move jitsi installation to an `install` task

This is because there will be multiple steps in deploying jitsi, and we don't want to overcrowd the `main` task file
author: shtlrs <[email protected]> 2024-08-19 21:50:59 +0100
committer: shtlrs <[email protected]> 2024-08-19 21:50:59 +0100
commit: 76d5cbed05fa84876a061f308298202feb612da4 (patch)
tree: a4bd6eb1857a16e1c3e5c8ad5b669b15f438d618 /ansible
parent: remove joe's LDAP login dictatorship (diff)
2 files changed, 103 insertions, 100 deletions
diff --git a/ansible/roles/jitsi/tasks/install.yml b/ansible/roles/jitsi/tasks/install.yml
new file mode 100644
index 0000000..594becd
--- /dev/null
+++ b/ansible/roles/jitsi/tasks/install.yml
@@ -0,0 +1,101 @@
+---
+- name: Download and add Prosody Debian packages key
+  ansible.builtin.get_url:
+    url: https://prosody.im/files/prosody-debian-packages.key
+    dest: /etc/apt/keyrings/prosody-debian-packages.key
+    mode: '0644'
+  tags:
+    - role::jitsi
+
+- name: Add Prosody repository to sources list
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian {{ ansible_distribution_release }} main"
+    filename: prosody-debian-packages
+  tags:
+    - role::jitsi
+
+- name: Install lua5.2
+  ansible.builtin.apt:
+    name: lua5.2
+    state: present
+  tags:
+    - role::jitsi
+
+
+- name: Fetch Jitsi GPG key
+  ansible.builtin.get_url:
+    url: https://download.jitsi.org/jitsi-key.gpg.key
+    dest: /tmp/jitsi-key.gpg.key
+    mode: "u=rw,g=r,o=r"
+  tags:
+    - role::jitsi
+
+- name: Convert GPG key to keyring format
+  ansible.builtin.command:
+    cmd: gpg --dearmor -o /etc/apt/keyrings/jitsi-keyring.gpg /tmp/jitsi-key.gpg.key
+    creates: /etc/apt/keyrings/jitsi-keyring.gpg
+  tags:
+    - role::jitsi
+
+- name: Clean up temporary GPG key file
+  ansible.builtin.file:
+    path: /tmp/jitsi-key.gpg.key
+    state: absent
+  tags:
+    - role::jitsi
+
+- name: Add Jitsi repository to sources list
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/"
+    filename: jitsi-stable
+  tags:
+    - role::jitsi
+
+- name: Preconfigure debconf settings for Jitsi
+  debconf:
+    name: "{{ item.name }}"
+    question: "{{ item.question }}"
+    value: "{{ item.value }}"
+    vtype: "{{ item.vtype }}"
+  loop: "{{ jitsi_debconf_questions }}"
+  tags:
+    - role::jitsi
+
+
+- name: Install Jitsi
+  ansible.builtin.apt:
+    name: jitsi-meet
+    state: present
+  tags:
+    - role::jitsi
+
+- name: Activate the jitsi server block
+  ansible.builtin.file:
+    src: /etc/nginx/sites-available/jitsi.pydis.wtf.conf
+    path: /etc/nginx/sites-enabled/jitsi.pydis.wtf.conf
+    state: link
+  tags:
+    - role::jitsi
+  notify:
+    - Reload the nginx service
+
+# Without this, all clients won't be able to connect to the video bridge.
+# Looking at /var/logs/prosody/prosody.logs, we see the "sslv3 alert certificate unknown" error
+# Solution was found on the Jitsi forum
+# https://community.jitsi.org/t/ssl-handshake-error-sslv3-alert-certificate-unknown/41245
+
+- name: Disable Video Bridge certificate verification
+  lineinfile:
+    dest: /etc/jitsi/videobridge/sip-communicator.properties
+    line: org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
+    state: present
+    create: false
+    owner: jvb
+    group: jitsi
+
+  notify:
+    - Restart the Jitsi video bridge service
+    - Restart the Jitsi prosody service
+    - Restart the Jitsi jicofo service
+  tags:
+    - role::jitsi
diff --git a/ansible/roles/jitsi/tasks/main.yml b/ansible/roles/jitsi/tasks/main.yml
index 594becd..394147f 100644
--- a/ansible/roles/jitsi/tasks/main.yml
+++ b/ansible/roles/jitsi/tasks/main.yml
@@ -1,101 +1,3 @@
 ---
-- name: Download and add Prosody Debian packages key
-  ansible.builtin.get_url:
-    url: https://prosody.im/files/prosody-debian-packages.key
-    dest: /etc/apt/keyrings/prosody-debian-packages.key
-    mode: '0644'
-  tags:
-    - role::jitsi
-
-- name: Add Prosody repository to sources list
-  ansible.builtin.apt_repository:
-    repo: "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian {{ ansible_distribution_release }} main"
-    filename: prosody-debian-packages
-  tags:
-    - role::jitsi
-
-- name: Install lua5.2
-  ansible.builtin.apt:
-    name: lua5.2
-    state: present
-  tags:
-    - role::jitsi
-
-
-- name: Fetch Jitsi GPG key
-  ansible.builtin.get_url:
-    url: https://download.jitsi.org/jitsi-key.gpg.key
-    dest: /tmp/jitsi-key.gpg.key
-    mode: "u=rw,g=r,o=r"
-  tags:
-    - role::jitsi
-
-- name: Convert GPG key to keyring format
-  ansible.builtin.command:
-    cmd: gpg --dearmor -o /etc/apt/keyrings/jitsi-keyring.gpg /tmp/jitsi-key.gpg.key
-    creates: /etc/apt/keyrings/jitsi-keyring.gpg
-  tags:
-    - role::jitsi
-
-- name: Clean up temporary GPG key file
-  ansible.builtin.file:
-    path: /tmp/jitsi-key.gpg.key
-    state: absent
-  tags:
-    - role::jitsi
-
-- name: Add Jitsi repository to sources list
-  ansible.builtin.apt_repository:
-    repo: "deb [signed-by=/etc/apt/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/"
-    filename: jitsi-stable
-  tags:
-    - role::jitsi
-
-- name: Preconfigure debconf settings for Jitsi
-  debconf:
-    name: "{{ item.name }}"
-    question: "{{ item.question }}"
-    value: "{{ item.value }}"
-    vtype: "{{ item.vtype }}"
-  loop: "{{ jitsi_debconf_questions }}"
-  tags:
-    - role::jitsi
-
-
-- name: Install Jitsi
-  ansible.builtin.apt:
-    name: jitsi-meet
-    state: present
-  tags:
-    - role::jitsi
-
-- name: Activate the jitsi server block
-  ansible.builtin.file:
-    src: /etc/nginx/sites-available/jitsi.pydis.wtf.conf
-    path: /etc/nginx/sites-enabled/jitsi.pydis.wtf.conf
-    state: link
-  tags:
-    - role::jitsi
-  notify:
-    - Reload the nginx service
-
-# Without this, all clients won't be able to connect to the video bridge.
-# Looking at /var/logs/prosody/prosody.logs, we see the "sslv3 alert certificate unknown" error
-# Solution was found on the Jitsi forum
-# https://community.jitsi.org/t/ssl-handshake-error-sslv3-alert-certificate-unknown/41245
-
-- name: Disable Video Bridge certificate verification
-  lineinfile:
-    dest: /etc/jitsi/videobridge/sip-communicator.properties
-    line: org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
-    state: present
-    create: false
-    owner: jvb
-    group: jitsi
-
-  notify:
-    - Restart the Jitsi video bridge service
-    - Restart the Jitsi prosody service
-    - Restart the Jitsi jicofo service
-  tags:
-    - role::jitsi
+- name: Install jitsi
+  include_tasks: install.yml
author	shtlrs <[email protected]>	2024-08-19 21:50:59 +0100
committer	shtlrs <[email protected]>	2024-08-19 21:50:59 +0100
commit	76d5cbed05fa84876a061f308298202feb612da4 (patch)
tree	a4bd6eb1857a16e1c3e5c8ad5b669b15f438d618 /ansible
parent	remove joe's LDAP login dictatorship (diff)