From 0d5adebcf26fbdc1f4d96861cf76d20b2ac42f0b Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Sun, 14 Mar 2021 17:46:18 +0100
Subject: Support for static turn secrets in the backend.

Note that this has not been tested in the wild yet; it just does what
the comments in the default docker-compose.yml by thecodingmachine
suggests it should do to enable using the rest api of coturn.
---
 default.nix          | 1 +
 instance-options.nix | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/default.nix b/default.nix
index c972d40..d620da9 100644
--- a/default.nix
+++ b/default.nix
@@ -51,6 +51,7 @@ let
         environment = {
           HTTP_PORT = toString instanceConfig.backend.httpPort;
           GRPC_PORT = toString instanceConfig.backend.grpcPort;
+          TURN_STATIC_AUTH_SECRET = instanceConfig.commonConfig.webrtc.turn.staticSecret;
         } // envCommonConfig instanceConfig;
         serviceConfig = {
           User = "workadventure-backend";
diff --git a/instance-options.nix b/instance-options.nix
index c01932e..8df507d 100644
--- a/instance-options.nix
+++ b/instance-options.nix
@@ -167,7 +167,12 @@ with pkgs;
           };
           password = mkOption {
             default = "workadventure";
-            description = "Password for TURN authentication";
+            description = "Password for TURN authentication (will be served to clients!)";
+            type = types.str;
+          };
+          staticSecret = mkOption {
+            default = "";
+            description = "Static Secret for the coturn rest API (not served to clients)";
             type = types.str;
           };
         };
-- 
cgit v1.2.3