From 7b3d3764ce235a0761b11558600b3006f7dfe16b Mon Sep 17 00:00:00 2001 From: Mathieu Gauthier-Pilote Date: Thu, 28 Mar 2024 16:08:08 -0400 Subject: [PATCH] new apt_sources.yml ; systemd + command instead of service + shell --- webapps/jitsimeet/defaults/main.yml | 1 + webapps/jitsimeet/files/jitsimeet.gpg | Bin 0 -> 2241 bytes webapps/jitsimeet/files/prosody.gpg | Bin 0 -> 1686 bytes webapps/jitsimeet/tasks/apt_sources.yml | 55 ++++++++++++++++++ webapps/jitsimeet/tasks/main.yml | 48 +++++---------- webapps/jitsimeet/tasks/other_domains.yml | 7 ++- .../templates/apt/jitsimeet.sources.j2 | 8 +++ .../templates/apt/prosody.sources.j2 | 8 +++ 8 files changed, 89 insertions(+), 38 deletions(-) create mode 100644 webapps/jitsimeet/files/jitsimeet.gpg create mode 100644 webapps/jitsimeet/files/prosody.gpg create mode 100644 webapps/jitsimeet/tasks/apt_sources.yml create mode 100644 webapps/jitsimeet/templates/apt/jitsimeet.sources.j2 create mode 100644 webapps/jitsimeet/templates/apt/prosody.sources.j2 diff --git a/webapps/jitsimeet/defaults/main.yml b/webapps/jitsimeet/defaults/main.yml index 985298b4..35b02989 100644 --- a/webapps/jitsimeet/defaults/main.yml +++ b/webapps/jitsimeet/defaults/main.yml @@ -1,5 +1,6 @@ --- # defaults file for main vars +apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}" jitsimeet_system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']" diff --git a/webapps/jitsimeet/files/jitsimeet.gpg b/webapps/jitsimeet/files/jitsimeet.gpg new file mode 100644 index 0000000000000000000000000000000000000000..2ee72812e32e7c5c38878f333351c5f759a53b28 GIT binary patch literal 2241 zcmV;y2tN0j0u2OUcx*`l5CGqNaSOAgL1aN7neB_{rSdzK(}a#uI8cmd?ibc(Qz-nR zhT|8zQV@Bf(1k*T!>tWueMidi_0+xhEr%kST#F2D&Fat0jcZE)kFb&k`iX`%mxdyxMtoB`7^&O?{pSss_npzGi3lVW8XE_I$#Wyf{!Zs*c_`ZQit zm**}n!;FWz_9`ReqPrL# z612u!D~2Q-&Co$cL{bbRdA9(Rg6QLg$-vd%qsbf;3UM*`p;33DkO_}<_~wSX^Ujk3 zJOHrqwMUU!rl?j&HLR<^r{22y5Tbwc7yS~S${@o@wVEip-rv{(CO`TROxNxE1%!G! zYj;M8F@6r{(~=v74aFAb-)JAK5gLvn)B{HeTk9U$vWMy_hYH4(HX)bSaXFiDnP6QJH2mm-1Aq4-{ zS`DJUz3X$-OpCPA(iZXkcm@RmV0dgv0viJb3ke7Z0tOWd2?z@U1Qr4V0RkQY0vCV) z3JDOj($W_3{dfl79uNS}nk`rNCnI|CQS)mCqe_!dNGEphZCW9a%`L?3A+^AX5vnW_ zleP9IQ!B-;WFSc;(5Ee>gd>DPR#(K|0W+SEsA$I4r)B5;tI;o{(!nHXpIia$^}VPM zIXmNi+{)Fv);U4Sw&PLm?Ntj}5SDH^%;RKf$HToCzoGOEL@q=*Nt%ZT&ows!3RfrP z=u29BfR4C20yAAxp}!_o$l9BqL-MKW=taCj&@=EF#K7>zAb)$KqW}n=)on`sB+a%@ z(-lA8I%c>(i^D@KtB9SPO&7X^>(M;uPPxi}ueZ6RKxCwh`x0gtl~2_zY8Pf71QFR|mS zFFO!ezh$7ARBN8R`@WiW3(S#V2AXeOB~q`Cx%Mkdj1XS-(8qO)4i)EsMOh zOk4NFSY?Dr;QqanQO&3nMje!c>3&FpJ>avE#McL?u(?V3^$EI?!GbUH6Qg?;Wgy!* z0tV}NThLTlkY6TRd5>^v51Afhn)>@gG0K_xCTQexE{E5uwcp=2;SQI%kt|;=wCqN4 z!pDx6C1uPO9`sLNW8i}4S)rqDa6LI?trH^xr_r7y`({|H0fhfD!rdcnx5v%Q!F^;- z)2aCH@JmR!0u2OUcx*`l5CGPgv;mzYacx>#+X`gX3D}k6vFGZZt5i@jG{oeRm!FHy zJ7d;Uz}0&8FV%P#B?cR#dS~0*;fZO0#gFFyS@v&k@Qbk;f)JQ9Q-jm!Db;<(U60ql73LiBcU@b15MZ zPhkAVA?Rg#0(*t7&>mTg@#aU(lpFKaj_}3I(rSm@$ms(!*Y>v^ijxa_c0(D7V#H7vrORA)60Z`hUHQCi zyj0MYD-uZuy$rIvB`mI z^S@0-$H|;JKmP5YoVLU_+JqJ}p-^M{+@&m2jGG&tn3CO+6kyfg-(@EP=2XZgs;-j2 zR16Im9A>8k8`UK->~KKw?WG;DDk*R3okRw1bZ^oR=t@Z;jszP;;n)J%)C($W_3{dfii0$_M- zNdg-T0162Zw9?WR@%?xP6C@A-um>U}XckCvq-sUCf19^{P!;}yd z&$HV$Rk&zC_wsNBgccPyP; zaR4km#9dz?(g!q6+$wGo);cM|j?&iosn@csW>ix~)x@<5`vr?-gGSiLKX;gDM`v7j zCp^9&DD>W5QQzEgg9+y780Cd}DYk5U4$Zva^s0W8W-^QViCd3)pXMpR6@yfG6_qY^ zW5`nP5O@`i^-F`8;crs$b@VAjB8I9V+)g-pj6P?>gw_oLqQmpq#A2Wbgn3iVt*r=v zJ)#e?%D6>c>oR*qymMG3q@(K&fGM<=to-dBNJ1vW6|_|WJLV(scMSFij!x~M^!fTY z9D$7xKCek(Bav)H4@g^Ks}yl}%{OGKI}<$pe!O$92VB PS3Wgnb-&h9S$aFxvL`t_ literal 0 HcmV?d00001 diff --git a/webapps/jitsimeet/files/prosody.gpg b/webapps/jitsimeet/files/prosody.gpg new file mode 100644 index 0000000000000000000000000000000000000000..117d429b10a36e6b3c965953622226f42e1a004b GIT binary patch literal 1686 zcmV;H25I@30ipy-7dkN!1OWER36gdytVU|nsY;w0g{DnUbPl+rX@>Xyyf88prJ;2F zsM~{R=Sgq!&3_1DNwS6Cl1G7sc=-|?z%uXS18SPY2i2AiQZ3{EQ@O)p)$&oi*QNF~ z(Wi^&#sa%c>%hHd7f25WsM%gd2r))V&9O6^)G!x-3Dd`q1X_3TT9{0ZcB^lfq!x`c3PMLAG zwicT?#NUF9lFqA%dK3bcKay%ZOj@Dwq{OFDe`ViOcDRspNP+|YHb@yv+zfPaxVE+t z(h?OF>7bjl)O{ah=8^3SvkFu(H}O$D`)|v6p~l&WdIoewNDFpK*-I|ygt@vFINOe5 z5GJ23MffaUE@NKE9zONoBZp_i{kLMk7+bxg6FU$}1IbdnCJi4(e(bCezo)Yu1U+QI zR**V!BdR#6e|NpGv@%d~Z*y;Cc_2wmAVg(iX<=?4P+?ce4FpOTI{*+60Kwl*BWq@_?4PYC<;KmD56_K4c@EQiFJ8t>iZ2_n_isj zOSM3F5_-!x>OnOYZHQ)rV+x<5V#R_z%Zxn`(V>uc3a7+lItNes7jvT`kToGW*DX!X z=+Fu0?DLRXT&l>KOUWf%;#f-)0xYzxK6&~(gL-(tm}x?oDGdoQbbYmm+;R6mrJYZA z?fN!kR_sSvHu9nYm18Ax-RpMrdC2&pc>CT3ZEM|G(GCM)!_-EPZbdCOQg`(F57Hp< z(Oq6B8p|4^23}y)0f^TJFKiH;_6m~l&mGdjEXaXN`G$xKAhxWqT{&PKJPy*slTiWe zKa)y8RvY2B-oAsDH00(Q<5-Y{)H1j^{05T+eJ8$V4K4b4IVTc+A;#T}NHefpKkm?{ zgetnm7#3~!UjPFI5C4A)c|a_4?#Fovu2_p%y*R*m2Yb{&qR?;RAn%-TW(B;0gfPV` zC6pQ%np)l;Bh*X0y1@kdbrddsmY0?(h$=`1kutK}XPT+@Zx)KQH$}8QH-vS6d7zNG z;>tJLrpKjhrP_x|qkh*G?T{LX2NR71vu?4c!O3MT*N_y%R?A|fxpe$DJlZH6V$r<2 zYTla8&|RYhvZA^=O-W(DL#w|5yhxvVjfsP$+f7?26e3_h@d=R-WCzJfV7?OdG=7ll zOx(UO3fZ0@2A0qf;Y^_=%97m>EC;6b*_vRjh3EmMC>9!^#1y4coKRNOdk&`Bl zS7+lq(TvIc9wK9N`EOX4oSEF&)YFO-D4@^DZa8*cNpORvV`>pGt~4`MSgd1_@bzeQ=12) + ansible.builtin.template: + src: apt/prosody.sources.j2 + dest: /etc/apt/sources.list.d/prosody.sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Add Jitsi Meet repository (Debian <12) + ansible.builtin.apt_repository: + repo: "deb [signed-by={{ apt_keyring_dir }}/jitsimeet.gpg] https://download.jitsi.org stable/" + filename: jitsimeet + state: present + update_cache: yes + when: ansible_distribution_major_version is version('12', '<') + +- name: Add Jitsi Meet repository (Debian >=12) + ansible.builtin.template: + src: apt/jitsimeet.sources.j2 + dest: /etc/apt/sources.list.d/jitsimeet.sources + when: ansible_distribution_major_version is version('12', '>=') diff --git a/webapps/jitsimeet/tasks/main.yml b/webapps/jitsimeet/tasks/main.yml index 50f1f223..59522017 100644 --- a/webapps/jitsimeet/tasks/main.yml +++ b/webapps/jitsimeet/tasks/main.yml @@ -1,33 +1,8 @@ --- # tasks file for jitsimeet install -#- name: Set FQDN -# ansible.builtin.command: "hostnamectl set-hostname {{ jitsimeet_domains | first }}" - -- name: Add Prosody apt repository key - ansible.builtin.get_url: - url: https://prosody.im/files/prosody-debian-packages.key - dest: /etc/apt/trusted.gpg.d/prosody.gpg - mode: '0644' - force: true - -- name: Add Jitsi Meet apt repository key + dearmor hack - ansible.builtin.shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg' - -- name: Adjust permissions of gpg key - ansible.builtin.file: - path: /etc/apt/trusted.gpg.d/jitsimeet.gpg - mode: '0644' - -- name: Add Prosody apt repository - ansible.builtin.apt_repository: - repo: "deb [signed-by=/etc/apt/trusted.gpg.d/prosody.gpg] https://packages.prosody.im/debian {{ ansible_distribution_release }} main" - state: present - -- name: Add Jitsi Meet apt repository - ansible.builtin.apt_repository: - repo: "deb [signed-by=/etc/apt/trusted.gpg.d/jitsimeet.gpg] https://download.jitsi.org stable/" - state: present +- name: APT sources + ansible.builtin.include_tasks: apt_sources.yml - name: Install system dependencies ansible.builtin.apt: @@ -115,23 +90,25 @@ } - name: Unregister default jvb account in prosody - ansible.builtin.command: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }} + ansible.builtin.command: + cmd: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }} - name: Register jvb account in prosody (with proper secret) - ansible.builtin.command: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }} + ansible.builtin.command: + cmd: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }} - name: Restart prosody - ansible.builtin.service: + ansible.builtin.systemd: name: prosody state: restarted - name: Restart jvb - ansible.builtin.service: + ansible.builtin.systemd: name: jitsi-videobridge2 state: restarted - name: Restart jicofo - ansible.builtin.service: + ansible.builtin.systemd: name: jicofo state: restarted @@ -152,7 +129,7 @@ dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf" state: link - name: Reload nginx conf - ansible.builtin.service: + ansible.builtin.systemd: name: nginx state: reloaded - name: Make sure /var/lib/letsencrypt exists and has correct permissions @@ -161,7 +138,8 @@ state: directory mode: '0755' - name: Generate certificate with certbot - ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }} + ansible.builtin.command: + cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }} when: ssl.stat.exists != true - name: (Re)check if SSL certificate is present and register result @@ -190,7 +168,7 @@ state: link - name: Reload nginx conf - ansible.builtin.service: + ansible.builtin.systemd: name: nginx state: reloaded diff --git a/webapps/jitsimeet/tasks/other_domains.yml b/webapps/jitsimeet/tasks/other_domains.yml index 04175831..2982c8c6 100644 --- a/webapps/jitsimeet/tasks/other_domains.yml +++ b/webapps/jitsimeet/tasks/other_domains.yml @@ -29,7 +29,7 @@ dest: "/etc/nginx/sites-enabled/{{ domain }}.conf" state: link - name: Reload nginx conf - ansible.builtin.service: + ansible.builtin.systemd: name: nginx state: reloaded - name: Make sure /var/lib/letsencrypt exists and has correct permissions @@ -38,7 +38,8 @@ state: directory mode: '0755' - name: Generate certificate with certbot - ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }} + ansible.builtin.command: + cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }} when: ssl.stat.exists != true - name: (Re)check if SSL certificate is present and register result @@ -66,6 +67,6 @@ state: link - name: Reload nginx conf - ansible.builtin.service: + ansible.builtin.systemd: name: nginx state: reloaded diff --git a/webapps/jitsimeet/templates/apt/jitsimeet.sources.j2 b/webapps/jitsimeet/templates/apt/jitsimeet.sources.j2 new file mode 100644 index 00000000..9acd6c0d --- /dev/null +++ b/webapps/jitsimeet/templates/apt/jitsimeet.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://download.jitsi.org +Suites: stable/ +#Components: main +Signed-by: {{ apt_keyring_dir }}/jitsimeet.gpg +Enabled: yes diff --git a/webapps/jitsimeet/templates/apt/prosody.sources.j2 b/webapps/jitsimeet/templates/apt/prosody.sources.j2 new file mode 100644 index 00000000..15e84be4 --- /dev/null +++ b/webapps/jitsimeet/templates/apt/prosody.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://packages.prosody.im/debian +Suites: bookworm +Components: main +Signed-by: {{ apt_keyring_dir }}/prosody.gpg +Enabled: yes