okhsunrog e38a231159 Add Coturn TURN/STUN server and improve infrastructure

Major changes:
- Add Coturn role for Nextcloud Talk WebRTC support
  - Automatic SSL/TLS via Let's Encrypt
  - DPI-resistant configuration with static auth
  - Firewall rules for TURN (3478) and relay ports (49152-49252)
- Optimize nginx WebSocket support with conditional Connection header
- Change Forgejo domain from git.okhsunrog.dev to fgj.okhsunrog.dev
- Fix certbot role to properly handle new domains on existing infrastructure
- Update all Ansible variables to use ansible_facts syntax (Ansible 2.24 compatibility)
- Add network role support for ports with both TCP and UDP
- Remove unused snake/serpentina service configuration
- Add comprehensive documentation in docs/ directory

Bug fixes:
- Certbot now checks each domain individually instead of skipping all if any exist
- Create ssl-cert group before adding turnserver user to it

2025-12-12 16:17:58 +03:00

1.1 KiB

Raw Permalink Blame History

Cloud Forge Documentation

Documentation for the cloud-forge infrastructure automation project.

Available Guides

Coturn Setup Guide - Complete guide for deploying and configuring Coturn (TURN/STUN) server for Nextcloud Talk

Quick Links

Project Structure

Main playbook: site.yml
Inventory: inventory.yml
Variables: group_vars/all/vars.yml
Encrypted secrets: group_vars/all/vault.yml
Ansible configuration: ansible.cfg

Common Commands

Deploy full stack:

ansible-playbook site.yml

Update VPN users only:

ansible-playbook update_vpn_users.yml

Edit vault secrets:

ansible-vault edit group_vars/all/vault.yml

Infrastructure Components

VPN Services: OpenConnect (ocserv), WireGuard, AmneziaWG
Web Proxies: HAProxy, Nginx with SSL termination
Communication: Coturn (TURN/STUN for Nextcloud Talk)
Security: Fail2ban, iptables firewall
Certificates: Let's Encrypt via certbot

Adding New Documentation

When adding new components or features, create a new markdown file in this directory and link it in this README.

1.1 KiB Raw Permalink Blame History