Commit e4b96ee2 authored by fnux's avatar fnux

Merge branch '__coturn' into 'master'

Import __coturn type from ungleich's dot-cdist

See merge request ungleich-public/cdist-contrib!4
parents c136d33d 7efa697e
Pipeline #1435 passed with stage
in 1 minute and 1 second
This diff is collapsed.
cdist-type__coturn(7)
=====================
NAME
----
cdist-type__coturn - Install and configure a coturn TURN server
DESCRIPTION
-----------
This (singleton) type installs and configures a coturn TURN server.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
static_auth_secret
Secret used to access the TURN REST API.
realm
Default realm.
allowed-peer
Allow specific IP addresses or ranges of IP addresses. Can be specified multiple times.
denied-peer
Ban specific IP addresses or ranges of IP addresses. Can be specified multiple times.
cert
Path to certificate file. Absolute or relative. Use PEM file format.
pkey
Patch to private key file. Use PEM file format.
min-port
Lower bound of the UDP port range for relay endpoints allocation.
Default value is 49152, according to RFC 5766.
max-port
Upper bound of the UDP port range for relay endpoints allocation.
Default value is 65535, according to RFC 5766.
extra-config
This will be appended verbatim to the end of `coturn.conf`, use this for more
complex setups where the parameters exposed by this type are not enough.
If its value is `-`, stdin will be used.
BOOLEAN PARAMETERS
------------------
use-auth-secret
Allows TURN credentials to be accounted for a specific user id.
no-tcp-relay
Disable TCP relay endpoints.
no-udp-relay
Disable UDP relay endpoints.
no-tls
Disable TLS listener.
no-dtls
Disable DTLS listener.
EXAMPLES
--------
.. code-block:: sh
__coturn \
--realm turn.domain.tld \
--no_tcp_relay
__coturn \
--realm turn.domain.tld \
--extra-config '-' <<EOF
# Debug logging
Verbose
# Use a redis database
redis-userdb="ip=[::1] dbname=coturn password=secret port=6379 connect_timeout=2"
EOF
SEE ALSO
--------
- `coturn Github repository <https://github.com/coturn/coturn>`_
AUTHORS
-------
Timothée Floure <timothee.floure@ungleich.ch>
COPYING
-------
Copyright \(C) 2020 Timothée Floure. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
#!/bin/sh -e
#
# 2020 Timothée Floure (timothee.floure@ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
case "$os" in
debian|devuan|ubuntu)
__package coturn
coturn_config='/etc/turnserver.conf'
;;
*)
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
# Type parameters.
if [ -f "$__object/parameter/use-auth-secret" ]; then
export USE_AUTH_SECRET=1
fi
if [ -f "$__object/parameter/no-tls" ]; then
export NO_TLS=1
fi
if [ -f "$__object/parameter/no-dtls" ]; then
export NO_DTLS=1
fi
if [ -f "$__object/parameter/static-auth-secret" ]; then
STATIC_AUTH_SECRET=$(cat "$__object/parameter/static-auth-secret")
export STATIC_AUTH_SECRET
fi
if [ -f "$__object/parameter/realm" ]; then
REALM=$(cat "$__object/parameter/realm")
export REALM
fi
if [ -f "$__object/parameter/no-tcp-relay" ]; then
export NO_TCP_RELAY=1
fi
if [ -f "$__object/parameter/no-udp-relay" ]; then
export NO_UDP_RELAY=1
fi
if [ -f "$__object/parameter/allowed-peer" ]; then
ALLOWED_PEERS=$(cat "$__object/parameter/allowed-peer")
export ALLOWED_PEERS
fi
if [ -f "$__object/parameter/denied-peer" ]; then
DENIED_PEERS=$(cat "$__object/parameter/denied-peer")
export DENIED_PEERS
fi
if [ -f "$__object/parameter/listening-ip" ]; then
LISTENING_IPS=$(cat "$__object/parameter/listening-ip")
export LISTENING_IPS
fi
if [ -f "$__object/parameter/cert" ]; then
CERT=$(cat "$__object/parameter/cert")
export CERT
fi
if [ -f "$__object/parameter/pkey" ]; then
PKEY=$(cat "$__object/parameter/pkey")
export PKEY
fi
if [ -f "$__object/parameter/extra-config" ]; then
EXTRA_CONFIG=$(cat "$__object/parameter/extra-config")
if [ "$EXTRA_CONFIG" = "-" ]; then
EXTRA_CONFIG=$(cat "$__object/stdin")
fi
export EXTRA_CONFIG
fi
MIN_PORT=$(cat "$__object/parameter/min-port")
export MIN_PORT
MAX_PORT=$(cat "$__object/parameter/max-port")
export MAX_PORT
# Generate and deploy configuration file.
mkdir -p "$__object/files"
"$__type/files/turnserver.conf.sh" > "$__object/files/turnserver.conf"
require="__package/coturn" __file $coturn_config \
--source "$__object/files/turnserver.conf" \
--owner turnserver \
--onchange 'service coturn restart'
use-auth-secret
no-tcp-relay
no-udp-relay
no-tls
no-dtls
static-auth-secret
realm
cert
pkey
min-port
max-port
extra-config
allowed-peer
denied-peer
listening-ip
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment