69 lines
2 KiB
YAML
69 lines
2 KiB
YAML
|
- name: "Create {{ coturn_project_dir }} project directory"
|
||
|
file:
|
||
|
path: "{{ coturn_project_dir }}"
|
||
|
state: directory
|
||
|
|
||
|
- name: Template docker-compose.yaml to project directory
|
||
|
template:
|
||
|
src: docker-compose.yaml
|
||
|
dest: "{{ coturn_project_dir }}/docker-compose.yaml"
|
||
|
owner: "{{ ansible_env['USER'] }}"
|
||
|
group: "{{ ansible_env['USER'] }}"
|
||
|
mode: '640'
|
||
|
|
||
|
- name: Template turnserver.conf to project directory
|
||
|
template:
|
||
|
src: turnserver.conf
|
||
|
dest: "{{ coturn_project_dir }}/turnserver.conf"
|
||
|
owner: "{{ ansible_env['USER'] }}"
|
||
|
mode: '640'
|
||
|
# Store result to restart services if the file changed
|
||
|
register: coturn_template_turnserver_result
|
||
|
|
||
|
# Separate task because template module cannot chown/chgrp to a non-existing user/group
|
||
|
- name: "Change group of turnserver.conf to coturn GID ({{ users['coturn'] + uid_shift }})"
|
||
|
file:
|
||
|
path: "{{ coturn_project_dir }}/turnserver.conf"
|
||
|
group: "{{ users['coturn'] + uid_shift }}"
|
||
|
become: true
|
||
|
|
||
|
- name: Set limited permissions on certificate directories
|
||
|
file:
|
||
|
path: "/etc/{{ item }}"
|
||
|
state: directory
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '751'
|
||
|
become: true
|
||
|
loop:
|
||
|
- letsencrypt
|
||
|
- letsencrypt/live
|
||
|
- letsencrypt/archive
|
||
|
|
||
|
- name: Set limited permissions on certificate directories
|
||
|
file:
|
||
|
path: "/etc/letsencrypt/{{ item }}/turn.{{ domain }}"
|
||
|
state: directory
|
||
|
owner: "{{ host_uid }}"
|
||
|
group: "{{ users['coturn'] + uid_shift }}"
|
||
|
mode: '550'
|
||
|
become: true
|
||
|
loop:
|
||
|
- live
|
||
|
- archive
|
||
|
|
||
|
- name: Set limited permissions on certificate key file
|
||
|
file:
|
||
|
path: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"
|
||
|
owner: root
|
||
|
group: "{{ users['coturn'] + uid_shift }}"
|
||
|
mode: '640'
|
||
|
become: true
|
||
|
|
||
|
- name: Pull/Create/Restart project services
|
||
|
community.docker.docker_compose:
|
||
|
project_src: "{{ coturn_project_dir }}"
|
||
|
pull: "{{ docker_pull_images | bool }}"
|
||
|
# Restart if config file(s) changed
|
||
|
restarted: "{{ coturn_template_turnserver_result['changed'] | bool }}"
|