lint
This commit is contained in:
Antoine Ouvrard
@@ -1,4 +1,4 @@
|
|||||||
#Roles possible: cf dossier roles
|
# Roles possible: cf dossier roles
|
||||||
---
|
---
|
||||||
- hosts: jitsi2.komuniki.fr
|
- hosts: jitsi2.komuniki.fr
|
||||||
roles:
|
roles:
|
||||||
@@ -16,4 +16,4 @@
|
|||||||
roles:
|
roles:
|
||||||
- role: jibri-install
|
- role: jibri-install
|
||||||
tags:
|
tags:
|
||||||
- jibri2
|
- jibri2
|
||||||
|
|||||||
@@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- name: restart bbb
|
||||||
|
command: bbb-conf --restart
|
||||||
@@ -1,11 +1,8 @@
|
|||||||
---
|
---
|
||||||
- name: Désactivation du test d'écho effectué lors de l'accès à la room
|
- name: Désactivation du test d'écho effectué lors de l'accès à la room
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
|
path: /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
|
||||||
regexp: ' skipCheck: false'
|
regexp: ' skipCheck: false'
|
||||||
line: ' skipCheck: true'
|
line: ' skipCheck: true'
|
||||||
register: result
|
notify:
|
||||||
|
- restart bbb
|
||||||
- name: On redémarre bbb que si le fichier ci dessus a été modifié
|
|
||||||
shell: "bbb-conf --restart"
|
|
||||||
when: result is changed
|
|
||||||
|
|||||||
@@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- name: restart greenlight
|
||||||
|
shell: "cd /root/greenlight; docker-compose down; docker-compose up -d"
|
||||||
@@ -30,8 +30,5 @@
|
|||||||
path: "/root/greenlight/.env"
|
path: "/root/greenlight/.env"
|
||||||
regexp: "LDAP_BASE="
|
regexp: "LDAP_BASE="
|
||||||
line: "LDAP_BASE=o=libre-entreprise"
|
line: "LDAP_BASE=o=libre-entreprise"
|
||||||
register: result
|
notify:
|
||||||
|
- restart greenlight
|
||||||
- name: redémarrage de greenlight
|
|
||||||
shell: "cd /root/greenlight; docker-compose down; docker-compose up -d"
|
|
||||||
when: result is changed
|
|
||||||
|
|||||||
@@ -5,4 +5,3 @@
|
|||||||
state: restarted
|
state: restarted
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
|||||||
@@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
- name: Application de la conf général de Telegraf
|
- name: Application de la conf général de Telegraf
|
||||||
template:
|
template:
|
||||||
src: ../templates/telegraf-general.conf.j2
|
src: telegraf-general.conf.j2
|
||||||
dest: /etc/telegraf/telegraf.conf
|
dest: /etc/telegraf/telegraf.conf
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
notify:
|
notify:
|
||||||
@@ -24,14 +24,14 @@
|
|||||||
|
|
||||||
## Instalation des metrics BBB
|
## Instalation des metrics BBB
|
||||||
- name: Ajout du script python qui met en forme les metrics BBB
|
- name: Ajout du script python qui met en forme les metrics BBB
|
||||||
template:
|
file:
|
||||||
src: ../files/bbb-telegraf.py
|
src: bbb-telegraf.py
|
||||||
dest: /opt/
|
dest: /opt/
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
- name: Application de la conf BBB pour Telegraf
|
- name: Application de la conf BBB pour Telegraf
|
||||||
template:
|
file:
|
||||||
src: ../files/telegraf-input-bbb.conf
|
src: telegraf-input-bbb.conf
|
||||||
dest: /etc/telegraf/telegraf.d/jitsi.conf
|
dest: /etc/telegraf/telegraf.d/jitsi.conf
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
notify:
|
notify:
|
||||||
|
|||||||
@@ -6,3 +6,5 @@
|
|||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
- name: restart bigbluebutton
|
||||||
|
command: bbb-conf --restart
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
- name: Application de la conf général SIP
|
- name: Application de la conf général SIP
|
||||||
template:
|
template:
|
||||||
src: ../templates/sip-profiles.xml.j2
|
src: sip-profiles.xml.j2
|
||||||
dest: /opt/freeswitch/conf/sip_profiles/external/sip.xml
|
dest: /opt/freeswitch/conf/sip_profiles/external/sip.xml
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
owner: freeswitch
|
owner: freeswitch
|
||||||
@@ -10,8 +10,8 @@
|
|||||||
- restart freeswitch
|
- restart freeswitch
|
||||||
|
|
||||||
- name: Application de la conf SIP
|
- name: Application de la conf SIP
|
||||||
template:
|
file:
|
||||||
src: ../files/bbb_sip_ovh.xml
|
src: bbb_sip_ovh.xml
|
||||||
dest: /opt/freeswitch/conf/dialplan/public/bbb_sip_ovh.xml
|
dest: /opt/freeswitch/conf/dialplan/public/bbb_sip_ovh.xml
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
owner: freeswitch
|
owner: freeswitch
|
||||||
@@ -29,12 +29,11 @@
|
|||||||
lineinfile:
|
lineinfile:
|
||||||
path: /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
|
path: /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
|
||||||
regexp: "defaultWelcomeMessageFooter="
|
regexp: "defaultWelcomeMessageFooter="
|
||||||
line: "defaultWelcomeMessageFooter=Pour rejoindre la conférence par téléphone, appeler au numéro :<br> %%DIALNUM%%<br> puis saisir le code :<br> %%CONFNUM%%"
|
line:
|
||||||
register: welcomeMessage
|
"defaultWelcomeMessageFooter=Pour rejoindre la conférence par téléphone,
|
||||||
|
appeler au numéro :<br> %%DIALNUM%%<br> puis saisir le code :<br> %%CONFNUM%%"
|
||||||
- name: On redémarre bbb que si le fichier ci dessus a été modifié
|
notify:
|
||||||
shell: "bbb-conf --restart"
|
- restart bigbluebutton
|
||||||
when: welcomeMessage is changed
|
|
||||||
|
|
||||||
- name: Changement du message d'accueil audio
|
- name: Changement du message d'accueil audio
|
||||||
copy:
|
copy:
|
||||||
@@ -43,9 +42,9 @@
|
|||||||
owner: freeswitch
|
owner: freeswitch
|
||||||
group: daemon
|
group: daemon
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
backup: yes
|
backup: true
|
||||||
loop:
|
loop:
|
||||||
- 8000
|
- 8000
|
||||||
- 16000
|
- 16000
|
||||||
- 32000
|
- 32000
|
||||||
- 48000
|
- 48000
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
---
|
---
|
||||||
- name: Ajoute un script qui permet d'importer la conf d'un autre BBB
|
- name: Ajoute un script qui permet d'importer la conf d'un autre BBB
|
||||||
copy:
|
copy:
|
||||||
src: ../files/import-conf-bbb.sh
|
src: import-conf-bbb.sh
|
||||||
dest: /root/
|
dest: /root/
|
||||||
|
mode: 0700
|
||||||
|
|||||||
@@ -2,4 +2,4 @@
|
|||||||
- name: reload nginx
|
- name: reload nginx
|
||||||
systemd:
|
systemd:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|||||||
@@ -1,12 +1,11 @@
|
|||||||
---
|
---
|
||||||
# Set du hostname BBB
|
# Set du hostname BBB
|
||||||
# Prérequis : le DNS doit être positionné sur le nouveau nom de domaine
|
# Prérequis : le DNS doit être positionné sur le nouveau nom de domaine
|
||||||
|
|
||||||
- name: vérification de la présence du hostname dans les variables
|
- name: vérification de la présence du hostname dans les variables
|
||||||
fail:
|
fail:
|
||||||
msg: |
|
msg: |
|
||||||
la variable `bbbHostname` est obligatoire pour
|
la variable `bbbHostname` est obligatoire pour
|
||||||
utiliser le role bbb-set-hostname.
|
utiliser le role bbb-set-hostname.
|
||||||
Veuillez la rajouter dans l'inventaire
|
Veuillez la rajouter dans l'inventaire
|
||||||
when:
|
when:
|
||||||
- bbbHostname is not defined
|
- bbbHostname is not defined
|
||||||
@@ -16,10 +15,10 @@
|
|||||||
fetch:
|
fetch:
|
||||||
src: /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
|
src: /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
|
||||||
dest: /tmp/
|
dest: /tmp/
|
||||||
flat: yes
|
flat: true
|
||||||
|
|
||||||
- name : Récup du hostname actuellement configuré
|
- name: Récup du hostname actuellement configuré
|
||||||
set_fact:
|
set_fact:
|
||||||
oldHostname: "{{ lookup('ini', 'bigbluebutton.web.serverURL type=properties file=/tmp/bigbluebutton.properties') | urlsplit('hostname') }}"
|
oldHostname: "{{ lookup('ini', 'bigbluebutton.web.serverURL type=properties file=/tmp/bigbluebutton.properties') | urlsplit('hostname') }}"
|
||||||
|
|
||||||
- name: execution de la commande bigbluebutton qui set le nouveau nom de domaine
|
- name: execution de la commande bigbluebutton qui set le nouveau nom de domaine
|
||||||
@@ -45,7 +44,7 @@
|
|||||||
|
|
||||||
- name: Active la conf nginx nécessaire pour créer un certificat Let's Encrypt
|
- name: Active la conf nginx nécessaire pour créer un certificat Let's Encrypt
|
||||||
template:
|
template:
|
||||||
src: ../templates/nginxSSLcheck.conf
|
src: nginxSSLcheck.conf
|
||||||
dest: /etc/nginx/sites-enabled/
|
dest: /etc/nginx/sites-enabled/
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
when: not ssl_file.stat.exists
|
when: not ssl_file.stat.exists
|
||||||
@@ -71,4 +70,4 @@
|
|||||||
path: /etc/nginx/sites-enabled/bigbluebutton
|
path: /etc/nginx/sites-enabled/bigbluebutton
|
||||||
regexp: '(.*){{ oldHostname }}(.*)'
|
regexp: '(.*){{ oldHostname }}(.*)'
|
||||||
replace: '\1{{ bbbHostname }}\2'
|
replace: '\1{{ bbbHostname }}\2'
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|||||||
@@ -17,9 +17,10 @@
|
|||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: /usr/local/bin/
|
path: /usr/local/bin/
|
||||||
|
mode: 0644
|
||||||
- name: "télécharge de chromedriver pour la version {{ _latest_release.content }}"
|
- name: "télécharge de chromedriver pour la version {{ _latest_release.content }}"
|
||||||
unarchive:
|
unarchive:
|
||||||
src: "http://chromedriver.storage.googleapis.com/{{ _latest_release.content }}/chromedriver_linux64.zip"
|
src: "http://chromedriver.storage.googleapis.com/{{ _latest_release.content }}/chromedriver_linux64.zip"
|
||||||
dest: /usr/local/bin
|
dest: /usr/local/bin
|
||||||
mode: "755"
|
mode: "755"
|
||||||
remote_src: true
|
remote_src: true
|
||||||
|
|||||||
@@ -22,8 +22,10 @@
|
|||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: /etc/opt/chrome/policies/managed
|
path: /etc/opt/chrome/policies/managed
|
||||||
|
mode: 0644
|
||||||
- name: CommandLineFlagSecurityWarningsEnabled
|
- name: CommandLineFlagSecurityWarningsEnabled
|
||||||
copy:
|
copy:
|
||||||
dest: /etc/opt/chrome/policies/managed/managed_policies.json
|
dest: /etc/opt/chrome/policies/managed/managed_policies.json
|
||||||
|
mode: 0755
|
||||||
content: |
|
content: |
|
||||||
{ "CommandLineFlagSecurityWarningsEnabled": false }
|
{ "CommandLineFlagSecurityWarningsEnabled": false }
|
||||||
|
|||||||
@@ -28,8 +28,9 @@
|
|||||||
|
|
||||||
- name: configure jibri
|
- name: configure jibri
|
||||||
template:
|
template:
|
||||||
src: ../templates/jibri.conf
|
src: jibri.conf
|
||||||
dest: /etc/jitsi/jibri/jibri.conf
|
dest: /etc/jitsi/jibri/jibri.conf
|
||||||
|
mode: 0755
|
||||||
notify: restart jibri
|
notify: restart jibri
|
||||||
|
|
||||||
- name: configure xorg
|
- name: configure xorg
|
||||||
@@ -43,7 +44,7 @@
|
|||||||
|
|
||||||
- name: configure les cookies (fichier)
|
- name: configure les cookies (fichier)
|
||||||
copy:
|
copy:
|
||||||
src: ../files/chrome-extension-cookie
|
src: chrome-extension-cookie
|
||||||
dest: /opt/
|
dest: /opt/
|
||||||
mode: '644'
|
mode: '644'
|
||||||
directory_mode: '755'
|
directory_mode: '755'
|
||||||
@@ -53,7 +54,7 @@
|
|||||||
|
|
||||||
- name: configure les cookies (template)
|
- name: configure les cookies (template)
|
||||||
template:
|
template:
|
||||||
src: ../templates/chrome-extension-background.js.j2
|
src: chrome-extension-background.js.j2
|
||||||
dest: /opt/chrome-extension-cookie/background.js
|
dest: /opt/chrome-extension-cookie/background.js
|
||||||
mode: '644'
|
mode: '644'
|
||||||
when:
|
when:
|
||||||
|
|||||||
@@ -4,4 +4,4 @@
|
|||||||
name: prosody
|
name: prosody
|
||||||
state: restarted
|
state: restarted
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -16,11 +16,11 @@
|
|||||||
regexp: '{{ item[0] }}'
|
regexp: '{{ item[0] }}'
|
||||||
replace: '{{ item[1] }}'
|
replace: '{{ item[1] }}'
|
||||||
loop:
|
loop:
|
||||||
- ['host = "{{ inventory_hostname }}"','host = "{{ coturn_hostname }}"']
|
- ['host = "{{ inventory_hostname }}"', 'host = "{{ coturn_hostname }}"']
|
||||||
- ['-- https_ports = { };','https_ports = { };']
|
- ['-- https_ports = { };', 'https_ports = { };']
|
||||||
- ['^external_service_secret =', '-- external_service_secret =']
|
- ['^external_service_secret =', '-- external_service_secret =']
|
||||||
- ['port = 3478','port = 443']
|
- ['port = 3478', 'port = 443']
|
||||||
- ['port = 5349','port = 443']
|
- ['port = 5349', 'port = 443']
|
||||||
notify: restart prosody
|
notify: restart prosody
|
||||||
|
|
||||||
- name: indique a jitsi les règles d'échange des credentials pour le coturn externe
|
- name: indique a jitsi les règles d'échange des credentials pour le coturn externe
|
||||||
|
|||||||
@@ -15,4 +15,4 @@
|
|||||||
systemd:
|
systemd:
|
||||||
name: jicofo
|
name: jicofo
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -21,10 +21,16 @@
|
|||||||
|
|
||||||
- name: utilisateur jibri pour prosody (auth)
|
- name: utilisateur jibri pour prosody (auth)
|
||||||
command: prosodyctl register {{ item.user }} auth.{{ inventory_hostname }} {{ item.password }}
|
command: prosodyctl register {{ item.user }} auth.{{ inventory_hostname }} {{ item.password }}
|
||||||
|
args:
|
||||||
|
# Prosody remplace les points par des '%2e' dans le chemin du fichier
|
||||||
|
creates: /var/lib/prosody/{{ 'auth%2e'+inventory_hostname | replace('.', '%2e') }}/accounts/{{ item.user }}.dat
|
||||||
loop: "{{ jibri_users }}"
|
loop: "{{ jibri_users }}"
|
||||||
|
|
||||||
- name: utilisateur jibri pour prosody (recorder)
|
- name: utilisateur jibri pour prosody (recorder)
|
||||||
command: prosodyctl register {{ item.user }}-record recorder.{{ inventory_hostname }} {{ item.password }}
|
command: prosodyctl register {{ item.user }}-record recorder.{{ inventory_hostname }} {{ item.password }}
|
||||||
|
args:
|
||||||
|
# Prosody remplace les points par des '%2e' dans le chemin du fichier
|
||||||
|
creates: /var/lib/prosody/{{ 'auth%2e'+inventory_hostname | replace('.', '%2e') }}/accounts/{{ item.user }}.dat
|
||||||
loop: "{{ jibri_users }}"
|
loop: "{{ jibri_users }}"
|
||||||
|
|
||||||
- name: authentification jicofo
|
- name: authentification jicofo
|
||||||
@@ -39,14 +45,14 @@
|
|||||||
- restart jitsi-videobridge2
|
- restart jitsi-videobridge2
|
||||||
- restart jicofo
|
- restart jicofo
|
||||||
|
|
||||||
- name: livestreaming
|
- name: livestreaming
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js
|
path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js
|
||||||
insertafter: "[^?]// liveStreamingEnabled:"
|
insertafter: "[^?]// liveStreamingEnabled:"
|
||||||
line: "liveStreamingEnabled: true,"
|
line: "liveStreamingEnabled: true,"
|
||||||
|
|
||||||
- name: hidden domain
|
- name: hidden domain
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js
|
path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js
|
||||||
insertbefore: "[^?]// List of undocumented"
|
insertbefore: "[^?]// List of undocumented"
|
||||||
line: "hiddenDomain: 'recorder.{{ inventory_hostname}}',"
|
line: "hiddenDomain: 'recorder.{{ inventory_hostname }}',"
|
||||||
|
|||||||
@@ -5,4 +5,3 @@
|
|||||||
state: restarted
|
state: restarted
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
|||||||
@@ -40,7 +40,7 @@
|
|||||||
|
|
||||||
- name: Application de la conf Jitsi pour Telegraf
|
- name: Application de la conf Jitsi pour Telegraf
|
||||||
template:
|
template:
|
||||||
src: ../templates/telegraf-input-jitsi.conf
|
src: telegraf-input-jitsi.conf
|
||||||
dest: /etc/telegraf/telegraf.d/jitsi.conf
|
dest: /etc/telegraf/telegraf.d/jitsi.conf
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
notify:
|
notify:
|
||||||
@@ -48,7 +48,7 @@
|
|||||||
|
|
||||||
- name: Application de la conf Telegraf
|
- name: Application de la conf Telegraf
|
||||||
template:
|
template:
|
||||||
src: ../templates/telegraf-general.conf.j2
|
src: telegraf-general.conf.j2
|
||||||
dest: /etc/telegraf/telegraf.conf
|
dest: /etc/telegraf/telegraf.conf
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
notify:
|
notify:
|
||||||
|
|||||||
@@ -6,4 +6,4 @@
|
|||||||
replace: '<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind'
|
replace: '<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind'
|
||||||
notify:
|
notify:
|
||||||
- restart jitsi-videobridge2
|
- restart jitsi-videobridge2
|
||||||
- restart nginx
|
- restart nginx
|
||||||
|
|||||||
@@ -4,4 +4,4 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
loop_var: hostname
|
loop_var: hostname
|
||||||
- include_tasks: ssl.yml
|
- include_tasks: ssl.yml
|
||||||
- include_tasks: jitsi.yml
|
- include_tasks: jitsi.yml
|
||||||
|
|||||||
@@ -8,7 +8,8 @@
|
|||||||
copy:
|
copy:
|
||||||
src: /etc/nginx/sites-available/{{ inventory_hostname }}.conf
|
src: /etc/nginx/sites-available/{{ inventory_hostname }}.conf
|
||||||
dest: /etc/nginx/sites-available/{{ hostname }}.conf
|
dest: /etc/nginx/sites-available/{{ hostname }}.conf
|
||||||
remote_src: yes
|
remote_src: true
|
||||||
|
mode: 0644
|
||||||
when: not nginx_file.stat.exists
|
when: not nginx_file.stat.exists
|
||||||
|
|
||||||
- name: Conf Jitsi MultiDomain - Change le ServerName des conf nginx
|
- name: Conf Jitsi MultiDomain - Change le ServerName des conf nginx
|
||||||
@@ -36,4 +37,4 @@
|
|||||||
state: link
|
state: link
|
||||||
notify:
|
notify:
|
||||||
- restart jitsi-videobridge2
|
- restart jitsi-videobridge2
|
||||||
- restart nginx
|
- restart nginx
|
||||||
|
|||||||
@@ -9,7 +9,7 @@
|
|||||||
src: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
|
src: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
|
||||||
dest: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert-with-param.sh
|
dest: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert-with-param.sh
|
||||||
mode: u+x
|
mode: u+x
|
||||||
remote_src: yes
|
remote_src: true
|
||||||
when: not ssl_file.stat.exists
|
when: not ssl_file.stat.exists
|
||||||
|
|
||||||
- name: Conf SSL MultiDomain - rend le nom de domaine paramétrable dans le script certbot de jitsi
|
- name: Conf SSL MultiDomain - rend le nom de domaine paramétrable dans le script certbot de jitsi
|
||||||
@@ -19,9 +19,9 @@
|
|||||||
replace: "DOMAIN=$1"
|
replace: "DOMAIN=$1"
|
||||||
|
|
||||||
- name: Conf SSL MultiDomain - Exécution du script lets encrypt
|
- name: Conf SSL MultiDomain - Exécution du script lets encrypt
|
||||||
shell:
|
command: "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert-with-param.sh {{ item }}"
|
||||||
cmd: "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert-with-param.sh {{ item }}"
|
args:
|
||||||
creates: /etc/letsencrypt/live/{{ item }}/fullchain.pem # Execute le script que si ce fichier n'existe pas
|
creates: /etc/letsencrypt/live/{{ item }}/fullchain.pem # Execute le script que si ce fichier n'existe pas
|
||||||
loop: "{{ jitsi_multidomain_domain }}"
|
loop: "{{ jitsi_multidomain_domain }}"
|
||||||
|
|
||||||
- name: Conf Jitsi MultiDomain - Change le ServerName des conf nginx
|
- name: Conf Jitsi MultiDomain - Change le ServerName des conf nginx
|
||||||
|
|||||||
@@ -2,4 +2,4 @@
|
|||||||
- name: reload nginx
|
- name: reload nginx
|
||||||
systemd:
|
systemd:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|||||||
@@ -3,6 +3,7 @@
|
|||||||
file:
|
file:
|
||||||
path: /usr/share/jitsi-meet/static-imio
|
path: /usr/share/jitsi-meet/static-imio
|
||||||
state: directory
|
state: directory
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: personnalise la config nginx de l'accès jitsi principal
|
- name: personnalise la config nginx de l'accès jitsi principal
|
||||||
blockinfile:
|
blockinfile:
|
||||||
@@ -73,7 +74,7 @@
|
|||||||
group: root
|
group: root
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
loop:
|
loop:
|
||||||
- [ 'visio.imio.be.svg' , 'images/' ]
|
- ['visio.imio.be.svg', 'images/']
|
||||||
|
|
||||||
- name: Adaptation du js
|
- name: Adaptation du js
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -81,5 +82,5 @@
|
|||||||
regexp: '{{ item[0] }}'
|
regexp: '{{ item[0] }}'
|
||||||
line: '{{ item[1] }}'
|
line: '{{ item[1] }}'
|
||||||
loop:
|
loop:
|
||||||
- [ 'DEFAULT_LOGO_URL: ' , " DEFAULT_LOGO_URL: 'images/visio.imio.be.svg'," ]
|
- ['DEFAULT_LOGO_URL: ', " DEFAULT_LOGO_URL: 'images/visio.imio.be.svg',"]
|
||||||
- [ 'JITSI_WATERMARK_LINK: ' , " JITSI_WATERMARK_LINK: 'https://imio.be'," ]
|
- ['JITSI_WATERMARK_LINK: ', " JITSI_WATERMARK_LINK: 'https://imio.be',"]
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
- name: Conf Jitsi - webcam en qualité medium par defaut
|
- name: Conf Jitsi - webcam en qualité medium par defaut
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js
|
path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js
|
||||||
marker: "// {mark} ANSIBLE MANAGED BLOCK"
|
marker: "// {mark} ANSIBLE MANAGED BLOCK"
|
||||||
|
|||||||
@@ -14,12 +14,13 @@
|
|||||||
- name: Exécution du script lets encrypt
|
- name: Exécution du script lets encrypt
|
||||||
shell:
|
shell:
|
||||||
cmd: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh >> jitsi-le.log
|
cmd: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh >> jitsi-le.log
|
||||||
creates: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem # Execute le script que si ce fichier n'existe pas
|
creates: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem # Execute le script que si ce fichier n'existe pas
|
||||||
|
|
||||||
- name: Ajout d'un memo pour suprimer manuellement Jitsi
|
- name: Ajout d'un memo pour suprimer manuellement Jitsi
|
||||||
copy:
|
copy:
|
||||||
dest: /root/purgeJitsi.sh
|
dest: /root/purgeJitsi.sh
|
||||||
|
mode: 0700
|
||||||
content: |
|
content: |
|
||||||
systemctl stop jitsi-videobridge2 prosody jicofo nginx coturn
|
systemctl stop jitsi-videobridge2 prosody jicofo nginx coturn
|
||||||
apt purge jitsi-meet && apt --purge autoremove
|
apt purge jitsi-meet && apt --purge autoremove
|
||||||
rm -rf /etc/jitsi/ /usr/share/jitsi-* /etc/letsencrypt
|
rm -rf /etc/jitsi/ /usr/share/jitsi-* /etc/letsencrypt
|
||||||
|
|||||||
@@ -10,23 +10,23 @@
|
|||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Mise en place des règle firewall tcp et udp
|
- name: Mise en place des règle firewall tcp et udp
|
||||||
#source : https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall
|
# source : https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall
|
||||||
ufw:
|
ufw:
|
||||||
state: enabled
|
state: enabled
|
||||||
rule: allow
|
rule: allow
|
||||||
port: '{{ item[0] }}'
|
port: '{{ item[0] }}'
|
||||||
proto: '{{ item[1] }}'
|
proto: '{{ item[1] }}'
|
||||||
loop:
|
loop:
|
||||||
- ['80','tcp']
|
- ['80', 'tcp']
|
||||||
- ['443','tcp']
|
- ['443', 'tcp']
|
||||||
- ['4443','tcp']
|
- ['4443', 'tcp']
|
||||||
- ['22','tcp']
|
- ['22', 'tcp']
|
||||||
- ['10000','udp']
|
- ['10000', 'udp']
|
||||||
- ['3478','udp']
|
- ['3478', 'udp']
|
||||||
- ['5349','tcp']
|
- ['5349', 'tcp']
|
||||||
- ['5222','tcp'] # XMPP port for recorder
|
- ['5222', 'tcp'] # XMPP port for recorder
|
||||||
|
|
||||||
- name: Import de la clé GPG #source: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#add-the-jitsi-package-repository
|
- name: Import de la clé GPG # source: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#add-the-jitsi-package-repository
|
||||||
apt_key:
|
apt_key:
|
||||||
id: FFD65A0DA2BEBDEB73D44C8BB4D2D216F1FD7806
|
id: FFD65A0DA2BEBDEB73D44C8BB4D2D216F1FD7806
|
||||||
url: https://download.jitsi.org/jitsi-key.gpg.key
|
url: https://download.jitsi.org/jitsi-key.gpg.key
|
||||||
|
|||||||
Reference in New Issue
Block a user