diff options
| author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
|---|---|---|
| committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
| commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
| tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/coturn | |
| download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip | |
initial commit
Diffstat (limited to 'roles/coturn')
| -rw-r--r-- | roles/coturn/defaults/main.yml | 4 | ||||
| -rw-r--r-- | roles/coturn/handlers/main.yml | 4 | ||||
| -rw-r--r-- | roles/coturn/tasks/main.yml | 25 | ||||
| -rw-r--r-- | roles/coturn/templates/etc/coturn/turnserver.conf.j2 | 46 | ||||
| -rw-r--r-- | roles/coturn/vars/main.yml | 2 |
5 files changed, 81 insertions, 0 deletions
diff --git a/roles/coturn/defaults/main.yml b/roles/coturn/defaults/main.yml new file mode 100644 index 0000000..248975a --- /dev/null +++ b/roles/coturn/defaults/main.yml @@ -0,0 +1,4 @@ +coturn_port: 3478 +coturn_min_port: 49152 +coturn_max_port: 65535 +coturn_realm: '{{ ansible_fqdn }}' diff --git a/roles/coturn/handlers/main.yml b/roles/coturn/handlers/main.yml new file mode 100644 index 0000000..a8eb087 --- /dev/null +++ b/roles/coturn/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart coturn + systemd: + name: coturn + state: restarted diff --git a/roles/coturn/tasks/main.yml b/roles/coturn/tasks/main.yml new file mode 100644 index 0000000..ce1fb30 --- /dev/null +++ b/roles/coturn/tasks/main.yml @@ -0,0 +1,25 @@ +- name: install packages + dnf: + name: '{{ coturn_packages }}' + state: present + +- name: generate coturn configuration + template: + src: etc/coturn/turnserver.conf.j2 + dest: /etc/coturn/turnserver.conf + owner: root + group: coturn + mode: 0640 + notify: restart coturn + +- name: open firewall ports + firewalld: + port: '{{ item }}' + permanent: yes + immediate: yes + state: enabled + loop: + - '{{ coturn_port }}/tcp' + - '{{ coturn_port }}/udp' + - '{{ coturn_min_port }}-{{ coturn_max_port }}/udp' + tags: firewalld diff --git a/roles/coturn/templates/etc/coturn/turnserver.conf.j2 b/roles/coturn/templates/etc/coturn/turnserver.conf.j2 new file mode 100644 index 0000000..33f5d47 --- /dev/null +++ b/roles/coturn/templates/etc/coturn/turnserver.conf.j2 @@ -0,0 +1,46 @@ +listening-port={{ coturn_port }} +tls-listening-port=0 + +listen-ip={{ ansible_default_ipv4.address }} +external-ip={{ coturn_external_ip }} + +min-port={{ coturn_min_port }} +max-port={{ coturn_max_port }} + +use-auth-secret +static-auth-secret={{ coturn_auth_secret }} + +realm={{ coturn_realm }} + +no-tls +no-dtls + +log-file=stdout + +simple-log + +no-software-attribute + +no-multicast-peers +denied-peer-ip=0.0.0.0-0.255.255.255 +denied-peer-ip=10.0.0.0-10.255.255.255 +denied-peer-ip=100.64.0.0-100.127.255.255 +denied-peer-ip=127.0.0.0-127.255.255.255 +denied-peer-ip=169.254.0.0-169.254.255.255 +denied-peer-ip=127.0.0.0-127.255.255.255 +denied-peer-ip=172.16.0.0-172.31.255.255 +denied-peer-ip=192.0.0.0-192.0.0.255 +denied-peer-ip=192.0.2.0-192.0.2.255 +denied-peer-ip=192.88.99.0-192.88.99.255 +denied-peer-ip=192.168.0.0-192.168.255.255 +denied-peer-ip=198.18.0.0-198.19.255.255 +denied-peer-ip=198.51.100.0-198.51.100.255 +denied-peer-ip=203.0.113.0-203.0.113.255 +denied-peer-ip=240.0.0.0-255.255.255.255 +allowed-peer-ip={{ ansible_default_ipv4.address }} + +no-cli + +no-rfc5780 +no-stun-backward-compatibility +response-origin-only-with-rfc5780 diff --git a/roles/coturn/vars/main.yml b/roles/coturn/vars/main.yml new file mode 100644 index 0000000..eb8e04b --- /dev/null +++ b/roles/coturn/vars/main.yml @@ -0,0 +1,2 @@ +coturn_packages: + - coturn |