Merge branch '2-installation-du-serveur-ovh-pour-imio' into 'master'

Resolve "installation du serveur OVH pour imio"

Closes #2

See merge request 10031/visio!2

group_vars/all

@@ -0,0 +1 @@
+ansible_python_interpreter: /usr/bin/python3

host_vars/visio-prod1.imio.be.yml

@@ -0,0 +1,3 @@
+---
+jitsi_user: imio
+jitsi_pass: logiciellibre

host_vars/visio2.nereide.fr.yml

@@ -0,0 +1,3 @@
+---
+jitsi_user: nereide
+jitsi_pass: ofbiz

inventory

@@ -1,5 +1,6 @@
 visio.imio.be
 visio.nereide.fr
-visio2.nereide.fr ansible_ssh_user=root jitsi_user=nereide jitsi_pass=ofbiz
+visio2.nereide.fr ansible_user=root
 visio.entrouvert.com
-visio443.champs-libres.be ansible_user=debian ansible_become=true ansible_python_interpreter=/usr/bin/python3
+visio443.champs-libres.be ansible_user=debian ansible_become=true
+visio-prod1.imio.be ansible_user=debian ansible_become=true

roles/auth/tasks/main.yml

@@ -6,6 +6,8 @@
     replace: 'authentication = "internal_plain"'
   notify:
     - restart prosody
+    - restart jitsi-videobridge2
+    - restart jicofo
 
 - name:  Conf Jitsi - Activation de l'authentification prosody 2/2
   blockinfile:
@@ -17,6 +19,8 @@
           c2s_require_encryption = false
   notify:
     - restart prosody
+    - restart jitsi-videobridge2
+    - restart jicofo
 
 - name: Conf Jitsi - Activation de l'authentification jitsi
   lineinfile:
@@ -24,7 +28,9 @@
     insertafter: "[^?]// anonymousdomain: 'guest.example.com'"
     line: "        anonymousdomain: 'guest.{{ inventory_hostname }}',"
   notify:
+    - restart prosody
     - restart jitsi-videobridge2
+    - restart jicofo
 
 - name: Conf Jitsi - Activation de l'authentification jicofo
   lineinfile:
@@ -32,9 +38,13 @@
     insertafter: "^org.jitsi.jicofo.BRIDGE_MUC=*"
     line: "org.jitsi.jicofo.auth.URL=XMPP:{{ inventory_hostname }}"
   notify:
+    - restart prosody
+    - restart jitsi-videobridge2
     - restart jicofo
 
 - name: Conf Jitsi - Création de l'utilisateur prosody
   command: prosodyctl register {{ jitsi_user }} {{ inventory_hostname }} {{ jitsi_pass }}
   notify:
     - restart prosody
+    - restart jitsi-videobridge2
+    - restart jicofo

roles/common/files/jail.conf

@@ -4,8 +4,7 @@ backend = systemd
 banaction = nftables-multiport
 
 # 92.154.111.181 - IP des bureaux de nereide
-# 86.244.5.54 - IP maison Antoine
+ignoreip = 127.0.0.1 92.154.111.181
-ignoreip = 127.0.0.1 92.154.111.181 86.244.5.54
 findtime = 1h
 bantime = 1d
 maxretry = 3

roles/common/handlers/main.yml

@@ -6,8 +6,8 @@
     daemon_reload: true
     enabled: true
 
-- name: start nftables
+- name: restart nftables
   systemd:
     name: nftables
-    state: started
+    state: restarted
     enabled: true

roles/common/tasks/jitsi_stats.yml

@@ -7,7 +7,7 @@
     regexp: "^org.jitsi.videobridge.ENABLE_STATISTICS"
     line: "org.jitsi.videobridge.ENABLE_STATISTICS=true"
     
-- name: "configuration de jvb pour transporter les stats via colibri REST api"
+- name: configuration du videobridge pour transporter les stats via colibri REST api
   lineinfile:
     path: "/etc/jitsi/videobridge/sip-communicator.properties"
     regexp: "^org.jitsi.videobridge.STATISTICS_TRANSPORT"

roles/common/tasks/sys_conf.yml

@@ -1,9 +1,13 @@
 ---
-- name: Installation de fail2ban
+- name: Installation de fail2ban et nftables
   apt:
-    name: fail2ban
+    pkg:
+      - fail2ban
+      - nftables
+    update_cache: true
+    state: present
 
-- name: Appliquation des règles de ban
+- name: Appliquation des règles de ban ssh
   template:
     src: ../files/jail.conf
     dest: /etc/fail2ban/jail.d/jail.conf
@@ -27,5 +31,5 @@
     src: ../files/nftables.conf
     dest: /etc/nftables.conf
   notify:
-    - start nftables
+    - restart nftables
     - restart fail2ban

visio-prod1.imio.be.yml

@@ -0,0 +1,5 @@
+---
+- hosts: visio-prod1.imio.be
+  roles:
+    - role: common
+    - role: auth