feat(talk/turn/signaling/hpb): add role for Talk with backend services

inventories/demo-mbazürich/hosts.yml

@@ -17,11 +17,31 @@ all:
 
     traefik_servers:
       children:
-        all_servers:
+        traefik_servers_dmz:
+        traefik_servers_backend:
 
+    # Public-facing DMZ reverse proxy (file provider mode)
+    traefik_servers_dmz:
+      hosts:
+        reverseproxy:
+
+    # Hosts that run a local Traefik in docker-provider mode.
+    # The turn host runs one too, so the signaling stack's container labels
+    # get picked up. coturn sits next to it via host networking on alternate
+    # ports (3478/5349) and does not collide.
+    traefik_servers_backend:
+      hosts:
+        application:
+        turn:
+
+    # backend_servers feeds the DMZ proxy's exposed-services aggregation.
+    # Including the turn host here lets it advertise signaling.digitalboard.ch
+    # via traefik_dmz_exposed_services.
     backend_servers:
       hosts:
         application:
+        storage:
+        turn:
 
     garage_servers:
       hosts:
@@ -45,4 +65,13 @@ all:
 
     authentik_servers:
       hosts:
-        application:
+        application:
+
+    # --- Talk: TURN + HPB collocated on the turn host ---
+    turn_servers:
+      hosts:
+        turn:
+
+    talk_signaling_servers:
+      hosts:
+        turn: