diff --git a/nextcloud.yml b/nextcloud.yml index dfb565a..0e56a0b 100644 --- a/nextcloud.yml +++ b/nextcloud.yml @@ -76,6 +76,27 @@ backup: yes notify: Restart nextcloud + - name: /home/docker/nextcloud.{{inventory_hostname}}/turnserver.conf + blockinfile: + path: /home/docker/nextcloud.{{inventory_hostname}}/turnserver.conf + mode: "0400" + owner: root + group: root + create: yes + marker: "# {mark} ANSIBLE MANAGED BLOCK" + block: | + syslog + listening-port=3478 + fingerprint + use-auth-secret + static-auth-secret= + realm=nextcloud.{{inventory_hostname}} + total-quota=100 + bps-capacity=0 + stale-nonce + no-multicast-peers + backup: yes + - name: /home/docker/nextcloud.{{inventory_hostname}}/docker-compose.yml Container Configuration blockinfile: path: /home/docker/nextcloud.{{inventory_hostname}}/docker-compose.yml @@ -199,6 +220,20 @@ - traefik.http.middlewares.nextcloud-{{ ansible_facts['hostname'] }}--phpmyadmin-auth.basicauth.users=admin:$$apr1$$XLxGs/Ba$$3phZ1a2RtfExOp8x6NFjZ. # Traefik network - traefik.docker.network=traefik + + nextcloud.{{inventory_hostname}}--coturn: + image: coturn/coturn:latest + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + - ./turnserver.conf:/etc/coturn/turnserver.conf + networks: + - nextcloud.{{inventory_hostname}}--network + - traefik + ports: + - 3478:3478 + - 3478:3478/udp + networks: nextcloud.{{inventory_hostname}}--network: driver: bridge @@ -306,6 +341,19 @@ validate: /bin/bash -n %s notify: run nextcloud.update + - name: Allow turn for talk/spreed audio/video tcp + community.general.ufw: + rule: allow + port: '3478' + proto: tcp + + - name: Allow turn for talk/spreed audio/video udp + community.general.ufw: + rule: allow + port: '3478' + proto: udp + + handlers: - name: run genpw.sh ansible.builtin.shell: ./genpw.sh