---
- name: Installation de fail2ban, nftables, gnupg2, apt-transport-https, ufw
  apt:
    name:
      - fail2ban
      - nftables
      - gnupg2
      - apt-transport-https
      - ufw
    update_cache: true
    state: present

- name: Appliquation des règles de ban ssh
  template:
    src: ../files/jail.conf
    dest: /etc/fail2ban/jail.d/jail.conf
  notify:
    - restart fail2ban

- name: Création du répertoire pour la surcharge systemd
  file:
    name: /etc/systemd/system/fail2ban.service.d
    state: directory

- name: Règle de base pour nftables
  template:
    src: ../files/fail2ban-override.conf
    dest: /etc/systemd/system/fail2ban.service.d/override.conf

- name: Déploiement des règles nftables (base)
  tags:
    - nftables
  template:
    src: ../files/nftables.conf
    dest: /etc/nftables.conf
  notify:
    - restart nftables
    - restart fail2ban

- name: Mise en place des règle firewall tcp et udp
  #source : https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall
  ufw:
    state: enabled
    rule: allow
    port: '{{ item[0] }}'
    proto: '{{ item[1] }}'
  loop:
      - ['80','tcp']
      - ['443','tcp']
      - ['4443','tcp']
      - ['22','tcp']
      - ['10000','udp']
      - ['3478','tcp']
      - ['5349','udp']

- name: Ajout de la clé GPG pour le depot jitsi
  apt_key:
    url: http://download.jitsi.org/jitsi-key.gpg.key

- name: Ajout du depot jitsi
  apt_repository:
    repo: deb https://download.jitsi.org stable/

- name: apt update
  apt:
    update_cache: true

- name: Application du hostname avant installation
  debconf:
    name: jitsi-meet-web-config
    question: jitsi-videobridge/jvb-hostname
    value: '{{ inventory_hostname }}'
    vtype: string

- name: On veut un certificat autogénéré
  debconf:
    name: jitsi-meet-web-config
    question: jitsi-meet/cert-choice
    value: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
    vtype: string