---
- name: vérification des variables obligatoire
  fail:
    msg: |
      il faut définir la variable `coturn_secret` pour utiliser ce role
  when: coturn_secret is not defined

- name: Installation de coturn
  apt:
    name:
      - coturn
    update_cache: true

- name: Y-a-t un certificat SSL dans l'avion?
  stat:
    path: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
  register: ssl_file

- include_tasks: letsencrypt.yml
  when: not ssl_file.stat.exists


- name: Donne les droits a coturn de lire les certificats SSL
  file:
    path: "{{ item }}"
    owner: turnserver
    group: turnserver
    state: directory
    recurse: true
  loop:
    - /etc/letsencrypt/live
    - /etc/letsencrypt/archive

- name: set la config coturn
  template:
    src: ../templates/turnserver.conf.j2
    dest: /etc/turnserver.conf
  notify: restart coturn

- name: Ajout des capabilities à coturn
  lineinfile:
    path: /etc/systemd/system/coturn.service.d/override.conf
    create: true
    line: |
      [Service]
      AmbientCapabilities=CAP_NET_BIND_SERVICE
  notify: restart coturn