slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ajout des serveurs de voix

Browse Source
This commit is contained in:
VC
2019-09-05 22:40:23 +02:00
parent 84afea328a
commit d43e55e20a
13 changed files with 391 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
icecast2.yml Normal file
View File

@@ -0,0 +1,3 @@
- hosts: icecastservers
roles:
- icecast2

3
mumble.yml Normal file
View File

@@ -0,0 +1,3 @@
- hosts: mumbleservers
roles:
- mumble

7
production/hosts
View File

@@ -24,6 +24,7 @@ web1.dmz.mateu.be
web2.dmz.mateu.be
mail.dmz.mateu.be borg_backup_path="['/home', '/etc', '/var/lib/mailman']"
jabber.dmz.mateu.be borg_backup_path="['/etc', '/var/lib/prosody']"
voice1.dmz.mateu.be borg_backup_path="['/etc', '/var/lib/mumble-server']"
ror.dmz.mateu.be
[nut:children]
@@ -45,6 +46,7 @@ web1.dmz.mateu.be web_hostname="['fav.libertus.eu', 'rss.libertus.eu', 'o.libert
web2.dmz.mateu.be web_hostname="['analyse.nintendojo.fr', 'nintendojo.fr', 'www.nintendojo.fr', 'forum.nintendojo.fr', 'intendo.fr', 'www.intendo.fr']"
ror.dmz.mateu.be web_hostname="['m.nintendojo.fr']"
jabber.dmz.mateu.be web_hostname="['libertus.eu', 'upload.libertus.eu', 'xmpp.libertus.eu']"
voice3.dmz.mateu.be web_hostname="['radio.nintendojo.fr']"
#mail.dmz.mateu.be
[phpservers]
@@ -73,3 +75,8 @@ haproxy.dmz.mateu.be
[transmission]
bt.dmz.mateu.be
[mumbleservers]
voice1.dmz.mateu.be
[icecastservers]
voice3.dmz.mateu.be

57
roles/firewall/templates/firewall.j2
View File

@@ -142,15 +142,15 @@ config rule
# option target 'ACCEPT'
# option family 'ipv6'
config rule
option name 'n0box2-mumble'
option src 'wan'
option proto 'tcpudp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
option dest_port '64738'
option target 'ACCEPT'
option family 'ipv6'
#config rule
# option name 'n0box2-mumble'
# option src 'wan'
# option proto 'tcpudp'
# option dest 'lan'
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
# option dest_port '64738'
# option target 'ACCEPT'
# option family 'ipv6'
config redirect
option name 'n0box2-SMTP'
@@ -232,15 +232,15 @@ config redirect
# option dest_port '9987'
# option target 'DNAT'
config redirect
option name 'n0box2-mumble'
option src 'wan'
option src_dport '64738'
option proto 'tcpudp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
option dest_port '64738'
option target 'DNAT'
#config redirect
# option name 'n0box2-mumble'
# option src 'wan'
# option src_dport '64738'
# option proto 'tcpudp'
# option dest 'lan'
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
# option dest_port '64738'
# option target 'DNAT'
### DMZ Rules
## General Rules
@@ -488,6 +488,27 @@ config rule
option target 'ACCEPT'
option family 'ipv6'
# Allow Mumble traffic
config rule
option name 'Allow-INPUT-mumble'
option src 'wan'
option proto 'tcpudp'
option dest 'dmz'
option dest_ip '{{ hostvars['voice1.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
option dest_port '64738'
option target 'ACCEPT'
option family 'ipv6'
config redirect
option name 'Allow-INPUT-mumble'
option src 'wan'
option src_dport '64738'
option proto 'tcpudp'
option dest 'dmz'
option dest_ip '{{ hostvars['voice1.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
option dest_port '64738'
option target 'DNAT'
## Default configuration
config defaults
option syn_flood '1'

28
roles/icecast2/defaults/main.yml Normal file
View File

@@ -0,0 +1,28 @@
source_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
36383738646636353839616365316537653865666335353136666166336137636635663062626265
6464633337633063326632303332623264336462383635360a336362623464623061666230366366
32366135323936386430333735666362303132623764646439316330666334333739306432616538
3836323434303637370a643864666439373934306439353030613266303139333732353138653238
6531
relay_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
61663166303239323862656262303332313365616132633765666264376234316630656330356333
6264646531643936616466653832656537316533303161630a393763303536356631666631393161
32393762366231386665633962613332333163323530313032343430383335643962336535366639
3366316330326363660a643664626461623833323531336134353233343235346631303765333066
6366
admin_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
62353032653634373261396231393539393530313639613730386163383933313863306561336164
3632663966353336353330356230373038623037663665380a393038633039326261353266633331
63383237636536663036346335613933356161346166396331323863643731656661643934313835
6565303963393631310a666131313933623834313732633261633932326266376462333637356439
6238
admin_user: !vault |
$ANSIBLE_VAULT;1.1;AES256
39306532623732636431353461353062346464343630303438373935666338356566373538336264
6662376439323937663565353636343865366132623230620a336130313131656332313864383434
36643430616330363235373139333935383133376439353535363739376131303432333266626263
3638646466316361350a333533313134633762383535646164663364633633336439656538343333
3964

4
roles/icecast2/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: restart icecast2
service:
name: icecast2
state: restarted

12
roles/icecast2/tasks/main.yml Normal file
View File

@@ -0,0 +1,12 @@
- name: install icecast2
package:
name: icecast2
state: present
- name: configuration file
template:
src: icecast.xml.j2
dest: /etc/icecast2/icecast.xml
notify:
- restart icecast2

174
roles/icecast2/templates/icecast.xml.j2 Normal file
View File

@@ -0,0 +1,174 @@
<icecast>
<limits>
<clients>200</clients>
<sources>2</sources>
<threadpool>5</threadpool>
<queue-size>8192</queue-size>
<client-timeout>30</client-timeout>
<header-timeout>15</header-timeout>
<source-timeout>10</source-timeout>
<!-- If enabled, this will provide a burst of data when a client
first connects, thereby significantly reducing the startup
time for listeners that do substantial buffering. However,
it also significantly increases latency between the source
client and listening client. For low-latency setups, you
might want to disable this. -->
<burst-on-connect>0</burst-on-connect>
<!-- same as burst-on-connect, but this allows for being more
specific on how much to burst. Most people won't need to
change from the default 64k. Applies to all mountpoints -->
<burst-size>8192</burst-size>
</limits>
<authentication>
<!-- Sources log in with username 'source' -->
<source-password>{{ source_pass }}</source-password>
<!-- Relays log in username 'relay' -->
<relay-password>{{ relay_pass }}</relay-password>
<!-- Admin logs in with the username given below -->
<admin-user>{{ admin_user }}</admin-user>
<admin-password>{{ admin_pass }}</admin-password>
</authentication>
<!-- set the mountpoint for a shoutcast source to use, the default if not
specified is /stream but you can change it here if an alternative is
wanted or an extension is required
<shoutcast-mount>/live.nsv</shoutcast-mount>
-->
<!-- Uncomment this if you want directory listings -->
<!--
<directory>
<yp-url-timeout>15</yp-url-timeout>
<yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url>
</directory>
-->
<!-- This is the hostname other people will use to connect to your server.
It affects mainly the urls generated by Icecast for playlists and yp
listings. -->
<hostname>localhost</hostname>
<!-- You may have multiple <listener> elements -->
<listen-socket>
<port>8000</port>
<!-- <bind-address>127.0.0.1</bind-address> -->
<!-- <shoutcast-mount>/stream</shoutcast-mount> -->
</listen-socket>
<!--
<listen-socket>
<port>8001</port>
</listen-socket>
-->
<!--<master-server>127.0.0.1</master-server>-->
<!--<master-server-port>8001</master-server-port>-->
<!--<master-update-interval>120</master-update-interval>-->
<!--<master-password>hackme</master-password>-->
<!-- setting this makes all relays on-demand unless overridden, this is
useful for master relays which do not have <relay> definitions here.
The default is 0 -->
<!--<relays-on-demand>1</relays-on-demand>-->
<!--
<relay>
<server>127.0.0.1</server>
<port>8001</port>
<mount>/example.ogg</mount>
<local-mount>/different.ogg</local-mount>
<on-demand>0</on-demand>
<relay-shoutcast-metadata>0</relay-shoutcast-metadata>
</relay>
-->
<!-- Only define a <mount> section if you want to use advanced options,
like alternative usernames or passwords
<mount>
<mount-name>/example-complex.ogg</mount-name>
<username>othersource</username>
<password>hackmemore</password>
<max-listeners>1</max-listeners>
<dump-file>/tmp/dump-example1.ogg</dump-file>
<burst-size>65536</burst-size>
<fallback-mount>/example2.ogg</fallback-mount>
<fallback-override>1</fallback-override>
<fallback-when-full>1</fallback-when-full>
<intro>/example_intro.ogg</intro>
<hidden>1</hidden>
<no-yp>1</no-yp>
<authentication type="htpasswd">
<option name="filename" value="myauth"/>
<option name="allow_duplicate_users" value="0"/>
</authentication>
<on-connect>/home/icecast/bin/stream-start</on-connect>
<on-disconnect>/home/icecast/bin/stream-stop</on-disconnect>
</mount>
<mount>
<mount-name>/auth_example.ogg</mount-name>
<authentication type="url">
<option name="mount_add" value="http://myauthserver.net/notify_mount.php"/>
<option name="mount_remove" value="http://myauthserver.net/notify_mount.php"/>
<option name="listener_add" value="http://myauthserver.net/notify_listener.php"/>
<option name="listener_remove" value="http://myauthserver.net/notify_listener.php"/>
</authentication>
</mount>
-->
<fileserve>1</fileserve>
<paths>
<!-- basedir is only used if chroot is enabled -->
<basedir>/usr/share/icecast2</basedir>
<!-- Note that if <chroot> is turned on below, these paths must both
be relative to the new root, not the original root -->
<logdir>/var/log/icecast2</logdir>
<webroot>/usr/share/icecast2/web</webroot>
<adminroot>/usr/share/icecast2/admin</adminroot>
<!-- <pidfile>/usr/share/icecast2/icecast.pid</pidfile> -->
<!-- Aliases: treat requests for 'source' path as being for 'dest' path
May be made specific to a port or bound address using the "port"
and "bind-address" attributes.
-->
<!--
<alias source="/foo" dest="/bar"/>
-->
<!-- Aliases: can also be used for simple redirections as well,
this example will redirect all requests for http://server:port/ to
the status page
-->
<alias source="/" dest="/status.xsl"/>
</paths>
<logging>
<accesslog>access.log</accesslog>
<errorlog>error.log</errorlog>
<!-- <playlistlog>playlist.log</playlistlog> -->
<loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error -->
<logsize>10000</logsize> <!-- Max size of a logfile -->
<!-- If logarchive is enabled (1), then when logsize is reached
the logfile will be moved to [error|access|playlist].log.DATESTAMP,
otherwise it will be moved to [error|access|playlist].log.old.
Default is non-archive mode (i.e. overwrite)
-->
<!-- <logarchive>1</logarchive> -->
</logging>
<security>
<chroot>0</chroot>
<!--
<changeowner>
<user>nobody</user>
<group>nogroup</group>
</changeowner>
-->
</security>
</icecast>

97
roles/mumble/files/mumble-server.ini Normal file
View File

@@ -0,0 +1,97 @@
# Path to database. If blank, will search for
# murmur.sqlite in default locations or create it if not found.
# If you wish to use something other than SQLite, you'll need to set the name
# of the database above, and also uncomment the below.
#
database=/var/lib/mumble-server/mumble-server.sqlite
# Murmur defaults to not using D-Bus. If you wish to use dbus, which is one of the
# RPC methods available in murmur, please specify so here.
#
#dbus=system
# Alternate service name. Only use if you are running distinct
# murmurd processes connected to the same D-Bus daemon.
#dbusservice=net.sourceforge.mumble.murmur
# If you want to use ZeroC ICE to communicate with Murmur, you need
# to specify the endpoint to use. Since there is no authentication
# with ICE, you should only use it if you trust all the users who have
# shell access to your machine.
# Please see the ICE documentation on how to specify endpoints.
#ice="tcp -h 127.0.0.1 -p 6502"
# How many login attempts do we tolerate from one IP
# inside a given timeframe before we ban the connection?
# Note that this is global (shared between all virtual servers), and that
# it counts both successfull and unsuccessfull connection attempts.
# Set either Attempts or Timeframe to 0 to disable.
#autobanAttempts = 10
#autobanTimeframe = 120
#autobanTime = 300
# Murmur default to logging to murmur.log. If you leave this blank,
# murmur will log to the console (linux) or through message boxes (win32).
logfile=/var/log/mumble-server/mumble-server.log
# Where Murmur should store it's .pid file. Leave blank to use current
# directory. This option does nothing on Win32.
pidfile=/var/run/mumble-server/mumble-server.pid
# The below will be used as defaults for new configured servers.
# If you're just running one server (the default), it's easier to
# configure it here than through D-Bus or Ice.
#
# Welcome message sent to clients when they connect
welcometext="<br />Welcome to this server running <b>Murmur</b>.<br />Enjoy your stay!<br />"
# Port to bind TCP and UDP sockets to
port=64738
# Specific IP or hostname to bind to.
# If this is left blank (default), murmur will bind to all available addresses.
host=
# Password to join server
serverpassword=
# Maximum bandwidth (in bytes per second) clients are allowed
# to send speech at.
bandwidth=100000
# Maximum number of concurrent clients allowed.
users=100
# Murmur retains the per-server log entries in an internal database which
# allows it to be accessed over D-Bus/ICE.
# How many days should such entries be kept?
#logdays=31
# To enable public server registration, the serverpassword must be blank, and
# this must all be filled out.
# The password here is used to create a registry for the server name; subsequent
# updates will need the same password. Don't lose your password.
# The URL is your own website, and only set the registerHostname for static IP
# addresses.
#
#registerName=Mumble Server
#registerPassword=secret
#registerUrl=http://mumble.sourceforge.net/
#registerHostname=
# If you have a proper SSL certificate, you can provide the filenames here.
#sslCert=
#sslKey=
# To enable username registration through
# http://webserver/cgi-bin/mumble-server/register.cgi
# then this value must be set to a valid email
# and you must be running a SMTP server on this
# machine.
# This option is only used for a pre-packaged system-wide installation,
# and does nothing if you just start murmurd yourself.
#emailfrom =
# If murmur is started as root, which user should it switch to?
# This option is ignored if murmur isn't started with root privileges.

4
roles/mumble/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: restart mumble
service:
name: mumble-server
state: restarted

11
roles/mumble/tasks/main.yml Normal file
View File

@@ -0,0 +1,11 @@
- name: install mumble
package:
name: mumble-server
state: present
- name: configuration files
copy:
src: ./files/mumble-server.ini
dest: /etc/mumble-server.ini
notify:
- restart mumble

7
roles/nginx/templates/vhosts/radio.nintendojo.fr.conf.j2 Normal file
View File

@@ -0,0 +1,7 @@
server {
{% include './templates/header.conf.j2' %}
location / {
proxy_pass http://127.0.0.1:8000;
}
}

2
site.yml
View File

@@ -12,3 +12,5 @@
- import_playbook: mariadb.yml
- import_playbook: pgsql.yml
- import_playbook: bittorrent.yml
- import_playbook: mumble.yml
- import_playbook: icecast2.yml