Configure TURN properly

Was missing a couple of necessary properties, and is now using an
explicit port range for TURN, and opening those ports in UFW.

site-cookbooks/kosmos-ejabberd/attributes/default.rb

@@ -1,5 +1,7 @@
 node.default["kosmos-ejabberd"]["version"] = "20.04"
 node.default["kosmos-ejabberd"]["checksum"] = "5377ff18960a399e661fa23f4a1d9f57c78d4579ed108c52b8f68e7cd9268868"
+node.default["kosmos-ejabberd"]["turn_min_port"] = 49152
+node.default["kosmos-ejabberd"]["turn_max_port"] = 59152
 
 node.override["tor"]["HiddenServices"]["ejabberd"] = {
   "HiddenServicePorts" => [

site-cookbooks/kosmos-ejabberd/recipes/default.rb

@@ -154,7 +154,11 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
   sensitive true
   variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'],
             hosts: hosts,
-            admin_users: admin_users
+            admin_users: admin_users,
+            stun_auth_realm: "kosmos.org",
+            turn_ip_address: node['ipaddress'],
+            turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
+            turn_max_port: node["kosmos-ejabberd"]["turn_max_port"]
   notifies :run, "execute[ejabberdctl reload_config]", :delayed
 end
 
@@ -206,6 +210,12 @@ unless node.chef_environment == "development"
     protocol :udp
     command  :allow
   end
+
+  firewall_rule 'ejabberd_turn' do
+    port     node["kosmos-ejabberd"]["turn_min_port"]..node["kosmos-ejabberd"]["turn_max_port"]
+    protocol :udp
+    command  :allow
+  end
 end
 
 #

site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb

@@ -78,9 +78,11 @@ listen:
     port: 3478
     transport: udp
     module: ejabberd_stun
+    auth_realm: <%= @stun_auth_realm %>
     use_turn: true
-    ## The server's public IPv4 address:
+    turn_ip: <%= @turn_ip_address %>
-    # turn_ip: 203.0.113.3
+    turn_min_port: <%= @turn_min_port %>
+    turn_max_port: <%= @turn_max_port %>
 
 s2s_use_starttls: optional