added turn server for talk/spreed audio/video

nextcloud.yml

@@ -76,6 +76,27 @@
         backup: yes
       notify: Restart nextcloud
 
+   - name: /home/docker/nextcloud.{{inventory_hostname}}/turnserver.conf
+     blockinfile:
+       path: /home/docker/nextcloud.{{inventory_hostname}}/turnserver.conf
+       mode: "0400"
+       owner: root
+       group: root
+       create: yes
+       marker: "# {mark} ANSIBLE MANAGED BLOCK"
+       block: |
+         syslog
+         listening-port=3478
+         fingerprint
+         use-auth-secret
+         static-auth-secret=
+         realm=nextcloud.{{inventory_hostname}}
+         total-quota=100
+         bps-capacity=0
+         stale-nonce
+         no-multicast-peers
+       backup: yes
+
     - name: /home/docker/nextcloud.{{inventory_hostname}}/docker-compose.yml Container Configuration
       blockinfile:
         path: /home/docker/nextcloud.{{inventory_hostname}}/docker-compose.yml
@@ -199,6 +220,20 @@
                 - traefik.http.middlewares.nextcloud-{{ ansible_facts['hostname'] }}--phpmyadmin-auth.basicauth.users=admin:$$apr1$$XLxGs/Ba$$3phZ1a2RtfExOp8x6NFjZ.
                 # Traefik network
                 - traefik.docker.network=traefik
+
+            nextcloud.{{inventory_hostname}}--coturn:
+              image: coturn/coturn:latest
+              restart: unless-stopped
+              volumes:
+                - /etc/localtime:/etc/localtime:ro
+                - ./turnserver.conf:/etc/coturn/turnserver.conf
+              networks:
+                - nextcloud.{{inventory_hostname}}--network
+                - traefik
+              ports:
+                - 3478:3478
+                - 3478:3478/udp
+
           networks:
             nextcloud.{{inventory_hostname}}--network:
               driver: bridge
@@ -306,6 +341,19 @@
         validate: /bin/bash -n %s
       notify: run nextcloud.update
 
+    - name: Allow turn for talk/spreed audio/video tcp
+      community.general.ufw:
+        rule: allow
+        port: '3478'
+        proto: tcp
+
+    - name: Allow turn for talk/spreed audio/video udp
+      community.general.ufw:
+        rule: allow
+        port: '3478'
+        proto: udp
+
+
   handlers:
     - name: run genpw.sh
       ansible.builtin.shell: ./genpw.sh