add coturn service

2023-10-31 02:11:43 +01:00
parent 105ee89080
commit 7910336c5d
9 changed files with 265 additions and 2 deletions
--- a/roles/coturn/tasks/main.yml
+++ b/roles/coturn/tasks/main.yml
@@ -0,0 +1,107 @@
+- name: Install CoTurn
+  apt:
+    name: 
+      - coturn
+      - acl
+    state: present
+
+- name: Allow Turnserver connexions
+  ufw:
+    rule: allow
+    port: "{{ turnserver_port }}"
+    proto: any
+
+- name: Copy Configuration file for coturn
+  ansible.builtin.copy:
+    src: turnserver.conf
+    dest: /etc/turnserver.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+
+- name: Add port to listen on turnserver.conf
+  ansible.builtin.replace:
+    path: /etc/turnserver.conf
+    regexp: '__PORT__'
+    replace: '{{ turnserver_port }}' 
+
+- name: Add hostname on turnserver.conf      
+  ansible.builtin.replace:
+    path: /etc/turnserver.conf   
+    regexp: '__HOSTNAME__'
+    replace: '{{ domain }}'
+
+- name: Add IP to listen on turnserver.conf      
+  ansible.builtin.replace:
+    path: /etc/turnserver.conf
+    regexp: '__IP_CONTAINER__'   
+    replace: '{{ ip_listen }}'
+
+- name: Add IP public on turnserver.conf  
+  ansible.builtin.replace:
+    path: /etc/turnserver.conf
+    regexp: '__IP_EXT__' 
+    replace: '{{ ip_public }}'     
+
+- name: Add port to listen on turnserver.conf
+  ansible.builtin.replace:
+    path: /etc/turnserver.conf
+    regexp: '__PASSPHRASE__'
+    replace: '{{ passphrase }}' 
+
+
+
+- name: Add SSL keys to turnserver.conf
+  ansible.builtin.replace:
+    path: /etc/turnserver.conf
+    regexp: '__SSL_CRT__'
+    replace: '/etc/ssl/{{ domain}}.crt'
+  when: installCertbot == False
+
+- name: Add SSL keys to turnserver.conf
+  ansible.builtin.replace:
+    path: /etc/turnserver.conf
+    regexp: '__SSL_KEY__'
+    replace: '/etc/ssl/{{ domain}}.key'
+  when: installCertbot == False
+
+- name: permission to ssl cert 
+  shell: |
+    setfacl -R -m u:turnserver:rx /etc/ssl/"{{ domain }}".key
+    setfacl -R -m u:turnserver:rx /etc/ssl/"{{ domain }}".crt
+  when: installCertbot == False
+
+- name: Add SSL keys to turnserver.conf
+  ansible.builtin.replace:
+    path: /etc/turnserver.conf
+    regexp: '__SSL_CRT__'
+    replace: '/etc/letsencrypt/live/{{ domain }}/fullchain.pem'
+  when: installCertbot == True
+
+- name: Add SSL keys to turnserver.conf
+  ansible.builtin.replace:
+    path: /etc/turnserver.conf
+    regexp: '__SSL_KEY__'
+    replace: '/etc/letsencrypt/live/{{ domain }}/privkey.pem'
+  when: installCertbot == True
+
+- name: Set permission letsencrypt SSL keys 
+  shell: setfacl -R -m u:turnserver:rx /etc/letsencrypt/
+  when: installCertbot == True
+
+- name: Start coturn service
+  shell: "systemctl start coturn"
+
+- name: Enable systemd service
+  shell: "systemctl enable coturn"
+
+- name: Copy Configuration file for coturn
+  ansible.builtin.copy:
+    src: certbot-cron
+    dest: /etc/cron.d/certbot
+    owner: root
+    group: root
+    mode: '0644'
+  when: installCertbot == True
+