From df79f2b24140d698ccbf8a27f8d9b663a09d9e3d Mon Sep 17 00:00:00 2001 From: Antoine Ouvrard Date: Mon, 4 May 2020 13:37:19 +0200 Subject: [PATCH] correction erreur suite au rebase --- playbook_prod.yml | 11 +++-- roles/jitsi-enable-LE/tasks/main.yml | 12 ++---- .../tasks/main.yml | 41 ------------------- roles/jitsi-pre-install/files/nftables.conf | 2 +- .../files/service-override.conf | 7 ---- roles/jitsi-pre-install/tasks/main.yml | 2 +- 6 files changed, 13 insertions(+), 62 deletions(-) delete mode 100644 roles/jitsi-enable-UIandCamTricks/tasks/main.yml delete mode 100644 roles/jitsi-pre-install/files/service-override.conf diff --git a/playbook_prod.yml b/playbook_prod.yml index d690229..df20906 100644 --- a/playbook_prod.yml +++ b/playbook_prod.yml @@ -16,9 +16,10 @@ - role: jitsi-pre-install - role: jitsi-install - role: jitsi-enable-LE - - role: jitsi-enable-UIandCamTricks - role: jitsi-enable-stats - - role: jitsi-enable-auth + - role: jitsi-enable-fr-ln + - role: jitsi-enable-video-optimisation + - role: jitsi-add-logo tags: - nrd @@ -27,7 +28,8 @@ - role: jitsi-pre-install - role: jitsi-install - role: jitsi-enable-LE - - role: jitsi-enable-UIandCamTricks + - role: jitsi-enable-fr-ln + - role: jitsi-enable-video-optimisation - role: jitsi-enable-stats vars: hostname: visio443.champs-libres.be @@ -38,6 +40,7 @@ roles: - role: jitsi-pre-install - role: jitsi-enable-LE - - role: jitsi-enable-UIandCamTricks + - role: jitsi-enable-fr-ln + - role: jitsi-enable-video-optimisation tags: - eo diff --git a/roles/jitsi-enable-LE/tasks/main.yml b/roles/jitsi-enable-LE/tasks/main.yml index a0e1edb..79f36b2 100644 --- a/roles/jitsi-enable-LE/tasks/main.yml +++ b/roles/jitsi-enable-LE/tasks/main.yml @@ -1,15 +1,11 @@ --- -- name: Conf let's encrypt - désactivation de la demande du mail de supervision 1/2 +- name: Conf let's encrypt - désactivation de la demande du mail de supervision replace: path: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh regexp: "^read EMAIL" - replace: "#read EMAIL" - -- name: Conf let's encrypt - désactivation de la demande du mail de supervision 1/2 - lineinfile: - path: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh - insertafter: "#read EMAIL" - line: "EMAIL=supervision@nereide.fr" + replace: | + #read EMAIL + EMAIL=supervision@nereide.fr - name: Exécution du script lets encrypt shell: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh >> jitsi-le.log diff --git a/roles/jitsi-enable-UIandCamTricks/tasks/main.yml b/roles/jitsi-enable-UIandCamTricks/tasks/main.yml deleted file mode 100644 index 469a561..0000000 --- a/roles/jitsi-enable-UIandCamTricks/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Conf Jitsi - UI en fr - lineinfile: - path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js - insertafter: "[^?]// defaultLanguage: 'en'" - line: " defaultLanguage: 'fr'," - -- name: Conf Jitsi - webcam en qualité medium par defaut 1/2 - lineinfile: - path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js - insertafter: "[^?]// resolution: 720" - line: " resolution: 360," - -- name: Conf Jitsi - webcam en qualité medium par defaut 2/2 - blockinfile: - path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js - marker: "// {mark} ANSIBLE MANAGED BLOCK" - insertafter: "[^?]resolution: 360," - block: | - constraints: { - video: { - aspectRatio: 16 / 9, - height: { - ideal: 360, - max: 360, - min: 240 - } - } - }, - -- name: Conf Jitsi - Désactive l'effet floutage d'arrière plan - replace: - path: /usr/share/jitsi-meet/interface_config.js - regexp: "'videobackgroundblur'," - replace: "" - -- name: Conf Jitsi - Active une alerte pour les utilisateurs de Firefox - replace: - path: /usr/share/jitsi-meet/interface_config.js - regexp: "'firefox'," - replace: "" diff --git a/roles/jitsi-pre-install/files/nftables.conf b/roles/jitsi-pre-install/files/nftables.conf index eb4bca1..50857a9 100644 --- a/roles/jitsi-pre-install/files/nftables.conf +++ b/roles/jitsi-pre-install/files/nftables.conf @@ -23,7 +23,7 @@ table inet myfilter { iif lo accept # accepte tout le traffic ssh peut importe l'origine tcp dport 22 accept - # accepte le traffic tcp depuis le reste du monde si la cible est un des ports http, https + # accepte le traffic tcp depuis le reste du monde si la cible est un des ports http, https, smtp tcp dport {80, 443} accept # ouvre les port udp I/O 10000 et 44446 pour jitsi udp dport {10000, 4446} accept diff --git a/roles/jitsi-pre-install/files/service-override.conf b/roles/jitsi-pre-install/files/service-override.conf deleted file mode 100644 index 885915e..0000000 --- a/roles/jitsi-pre-install/files/service-override.conf +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -After=nftables.service -PartOf=nftables.service - -[Service] -ExecStartPre=nft add table inet filter -ExecStartPre=nft add chain inet filter input { type filter hook input priority 0; policy accept; } diff --git a/roles/jitsi-pre-install/tasks/main.yml b/roles/jitsi-pre-install/tasks/main.yml index d388c0e..73c113c 100644 --- a/roles/jitsi-pre-install/tasks/main.yml +++ b/roles/jitsi-pre-install/tasks/main.yml @@ -23,7 +23,7 @@ - name: Règle de base pour nftables template: - src: ../files/service-override.conf + src: ../files/fail2ban-override.conf dest: /etc/systemd/system/fail2ban.service.d/override.conf - name: Déploiement des règles nftables (base)