diff --git a/ansible/setup.yml b/ansible/setup.yml index 3c63293c..c76e6bb5 100755 --- a/ansible/setup.yml +++ b/ansible/setup.yml @@ -1,125 +1,123 @@ #!/usr/bin/ansible-playbook - name: Setup kolab deployment on fedora server hosts: "{{ hostname }}" remote_user: root tasks: - name: Set hostname ansible.builtin.hostname: name: "{{ hostname }}" - import_tasks: packages.yml # - name: Put SELinux in permissive mode for docker # selinux: # policy: targeted # state: permissive + + - ansible.posix.sysctl: + name: net.ipv4.ip_unprivileged_port_start + value: '143' + state: present + # - name: Setup user kolab ansible.builtin.user: name: kolab shell: /bin/bash groups: wheel, audio append: yes - name: sudo without password ansible.builtin.lineinfile: path: /etc/sudoers state: present regexp: '^%wheel\s' line: '%wheel ALL=(ALL) NOPASSWD: ALL' - import_tasks: certbot.yml - name: Delete kolab content & directory ansible.builtin.file: state: absent path: /home/kolab/kolab/ - name: get kolab git repo become: true become_user: kolab git: repo: https://git.kolab.org/source/kolab.git dest: /home/kolab/kolab version: "{{ git_branch }}" force: yes - - name: Run bin/configure - become: true - become_user: kolab - ansible.builtin.command: bin/configure.sh {{ config }} - args: - chdir: /home/kolab/kolab - environment: - HOST: "{{ hostname }}" - OPENEXCHANGERATES_API_KEY: "{{ openexchangerates_api_key }}" - FIREBASE_API_KEY: "{{ firebase_api_key }}" - PUBLIC_IP: "{{ public_ip }}" - ADMIN_PASSWORD: "{{ admin_password }}" - KOLAB_GIT_REF: "{{ git_branch }}" - - - name: Permit receiving mail firewalld: port: 25/tcp permanent: yes state: enabled zone: FedoraServer - name: Permit http traffic firewalld: port: 80/tcp permanent: yes state: enabled zone: FedoraServer - name: Permit https traffic firewalld: port: 443/tcp permanent: yes state: enabled zone: FedoraServer - - name: Permit TCP trafic for coturn - firewalld: - port: 3478/tcp - permanent: yes - state: enabled - zone: FedoraServer - - - name: Permit TCP trafic for coturn + - name: Permit UDP traffic for webrtc firewalld: - port: 5349/tcp + port: 44444/udp permanent: yes state: enabled zone: FedoraServer - - name: Permit UDP trafic for coturn + - name: Permit TCP traffic for webrtc firewalld: - port: 3478/udp + port: 44444/tcp permanent: yes state: enabled zone: FedoraServer - - name: Permit UDP trafic for coturn - firewalld: - port: 5349/udp - permanent: yes - state: enabled - zone: FedoraServer + - name: Configure + block: + - name: Run kolabctl deploy + become: true + become_user: kolab + ansible.builtin.command: ./kolabctl configure + args: + chdir: /home/kolab/kolab + environment: + HOST: "{{ hostname }}" + OPENEXCHANGERATES_API_KEY: "{{ openexchangerates_api_key }}" + FIREBASE_API_KEY: "{{ firebase_api_key }}" + PUBLIC_IP: "{{ public_ip }}" + ADMIN_PASSWORD: "{{ admin_password }}" + KOLAB_GIT_REF: "{{ git_branch }}" + register: result + always: + - name: Print output from previous task with newlines + ansible.builtin.debug: + msg="{{result.stdout_lines}}" - name: Deploy block: - name: Run kolabctl deploy become: true become_user: kolab - ansible.builtin.command: kolabctl deploy + ansible.builtin.command: ./kolabctl deploy args: chdir: /home/kolab/kolab environment: ADMIN_PASSWORD: "{{ admin_password }}" register: result always: - name: Print output from previous task with newlines ansible.builtin.debug: msg="{{result.stdout_lines}}"