déplacement de l'execution du lets encrypt dans le role d'install car ca n'arrivera pas d'utiliser jitsi sans certificat SSL

2020-08-24 17:21:59 +02:00
parent 06e5b578b1
commit 7e05bc4be0
18 changed files with 253 additions and 111 deletions
@@ -1,11 +1,12 @@
 ---
- name: Installation de fail2ban, nftables, gnupg2, apt-transport-https
+- name: Installation de fail2ban, nftables, gnupg2, apt-transport-https, ufw
  apt:
    name:
      - fail2ban
      - nftables
      - gnupg2
      - apt-transport-https
+      - ufw
    update_cache: true
    state: present

@@ -36,6 +37,20 @@
    - restart nftables
    - restart fail2ban

+- name: Mise en place des règle firewall tcp et udp
+  #source : https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall
+  ufw:
+    state: enabled
+    rule: allow
+    port: '{{ item[0] }}'
+    proto: '{{ item[1] }}'
+  loop:
+      - ['80','tcp']
+      - ['443','tcp']
+      - ['4443','tcp']
+      - ['22','tcp']
+      - ['10000','udp']
+
 - name: Ajout de la clé GPG pour le depot jitsi
  apt_key:
    url: http://download.jitsi.org/jitsi-key.gpg.key