blob: 8f69f990432603ffec733fbb059c857de24fdbfa (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
---
- name: Download and add Prosody Debian packages key
ansible.builtin.get_url:
url: https://prosody.im/files/prosody-debian-packages.key
dest: /etc/apt/keyrings/prosody-debian-packages.key
mode: '0644'
tags:
- role::jitsi
- name: Add Prosody repository to sources list
ansible.builtin.apt_repository:
repo: "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian {{ ansible_distribution_release }} main"
filename: prosody-debian-packages
tags:
- role::jitsi
- name: Install lua5.2
ansible.builtin.apt:
name: lua5.2
state: present
tags:
- role::jitsi
- name: Fetch Jitsi GPG key
ansible.builtin.get_url:
url: https://download.jitsi.org/jitsi-key.gpg.key
dest: /tmp/jitsi-key.gpg.key
mode: "u=rw,g=r,o=r"
tags:
- role::jitsi
- name: Convert GPG key to keyring format
ansible.builtin.command:
cmd: gpg --dearmor -o /etc/apt/keyrings/jitsi-keyring.gpg /tmp/jitsi-key.gpg.key
creates: /etc/apt/keyrings/jitsi-keyring.gpg
tags:
- role::jitsi
- name: Clean up temporary GPG key file
ansible.builtin.file:
path: /tmp/jitsi-key.gpg.key
state: absent
tags:
- role::jitsi
- name: Add Jitsi repository to sources list
ansible.builtin.apt_repository:
repo: "deb [signed-by=/etc/apt/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/"
filename: jitsi-stable
tags:
- role::jitsi
- name: Preconfigure debconf settings for Jitsi
debconf:
name: "{{ item.name }}"
question: "{{ item.question }}"
value: "{{ item.value }}"
vtype: "{{ item.vtype }}"
loop: "{{ jitsi_debconf_questions }}"
tags:
- role::jitsi
- name: Install Jitsi
ansible.builtin.apt:
name: jitsi-meet
state: present
tags:
- role::jitsi
- name: Activate the jitsi server block
ansible.builtin.file:
src: /etc/nginx/sites-available/jitsi.pydis.wtf.conf
path: /etc/nginx/sites-enabled/jitsi.pydis.wtf.conf
state: link
tags:
- role::jitsi
notify:
- Reload the nginx service
# Without this, all clients won't be able to connect to the video bridge.
# Looking at /var/logs/prosody/prosody.logs, we see the "sslv3 alert certificate unknown" error
# Solution was found on the Jitsi forum
# https://community.jitsi.org/t/ssl-handshake-error-sslv3-alert-certificate-unknown/41245
- name: Disable Video Bridge certificate verification
lineinfile:
dest: /etc/jitsi/videobridge/sip-communicator.properties
line: org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
state: present
create: false
owner: jvb
group: jitsi
notify:
- Restart the Jitsi video bridge service
- Restart the Jitsi prosody service
- Restart the Jitsi jicofo service
tags:
- role::jitsi
|
