diff --git a/webapps/jitsimeet/defaults/main.yml b/webapps/jitsimeet/defaults/main.yml index 985298b4..35b02989 100644 --- a/webapps/jitsimeet/defaults/main.yml +++ b/webapps/jitsimeet/defaults/main.yml @@ -1,5 +1,6 @@ --- # defaults file for main vars +apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}" jitsimeet_system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']" diff --git a/webapps/jitsimeet/files/jitsimeet.gpg b/webapps/jitsimeet/files/jitsimeet.gpg new file mode 100644 index 00000000..2ee72812 Binary files /dev/null and b/webapps/jitsimeet/files/jitsimeet.gpg differ diff --git a/webapps/jitsimeet/files/prosody.gpg b/webapps/jitsimeet/files/prosody.gpg new file mode 100644 index 00000000..117d429b Binary files /dev/null and b/webapps/jitsimeet/files/prosody.gpg differ diff --git a/webapps/jitsimeet/tasks/apt_sources.yml b/webapps/jitsimeet/tasks/apt_sources.yml new file mode 100644 index 00000000..3638b595 --- /dev/null +++ b/webapps/jitsimeet/tasks/apt_sources.yml @@ -0,0 +1,55 @@ +--- + +- name: "Ensure {{ apt_keyring_dir }} directory exists" + file: + path: "{{ apt_keyring_dir }}" + state: directory + mode: "755" + owner: root + group: root + +- name: Prosody GPG key is installed + ansible.builtin.copy: + src: prosody.gpg + dest: "{{ apt_keyring_dir }}/prosody.gpg" + force: true + mode: "0644" + owner: root + group: root + +- name: Jitsi Meet GPG key is installed + ansible.builtin.copy: + src: jitsimeet.gpg + dest: "{{ apt_keyring_dir }}/jitsimeet.gpg" + force: true + mode: "0644" + owner: root + group: root + +- name: Add Prosody repository (Debian <12) + ansible.builtin.apt_repository: + repo: "deb [signed-by={{ apt_keyring_dir }}/prosody.gpg] https://packages.prosody.im/debian {{ ansible_distribution_release }} main" + filename: prosody + state: present + update_cache: yes + when: ansible_distribution_major_version is version('12', '<') + +- name: Add Prosody repository (Debian >=12) + ansible.builtin.template: + src: apt/prosody.sources.j2 + dest: /etc/apt/sources.list.d/prosody.sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Add Jitsi Meet repository (Debian <12) + ansible.builtin.apt_repository: + repo: "deb [signed-by={{ apt_keyring_dir }}/jitsimeet.gpg] https://download.jitsi.org stable/" + filename: jitsimeet + state: present + update_cache: yes + when: ansible_distribution_major_version is version('12', '<') + +- name: Add Jitsi Meet repository (Debian >=12) + ansible.builtin.template: + src: apt/jitsimeet.sources.j2 + dest: /etc/apt/sources.list.d/jitsimeet.sources + when: ansible_distribution_major_version is version('12', '>=') diff --git a/webapps/jitsimeet/tasks/main.yml b/webapps/jitsimeet/tasks/main.yml index 50f1f223..59522017 100644 --- a/webapps/jitsimeet/tasks/main.yml +++ b/webapps/jitsimeet/tasks/main.yml @@ -1,33 +1,8 @@ --- # tasks file for jitsimeet install -#- name: Set FQDN -# ansible.builtin.command: "hostnamectl set-hostname {{ jitsimeet_domains | first }}" - -- name: Add Prosody apt repository key - ansible.builtin.get_url: - url: https://prosody.im/files/prosody-debian-packages.key - dest: /etc/apt/trusted.gpg.d/prosody.gpg - mode: '0644' - force: true - -- name: Add Jitsi Meet apt repository key + dearmor hack - ansible.builtin.shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg' - -- name: Adjust permissions of gpg key - ansible.builtin.file: - path: /etc/apt/trusted.gpg.d/jitsimeet.gpg - mode: '0644' - -- name: Add Prosody apt repository - ansible.builtin.apt_repository: - repo: "deb [signed-by=/etc/apt/trusted.gpg.d/prosody.gpg] https://packages.prosody.im/debian {{ ansible_distribution_release }} main" - state: present - -- name: Add Jitsi Meet apt repository - ansible.builtin.apt_repository: - repo: "deb [signed-by=/etc/apt/trusted.gpg.d/jitsimeet.gpg] https://download.jitsi.org stable/" - state: present +- name: APT sources + ansible.builtin.include_tasks: apt_sources.yml - name: Install system dependencies ansible.builtin.apt: @@ -115,23 +90,25 @@ } - name: Unregister default jvb account in prosody - ansible.builtin.command: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }} + ansible.builtin.command: + cmd: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }} - name: Register jvb account in prosody (with proper secret) - ansible.builtin.command: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }} + ansible.builtin.command: + cmd: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }} - name: Restart prosody - ansible.builtin.service: + ansible.builtin.systemd: name: prosody state: restarted - name: Restart jvb - ansible.builtin.service: + ansible.builtin.systemd: name: jitsi-videobridge2 state: restarted - name: Restart jicofo - ansible.builtin.service: + ansible.builtin.systemd: name: jicofo state: restarted @@ -152,7 +129,7 @@ dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf" state: link - name: Reload nginx conf - ansible.builtin.service: + ansible.builtin.systemd: name: nginx state: reloaded - name: Make sure /var/lib/letsencrypt exists and has correct permissions @@ -161,7 +138,8 @@ state: directory mode: '0755' - name: Generate certificate with certbot - ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }} + ansible.builtin.command: + cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }} when: ssl.stat.exists != true - name: (Re)check if SSL certificate is present and register result @@ -190,7 +168,7 @@ state: link - name: Reload nginx conf - ansible.builtin.service: + ansible.builtin.systemd: name: nginx state: reloaded diff --git a/webapps/jitsimeet/tasks/other_domains.yml b/webapps/jitsimeet/tasks/other_domains.yml index 04175831..2982c8c6 100644 --- a/webapps/jitsimeet/tasks/other_domains.yml +++ b/webapps/jitsimeet/tasks/other_domains.yml @@ -29,7 +29,7 @@ dest: "/etc/nginx/sites-enabled/{{ domain }}.conf" state: link - name: Reload nginx conf - ansible.builtin.service: + ansible.builtin.systemd: name: nginx state: reloaded - name: Make sure /var/lib/letsencrypt exists and has correct permissions @@ -38,7 +38,8 @@ state: directory mode: '0755' - name: Generate certificate with certbot - ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }} + ansible.builtin.command: + cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }} when: ssl.stat.exists != true - name: (Re)check if SSL certificate is present and register result @@ -66,6 +67,6 @@ state: link - name: Reload nginx conf - ansible.builtin.service: + ansible.builtin.systemd: name: nginx state: reloaded diff --git a/webapps/jitsimeet/templates/apt/jitsimeet.sources.j2 b/webapps/jitsimeet/templates/apt/jitsimeet.sources.j2 new file mode 100644 index 00000000..9acd6c0d --- /dev/null +++ b/webapps/jitsimeet/templates/apt/jitsimeet.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://download.jitsi.org +Suites: stable/ +#Components: main +Signed-by: {{ apt_keyring_dir }}/jitsimeet.gpg +Enabled: yes diff --git a/webapps/jitsimeet/templates/apt/prosody.sources.j2 b/webapps/jitsimeet/templates/apt/prosody.sources.j2 new file mode 100644 index 00000000..15e84be4 --- /dev/null +++ b/webapps/jitsimeet/templates/apt/prosody.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://packages.prosody.im/debian +Suites: bookworm +Components: main +Signed-by: {{ apt_keyring_dir }}/prosody.gpg +Enabled: yes