new apt_sources.yml ; systemd + command instead of service + shell
This commit is contained in:
parent
41e8f376ee
commit
7b3d3764ce
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
# defaults file for main vars
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
||||
|
||||
jitsimeet_system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']"
|
||||
|
||||
|
|
BIN
webapps/jitsimeet/files/jitsimeet.gpg
Normal file
BIN
webapps/jitsimeet/files/jitsimeet.gpg
Normal file
Binary file not shown.
BIN
webapps/jitsimeet/files/prosody.gpg
Normal file
BIN
webapps/jitsimeet/files/prosody.gpg
Normal file
Binary file not shown.
55
webapps/jitsimeet/tasks/apt_sources.yml
Normal file
55
webapps/jitsimeet/tasks/apt_sources.yml
Normal file
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
|
||||
- name: "Ensure {{ apt_keyring_dir }} directory exists"
|
||||
file:
|
||||
path: "{{ apt_keyring_dir }}"
|
||||
state: directory
|
||||
mode: "755"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Prosody GPG key is installed
|
||||
ansible.builtin.copy:
|
||||
src: prosody.gpg
|
||||
dest: "{{ apt_keyring_dir }}/prosody.gpg"
|
||||
force: true
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Jitsi Meet GPG key is installed
|
||||
ansible.builtin.copy:
|
||||
src: jitsimeet.gpg
|
||||
dest: "{{ apt_keyring_dir }}/jitsimeet.gpg"
|
||||
force: true
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Add Prosody repository (Debian <12)
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/prosody.gpg] https://packages.prosody.im/debian {{ ansible_distribution_release }} main"
|
||||
filename: prosody
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_distribution_major_version is version('12', '<')
|
||||
|
||||
- name: Add Prosody repository (Debian >=12)
|
||||
ansible.builtin.template:
|
||||
src: apt/prosody.sources.j2
|
||||
dest: /etc/apt/sources.list.d/prosody.sources
|
||||
when: ansible_distribution_major_version is version('12', '>=')
|
||||
|
||||
- name: Add Jitsi Meet repository (Debian <12)
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/jitsimeet.gpg] https://download.jitsi.org stable/"
|
||||
filename: jitsimeet
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_distribution_major_version is version('12', '<')
|
||||
|
||||
- name: Add Jitsi Meet repository (Debian >=12)
|
||||
ansible.builtin.template:
|
||||
src: apt/jitsimeet.sources.j2
|
||||
dest: /etc/apt/sources.list.d/jitsimeet.sources
|
||||
when: ansible_distribution_major_version is version('12', '>=')
|
|
@ -1,33 +1,8 @@
|
|||
---
|
||||
# tasks file for jitsimeet install
|
||||
|
||||
#- name: Set FQDN
|
||||
# ansible.builtin.command: "hostnamectl set-hostname {{ jitsimeet_domains | first }}"
|
||||
|
||||
- name: Add Prosody apt repository key
|
||||
ansible.builtin.get_url:
|
||||
url: https://prosody.im/files/prosody-debian-packages.key
|
||||
dest: /etc/apt/trusted.gpg.d/prosody.gpg
|
||||
mode: '0644'
|
||||
force: true
|
||||
|
||||
- name: Add Jitsi Meet apt repository key + dearmor hack
|
||||
ansible.builtin.shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg'
|
||||
|
||||
- name: Adjust permissions of gpg key
|
||||
ansible.builtin.file:
|
||||
path: /etc/apt/trusted.gpg.d/jitsimeet.gpg
|
||||
mode: '0644'
|
||||
|
||||
- name: Add Prosody apt repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [signed-by=/etc/apt/trusted.gpg.d/prosody.gpg] https://packages.prosody.im/debian {{ ansible_distribution_release }} main"
|
||||
state: present
|
||||
|
||||
- name: Add Jitsi Meet apt repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [signed-by=/etc/apt/trusted.gpg.d/jitsimeet.gpg] https://download.jitsi.org stable/"
|
||||
state: present
|
||||
- name: APT sources
|
||||
ansible.builtin.include_tasks: apt_sources.yml
|
||||
|
||||
- name: Install system dependencies
|
||||
ansible.builtin.apt:
|
||||
|
@ -115,23 +90,25 @@
|
|||
}
|
||||
|
||||
- name: Unregister default jvb account in prosody
|
||||
ansible.builtin.command: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }}
|
||||
ansible.builtin.command:
|
||||
cmd: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }}
|
||||
|
||||
- name: Register jvb account in prosody (with proper secret)
|
||||
ansible.builtin.command: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }}
|
||||
ansible.builtin.command:
|
||||
cmd: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }}
|
||||
|
||||
- name: Restart prosody
|
||||
ansible.builtin.service:
|
||||
ansible.builtin.systemd:
|
||||
name: prosody
|
||||
state: restarted
|
||||
|
||||
- name: Restart jvb
|
||||
ansible.builtin.service:
|
||||
ansible.builtin.systemd:
|
||||
name: jitsi-videobridge2
|
||||
state: restarted
|
||||
|
||||
- name: Restart jicofo
|
||||
ansible.builtin.service:
|
||||
ansible.builtin.systemd:
|
||||
name: jicofo
|
||||
state: restarted
|
||||
|
||||
|
@ -152,7 +129,7 @@
|
|||
dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
|
||||
state: link
|
||||
- name: Reload nginx conf
|
||||
ansible.builtin.service:
|
||||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
||||
|
@ -161,7 +138,8 @@
|
|||
state: directory
|
||||
mode: '0755'
|
||||
- name: Generate certificate with certbot
|
||||
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }}
|
||||
ansible.builtin.command:
|
||||
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }}
|
||||
when: ssl.stat.exists != true
|
||||
|
||||
- name: (Re)check if SSL certificate is present and register result
|
||||
|
@ -190,7 +168,7 @@
|
|||
state: link
|
||||
|
||||
- name: Reload nginx conf
|
||||
ansible.builtin.service:
|
||||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
||||
state: link
|
||||
- name: Reload nginx conf
|
||||
ansible.builtin.service:
|
||||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
||||
|
@ -38,7 +38,8 @@
|
|||
state: directory
|
||||
mode: '0755'
|
||||
- name: Generate certificate with certbot
|
||||
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }}
|
||||
ansible.builtin.command:
|
||||
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }}
|
||||
when: ssl.stat.exists != true
|
||||
|
||||
- name: (Re)check if SSL certificate is present and register result
|
||||
|
@ -66,6 +67,6 @@
|
|||
state: link
|
||||
|
||||
- name: Reload nginx conf
|
||||
ansible.builtin.service:
|
||||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
|
8
webapps/jitsimeet/templates/apt/jitsimeet.sources.j2
Normal file
8
webapps/jitsimeet/templates/apt/jitsimeet.sources.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
Types: deb
|
||||
URIs: https://download.jitsi.org
|
||||
Suites: stable/
|
||||
#Components: main
|
||||
Signed-by: {{ apt_keyring_dir }}/jitsimeet.gpg
|
||||
Enabled: yes
|
8
webapps/jitsimeet/templates/apt/prosody.sources.j2
Normal file
8
webapps/jitsimeet/templates/apt/prosody.sources.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
Types: deb
|
||||
URIs: https://packages.prosody.im/debian
|
||||
Suites: bookworm
|
||||
Components: main
|
||||
Signed-by: {{ apt_keyring_dir }}/prosody.gpg
|
||||
Enabled: yes
|
Loading…
Reference in a new issue