From 07931064472300a4527675fa6abdba9625467edb Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Tue, 12 May 2020 15:10:59 +0100
Subject: [PATCH] Flesh out coturn config, autodiscover external IP

---
 ansible/files/bin/snikket-turn-addresses | 24 ++++++++++++++++++++++++
 ansible/files/bin/start-coturn.sh        |  6 +++++-
 ansible/files/turnserver.conf            |  7 +++++++
 ansible/snikket.yml                      |  1 +
 ansible/tasks/coturn.yml                 | 12 +++++++-----
 ansible/tasks/prosody.yml                |  1 +
 docker/entrypoint.sh                     |  4 ++++
 7 files changed, 49 insertions(+), 6 deletions(-)
 create mode 100644 ansible/files/bin/snikket-turn-addresses

diff --git a/ansible/files/bin/snikket-turn-addresses b/ansible/files/bin/snikket-turn-addresses
new file mode 100644
index 0000000..95cf543
--- /dev/null
+++ b/ansible/files/bin/snikket-turn-addresses
@@ -0,0 +1,24 @@
+#!/usr/bin/env lua
+
+package.path = package.path:gsub("([^;]*)(?[^;]*)","%1prosody/%2;%1%2");
+package.cpath = package.cpath:gsub("([^;]*)(?[^;]*)","%1prosody/%2;%1%2");
+
+package.loaded["net.server"] = require "net.server_epoll";
+local net = require "util.net";
+local ip = require "util.ip";
+local dns = require "net.dns";
+
+local addresses = net.local_addresses();
+
+local ip_addr = ip.new_ip(addresses[1]);
+
+if not ip_addr.private then
+	-- Not a private address, no mapping needed
+	print(ip_addr);
+else
+	local dns_record = dns.lookup(arg[1], ip_addr.proto == "IPv6" and "AAAA" or "A");
+	if #dns_record == 0 then
+		os.exit(1);
+	end
+	print(dns_record[1].a.."/"..tostring(ip_addr));
+end
diff --git a/ansible/files/bin/start-coturn.sh b/ansible/files/bin/start-coturn.sh
index a043dce..7adcb64 100644
--- a/ansible/files/bin/start-coturn.sh
+++ b/ansible/files/bin/start-coturn.sh
@@ -9,6 +9,10 @@ while ! test -f "$CERTFILE" -a -f "$KEYFILE"; do
   echo ".";
 done
 
+TURN_EXTERNAL_IP="$(snikket-turn-addresses "$SNIKKET_DOMAIN")"
+
+
 exec /usr/bin/turnserver -c /etc/turnserver.conf --prod \
      --static-auth-secret="$(cat /snikket/prosody/turn-auth-secret)" \
-     --cert="$CERTFILE" --pkey "$KEYFILE"
+     --cert="$CERTFILE" --pkey "$KEYFILE" -r "$SNIKKET_DOMAIN" \
+     -X "$TURN_EXTERNAL_IP"
diff --git a/ansible/files/turnserver.conf b/ansible/files/turnserver.conf
index 6990ffa..3ede0f6 100644
--- a/ansible/files/turnserver.conf
+++ b/ansible/files/turnserver.conf
@@ -90,3 +90,10 @@ no-multicast-peers
 # See also options cli-ip and cli-port.
 #
 no-cli
+
+# SQLite database file name.
+#
+# Default file name is /var/db/turndb or /usr/local/var/db/turndb or
+# /var/lib/turn/turndb.
+#
+userdb=/snikket/prosody/turndb
diff --git a/ansible/snikket.yml b/ansible/snikket.yml
index 4fb1fb1..1e5dac6 100644
--- a/ansible/snikket.yml
+++ b/ansible/snikket.yml
@@ -10,4 +10,5 @@
     - import_tasks: tasks/cron.yml
     - import_tasks: tasks/certs.yml
     - import_tasks: tasks/mail.yml
+    - import_tasks: tasks/coturn.yml
     - import_tasks: tasks/scripts.yml
diff --git a/ansible/tasks/coturn.yml b/ansible/tasks/coturn.yml
index b8b39df..b96cab3 100644
--- a/ansible/tasks/coturn.yml
+++ b/ansible/tasks/coturn.yml
@@ -5,6 +5,13 @@
     name: coturn
     state: present
     install_recommends: yes
+
+- name: "Install dnsutils package"
+  apt:
+    name: dnsutils
+    state: present
+    install_recommends: no
+
 - name: "Disable coturn service"
   service:
     name: coturn
@@ -17,8 +24,3 @@
   copy:
     src: ../files/turnserver.conf
     dest: /etc/turnserver.conf
-- name: Deploy coturn start script
-  copy:
-    src: ../files/start-coturn.sh
-    dest: /usr/local/bin/
-    mode: 755
diff --git a/ansible/tasks/prosody.yml b/ansible/tasks/prosody.yml
index 8009e6e..e2da573 100644
--- a/ansible/tasks/prosody.yml
+++ b/ansible/tasks/prosody.yml
@@ -89,6 +89,7 @@
     - mod_default_bookmarks
     - mod_muc_defaults
     - mod_firewall
+    - mod_turncredentials
 
 
 - name: Install Bootstrap and JS libs
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 1fc73ec..0291a7f 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -9,6 +9,10 @@ if [ -z "$SNIKKET_SMTP_URL" ]; then
 	SNIKKET_SMTP_URL="smtp://localhost:1025/;no-tls"
 fi
 
+if [ -z "$SNIKKET_EXTERNAL_IP" ]; then
+	SNIKKET_EXTERNAL_IP="$(dig +short $SNIKKET_DOMAIN)"
+fi
+
 echo "$SNIKKET_SMTP_URL" | smtp-url-to-msmtp > /etc/msmtprc
 
 echo "from snikket@$SNIKKET_DOMAIN" >> /etc/msmtprc