ansible-role-eom/tasks/coturn.yaml

---
# tasks file for coturn
- name: Add Small Hack repo
  kubernetes.core.helm_repository:
    name: small-hack-coturn
    repo_url: https://small-hack.github.io/coturn-chart
  register: repo

- name: Update Helm repos
  command: helm repo update
  when: repo.changed

- name: Deploy Coturn
  kubernetes.core.helm:
    name: coturn
    chart_ref: small-hack-coturn/coturn
    release_namespace: coturn
    create_namespace: true
    values:
        service:
          type: LoadBalancer
          externalTrafficPolicy: Local
        certificate:
          enabled: true
          host: coturn.eom.dev
          issuerName: ca-issuer
        sharedSecret: "{{ coturn_shared_secret }}"
        image:
          tag: latest
          pullPolicy: Always
        externalDatabase:
          enabled: true
        postgresql:
          enabled: true
          global:
            postgresql:
              auth:
                password: "{{ coturn_admin_password }}"
          primary:
            initdb:
              scripts:
                schema.sql: |
                  CREATE TABLE turnusers_lt (
                      realm varchar(127) default '',
                      name varchar(512),
                      hmackey char(128),
                      PRIMARY KEY (realm,name)
                  );

                  CREATE TABLE turn_secret (
                      realm varchar(127) default '',
                      value varchar(256),
                      primary key (realm,value)
                  );

                  CREATE TABLE allowed_peer_ip (
                      realm varchar(127) default '',
                      ip_range varchar(256),
                      primary key (realm,ip_range)
                  );

                  CREATE TABLE denied_peer_ip (
                      realm varchar(127) default '',
                      ip_range varchar(256),
                      primary key (realm,ip_range)
                  );

                  CREATE TABLE turn_origin_to_realm (
                      origin varchar(127),
                      realm varchar(127),
                      primary key (origin)
                  );

                  CREATE TABLE turn_realm_option (
                      realm varchar(127) default '',
                      opt varchar(32),
                      value varchar(128),
                      primary key (realm,opt)
                  );

                  CREATE TABLE oauth_key (
                      kid varchar(128),
                      ikm_key varchar(256),
                      timestamp bigint default 0,
                      lifetime integer default 0,
                      as_rs_alg varchar(64) default '',
                      realm varchar(127),
                      primary key (kid)
                  );

                  CREATE TABLE admin_user (
                      name varchar(32),
                      realm varchar(127),
                      password varchar(127),
                      primary key (name)
                  );                  
            persistence:
              size: 256Gi
        coturn:
          realm: coturn.eom.dev
          auth:
            username: coturn
            password: "{{ coturn_admin_password }}"