diff options
| author |  shtlrs <[email protected]> | 2024-08-19 15:07:47 +0100 |
|---|---|---|
| committer | shtlrs <[email protected]> | 2024-08-19 15:30:24 +0100 |
| commit | 9502167cbe843602cbec91153575534e0462c3a3 (patch) | |
| tree | b009237a0aee52d4798d0dd12757dd29776dee1b | |
| parent | allow needed tcp and udp traffic for jitsi services (diff) | |
add a jitsi role
This adds the necessary package repos necessary to install jitsi, preseeds debconf with the questions needed by the jitsi pkg and installs it
| -rw-r--r-- | ansible/roles/jitsi/README.md | 3 | ||||
| -rw-r--r-- | ansible/roles/jitsi/handlers/main.yml | 15 | ||||
| -rw-r--r-- | ansible/roles/jitsi/meta/main.yml | 4 | ||||
| -rw-r--r-- | ansible/roles/jitsi/tasks/main.yml | 101 | ||||
| -rw-r--r-- | ansible/roles/jitsi/vars/main.yml | 29 |
5 files changed, 152 insertions, 0 deletions
diff --git a/ansible/roles/jitsi/README.md b/ansible/roles/jitsi/README.md new file mode 100644 index 0000000..ca37567 --- /dev/null +++ b/ansible/roles/jitsi/README.md @@ -0,0 +1,3 @@ +# Role "jitsi" + +Install Jitsi Meet on target hosts. diff --git a/ansible/roles/jitsi/handlers/main.yml b/ansible/roles/jitsi/handlers/main.yml new file mode 100644 index 0000000..30f7d28 --- /dev/null +++ b/ansible/roles/jitsi/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: Restart the Jitsi video bridge service + service: + name: jitsi-videobridge2 + state: restarted + +- name: Restart the Jitsi jicofo service + service: + name: jicofo + state: restarted + +- name: Restart the Jitsi prosody service + service: + name: prosody + state: restarted diff --git a/ansible/roles/jitsi/meta/main.yml b/ansible/roles/jitsi/meta/main.yml new file mode 100644 index 0000000..44652ee --- /dev/null +++ b/ansible/roles/jitsi/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - nftables + - nginx diff --git a/ansible/roles/jitsi/tasks/main.yml b/ansible/roles/jitsi/tasks/main.yml new file mode 100644 index 0000000..594becd --- /dev/null +++ b/ansible/roles/jitsi/tasks/main.yml @@ -0,0 +1,101 @@ +--- +- name: Download and add Prosody Debian packages key + ansible.builtin.get_url: + url: https://prosody.im/files/prosody-debian-packages.key + dest: /etc/apt/keyrings/prosody-debian-packages.key + mode: '0644' + tags: + - role::jitsi + +- name: Add Prosody repository to sources list + ansible.builtin.apt_repository: + repo: "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian {{ ansible_distribution_release }} main" + filename: prosody-debian-packages + tags: + - role::jitsi + +- name: Install lua5.2 + ansible.builtin.apt: + name: lua5.2 + state: present + tags: + - role::jitsi + + +- name: Fetch Jitsi GPG key + ansible.builtin.get_url: + url: https://download.jitsi.org/jitsi-key.gpg.key + dest: /tmp/jitsi-key.gpg.key + mode: "u=rw,g=r,o=r" + tags: + - role::jitsi + +- name: Convert GPG key to keyring format + ansible.builtin.command: + cmd: gpg --dearmor -o /etc/apt/keyrings/jitsi-keyring.gpg /tmp/jitsi-key.gpg.key + creates: /etc/apt/keyrings/jitsi-keyring.gpg + tags: + - role::jitsi + +- name: Clean up temporary GPG key file + ansible.builtin.file: + path: /tmp/jitsi-key.gpg.key + state: absent + tags: + - role::jitsi + +- name: Add Jitsi repository to sources list + ansible.builtin.apt_repository: + repo: "deb [signed-by=/etc/apt/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/" + filename: jitsi-stable + tags: + - role::jitsi + +- name: Preconfigure debconf settings for Jitsi + debconf: + name: "{{ item.name }}" + question: "{{ item.question }}" + value: "{{ item.value }}" + vtype: "{{ item.vtype }}" + loop: "{{ jitsi_debconf_questions }}" + tags: + - role::jitsi + + +- name: Install Jitsi + ansible.builtin.apt: + name: jitsi-meet + state: present + tags: + - role::jitsi + +- name: Activate the jitsi server block + ansible.builtin.file: + src: /etc/nginx/sites-available/jitsi.pydis.wtf.conf + path: /etc/nginx/sites-enabled/jitsi.pydis.wtf.conf + state: link + tags: + - role::jitsi + notify: + - Reload the nginx service + +# Without this, all clients won't be able to connect to the video bridge. +# Looking at /var/logs/prosody/prosody.logs, we see the "sslv3 alert certificate unknown" error +# Solution was found on the Jitsi forum +# https://community.jitsi.org/t/ssl-handshake-error-sslv3-alert-certificate-unknown/41245 + +- name: Disable Video Bridge certificate verification + lineinfile: + dest: /etc/jitsi/videobridge/sip-communicator.properties + line: org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true + state: present + create: false + owner: jvb + group: jitsi + + notify: + - Restart the Jitsi video bridge service + - Restart the Jitsi prosody service + - Restart the Jitsi jicofo service + tags: + - role::jitsi diff --git a/ansible/roles/jitsi/vars/main.yml b/ansible/roles/jitsi/vars/main.yml new file mode 100644 index 0000000..bebe567 --- /dev/null +++ b/ansible/roles/jitsi/vars/main.yml @@ -0,0 +1,29 @@ +--- + + +jitsi_debconf_questions: + - name: 'jitsi-meet-web-config' + question: 'jitsi-meet/cert-choice' + value: 'I want to use my own certificate' + vtype: 'select' + + - name: 'jitsi-meet-web-config' + question: 'jitsi-meet/cert-path-crt' + value: '/etc/letsencrypt/live/pydis.wtf/fullchain.pem' + vtype: 'string' + + - name: 'jitsi-meet-web-config' + question: 'jitsi-meet/cert-path-key' + value: '/etc/letsencrypt/live/pydis.wtf/privkey.pem' + vtype: 'string' + + - name: 'jitsi-meet-web-config' + question: 'jitsi-meet/jaas-choice' + value: 'false' + vtype: 'boolean' + + + - name: 'jitsi-videobridge2' + question: 'jitsi-videobridge/jvb-hostname' + value: 'jitsi.pydis.wtf' + vtype: 'string' |