Add coturn letsencrypt post hook

nextcloud/ansible/roles/turn/tasks/main.yml

@@ -96,6 +96,18 @@
         cmd: certbot certonly -d {{ turn_fqdn }}
         creates: "/etc/letsencrypt/live/{{ turn_fqdn }}/fullchain.pem"
 
+    - name: Configure coturn
+      ansible.builtin.template:
+        src: copy_coturn_certs.sh.j2
+        dest: /etc/letsencrypt/renewal-hooks/post/copy_coturn_certs.sh
+        owner: root
+        group: coturn
+        mode: '0700'
+
+    - name: Run coturn post hook
+      ansible.builtin.command:
+        cmd: /etc/letsencrypt/renewal-hooks/post/copy_coturn_certs.sh
+
     - name: Enable certbot's renew timer
       ansible.builtin.systemd:
         name: certbot-renew.timer

nextcloud/ansible/roles/turn/templates/copy_coturn_certs.sh.j2

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+cp -H /etc/letsencrypt/live/{{ turn_fqdn }}/fullchain.pem /etc/pki/coturn/public/
+cp -H /etc/letsencrypt/live/{{ turn_fqdn }}/privkey.pem /etc/pki/coturn/private/
+chgrp coturn /etc/pki/coturn/private/privkey.pem
+chmod g+r /etc/pki/coturn/private/privkey.pem