#
# Cookbook:: kosmos-ejabberd
# Recipe:: coturn
#

apt_package 'coturn'

domain = node["ejabberd"]["turn_domain"]
credentials = data_bag_item("credentials", "ejabberd")

tls_cert_for domain do
  auth "gandi_dns"
  action :create
end

template "/etc/turnserver.conf" do
  source "turnserver.conf.erb"
  mode 0644
  variables listening_port: node["ejabberd"]["stun_turn_port"],
            tls_listening_port: node["ejabberd"]["stun_turn_port_tls"],
            listening_ip: node["ipaddress"],
            relay_ip: node["ipaddress"],
            min_port: node["ejabberd"]["turn_min_port"],
            max_port: node["ejabberd"]["turn_max_port"],
            realm: node["ejabberd"]["stun_auth_realm"],
            static_auth_secret: credentials["stun_secret"],
            cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
            pkey: "/etc/letsencrypt/live/#{domain}/privkey.pem"
  notifies :restart, "service[coturn]", :delayed
end

firewall_rule 'ejabberd_stun_turn' do
  port     node["ejabberd"]["stun_turn_port"]
  protocol :udp
  command  :allow
end

firewall_rule 'ejabberd_stun_turn_tls' do
  port     node["ejabberd"]["stun_turn_port_tls"]
  protocol :tcp
  command  :allow
end

firewall_rule 'ejabberd_turn' do
  port     node["ejabberd"]["turn_min_port"]..node["ejabberd"]["turn_max_port"]
  protocol :udp
  command  :allow
end

service "coturn" do
  action [:enable, :start]
end