diff --git a/ansible/meetserver/setup.yml b/ansible/meetserver/setup.yml index d9bde75f..006acd90 100755 --- a/ansible/meetserver/setup.yml +++ b/ansible/meetserver/setup.yml @@ -1,127 +1,127 @@ #!/usr/bin/ansible-playbook - name: Setup kolab deployment on fedora server hosts: "{{ hostname }}" remote_user: root tasks: - import_tasks: packages.yml - name: Setup user kolab ansible.builtin.user: name: kolab shell: /bin/bash groups: wheel, audio append: yes - name: sudo without password ansible.builtin.lineinfile: path: /etc/sudoers state: present regexp: '^%wheel\s' line: '%wheel ALL=(ALL) NOPASSWD: ALL' - name: get kolab git repo become: true become_user: kolab git: repo: https://git.kolab.org/source/kolab.git dest: /home/kolab/kolab - version: dev/mollekopf + version: master force: true - name: Permit https traffic firewalld: port: 12443/tcp permanent: yes state: enabled zone: FedoraServer - name: Permit TCP trafic for coturn firewalld: port: 3478/tcp permanent: yes state: enabled zone: FedoraServer - name: Permit TCP trafic for coturn firewalld: port: 5349/tcp permanent: yes state: enabled zone: FedoraServer - name: Permit UDP trafic for coturn firewalld: port: 3478/udp permanent: yes state: enabled zone: FedoraServer - name: Permit UDP trafic for coturn firewalld: port: 5349/udp permanent: yes state: enabled zone: FedoraServer - name: "coturn config" vars: public_ip: "{{ public_ip }}" turn_static_secret: "{{ turn_static_secret }}" ansible.builtin.template: src: turnserver.conf dest: /etc/coturn/turnserver.conf owner: root group: coturn mode: '0766' - name: Start coturn service ansible.builtin.service: name: coturn state: restarted - name: "meet config" vars: public_ip: "{{ public_ip }}" public_domain: "{{ public_domain }}" turn_static_secret: "{{ turn_static_secret }}" auth_token: "{{ auth_token }}" ansible.builtin.template: src: meetconfig.js dest: /home/kolab/kolab/meet/server/config/config.js owner: kolab group: kolab mode: '0766' - name: "meet service file" ansible.builtin.template: src: kolabmeet.service dest: /usr/lib/systemd/system/kolabmeet.service - name: Start meet ansible.builtin.service: name: meet daemon_reload: yes state: restarted # Certbot - name: stop firewall ansible.builtin.service: name: firewalld state: stopped - name: Create letsencrypt certificate shell: certonly --standalone -d {{ public_domain }} --staple-ocsp -m test@{{ public_domain }} --agree-tos args: creates: /etc/letsencrypt/live/{{ public_domain }} - name: chmod letsencrypt certificate shell: chmod 755 /etc/letsencrypt/live shell: chmod 755 /etc/letsencrypt/archive - name: start firewall ansible.builtin.service: name: firewalld state: started # # TODO build and start meet # # TODO coturn on port 443? diff --git a/docker/meet/Dockerfile b/docker/meet/Dockerfile index a0558b09..5f4967ac 100644 --- a/docker/meet/Dockerfile +++ b/docker/meet/Dockerfile @@ -1,15 +1,15 @@ FROM apheleia/almalinux9 RUN dnf -y install \ --setopt 'tsflags=nodocs' \ npm nodejs python3 python3-pip meson ninja-build make gcc g++ git rsync && \ dnf clean all -ARG GIT_REF=dev/mollekopf +ARG GIT_REF=master ARG GIT_REMOTE=https://git.kolab.org/source/kolab.git ENV DEBUG="kolabmeet-server* mediasoup*" COPY build.sh /build.sh RUN /build.sh COPY init.sh /init.sh COPY update.sh /update.sh CMD [ "/init.sh" ]