From 9ad2f38d254b01611e874ac5aa8cddaf5aa28732 Mon Sep 17 00:00:00 2001
From: Matthew Fennell <matthew@fennell.dev>
Date: Sun, 6 Jul 2025 19:57:44 +0100
Subject: Share turnserver between vhosts on same machine

I made a mistake in the original configuration - I tried to give each
virtual host a separate turnserver on its own subdomain. However, since
koyo.haus and fennell.dev (and likewise in nonprod) share a virtual
machine, they can only have one turnserver between them (in the
turnserver.conf, there can only be a single realm).

Therefore, always point to koyo.haus for the turnserver in each
environment.
---
 files/prosody.cfg.lua.j2      | 4 ++++
 files/turnserver.conf.j2      | 3 ++-
 files/virtual_host.cfg.lua.j2 | 4 ----
 playbook.yaml                 | 4 ----
 4 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/files/prosody.cfg.lua.j2 b/files/prosody.cfg.lua.j2
index d56381c..0bcf6ba 100644
--- a/files/prosody.cfg.lua.j2
+++ b/files/prosody.cfg.lua.j2
@@ -33,6 +33,7 @@ modules_enabled = {
     "stanza_debug";
     "time";
     "tls";
+    "turn_external";
     "uptime";
     "vcard4";
     "vcard_legacy";
@@ -61,6 +62,9 @@ c2s_direct_tls_ports = { 5223 }
 s2s_direct_tls_ports = { 5270 }
 use_dane = true
 
+turn_external_host = "{{ turn_server }}"
+turn_external_secret = "{{ turn_secret }}"
+
 -- From Monal considerations for XMPP server admins
 smacks_hibernation_time = 86400
 
diff --git a/files/turnserver.conf.j2 b/files/turnserver.conf.j2
index 05c956c..f90f0f0 100644
--- a/files/turnserver.conf.j2
+++ b/files/turnserver.conf.j2
@@ -6,6 +6,7 @@ syslog
 no-rfc5780
 no-stun-backward-compatibility
 response-origin-only-with-rfc5780
-realm=turn.{{ virtual_host }}
+realm={{ turn_server }}
 use-auth-secret
 static-auth-secret={{ turn_secret }}
+external-ip={{ ipv4 }}
diff --git a/files/virtual_host.cfg.lua.j2 b/files/virtual_host.cfg.lua.j2
index 2834474..4182a60 100644
--- a/files/virtual_host.cfg.lua.j2
+++ b/files/virtual_host.cfg.lua.j2
@@ -15,7 +15,6 @@ modules_enabled = {
   "invites_register";
   "register";
   "register_apps";
-  "turn_external";
 }
 
 site_apps_show = {
@@ -34,9 +33,6 @@ contact_info = {
   admin = { "xmpp:admin@{{ virtual_host }}" };
 }
 
-turn_external_host = "turn.{{ virtual_host }}"
-turn_external_secret = "{{ turn_secret }}"
-
 allow_user_invites = true
 http_external_url = "https://{{ virtual_host }}/"
 site_name = "{{ virtual_host }}"
diff --git a/playbook.yaml b/playbook.yaml
index 467b1fa..3a3d0cd 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -122,10 +122,6 @@
          type: CNAME
          ttl: 3600
          records: ["{{ delegate_host }}."]
-       - subname: "turn"
-         type: CNAME
-         ttl: 3600
-         records: ["{{ delegate_host }}."]
        - subname: "upload"
          type: CNAME
          ttl: 3600
-- 
cgit v1.2.3