#jinja2: lstrip_blocks: "True"

# Adapted from 
# https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/matrix-coturn/templates/turnserver.conf.j2
# in Jan. 2021

# TURN listener port for UDP and TCP (Default: 3478).
# Note: actually, TLS & DTLS sessions can connect to the
# "plain" TCP & UDP port(s), too - if allowed by configuration.
listening-port={{ site.coturn.listening_port }}


# Alternative listening port for UDP and TCP listeners;
# default (or zero) value means "listening port plus one".
# This is needed for RFC 5780 support
# (STUN extension specs, NAT behavior discovery). The TURN Server
# supports RFC 5780 only if it is started with more than one
# listening IP address of the same family (IPv4 or IPv6).
# RFC 5780 is supported only by UDP protocol, other protocols
# are listening to that endpoint only for "symmetry".
#
alt-listening-port=0

use-auth-secret
static-auth-secret={{ site.coturn.static_auth_secret }}
realm=turn.{{ site.url }}

min-port={{ site.coturn.min_port }}
max-port={{ site.coturn.min_port }}
external-ip={{ site.coturn.external_ip }}

log-file=stdout
pidfile=/var/tmp/turnserver.pid
userdb=/var/tmp/turnserver.db

no-cli
no-tls
no-dtls

prod
no-tcp-relay

{% if site.coturn.user_quota != None %}
user-quota={{ site.coturn.user_quota }}
{% endif %}
{% if site.coturn.total_quota != None %}
total-quota={{ site.coturn.total_quota }}
{% endif %}

{% for ip_range in matrix_coturn_denied_peer_ips %}
denied-peer-ip={{ ip_range }}
{% endfor %}
{% for ip_range in matrix_coturn_allowed_peer_ips %}
allowed-peer-ip={{ ip_range }}
{% endfor %}