Use latest env.example as template

webapps/jitsimeet/LISEZMOI.md

@@ -0,0 +1,47 @@
+jitsimeet
+=====
+
+Ce rôle installe un serveur jitsimeet. 
+
+Notez qu'hormis le présent fichier LISEZMOI.md, tous les fichiers du rôle jitsimeet sont rédigés en anglais afin de suivre les conventions de la communauté Ansible, favoriser sa réutilisation et son amélioration, etc. Libre à vous cependant de faire appel à ce role dans un playbook rédigé principalement en français ou toute autre langue.
+
+Requis
+------
+
+...
+
+Variables du rôle
+-----------------
+
+Plusieurs des valeurs par défaut dans defaults/main.yml doivent être changées soit directement dans defaults/main.yml ou mieux encore en les supplantant ailleurs, par exemple dans votre playbook (voir l'exemple ci-bas).
+
+Dépendances
+------------
+
+...
+
+Exemple de playbook
+-------------------
+
+```
+- name: "Déployer un serveur jitsimeet"
+  hosts: 
+    - all
+  vars:
+    # Supplanter ici les variables du rôle
+    domains: ['votre-vrai-domaine.org']
+    service: 'mon-jitsimeet'
+
+  roles:
+    - { role: webapps/jitsimeet , tags: "jitsimeet" }
+```
+
+Licence
+-------
+
+GPLv3
+
+Infos sur l'auteur
+------------------
+
+Mathieu Gauthier-Pilote, administrateur de systèmes chez Evolix.

webapps/jitsimeet/README.md

@@ -0,0 +1,47 @@
+jitsimeet
+=====
+
+This role installs or upgrades the server for jitsimeet. 
+
+FRENCH: Voir le fichier LISEZMOI.md pour le français.
+
+Requirements
+------------
+
+...
+
+Role Variables
+--------------
+
+Several of the default values in defaults/main.yml must be changed either directly in defaults/main.yml or better even by overwriting them somewhere else, for example in your playbook (see the example below).
+
+Dependencies
+------------
+
+...
+
+Example Playbook
+----------------
+
+```
+- name: "Deploy a jitsimeet server"
+  hosts: 
+    - all
+  vars:
+    # Overwrite the role variables here
+    domains: ['your-real-domain.org']
+    service: 'my-jitsimeet'
+
+  roles:
+    - { role: webapps/jitsimeet , tags: "jitsimeet" }
+```
+
+License
+-------
+
+GPLv3
+
+Author Information
+------------------
+
+Mathieu Gauthier-Pilote, sys. admin. at Evolix.

webapps/jitsimeet/defaults/main.yml

@@ -0,0 +1,18 @@
+---
+# defaults file for main vars
+
+version: "stable-8319" # 7 March 2023
+version_old: "stable-8252" # used by jitsimeet/tasks/upgrade.yml
+unix_user: "jitsi_user362"
+config_dirs: "['~/.jitsi-meet-cfg/web', '~/.jitsi-meet-cfg/web/letsencrypt', '~/.jitsi-meet-cfg/transcripts', '~/.jitsi-meet-cfg/prosody', '~/.jitsi-meet-cfg/prosody/config', '~/.jitsi-meet-cfg/prosody/prosody-plugins-custom', '~/.jitsi-meet-cfg/jicofo', '~/.jitsi-meet-cfg/jvb', '~/.jitsi-meet-cfg/jigasi', '~/.jitsi-meet-cfg/jibri']"
+
+# Variables for the Jitsi Meet docker-compose .env du projet 
+http_port: "80"
+https_port: "443"
+time_zone: "UTC"
+public_url: "https://jitsi.mydomain.net"
+letsencrypt: "1"
+letsencrypt_domain: "jitsi.mydomain.net"
+letsencrypt_email: "somename@mmydomain.net"
+http_redir: "1"
+hsts: "1"

webapps/jitsimeet/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file

webapps/jitsimeet/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Mathieu Gauthier-Pilote
+  description: sys. admin.
+  company: Evolix
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license GPL-3.0-only
+
+  min_ansible_version: 2.10
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

webapps/jitsimeet/tasks/main.yml

@@ -0,0 +1,52 @@
+---
+# tasks file for jitsimeet install
+
+- name: "Add unix user for docker/docker-compose"
+  user:
+    name: "{{ unix_user }}"
+    groups: docker
+    home: "/var/opt/{{ unix_user }}"
+    shell: /bin/bash
+#    umask: "0022" requires ansible-core 2.12
+    append: yes
+
+#- name: "Set the value of umask for unix user"
+#  lineinfile:
+#    path: "/var/opt/{{ unix_user }}/.profile"
+#    regexp: '^#umask'
+#    line: umask 022
+    
+- name: "Download and uncompress Docker Compose project for Jitsi Meet"
+  unarchive: 
+    src: "https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/{{ version }}.tar.gz"
+    dest: "/var/opt/{{ unix_user }}"
+    remote_src: yes
+  become_user: "{{ unix_user }}"
+
+- name: "Template .env for Jitsi Meet's Docker Compose project"
+  template:
+    src: "env.j2"
+    dest: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/.env"
+    owner: "{{ unix_user }}"
+    group: "{{ unix_user }}"
+    mode: '644'
+
+- name: "(Re)generate strong passwords using dev provided script"
+  command: ./gen-passwords.sh
+  args:
+    chdir: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/"
+  become_user: "{{ unix_user }}"
+
+- name: "Add required config directories" 
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '755'
+  loop: "{{ config_dirs }}"
+  become_user: "{{ unix_user }}"
+
+- name: "Start services via docker-compose"
+  docker_compose:
+    project_src: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}"
+    state: present
+  become_user: "{{ unix_user }}"

webapps/jitsimeet/tasks/upgrade.yml

@@ -0,0 +1,35 @@
+---
+# tasks file for jitsimeet upgrade
+
+- name: "Stop running services via docker-compose"
+  docker_compose:
+    project_src: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version_old }}"
+    state: absent
+  become_user: "{{ unix_user }}"
+
+- name: "Download and uncompress new Docker Compose project for Jitsi Meet"
+  unarchive: 
+    src: "https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/{{ version }}.tar.gz"
+    dest: "/var/opt/{{ unix_user }}"
+    remote_src: yes
+  become_user: "{{ unix_user }}"
+
+- name: "Template .env for Jitsi Meet's Docker Compose project"
+  template:
+    src: "env.j2"
+    dest: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/.env"
+    owner: "{{ unix_user }}"
+    group: "{{ unix_user }}"
+    mode: '644'
+
+- name: "(Re)generate strong passwords using dev provided script"
+  command: ./gen-passwords.sh
+  args:
+    chdir: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/"
+  become_user: "{{ unix_user }}"
+  
+- name: "Start services via docker-compose"
+  docker_compose:
+    project_src: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}"
+    state: present
+  become_user: "{{ unix_user }}"

webapps/jitsimeet/templates/env.j2

@@ -0,0 +1,232 @@
+# shellcheck disable=SC2034
+
+################################################################################
+################################################################################
+# Welcome to the Jitsi Meet Docker setup!
+#
+# This sample .env file contains some basic options to get you started.
+# The full options reference can be found here:
+# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
+################################################################################
+################################################################################
+
+
+#
+# Basic configuration options
+#
+
+# Directory where all configuration will be stored
+CONFIG=~/.jitsi-meet-cfg
+
+# Exposed HTTP port
+HTTP_PORT={{ http_port }}
+
+# Exposed HTTPS port
+HTTPS_PORT={{ https_port }}
+
+# System time zone
+TZ={{ time_zone }}
+
+# Public URL for the web service (required)
+PUBLIC_URL={{ public_url }}
+
+# Media IP addresses to advertise by the JVB
+# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
+# See the "Running behind NAT or on a LAN environment" section in the Handbook:
+# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
+#JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4
+
+
+#
+# JaaS Components (beta)
+# https://jaas.8x8.vc
+#
+
+# Enable JaaS Components (hosted Jigasi)
+# NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL
+#ENABLE_JAAS_COMPONENTS=0
+
+#
+# Let's Encrypt configuration
+#
+
+# Enable Let's Encrypt certificate generation
+ENABLE_LETSENCRYPT={{ letsencrypt }}
+
+# Domain for which to generate the certificate
+LETSENCRYPT_DOMAIN={{ letsencrypt_domain }}
+
+# E-Mail for receiving important account notifications (mandatory)
+LETSENCRYPT_EMAIL={{ letsencrypt_email }}
+
+# Use the staging server (for avoiding rate limits while testing)
+#LETSENCRYPT_USE_STAGING=1
+
+
+#
+# Etherpad integration (for document sharing)
+#
+
+# Set etherpad-lite URL in docker local network (uncomment to enable)
+#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
+
+# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
+#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
+
+# Name your etherpad instance!
+ETHERPAD_TITLE=Video Chat
+
+# The default text of a pad
+ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
+
+# Name of the skin for etherpad
+ETHERPAD_SKIN_NAME=colibris
+
+# Skin variants for etherpad
+ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
+
+
+#
+# Basic Jigasi configuration options (needed for SIP gateway support)
+#
+
+# SIP URI for incoming / outgoing calls
+#JIGASI_SIP_URI=test@sip2sip.info
+
+# Password for the specified SIP account as a clear text
+#JIGASI_SIP_PASSWORD=passw0rd
+
+# SIP server (use the SIP account domain if in doubt)
+#JIGASI_SIP_SERVER=sip2sip.info
+
+# SIP server port
+#JIGASI_SIP_PORT=5060
+
+# SIP server transport
+#JIGASI_SIP_TRANSPORT=UDP
+
+
+#
+# Authentication configuration (see handbook for details)
+#
+
+# Enable authentication
+#ENABLE_AUTH=1
+
+# Enable guest access
+#ENABLE_GUESTS=1
+
+# Select authentication type: internal, jwt, ldap or matrix
+#AUTH_TYPE=internal
+
+# JWT authentication
+#
+
+# Application identifier
+#JWT_APP_ID=my_jitsi_app_id
+
+# Application secret known only to your token generator
+#JWT_APP_SECRET=my_jitsi_app_secret
+
+# (Optional) Set asap_accepted_issuers as a comma separated list
+#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
+
+# (Optional) Set asap_accepted_audiences as a comma separated list
+#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
+
+# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
+#
+
+# LDAP url for connection
+#LDAP_URL=ldaps://ldap.domain.com/
+
+# LDAP base DN. Can be empty
+#LDAP_BASE=DC=example,DC=domain,DC=com
+
+# LDAP user DN. Do not specify this parameter for the anonymous bind
+#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
+
+# LDAP user password. Do not specify this parameter for the anonymous bind
+#LDAP_BINDPW=LdapUserPassw0rd
+
+# LDAP filter. Tokens example:
+# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
+# %s - %s is replaced by the complete service string
+# %r - %r is replaced by the complete realm string
+#LDAP_FILTER=(sAMAccountName=%u)
+
+# LDAP authentication method
+#LDAP_AUTH_METHOD=bind
+
+# LDAP version
+#LDAP_VERSION=3
+
+# LDAP TLS using
+#LDAP_USE_TLS=1
+
+# List of SSL/TLS ciphers to allow
+#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
+
+# Require and verify server certificate
+#LDAP_TLS_CHECK_PEER=1
+
+# Path to CA cert file. Used when server certificate verify is enabled
+#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
+# Path to CA certs directory. Used when server certificate verify is enabled
+#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
+
+# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
+# LDAP_START_TLS=1
+
+
+#
+# Security
+#
+# Set these to strong passwords to avoid intruders from impersonating a service account
+# The service(s) won't start unless these are specified
+# Running ./gen-passwords.sh will update .env with strong passwords
+# You may skip the Jigasi and Jibri passwords if you are not using those
+# DO NOT reuse passwords
+#
+
+# XMPP password for Jicofo client connections
+JICOFO_AUTH_PASSWORD=
+
+# XMPP password for JVB client connections
+JVB_AUTH_PASSWORD=
+
+# XMPP password for Jigasi MUC client connections
+JIGASI_XMPP_PASSWORD=
+
+# XMPP recorder password for Jibri client connections
+JIBRI_RECORDER_PASSWORD=
+
+# XMPP password for Jibri client connections
+JIBRI_XMPP_PASSWORD=
+
+#
+# HTTPS, HSTS
+#
+
+# Disable HTTPS: handle TLS connections outside of this setup
+#DISABLE_HTTPS=1
+
+# Redirect HTTP traffic to HTTPS
+# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
+ENABLE_HTTP_REDIRECT={{ http_redir }}
+
+# Send a `strict-transport-security` header to force browsers to use
+# a secure and trusted connection. Recommended for production use.
+# Defaults to 1 (send the header).
+ENABLE_HSTS={{ hsts }}
+
+#
+# Docker Compose options
+#
+
+# Container restart policy
+#RESTART_POLICY=unless-stopped
+
+# Jitsi image version (useful for local development)
+#JITSI_IMAGE_VERSION=latest

webapps/jitsimeet/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

webapps/jitsimeet/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - jitsimeet

webapps/jitsimeet/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file