summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--dan/host_vars/sk-cloudia.yml83
-rw-r--r--dan/sk-cloudia.yml1
-rw-r--r--inventory/host_vars/sk-cloudia/coturn.yml12
-rw-r--r--inventory/host_vars/sk-cloudia/vars.yml1
-rw-r--r--roles/apps/coturn/defaults/main.yml16
-rw-r--r--roles/apps/coturn/tasks/main.yml30
-rw-r--r--roles/apps/coturn/templates/pod.yml.j237
-rw-r--r--roles/apps/coturn/templates/turnserver.conf.j227
8 files changed, 168 insertions, 39 deletions
diff --git a/dan/host_vars/sk-cloudia.yml b/dan/host_vars/sk-cloudia.yml
index 92b2e9d8..cb562756 100644
--- a/dan/host_vars/sk-cloudia.yml
+++ b/dan/host_vars/sk-cloudia.yml
@@ -1,40 +1,45 @@
$ANSIBLE_VAULT;1.2;AES256;dan
-37323937636238366563323164653661623037363564336634656237363666666131636136316266
-3830643465336465326466373032626434386532326431370a386461333562666161636363333166
-35646237656536376562376236343639623630643236363537633234356461333530323131306161
-6262656630326161320a656239316333663263616435343466646236633233393061653138363138
-62306437636361616261636438613630393563613464303930613532666337363930353531383337
-39306132343833313863633832306536383930383038323536383232653939386339376166323435
-66306464393138643338613034333837613139356666616138366138633963383432626331323637
-35343037383935666634333836326233333534633966336434356431616335646266646139336533
-65356663363462313033303761653364643335653235396563383132326666656334616334643533
-35646633316238316361656362366237666566666666323136663064383566343333313536373765
-33323036616639323837396637396431323735386633393939383733373735383566623238313961
-35363939623336333030393337346137666664376463316135356464376336643339633136373530
-32613139666539306363616166386364333065656331623232646564343038653136386361353435
-36626135393135653066386265383463336464613138343533353231623430316466643934363963
-37393561373331346536333537323934643262656239316164386465303830363337343066353732
-62396264643831356261643663386231623566333863343030306531626365393435336462643662
-65643039353633346363363437373636663335613231636531653464636233393737316332663130
-30366632393964326235333939383465653666386235313036626564366339366430663136396335
-38626337663065396532336239346138356664623831396234663864623165353463663761386530
-31366332393034333833393639343838326533643365663239373337363331616532343662306231
-39363634373438666563626463383338316132333431353339366463626463336632643639336366
-35626435353130626161386565376639383335666535323466353235393538363061383433313931
-62356138353333623830333366616633343330376664633938303462346433343438333665653432
-35653135333262616566313362383732313038363437663966353161333335373336343733383336
-30656330346639306161393138303239633337323431633732373630636162613033366162333566
-36346564666339316130666466353536333139613136393335656638373336336239383139626634
-63333931663736336238653432636436393039383035326163383135303039313066666331306132
-30333536623239343464656561393439383039323364393533633561653061303866633433346161
-65626439666538643861636333366666336233636163356435336631393532366639306537303437
-33613037373566313065333430356435643066336130633562633938373634333836393766636561
-65633238313761346465396563613231653034313931653735306165656562396137333837616530
-66636437323863343835333232623462616561653962326237333439653764616437376334643337
-39396138323662316364303661303730363963306531636464666236663765333036373536663161
-64313132363331653734353337376331643736336236363166373965636563636263623738316163
-66326232623065633636366438346331373331373533636637353063616364373161303530396665
-37353137613338356665666636326163663666343036316533393633653666353766646362356436
-64636233303963356664353061663330613461363363356337326138393264623335663835663935
-33623535313534346438663735396237633437616564373439373361323934316363663435393036
-313236383162313066303936366437646137
+32316534633463613730326466393338623965366462663938343530666238323633373330653533
+3736313331326633636432313135626631316135376462390a626334306165396166373965363730
+66366264663839363765393361633937363736333466323031613839383138306232356136323738
+3763303136356230610a383330373630666261646166643735333563663836383034306432343639
+62656265663066393437633538646561316634626233646666616532616166636330663861323561
+62323261356139653231386338663832643633643966343463323433316335353465303337313862
+65663631373861343830666164343931373233336662616233653835646466666533653939623836
+36363166373532646434653763303837613232366333393961653236633264653835386463396165
+35303735653961633634663437333332306138666463323362613234653064323763613235653839
+34336434373831653162363665643666333466356564373365326366646536393137303661653030
+35323838393333613439343139623535373964303063613735356364623837646334626462303761
+62393039326562323131623636326163393037646264396533326239396236343764646264303633
+34666261646464313964346630303132393238326530363433626661313836636632653434393935
+61643162363561346338393763313236623961383930396231626531393362653932626365386163
+30363463303564316565393862613666313234623832646361353762636334643838636663343162
+31626162323238663031623135613636353765373761353836373732333264313937666537303763
+62373931616533383131303935643265616565663063376665623965326535613164323039353931
+38643061623934623233346632326432643835633230656137643839343663643666323162303939
+38653361366161353031356134336236346662646563306366333635393763306530623663396465
+36356365333036376438333166363839313561623238633366663734656466343063343661343061
+34643534353738363361363465363239633665613562316136313964636139623865326465396539
+34303034346665316531336262666433336364313364306131646266376263376566326231663532
+37316638303337613334343034353332323735643235373963646134646163306166346337336233
+62333362346238663663646464336133613931373661616634363739373930323539613962393966
+37373234373437636131316432623732616534383430633262636331363165643536663763353462
+38666666343237636634383164636136323535323265666163373033373034353930366535333733
+30363133623365366232393464393365636565346231383531376235626464336536653062346132
+30613634653039303332373330356235386538636233353463393963333134396437383565323032
+38663937653635313135626166343831333839623830323836646232383661376235356436356439
+30653764366261303839643139376238653365633635353337373738383862633963366333656234
+66663765656235336136303639303164326236306164633133336330666364396161663438663965
+37356364373263373732353466636263643034373962633065346666346433343732663461373236
+30643765646262333431393762366130326532623232306138323733353762303834336333626439
+32643561326238653861633964376430633366623833336262323164633661343832663932303238
+64663936303634326338646464323330326234626537333063366233303663323736336566356563
+64333738353230313336306534646163393639356662666261363134633135643465383132313162
+32633035653332333631323034613262333064346164646263336539346463396233633835363038
+38633032333035333435343237636636343937616338323963333232373038373762633466363661
+32623865663236386666326531303936313466373465366665303136643531633237313835353338
+32336163363732626161663032653135663237386465323431303339333663653938623735383532
+39613761643763613433373836326637663461636339653239393832616139306361346139303135
+62393535303263363838646633393133346132373934626165383961653938666262656461656335
+32373934616563316262386138616261613233643532353133303136656132303639633636376162
+39303766623966343433
diff --git a/dan/sk-cloudia.yml b/dan/sk-cloudia.yml
index c24d4a1e..b02b1d38 100644
--- a/dan/sk-cloudia.yml
+++ b/dan/sk-cloudia.yml
@@ -15,3 +15,4 @@
- role: apps/nextcloud
- role: apps/collabora/code
- role: apps/etherpad-lite
+ - role: apps/coturn
diff --git a/inventory/host_vars/sk-cloudia/coturn.yml b/inventory/host_vars/sk-cloudia/coturn.yml
new file mode 100644
index 00000000..bfcdd745
--- /dev/null
+++ b/inventory/host_vars/sk-cloudia/coturn.yml
@@ -0,0 +1,12 @@
+---
+coturn_version: 4.5.1.1
+coturn_realm: elev8.at
+coturn_hostnames:
+ - stun.elev8.at
+ - turn.elev8.at
+
+coturn_max_bps: 1048576 ## 8Mbit/s
+coturn_bps_capacity: 13107200 ## 100Mbit/s
+coturn_threads: 4
+
+coturn_auth_secret: "{{ vault_coturn_auth_secret }}"
diff --git a/inventory/host_vars/sk-cloudia/vars.yml b/inventory/host_vars/sk-cloudia/vars.yml
index e191fc21..19549d8b 100644
--- a/inventory/host_vars/sk-cloudia/vars.yml
+++ b/inventory/host_vars/sk-cloudia/vars.yml
@@ -35,6 +35,7 @@ kubernetes_version: 1.17.2
kubernetes_container_runtime: containerd
kubernetes_standalone_max_pods: 42
kubernetes_standalone_resolv_conf: /var/run/systemd/resolve/resolv.conf
+kubernetes_standalone_pod_cidr: 192.168.255.0/24
kubernetes_standalone_cni_variant: with-localonly-portmap
kubernetes_cri_socket: "unix:///run/containerd/containerd.sock"
diff --git a/roles/apps/coturn/defaults/main.yml b/roles/apps/coturn/defaults/main.yml
new file mode 100644
index 00000000..cf5558bf
--- /dev/null
+++ b/roles/apps/coturn/defaults/main.yml
@@ -0,0 +1,16 @@
+---
+coturn_uid: 930
+coturn_gid: 930
+coturn_base_path: /srv/storage/coturn
+
+coturn_version: 4.5.1.1
+coturn_realm: example.com
+coturn_hostnames:
+ - stun.example.com
+ - turn.example.com
+
+coturn_max_bps: 0
+coturn_bps_capacity: 0
+coturn_threads: 0
+
+# coturn_auth_secret: change-me
diff --git a/roles/apps/coturn/tasks/main.yml b/roles/apps/coturn/tasks/main.yml
new file mode 100644
index 00000000..4631d1b7
--- /dev/null
+++ b/roles/apps/coturn/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: add group for coturn
+ group:
+ name: coturn
+ gid: "{{ coturn_gid }}"
+
+- name: add user for coturn
+ user:
+ name: coturn
+ uid: "{{ coturn_uid }}"
+ group: coturn
+ password: "!"
+
+- name: create coturn config subdirectory
+ file:
+ path: "{{ coturn_base_path }}/{{ coturn_realm }}/config"
+ state: directory
+
+- name: create coturn config
+ template:
+ src: turnserver.conf.j2
+ dest: "{{ coturn_base_path }}/{{ coturn_realm }}/config/turnserver.conf"
+ group: coturn
+ mode: 0640
+
+- name: generate pod manifests
+ template:
+ src: "pod.yml.j2"
+ dest: "/etc/kubernetes/manifests/coturn-{{ coturn_realm }}.yml"
+ mode: 0600
diff --git a/roles/apps/coturn/templates/pod.yml.j2 b/roles/apps/coturn/templates/pod.yml.j2
new file mode 100644
index 00000000..7c127c13
--- /dev/null
+++ b/roles/apps/coturn/templates/pod.yml.j2
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "coturn-{{ coturn_realm }}"
+spec:
+ securityContext:
+ allowPrivilegeEscalation: false
+ runAsUser: {{ coturn_uid }}
+ runAsGroup: {{ coturn_gid }}
+ hostNetwork: true
+ containers:
+ - name: coturn
+ image: "instrumentisto/coturn:{{ coturn_version }}"
+ args:
+ - --log-file=stdout
+ resources:
+ limits:
+ memory: "1Gi"
+ volumeMounts:
+ - name: config
+ mountPath: /etc/coturn/
+ readOnly: true
+ - name: run
+ mountPath: /var/run
+ - name: lib
+ mountPath: /var/lib/coturn
+ volumes:
+ - name: config
+ hostPath:
+ path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/"
+ type: Directory
+ - name: run
+ emptyDir:
+ medium: Memory
+ - name: lib
+ emptyDir:
+ medium: Memory
diff --git a/roles/apps/coturn/templates/turnserver.conf.j2 b/roles/apps/coturn/templates/turnserver.conf.j2
new file mode 100644
index 00000000..9462f148
--- /dev/null
+++ b/roles/apps/coturn/templates/turnserver.conf.j2
@@ -0,0 +1,27 @@
+realm={{ coturn_realm }}
+fingerprint
+
+listening-port=3478
+# tls-listening-port=5349
+
+# cert=/etc/coturn/ssl/cert.pem
+# pkey=/etc/coturn/ssl/privkey.pem
+# dh-file=/etc/coturn/ssl/dhparam.pem
+# cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5"
+# no-tlsv1
+# no-tlsv1_1
+no-tls
+no-dtls
+
+use-auth-secret
+static-auth-secret={{ coturn_auth_secret }}
+stale-nonce=600
+
+max-bps={{ coturn_max_bps }}
+bps-capacity={{ coturn_bps_capacity }}
+relay-threads={{ coturn_threads }}
+
+no-multicast-peers
+denied-peer-ip={{ kubernetes_standalone_pod_cidr | ipaddr('network') }}-{{ kubernetes_standalone_pod_cidr | ipaddr('broadcast') }}
+
+no-cli
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 02:01:21 +0000