173 lines
5.3 KiB
YAML
173 lines
5.3 KiB
YAML
---
|
|
# tasks file for jitsimeet install
|
|
|
|
- name: Set FQDN
|
|
command: "hostnamectl set-hostname {{ domains | first }}"
|
|
|
|
- name: Add Prosody apt repository key
|
|
ansible.builtin.get_url:
|
|
url: https://prosody.im/files/prosody-debian-packages.key
|
|
dest: /etc/apt/trusted.gpg.d/prosody.gpg
|
|
mode: '0644'
|
|
force: true
|
|
|
|
- name: Add Jitsi Meet apt repository key
|
|
ansible.builtin.get_url:
|
|
url: https://download.jitsi.org/jitsi-key.gpg.key
|
|
dest: /etc/apt/trusted.gpg.d/jitsimeet.asc
|
|
mode: '0644'
|
|
force: true
|
|
|
|
- name: Add Prosody apt repository
|
|
ansible.builtin.apt_repository:
|
|
repo: "deb http://packages.prosody.im/debian bullseye main"
|
|
state: present
|
|
|
|
- name: Add Jitsi Meet apt repository
|
|
ansible.builtin.apt_repository:
|
|
repo: "deb https://download.jitsi.org stable/"
|
|
state: present
|
|
|
|
- name: Install system dependencies
|
|
ansible.builtin.apt:
|
|
name: "{{ system_dep }}"
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Set debconf options for jitsi-meet
|
|
ansible.builtin.debconf:
|
|
name: "{{ item.name }}"
|
|
question: "{{ item.question }}"
|
|
value: "{{ item.value }}"
|
|
vtype: "{{ item.vtype }}"
|
|
loop:
|
|
- name: jitsi-videobridge2
|
|
question: jitsi-videobridge/jvb-hostname
|
|
value: "{{ domains | first }}"
|
|
vtype: string
|
|
- name: jitsi-meet-web-config
|
|
question: jitsi-meet/cert-choice
|
|
value: "{{ jitsi_meet_cert_choice }}"
|
|
vtype: string
|
|
- name: jitsi-meet-web-config
|
|
question: jitsi-meet/cert-path-crt
|
|
value: "{{ jitsi_meet_ssl_cert_path }}"
|
|
vtype: string
|
|
- name: jitsi-meet-web-config
|
|
question: jitsi-meet/cert-path-key
|
|
value: "{{ jitsi_meet_ssl_key_path }}"
|
|
vtype: string
|
|
- name: jitsi-meet-prosody
|
|
question: jitsi-meet-prosody/turn-secret
|
|
value: "{{ jitsi_meet_turn_secret }}"
|
|
vtype: string
|
|
|
|
- name: Install Jitsi Meet
|
|
ansible.builtin.apt:
|
|
name: jitsi-meet
|
|
state: present
|
|
install_recommends: no
|
|
|
|
- name: Template config files
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "{{ item.owner }}"
|
|
group: "{{ item.group }}"
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- { src: 'videobridge/jvb.conf.j2', dest: "/etc/jitsi/videobridge/jvb.conf", owner: "jvb", group: "jitsi", mode: "0640" }
|
|
- { src: 'videobridge/sip-communicator.properties.j2', dest: "/etc/jitsi/videobridge/sip-communicator.properties", owner: "jvb", group: "jitsi", mode: "0640" }
|
|
- { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ domains | first }}-config.js", owner: "root", group: "root", mode: "0644" }
|
|
- { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" }
|
|
|
|
- name: Add bloc to jicofo.conf to disable sctp
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/jitsi/jicofo/jicofo.conf
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
insertafter: 'jicofo {'
|
|
block: |
|
|
sctp: {
|
|
enabled: false
|
|
}
|
|
|
|
- name: Unregister default jvb account in prosody
|
|
ansible.builtin.command: prosodyctl unregister jvb auth.{{ domains | first }}
|
|
|
|
- name: Register jvb account in prosody (with proper secret)
|
|
ansible.builtin.command: prosodyctl register jvb auth.{{ domains | first }} {{ jitsi_meet_jvb_secret }}
|
|
|
|
- name: Restart prosody
|
|
ansible.builtin.service:
|
|
name: prosody
|
|
state: restarted
|
|
|
|
- name: Restart jvb
|
|
ansible.builtin.service:
|
|
name: jitsi-videobridge2
|
|
state: restarted
|
|
|
|
- name: Restart jicofo
|
|
ansible.builtin.service:
|
|
name: jicofo
|
|
state: restarted
|
|
|
|
- name: Check if SSL certificate is present and register result
|
|
stat:
|
|
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
|
register: ssl
|
|
|
|
- name: Generate certificate only if required (first time)
|
|
block:
|
|
- name: Template vhost without SSL for successfull LE challengce
|
|
template:
|
|
src: "vhost.conf.j2"
|
|
dest: "/etc/nginx/sites-available/{{ domains |first }}.conf"
|
|
- name: Enable temporary nginx vhost for peertube
|
|
file:
|
|
src: "/etc/nginx/sites-available/{{ domains |first }}.conf"
|
|
dest: "/etc/nginx/sites-enabled/{{ domains |first }}.conf"
|
|
state: link
|
|
- name: Reload nginx conf
|
|
service:
|
|
name: nginx
|
|
state: reloaded
|
|
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
|
file:
|
|
path: /var/lib/letsencrypt
|
|
state: directory
|
|
mode: '0755'
|
|
- name: Generate certificate with certbot
|
|
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
|
|
when: ssl.stat.exists != true
|
|
|
|
- name: (Re)check if SSL certificate is present and register result
|
|
stat:
|
|
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
|
register: ssl
|
|
|
|
- name: (Re)template conf file for nginx vhost with SSL
|
|
template:
|
|
src: "vhost.conf.j2"
|
|
dest: "/etc/nginx/sites-available/{{ domains |first }}.conf"
|
|
|
|
- name: Enable nginx vhost for peertube
|
|
file:
|
|
src: "/etc/nginx/sites-available/{{ domains |first }}.conf"
|
|
dest: "/etc/nginx/sites-enabled/{{ domains |first }}.conf"
|
|
state: link
|
|
|
|
- name: Reload nginx conf
|
|
service:
|
|
name: nginx
|
|
state: reloaded
|
|
|
|
- name: Adjust permissions of files/folders for nginx
|
|
file:
|
|
path: "~/"
|
|
state: directory
|
|
mode: 'o=rX'
|
|
recurse: true
|
|
become_user: "{{ service }}"
|
|
|