started jitsi conf and moved zinzoscope and lexperimental to templating solution

This commit is contained in:
Adrien Luxey 2020-04-27 09:45:07 +02:00
parent 1ee8708fdd
commit c1739eaf3a
19 changed files with 830 additions and 44 deletions

View File

@ -40,4 +40,6 @@ Good docs on the topic:
* [Explains postfix on Host+ssmtp in Docker in detail, poorly written](https://medium.com/@thilinaviraj950/configure-and-use-host-base-postfix-to-send-emails-from-a-container-18cd279fc460)
* [Another one](https://www.michelebologna.net/2019/send-an-email-from-a-docker-container/)
I needed to add Docker's network (`172.0.0.0/8`) to `mynetworks` in `/etc/postfix/main.cf`. Also `inet_interfaces` would have had to be changed if Arthur didn't put it to `all`. Now works.
I needed to add Docker's network (`172.0.0.0/8`) to `mynetworks` in `/etc/postfix/main.cf`. Also `inet_interfaces` would have had to be changed if Arthur didn't put it to `all`.
**Now solved.**

View File

@ -21,22 +21,56 @@ sites:
# mysql_username: rdb
# mysql_password: "{{ vault_rdb_mysql_password }}"
- slug: arvuhez # Shorthand name to use as directory/file name
# - slug: arvuhez # Shorthand name to use as directory/file name
# # The site URL (without www)
# url: arvuhez.org
# # Ask nginx to redirect url to www
# # Else, we redirect www to url
# redirect_to_www: no
# # What kind of site is that?
# type: wordpress
# # Subnet addresses
# subnet_cidr_address: 172.27.2.0/24
# subnet_gateway_ip: 172.27.2.1
# subnet_site_ip: 172.27.2.2
# mysql_database: arvuhez
# mysql_username: arvuhez
# mysql_password: "{{ vault_arvuhez_mysql_password }}"
# - slug: zinzoscope # Shorthand name to use as directory/file name
# # The site URL (without www)
# url: zinz.luxeylab.net
# # Ask nginx to redirect url to www
# # Else, we redirect www to url
# redirect_to_www: no
# # What kind of site is that?
# type: wordpress
# # Subnet addresses
# subnet_cidr_address: 172.27.3.0/24
# subnet_gateway_ip: 172.27.3.1
# subnet_site_ip: 172.27.3.2
# mysql_database: zinzoscope
# mysql_username: zinzoscope
# mysql_password: "{{ vault_zinzoscope_mysql_password }}"
- slug: lexperimental # Shorthand name to use as directory/file name
# The site URL (without www)
url: arvuhez.org
url: lexperimental.fr
# Ask nginx to redirect url to www
# Else, we redirect www to url
redirect_to_www: no
# What kind of site is that?
type: wordpress
# Subnet addresses
subnet_cidr_address: 172.27.1.0/24
subnet_gateway_ip: 172.27.1.1
subnet_site_ip: 172.27.1.2
subnet_cidr_address: 172.27.4.0/24
subnet_gateway_ip: 172.27.4.1
subnet_site_ip: 172.27.4.2
mysql_database: rdb
mysql_username: rdb
mysql_password: "{{ vault_rdb_mysql_password }}"
mysql_database: lexperimental
mysql_username: lexperimental
mysql_password: "{{ vault_lexperimental_mysql_password }}"
mysql_root_password: "{{ vault_mysql_root_password }}"
adrien_serenity_password: "{{ vault_adrien_serenity_password }}"

View File

@ -1,18 +1,27 @@
$ANSIBLE_VAULT;1.1;AES256
32333161663031336337306564336431336432656334323931653564353263623063353463316239
3539633636383265623233323663383432396531323839660a366266393837333362376166303633
63303836343433303830323630656532666466333231633431383265303637353231646635636231
3666373032653565370a386534313865383632373137396466333765623939346535323364653337
37346534626235666438643863343565626338396662333238373265343236373138663034653830
62343766393834393933303364623365323263386338643939396238653163353266366165326266
65303063333038656239373363323333356233366231396664323263653937623765633139383933
39326632663733393839636563333633666236656531353863633837396539393131353165333435
35323432353062363465323931613236623966396132636435663061356531646363343436313536
39336135326232626139353534353338613836353330623431363439666134353664613330393333
33663536376431393030643335306138353931393266343736636630653861306237663866643465
64383831366463366539666265363166653739316635666663356630353964396432393031333364
36366435393139313034373030343161663139623339316662653239393734346363383132383163
31326134613238343862663733386361303532336236613961346534356434623535383837666433
63313865653161313936313661336161666533636464623466343530376461383865306465653265
31643566383336376662613139616164623263353837323935316634636334306237643331663437
30363862666538323434316634613833366338316262663338656535376565353264
66633138343934393133313432636535393566633962343761623535333534663239306465303932
3234353334646338653032336438373732373463613738660a353632626633386234646631356330
62386333366433326630616566396663643733323362393031653833333664633061653463366239
3232623432326530310a613665306565623337643237323435616134353331633130386164373338
35656438653730313730303562323239666166383432636332323063633238393936613766353664
64653231663132343066643936333465376664666330373935323562323934616462386138373434
31336265636134326233313564303666323639383130653130363539636633323262646663333138
30396639393732333130363934666661633136623833626136643735373436393430663366386463
63356330396536323066326435663131373464303135326630333264353632636563303435626237
35383834663032656237643862383632633838353565356162383061353534303062376236663131
64616366653663303336386237313737613137366435353030383663613437646261396533353366
36373331383931383530363663643961623261616138653930623632646135383361393066343732
30666532383766383535616665303065333065306437363534653166356432373262383136636534
66343439626366633862363431643161313564326532663933366661396361646137616366306533
61393062356166613533373363356239663533313032636261303130383634613161666438376465
34333138646332343139656133356532613065303166356334353036623263343330393134303235
30373966613838646432353061366134643465346165633638666130383236353664343362376364
31663164663433613031336161373032303039313565306563646231313162663132316464323035
35343836313232626238623933353930313064343565333466376630306566616630643632376433
62373863353932623331303730366238363838376361343763396530326166343137343865323437
63643835313261656465653937643263663932623138363861626463616438313935313363316430
63363932353931383330326539353066353162373165653765346262666163356138663062353837
33643434343637366237646636653331353038653264646237356338386266616262623766633230
31346334326230356265313438353437393563336133393839633464373831653334356535343136
62343433373736356130353236653963646532336164366639343963666666363066346133393165
3136353565303762353234323430666263376661323266373766

View File

@ -1,4 +1,4 @@
serenity ansible_host=92.243.8.85 ansible_user=adrien ansible_become_pass="{{ vault_adrien_serenity_password }}"
serenity ansible_host=92.243.8.85 ansible_user=adrien ansible_become_pass="{{ adrien_serenity_password }}"
[py3-hosts]
serenity

View File

@ -41,5 +41,5 @@
name: "{{ item.mysql_username }}"
password: "{{ item.mysql_password }}"
# Grants
priv: "{{ item.mysql_database }}:all"
priv: "{{ item.mysql_database }}.*:all"
state: present

View File

@ -10,11 +10,11 @@ server {
include snippets/letsencrypt.conf;
location / {
{% if item.redirect_to_www %}
return 301 https://www.{{ item.url }}$request_uri;
{% else %}
return 301 https://{{ item.url }}$request_uri;
{% endif %}
{% if item.redirect_to_www %}
return 301 https://www.{{ item.url }}$request_uri;
{% else %}
return 301 https://{{ item.url }}$request_uri;
{% endif %}
}
}
@ -26,17 +26,17 @@ server {
access_log /var/log/nginx/{{ item.slug }}-access.log;
error_log /var/log/nginx/error.log;
{% if item.redirect_to_www %}
# Redirect non-www to www
if ($host = {{ item.url }}) {
rewrite ^ https://www.{{ item.url }}$request_uri permanent;
}
{% else %}
# Redirect www to non-www
if ($host = www.{{ item.url }}) {
rewrite ^ https://{{ item.url }}$request_uri permanent;
}
{% endif %}
{% if item.redirect_to_www %}
# Redirect non-www to www
if ($host = {{ item.url }}) {
rewrite ^ https://www.{{ item.url }}$request_uri permanent;
}
{% else %}
# Redirect www to non-www
if ($host = www.{{ item.url }}) {
rewrite ^ https://{{ item.url }}$request_uri permanent;
}
{% endif %}
# Let's Encrypt
include snippets/letsencrypt.conf;

13
jitsi/ansible/ansible.cfg Normal file
View File

@ -0,0 +1,13 @@
[defaults]
# To forward my SSH key to remote hosts, and be able to pull from gitlab
transport = ssh
[ssh_connection]
# ForwardAgent to forward my SSH key to remote hosts, and be able to pull from gitlab
# ControlMaster to avoid a bug when cloning: https://github.com/ansible/ansible/issues/13876
# ControlPersist for SSH multiplexing "-o ControlPersist=60s" <- Causes user not being added to docker group T_T
ssh_args = -o ForwardAgent=yes -o ControlMaster=auto
# For speed
pipelining=True

610
jitsi/ansible/facts Normal file
View File

@ -0,0 +1,610 @@
__________________
< PLAY [discovery] >
------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [discovery]
______________
< TASK [debug] >
--------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [discovery] => {
"ansible_facts": {
"_facts_gathered": true,
"all_ipv4_addresses": [
"92.243.19.121"
],
"all_ipv6_addresses": [
"2001:4b98:dc0:43:216:3eff:fe57:c7c",
"fe80::216:3eff:fe57:c7c"
],
"ansible_local": {},
"apparmor": {
"status": "enabled"
},
"architecture": "x86_64",
"bios_date": "",
"bios_version": "",
"cmdline": {
"console": "hvc0",
"loglevel": "5",
"net.ifnames": "0",
"nomce": true,
"ro": true,
"root": "LABEL=debian-buster"
},
"date_time": {
"date": "2020-04-09",
"day": "09",
"epoch": "1586448390",
"hour": "18",
"iso8601": "2020-04-09T16:06:30Z",
"iso8601_basic": "20200409T180630161764",
"iso8601_basic_short": "20200409T180630",
"iso8601_micro": "2020-04-09T16:06:30.161920Z",
"minute": "06",
"month": "04",
"second": "30",
"time": "18:06:30",
"tz": "CEST",
"tz_offset": "+0200",
"weekday": "Thursday",
"weekday_number": "4",
"weeknumber": "14",
"year": "2020"
},
"default_ipv4": {
"address": "92.243.19.121",
"alias": "eth0",
"broadcast": "92.243.19.255",
"gateway": "92.243.19.254",
"interface": "eth0",
"macaddress": "00:16:3e:57:0c:7c",
"mtu": 1500,
"netmask": "255.255.252.0",
"network": "92.243.16.0",
"type": "ether"
},
"default_ipv6": {
"address": "2001:4b98:dc0:43:216:3eff:fe57:c7c",
"gateway": "fe80::216:3eff:feea:dd92",
"interface": "eth0",
"macaddress": "00:16:3e:57:0c:7c",
"mtu": 1500,
"prefix": "64",
"scope": "global",
"type": "ether"
},
"device_links": {
"ids": {},
"labels": {
"xvda1": [
"debian-buster"
],
"xvdz": [
"swap"
]
},
"masters": {},
"uuids": {
"xvda1": [
"01e4a304-e4a0-4b1d-adbc-866afe76158e"
],
"xvdz": [
"bb771606-7c58-4be2-803a-234b6fa9c032"
]
}
},
"devices": {
"xvda": {
"holders": [],
"host": "",
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": []
},
"model": null,
"partitions": {
"xvda1": {
"holders": [],
"links": {
"ids": [],
"labels": [
"debian-buster"
],
"masters": [],
"uuids": [
"01e4a304-e4a0-4b1d-adbc-866afe76158e"
]
},
"sectors": "104855519",
"sectorsize": 512,
"size": "50.00 GB",
"start": "2048",
"uuid": "01e4a304-e4a0-4b1d-adbc-866afe76158e"
}
},
"removable": "0",
"rotational": "0",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "none",
"sectors": "104857600",
"sectorsize": "512",
"size": "50.00 GB",
"support_discard": "0",
"vendor": null,
"virtual": 1
},
"xvdz": {
"holders": [],
"host": "",
"links": {
"ids": [],
"labels": [
"swap"
],
"masters": [],
"uuids": [
"bb771606-7c58-4be2-803a-234b6fa9c032"
]
},
"model": null,
"partitions": {},
"removable": "0",
"rotational": "0",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "none",
"sectors": "1482752",
"sectorsize": "512",
"size": "724.00 MB",
"support_discard": "0",
"vendor": null,
"virtual": 1
}
},
"distribution": "Debian",
"distribution_file_parsed": true,
"distribution_file_path": "/etc/os-release",
"distribution_file_variety": "Debian",
"distribution_major_version": "10",
"distribution_release": "buster",
"distribution_version": "10",
"dns": {
"nameservers": [
"155.133.140.130",
"155.133.140.129",
"2001:4b98:dc6:255::129"
],
"options": {
"attempts": "3",
"rotate": true,
"timeout": "1"
}
},
"domain": "",
"effective_group_id": 0,
"effective_user_id": 0,
"env": {
"HOME": "/root",
"LANG": "en_US.UTF-8",
"LC_CTYPE": "fr_FR.UTF-8",
"LOGNAME": "root",
"MAIL": "/var/mail/root",
"PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"PWD": "/home/adrien",
"SHELL": "/bin/bash",
"SUDO_COMMAND": "/bin/sh -c echo BECOME-SUCCESS-jogxnlsbhumrfjsvpnlkcmumvohyokvj ; /usr/bin/python3",
"SUDO_GID": "100",
"SUDO_UID": "1000",
"SUDO_USER": "adrien",
"TERM": "unknown",
"USER": "root"
},
"eth0": {
"active": true,
"device": "eth0",
"features": {
"esp_hw_offload": "off [fixed]",
"esp_tx_csum_hw_offload": "off [fixed]",
"fcoe_mtu": "off [fixed]",
"generic_receive_offload": "on",
"generic_segmentation_offload": "on",
"highdma": "off [fixed]",
"hw_tc_offload": "off [fixed]",
"l2_fwd_offload": "off [fixed]",
"large_receive_offload": "off [fixed]",
"loopback": "off [fixed]",
"netns_local": "off [fixed]",
"ntuple_filters": "off [fixed]",
"receive_hashing": "off [fixed]",
"rx_all": "off [fixed]",
"rx_checksumming": "on [fixed]",
"rx_fcs": "off [fixed]",
"rx_gro_hw": "off [fixed]",
"rx_udp_tunnel_port_offload": "off [fixed]",
"rx_vlan_filter": "off [fixed]",
"rx_vlan_offload": "off [fixed]",
"rx_vlan_stag_filter": "off [fixed]",
"rx_vlan_stag_hw_parse": "off [fixed]",
"scatter_gather": "on",
"tcp_segmentation_offload": "on",
"tls_hw_record": "off [fixed]",
"tls_hw_rx_offload": "off [fixed]",
"tls_hw_tx_offload": "off [fixed]",
"tx_checksum_fcoe_crc": "off [fixed]",
"tx_checksum_ip_generic": "off [fixed]",
"tx_checksum_ipv4": "on [fixed]",
"tx_checksum_ipv6": "on",
"tx_checksum_sctp": "off [fixed]",
"tx_checksumming": "on",
"tx_esp_segmentation": "off [fixed]",
"tx_fcoe_segmentation": "off [fixed]",
"tx_gre_csum_segmentation": "off [fixed]",
"tx_gre_segmentation": "off [fixed]",
"tx_gso_partial": "off [fixed]",
"tx_gso_robust": "on [fixed]",
"tx_ipxip4_segmentation": "off [fixed]",
"tx_ipxip6_segmentation": "off [fixed]",
"tx_lockless": "off [fixed]",
"tx_nocache_copy": "off",
"tx_scatter_gather": "on",
"tx_scatter_gather_fraglist": "off [fixed]",
"tx_sctp_segmentation": "off [fixed]",
"tx_tcp6_segmentation": "on",
"tx_tcp_ecn_segmentation": "off [fixed]",
"tx_tcp_mangleid_segmentation": "off",
"tx_tcp_segmentation": "on",
"tx_udp_segmentation": "off [fixed]",
"tx_udp_tnl_csum_segmentation": "off [fixed]",
"tx_udp_tnl_segmentation": "off [fixed]",
"tx_vlan_offload": "off [fixed]",
"tx_vlan_stag_hw_insert": "off [fixed]",
"udp_fragmentation_offload": "off",
"vlan_challenged": "off [fixed]"
},
"hw_timestamp_filters": [],
"ipv4": {
"address": "92.243.19.121",
"broadcast": "92.243.19.255",
"netmask": "255.255.252.0",
"network": "92.243.16.0"
},
"ipv6": [
{
"address": "2001:4b98:dc0:43:216:3eff:fe57:c7c",
"prefix": "64",
"scope": "global"
},
{
"address": "fe80::216:3eff:fe57:c7c",
"prefix": "64",
"scope": "link"
}
],
"macaddress": "00:16:3e:57:0c:7c",
"module": "xen_netfront",
"mtu": 1500,
"pciid": "vif-0",
"promisc": false,
"timestamping": [
"rx_software",
"software"
],
"type": "ether"
},
"fibre_channel_wwn": [],
"fips": false,
"form_factor": "",
"fqdn": "discovery",
"gather_subset": [
"all"
],
"hostname": "discovery",
"hostnqn": "",
"interfaces": [
"eth0",
"lo"
],
"is_chroot": false,
"iscsi_iqn": "",
"kernel": "4.19.0-5-amd64",
"kernel_version": "#1 SMP Debian 4.19.37-5 (2019-06-19)",
"lo": {
"active": true,
"device": "lo",
"features": {
"esp_hw_offload": "off [fixed]",
"esp_tx_csum_hw_offload": "off [fixed]",
"fcoe_mtu": "off [fixed]",
"generic_receive_offload": "on",
"generic_segmentation_offload": "on",
"highdma": "on [fixed]",
"hw_tc_offload": "off [fixed]",
"l2_fwd_offload": "off [fixed]",
"large_receive_offload": "off [fixed]",
"loopback": "on [fixed]",
"netns_local": "on [fixed]",
"ntuple_filters": "off [fixed]",
"receive_hashing": "off [fixed]",
"rx_all": "off [fixed]",
"rx_checksumming": "on [fixed]",
"rx_fcs": "off [fixed]",
"rx_gro_hw": "off [fixed]",
"rx_udp_tunnel_port_offload": "off [fixed]",
"rx_vlan_filter": "off [fixed]",
"rx_vlan_offload": "off [fixed]",
"rx_vlan_stag_filter": "off [fixed]",
"rx_vlan_stag_hw_parse": "off [fixed]",
"scatter_gather": "on",
"tcp_segmentation_offload": "on",
"tls_hw_record": "off [fixed]",
"tls_hw_rx_offload": "off [fixed]",
"tls_hw_tx_offload": "off [fixed]",
"tx_checksum_fcoe_crc": "off [fixed]",
"tx_checksum_ip_generic": "on [fixed]",
"tx_checksum_ipv4": "off [fixed]",
"tx_checksum_ipv6": "off [fixed]",
"tx_checksum_sctp": "on [fixed]",
"tx_checksumming": "on",
"tx_esp_segmentation": "off [fixed]",
"tx_fcoe_segmentation": "off [fixed]",
"tx_gre_csum_segmentation": "off [fixed]",
"tx_gre_segmentation": "off [fixed]",
"tx_gso_partial": "off [fixed]",
"tx_gso_robust": "off [fixed]",
"tx_ipxip4_segmentation": "off [fixed]",
"tx_ipxip6_segmentation": "off [fixed]",
"tx_lockless": "on [fixed]",
"tx_nocache_copy": "off [fixed]",
"tx_scatter_gather": "on [fixed]",
"tx_scatter_gather_fraglist": "on [fixed]",
"tx_sctp_segmentation": "on",
"tx_tcp6_segmentation": "on",
"tx_tcp_ecn_segmentation": "on",
"tx_tcp_mangleid_segmentation": "on",
"tx_tcp_segmentation": "on",
"tx_udp_segmentation": "off [fixed]",
"tx_udp_tnl_csum_segmentation": "off [fixed]",
"tx_udp_tnl_segmentation": "off [fixed]",
"tx_vlan_offload": "off [fixed]",
"tx_vlan_stag_hw_insert": "off [fixed]",
"udp_fragmentation_offload": "off",
"vlan_challenged": "on [fixed]"
},
"hw_timestamp_filters": [],
"ipv4": {
"address": "127.0.0.1",
"broadcast": "host",
"netmask": "255.0.0.0",
"network": "127.0.0.0"
},
"ipv6": [
{
"address": "::1",
"prefix": "128",
"scope": "host"
}
],
"mtu": 65536,
"promisc": false,
"timestamping": [
"tx_software",
"rx_software",
"software"
],
"type": "loopback"
},
"lsb": {
"codename": "buster",
"description": "Debian GNU/Linux 10 (buster)",
"id": "Debian",
"major_release": "10",
"release": "10"
},
"machine": "x86_64",
"machine_id": "0dab42506f864d22a0b29ef98680eb7d",
"memfree_mb": 871,
"memory_mb": {
"nocache": {
"free": 1809,
"used": 174
},
"real": {
"free": 871,
"total": 1983,
"used": 1112
},
"swap": {
"cached": 0,
"free": 723,
"total": 723,
"used": 0
}
},
"memtotal_mb": 1983,
"module_setup": true,
"mounts": [
{
"block_available": 11896660,
"block_size": 4096,
"block_total": 12884851,
"block_used": 988191,
"device": "/dev/xvda1",
"fstype": "ext4",
"inode_available": 3232800,
"inode_total": 3276800,
"inode_used": 44000,
"mount": "/",
"options": "rw,noatime,errors=remount-ro",
"size_available": 48728719360,
"size_total": 52776349696,
"uuid": "01e4a304-e4a0-4b1d-adbc-866afe76158e"
},
{
"block_available": 0,
"block_size": 4096,
"block_total": 0,
"block_used": 0,
"device": "/etc/auto.gandi",
"fstype": "autofs",
"inode_available": 0,
"inode_total": 0,
"inode_used": 0,
"mount": "/srv",
"options": "rw,relatime,fd=6,pgrp=456,timeout=2592000,minproto=5,maxproto=5,indirect,pipe_ino=14047",
"size_available": 0,
"size_total": 0,
"uuid": "N/A"
}
],
"nodename": "discovery",
"os_family": "Debian",
"pkg_mgr": "apt",
"proc_cmdline": {
"console": [
"ttyS0",
"hvc0"
],
"loglevel": "5",
"net.ifnames": "0",
"nomce": true,
"ro": true,
"root": "LABEL=debian-buster"
},
"processor": [
"0",
"GenuineIntel",
"Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz",
"1",
"GenuineIntel",
"Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz"
],
"processor_cores": 2,
"processor_count": 2,
"processor_threads_per_core": 1,
"processor_vcpus": 2,
"product_name": "",
"product_serial": "",
"product_uuid": "",
"product_version": "",
"python": {
"executable": "/usr/bin/python3",
"has_sslcontext": true,
"type": "cpython",
"version": {
"major": 3,
"micro": 3,
"minor": 7,
"releaselevel": "final",
"serial": 0
},
"version_info": [
3,
7,
3,
"final",
0
]
},
"python_version": "3.7.3",
"real_group_id": 0,
"real_user_id": 0,
"selinux": {
"status": "Missing selinux Python library"
},
"selinux_python_present": false,
"service_mgr": "systemd",
"ssh_host_key_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDlD/fvsGCIPE5yqHrbkAWHpyYYmZxg4MT5K46St7yVy5/j+WWQcvY6eypSwZR7kbxqytQ2G43kZWpobXt9rEX8=",
"ssh_host_key_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAIJsvcDTwcMXFkHgwGh5zy/Z6DROX+N+A3hcnF8WJM8cm",
"ssh_host_key_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABAQCfuxAxZVttU3sDZp4/ENcouB1/YxcgX+3rN8kw3FCC4KB/F+uYNgNwiRR2uC8p2oVDHl3YrCFg54+Sz3QQ1yzrVsMBlts2uEgiuefxe0hhGPdzv/QluoGssPwsWdWi0jLKG4hNSwjq2syKGl90RB4JqzyRUsXaWL3r0aO/3mTXK2u38t8+dIsoJ5oiifVybsPfqCvqvNhLPpTAWnaOHiksOim1AFvjNSNT/NOajOGQORExnkLXMJ2UQWqCHbLJaHjvhhPUhdE/+T3p91Epe1J9FVXSJOoffDesUeWRF8NBg65WfBnc+A1u1uYquLQE2CkluWIfDSKDY/rKjmvw7Z/J",
"swapfree_mb": 723,
"swaptotal_mb": 723,
"system": "Linux",
"system_capabilities": [
"cap_chown",
"cap_dac_override",
"cap_dac_read_search",
"cap_fowner",
"cap_fsetid",
"cap_kill",
"cap_setgid",
"cap_setuid",
"cap_setpcap",
"cap_linux_immutable",
"cap_net_bind_service",
"cap_net_broadcast",
"cap_net_admin",
"cap_net_raw",
"cap_ipc_lock",
"cap_ipc_owner",
"cap_sys_module",
"cap_sys_rawio",
"cap_sys_chroot",
"cap_sys_ptrace",
"cap_sys_pacct",
"cap_sys_admin",
"cap_sys_boot",
"cap_sys_nice",
"cap_sys_resource",
"cap_sys_time",
"cap_sys_tty_config",
"cap_mknod",
"cap_lease",
"cap_audit_write",
"cap_audit_control",
"cap_setfcap",
"cap_mac_override",
"cap_mac_admin",
"cap_syslog",
"cap_wake_alarm",
"cap_block_suspend",
"cap_audit_read+ep"
],
"system_capabilities_enforced": "True",
"system_vendor": "",
"uptime_seconds": 2542,
"user_dir": "/root",
"user_gecos": "root",
"user_gid": 0,
"user_id": "root",
"user_shell": "/bin/bash",
"user_uid": 0,
"userspace_architecture": "x86_64",
"userspace_bits": "64",
"virtualization_role": "guest",
"virtualization_type": "xen"
}
}
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
discovery : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

View File

@ -0,0 +1,6 @@
---
- hosts: discovery
become: true
roles:
- common
- docker

7
jitsi/ansible/inventory Normal file
View File

@ -0,0 +1,7 @@
discovery ansible_host=92.243.19.121 ansible_user=adrien
[py3-hosts]
discovery
[py3-hosts:vars]
ansible_python_interpreter=/usr/bin/python3

View File

@ -0,0 +1,46 @@
---
- name: "Check that host runs Debian buster/sid on x86_64"
assert:
that:
- "ansible_architecture == 'aarch64' or ansible_architecture == 'x86_64'"
- "ansible_os_family == 'Debian'"
- name: "Upgrade system"
apt:
upgrade: dist # Should we do a full uprade instead of a dist one?
update_cache: yes
cache_valid_time: 3600
autoclean: yes
autoremove: yes
- name: "Install base tools"
apt:
state: present
update_cache: no
name:
- atop
- bmon
- curl
- dnsutils
- fail2ban
- git
- htop
- iftop
- iotop
- iproute2
- iptables
- iptables-persistent
- iputils-ping
- less
- net-tools
- nginx
- screen
- strace
- sudo
- tar
- tcpdump
- unzip
- vim

View File

@ -0,0 +1,49 @@
---
- name: "Check that host runs Debian buster/sid on x86_64"
assert:
that:
- "ansible_architecture == 'aarch64' or ansible_architecture == 'x86_64'"
- "ansible_os_family == 'Debian'"
- name: Remove stale Docker versions
apt:
state: absent
name:
- docker
- docker-engine
- docker.io
- containerd
- runc
- name: Install Docker prerequisities
apt:
state: present
update_cache: yes
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
- name: Add Docker's GPG key to apt
apt_key:
url: https://download.docker.com/linux/debian/gpg
- name: Add Docker's repository to apt
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/debian buster stable
state: present
- name: Install Docker
apt:
state: present
update_cache: yes
name:
- docker-ce
- docker-ce-cli
- containerd.io
# For docker-compose it's a bit lame:
# sudo curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

View File

@ -0,0 +1,10 @@
- name: Create output directory
file:
name: /jitsi
state: directory
owner: adrien
group: adrien
- name: Clone deuxfleurs repo to remote
git:
src: