diff --git a/deployer/roles/build/tasks/synapse.yml b/deployer/roles/build/tasks/synapse.yml index b21c386..d0fab21 100644 --- a/deployer/roles/build/tasks/synapse.yml +++ b/deployer/roles/build/tasks/synapse.yml @@ -73,7 +73,11 @@ direction: in from_ip: any to_port: "{{ item }}" - loop: "{{ range({{ site.coturn.min_port }}, {{ site.coturn.max_port }} + 1)|list }}" + proto: udp + rule: allow + comment: "coturn UDP" + with_sequence: start="{{ site.coturn.min_port }}" end="{{ site.coturn.max_port }}" + #loop: "{{ range({{ site.coturn.min_port }}, {{ site.coturn.max_port }} + 1)|list }}" become: true diff --git a/deployer/roles/build/templates/synapse/docker-compose.yml.j2 b/deployer/roles/build/templates/synapse/docker-compose.yml.j2 index 705ea84..f962275 100644 --- a/deployer/roles/build/templates/synapse/docker-compose.yml.j2 +++ b/deployer/roles/build/templates/synapse/docker-compose.yml.j2 @@ -1,4 +1,4 @@ -version: '3' +version: '3.4' # Generated by ansible for site {{ site.url }} # On network {{ site.subnet_cidr_address }}: @@ -15,25 +15,25 @@ services: - UID={{ site.user_uid }} - GID={{ site.user_gid }} volumes: - - "{{ site_data_path }}:/data" + - {{ site_data_path }}:/data networks: net: - ipv4_address: "{{ site.subnet_site_ip }}" + ipv4_address: {{ site.subnet_site_ip }} turn: # We use: https://github.com/instrumentisto/coturn-docker-image - image: instrumentisto/coturn-docker-image:latest + image: instrumentisto/coturn:latest restart: unless-stopped - # We bind directly to host (no proxying the NAT piercer) - # TCP/UDP: {{ site.coturn.listening_port }} - # UDP: {{ site.coturn.min_port }} - {{ site.coturn.max_port }} - network: host volumes: - type: tmpfs target: /var/lib/coturn - - type: volume - source: "{{ sites_path }}/{{ site.slug }}/coturn/turnserver.conf" - destination: /etc/coturn/turnserver.conf + - type: bind + source: {{ sites_path }}/{{ site.slug }}/coturn/turnserver.conf + target: /etc/coturn/turnserver.conf + # We bind directly to host (no proxying the NAT piercer) + # TCP/UDP: {{ site.coturn.listening_port }} + # UDP: {{ site.coturn.min_port }} - {{ site.coturn.max_port }} + network_mode: host networks: net: diff --git a/deployer/roles/build/templates/synapse/homeserver.yaml.j2 b/deployer/roles/build/templates/synapse/homeserver.yaml.j2 index 3c05efa..1529524 100644 --- a/deployer/roles/build/templates/synapse/homeserver.yaml.j2 +++ b/deployer/roles/build/templates/synapse/homeserver.yaml.j2 @@ -926,7 +926,7 @@ enable_registration_captcha: false # Enable registration for new users. # -#enable_registration: false +enable_registration: true # Optional account validity configuration. This allows for accounts to be denied # any request after a given period. @@ -1026,7 +1026,7 @@ account_validity: # Enable 3PIDs lookup requests to identity servers from this server. # -#enable_3pid_lookup: true +enable_3pid_lookup: true # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. @@ -1112,8 +1112,8 @@ account_threepid_delegates: # as a publicly joinable room when the first user registers for the # homeserver. This behaviour can be customised with the settings below. # -#auto_join_rooms: -# - "#example:example.com" +auto_join_rooms: + - "#general:zinz.dev" # Where auto_join_rooms are specified, setting this flag ensures that the # the rooms exist by creating them when the first user on the @@ -1129,7 +1129,7 @@ account_threepid_delegates: # Defaults to true. Uncomment the following line to disable automatically # creating auto-join rooms. # -#autocreate_auto_join_rooms: false +autocreate_auto_join_rooms: true # Whether the auto_join_rooms that are auto-created are available via # federation. Only has an effect if autocreate_auto_join_rooms is true.