Browse Source

update talk setup and ufw rules

main
Markus Bergholz 2 months ago
parent
commit
5b081d95e5
Signed by: m GPG Key ID: B45724801354B174
2 changed files with 25 additions and 9 deletions
  1. +4
    -0
      roles/requirements/tasks/ufw.yml
  2. +21
    -9
      talk.yml

+ 4
- 0
roles/requirements/tasks/ufw.yml View File

@ -29,6 +29,10 @@
proto: tcp
- port: "51820"
proto: udp
- port: "3478"
proto: tcp
- port: "3478"
proto: udp
- name: Allow all access from RFC1918 networks to this host
community.general.ufw:


+ 21
- 9
talk.yml View File

@ -79,6 +79,8 @@
- name: janus key
command: openssl rand -base64 16
register: J
until: '"/" not in J.stdout'
retries: 10
- name: set fact
set_fact:
@ -98,14 +100,21 @@
port: ssh
proto: tcp
- name: allow 80 & 443
community.general.ufw:
- name: http, https and coturn tcp
become: yes
ufw:
rule: allow
port: "{{ item }}"
proto: tcp
port: "{{ item.port }}"
proto: "{{ item.proto }}"
with_items:
- "80"
- "443"
- port: "80"
proto: tcp
- port: "443"
proto: tcp
- port: "3478"
proto: tcp
- port: "3478"
proto: udp
- name: hacker way to start ufw without reboot using ansible ftw
shell: yes | ufw enable
@ -120,13 +129,16 @@
deb: "{{ item }}"
update_cache: yes
with_items:
- https://packaging.gitlab.io/janus/focal/pool/main/libs/libsrtp2/libsrtp2-1_2.3.0-4_amd64.deb
- http://de.archive.ubuntu.com/ubuntu/pool/universe/libs/libsrtp2/libsrtp2-1_2.3.0-4_amd64.deb
- https://packaging.gitlab.io/janus/focal/pool/main/p/paho.mqtt.c/libpaho-mqtt1.3_1.3.5-1_amd64.deb
- https://packaging.gitlab.io/janus/focal/pool/main/j/janus/janus_0.10.9-1_amd64.deb
- https://packaging.gitlab.io/nats-server/pool/main/n/nats-server/nats-server_2.1.9-p3_amd64.deb
- https://packaging.gitlab.io/nextcloud-spreed-signaling/pool/main/n/nextcloud-spreed-signaling/nextcloud-spreed-signaling_0.2.0-p2_amd64.deb
- https://github.com/caddyserver/caddy/releases/download/v2.3.0/caddy_2.3.0_linux_amd64.deb
- name: janus
apt:
name: janus
update_cache: yes
- name: copy janus config
copy:
@ -134,7 +146,7 @@
content: |
nat: {
stun_server = "78.47.76.92"
stun_port = 5349
stun_port = 3478
nice_debug = false
full_trickle = true
turn_rest_api_key = "{{ JANUS_TALK_API }}"


Loading…
Cancel
Save