{"id":31847942,"url":"https://github.com/wireapp/ansible-restund","last_synced_at":"2025-10-12T09:58:47.775Z","repository":{"id":43478412,"uuid":"188288531","full_name":"wireapp/ansible-restund","owner":"wireapp","description":"Ansible role to install a restund server","archived":false,"fork":false,"pushed_at":"2023-06-27T10:22:25.000Z","size":77,"stargazers_count":0,"open_issues_count":6,"forks_count":2,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-05-09T16:41:53.037Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wireapp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-05-23T18:43:29.000Z","updated_at":"2022-02-28T19:21:18.000Z","dependencies_parsed_at":"2022-09-16T17:41:37.525Z","dependency_job_id":null,"html_url":"https://github.com/wireapp/ansible-restund","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/wireapp/ansible-restund","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wireapp%2Fansible-restund","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wireapp%2Fansible-restund/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wireapp%2Fansible-restund/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wireapp%2Fansible-restund/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wireapp","download_url":"https://codeload.github.com/wireapp/ansible-restund/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wireapp%2Fansible-restund/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279010951,"owners_count":26084841,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-12T09:58:38.531Z","updated_at":"2025-10-12T09:58:47.767Z","avatar_url":"https://github.com/wireapp.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"## ansible-restund\n\n## Requirements\n\n- ansible \u003e= 2.7\n\n## Preparation\n\n1. Download the role and its dependencies\n\n```\ncurl -Ls https://raw.githubusercontent.com/wireapp/ansible-restund/master/requirements.yml \u003e ansible-restund-requirements.yml\nansible-galaxy install -f -r ansible-restund-requirements.yml\n```\n\n2. Generate a secret as described in [how to install wire-server](https://docs.wire.com/how-to/install/helm.html#how-to-install-wire-server-itself), and store it under `restund-secret.txt`, e.g:\n\n```\nopenssl rand -base64 64 | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 42 \u003e restund-secret.txt\n```\n\n3. create a playbook file (see below), and run ansible-playbook against your server.\n\n## Example playbooks\n\n### Basic usage\n\nInstall restund to listen on default port 3478 for UDP and TCP\n\n```ini\n# hosts.ini\n\n[all]\nrestund01  ansible_host=X.X.X.X\n\n[restund]\nrestund01\n```\n\n```yaml\n- name: Install restund\n  hosts: restund\n  gather_facts: yes\n  become: yes\n  vars:\n    restund_zrest_secret: \"{{ lookup('file', 'restund-secret.txt') }}\"\n  roles:\n    - role: restund\n```\n\n### With auto-renewing TLS certificates\n\nAlso allow TLS connections on default port 5349, by configuring auto-renewing let's encrypt certificates.\n\n* You need to have a DNS record pointing to your machine, i.e. `dig +short restund01.dev.example.com` should return the IP address of your machine.\n\n```ini\n# hosts.ini\n\n[all]\nrestund01  ansible_host=X.X.X.X  certbot_domain=restund01.dev.example.com\n\n[restund]\nrestund01\n```\n\n```yaml\n- name: Install restund\n  hosts: restund\n  gather_facts: yes\n  become: yes\n  vars:\n    restund_zrest_secret: \"{{ lookup('file', 'restund-secret.txt') }}\"\n    certbot_enabled: true\n    certbot_admin_email: # e.g. certificates@example.com\n  roles:\n    - role: restund\n```\n\n### With custom TLS certificates\n\n* You need to have a DNS record pointing to your machine, i.e. `dig +short restund01.dev.example.com` should return the IP address of your machine.\n* You need to have a valid certificate and private key for that domain.\n\n1. Create a PEM file containing certificate, intermediate certificate, and private key, like this:\n\n```\n# -----BEGIN CERTIFICATE-----\n# --- ... CERT CONTENT ... --\n# -----END CERTIFICATE-----\n# -----BEGIN CERTIFICATE-----\n# --- ... INTERMEDIATE ..----\n# -----END CERTIFICATE----\n# -----BEGIN PRIVATE KEY-----\n# --- .... PRIV KEY -----\n# -----END PRIVATE KEY-----\n```\n\nsave that file as `tls_cert_and_priv_key.pem`\n\n```yaml\n- name: Install restund\n  hosts: restund\n  gather_facts: yes\n  become: yes\n  vars:\n    restund_zrest_secret: \"{{ lookup('file', 'restund-secret.txt') }}\"\n    restund_tls_certificate: \"{{ lookup('file', 'tls_cert_and_priv_key.pem') }}\"\n  roles:\n    - role: restund\n```\n\n### Other overrides\n\nSee defaults/main.yml for other variables to change.\n\n## How do I connect this restund server with wire-server?\n\nYou need to make sure to use the same secret for the ansible-restund role as you configure under `brig.secrets.turn.secret` for the wire-server helm chart. (see also [documentation](https://docs.wire.com/how-to/install/helm.html#how-to-install-wire-server-itself))\n\nOnce you have a provisioned server, take note of the advertised IP address and ports (for UDP and TCP) and then add them in your wire-server installation. I.e., if your server is now running at `a.b.c.d` and the used udp/tcp port is 3478, then add that config as examplified under `brig.turnStatic` [here](https://github.com/wireapp/wire-server-deploy/blob/master/values/wire-server/prod-values.example.yaml#L76).\n\n**Status: beta**, see [TODO](TODO.md)\n\n[![Build Status](https://travis-ci.org/wireapp/ansible-restund.svg?branch=master)](https://travis-ci.org/wireapp/ansible-restund)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwireapp%2Fansible-restund","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwireapp%2Fansible-restund","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwireapp%2Fansible-restund/lists"}