Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/fqdn #2

Merged
merged 4 commits into from
Jan 15, 2024
+253 −222
Merged

Fix/fqdn #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3d03e8b
switch to geerlinguy roles
Jan 4, 2024
237740d
swtich greenlight to v3
Jan 4, 2024
9203d7d
adding handlers for more flexibility
Jan 4, 2024
b34394c
switch modules to fqdn
Jan 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 5 additions & 8 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ bbb_greenlight_image: bigbluebutton/greenlight:v2
bbb_greenlight_etcdir: /etc/bigbluebutton/greenlight
bbb_greenlight_libdir: /var/lib/greenlight
bbb_greenlight_dbdir: "{{ bbb_greenlight_libdir }}/production"
bbb_greenlight_storagedir: "{{ bbb_greenlight_libdir }}/storage"
bbb_greenlight_logdir: /var/log/greenlight
bbb_greenlight_redirect_root: false
bbb_greenlight_db_adapter: postgresql
Expand All @@ -31,21 +32,17 @@ bbb_greenlight_db_name: greenlight_production
bbb_greenlight_db_port: 5432
bbb_greenlight_environment: {}
bbb_greenlight_environment_defaults:
HELP_URL: "https://docs.bigbluebutton.org/greenlight/gl-overview.html"
HELP_URL: "https://docs.bigbluebutton.org/greenlight/v3/install"
REDIS_URL: "redis://redis:6379"
DATABASE_URL: "{{ bbb_greenlight_db_adapter }}://{{ bbb_greenlight_db_username }}:{{ bbb_greenlight_db_password }}@{{ bbb_greenlight_db_host }}:{{ bbb_greenlight_db_port }}/{{ bbb_greenlight_db_name }}"
SECRET_KEY_BASE: "{{ bbb_greenlight_rails_secret }}"
ALLOW_GREENLIGHT_ACCOUNTS: "true"
DEFAULT_REGISTRATION: "open"
RELATIVE_URL_ROOT: "/b"
ROOM_FEATURES: "mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator"
PAGINATION_NUMBER: "25"
NUMBER_OF_ROWS: "25"
MAINTENANCE_MODE: "false"
DB_ADAPTER: "{{ bbb_greenlight_db_adapter }}"
DB_HOST: "{{ bbb_greenlight_db_host }}"
DB_PORT: "{{ bbb_greenlight_db_port }}"
DB_NAME: "{{ bbb_greenlight_db_name }}"
DB_USERNAME: "{{ bbb_greenlight_db_username }}"
DB_PASSWORD: "{{ bbb_greenlight_db_password }}"
ENABLE_SSL: "{{ bbb_configure_ssl | bool | string | lower }}"
SECRET_KEY_BASE: "{{ bbb_greenlight_rails_secret }}"
BIGBLUEBUTTON_ENDPOINT: "{{ bbb_greenlight_extracted_endpoint }}"
BIGBLUEBUTTON_SECRET: "{{ bbb_greenlight_extracted_secret }}"
9 changes: 9 additions & 0 deletions handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
- name: Restart NGINX
ansible.builtin.service:
name: nginx
state: restarted

- name: Restart greenlight
ansible.builtin.systemd:
name: greenlight
state: restarted
25 changes: 17 additions & 8 deletions meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,10 @@ galaxy_info:

license: MIT

min_ansible_version: 2.4
min_ansible_version: 2.8

platforms:
- name: Ubuntu
versions:
- xenial

galaxy_tags: []
# List tags for your role here, one per line. A tag is
Expand All @@ -21,10 +19,21 @@ galaxy_info:
# alphanumeric characters. Maximum 20 tags per role.

dependencies:
- role: thefinn93.letsencrypt
- role: geerlingguy.certbot
vars:
letsencrypt_webroot_path: "{{ bbb_ssl_webroot_path }}"
letsencrypt_email: "{{ bbb_ssl_email }}"
letsencrypt_cert_domains: "{{ bbb_server_names }}"
letsencrypt_renewal_command_args: "{{ bbb_ssl_renewal_command_args }}"
certbot_install_method: package
certbot_create_if_missing: true
certbot_auto_renew: true
certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
certbot_auto_renew_hour: "1"
certbot_auto_renew_minute: "44"
certbot_auto_renew_options: "--quiet"
certbot_admin_email: "{{ bbb_ssl_email }}"
certbot_certs:
- email: "{{ bbb_ssl_email }}"
webroot: "{{ bbb_ssl_webroot_path }}"
domains: "{{ bbb_server_names }}"
when: bbb_configure_ssl == True
- role: geerlingguy.docker
vars:
docker_install_compose: true
23 changes: 13 additions & 10 deletions tasks/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,29 +1,29 @@
---
- name: Enable https support for apt
apt:
ansible.builtin.apt:
name: apt-transport-https
state: present
tags:
- apt_transport_https
- docker

- name: Check Docker apt key is present
apt_key:
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
tags:
- docker-apt_key
- docker

- name: Check Docker repo is enabled
apt_repository: repo="deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable" state=present
ansible.builtin.apt_repository: repo="deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable" state=present
tags:
- docker-repositories
- repositories
- docker

- name: Check Docker packages are installed
apt:
ansible.builtin.apt:
name:
- docker-ce
- docker-ce-cli
Expand All @@ -34,35 +34,38 @@
- docker

- name: Enable Docker daemon on startup
systemd: name="docker" enabled=True state="started"
ansible.builtin.systemd:
name: "docker"
enabled: true
state: started
tags:
- enable_docker
- docker

- name: Set download location for desired docker-compose version
set_fact:
ansible.builtin.set_fact:
docker_compose_download_url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64
when: docker_compose_version is defined and docker_compose_version != "latest"
tags:
- docker-compose

- name: Determine latest upstream release for docker-compose
uri:
ansible.builtin.uri:
url: https://api.github.com/repos/docker/compose/releases/latest
register: docker_compose_latest_json
when: docker_compose_download_url is undefined
tags:
- docker-compose

- name: Extract download location for latest docker-compose
set_fact:
ansible.builtin.set_fact:
docker_compose_download_url: "{{ docker_compose_latest_json.json.assets | selectattr('name', 'equalto', 'docker-compose-Linux-x86_64') | map(attribute='browser_download_url') | first | string }}"
when: docker_compose_download_url is undefined
tags:
- docker-compose

- name: Install up-to-date docker-compose
get_url:
ansible.builtin.get_url:
url: "{{ docker_compose_download_url }}"
dest: "/usr/local/bin/docker-compose"
owner: root
Expand All @@ -73,7 +76,7 @@
- docker-compose

- name: Remove outdated docker-compose from distribution
apt:
ansible.builtin.apt:
name: docker-compose
state: absent
tags:
Expand Down
15 changes: 7 additions & 8 deletions tasks/firewall.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,49 +1,48 @@
---
- name: Install UFW firewall
apt:
ansible.builtin.apt:
name: ufw
state: present
tags:
- bbb_configure_ufw

- name: Allow OpenSSH access in firewall
ufw:
community.general.ufw:
rule: allow
name: OpenSSH
tags:
- bbb_configure_ufw

- name: Allow HTTP/HTTPS access in firewall
ufw:
community.general.ufw:
rule: allow
name: "Nginx Full"
tags:
- bbb_configure_ufw

- name: Allow media connections in firewall
ufw:
community.general.ufw:
rule: allow
proto: udp
port: 16384:32768
tags:
- bbb_configure_ufw

- name: Allow connections from SIP gateways in firewall
ufw:
community.general.ufw:
rule: allow
from: "{{ lookup('dig', item[0]) }}"
port: "5060,5080"
proto: "{{ item[1] }}"
comment: "SIP gateway"
loop: "{{ bbb_sip_providers.values() | map(attribute='proxy') | product(['tcp', 'udp']) | list }}"
when: bbb_sip_providers is defined
when: bbb_sip_providers is defined
tags:
- bbb_configure_ufw

- name: Enable firewall rules
ufw:
community.general.ufw:
state: enabled
policy: deny
tags:
- bbb_enable_ufw

Loading