jitsi.yml (4549B)
1 --- 2 - hosts: videochat 3 remote_user: root 4 roles: 5 - geerlingguy.certbot 6 - coturn 7 - systemli.jitsi_meet 8 vars: 9 certbot_admin_email: paco@e1e0.net 10 certbot_create_if_missing: true 11 certbot_create_standalone_stop_services: 12 - nginx 13 certbot_certs: 14 - domains: 15 - vchat.e1e0.net 16 - domains: 17 - turn.e1e0.net 18 - stun.e1e0.net 19 coturn_auth_secret: !vault | 20 $ANSIBLE_VAULT;1.1;AES256 21 32633533646661666263373432343231643138623033303237663663636665313661616466313637 22 6638636438383864316166613830363162353733386365630a393434343734656431383636353933 23 33376434353764343339623930396566313634616263303761363363333237656231396562383666 24 3462386366336566350a326461646139643564343439663731656531353238363435373862313564 25 63643738663064373866616436316632626164626463376161616562306262306631336165663431 26 3831613161663033646235373038373033313665396134383230 27 coturn_domain_name: "turn.e10e.net" 28 jitsi_meet_server_name: "vchat.e1e0.net" 29 jitsi_meet_videobridge_secret: !vault | 30 $ANSIBLE_VAULT;1.1;AES256 31 64656633343465616334376338633639663634386261383865643565336539366665643837643163 32 3430633430393065366665643339633264353965363862360a356163666637643139633836343636 33 65333833663534616564613436313038663232636535376638626331376366393539663965343562 34 3738316135663461630a623666326264316538346663343733656662316135613865646631383366 35 33373166363232356461303964653230316630306466663931616532393430333134626461613334 36 6632623035616437336538353038363137353861363932326663 37 jitsi_meet_jicofo_secret: !vault | 38 $ANSIBLE_VAULT;1.1;AES256 39 35333430346630366332376238393961623161396365373738336434333931323534366230366237 40 3834306364343139376633366534633330643362336566650a323931623937333665366230653637 41 36336430613065643632326237386563393561303035306464636463633964313464363366343336 42 3931343266626461350a613638326630326338333864333962353062333362383261326665376437 43 63313231633538663663336564363362613931313638306362373438626464356430343761323438 44 3438376563313930323434643932373961353834666631646630 45 jitsi_meet_jicofo_password: !vault | 46 $ANSIBLE_VAULT;1.1;AES256 47 33646138396231333663376261646533316537383266653433356261383164633662316365616266 48 3965353635383465383138376433663234653530363838640a373937306361363963353930393965 49 37636263393561653435646562653463653931663166613061323566636163666166356432383936 50 6435376138633337330a666434383262373763663436646438306633366334353731333839616534 51 64363865616230373334363932646337336237633032313232396637306137656261343437663162 52 6263643566626331316238336362653162303566396434623337 53 jitsi_meet_ssl_cert_path: "/etc/letsencrypt/live/vchat.e1e0.net/fullchain.pem" 54 jitsi_meet_ssl_key_path: "/etc/letsencrypt/live/vchat.e1e0.net/privkey.pem" 55 jitsi_meet_config_stun_servers: 56 - stun.e1e0.net:3478 57 pre_tasks: 58 - name: root access only ssh key 59 lineinfile: 60 path: /etc/ssh/sshd_config 61 regexp: '^PermitRootLogin' 62 line: PermitRootLogin prohibit-password 63 notify: restart sshd 64 - name: nginx should be there first 65 package: 66 name: nginx 67 state: present 68 post_tasks: 69 - name: install ufw 70 package: 71 name: ufw 72 state: present 73 - name: allow ssh only for me 74 ufw: 75 rule: allow 76 port: '22' 77 proto: tcp 78 src: 2001:470:c980::/48 79 - name: allow nginx stuff 80 ufw: 81 rule: allow 82 name: "{{ item }}" 83 with_items: 84 - "Nginx Full" 85 - name: allow udp ports 86 ufw: 87 rule: allow 88 port: 10000:20000 89 proto: udp 90 - name: allow coturn 91 ufw: 92 rule: allow 93 port: '3478' 94 proto: tcp 95 - name: allow coturnS 96 ufw: 97 rule: allow 98 port: '5349' 99 proto: tcp 100 - name: allow udp coturn 101 ufw: 102 rule: allow 103 port: '3478' 104 proto: udp 105 - name: allow udp coturnS 106 ufw: 107 rule: allow 108 port: '5349' 109 proto: udp 110 - name: enable ufw with default deny 111 ufw: 112 state: enabled 113 policy: deny 114 handlers: 115 - name: restart sshd 116 service: 117 name: sshd 118 state: restarted