Derive matrix_coturn_turn_static_auth_secret from matrix_homeserver_g…

…eneric_secret_key Doing this further simplifies examples/vars.yml.
AtomHare · Jan 7, 2022 · bbbfc07 · bbbfc07
1 parent 965890b
commit bbbfc07
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/examples/vars.yml b/examples/vars.yml
@@ -28,10 +28,6 @@ matrix_homeserver_generic_secret_key: ''
 # Example value: [email protected]
 matrix_ssl_lets_encrypt_support_email: ''
 
-# A shared secret (between Coturn and Synapse) used for authentication.
-# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
-matrix_coturn_turn_static_auth_secret: ''
-
 # A Postgres password to use for the superuser Postgres user (called `matrix` by default).
 #
 # The playbook creates additional Postgres users and databases (one for each enabled service)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
@@ -1087,6 +1087,8 @@ matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
 
 matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
 
+matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}"
+
 matrix_coturn_tls_enabled: "{{ matrix_ssl_retrieval_method != 'none' }}"
 matrix_coturn_tls_cert_path: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_server_fqn_matrix }}/fullchain.pem"
 matrix_coturn_tls_key_path: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_server_fqn_matrix }}/privkey.pem"