antoine/visio_nrd
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-05-25. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
2bc9af13085f7d591472669a71cf8c8733fc89da
visio_nrd/roles/jitsi-install/tasks/main.yml
T
Antoine Ouvrard 2bc9af1308 yamllint
2021-05-04 17:27:25 +02:00

86 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Installation des prérequis
apt:
name:
- sshguard
- ufw
- gnupg2
- nginx-full
update_cache: true
state: present
- name: Mise en place des règle firewall tcp et udp
# yamllint disable-line rule:line-length
# source : https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall
ufw:
state: enabled
rule: allow
port: '{{ item[0] }}'
proto: '{{ item[1] }}'
loop:
- ['80', 'tcp']
- ['443', 'tcp']
- ['4443', 'tcp']
- ['22', 'tcp']
- ['10000', 'udp']
- ['3478', 'udp']
- ['5349', 'tcp']
- ['5222', 'tcp'] # XMPP port for recorder
# yamllint disable-line rule:line-length
- name: Import de la clé GPG # source: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#add-the-jitsi-package-repository
apt_key:
id: FFD65A0DA2BEBDEB73D44C8BB4D2D216F1FD7806
url: https://download.jitsi.org/jitsi-key.gpg.key
keyring: /etc/apt/trusted.gpg.d/jitsi.gpg
- name: Ajout du depot jitsi
apt_repository:
# yamllint disable-line rule:line-length
repo: deb [signed-by=/etc/apt/trusted.gpg.d/jitsi.gpg] https://download.jitsi.org stable/
update_cache: true
- name: Application du hostname avant installation
debconf:
name: jitsi-meet-web-config
question: jitsi-videobridge/jvb-hostname
value: '{{ inventory_hostname }}'
vtype: string
- name: On veut un certificat autogénéré
debconf:
name: jitsi-meet-web-config
question: jitsi-meet/cert-choice
value: >
"Generate a new self-signed certificate (You will later get a chance to
obtain a Let's encrypt certificate)"
vtype: string
- name: installation de jitsi
apt:
name: jitsi-meet
- name: Conf let's encrypt - désactivation de la demande du mail de supervision
replace:
path: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
regexp: "^read EMAIL"
replace: |
#read EMAIL
EMAIL=supervision@nereide.fr
- name: Exécution du script lets encrypt
shell:
cmd:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh >> jitsi-le.log
creates: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
# Execute le script que si ce fichier n'existe pas
- name: Ajout d'un memo pour suprimer manuellement Jitsi
copy:
dest: /root/purgeJitsi.sh
mode: 0700
content: |
systemctl stop jitsi-videobridge2 prosody jicofo nginx coturn
apt purge jitsi-meet && apt --purge autoremove
rm -rf /etc/jitsi/ /usr/share/jitsi-* /etc/letsencrypt
Reference in New Issue View Git Blame Copy Permalink