From 262cc66c56d6c8adc2b89068fb2f40c1bf78bae8 Mon Sep 17 00:00:00 2001 From: Marco von Rosenberg Date: Sat, 3 Dec 2022 12:56:43 +0000 Subject: [PATCH] Semi-working TURN server, but dunno why... --- .../host_vars/matrix.cttue.de/vars.yml | 41 ++++++++++++++----- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/matrix-docker-ansible/inventory/host_vars/matrix.cttue.de/vars.yml b/matrix-docker-ansible/inventory/host_vars/matrix.cttue.de/vars.yml index 4b68e1a..daad808 100644 --- a/matrix-docker-ansible/inventory/host_vars/matrix.cttue.de/vars.yml +++ b/matrix-docker-ansible/inventory/host_vars/matrix.cttue.de/vars.yml @@ -1,14 +1,14 @@ --- # The bare domain name which represents your Matrix identity. # Matrix user ids for your server will be of the form (`@user:`). -matrix_domain: 'cttue.de' +matrix_domain: "cttue.de" # This is where Matrix services -matrix_server_fqn_matrix: 'matrix.cttue.de' +matrix_server_fqn_matrix: "matrix.cttue.de" # This is where you access the Element web UI from (if enabled via `matrix_client_element_enabled: true`; enabled by default). # This and the Matrix FQN (see above) are expected to be on the same server. -matrix_server_fqn_element: 'element.cttue.de' +matrix_server_fqn_element: "element.cttue.de" # The Matrix homeserver software to install. # See `roles/matrix-base/defaults/main.yml` for valid options. @@ -19,13 +19,13 @@ matrix_docker_installation_enabled: true # A secret used as a base, for generating various other secrets. # You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). -matrix_homeserver_generic_secret_key: '0XbMAGWcegWsDGdIwMDsZ11TF0Aeh4JEzSo5mC5iUET5UXgG3ku8IPbVsDvxKICQ' +matrix_homeserver_generic_secret_key: "0XbMAGWcegWsDGdIwMDsZ11TF0Aeh4JEzSo5mC5iUET5UXgG3ku8IPbVsDvxKICQ" # A Postgres password to use for the superuser Postgres user (called `matrix` by default). # # The playbook creates additional Postgres users and databases (one for each enabled service) # using this superuser account. -matrix_postgres_connection_password: 'SIHm7TtFF1ntGxKu' +matrix_postgres_connection_password: "SIHm7TtFF1ntGxKu" #################### jwilder/nginx-proxy related ################### @@ -36,21 +36,40 @@ matrix_ssl_retrieval_method: none matrix_nginx_proxy_https_enabled: false # Don't bind any HTTP or federation port to the host -matrix_nginx_proxy_container_http_host_bind_port: '' -matrix_nginx_proxy_container_federation_host_bind_port: '' +matrix_nginx_proxy_container_http_host_bind_port: "" +matrix_nginx_proxy_container_federation_host_bind_port: "" # Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection. matrix_nginx_proxy_trust_forwarded_proto: true # Trust and use the other reverse proxy's `X-Forwarded-For` header. -matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for' +matrix_nginx_proxy_x_forwarded_for: "$proxy_add_x_forwarded_for" # Disable Coturn because it needs SSL certs # (Clients can, though exposing IP address, use Matrix.org TURN) matrix_coturn_enabled: true +matrix_coturn_turn_external_ip_address: "89.163.204.197" +matrix_coturn_turn_udp_min_port: 49152 +matrix_coturn_turn_udp_max_port: 49272 +matrix_coturn_container_extra_arguments: + - '-e "VIRTUAL_HOST=turn.cttue.de"' + - '-e "VIRTUAL_PORT=3478"' + - '-e "LETSENCRYPT_HOST=turn.cttue.de"' + +matrix_coturn_container_additional_volumes: + - { + "src": "/srv/docker-containers/nginx-proxy/certs/turn.cttue.de", + "dst": "/certs", + "options": "ro", + } + +matrix_coturn_tls_enabled: false +matrix_coturn_tls_cert_path: "/certs/fullchain.pem" +matrix_coturn_tls_key_path: "/certs/key.pem" # All containers need to be on the same Docker network as nginx-proxy -matrix_docker_network: 'cttue_web_services' +matrix_docker_network: "cttue_web_services" +matrix_coturn_docker_network: "cttue_web_services" matrix_nginx_proxy_container_extra_arguments: - '-e "VIRTUAL_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"' @@ -58,14 +77,13 @@ matrix_nginx_proxy_container_extra_arguments: - '-e "LETSENCRYPT_HOST={{ matrix_server_fqn_matrix }},{{ matrix_server_fqn_element }}"' # change federation to 443 -matrix_synapse_http_listener_resource_names: ["client","federation"] +matrix_synapse_http_listener_resource_names: ["client", "federation"] matrix_federation_public_port: 443 matrix_synapse_federation_port_enabled: false # Expose server's public rooms directory via federation matrix_synapse_allow_public_rooms_over_federation: true - ################ Custom synapse configuration (for OpenID SSO) ############### matrix_synapse_configuration_extension_yaml: | oidc_providers: @@ -85,3 +103,4 @@ matrix_synapse_configuration_extension_yaml: | display_name_template: "{% raw %}{{ user.name }}{% endraw %}" email_template: "{% raw %}{{ user.email }}{% endraw %}" +