GitLab

The freeswitch STUN server. normally enabled as primary STUN, seems to
experience major problems. We now use only one STUN server, the own one.
For the whole config this means, that we _have_ to provide an own STUN
server, if google STUN is not an option, which it is not.

In local connection mode there is no need to copy over hold music.

No unbound literals in <bean/> clauses.

Created in 2 steps:
1) we create a valid config files from a template and store it in
/etc/bigvluebutton/bbb-conf/
2) we copy this config file over to the final location on apply-config.

This option was first offered with the latest release.

We also forbid recording in the webrtc-sfu settings and lower
expiration time of recordings (in case they happen anayway) down to 2
hrs (before: 14 days).

These vars make things more complicated.

Valid values are ALWAYS_ACCEPT, ALWAYS_DENY, ASK_MODERATOR

We do not use flash.

Do not allow flash.

When a local file 'hold_music.wav' is placed in the local directory it
will be used as background music at beginning of conferences, when there
is only one attendant in the room.

Do not stack attendees on stream numbers.

The new hosts.local inventory file acts as a replacement for the regular
ansible inventory. It is meant to be used on BBB nodes that want to
update local BBB config. With `hosts.local` we can put the local host
into groups.

We would like to deploy ansible instead of simple shell scripts for
configuring local installs. This might improve maintability of changed
configurations after updates and the like. Main improvement is the
idempotency of ansible scripts. Thus we can run configuration updates
multiple times without messing up everything.

In order to make the beforementioned file work on localhost and given
the fact, that we do not want to keep a vault password on the server, we
have to do this step.

Ensure, that port 80 requests are always redirected to 443. We do not
want unencrypted traffic in videoconferencing.

Use GAUGE instead of DERIVE. See
http://guide.munin-monitoring.org/en/latest/architecture/syntax.html#datatypes
for details.

Yet it was merely a role.

This playbook should be applcable locally and remotely later on.

These IPs are the only ones to allow access to the munin nodes.

This role settles some basic sshd-related stuff. Contrary to our
upstream we forbid root ssh completely.

TODO: restrict allowed ciphers, etc.
TODO: disable DSA host keys

Set config values specific for digitalcourage and store them so that
they are reapplied after upgrades etc.

Currently we set only the default video resolutions, we offer to
clients.

Includes setting up hostname, fix /etc/hosts entries and the like.

Monitoring still missing, but the basic install works.

We currently support Ubuntu and Debian, where Ubuntu is a no-brainer and
Debian requires a bit of finetuning.

The coturn role installs a standard coturn server with additional LE
cert if requested.

We normally need only one coturn server for many BBB boxes.

Also add a first playbook for checking the general ansible setup.