okhsunrog
379f1a2782
- Enable both TURN (port 3478) and TURNS (port 5349) for maximum client compatibility - Add recommended coturn settings: stale-nonce, unlimited quotas - Remove deprecated 'warn' parameter from shell task - Add comprehensive tags to all roles in site.yml for selective deployment - Remove redundant update playbooks (replaced by tags functionality) - Update README with detailed tags documentation and common workflows - Update coturn documentation with correct Nextcloud configuration - Add coturn_static_secret and wireguard server keys to vault example
54 lines
1.4 KiB
YAML
54 lines
1.4 KiB
YAML
---
|
|
- name: Configure VPS
|
|
hosts: vps
|
|
become: true
|
|
gather_facts: true
|
|
|
|
pre_tasks:
|
|
- name: Check OS version
|
|
debug:
|
|
msg: "Running on Ubuntu {{ ansible_facts['distribution_version'] }}"
|
|
when: ansible_facts['distribution'] == "Ubuntu" and ansible_facts['distribution_version'] in ['22.04', '24.04']
|
|
|
|
- name: Verify Ubuntu 22.04 or higher
|
|
fail:
|
|
msg: "This playbook requires Ubuntu 22.04 (Jammy) or higher"
|
|
when: >
|
|
ansible_facts['distribution'] != "Ubuntu" or
|
|
ansible_facts['distribution_version'] not in ['22.04', '24.04']
|
|
|
|
roles:
|
|
- role: base_system
|
|
tags: [base, system]
|
|
- role: wireguard
|
|
tags: [wireguard, vpn]
|
|
- role: amneziawg
|
|
tags: [amneziawg, vpn]
|
|
- role: certbot
|
|
tags: [certbot, certificates]
|
|
- role: haproxy
|
|
tags: [haproxy, proxy]
|
|
- role: nginx
|
|
tags: [nginx, proxy]
|
|
- role: blog_deploy
|
|
tags: [blog, deploy]
|
|
- role: ocserv
|
|
tags: [ocserv, vpn]
|
|
- role: coturn
|
|
tags: [coturn, turn]
|
|
- role: certbot_renewal_config
|
|
tags: [certbot, certificates]
|
|
- role: network
|
|
tags: [network, firewall]
|
|
- role: fail2ban
|
|
tags: [fail2ban, security]
|
|
|
|
post_tasks:
|
|
- name: Reboot server
|
|
reboot:
|
|
msg: "Rebooting after setup"
|
|
connect_timeout: 5
|
|
reboot_timeout: 300
|
|
pre_reboot_delay: 0
|
|
post_reboot_delay: 30
|
|
tags: [reboot, never]
|