4 Commits

5 changed files with 59 additions and 19 deletions
Split View
  1. +4
    -1
      Makefile
  2. +7
    -2
      dns_records.yml
  3. +23
    -7
      roles/containers/tasks/coturn.yml
  4. +4
    -0
      roles/requirements/tasks/ufw.yml
  5. +21
    -9
      talk.yml

+ 4
- 1
Makefile View File

@ -20,4 +20,7 @@ localhost: ## install localhost as workstation
ansible-galaxy collection install markuman.hetzner_dns
touch defaults.yml
sudo ls
ansible-playbook -i inventories/localhost.ini main.yml --tags workstation --extra-vars '{"CONFIG": {"USER": "$$(whoami)"}}'
ansible-playbook -i inventories/localhost.ini main.yml --tags workstation --extra-vars '{"CONFIG": {"USER": "$$(whoami)"}}'
osuv: ## rollout osuv.de
ansible-playbook -i inventories/inventory.ini main.yml --tags osuvde

+ 7
- 2
dns_records.yml View File

@ -106,8 +106,13 @@ RECORDS:
zone_id: jbKFKm7sUEf8DEj4HgHram
- name: "coturn"
type: A
value: 78.47.44.230
ttl: 300
value: 78.47.76.92
ttl: 60
zone_id: jbKFKm7sUEf8DEj4HgHram
- name: coturn
type: AAAA
value: 2a01:4f8:c2c:5a49::1
ttl: 60
zone_id: jbKFKm7sUEf8DEj4HgHram
- name: "mail"
type: A


+ 23
- 7
roles/containers/tasks/coturn.yml View File

@ -10,6 +10,27 @@
notify:
- reload systemd
- name: coturn config
copy:
dest: /mnt/data/coturn/turnserver.conf
content: |
listening-port=3478
external-ip=78.47.76.92
external-ip=2a01:4f8:c2c:5a49::1
fingerprint
use-auth-secret
static-auth-secret={{ CONFIG.COTURN_STATIC_SECRET }}
realm=coturn.osuv.de
total-quota=0
bps-capacity=0
no-tls
no-dtls
stale-nonce
no-loopback-peers
no-multicast-peers
proc-user=turnserver
proc-group=turnserver
- name: add coturn script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -17,13 +38,8 @@
#!/bin/bash
docker run --rm --name {{ THIS_SERVICE }} \
--detach=false \
--network osuv \
-v {{ DOCKER_DATA }}/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/home.osuv.de/home.osuv.de.crt:/cert.pem:ro \
-v {{ DOCKER_DATA }}/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/home.osuv.de/home.osuv.de.key:/privkey.pem:ro \
-p 5349:5349/tcp \
-p 5349:5349/udp \
-e STATIC_SECRET="{{ CONFIG.COTURN_STATIC_SECRET }}" \
-e REALM=home.osuv.de \
--network host \
-v {{ DOCKER_DATA }}/coturn/turnserver.conf:/etc/turnserver.conf:ro \
coturn
mode: +x
register: myservice


+ 4
- 0
roles/requirements/tasks/ufw.yml View File

@ -29,6 +29,10 @@
proto: tcp
- port: "51820"
proto: udp
- port: "3478"
proto: tcp
- port: "3478"
proto: udp
- name: Allow all access from RFC1918 networks to this host
community.general.ufw:


+ 21
- 9
talk.yml View File

@ -79,6 +79,8 @@
- name: janus key
command: openssl rand -base64 16
register: J
until: '"/" not in J.stdout'
retries: 10
- name: set fact
set_fact:
@ -98,14 +100,21 @@
port: ssh
proto: tcp
- name: allow 80 & 443
community.general.ufw:
- name: http, https and coturn tcp
become: yes
ufw:
rule: allow
port: "{{ item }}"
proto: tcp
port: "{{ item.port }}"
proto: "{{ item.proto }}"
with_items:
- "80"
- "443"
- port: "80"
proto: tcp
- port: "443"
proto: tcp
- port: "3478"
proto: tcp
- port: "3478"
proto: udp
- name: hacker way to start ufw without reboot using ansible ftw
shell: yes | ufw enable
@ -120,13 +129,16 @@
deb: "{{ item }}"
update_cache: yes
with_items:
- https://packaging.gitlab.io/janus/focal/pool/main/libs/libsrtp2/libsrtp2-1_2.3.0-4_amd64.deb
- http://de.archive.ubuntu.com/ubuntu/pool/universe/libs/libsrtp2/libsrtp2-1_2.3.0-4_amd64.deb
- https://packaging.gitlab.io/janus/focal/pool/main/p/paho.mqtt.c/libpaho-mqtt1.3_1.3.5-1_amd64.deb
- https://packaging.gitlab.io/janus/focal/pool/main/j/janus/janus_0.10.9-1_amd64.deb
- https://packaging.gitlab.io/nats-server/pool/main/n/nats-server/nats-server_2.1.9-p3_amd64.deb
- https://packaging.gitlab.io/nextcloud-spreed-signaling/pool/main/n/nextcloud-spreed-signaling/nextcloud-spreed-signaling_0.2.0-p2_amd64.deb
- https://github.com/caddyserver/caddy/releases/download/v2.3.0/caddy_2.3.0_linux_amd64.deb
- name: janus
apt:
name: janus
update_cache: yes
- name: copy janus config
copy:
@ -134,7 +146,7 @@
content: |
nat: {
stun_server = "78.47.76.92"
stun_port = 5349
stun_port = 3478
nice_debug = false
full_trickle = true
turn_rest_api_key = "{{ JANUS_TALK_API }}"


Loading…
Cancel
Save