aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ansible/roles/jitsi/README.md3
-rw-r--r--ansible/roles/jitsi/handlers/main.yml15
-rw-r--r--ansible/roles/jitsi/meta/main.yml4
-rw-r--r--ansible/roles/jitsi/tasks/main.yml101
-rw-r--r--ansible/roles/jitsi/vars/main.yml29
5 files changed, 152 insertions, 0 deletions
diff --git a/ansible/roles/jitsi/README.md b/ansible/roles/jitsi/README.md
new file mode 100644
index 0000000..ca37567
--- /dev/null
+++ b/ansible/roles/jitsi/README.md
@@ -0,0 +1,3 @@
+# Role "jitsi"
+
+Install Jitsi Meet on target hosts.
diff --git a/ansible/roles/jitsi/handlers/main.yml b/ansible/roles/jitsi/handlers/main.yml
new file mode 100644
index 0000000..30f7d28
--- /dev/null
+++ b/ansible/roles/jitsi/handlers/main.yml
@@ -0,0 +1,15 @@
+---
+- name: Restart the Jitsi video bridge service
+ service:
+ name: jitsi-videobridge2
+ state: restarted
+
+- name: Restart the Jitsi jicofo service
+ service:
+ name: jicofo
+ state: restarted
+
+- name: Restart the Jitsi prosody service
+ service:
+ name: prosody
+ state: restarted
diff --git a/ansible/roles/jitsi/meta/main.yml b/ansible/roles/jitsi/meta/main.yml
new file mode 100644
index 0000000..44652ee
--- /dev/null
+++ b/ansible/roles/jitsi/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+ - nftables
+ - nginx
diff --git a/ansible/roles/jitsi/tasks/main.yml b/ansible/roles/jitsi/tasks/main.yml
new file mode 100644
index 0000000..594becd
--- /dev/null
+++ b/ansible/roles/jitsi/tasks/main.yml
@@ -0,0 +1,101 @@
+---
+- name: Download and add Prosody Debian packages key
+ ansible.builtin.get_url:
+ url: https://prosody.im/files/prosody-debian-packages.key
+ dest: /etc/apt/keyrings/prosody-debian-packages.key
+ mode: '0644'
+ tags:
+ - role::jitsi
+
+- name: Add Prosody repository to sources list
+ ansible.builtin.apt_repository:
+ repo: "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian {{ ansible_distribution_release }} main"
+ filename: prosody-debian-packages
+ tags:
+ - role::jitsi
+
+- name: Install lua5.2
+ ansible.builtin.apt:
+ name: lua5.2
+ state: present
+ tags:
+ - role::jitsi
+
+
+- name: Fetch Jitsi GPG key
+ ansible.builtin.get_url:
+ url: https://download.jitsi.org/jitsi-key.gpg.key
+ dest: /tmp/jitsi-key.gpg.key
+ mode: "u=rw,g=r,o=r"
+ tags:
+ - role::jitsi
+
+- name: Convert GPG key to keyring format
+ ansible.builtin.command:
+ cmd: gpg --dearmor -o /etc/apt/keyrings/jitsi-keyring.gpg /tmp/jitsi-key.gpg.key
+ creates: /etc/apt/keyrings/jitsi-keyring.gpg
+ tags:
+ - role::jitsi
+
+- name: Clean up temporary GPG key file
+ ansible.builtin.file:
+ path: /tmp/jitsi-key.gpg.key
+ state: absent
+ tags:
+ - role::jitsi
+
+- name: Add Jitsi repository to sources list
+ ansible.builtin.apt_repository:
+ repo: "deb [signed-by=/etc/apt/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/"
+ filename: jitsi-stable
+ tags:
+ - role::jitsi
+
+- name: Preconfigure debconf settings for Jitsi
+ debconf:
+ name: "{{ item.name }}"
+ question: "{{ item.question }}"
+ value: "{{ item.value }}"
+ vtype: "{{ item.vtype }}"
+ loop: "{{ jitsi_debconf_questions }}"
+ tags:
+ - role::jitsi
+
+
+- name: Install Jitsi
+ ansible.builtin.apt:
+ name: jitsi-meet
+ state: present
+ tags:
+ - role::jitsi
+
+- name: Activate the jitsi server block
+ ansible.builtin.file:
+ src: /etc/nginx/sites-available/jitsi.pydis.wtf.conf
+ path: /etc/nginx/sites-enabled/jitsi.pydis.wtf.conf
+ state: link
+ tags:
+ - role::jitsi
+ notify:
+ - Reload the nginx service
+
+# Without this, all clients won't be able to connect to the video bridge.
+# Looking at /var/logs/prosody/prosody.logs, we see the "sslv3 alert certificate unknown" error
+# Solution was found on the Jitsi forum
+# https://community.jitsi.org/t/ssl-handshake-error-sslv3-alert-certificate-unknown/41245
+
+- name: Disable Video Bridge certificate verification
+ lineinfile:
+ dest: /etc/jitsi/videobridge/sip-communicator.properties
+ line: org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
+ state: present
+ create: false
+ owner: jvb
+ group: jitsi
+
+ notify:
+ - Restart the Jitsi video bridge service
+ - Restart the Jitsi prosody service
+ - Restart the Jitsi jicofo service
+ tags:
+ - role::jitsi
diff --git a/ansible/roles/jitsi/vars/main.yml b/ansible/roles/jitsi/vars/main.yml
new file mode 100644
index 0000000..bebe567
--- /dev/null
+++ b/ansible/roles/jitsi/vars/main.yml
@@ -0,0 +1,29 @@
+---
+
+
+jitsi_debconf_questions:
+ - name: 'jitsi-meet-web-config'
+ question: 'jitsi-meet/cert-choice'
+ value: 'I want to use my own certificate'
+ vtype: 'select'
+
+ - name: 'jitsi-meet-web-config'
+ question: 'jitsi-meet/cert-path-crt'
+ value: '/etc/letsencrypt/live/pydis.wtf/fullchain.pem'
+ vtype: 'string'
+
+ - name: 'jitsi-meet-web-config'
+ question: 'jitsi-meet/cert-path-key'
+ value: '/etc/letsencrypt/live/pydis.wtf/privkey.pem'
+ vtype: 'string'
+
+ - name: 'jitsi-meet-web-config'
+ question: 'jitsi-meet/jaas-choice'
+ value: 'false'
+ vtype: 'boolean'
+
+
+ - name: 'jitsi-videobridge2'
+ question: 'jitsi-videobridge/jvb-hostname'
+ value: 'jitsi.pydis.wtf'
+ vtype: 'string'
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 10:57:42 +0000