From 14b99b20b78a88af5eb73c80e286192de52cc291 Mon Sep 17 00:00:00 2001
From: Christian Staudte <christian@staudte.it>
Date: Sat, 23 May 2020 21:52:02 +0200
Subject: [PATCH 1/2] jitsi: complete setup

---
 group_vars/all/vars.yml        |  1 +
 roles/jitsi/handlers/main.yml  |  7 ------
 roles/jitsi/meta/main.yml      |  5 ----
 roles/jitsi/tasks/main.yml     | 45 +++++++++++++++++++++++++---------
 roles/jitsi/templates/certs.j2 | 14 -----------
 roles/jitsi/templates/vhost.j2 | 27 --------------------
 6 files changed, 34 insertions(+), 65 deletions(-)
 delete mode 100644 roles/jitsi/handlers/main.yml
 delete mode 100644 roles/jitsi/meta/main.yml
 delete mode 100644 roles/jitsi/templates/certs.j2
 delete mode 100644 roles/jitsi/templates/vhost.j2

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 71c0ba0..c4d5c4e 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -29,6 +29,7 @@ hackmd_dbpass: "{{ vault_hackmd_dbpass }}"
 hackmd_secret: "{{ vault_hackmd_secret }}"
 
 jitsi_domain: jitsi.binary-kitchen.de
+jitsi_admin_email: exxess@binary-kitchen.de
 
 ldap_uri: ldaps://ldap.binary.kitchen
 ldap_host: ldap.binary.kitchen
diff --git a/roles/jitsi/handlers/main.yml b/roles/jitsi/handlers/main.yml
deleted file mode 100644
index 2c3a4e3..0000000
--- a/roles/jitsi/handlers/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- name: Restart nginx
-  service: name=nginx state=restarted
-
-- name: Run acertmgr
-  command: /opt/acertmgr/acertmgr.py
diff --git a/roles/jitsi/meta/main.yml b/roles/jitsi/meta/main.yml
deleted file mode 100644
index 8fcf724..0000000
--- a/roles/jitsi/meta/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-dependencies:
-- { role: acertmgr }
-- { role: nginx, nginx_ssl: True }
diff --git a/roles/jitsi/tasks/main.yml b/roles/jitsi/tasks/main.yml
index e715caf..b7cb867 100644
--- a/roles/jitsi/tasks/main.yml
+++ b/roles/jitsi/tasks/main.yml
@@ -1,17 +1,38 @@
 ---
 
-- name: Ensure jitsi certificates are available
-  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ jitsi_domain }}.key -out /etc/nginx/ssl/{{ jitsi_domain }}.crt -days 730 -subj "/CN={{ jitsi_domain }}" creates=/etc/nginx/ssl/{{ jitsi_domain }}.crt
-  notify: Restart nginx
+- name: Ensure apt over https is available
+  apt: name=apt-transport-https
 
-- name: Configure certificate manager
-  template: src=certs.j2 dest=/etc/acertmgr/{{ jitsi_domain }}.conf
-  notify: Run acertmgr
+- name: Add Jitsi repo key
+  apt_key:
+    id: EF8B479E2DC1389C
+    url: https://download.jitsi.org/jitsi-key.gpg.key
 
-- name: Configure vhosts
-  template: src=vhost.j2 dest=/etc/nginx/sites-available/jitsi
-  notify: Restart nginx
+- name: Add Jitsi apt repo
+  apt_repository:
+    repo: deb https://download.jitsi.org stable/
+    filename: jitsi
 
-- name: Enable vhosts
-  file: src=/etc/nginx/sites-available/jitsi dest=/etc/nginx/sites-enabled/jitsi state=link
-  notify: Restart nginx
+- name: Provide debconf defaults
+  debconf:
+    name: "{{ item.name }}"
+    question: "{{ item.question }}"
+    vtype: "{{ item.vtype }}"
+    value: "{{ item.value }}"
+  with_items:
+  - { name: 'jitsi-videobridge2',    question: 'jitsi-videobridge/jvb-hostname', vtype: 'string', value: "{{ jitsi_domain }}" }
+  - { name: 'jitsi-meet-web-config', question: 'jitsi-meet/cert-choice:',        vtype: 'select', value: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)" }
+
+- name: Install jitsi meet
+  apt: name=jitsi-meet
+
+- name: Predefine an email address for Let's Encrypt
+  lineinfile:
+    path: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
+    regexp: '^read EMAIL$'
+    line: 'EMAIL="{{ jitsi_admin_email }}"'
+
+- name: Setup Let's Encrypt
+  command:
+    cmd: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
+    creates: /etc/cron.weekly/letsencrypt-renew
diff --git a/roles/jitsi/templates/certs.j2 b/roles/jitsi/templates/certs.j2
deleted file mode 100644
index 60b6040..0000000
--- a/roles/jitsi/templates/certs.j2
+++ /dev/null
@@ -1,14 +0,0 @@
----
-{{ jitsi_domain }}:
-- path: /etc/nginx/ssl/{{ jitsi_domain }}.crt
-  user: root
-  group: root
-  perm: '400'
-  format: crt,ca
-  action: '/usr/sbin/service nginx restart'
-- path: /etc/nginx/ssl/{{ jitsi_domain }}.key
-  user: root
-  group: root
-  perm: '400'
-  format: key
-  action: '/usr/sbin/service nginx restart'
diff --git a/roles/jitsi/templates/vhost.j2 b/roles/jitsi/templates/vhost.j2
deleted file mode 100644
index 1d09dd2..0000000
--- a/roles/jitsi/templates/vhost.j2
+++ /dev/null
@@ -1,27 +0,0 @@
-server {
-	listen 80;
-	listen [::]:80;
-
-	server_name {{ jitsi_domain }};
-
-	location /.well-known/acme-challenge {
-		default_type "text/plain";
-		alias /var/www/acme-challenge;
-	}
-
-	location / {
-		return 301 https://{{ jitsi_domain }}$request_uri;
-	}
-}
-
-server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
-
-	server_name {{ jitsi_domain }};
-
-	ssl_certificate_key /etc/nginx/ssl/{{ jitsi_domain }}.key;
-	ssl_certificate /etc/nginx/ssl/{{ jitsi_domain }}.crt;
-
-	root /var/www/jitsi;
-}
-- 
2.39.2


From 8d8f3f19bf2f19e21c19bb4f2bfc36251cb97890 Mon Sep 17 00:00:00 2001
From: Christian Staudte <christian@staudte.it>
Date: Thu, 12 Nov 2020 19:51:53 +0100
Subject: [PATCH 2/2] add me as admin

---
 group_vars/all/vars.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index cb138af..1052954 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -126,6 +126,7 @@ rocketchat_domain: chat.binary-kitchen.de
 root_keys:
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJBmZnJLG1WRppbLtOAJw3E4LgLRK0NirfCgpovhhU6h moepman"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPlktM2x11cNBMKurf57MLE1XcOm2sGQXguc0tl1vYd kishi"
+- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtTJqeSsB+aRiQ2WeFLVA5dz5YfCuv2TZmsyFqZ8NefJH/ZP3+gud3DwBq4l9HbDJUbfvApLQ9qbwaX0VhBv67mM6f4sWNG8uUW+9MYd6ZTeP3KUwZIHM52nqMFe5XScADL4s8Jsnb08gVp9xdcdufsbiLNYfuNFk+wcwRYtD5eqXZi3oaqshlq61LfBeC958vzvceDrZ2obfCJJ2pvmhUyORvgb6jXfx3kZku5qgk6m9NfyY95UZvSweDZPiN5YqLYekz+jxrYDyeA0DPgwlTcyGn8JI9/HkAD/odTpTAH+T6sbf0OkUi7ufNElAXvxDOJZN8NhxPFfUAW9naTYwGoPd4OJw0AOVLzKcVIjEXKtrxeQ0NOZVoucLFgnXO4iDZGrVHohPVj1UbrVpF00lokBLz1Xh4egrNw0g2Gt28HmZ9lg5Ymv8jJWAy87r5wV0O6aIuseGkSr/V6+92AGK/Yy1tKhZujtv5+CvVVBrLvoOnJJh8vFoVuRM+ucLBhqpewDY2yHZHzQ3J5SZKJ30mBUSYAKHBqVI4VmC/n235VMumIEsqnZvzk96G5TXWyZb0qzkXcct1H8MyQgG0SR0G4Ylm5skCZppEE7udV/wb8lRZv+2YrqBueKZ+Wu6IT3HJbUkor7CcbORjhwL4ETziPm4g4BrTPGUTjyeZ4nSDPQ== exxess"
 
 slapd_root_hash: "{SSHA}OB75kTfH6JRyX0dA0fM8/8ldP89qyzb+"
 slapd_root_pass: "{{ vault_slapd_root_pass }}"
-- 
2.39.2