107 lines
2.6 KiB
YAML
107 lines
2.6 KiB
YAML
- name: Install CoTurn
|
|
apt:
|
|
name:
|
|
- coturn
|
|
- acl
|
|
state: present
|
|
|
|
- name: Allow Turnserver connexions
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ turnserver_port }}"
|
|
proto: any
|
|
|
|
- name: Copy Configuration file for coturn
|
|
ansible.builtin.copy:
|
|
src: turnserver.conf
|
|
dest: /etc/turnserver.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
|
|
- name: Add port to listen on turnserver.conf
|
|
ansible.builtin.replace:
|
|
path: /etc/turnserver.conf
|
|
regexp: '__PORT__'
|
|
replace: '{{ turnserver_port }}'
|
|
|
|
- name: Add hostname on turnserver.conf
|
|
ansible.builtin.replace:
|
|
path: /etc/turnserver.conf
|
|
regexp: '__HOSTNAME__'
|
|
replace: '{{ domain }}'
|
|
|
|
- name: Add IP to listen on turnserver.conf
|
|
ansible.builtin.replace:
|
|
path: /etc/turnserver.conf
|
|
regexp: '__IP_CONTAINER__'
|
|
replace: '{{ ip_listen }}'
|
|
|
|
- name: Add IP public on turnserver.conf
|
|
ansible.builtin.replace:
|
|
path: /etc/turnserver.conf
|
|
regexp: '__IP_EXT__'
|
|
replace: '{{ ip_public }}'
|
|
|
|
- name: Add port to listen on turnserver.conf
|
|
ansible.builtin.replace:
|
|
path: /etc/turnserver.conf
|
|
regexp: '__PASSPHRASE__'
|
|
replace: '{{ passphrase }}'
|
|
|
|
|
|
|
|
- name: Add SSL keys to turnserver.conf
|
|
ansible.builtin.replace:
|
|
path: /etc/turnserver.conf
|
|
regexp: '__SSL_CRT__'
|
|
replace: '/etc/ssl/{{ domain}}.crt'
|
|
when: installCertbot == False
|
|
|
|
- name: Add SSL keys to turnserver.conf
|
|
ansible.builtin.replace:
|
|
path: /etc/turnserver.conf
|
|
regexp: '__SSL_KEY__'
|
|
replace: '/etc/ssl/{{ domain}}.key'
|
|
when: installCertbot == False
|
|
|
|
- name: permission to ssl cert
|
|
shell: |
|
|
setfacl -R -m u:turnserver:rx /etc/ssl/"{{ domain }}".key
|
|
setfacl -R -m u:turnserver:rx /etc/ssl/"{{ domain }}".crt
|
|
when: installCertbot == False
|
|
|
|
- name: Add SSL keys to turnserver.conf
|
|
ansible.builtin.replace:
|
|
path: /etc/turnserver.conf
|
|
regexp: '__SSL_CRT__'
|
|
replace: '/etc/letsencrypt/live/{{ domain }}/fullchain.pem'
|
|
when: installCertbot == True
|
|
|
|
- name: Add SSL keys to turnserver.conf
|
|
ansible.builtin.replace:
|
|
path: /etc/turnserver.conf
|
|
regexp: '__SSL_KEY__'
|
|
replace: '/etc/letsencrypt/live/{{ domain }}/privkey.pem'
|
|
when: installCertbot == True
|
|
|
|
- name: Set permission letsencrypt SSL keys
|
|
shell: setfacl -R -m u:turnserver:rx /etc/letsencrypt/
|
|
when: installCertbot == True
|
|
|
|
- name: Start coturn service
|
|
shell: "systemctl start coturn"
|
|
|
|
- name: Enable systemd service
|
|
shell: "systemctl enable coturn"
|
|
|
|
- name: Copy Configuration file for coturn
|
|
ansible.builtin.copy:
|
|
src: certbot-cron
|
|
dest: /etc/cron.d/certbot
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
when: installCertbot == True
|
|
|