From be002bc7019886a02906e0d73590a96a33ad7498 Mon Sep 17 00:00:00 2001 From: Antoine Ouvrard Date: Wed, 15 Apr 2020 17:49:37 +0200 Subject: [PATCH] bigbang gestion des roles --- playbook_prod.yml | 14 ++--- roles/jitsi-post-install/tasks/main.yml | 56 +++++++++++++++++++ .../files/service-override.conf | 7 +++ roles/jitsi-pre-install/tasks/main.yml | 2 +- 4 files changed, 68 insertions(+), 11 deletions(-) create mode 100644 roles/jitsi-post-install/tasks/main.yml create mode 100644 roles/jitsi-pre-install/files/service-override.conf diff --git a/playbook_prod.yml b/playbook_prod.yml index df20906..d27fc3f 100644 --- a/playbook_prod.yml +++ b/playbook_prod.yml @@ -15,11 +15,9 @@ roles: - role: jitsi-pre-install - role: jitsi-install - - role: jitsi-enable-LE + - role: jitsi-post-install - role: jitsi-enable-stats - - role: jitsi-enable-fr-ln - - role: jitsi-enable-video-optimisation - - role: jitsi-add-logo + - role: jitsi-enable-auth tags: - nrd @@ -27,9 +25,7 @@ roles: - role: jitsi-pre-install - role: jitsi-install - - role: jitsi-enable-LE - - role: jitsi-enable-fr-ln - - role: jitsi-enable-video-optimisation + - role: jitsi-post-install - role: jitsi-enable-stats vars: hostname: visio443.champs-libres.be @@ -39,8 +35,6 @@ - hosts: jitsi.entrouvert.com roles: - role: jitsi-pre-install - - role: jitsi-enable-LE - - role: jitsi-enable-fr-ln - - role: jitsi-enable-video-optimisation + - role: jitsi-post-install tags: - eo diff --git a/roles/jitsi-post-install/tasks/main.yml b/roles/jitsi-post-install/tasks/main.yml new file mode 100644 index 0000000..cfbe84b --- /dev/null +++ b/roles/jitsi-post-install/tasks/main.yml @@ -0,0 +1,56 @@ +--- +- name: Conf let's encrypt - désactivation de la demande du mail de supervision 1/2 + replace: + path: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh + regexp: "read EMAIL" + replace: "#read EMAIL" + +- name: Conf let's encrypt - désactivation de la demande du mail de supervision 1/2 + lineinfile: + path: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh + insertafter: "#read EMAIL" + line: "EMAIL=supervision@nereide.fr" + +- name: Exécution du script lets encrypt + shell: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh >> jitsi-le.log + +- name: Conf Jitsi - UI en fr + lineinfile: + path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js + insertafter: "[^?]// defaultLanguage: 'en'" + line: " defaultLanguage: 'fr'," + +- name: Conf Jitsi - webcam en qualité medium par defaut 1/2 + lineinfile: + path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js + insertafter: "[^?]// resolution: 720" + line: " resolution: 360," + +- name: Conf Jitsi - webcam en qualité medium par defaut 2/2 + blockinfile: + path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js + marker: "// {mark} ANSIBLE MANAGED BLOCK" + insertafter: "// ratio of 16:9 with an ideal resolution of 720." + block: | + constraints: { + video: { + aspectRatio: 16 / 9, + height: { + ideal: 360, + max: 360, + min: 240 + } + } + }, + +- name: Conf Jitsi - Désactive l'effet floutage d'arrière plan + replace: + path: /usr/share/jitsi-meet/interface_config.js + regexp: "'videobackgroundblur'," + replace: "" + +- name: Conf Jitsi - Active une alerte pour les utilisateurs de Firefox + replace: + path: /usr/share/jitsi-meet/interface_config.js + regexp: "'firefox'," + replace: "" \ No newline at end of file diff --git a/roles/jitsi-pre-install/files/service-override.conf b/roles/jitsi-pre-install/files/service-override.conf new file mode 100644 index 0000000..885915e --- /dev/null +++ b/roles/jitsi-pre-install/files/service-override.conf @@ -0,0 +1,7 @@ +[Unit] +After=nftables.service +PartOf=nftables.service + +[Service] +ExecStartPre=nft add table inet filter +ExecStartPre=nft add chain inet filter input { type filter hook input priority 0; policy accept; } diff --git a/roles/jitsi-pre-install/tasks/main.yml b/roles/jitsi-pre-install/tasks/main.yml index 73c113c..d388c0e 100644 --- a/roles/jitsi-pre-install/tasks/main.yml +++ b/roles/jitsi-pre-install/tasks/main.yml @@ -23,7 +23,7 @@ - name: Règle de base pour nftables template: - src: ../files/fail2ban-override.conf + src: ../files/service-override.conf dest: /etc/systemd/system/fail2ban.service.d/override.conf - name: Déploiement des règles nftables (base)