setup.yml
View Options

	#!/usr/bin/ansible-playbook
	- name: Setup kolab deployment on fedora server
	hosts: "{{ hostname }}"
	remote_user: root
	tasks:
	- import_tasks: packages.yml

	- name: Setup user kolab
	ansible.builtin.user:
	name: kolab
	shell: /bin/bash
	groups: wheel, audio
	append: yes

	- name: sudo without password
	ansible.builtin.lineinfile:
	path: /etc/sudoers
	state: present
	regexp: '^%wheel\s'
	line: '%wheel ALL=(ALL) NOPASSWD: ALL'

	- name: get kolab git repo
	become: true
	become_user: kolab
	git:
	repo: https://git.kolab.org/source/kolab.git
	dest: /home/kolab/kolab
	version: dev/mollekopf
	force: true

	- name: Permit https traffic
	firewalld:
	port: 12443/tcp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Permit TCP trafic for coturn
	firewalld:
	port: 3478/tcp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Permit TCP trafic for coturn
	firewalld:
	port: 5349/tcp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Permit UDP trafic for coturn
	firewalld:
	port: 3478/udp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: Permit UDP trafic for coturn
	firewalld:
	port: 5349/udp
	permanent: yes
	state: enabled
	zone: FedoraServer

	- name: "coturn config"
	vars:
	public_ip: "{{ public_ip }}"
	turn_static_secret: "{{ turn_static_secret }}"
	ansible.builtin.template:
	src: turnserver.conf
	dest: /etc/coturn/turnserver.conf
	owner: root
	group: coturn
	mode: '0766'

	- name: Start coturn service
	ansible.builtin.service:
	name: coturn
	state: restarted

	- name: "meet config"
	vars:
	public_ip: "{{ public_ip }}"
	public_domain: "{{ public_domain }}"
	turn_static_secret: "{{ turn_static_secret }}"
	auth_token: "{{ auth_token }}"
	ansible.builtin.template:
	src: meetconfig.js
	dest: /home/kolab/kolab/meet/server/config/config.js
	owner: kolab
	group: kolab
	mode: '0766'

	- name: "meet service file"
	ansible.builtin.template:
	src: kolabmeet.service
	dest: /usr/lib/systemd/system/kolabmeet.service

	- name: Start meet
	ansible.builtin.service:
	name: meet
	daemon_reload: yes
	state: restarted

	# Certbot
	- name: stop firewall
	ansible.builtin.service:
	name: firewalld
	state: stopped

	- name: Create letsencrypt certificate
	shell: certonly --standalone -d {{ public_domain }} --staple-ocsp -m test@{{ public_domain }} --agree-tos
	args:
	creates: /etc/letsencrypt/live/{{ public_domain }}

	- name: chmod letsencrypt certificate
	shell: chmod 755 /etc/letsencrypt/live
	shell: chmod 755 /etc/letsencrypt/archive

	- name: start firewall
	ansible.builtin.service:
	name: firewalld
	state: started

	# # TODO build and start meet
	# # TODO coturn on port 443?

File Metadata

Mime Type: text/plain
Expires: Mon, Aug 25, 7:04 PM (1 d, 18 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 223254
Default Alt Text: setup.yml (3 KB)

setup.yml
No OneTemporary
Actions

setup.yml
View Options

File Metadata

Event Timeline

setup.ymlNo OneTemporaryActions

setup.ymlView Options

File Metadata

Event Timeline

setup.yml
No OneTemporary
Actions

setup.yml
View Options