Diese GitLab-Instanz ist grundrechtewahrend konfiguriert. Aber 1 Einstellung kannst du nur selbst ändern: Settings → Profile → Private profile (Info)

...
 
Commits (2)
  • ulif's avatar
    Ignore log file. · 9a9d30e0
    ulif authored
    9a9d30e0
  • ulif's avatar
    Add roles for updating boxes and COTURN install. · 25861cd0
    ulif authored
    We currently support Ubuntu and Debian, where Ubuntu is a no-brainer and
    Debian requires a bit of finetuning.
    
    The coturn role installs a standard coturn server with additional LE
    cert if requested.
    
    We normally need only one coturn server for many BBB boxes.
    25861cd0
authorized_keys
vault.pwd
*~
bbb-dc-ansible.log
- name: restart coturn
systemd: name=coturn state=restarted enabled=yes
listen: "restart coturn"
- name: install packages
apt:
name:
- ufw
- certbot
- coturn
- acl
state: latest
- name: fetch LE certificate
command:
cmd: >
certbot certonly
--standalone
--noninteractive
--agree-tos
--preferred-challenges http
--email {{ letsencryptemail }}
--deploy-hook 'systemctl restart coturn'
-d {{ inventory_hostname }}
creates: /etc/letsencrypt/live/
when: letsencryptemail is defined and letsencryptemail | length > 0
- name: allow turnserver access to LE directories
acl:
path: "{{ item }}"
entity: turnserver
etype: user
permissions: x
state: present
with_items:
- /etc/letsencrypt/live/
- /etc/letsencrypt/archive/
- name: allow turnserver access to LE privat key
acl:
path: /etc/letsencrypt/archive/{{ inventory_hostname }}/privkey1.pem
entity: turnserver
etype: user
permissions: r
state: present
- name: adapt coturn ports in ufw
replace:
path: /etc/ufw/applications.d/turnserver
regexp: '^ports=.*$'
replace: 'ports=443,444,3478,3479,5349,5350,49152:65535/tcp|443,444,3478,3479,5349,5350,49152:65535/udp'
- name: allow ssh in ufw
ufw:
rule: limit
name: OpenSSH
state: enabled
- name: allow turnserver in ufw
ufw:
rule: allow
name: turnserver
state: enabled
- name: allow coturn to open lower ports
capabilities:
path: /usr/bin/turnserver
capability: cap_net_bind_service+eip
state: present
- name: adapt turnserver.conf
blockinfile:
path: /etc/turnserver.conf
block: |
listening-port=3478
tls-listening-port=443
fingerprint
lt-cred-mech
static-auth-secret={{ static_auth_secret }}
realm={{ ansible_domain }}
cert=/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
pkey=/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
dh2066
no-tlsv1
no-tlsv1_1
notify: "restart coturn"
extra_pkgs: ""
extra_pkgs_bpo: ""
# Update lists and upgrade packages.
- name: update apt package lists
apt:
update_cache: yes
cache_valid_time: 86400
- name: upgrade packages
apt:
upgrade: dist
autoremove: yes
autoclean: yes
- name: install etckeeper
apt:
name: etckeeper
state: latest
- name: install extra packages from stable
apt:
name: "{{ extra_pkgs }}"
state: latest
when: extra_pkgs|length
- name: add {{ ansible_distribution_release }}-backports
apt_repository:
repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main
state: present
update_cache: yes
when: extra_pkgs_bpo|length
- name: install extra packages from backports
apt:
name: "{{ extra_pkgs_bpo }}"
state: latest
default_release: "{{ ansible_distribution_release }}-backports"
when: extra_pkgs_bpo|length
# Update lists and upgrade packages.
- name: update apt package lists
apt:
update_cache: yes
cache_valid_time: 86400
- name: upgrade packages
apt:
upgrade: dist
autoremove: yes
autoclean: yes
- name: install required packages
apt:
name: "{{ required_packages }}"
state: latest
when: required_packages|length
$ANSIBLE_VAULT;1.1;AES256
32373862623663343063306262393337323066303935633933353635313161343935656238663966
3462386663366266343762383762306431616233636439340a356435386238386234623433646539
36646365366261373633653062663735363161386536363162396161383466303535643930653937
3466383563376431370a396234333361303337343634333136363466313562336163646164393838
39613565366435303564356134336266323763643333343638353936303832386134623435383363
30323735393665633532646465626133663262643564373331666533306664313864313534616230
65353633643734343064633962346330663563636331313434356166393134373565373131653735
62366337313839303362363261613439323938643463383931373566633934373031656136356563
32356538386530663535333264643933636535346263353733633363393964643666
37313165663965663233336535306638333763323466386463663963663739653866333331663739
3361653964363538393434663034316164663732346536630a346235343165373339333037646163
65666639353862373562643566656233633561653432666630623966363534393539313033376337
3761633237663865310a346132396531313965613261343438373032303465613665326639336663
66356164383937336666303038356333333562386563323637616537386331353561323962333431
33303137393032343861336531396332626431393131396633363239666665613431623437313533
32303935323539336465333161643663666363373765633266383961653531653664613030616439
35333337333535633064393336626637383533383939663538356565323430363231653339373035
38626137333836643135373833613262393535363566346262326633383963623537303139633832
33303931313132313131383066316535323232656663646236323166643039633265653339383232
37653337313339353337363366343235336233663632306232366639663766623362623238336138
38613332323836376466373833396630633635316531353032373835633564346230616662356566
36353035323339653762363039383237333663373939356134356566613538316261343463633764
30613130386230663766643232393235323635353334633439613534363164313733353231653934
38653261643730616535643465623836643061363531363238306437356332303935613065313533
32383366623831623937643638343430643133373438393763666662663631303036383335633265
65326662643133373037663135313430363864666336643835616461353539653464393139643439
6361323636663231663835363563306538313664323736396435