diff --git a/.env.sample b/.env.sample index ed7601c..961c97b 100644 --- a/.env.sample +++ b/.env.sample @@ -15,3 +15,11 @@ SYNAPSE_ADMIN_EMAIL=admin@example.com #KEYCLOAK_URL= #KEYCLOAK_CLIENT_ID= #SECRET_KEYCLOAK_CLIENT_SECRET_VERSION=v1 + +#COMPOSE_FILE="compose.yml:compose.turn.yml" +#TURN_ENABLED=1 +#TURN_URI= +#TURN_USERNAME= +#TURN_ALLOW_GUESTS=true +#SECRET_TURN_SHARED_SECRET_VERSION=v1 +#SECRET_TURN_PASSWORD_VERSION=v1 diff --git a/compose.turn.yml b/compose.turn.yml new file mode 100644 index 0000000..e42eef9 --- /dev/null +++ b/compose.turn.yml @@ -0,0 +1,22 @@ +--- +version: "3.8" + +services: + app: + secrets: + - db_password + - turn_shared_secret + - turn_password + environment: + - TURN_ALLOW_GUESTS + - TURN_ENABLED + - TURN_URI + - TURN_USERNAME + +secrets: + turn_shared_secret: + external: true + name: ${STACK_NAME}_turn_shared_secret_${SECRET_TURN_SHARED_SECRET_VERSION} + turn_password: + external: true + name: ${STACK_NAME}_turn_password_${SECRET_TURN_PASSWORD_VERSION} diff --git a/homeserver.yaml.tmpl b/homeserver.yaml.tmpl index 176837a..741cd01 100644 --- a/homeserver.yaml.tmpl +++ b/homeserver.yaml.tmpl @@ -1122,25 +1122,26 @@ oembed: #recaptcha_siteverify_api: "https://my.recaptcha.site" +{{ if eq (env "TURN_ENABLED") "1" }} ## TURN ## # The public URIs of the TURN server to give to clients # -#turn_uris: [] +turn_uris: ["{{ env "TURN_URI" }}"] # The shared secret used to compute passwords for the TURN server # -#turn_shared_secret: "YOUR_SHARED_SECRET" +turn_shared_secret: "{{ secret "turn_shared_secret" }}" # The Username and password if the TURN server needs them and # does not use a token # -#turn_username: "TURNSERVER_USERNAME" -#turn_password: "TURNSERVER_PASSWORD" +turn_username: "{{ env "TURN_USERNAME" }}" +turn_password: "{{ secret "turn_password" }}" # How long generated TURN credentials last # -#turn_user_lifetime: 1h +turn_user_lifetime: 1h # Whether guests should be allowed to use the TURN server. # This defaults to True, otherwise VoIP will be unreliable for guests. @@ -1148,8 +1149,8 @@ oembed: # connect to arbitrary endpoints without having first signed up for a # valid account (e.g. by passing a CAPTCHA). # -#turn_allow_guests: true - +turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }} +{{ end }} ## Registration ## #