From 6b8a94ba2efc85970e66ad2a863f8240cddfde70 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Sat, 11 Mar 2023 11:44:17 +0100
Subject: [PATCH] wip coturn

---
 .../app/coturn/config/docker-entrypoint.sh    | 15 ++++
 cluster/prod/app/coturn/deploy/coturn.hcl     | 87 +++++++++++++++++++
 cluster/prod/app/coturn/integration/cmd.sh    |  7 ++
 cluster/prod/app/coturn/readme.md             |  6 ++
 cluster/prod/app/coturn/secrets.toml          |  5 ++
 5 files changed, 120 insertions(+)
 create mode 100755 cluster/prod/app/coturn/config/docker-entrypoint.sh
 create mode 100644 cluster/prod/app/coturn/deploy/coturn.hcl
 create mode 100644 cluster/prod/app/coturn/integration/cmd.sh
 create mode 100644 cluster/prod/app/coturn/readme.md
 create mode 100644 cluster/prod/app/coturn/secrets.toml

diff --git a/cluster/prod/app/coturn/config/docker-entrypoint.sh b/cluster/prod/app/coturn/config/docker-entrypoint.sh
new file mode 100755
index 0000000..cd945b0
--- /dev/null
+++ b/cluster/prod/app/coturn/config/docker-entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+turnserver \
+    -n \
+    --external-ip=$(detect-external-ip) \
+    --min-port=49160 \
+    --max-port=49169 \
+    --log-file=stdout \
+    --use-auth-secret \
+    --realm turn.deuxfleurs.fr \
+    --no-cli \
+    --no-tls \
+    --no-dtls \
+    --prometheus \
+    --static-auth-secret '{{ key "secrets/coturn/static-auth-secret" | trimSpace }}' 
diff --git a/cluster/prod/app/coturn/deploy/coturn.hcl b/cluster/prod/app/coturn/deploy/coturn.hcl
new file mode 100644
index 0000000..2a48f3c
--- /dev/null
+++ b/cluster/prod/app/coturn/deploy/coturn.hcl
@@ -0,0 +1,87 @@
+job "coturn" {
+  datacenters = ["neptune", "orion"]
+  type = "service"
+
+  priority = 100
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  group "main" {
+    count = 1
+
+    network {
+      port "prometheus" { static = 9641 }
+      port "turn_ctrl" { static = 3478 }
+      port "turn_data0" { static = 49160 }
+      port "turn_data1" { static = 49161 }
+      port "turn_data2" { static = 49162 }
+      port "turn_data3" { static = 49163 }
+      port "turn_data4" { static = 49164 }
+      port "turn_data5" { static = 49165 }
+      port "turn_data6" { static = 49166 }
+      port "turn_data7" { static = 49167 }
+      port "turn_data8" { static = 49168 }
+      port "turn_data9" { static = 49169 }
+    }
+
+    task "turnserver" {
+      driver = "docker"
+      config {
+        image = "coturn/coturn:4.6.1-r2-alpine"
+        ports = [ "prometheus", "turn_ctrl", "turn_data0", "turn_data1", "turn_data2",
+                  "turn_data3", "turn_data4", "turn_data5", "turn_data6", "turn_data7",
+                  "turn_data8", "turn_data9" ]
+        network_mode = "host"
+        volumes = [
+          "secrets/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh",
+        ]
+      }
+
+      template {
+        data = file("../config/docker-entrypoint.sh")
+        destination = "secrets/docker-entrypoint.sh"
+        perms = 555
+      }
+
+      resources {
+        memory = 20
+        memory_max = 50
+        cpu = 50
+      }
+
+      service {
+        name = "coturn"
+        tags = [
+          "coturn",
+          "d53-cname turn.deuxfleurs.fr",
+          "(diplonat (tcp_port 3478) (udp_port 3478 49160 49161 49162 49163 49164 49165 49166 49167 49168 49169))",
+        ]
+        port = "turn_ctrl"
+        check {
+          type = "http"
+          protocol = "http"
+          port = "prometheus"
+          path = "/"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "600s"
+            ignore_warnings = false
+          }
+        }
+      }
+
+      restart {
+        interval = "30m"
+        attempts = 20
+        delay    = "15s"
+        mode     = "delay"
+      }
+    }
+  }
+}
+
diff --git a/cluster/prod/app/coturn/integration/cmd.sh b/cluster/prod/app/coturn/integration/cmd.sh
new file mode 100644
index 0000000..262cf49
--- /dev/null
+++ b/cluster/prod/app/coturn/integration/cmd.sh
@@ -0,0 +1,7 @@
+docker run \
+    --name coturn \
+    --rm \
+    -it \
+    -v `pwd`/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh \
+    --network=host \
+    coturn/coturn:4.6.1-r2-alpine
diff --git a/cluster/prod/app/coturn/readme.md b/cluster/prod/app/coturn/readme.md
new file mode 100644
index 0000000..0036ab2
--- /dev/null
+++ b/cluster/prod/app/coturn/readme.md
@@ -0,0 +1,6 @@
+stun+turn
+tcp: 3478
+udp: 49160-49169
+
+prometheus:
+tcp: 9641
diff --git a/cluster/prod/app/coturn/secrets.toml b/cluster/prod/app/coturn/secrets.toml
new file mode 100644
index 0000000..8b41a31
--- /dev/null
+++ b/cluster/prod/app/coturn/secrets.toml
@@ -0,0 +1,5 @@
+# coturn 
+[secrets."coturn/static-auth-secret"]
+type = 'command'
+rotate = true
+command = "openssl rand -base64 64|tr -d '\n'"