Update..

2020-04-23 16:31:14 +02:00
parent 010e8d2f52
commit bd44e1968d
4 changed files with 228 additions and 3 deletions
--- a/scripts/modify-ipt-gateway.yml
+++ b/scripts/modify-ipt-gateway.yml
@ -122,6 +122,46 @@
      - main_ipv6_exists.stat.exists
      - nc_talk_out_ipv6_present is changed

+  # ---
+  # allow_bigbluebutton_video_conference_out
+  # ---
+
+  - name: Check if String 'allow_bigbluebutton_video_conference_out..' (IPv4) is present
+    shell: grep -q -E "^allow_bigbluebutton_video_conference_out=" /etc/ipt-firewall/main_ipv4.conf
+    register: bigbluebutton_video_conference_out_ipv4_present
+    when: main_ipv4_exists.stat.exists
+    failed_when: "bigbluebutton_video_conference_out_ipv4_present.rc > 1"
+    changed_when: "bigbluebutton_video_conference_out_ipv4_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton)
+    lineinfile:
+      dest: /etc/ipt-firewall/main_ipv4.conf
+      state: present
+      regexp: '^allow_bigbluebutton_video_conference_out'
+      line: 'allow_bigbluebutton_video_conference_out=true'
+      insertafter: '^#?\s*allow_mumble_request_out'
+    when: 
+      - main_ipv4_exists.stat.exists
+      - bigbluebutton_video_conference_out_ipv4_present is changed
+
+  - name: Check if String 'allow_bigbluebutton_video_conference_out..' (IPv6) is present
+    shell: grep -q -E "^allow_bigbluebutton_video_conference_out=" /etc/ipt-firewall/main_ipv6.conf
+    register: bigbluebutton_video_conference_out_ipv6_present
+    when: main_ipv6_exists.stat.exists
+    failed_when: "bigbluebutton_video_conference_out_ipv6_present.rc > 1"
+    changed_when: "bigbluebutton_video_conference_out_ipv6_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton)
+    lineinfile:
+      dest: /etc/ipt-firewall/main_ipv6.conf
+      state: present
+      regexp: '^allow_bigbluebutton_video_conference_out'
+      line: 'allow_bigbluebutton_video_conference_out=true'
+      insertafter: '^#?\s*allow_mumble_request_out'
+    when: 
+      - main_ipv6_exists.stat.exists
+      - bigbluebutton_video_conference_out_ipv6_present is changed
+
  # ---
  # jitsi video conference service
  # ---
@ -273,6 +313,84 @@
      - main_ipv6_exists.stat.exists
      - nc_turn_service_ipv6_present is changed

+  # ---
+  # BigBlueButton video conference service
+  # ---
+
+  - name: Check if String 'bigbluebutton_tcp_ports=..' (IPv4) is present
+    shell: grep -q -E "^bigbluebutton_tcp_ports=" /etc/ipt-firewall/main_ipv4.conf
+    register: bigbluebutton_service_ipv4_present
+    when: main_ipv4_exists.stat.exists
+    failed_when: "bigbluebutton_service_ipv4_present.rc > 1"
+    changed_when: "bigbluebutton_service_ipv4_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton service)
+    blockinfile:
+      path: /etc/ipt-firewall/main_ipv4.conf
+      insertafter: '^#?\s*mumble_ports'
+      block: |
+        
+        # ======
+        # - BigBlueButton Video Conference Service
+        # ======
+
+        # - BigBlueButton Video Conference Service Gateway
+        # -
+        # - NOT YET IMPLEMENTED
+        # -
+        local_bigbluebutton_video_conference_service=false
+
+        # - BigBlueButton Video Conference Service Ports
+        # -
+        # - TCP 80:    Webinterface.
+        # - TCP 443:   Webinterface (SSL)
+        # -
+        # - UDP 16384-32768:   FreeSWITCH/HTML5 RTP streams
+        # -
+        bigbluebutton_tcp_ports="$standard_bigbluebutton_tcp_ports"
+        bigbluebutton_udp_ports="$standard_bigbluebutton_udp_port_range"
+      marker: "# Marker set by modify-ipt-gateway.yml (bigbluebutton service)"
+    when: 
+      - main_ipv4_exists.stat.exists
+      - bigbluebutton_service_ipv4_present is changed
+
+  - name: Check if String 'bigbluebutton_tcp_ports=..' (IPv6) is present
+    shell: grep -q -E "^bigbluebutton_tcp_ports=" /etc/ipt-firewall/main_ipv6.conf
+    register: bigbluebutton_service_ipv6_present
+    when: main_ipv6_exists.stat.exists
+    failed_when: "bigbluebutton_service_ipv6_present.rc > 1"
+    changed_when: "bigbluebutton_service_ipv6_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton service)
+    blockinfile:
+      path: /etc/ipt-firewall/main_ipv6.conf
+      insertafter: '^#?\s*mumble_ports'
+      block: |
+        
+        # ======
+        # - BigBlueButton Video Conference Service
+        # ======
+
+        # - BigBlueButton Video Conference Service Gateway
+        # -
+        # - NOT YET IMPLEMENTED
+        # -
+        local_bigbluebutton_video_conference_service=false
+
+        # - BigBlueButton Video Conference Service Ports
+        # -
+        # - TCP 80:    Webinterface.
+        # - TCP 443:   Webinterface (SSL)
+        # -
+        # - UDP 16384-32768:   FreeSWITCH/HTML5 RTP streams
+        # -
+        bigbluebutton_tcp_ports="$standard_bigbluebutton_tcp_ports"
+        bigbluebutton_udp_ports="$standard_bigbluebutton_udp_port_range"
+      marker: "# Marker set by modify-ipt-gateway.yml (bigbluebutton service)"
+    when: 
+      - main_ipv6_exists.stat.exists
+      - bigbluebutton_service_ipv6_present is changed
+

  # ---
  # Remove Marker set by blockinfile
--- a/scripts/modify-ipt-server.yml
+++ b/scripts/modify-ipt-server.yml
@ -513,8 +513,8 @@
    shell: grep -q -E "^jitsi_server_ips=" /etc/ipt-firewall/main_ipv6.conf
    register: jitsi_service_ipv6_present
    when: main_ipv4_exists.stat.exists
-    failed_when: "jitsi_service_ipv4_present.rc > 1"
-    changed_when: "jitsi_service_ipv4_present.rc > 0"
+    failed_when: "jitsi_service_ipv6_present.rc > 1"
+    changed_when: "jitsi_service_ipv6_present.rc > 0"

  - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (jitsi service)
    blockinfile:
@ -538,6 +538,50 @@
      - main_ipv6_exists.stat.exists
      - jitsi_service_ipv6_present is changed

+  - name: Check if String 'jitsi_tcp_ports_out=..' (IPv4) is present
+    shell: grep -q -E "^jitsi_tcp_ports_out=" /etc/ipt-firewall/main_ipv4.conf
+    register: jitsi_tcp_ports_out_ipv4_present
+    when: main_ipv4_exists.stat.exists
+    failed_when: "jitsi_tcp_ports_out_ipv4_present.rc > 1"
+    changed_when: "jitsi_tcp_ports_out_ipv4_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (jitsi outgoing ports)
+    blockinfile:
+      path: /etc/ipt-firewall/main_ipv4.conf
+      insertafter: '^#?\s*jitsi_udp_port_range'
+      block: |
+        
+        # - Jitsi (outgoing) Ports (STUN Services)
+        # -
+        jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446"
+        jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446"
+      marker: "# Marker set by modify-ipt-server.yml (jitsi outgoing ports)"
+    when: 
+      - main_ipv4_exists.stat.exists
+      - jitsi_tcp_ports_out_ipv4_present is changed
+
+  - name: Check if String 'jitsi_tcp_ports_out=..' (IPv6) is present
+    shell: grep -q -E "^jitsi_tcp_ports_out=" /etc/ipt-firewall/main_ipv6.conf
+    register: jitsi_tcp_ports_out_ipv6_present
+    when: main_ipv4_exists.stat.exists
+    failed_when: "jitsi_tcp_ports_out_ipv6_present.rc > 1"
+    changed_when: "jitsi_tcp_ports_out_ipv6_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (jitsi service)
+    blockinfile:
+      path: /etc/ipt-firewall/main_ipv6.conf
+      insertafter: '^#?\s*jitsi_udp_port_range'
+      block: |
+        
+        # - Jitsi (outgoing) Ports (STUN Services)
+        # -
+        jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446"
+        jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446"
+      marker: "# Marker set by modify-ipt-server.yml (jitsi service)"
+    when: 
+      - main_ipv6_exists.stat.exists
+      - jitsi_tcp_ports_out_ipv6_present is changed
+

  # ---
  # TURN Server (Stun Server) (for Nextcloud 'talk' app)