aboutsummaryrefslogtreecommitdiff
path: root/cluster
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2023-03-11 11:44:17 +0100
committerQuentin Dufour <quentin@deuxfleurs.fr>2023-03-11 11:44:17 +0100
commit6b8a94ba2efc85970e66ad2a863f8240cddfde70 (patch)
tree4bf3dc6c5cb15620b5a978dbd803bd63fc81c8f1 /cluster
parent850ea784e7bb96ee7af954805dab7d326f58c228 (diff)
downloadnixcfg-6b8a94ba2efc85970e66ad2a863f8240cddfde70.tar.gz
nixcfg-6b8a94ba2efc85970e66ad2a863f8240cddfde70.zip
wip coturn
Diffstat (limited to 'cluster')
-rwxr-xr-xcluster/prod/app/coturn/config/docker-entrypoint.sh15
-rw-r--r--cluster/prod/app/coturn/deploy/coturn.hcl87
-rw-r--r--cluster/prod/app/coturn/integration/cmd.sh7
-rw-r--r--cluster/prod/app/coturn/readme.md6
-rw-r--r--cluster/prod/app/coturn/secrets.toml5
5 files changed, 120 insertions, 0 deletions
diff --git a/cluster/prod/app/coturn/config/docker-entrypoint.sh b/cluster/prod/app/coturn/config/docker-entrypoint.sh
new file mode 100755
index 0000000..cd945b0
--- /dev/null
+++ b/cluster/prod/app/coturn/config/docker-entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+turnserver \
+ -n \
+ --external-ip=$(detect-external-ip) \
+ --min-port=49160 \
+ --max-port=49169 \
+ --log-file=stdout \
+ --use-auth-secret \
+ --realm turn.deuxfleurs.fr \
+ --no-cli \
+ --no-tls \
+ --no-dtls \
+ --prometheus \
+ --static-auth-secret '{{ key "secrets/coturn/static-auth-secret" | trimSpace }}'
diff --git a/cluster/prod/app/coturn/deploy/coturn.hcl b/cluster/prod/app/coturn/deploy/coturn.hcl
new file mode 100644
index 0000000..2a48f3c
--- /dev/null
+++ b/cluster/prod/app/coturn/deploy/coturn.hcl
@@ -0,0 +1,87 @@
+job "coturn" {
+ datacenters = ["neptune", "orion"]
+ type = "service"
+
+ priority = 100
+
+ constraint {
+ attribute = "${attr.cpu.arch}"
+ value = "amd64"
+ }
+
+ group "main" {
+ count = 1
+
+ network {
+ port "prometheus" { static = 9641 }
+ port "turn_ctrl" { static = 3478 }
+ port "turn_data0" { static = 49160 }
+ port "turn_data1" { static = 49161 }
+ port "turn_data2" { static = 49162 }
+ port "turn_data3" { static = 49163 }
+ port "turn_data4" { static = 49164 }
+ port "turn_data5" { static = 49165 }
+ port "turn_data6" { static = 49166 }
+ port "turn_data7" { static = 49167 }
+ port "turn_data8" { static = 49168 }
+ port "turn_data9" { static = 49169 }
+ }
+
+ task "turnserver" {
+ driver = "docker"
+ config {
+ image = "coturn/coturn:4.6.1-r2-alpine"
+ ports = [ "prometheus", "turn_ctrl", "turn_data0", "turn_data1", "turn_data2",
+ "turn_data3", "turn_data4", "turn_data5", "turn_data6", "turn_data7",
+ "turn_data8", "turn_data9" ]
+ network_mode = "host"
+ volumes = [
+ "secrets/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh",
+ ]
+ }
+
+ template {
+ data = file("../config/docker-entrypoint.sh")
+ destination = "secrets/docker-entrypoint.sh"
+ perms = 555
+ }
+
+ resources {
+ memory = 20
+ memory_max = 50
+ cpu = 50
+ }
+
+ service {
+ name = "coturn"
+ tags = [
+ "coturn",
+ "d53-cname turn.deuxfleurs.fr",
+ "(diplonat (tcp_port 3478) (udp_port 3478 49160 49161 49162 49163 49164 49165 49166 49167 49168 49169))",
+ ]
+ port = "turn_ctrl"
+ check {
+ type = "http"
+ protocol = "http"
+ port = "prometheus"
+ path = "/"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "600s"
+ ignore_warnings = false
+ }
+ }
+ }
+
+ restart {
+ interval = "30m"
+ attempts = 20
+ delay = "15s"
+ mode = "delay"
+ }
+ }
+ }
+}
+
diff --git a/cluster/prod/app/coturn/integration/cmd.sh b/cluster/prod/app/coturn/integration/cmd.sh
new file mode 100644
index 0000000..262cf49
--- /dev/null
+++ b/cluster/prod/app/coturn/integration/cmd.sh
@@ -0,0 +1,7 @@
+docker run \
+ --name coturn \
+ --rm \
+ -it \
+ -v `pwd`/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh \
+ --network=host \
+ coturn/coturn:4.6.1-r2-alpine
diff --git a/cluster/prod/app/coturn/readme.md b/cluster/prod/app/coturn/readme.md
new file mode 100644
index 0000000..0036ab2
--- /dev/null
+++ b/cluster/prod/app/coturn/readme.md
@@ -0,0 +1,6 @@
+stun+turn
+tcp: 3478
+udp: 49160-49169
+
+prometheus:
+tcp: 9641
diff --git a/cluster/prod/app/coturn/secrets.toml b/cluster/prod/app/coturn/secrets.toml
new file mode 100644
index 0000000..8b41a31
--- /dev/null
+++ b/cluster/prod/app/coturn/secrets.toml
@@ -0,0 +1,5 @@
+# coturn
+[secrets."coturn/static-auth-secret"]
+type = 'command'
+rotate = true
+command = "openssl rand -base64 64|tr -d '\n'"