jitsi uses local stun server (coturn) - ansible-playbooks - another attempt to have everything organized ...

commit 285d1b47f66240f0314fb6333a6db6903b0be46f
parent f3457e5ddab9fbfaf1f73356db26886ab497725c
Author: Paco Esteban <paco@e1e0.net>
Date:   Fri,  3 Apr 2020 14:31:14 +0200

jitsi uses local stun server (coturn)

Diffstat:
M jitsi.yml  | 35 +++++++++++++++++++++++++++++++++++

1 file changed, 35 insertions(+), 0 deletions(-)
diff --git a/jitsi.yml b/jitsi.yml
@@ -3,6 +3,7 @@
   remote_user: root
   roles:
      - geerlingguy.certbot
+     - coturn
      - systemli.jitsi_meet
   vars:
     certbot_admin_email: paco@e1e0.net
@@ -12,6 +13,18 @@
     certbot_certs:
       - domains:
           - vchat.e1e0.net
+      - domains:
+          - turn.e1e0.net
+          - stun.e1e0.net
+    coturn_auth_secret: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              32633533646661666263373432343231643138623033303237663663636665313661616466313637
+              6638636438383864316166613830363162353733386365630a393434343734656431383636353933
+              33376434353764343339623930396566313634616263303761363363333237656231396562383666
+              3462386366336566350a326461646139643564343439663731656531353238363435373862313564
+              63643738663064373866616436316632626164626463376161616562306262306631336165663431
+              3831613161663033646235373038373033313665396134383230
+    coturn_domain_name: "turn.e10e.net"
     jitsi_meet_server_name: "vchat.e1e0.net"
     jitsi_meet_videobridge_secret: !vault |
               $ANSIBLE_VAULT;1.1;AES256
@@ -39,6 +52,8 @@
               6263643566626331316238336362653162303566396434623337
     jitsi_meet_ssl_cert_path: "/etc/letsencrypt/live/vchat.e1e0.net/fullchain.pem"
     jitsi_meet_ssl_key_path: "/etc/letsencrypt/live/vchat.e1e0.net/privkey.pem"
+    jitsi_meet_config_stun_servers:
+      - stun.e1e0.net:3478
   pre_tasks:
     - name: root access only ssh key
       lineinfile:
@@ -70,6 +85,26 @@
         rule: allow
         port: 10000:20000
         proto: udp
+    - name: allow coturn
+      ufw:
+        rule: allow
+        port: '3478'
+        proto: tcp
+    - name: allow coturnS
+      ufw:
+        rule: allow
+        port: '5349'
+        proto: tcp
+    - name: allow udp coturn
+      ufw:
+        rule: allow
+        port: '3478'
+        proto: udp
+    - name: allow udp coturnS
+      ufw:
+        rule: allow
+        port: '5349'
+        proto: udp
     - name: enable ufw with default deny
       ufw:
         state: enabled

	ansible-playbooks another attempt to have everything organized ...
	git clone https://git.e1e0.net/ansible-playbooks.git
	Log \| Files \| Refs \| README \| LICENSE