services:
  tuwunel:
    image: jevolk/tuwunel:latest
    container_name: tuwunel
    restart: unless-stopped
    networks:
      - backbone
    environment:
      TUWUNEL_CONFIG: /etc/tuwunel/tuwunel.toml
      TUWUNEL_SERVER_NAME: ${DOMAIN_NAME}
      TUWUNEL_TURN_URIS: '["turn:turn.${DOMAIN_NAME}:3478?transport=udp","turn:turn.${DOMAIN_NAME}:3478?transport=tcp","turns:turn.${DOMAIN_NAME}:5349?transport=tcp"]'
      TUWUNEL_TURN_SECRET: ${STATIC_AUTH_SECRET}
    volumes:
      - matrix_tuwunel-data:/var/lib/tuwunel
      - ./tuwunel/tuwunel.toml:/etc/tuwunel/tuwunel.toml:ro
  coturn:
    image: coturn/coturn:latest
    container_name: coturn
    restart: unless-stopped
    network_mode: host
    volumes:
      - ./coturn/turnserver.conf:/etc/coturn/turnserver.conf:ro
      - ./coturn/certs:/etc/coturn/certs:ro
    command:
      - -c
      - /etc/coturn/turnserver.conf
      - --static-auth-secret=${STATIC_AUTH_SECRET}
      - --external-ip=${EXTERNAL_IP}
      - --realm=turn.${DOMAIN_NAME}

  livekit:
    image: livekit/livekit-server:latest
    container_name: livekit
    restart: unless-stopped
    network_mode: host
    volumes:
      - ./livekit/livekit.yaml:/etc/livekit.yaml:ro
    command:
      - --config
      - /etc/livekit.yaml
      - --node-ip=${EXTERNAL_IP}
    environment:
      LIVEKIT_KEYS: "${API_KEY}: ${API_SECRET}"

  lk-jwt-service:
    image: ghcr.io/element-hq/lk-jwt-service:latest
    container_name: lk-jwt-service
    restart: unless-stopped
    environment:
      LIVEKIT_URL: wss://livekit.${DOMAIN_NAME}
      LIVEKIT_KEY: ${API_KEY}
      LIVEKIT_SECRET: ${API_SECRET}
      LIVEKIT_FULL_ACCESS_HOMESERVERS: ${DOMAIN_NAME}
    networks:
      - backbone

volumes:
  matrix_tuwunel-data:
    external: true
    name: matrix_tuwunel-data

networks:
  backbone:
    external: true
    name: ${NETWORK_NAME}