Changeset View
Changeset View
Standalone View
Standalone View
ansible/meetserver/setup.yml
- This file was added.
| Property | Old Value | New Value |
|---|---|---|
| File Mode | null | 100755 |
| #!/usr/bin/ansible-playbook | |||||
| - name: Setup kolab deployment on fedora server | |||||
| hosts: "{{ hostname }}" | |||||
| remote_user: root | |||||
| tasks: | |||||
| - import_tasks: packages.yml | |||||
| - name: Setup user kolab | |||||
| ansible.builtin.user: | |||||
| name: kolab | |||||
| shell: /bin/bash | |||||
| groups: wheel, audio | |||||
| append: yes | |||||
| - name: sudo without password | |||||
| ansible.builtin.lineinfile: | |||||
| path: /etc/sudoers | |||||
| state: present | |||||
| regexp: '^%wheel\s' | |||||
| line: '%wheel ALL=(ALL) NOPASSWD: ALL' | |||||
| - name: get kolab git repo | |||||
| become: true | |||||
| become_user: kolab | |||||
| git: | |||||
| repo: https://git.kolab.org/source/kolab.git | |||||
| dest: /home/kolab/kolab | |||||
| version: dev/mollekopf | |||||
| force: true | |||||
| - name: Permit https traffic | |||||
| firewalld: | |||||
| port: 12443/tcp | |||||
| permanent: yes | |||||
| state: enabled | |||||
| zone: FedoraServer | |||||
| - name: Permit TCP trafic for coturn | |||||
| firewalld: | |||||
| port: 3478/tcp | |||||
| permanent: yes | |||||
| state: enabled | |||||
| zone: FedoraServer | |||||
| - name: Permit TCP trafic for coturn | |||||
| firewalld: | |||||
| port: 5349/tcp | |||||
| permanent: yes | |||||
| state: enabled | |||||
| zone: FedoraServer | |||||
| - name: Permit UDP trafic for coturn | |||||
| firewalld: | |||||
| port: 3478/udp | |||||
| permanent: yes | |||||
| state: enabled | |||||
| zone: FedoraServer | |||||
| - name: Permit UDP trafic for coturn | |||||
| firewalld: | |||||
| port: 5349/udp | |||||
| permanent: yes | |||||
| state: enabled | |||||
| zone: FedoraServer | |||||
| - name: "coturn config" | |||||
| vars: | |||||
| public_ip: "{{ public_ip }}" | |||||
| turn_static_secret: "{{ turn_static_secret }}" | |||||
| ansible.builtin.template: | |||||
| src: turnserver.conf | |||||
| dest: /etc/coturn/turnserver.conf | |||||
| owner: root | |||||
| group: coturn | |||||
| mode: '0766' | |||||
| - name: Start coturn service | |||||
| ansible.builtin.service: | |||||
| name: coturn | |||||
| state: restarted | |||||
| - name: "meet config" | |||||
| vars: | |||||
| public_ip: "{{ public_ip }}" | |||||
| public_domain: "{{ public_domain }}" | |||||
| turn_static_secret: "{{ turn_static_secret }}" | |||||
| auth_token: "{{ auth_token }}" | |||||
| ansible.builtin.template: | |||||
| src: meetconfig.js | |||||
| dest: /home/kolab/kolab/meet/server/config/config.js | |||||
| owner: kolab | |||||
| group: kolab | |||||
| mode: '0766' | |||||
| - name: "meet service file" | |||||
| ansible.builtin.template: | |||||
| src: kolabmeet.service | |||||
| dest: /usr/lib/systemd/system/kolabmeet.service | |||||
| - name: Start meet | |||||
| ansible.builtin.service: | |||||
| name: meet | |||||
| daemon_reload: yes | |||||
| state: restarted | |||||
| # Certbot | |||||
| - name: stop firewall | |||||
| ansible.builtin.service: | |||||
| name: firewalld | |||||
| state: stopped | |||||
| - name: Create letsencrypt certificate | |||||
| shell: certonly --standalone -d {{ public_domain }} --staple-ocsp -m test@{{ public_domain }} --agree-tos | |||||
| args: | |||||
| creates: /etc/letsencrypt/live/{{ public_domain }} | |||||
| - name: chmod letsencrypt certificate | |||||
| shell: chmod 755 /etc/letsencrypt/live | |||||
| shell: chmod 755 /etc/letsencrypt/archive | |||||
| - name: start firewall | |||||
| ansible.builtin.service: | |||||
| name: firewalld | |||||
| state: started | |||||
| # # TODO build and start meet | |||||
| # # TODO coturn on port 443? | |||||