Changeset View
Changeset View
Standalone View
Standalone View
ansible/meetserver/setup.yml
- This file was added.
Property | Old Value | New Value |
---|---|---|
File Mode | null | 100755 |
#!/usr/bin/ansible-playbook | |||||
- name: Setup kolab deployment on fedora server | |||||
hosts: "{{ hostname }}" | |||||
remote_user: root | |||||
tasks: | |||||
- import_tasks: packages.yml | |||||
- name: Setup user kolab | |||||
ansible.builtin.user: | |||||
name: kolab | |||||
shell: /bin/bash | |||||
groups: wheel, audio | |||||
append: yes | |||||
- name: sudo without password | |||||
ansible.builtin.lineinfile: | |||||
path: /etc/sudoers | |||||
state: present | |||||
regexp: '^%wheel\s' | |||||
line: '%wheel ALL=(ALL) NOPASSWD: ALL' | |||||
- name: get kolab git repo | |||||
become: true | |||||
become_user: kolab | |||||
git: | |||||
repo: https://git.kolab.org/source/kolab.git | |||||
dest: /home/kolab/kolab | |||||
version: dev/mollekopf | |||||
force: true | |||||
- name: Permit https traffic | |||||
firewalld: | |||||
port: 12443/tcp | |||||
permanent: yes | |||||
state: enabled | |||||
zone: FedoraServer | |||||
- name: Permit TCP trafic for coturn | |||||
firewalld: | |||||
port: 3478/tcp | |||||
permanent: yes | |||||
state: enabled | |||||
zone: FedoraServer | |||||
- name: Permit TCP trafic for coturn | |||||
firewalld: | |||||
port: 5349/tcp | |||||
permanent: yes | |||||
state: enabled | |||||
zone: FedoraServer | |||||
- name: Permit UDP trafic for coturn | |||||
firewalld: | |||||
port: 3478/udp | |||||
permanent: yes | |||||
state: enabled | |||||
zone: FedoraServer | |||||
- name: Permit UDP trafic for coturn | |||||
firewalld: | |||||
port: 5349/udp | |||||
permanent: yes | |||||
state: enabled | |||||
zone: FedoraServer | |||||
- name: "coturn config" | |||||
vars: | |||||
public_ip: "{{ public_ip }}" | |||||
turn_static_secret: "{{ turn_static_secret }}" | |||||
ansible.builtin.template: | |||||
src: turnserver.conf | |||||
dest: /etc/coturn/turnserver.conf | |||||
owner: root | |||||
group: coturn | |||||
mode: '0766' | |||||
- name: Start coturn service | |||||
ansible.builtin.service: | |||||
name: coturn | |||||
state: restarted | |||||
- name: "meet config" | |||||
vars: | |||||
public_ip: "{{ public_ip }}" | |||||
public_domain: "{{ public_domain }}" | |||||
turn_static_secret: "{{ turn_static_secret }}" | |||||
auth_token: "{{ auth_token }}" | |||||
ansible.builtin.template: | |||||
src: meetconfig.js | |||||
dest: /home/kolab/kolab/meet/server/config/config.js | |||||
owner: kolab | |||||
group: kolab | |||||
mode: '0766' | |||||
- name: "meet service file" | |||||
ansible.builtin.template: | |||||
src: kolabmeet.service | |||||
dest: /usr/lib/systemd/system/kolabmeet.service | |||||
- name: Start meet | |||||
ansible.builtin.service: | |||||
name: meet | |||||
daemon_reload: yes | |||||
state: restarted | |||||
# Certbot | |||||
- name: stop firewall | |||||
ansible.builtin.service: | |||||
name: firewalld | |||||
state: stopped | |||||
- name: Create letsencrypt certificate | |||||
shell: certonly --standalone -d {{ public_domain }} --staple-ocsp -m test@{{ public_domain }} --agree-tos | |||||
args: | |||||
creates: /etc/letsencrypt/live/{{ public_domain }} | |||||
- name: chmod letsencrypt certificate | |||||
shell: chmod 755 /etc/letsencrypt/live | |||||
shell: chmod 755 /etc/letsencrypt/archive | |||||
- name: start firewall | |||||
ansible.builtin.service: | |||||
name: firewalld | |||||
state: started | |||||
# # TODO build and start meet | |||||
# # TODO coturn on port 443? |