Fix up coturn, finally working

plans/coturn/habitat/config/turnserver.conf

@@ -711,7 +711,7 @@ max-allocate-timeout={{ cfg.general.max_allocate_timeout }}
 #
 # See: https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
 no-multicast-peers
-denied-peer-ip=0.0.0.0-0.255.255.255
+denied-peer-ip=0.0.0.1-0.255.255.255
 denied-peer-ip=10.0.0.0-10.255.255.255
 denied-peer-ip=100.64.0.0-100.127.255.255
 denied-peer-ip=127.0.0.0-127.255.255.255

terraform/modules/janus/main.tf

@@ -219,7 +219,7 @@ EOTOML
 
 sudo cat > /hab/user/coturn/config/user.toml << EOTOML
 [general]
-listening_ip = "$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
+listening_ip = "0.0.0.0"
 external_ip = "$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
 relay_ip = "$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
 allowed_peer_ip = "$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
@@ -241,6 +241,9 @@ aws s3 cp s3://${aws_s3_bucket.janus-bucket.id}/coturn-files.tar.gz.gpg .
 gpg2 -d --pinentry-mode=loopback --passphrase-file=/hab/svc/coturn/files/gpg-file-key.txt coturn-files.tar.gz.gpg | tar xz -C /hab/svc/coturn/files
 rm coturn-files.tar.gz.gpg
 
+chown -R hab:hab /hab/svc/janus-gateway/files
+chown -R hab:hab /hab/svc/coturn/files
+
 sudo /usr/bin/hab svc load mozillareality/janus-gateway --strategy ${var.janus_restart_strategy} --url https://bldr.habitat.sh --channel ${var.janus_channel}
 sudo /usr/bin/hab svc load mozillareality/coturn --strategy ${var.coturn_restart_strategy} --url https://bldr.habitat.sh --channel ${var.janus_channel}
 sudo /usr/bin/hab svc load mozillareality/telegraf --strategy at-once --url https://bldr.habitat.sh --channel stable
@@ -299,7 +302,7 @@ EOTOML
 
 sudo cat > /hab/user/coturn/config/user.toml << EOTOML
 [general]
-listening_ip = "$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
+listening_ip = "0.0.0.0"
 external_ip = "$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
 relay_ip = "$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
 allowed_peer_ip = "$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
@@ -321,6 +324,9 @@ aws s3 cp s3://${aws_s3_bucket.janus-bucket.id}/coturn-files.tar.gz.gpg .
 gpg2 -d --pinentry-mode=loopback --passphrase-file=/hab/svc/coturn/files/gpg-file-key.txt coturn-files.tar.gz.gpg | tar xz -C /hab/svc/coturn/files
 rm coturn-files.tar.gz.gpg
 
+chown -R hab:hab /hab/svc/janus-gateway/files
+chown -R hab:hab /hab/svc/coturn/files
+
 sudo /usr/bin/hab svc load mozillareality/janus-gateway --strategy ${var.janus_restart_strategy} --url https://bldr.habitat.sh --channel ${var.janus_channel}
 sudo /usr/bin/hab svc load mozillareality/coturn --strategy ${var.coturn_restart_strategy} --url https://bldr.habitat.sh --channel ${var.janus_channel}
 sudo /usr/bin/hab svc load mozillareality/telegraf --strategy at-once --url https://bldr.habitat.sh --channel stable