From bd44e1968de2b7d59e27a335404de0b80a5a718f Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 23 Apr 2020 16:31:14 +0200 Subject: [PATCH] Update.. --- group_vars/all/main.yml | 10 +++ hosts | 55 ++++++++++++++- scripts/modify-ipt-gateway.yml | 118 +++++++++++++++++++++++++++++++++ scripts/modify-ipt-server.yml | 48 +++++++++++++- 4 files changed, 228 insertions(+), 3 deletions(-) diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index ecb7350..a497ffe 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -19,6 +19,7 @@ apt_ansible_dependencies: - ca-certificates - openssl - mc + - software-properties-common # --- @@ -915,6 +916,11 @@ git_lxc_guest_repositories: repo: https://git.codecoop.org/so36intern/dehydrated-cron.git dest: /usr/local/src/dehydrated-cron + # Monitoring + - name: monitoring + repo: https://git.oopen.de/script/monitoring + dest: /root/bin/monitoring + # --- # group [gateway_server] # --- @@ -954,6 +960,10 @@ git_nginx_repositories: repo: https://git.oopen.de/install/nginx dest: /usr/local/src/nginx + - name: php + repo: https://git.oopen.de/install/php + dest: /usr/local/src/php + # --- # group [mysql_server] diff --git a/hosts b/hosts index 4b902f5..6bb71d3 100644 --- a/hosts +++ b/hosts @@ -104,6 +104,7 @@ www3.oopen.de o17.oopen.de test.mx.oopen.de +meet2.oopen.de o20.oopen.de @@ -123,6 +124,7 @@ cl-01.oopen.de cp-01.oopen.de bbb.oopen.de meet.oopen.de +moodle.oopen.de o24.oopen.de cl-irights.oopen.de @@ -133,7 +135,11 @@ cl-fm.oopen.de mail.faire-mobilitaet.de meet.faire-mobilitaet.de +# Hetzner Cloud CX31 - AK +o26.oopen.de +# netcup - Jitsi Meet Martin Beck +o27.oopen.de [initial_setup] @@ -262,6 +268,7 @@ www3.oopen.de o17.oopen.de test.mx.oopen.de test.mariadb.oopen.de +meet2.oopen.de # o19.oopen.de o19.oopen.de @@ -290,6 +297,7 @@ cl-01.oopen.de cp-01.oopen.de bbb.oopen.de meet.oopen.de +moodle.oopen.de # - o24.oopen.de o24.oopen.de @@ -301,6 +309,12 @@ cl-fm.oopen.de mail.faire-mobilitaet.de meet.faire-mobilitaet.de +# Hetzner Cloud CX31 - AK +o26.oopen.de + +# netcup - Jitsi Meet Martin Beck +o27.oopen.de + # - Vserver von Sinma a.ns.oopen.de @@ -387,6 +401,7 @@ oolm-web.oopen.de # o23.oopen.de cl-01.oopen.de +moodle.oopen.de # o24.oopen.de cl-irights.oopen.de @@ -394,7 +409,6 @@ cl-irights.oopen.de # o25.oopen.de cl-fm.oopen.de mail.faire-mobilitaet.de -meet.faire-mobilitaet.de # --- # O.OPEN office network @@ -495,11 +509,23 @@ stolpersteine.oopen.de o13-board.oopen.de o13-pad.oopen.de +# o17.oopen.de +meet2.oopen.de + # o23.oopen.de cp-01.oopen.de meet.oopen.de bbb.oopen.de +# o25.oopen.de +meet.faire-mobilitaet.de + +# Hetzner Cloud CX31 - AK +o26.oopen.de + +# netcup - Jitsi Meet Martin Beck +o27.oopen.de + [ftp_server] @@ -529,6 +555,9 @@ o20.oopen.de # o22.oopen.de oolm-web.oopen.de +# Hetzner Cloud CX31 - AK +o26.oopen.de + # --- # Warenform server @@ -684,6 +713,7 @@ oolm-web.oopen.de # o23.oopen.de cl-01.oopen.de +moodle.oopen.de # o24.oopen.de cl-irights.oopen.de @@ -691,6 +721,13 @@ cl-irights.oopen.de # o25.oopen.de cl-fm.oopen.de +# Hetzner Cloud CX31 - AK +o26.oopen.de + + +# Hetzner Cloud CX31 - AK +o26.oopen.de + # --- # Warenform # --- @@ -954,6 +991,7 @@ www3.oopen.de # - o17.oopen.de test.mx.oopen.de test.mariadb.oopen.de +meet2.oopen.de # - o19.oopen.de backup.oopen.de @@ -977,6 +1015,7 @@ cl-01.oopen.de cp-01.oopen.de bbb.oopen.de meet.oopen.de +moodle.oopen.de # - o24.oopen.de cl-irights.oopen.de @@ -986,6 +1025,12 @@ cl-fm.oopen.de mail.faire-mobilitaet.de meet.faire-mobilitaet.de +# Hetzner Cloud CX31 - AK +o26.oopen.de + +# netcup - Jitsi Meet Martin Beck +o27.oopen.de + # - Vserver von Sinma a.ns.oopen.de @@ -1099,6 +1144,7 @@ www3.oopen.de o17.oopen.de test.mx.oopen.de test.mariadb.oopen.de +meet2.oopen.de # - o19.oopen.de o19.oopen.de @@ -1129,6 +1175,7 @@ cl-01.oopen.de cp-01.oopen.de bbb.oopen.de meet.oopen.de +moodle.oopen.de # - o24.oopen.de o24.oopen.de @@ -1140,6 +1187,12 @@ cl-fm.oopen.de mail.faire-mobilitaet.de meet.faire-mobilitaet.de +# Hetzner Cloud CX31 - AK +o26.oopen.de + +# netcup - Jitsi Meet Martin Beck +o27.oopen.de + # - Vserver von Sinma a.ns.oopen.de diff --git a/scripts/modify-ipt-gateway.yml b/scripts/modify-ipt-gateway.yml index 6197bb4..72eefb1 100644 --- a/scripts/modify-ipt-gateway.yml +++ b/scripts/modify-ipt-gateway.yml @@ -122,6 +122,46 @@ - main_ipv6_exists.stat.exists - nc_talk_out_ipv6_present is changed + # --- + # allow_bigbluebutton_video_conference_out + # --- + + - name: Check if String 'allow_bigbluebutton_video_conference_out..' (IPv4) is present + shell: grep -q -E "^allow_bigbluebutton_video_conference_out=" /etc/ipt-firewall/main_ipv4.conf + register: bigbluebutton_video_conference_out_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "bigbluebutton_video_conference_out_ipv4_present.rc > 1" + changed_when: "bigbluebutton_video_conference_out_ipv4_present.rc > 0" + + - name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton) + lineinfile: + dest: /etc/ipt-firewall/main_ipv4.conf + state: present + regexp: '^allow_bigbluebutton_video_conference_out' + line: 'allow_bigbluebutton_video_conference_out=true' + insertafter: '^#?\s*allow_mumble_request_out' + when: + - main_ipv4_exists.stat.exists + - bigbluebutton_video_conference_out_ipv4_present is changed + + - name: Check if String 'allow_bigbluebutton_video_conference_out..' (IPv6) is present + shell: grep -q -E "^allow_bigbluebutton_video_conference_out=" /etc/ipt-firewall/main_ipv6.conf + register: bigbluebutton_video_conference_out_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "bigbluebutton_video_conference_out_ipv6_present.rc > 1" + changed_when: "bigbluebutton_video_conference_out_ipv6_present.rc > 0" + + - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton) + lineinfile: + dest: /etc/ipt-firewall/main_ipv6.conf + state: present + regexp: '^allow_bigbluebutton_video_conference_out' + line: 'allow_bigbluebutton_video_conference_out=true' + insertafter: '^#?\s*allow_mumble_request_out' + when: + - main_ipv6_exists.stat.exists + - bigbluebutton_video_conference_out_ipv6_present is changed + # --- # jitsi video conference service # --- @@ -273,6 +313,84 @@ - main_ipv6_exists.stat.exists - nc_turn_service_ipv6_present is changed + # --- + # BigBlueButton video conference service + # --- + + - name: Check if String 'bigbluebutton_tcp_ports=..' (IPv4) is present + shell: grep -q -E "^bigbluebutton_tcp_ports=" /etc/ipt-firewall/main_ipv4.conf + register: bigbluebutton_service_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "bigbluebutton_service_ipv4_present.rc > 1" + changed_when: "bigbluebutton_service_ipv4_present.rc > 0" + + - name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton service) + blockinfile: + path: /etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*mumble_ports' + block: | + + # ====== + # - BigBlueButton Video Conference Service + # ====== + + # - BigBlueButton Video Conference Service Gateway + # - + # - NOT YET IMPLEMENTED + # - + local_bigbluebutton_video_conference_service=false + + # - BigBlueButton Video Conference Service Ports + # - + # - TCP 80: Webinterface. + # - TCP 443: Webinterface (SSL) + # - + # - UDP 16384-32768: FreeSWITCH/HTML5 RTP streams + # - + bigbluebutton_tcp_ports="$standard_bigbluebutton_tcp_ports" + bigbluebutton_udp_ports="$standard_bigbluebutton_udp_port_range" + marker: "# Marker set by modify-ipt-gateway.yml (bigbluebutton service)" + when: + - main_ipv4_exists.stat.exists + - bigbluebutton_service_ipv4_present is changed + + - name: Check if String 'bigbluebutton_tcp_ports=..' (IPv6) is present + shell: grep -q -E "^bigbluebutton_tcp_ports=" /etc/ipt-firewall/main_ipv6.conf + register: bigbluebutton_service_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "bigbluebutton_service_ipv6_present.rc > 1" + changed_when: "bigbluebutton_service_ipv6_present.rc > 0" + + - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton service) + blockinfile: + path: /etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*mumble_ports' + block: | + + # ====== + # - BigBlueButton Video Conference Service + # ====== + + # - BigBlueButton Video Conference Service Gateway + # - + # - NOT YET IMPLEMENTED + # - + local_bigbluebutton_video_conference_service=false + + # - BigBlueButton Video Conference Service Ports + # - + # - TCP 80: Webinterface. + # - TCP 443: Webinterface (SSL) + # - + # - UDP 16384-32768: FreeSWITCH/HTML5 RTP streams + # - + bigbluebutton_tcp_ports="$standard_bigbluebutton_tcp_ports" + bigbluebutton_udp_ports="$standard_bigbluebutton_udp_port_range" + marker: "# Marker set by modify-ipt-gateway.yml (bigbluebutton service)" + when: + - main_ipv6_exists.stat.exists + - bigbluebutton_service_ipv6_present is changed + # --- # Remove Marker set by blockinfile diff --git a/scripts/modify-ipt-server.yml b/scripts/modify-ipt-server.yml index 24b3538..f226899 100644 --- a/scripts/modify-ipt-server.yml +++ b/scripts/modify-ipt-server.yml @@ -513,8 +513,8 @@ shell: grep -q -E "^jitsi_server_ips=" /etc/ipt-firewall/main_ipv6.conf register: jitsi_service_ipv6_present when: main_ipv4_exists.stat.exists - failed_when: "jitsi_service_ipv4_present.rc > 1" - changed_when: "jitsi_service_ipv4_present.rc > 0" + failed_when: "jitsi_service_ipv6_present.rc > 1" + changed_when: "jitsi_service_ipv6_present.rc > 0" - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (jitsi service) blockinfile: @@ -538,6 +538,50 @@ - main_ipv6_exists.stat.exists - jitsi_service_ipv6_present is changed + - name: Check if String 'jitsi_tcp_ports_out=..' (IPv4) is present + shell: grep -q -E "^jitsi_tcp_ports_out=" /etc/ipt-firewall/main_ipv4.conf + register: jitsi_tcp_ports_out_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "jitsi_tcp_ports_out_ipv4_present.rc > 1" + changed_when: "jitsi_tcp_ports_out_ipv4_present.rc > 0" + + - name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (jitsi outgoing ports) + blockinfile: + path: /etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*jitsi_udp_port_range' + block: | + + # - Jitsi (outgoing) Ports (STUN Services) + # - + jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446" + jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446" + marker: "# Marker set by modify-ipt-server.yml (jitsi outgoing ports)" + when: + - main_ipv4_exists.stat.exists + - jitsi_tcp_ports_out_ipv4_present is changed + + - name: Check if String 'jitsi_tcp_ports_out=..' (IPv6) is present + shell: grep -q -E "^jitsi_tcp_ports_out=" /etc/ipt-firewall/main_ipv6.conf + register: jitsi_tcp_ports_out_ipv6_present + when: main_ipv4_exists.stat.exists + failed_when: "jitsi_tcp_ports_out_ipv6_present.rc > 1" + changed_when: "jitsi_tcp_ports_out_ipv6_present.rc > 0" + + - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (jitsi service) + blockinfile: + path: /etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*jitsi_udp_port_range' + block: | + + # - Jitsi (outgoing) Ports (STUN Services) + # - + jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446" + jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446" + marker: "# Marker set by modify-ipt-server.yml (jitsi service)" + when: + - main_ipv6_exists.stat.exists + - jitsi_tcp_ports_out_ipv6_present is changed + # --- # TURN Server (Stun Server) (for Nextcloud 'talk' app)