From 6766216fcb7f8428d6e3714546c09e5966ad6b77 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 11 Jan 2024 07:52:28 +0200
Subject: [PATCH 1/2] Wire Conduit to advertise usage of the Coturn TURN server

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3089
---
 group_vars/matrix_servers                     | 23 +++++++++++++++++++
 roles/custom/matrix-conduit/defaults/main.yml |  8 +++++++
 .../templates/conduit/conduit.toml.j2         | 12 ++++++++++
 3 files changed, 43 insertions(+)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index a52b27221..03857fde4 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -4315,6 +4315,29 @@ matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service
 
 matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}"
 
+# Even if TURN doesn't support TLS (it does by default),
+# it doesn't hurt to try a secure connection anyway.
+#
+# When Let's Encrypt certificates are used (the default case),
+# we don't enable `turns` endpoints, because WebRTC in Element can't talk to them.
+# Learn more here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
+matrix_conduit_turn_uris: |
+  {{
+    []
+    +
+    [
+      'turns:' + matrix_server_fqn_matrix + '?transport=udp',
+      'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
+    ] if matrix_coturn_enabled and matrix_coturn_tls_enabled and matrix_playbook_ssl_retrieval_method != 'lets-encrypt' else []
+    +
+    [
+      'turn:' + matrix_server_fqn_matrix + '?transport=udp',
+      'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
+    ] if matrix_coturn_enabled else []
+  }}
+
+matrix_conduit_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
+
 matrix_conduit_systemd_required_services_list: |
   {{
     (['docker.service'])
diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml
index 5259837e4..17218a544 100644
--- a/roles/custom/matrix-conduit/defaults/main.yml
+++ b/roles/custom/matrix-conduit/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 # Conduit is a simple, fast and reliable chat server powered by Matrix
+# Project source code URL: https://gitlab.com/famedly/conduit
 # See: https://conduit.rs
 
 matrix_conduit_enabled: true
@@ -63,3 +64,10 @@ matrix_conduit_trusted_servers:
 
 # How many requests Conduit sends to other servers at the same time
 matrix_conduit_max_concurrent_requests: 100
+
+# TURN integration.
+# See: https://gitlab.com/famedly/conduit/-/blob/next/TURN.md
+matrix_conduit_turn_uris: []
+matrix_conduit_turn_secret: ''
+matrix_conduit_turn_username: ''
+matrix_conduit_turn_password: ''
diff --git a/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2 b/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2
index 156914403..b22509cec 100644
--- a/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2
+++ b/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2
@@ -53,3 +53,15 @@ log = "info,state_res=warn,rocket=off,_=off,sled=off"
 
 address = "0.0.0.0"
 
+turn_uris = {{ matrix_conduit_turn_uris | to_json }}
+
+{% if matrix_conduit_turn_secret != '' %}
+turn_secret = {{ matrix_conduit_turn_secret | to_json }}
+{% endif %}
+
+# If you have your TURN server configured to use a username and password
+# you can provide these information too. In this case comment out `turn_secret above`!
+{% if matrix_conduit_turn_username != '' or matrix_conduit_turn_password != '' %}
+turn_username = {{ matrix_conduit_turn_username | to_json }}
+turn_password = {{ matrix_conduit_turn_password | to_json }}
+{% endif %}

From 95e505106b4fcd99ab833dc6292f79af856e2f6a Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 11 Jan 2024 07:55:41 +0200
Subject: [PATCH 2/2] Restore matrix_mautrix_signal_appservice_bot_username
 usage

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3088

Looks like the migration to the Go-based Signal bridge hardcoded the
`signalbot` username instead of using the variable we had.
Related to: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3041
---
 .../matrix-bridge-mautrix-signal/templates/config.yaml.j2       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
index 46427c8cd..8cca8e263 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
@@ -58,7 +58,7 @@ appservice:
     # Appservice bot details.
     bot:
         # Username of the appservice bot.
-        username: signalbot
+        username: {{ matrix_mautrix_signal_appservice_bot_username | to_json }}
         # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
         # to leave display name/avatar as-is.
         displayname: signal bridge bot