diff --git a/group_vars/all b/group_vars/all new file mode 100644 index 0000000..f1a3ed4 --- /dev/null +++ b/group_vars/all @@ -0,0 +1 @@ +ansible_python_interpreter: /usr/bin/python3 diff --git a/host_vars/visio-prod1.imio.be.yml b/host_vars/visio-prod1.imio.be.yml new file mode 100644 index 0000000..7b8fd38 --- /dev/null +++ b/host_vars/visio-prod1.imio.be.yml @@ -0,0 +1,3 @@ +--- +jitsi_user: imio +jitsi_pass: logiciellibre diff --git a/host_vars/visio2.nereide.fr.yml b/host_vars/visio2.nereide.fr.yml new file mode 100644 index 0000000..7694b65 --- /dev/null +++ b/host_vars/visio2.nereide.fr.yml @@ -0,0 +1,3 @@ +--- +jitsi_user: nereide +jitsi_pass: ofbiz diff --git a/inventory b/inventory index fdcae40..f8d0d6c 100644 --- a/inventory +++ b/inventory @@ -1,5 +1,6 @@ visio.imio.be visio.nereide.fr -visio2.nereide.fr ansible_ssh_user=root jitsi_user=nereide jitsi_pass=ofbiz +visio2.nereide.fr ansible_user=root visio.entrouvert.com -visio443.champs-libres.be ansible_user=debian ansible_become=true ansible_python_interpreter=/usr/bin/python3 +visio443.champs-libres.be ansible_user=debian ansible_become=true +visio-prod1.imio.be ansible_user=debian ansible_become=true diff --git a/roles/auth/tasks/main.yml b/roles/auth/tasks/main.yml index 5ba91fc..a68ace4 100644 --- a/roles/auth/tasks/main.yml +++ b/roles/auth/tasks/main.yml @@ -6,6 +6,8 @@ replace: 'authentication = "internal_plain"' notify: - restart prosody + - restart jitsi-videobridge2 + - restart jicofo - name: Conf Jitsi - Activation de l'authentification prosody 2/2 blockinfile: @@ -17,6 +19,8 @@ c2s_require_encryption = false notify: - restart prosody + - restart jitsi-videobridge2 + - restart jicofo - name: Conf Jitsi - Activation de l'authentification jitsi lineinfile: @@ -24,7 +28,9 @@ insertafter: "[^?]// anonymousdomain: 'guest.example.com'" line: " anonymousdomain: 'guest.{{ inventory_hostname }}'," notify: + - restart prosody - restart jitsi-videobridge2 + - restart jicofo - name: Conf Jitsi - Activation de l'authentification jicofo lineinfile: @@ -32,9 +38,13 @@ insertafter: "^org.jitsi.jicofo.BRIDGE_MUC=*" line: "org.jitsi.jicofo.auth.URL=XMPP:{{ inventory_hostname }}" notify: + - restart prosody + - restart jitsi-videobridge2 - restart jicofo - name: Conf Jitsi - Création de l'utilisateur prosody command: prosodyctl register {{ jitsi_user }} {{ inventory_hostname }} {{ jitsi_pass }} notify: - restart prosody + - restart jitsi-videobridge2 + - restart jicofo diff --git a/roles/common/files/jail.conf b/roles/common/files/jail.conf index 8f6ed60..5cbf4b7 100644 --- a/roles/common/files/jail.conf +++ b/roles/common/files/jail.conf @@ -4,8 +4,7 @@ backend = systemd banaction = nftables-multiport # 92.154.111.181 - IP des bureaux de nereide -# 86.244.5.54 - IP maison Antoine -ignoreip = 127.0.0.1 92.154.111.181 86.244.5.54 +ignoreip = 127.0.0.1 92.154.111.181 findtime = 1h bantime = 1d maxretry = 3 \ No newline at end of file diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index eaf0393..6416e12 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -6,8 +6,8 @@ daemon_reload: true enabled: true -- name: start nftables +- name: restart nftables systemd: name: nftables - state: started + state: restarted enabled: true diff --git a/roles/common/tasks/jitsi_stats.yml b/roles/common/tasks/jitsi_stats.yml index fc745b8..0c9ab6f 100644 --- a/roles/common/tasks/jitsi_stats.yml +++ b/roles/common/tasks/jitsi_stats.yml @@ -6,8 +6,8 @@ path: "/etc/jitsi/videobridge/sip-communicator.properties" regexp: "^org.jitsi.videobridge.ENABLE_STATISTICS" line: "org.jitsi.videobridge.ENABLE_STATISTICS=true" - -- name: "configuration de jvb pour transporter les stats via colibri REST api" + +- name: configuration du videobridge pour transporter les stats via colibri REST api lineinfile: path: "/etc/jitsi/videobridge/sip-communicator.properties" regexp: "^org.jitsi.videobridge.STATISTICS_TRANSPORT" diff --git a/roles/common/tasks/sys_conf.yml b/roles/common/tasks/sys_conf.yml index 960a3fd..5dbaf59 100644 --- a/roles/common/tasks/sys_conf.yml +++ b/roles/common/tasks/sys_conf.yml @@ -1,9 +1,13 @@ --- -- name: Installation de fail2ban +- name: Installation de fail2ban et nftables apt: - name: fail2ban + pkg: + - fail2ban + - nftables + update_cache: true + state: present -- name: Appliquation des règles de ban +- name: Appliquation des règles de ban ssh template: src: ../files/jail.conf dest: /etc/fail2ban/jail.d/jail.conf @@ -27,5 +31,5 @@ src: ../files/nftables.conf dest: /etc/nftables.conf notify: - - start nftables + - restart nftables - restart fail2ban diff --git a/visio-prod1.imio.be.yml b/visio-prod1.imio.be.yml new file mode 100644 index 0000000..aa54490 --- /dev/null +++ b/visio-prod1.imio.be.yml @@ -0,0 +1,5 @@ +--- +- hosts: visio-prod1.imio.be + roles: + - role: common + - role: auth diff --git a/playbook.yml b/visio2.nereide.fr.yml similarity index 100% rename from playbook.yml rename to visio2.nereide.fr.yml