From 430a0896152a7a882232d874fa7fa9c2d1012050 Mon Sep 17 00:00:00 2001
From: Antoine Ouvrard <antoine.ouvrard@nereide.fr>
Date: Mon, 6 Apr 2020 17:29:49 +0200
Subject: [PATCH] =?UTF-8?q?activation=20du=20script=20pour=20visio2.nereid?=
 =?UTF-8?q?e.fr=20+=20correction=20red=C3=A9marrage=20des=20services?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 inventory                            | 3 +--
 playbook.yml                         | 2 +-
 roles/common/files/nftables.conf     | 3 +++
 roles/common/handlers/main.yml       | 4 ++--
 roles/common/tasks/jitsi_install.yml | 2 +-
 roles/common/tasks/sys_conf.yml      | 5 ++---
 6 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/inventory b/inventory
index 7514a91..7f0613c 100644
--- a/inventory
+++ b/inventory
@@ -1,6 +1,5 @@
 visio.imio.be
 visio.nereide.fr
-visio2.nereide.fr
+visio2.nereide.fr ansible_ssh_user=root jitsi_user=nereide jitsi_pass=ofbiz
 visio.entrouvert.com
 visio443.champs-libres.be
-pp.visio.nereide.fr ansible_ssh_user=root jitsi_user=toto jitsi_pass=titi
diff --git a/playbook.yml b/playbook.yml
index a2c09f9..67366a6 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -1,5 +1,5 @@
 ---
-- hosts: pp.visio.nereide.fr
+- hosts: visio2.nereide.fr
   roles:
     - role: common
     - role: auth
diff --git a/roles/common/files/nftables.conf b/roles/common/files/nftables.conf
index 158695b..ce12dc2 100644
--- a/roles/common/files/nftables.conf
+++ b/roles/common/files/nftables.conf
@@ -28,6 +28,9 @@ table inet myfilter {
                 ip6 saddr { fe80::/10, fc00::/7 } drop
                 # accepte le traffic tcp depuis le reste du monde si la cible est un des ports http, https, smtp
                 tcp dport {25, 80, 443} accept
+                # ouvre les port udp I/O 10000 et 44446 pour jitsi
+                udp dport {10000, 4446} accept
+                udp sport {10000, 4446} accept
                 
                 # count and drop any other traffic
                 counter drop
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index 5ab8a34..eaf0393 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -6,8 +6,8 @@
     daemon_reload: true
     enabled: true
 
-- name: reload nftables
+- name: start nftables
   systemd:
     name: nftables
-    state: reload
+    state: started
     enabled: true
diff --git a/roles/common/tasks/jitsi_install.yml b/roles/common/tasks/jitsi_install.yml
index e22c5ba..8750cd7 100644
--- a/roles/common/tasks/jitsi_install.yml
+++ b/roles/common/tasks/jitsi_install.yml
@@ -1,7 +1,7 @@
 ---
 - name: Ajout de la clé GPG pour le depot jitsi
   apt_key:
-    url: https://download.jitsi.org/jitsi-key.gpg.key
+    url: http://download.jitsi.org/jitsi-key.gpg.key
 
 - name: Ajout du depot jitsi
   apt_repository:
diff --git a/roles/common/tasks/sys_conf.yml b/roles/common/tasks/sys_conf.yml
index bf541a5..960a3fd 100644
--- a/roles/common/tasks/sys_conf.yml
+++ b/roles/common/tasks/sys_conf.yml
@@ -19,8 +19,6 @@
   template:
     src: ../files/service-override.conf
     dest: /etc/systemd/system/fail2ban.service.d/override.conf
-  notify:
-    - restart fail2ban
 
 - name: Déploiement des règles nftables (base)
   tags:
@@ -29,4 +27,5 @@
     src: ../files/nftables.conf
     dest: /etc/nftables.conf
   notify:
-    - reload nftables
+    - start nftables
+    - restart fail2ban