---
# tasks file for jitsimeet install

- name: APT sources
  ansible.builtin.include_tasks: apt_sources.yml

- name: Install system dependencies
  ansible.builtin.apt:
    name: "{{ jitsimeet_system_dep }}"
    state: present
    update_cache: true

- name: Set debconf options for jitsi-meet
  ansible.builtin.debconf:
    name: "{{ item.name }}"
    question: "{{ item.question }}"
    value: "{{ item.value }}"
    vtype: "{{ item.vtype }}"
  loop:
    - name: jitsi-videobridge2
      question: jitsi-videobridge/jvb-hostname
      value: "{{ jitsimeet_domains | first }}"
      vtype: string
    - name: jitsi-meet-web-config
      question: jitsi-meet/cert-choice
      value: "{{ jitsimeet_cert_choice }}"
      vtype: string
    - name: jitsi-meet-web-config
      question: jitsi-meet/cert-path-crt
      value: "{{ jitsimeet_ssl_cert_path }}"
      vtype: string
    - name: jitsi-meet-web-config
      question: jitsi-meet/cert-path-key
      value: "{{ jitsimeet_ssl_key_path }}"
      vtype: string
    - name: jitsi-meet-prosody
      question: jitsi-meet-prosody/turn-secret
      value: "{{ jitsimeet_turn_secret }}"
      vtype: string

- name: Install Jitsi Meet
  ansible.builtin.apt:
    name: jitsi-meet
    state: present
    install_recommends: yes

- name: Install stream module for nginx
  ansible.builtin.apt:
    name: libnginx-mod-stream
    state: present

- name: Add certs dir for coturn/letsencrypt if needed
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
    mode: "{{ item.mode }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
  loop: 
    - { path: '/etc/coturn', owner: "turnserver", group: "turnserver", mode: "0700" }
    - { path: '/etc/coturn/certs', owner: "turnserver", group: "turnserver", mode: "0700" }
    - { path: '/etc/letsencrypt/renewal-hooks', owner: "root", group: "root", mode: "0700" }
    - { path: '/etc/letsencrypt/renewal-hooks/deploy', owner: "root", group: "root", mode: "0700" }

- name: Template config files
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  loop:
    - { src: 'videobridge/jvb.conf.j2', dest: "/etc/jitsi/videobridge/jvb.conf", owner: "jvb", group: "jitsi", mode: "0640" }
    - { src: 'videobridge/sip-communicator.properties.j2', dest: "/etc/jitsi/videobridge/sip-communicator.properties", owner: "jvb", group: "jitsi", mode: "0640" }
    - { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js", owner: "root", group: "root", mode: "0644" }
    - { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
    - { src: 'meet/welcomePageAdditionalContent.html.j2', dest: "/etc/jitsi/meet/welcomePageAdditionalContent.html", owner: "root", group: "root", mode: "0644" }
    - { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ jitsimeet_domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" }
    - { src: 'coturn/turnserver.conf.j2', dest: "/etc/turnserver.conf", owner: "root", group: "turnserver", mode: "0640" }
    - { src: 'certbot/coturn-certbot-deploy.sh.j2', dest: "/etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh", owner: "root", group: "root", mode: "0700" }

- name: Add bloc to jicofo.conf to disable sctp
  ansible.builtin.blockinfile:
    path: /etc/jitsi/jicofo/jicofo.conf
    marker: "# {mark} ANSIBLE MANAGED BLOCK"
    insertafter: 'jicofo {'
    block: |
        sctp: {
          enabled: false
        }

- name: Unregister default jvb account in prosody
  ansible.builtin.command: 
    cmd: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }}

- name: Register jvb account in prosody (with proper secret)
  ansible.builtin.command: 
    cmd: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }}

- name: Restart prosody
  ansible.builtin.systemd:
    name: prosody
    state: restarted

- name: Restart jvb
  ansible.builtin.systemd:
    name: jitsi-videobridge2
    state: restarted

- name: Restart jicofo
  ansible.builtin.systemd:
    name: jicofo
    state: restarted

- name: Check if SSL certificate is present and register result
  ansible.builtin.stat:
    path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
  register: ssl

- name: Generate certificate only if required (first time)
  block:
  - name: Template vhost without SSL for successfull LE challengce
    ansible.builtin.template: 
      src: "nginx/vhost.conf.j2"
      dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
  - name: Enable temporary nginx vhost
    ansible.builtin.file:
      src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
      dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
      state: link
  - name: Reload nginx conf
    ansible.builtin.systemd:
      name: nginx
      state: reloaded
  - name: Make sure /var/lib/letsencrypt exists and has correct permissions
    ansible.builtin.file: 
      path: /var/lib/letsencrypt
      state: directory
      mode: '0755'
  - name: Generate certificate with certbot
    ansible.builtin.command: 
      cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }}
  when: ssl.stat.exists != true

- name: (Re)check if SSL certificate is present and register result
  ansible.builtin.stat:
    path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
  register: ssl

- name: (Re)template conf file for nginx vhost with SSL
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
    - { src: 'nginx/vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf" }
    - { src: 'nginx/multiplex.conf.j2', dest: '/etc/nginx/modules-available/multiplex.conf' }

- name: Enable multiplex module conf
  ansible.builtin.file:
    src: '/etc/nginx/modules-available/multiplex.conf'
    dest: '/etc/nginx/modules-enabled/multiplex.conf'
    state: link

- name: Enable nginx vhost
  ansible.builtin.file:
    src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
    dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
    state: link

- name: Reload nginx conf
  ansible.builtin.systemd:
    name: nginx
    state: reloaded

- name: Check if SSL certificate for coturn is present and register result
  ansible.builtin.stat:
    path: "/etc/coturn/certs/{{ jitsimeet_turn_domains |first }}.crt"
  register: ssl_coturn

- name: Generate certificate for coturn with certbot
  ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_turn_domains |first }}
  when: ssl_coturn.stat.exists != true 

- name: Setup other domains if any
  include_tasks: other_domains.yml
  loop: "{{ jitsimeet_domains[1:] }}"
  loop_control:
    loop_var: domain