Wire Conduit to advertise usage of the Coturn TURN server

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3089
2025-10-31 07:17:57 +01:00 · 2024-01-11 07:52:28 +02:00
parent ce14647161
commit 6766216fcb
3 changed files with 43 additions and 0 deletions
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -4315,6 +4315,29 @@ matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service

 matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}"

+# Even if TURN doesn't support TLS (it does by default),
+# it doesn't hurt to try a secure connection anyway.
+#
+# When Let's Encrypt certificates are used (the default case),
+# we don't enable `turns` endpoints, because WebRTC in Element can't talk to them.
+# Learn more here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
+matrix_conduit_turn_uris: |
+  {{
+    []
+    +
+    [
+      'turns:' + matrix_server_fqn_matrix + '?transport=udp',
+      'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
+    ] if matrix_coturn_enabled and matrix_coturn_tls_enabled and matrix_playbook_ssl_retrieval_method != 'lets-encrypt' else []
+    +
+    [
+      'turn:' + matrix_server_fqn_matrix + '?transport=udp',
+      'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
+    ] if matrix_coturn_enabled else []
+  }}
+
+matrix_conduit_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
+
 matrix_conduit_systemd_required_services_list: |
  {{
    (['docker.service'])
--- a/roles/custom/matrix-conduit/defaults/main.yml
+++ b/roles/custom/matrix-conduit/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 # Conduit is a simple, fast and reliable chat server powered by Matrix
+# Project source code URL: https://gitlab.com/famedly/conduit
 # See: https://conduit.rs

 matrix_conduit_enabled: true
@@ -63,3 +64,10 @@ matrix_conduit_trusted_servers:

 # How many requests Conduit sends to other servers at the same time
 matrix_conduit_max_concurrent_requests: 100
+
+# TURN integration.
+# See: https://gitlab.com/famedly/conduit/-/blob/next/TURN.md
+matrix_conduit_turn_uris: []
+matrix_conduit_turn_secret: ''
+matrix_conduit_turn_username: ''
+matrix_conduit_turn_password: ''
--- a/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2
+++ b/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2
@@ -53,3 +53,15 @@ log = "info,state_res=warn,rocket=off,_=off,sled=off"

 address = "0.0.0.0"

+turn_uris = {{ matrix_conduit_turn_uris | to_json }}
+
+{% if matrix_conduit_turn_secret != '' %}
+turn_secret = {{ matrix_conduit_turn_secret | to_json }}
+{% endif %}
+
+# If you have your TURN server configured to use a username and password
+# you can provide these information too. In this case comment out `turn_secret above`!
+{% if matrix_conduit_turn_username != '' or matrix_conduit_turn_password != '' %}
+turn_username = {{ matrix_conduit_turn_username | to_json }}
+turn_password = {{ matrix_conduit_turn_password | to_json }}
+{% endif %}