ansible-playbooks

another attempt to have everything organized ...
git clone https://git.e1e0.net/ansible-playbooks.git
Log | Files | Refs | README | LICENSE
commit ace9480ee67da48e9f44eb59fadb5a3ba3145d66
parent dae72c362e1271479fd39f945ad0b7e855eb7288
Author: Paco Esteban <paco@e1e0.net>
Date:   Thu,  2 Apr 2020 20:32:20 +0200

add jitsi playbook

Diffstat:

A.gitignore | 2++


Mhosts | 3+++


Ajitsi.yml | 76++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


3 files changed, 81 insertions(+), 0 deletions(-)

diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+terraform.tfstate.backup
+.terraform
diff --git a/hosts b/hosts
@@ -15,3 +15,6 @@ elrond.h.e1e0.net
 
 [localUtils]
 pi2.h.e1e0.net
+
+[videochat]
+vchat.e1e0.net
diff --git a/jitsi.yml b/jitsi.yml
@@ -0,0 +1,76 @@
+---
+- hosts: videochat
+  remote_user: root
+  roles:
+     - geerlingguy.certbot
+     - systemli.jitsi_meet
+  vars:
+    certbot_admin_email: paco@e1e0.net
+    certbot_create_if_missing: true
+    certbot_create_standalone_stop_services:
+      - nginx
+    certbot_certs:
+      - domains:
+          - vchat.e1e0.net
+    jitsi_meet_server_name: "vchat.e1e0.net"
+    jitsi_meet_videobridge_secret: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              64656633343465616334376338633639663634386261383865643565336539366665643837643163
+              3430633430393065366665643339633264353965363862360a356163666637643139633836343636
+              65333833663534616564613436313038663232636535376638626331376366393539663965343562
+              3738316135663461630a623666326264316538346663343733656662316135613865646631383366
+              33373166363232356461303964653230316630306466663931616532393430333134626461613334
+              6632623035616437336538353038363137353861363932326663
+    jitsi_meet_jicofo_secret: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              35333430346630366332376238393961623161396365373738336434333931323534366230366237
+              3834306364343139376633366534633330643362336566650a323931623937333665366230653637
+              36336430613065643632326237386563393561303035306464636463633964313464363366343336
+              3931343266626461350a613638326630326338333864333962353062333362383261326665376437
+              63313231633538663663336564363362613931313638306362373438626464356430343761323438
+              3438376563313930323434643932373961353834666631646630
+    jitsi_meet_jicofo_password: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              33646138396231333663376261646533316537383266653433356261383164633662316365616266
+              3965353635383465383138376433663234653530363838640a373937306361363963353930393965
+              37636263393561653435646562653463653931663166613061323566636163666166356432383936
+              6435376138633337330a666434383262373763663436646438306633366334353731333839616534
+              64363865616230373334363932646337336237633032313232396637306137656261343437663162
+              6263643566626331316238336362653162303566396434623337
+    jitsi_meet_ssl_cert_path: "/etc/letsencrypt/live/vchat.e1e0.net/fullchain.pem"
+    jitsi_meet_ssl_key_path: "/etc/letsencrypt/live/vchat.e1e0.net/privkey.pem"
+  pre_tasks:
+    - name: root access only ssh key
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^PermitRootLogin'
+        line: PermitRootLogin prohibit-password
+    - name: restart sshd
+      service:
+        name: sshd
+        state: restarted
+    - name: nginx should be there first
+      package:
+        name: nginx
+        state: present
+  post_tasks:
+    - name: install ufw
+      package:
+        name: ufw
+        state: present
+    - name: allow ssh
+      ufw:
+        rule: allow
+        name: "{{ item }}"
+      with_items:
+        - OpenSSH
+        - "Nginx Full"
+    - name: allow udp ports
+      ufw:
+        rule: allow
+        port: 10000:20000
+        proto: udp
+    - name: enable ufw with default deny
+      ufw:
+        state: enabled
+        policy: deny