Support for static turn secrets in the backend.

Note that this has not been tested in the wild yet; it just does what the comments in the default docker-compose.yml by thecodingmachine suggests it should do to enable using the rest api of coturn.
author: stuebinm 2021-03-14 17:46:18 +0100
committer: stuebinm 2021-03-14 17:46:34 +0100
commit: 0d5adebcf26fbdc1f4d96861cf76d20b2ac42f0b (patch)
tree: d8899de292f791322ed1bf7a67a31cdf4c24b64a
parent: 2cc766a3ce7daeac1088c3233ff7d37813aec0cb (diff)
2 files changed, 7 insertions, 1 deletions
diff --git a/default.nix b/default.nix
index c972d40..d620da9 100644
--- a/default.nix
+++ b/default.nix
@@ -51,6 +51,7 @@ let
         environment = {
           HTTP_PORT = toString instanceConfig.backend.httpPort;
           GRPC_PORT = toString instanceConfig.backend.grpcPort;
+          TURN_STATIC_AUTH_SECRET = instanceConfig.commonConfig.webrtc.turn.staticSecret;
         } // envCommonConfig instanceConfig;
         serviceConfig = {
           User = "workadventure-backend";
diff --git a/instance-options.nix b/instance-options.nix
index c01932e..8df507d 100644
--- a/instance-options.nix
+++ b/instance-options.nix
@@ -167,7 +167,12 @@ with pkgs;
           };
           password = mkOption {
             default = "workadventure";
-            description = "Password for TURN authentication";
+            description = "Password for TURN authentication (will be served to clients!)";
+            type = types.str;
+          };
+          staticSecret = mkOption {
+            default = "";
+            description = "Static Secret for the coturn rest API (not served to clients)";
             type = types.str;
           };
         };
author	stuebinm	2021-03-14 17:46:18 +0100
committer	stuebinm	2021-03-14 17:46:34 +0100
commit	0d5adebcf26fbdc1f4d96861cf76d20b2ac42f0b (patch)
tree	d8899de292f791322ed1bf7a67a31cdf4c24b64a
parent	2cc766a3ce7daeac1088c3233ff7d37813aec0cb (diff)