    mode: 755
--- a/ansible/tasks/prosody.yml
+++ b/ansible/tasks/prosody.yml
@ -89,6 +89,7 @@
    - mod_default_bookmarks
    - mod_muc_defaults
    - mod_firewall
+    - mod_turncredentials


 - name: Install Bootstrap and JS libs
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@ -9,6 +9,10 @@ if [ -z "$SNIKKET_SMTP_URL" ]; then
 	SNIKKET_SMTP_URL="smtp://localhost:1025/;no-tls"
 fi

+if [ -z "$SNIKKET_EXTERNAL_IP" ]; then
+	SNIKKET_EXTERNAL_IP="$(dig +short $SNIKKET_DOMAIN)"
+fi
+
 echo "$SNIKKET_SMTP_URL" | smtp-url-to-msmtp > /etc/msmtprc

 echo "from snikket@$SNIKKET_DOMAIN" >> /etc/msmtprc