From 065cf62a4c11a0f08c16f91d206a2ada34671c63 Mon Sep 17 00:00:00 2001 From: Antoine Ouvrard Date: Tue, 7 Apr 2020 21:05:24 +0200 Subject: [PATCH] =?UTF-8?q?ajout=20du=20nouveau=20serveur=20imio=20+=20r?= =?UTF-8?q?=C3=A9oganisation=20des=20variables?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- group_vars/all | 1 + host_vars/visio-prod1.imio.be.yml | 3 +++ host_vars/visio2.nereide.fr.yml | 3 +++ inventory | 5 +++-- roles/auth/tasks/main.yml | 10 ++++++++++ roles/common/files/jail.conf | 3 +-- roles/common/handlers/main.yml | 4 ++-- roles/common/tasks/jitsi_stats.yml | 4 ++-- roles/common/tasks/sys_conf.yml | 12 ++++++++---- visio-prod1.imio.be.yml | 5 +++++ playbook.yml => visio2.nereide.fr.yml | 0 11 files changed, 38 insertions(+), 12 deletions(-) create mode 100644 group_vars/all create mode 100644 host_vars/visio-prod1.imio.be.yml create mode 100644 host_vars/visio2.nereide.fr.yml create mode 100644 visio-prod1.imio.be.yml rename playbook.yml => visio2.nereide.fr.yml (100%) diff --git a/group_vars/all b/group_vars/all new file mode 100644 index 0000000..f1a3ed4 --- /dev/null +++ b/group_vars/all @@ -0,0 +1 @@ +ansible_python_interpreter: /usr/bin/python3 diff --git a/host_vars/visio-prod1.imio.be.yml b/host_vars/visio-prod1.imio.be.yml new file mode 100644 index 0000000..7b8fd38 --- /dev/null +++ b/host_vars/visio-prod1.imio.be.yml @@ -0,0 +1,3 @@ +--- +jitsi_user: imio +jitsi_pass: logiciellibre diff --git a/host_vars/visio2.nereide.fr.yml b/host_vars/visio2.nereide.fr.yml new file mode 100644 index 0000000..7694b65 --- /dev/null +++ b/host_vars/visio2.nereide.fr.yml @@ -0,0 +1,3 @@ +--- +jitsi_user: nereide +jitsi_pass: ofbiz diff --git a/inventory b/inventory index fdcae40..c251332 100644 --- a/inventory +++ b/inventory @@ -1,5 +1,6 @@ visio.imio.be visio.nereide.fr -visio2.nereide.fr ansible_ssh_user=root jitsi_user=nereide jitsi_pass=ofbiz +visio2.nereide.fr ansible_ssh_user=root visio.entrouvert.com -visio443.champs-libres.be ansible_user=debian ansible_become=true ansible_python_interpreter=/usr/bin/python3 +visio443.champs-libres.be ansible_user=debian ansible_become=true +visio-prod1.imio.be ansible_ssh_user=debian ansible_become=true diff --git a/roles/auth/tasks/main.yml b/roles/auth/tasks/main.yml index 5ba91fc..a68ace4 100644 --- a/roles/auth/tasks/main.yml +++ b/roles/auth/tasks/main.yml @@ -6,6 +6,8 @@ replace: 'authentication = "internal_plain"' notify: - restart prosody + - restart jitsi-videobridge2 + - restart jicofo - name: Conf Jitsi - Activation de l'authentification prosody 2/2 blockinfile: @@ -17,6 +19,8 @@ c2s_require_encryption = false notify: - restart prosody + - restart jitsi-videobridge2 + - restart jicofo - name: Conf Jitsi - Activation de l'authentification jitsi lineinfile: @@ -24,7 +28,9 @@ insertafter: "[^?]// anonymousdomain: 'guest.example.com'" line: " anonymousdomain: 'guest.{{ inventory_hostname }}'," notify: + - restart prosody - restart jitsi-videobridge2 + - restart jicofo - name: Conf Jitsi - Activation de l'authentification jicofo lineinfile: @@ -32,9 +38,13 @@ insertafter: "^org.jitsi.jicofo.BRIDGE_MUC=*" line: "org.jitsi.jicofo.auth.URL=XMPP:{{ inventory_hostname }}" notify: + - restart prosody + - restart jitsi-videobridge2 - restart jicofo - name: Conf Jitsi - Création de l'utilisateur prosody command: prosodyctl register {{ jitsi_user }} {{ inventory_hostname }} {{ jitsi_pass }} notify: - restart prosody + - restart jitsi-videobridge2 + - restart jicofo diff --git a/roles/common/files/jail.conf b/roles/common/files/jail.conf index 8f6ed60..5cbf4b7 100644 --- a/roles/common/files/jail.conf +++ b/roles/common/files/jail.conf @@ -4,8 +4,7 @@ backend = systemd banaction = nftables-multiport # 92.154.111.181 - IP des bureaux de nereide -# 86.244.5.54 - IP maison Antoine -ignoreip = 127.0.0.1 92.154.111.181 86.244.5.54 +ignoreip = 127.0.0.1 92.154.111.181 findtime = 1h bantime = 1d maxretry = 3 \ No newline at end of file diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index eaf0393..e95d2df 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -6,8 +6,8 @@ daemon_reload: true enabled: true -- name: start nftables +- name: restarted nftables systemd: name: nftables - state: started + state: restarted enabled: true diff --git a/roles/common/tasks/jitsi_stats.yml b/roles/common/tasks/jitsi_stats.yml index fc745b8..0c9ab6f 100644 --- a/roles/common/tasks/jitsi_stats.yml +++ b/roles/common/tasks/jitsi_stats.yml @@ -6,8 +6,8 @@ path: "/etc/jitsi/videobridge/sip-communicator.properties" regexp: "^org.jitsi.videobridge.ENABLE_STATISTICS" line: "org.jitsi.videobridge.ENABLE_STATISTICS=true" - -- name: "configuration de jvb pour transporter les stats via colibri REST api" + +- name: configuration du videobridge pour transporter les stats via colibri REST api lineinfile: path: "/etc/jitsi/videobridge/sip-communicator.properties" regexp: "^org.jitsi.videobridge.STATISTICS_TRANSPORT" diff --git a/roles/common/tasks/sys_conf.yml b/roles/common/tasks/sys_conf.yml index 960a3fd..3834163 100644 --- a/roles/common/tasks/sys_conf.yml +++ b/roles/common/tasks/sys_conf.yml @@ -1,9 +1,13 @@ --- -- name: Installation de fail2ban +- name: Installation de fail2ban et nftables apt: - name: fail2ban + pkg: + - fail2ban + - nftables + update_cache: true + state: present -- name: Appliquation des règles de ban +- name: Appliquation des règles de ban ssh template: src: ../files/jail.conf dest: /etc/fail2ban/jail.d/jail.conf @@ -27,5 +31,5 @@ src: ../files/nftables.conf dest: /etc/nftables.conf notify: - - start nftables + - restarted nftables - restart fail2ban diff --git a/visio-prod1.imio.be.yml b/visio-prod1.imio.be.yml new file mode 100644 index 0000000..aa54490 --- /dev/null +++ b/visio-prod1.imio.be.yml @@ -0,0 +1,5 @@ +--- +- hosts: visio-prod1.imio.be + roles: + - role: common + - role: auth diff --git a/playbook.yml b/visio2.nereide.fr.yml similarity index 100% rename from playbook.yml rename to visio2.nereide.fr.yml