ajout du nouveau serveur imio + réoganisation des variables
This commit is contained in:
Antoine Ouvrard
@@ -0,0 +1 @@
|
|||||||
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
jitsi_user: imio
|
||||||
|
jitsi_pass: logiciellibre
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
jitsi_user: nereide
|
||||||
|
jitsi_pass: ofbiz
|
||||||
@@ -1,5 +1,6 @@
|
|||||||
visio.imio.be
|
visio.imio.be
|
||||||
visio.nereide.fr
|
visio.nereide.fr
|
||||||
visio2.nereide.fr ansible_ssh_user=root jitsi_user=nereide jitsi_pass=ofbiz
|
visio2.nereide.fr ansible_ssh_user=root
|
||||||
visio.entrouvert.com
|
visio.entrouvert.com
|
||||||
visio443.champs-libres.be ansible_user=debian ansible_become=true ansible_python_interpreter=/usr/bin/python3
|
visio443.champs-libres.be ansible_user=debian ansible_become=true
|
||||||
|
visio-prod1.imio.be ansible_ssh_user=debian ansible_become=true
|
||||||
|
|||||||
@@ -6,6 +6,8 @@
|
|||||||
replace: 'authentication = "internal_plain"'
|
replace: 'authentication = "internal_plain"'
|
||||||
notify:
|
notify:
|
||||||
- restart prosody
|
- restart prosody
|
||||||
|
- restart jitsi-videobridge2
|
||||||
|
- restart jicofo
|
||||||
|
|
||||||
- name: Conf Jitsi - Activation de l'authentification prosody 2/2
|
- name: Conf Jitsi - Activation de l'authentification prosody 2/2
|
||||||
blockinfile:
|
blockinfile:
|
||||||
@@ -17,6 +19,8 @@
|
|||||||
c2s_require_encryption = false
|
c2s_require_encryption = false
|
||||||
notify:
|
notify:
|
||||||
- restart prosody
|
- restart prosody
|
||||||
|
- restart jitsi-videobridge2
|
||||||
|
- restart jicofo
|
||||||
|
|
||||||
- name: Conf Jitsi - Activation de l'authentification jitsi
|
- name: Conf Jitsi - Activation de l'authentification jitsi
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -24,7 +28,9 @@
|
|||||||
insertafter: "[^?]// anonymousdomain: 'guest.example.com'"
|
insertafter: "[^?]// anonymousdomain: 'guest.example.com'"
|
||||||
line: " anonymousdomain: 'guest.{{ inventory_hostname }}',"
|
line: " anonymousdomain: 'guest.{{ inventory_hostname }}',"
|
||||||
notify:
|
notify:
|
||||||
|
- restart prosody
|
||||||
- restart jitsi-videobridge2
|
- restart jitsi-videobridge2
|
||||||
|
- restart jicofo
|
||||||
|
|
||||||
- name: Conf Jitsi - Activation de l'authentification jicofo
|
- name: Conf Jitsi - Activation de l'authentification jicofo
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -32,9 +38,13 @@
|
|||||||
insertafter: "^org.jitsi.jicofo.BRIDGE_MUC=*"
|
insertafter: "^org.jitsi.jicofo.BRIDGE_MUC=*"
|
||||||
line: "org.jitsi.jicofo.auth.URL=XMPP:{{ inventory_hostname }}"
|
line: "org.jitsi.jicofo.auth.URL=XMPP:{{ inventory_hostname }}"
|
||||||
notify:
|
notify:
|
||||||
|
- restart prosody
|
||||||
|
- restart jitsi-videobridge2
|
||||||
- restart jicofo
|
- restart jicofo
|
||||||
|
|
||||||
- name: Conf Jitsi - Création de l'utilisateur prosody
|
- name: Conf Jitsi - Création de l'utilisateur prosody
|
||||||
command: prosodyctl register {{ jitsi_user }} {{ inventory_hostname }} {{ jitsi_pass }}
|
command: prosodyctl register {{ jitsi_user }} {{ inventory_hostname }} {{ jitsi_pass }}
|
||||||
notify:
|
notify:
|
||||||
- restart prosody
|
- restart prosody
|
||||||
|
- restart jitsi-videobridge2
|
||||||
|
- restart jicofo
|
||||||
|
|||||||
@@ -4,8 +4,7 @@ backend = systemd
|
|||||||
banaction = nftables-multiport
|
banaction = nftables-multiport
|
||||||
|
|
||||||
# 92.154.111.181 - IP des bureaux de nereide
|
# 92.154.111.181 - IP des bureaux de nereide
|
||||||
# 86.244.5.54 - IP maison Antoine
|
ignoreip = 127.0.0.1 92.154.111.181
|
||||||
ignoreip = 127.0.0.1 92.154.111.181 86.244.5.54
|
|
||||||
findtime = 1h
|
findtime = 1h
|
||||||
bantime = 1d
|
bantime = 1d
|
||||||
maxretry = 3
|
maxretry = 3
|
||||||
@@ -6,8 +6,8 @@
|
|||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: start nftables
|
- name: restarted nftables
|
||||||
systemd:
|
systemd:
|
||||||
name: nftables
|
name: nftables
|
||||||
state: started
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -7,7 +7,7 @@
|
|||||||
regexp: "^org.jitsi.videobridge.ENABLE_STATISTICS"
|
regexp: "^org.jitsi.videobridge.ENABLE_STATISTICS"
|
||||||
line: "org.jitsi.videobridge.ENABLE_STATISTICS=true"
|
line: "org.jitsi.videobridge.ENABLE_STATISTICS=true"
|
||||||
|
|
||||||
- name: "configuration de jvb pour transporter les stats via colibri REST api"
|
- name: configuration du videobridge pour transporter les stats via colibri REST api
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "/etc/jitsi/videobridge/sip-communicator.properties"
|
path: "/etc/jitsi/videobridge/sip-communicator.properties"
|
||||||
regexp: "^org.jitsi.videobridge.STATISTICS_TRANSPORT"
|
regexp: "^org.jitsi.videobridge.STATISTICS_TRANSPORT"
|
||||||
|
|||||||
@@ -1,9 +1,13 @@
|
|||||||
---
|
---
|
||||||
- name: Installation de fail2ban
|
- name: Installation de fail2ban et nftables
|
||||||
apt:
|
apt:
|
||||||
name: fail2ban
|
pkg:
|
||||||
|
- fail2ban
|
||||||
|
- nftables
|
||||||
|
update_cache: true
|
||||||
|
state: present
|
||||||
|
|
||||||
- name: Appliquation des règles de ban
|
- name: Appliquation des règles de ban ssh
|
||||||
template:
|
template:
|
||||||
src: ../files/jail.conf
|
src: ../files/jail.conf
|
||||||
dest: /etc/fail2ban/jail.d/jail.conf
|
dest: /etc/fail2ban/jail.d/jail.conf
|
||||||
@@ -27,5 +31,5 @@
|
|||||||
src: ../files/nftables.conf
|
src: ../files/nftables.conf
|
||||||
dest: /etc/nftables.conf
|
dest: /etc/nftables.conf
|
||||||
notify:
|
notify:
|
||||||
- start nftables
|
- restarted nftables
|
||||||
- restart fail2ban
|
- restart fail2ban
|
||||||
|
|||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- hosts: visio-prod1.imio.be
|
||||||
|
roles:
|
||||||
|
- role: common
|
||||||
|
- role: auth
|
||||||
Reference in New Issue
Block a user