kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
roles/web-app-bigbluebutton/README.md Normal file
View File

@@ -0,0 +1,47 @@
# BigBlueButton
## Description
This Ansible role deploys [BigBlueButton](https://bigbluebutton.org/) using Docker Compose. It includes support for Greenlight, OIDC, LDAP, TURN/STUN, health checks, and a modular `.env` setup. This role is ideal for educational institutions and teams requiring a self-hosted video conferencing solution.
> 🔧 **Note**: The database layer should be decoupled in a future release to improve modularity and integration.
## Overview
This role provides a fully automated deployment of [BigBlueButton](https://bigbluebutton.org/) using Docker Compose on Arch Linux. It manages the entire lifecycle of the deployment, from cloning the upstream Docker repository and generating the `.env` configuration to customizing `docker-compose.yml` for volume usage, WebSocket proxying, and optional LDAP/OIDC integration.
The setup includes conditional Greenlight activation, WebRTC support via TURN/STUN, and various fixes for known container orchestration issues. The role is modular and integrates seamlessly with the CyMaIS infrastructure, including reverse proxy configuration, domain management, and secrets templating.
By default, BigBlueButton is deployed with best-practice hardening, modular secrets, and support for multiple authentication methods and scalable storage backends.
## Features
- 🐳 **Docker-based** deployment via official [bigbluebutton/docker](https://github.com/bigbluebutton/docker)
-**Greenlight** (v3) frontend support
- 🔐 **SSO with OIDC & LDAP** (optional)
- 🧱 Automatic `.env` templating and domain/Nginx integration
- 🛠 Volume patching and Docker Compose customization
- 📬 SMTP integration and Greenlight admin creation
- 🧪 Workarounds for known Docker Compose or Etherpad issues
## Single Sign-On (SSO)
- Docs: [External Authentication](https://docs.bigbluebutton.org/greenlight/v3/external-authentication/)
- Supports:
- ✅ OpenID Connect (OIDC)
- ✅ LDAP (with custom DN and filters)
- 🧩 Custom OAuth2 flows via ENV vars
## System Requirements
- Arch Linux with Docker, Compose, and Nginx roles pre-installed
- DNS and reverse proxy configuration using `webserver-proxy-core`
- Functional email system for Greenlight SMTP
## Important Resources
- [BigBlueButton Docker Docs](https://docs.bigbluebutton.org/greenlight/gl-install.html#setting-bigbluebutton-credentials)
- [Networking Fixes & Issues](https://stackoverflow.com/questions/53347951/web-app-network-not-found)
- [Traefik + Docker Tutorial](https://goneuland.de/big-blue-button-mit-web-app-und-traefik-installieren/)
- [Etherpad Healthcheck Bug](https://chatgpt.com/c/67a0fc7e-5104-800f-bb6b-3731e2f83b7b)
- [Virtual Interfaces Cleanup](https://www.cyberciti.biz/faq/linux-command-to-remove-virtual-interfaces-or-network-aliases/)

6
roles/web-app-bigbluebutton/Setup.md Normal file
View File

@@ -0,0 +1,6 @@
# Setup
## Passwords
```bash
docker run --rm ruby:latest ruby -rsecurerandom -e 'puts SecureRandom.hex(64)'
```

2
roles/web-app-bigbluebutton/TODO.md Normal file
View File

@@ -0,0 +1,2 @@
# Todo
- Propper implement and test the LDAP integration, the configuration values just had been set during refactoring

11
roles/web-app-bigbluebutton/files/websocket_upgrade.conf Normal file
View File

@@ -0,0 +1,11 @@
# Context: https://chat.openai.com/share/9b3c0e79-15bc-4780-aa88-f0dd149bdaac
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $remote_addr $endpoint_addr {
"~:" [::1];
default 127.0.0.1;
}

101
roles/web-app-bigbluebutton/handlers/main.yml Normal file
View File

@@ -0,0 +1,101 @@
---
- name: create docker-compose.yml for bigbluebutton
command:
cmd: bash ./scripts/generate-compose
chdir: "{{ bbb_repository_directory }}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600
listen: setup bigbluebutton
- name: Copy docker-compose.yml from origin to final location
ansible.builtin.copy:
src: "{{ docker_compose_file_origine }}"
dest: "{{ docker_compose_file_final }}"
remote_src: yes
listen: setup bigbluebutton
- name: Replace bind mounts by named volume mounts
ansible.builtin.replace:
path: "{{ docker_compose_file_final }}"
regexp: "{{ item.regexp }}"
replace: "{{ item.replace }}"
loop:
- { regexp: '\./data/postgres:/var/lib/postgresql/data', replace: 'database:/var/lib/postgresql/data' }
- { regexp: '\./data/bigbluebutton:/var/bigbluebutton', replace: 'bigbluebutton:/var/bigbluebutton' }
- { regexp: '\./data/freeswitch-meetings:/var/freeswitch/meetings', replace: 'freeswitch:/var/freeswitch/meetings' }
- { regexp: '\./data/greenlight:/usr/src/app/storage', replace: 'greenlight:/usr/src/app/storage' }
- { regexp: '\./data/mediasoup:/var/mediasoup', replace: 'mediasoup:/var/mediasoup' }
listen: setup bigbluebutton
- name: add volume to redis
lineinfile:
path: "{{ docker_compose_file_final }}"
insertafter: "^\\s*redis:"
line: " volumes:\n - redis:/data"
firstmatch: yes
listen: setup bigbluebutton
- name: add volume to coturn
lineinfile:
path: "{{ docker_compose_file_final }}"
insertafter: "- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf"
line: " - coturn:/var/lib/coturn"
listen: setup bigbluebutton
# Implemented due to etherpad health bug.
# @todo Remove when health check is working fine
# @see https://chatgpt.com/c/67a0fc7e-5104-800f-bb6b-3731e2f83b7b
#- name: "Update docker-compose.yml for Etherpad health check"
# lineinfile:
# line: " healthcheck:\n test: [\"CMD\", \"curl\", \"-f\", \"http://127.0.0.1:9001\"]\n interval: 30s\n timeout: 10s\n retries: 5\n start_period: 10s"
# path: "{{docker_compose_file_final}}"
# insertafter: "etherpad:"
# listen: setup bigbluebutton
- name: Add volumes block after services in docker compose
blockinfile:
path: "{{ docker_compose_file_final }}"
block: |
volumes:
database:
greenlight:
redis:
coturn:
freeswitch:
bigbluebutton:
mediasoup:
marker: "# {mark} ANSIBLE MANAGED BLOCK FOR VOLUMES"
insertbefore: "^services:"
listen: setup bigbluebutton
- name: Replace all './' with '/services/' in docker-compose.yml
ansible.builtin.replace:
path: "{{ docker_compose_file_final }}"
regexp: '\./'
replace: './services/'
listen: setup bigbluebutton
- name: "Update healthcheck for bbb-graphql-server"
# This is neccessary because the healthcheck doesn't listen to the correct port
lineinfile:
line: " healthcheck:\n test: [\"CMD\", \"curl\", \"-f\", \"http://localhost:8085/healthz\"]\n interval: 30s\n timeout: 10s\n retries: 5\n start_period: 10s"
path: "{{docker_compose_file_final}}"
insertafter: "bbb-graphql-server:"
listen: setup bigbluebutton
- name: docker compose pull bigbluebutton
command:
cmd: "docker-compose pull"
chdir: "{{ bbb_repository_directory }}"
listen: setup bigbluebutton
- name: docker compose up bigbluebutton
command:
cmd: "docker-compose -p bigbluebutton up -d --force-recreate --remove-orphans"
# Don't use the --build flag here. This leads to bugs
chdir: "{{ docker_compose.directories.instance }}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600
listen: setup bigbluebutton

33
roles/web-app-bigbluebutton/meta/main.yml Normal file
View File

@@ -0,0 +1,33 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "Transform online learning and collaboration with BigBlueButton, an interactive web conferencing solution designed to energize virtual classrooms and meetings. Enjoy dynamic tools and an engaging environment that makes every session a powerful learning experience."
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Archlinux
versions:
- rolling
galaxy_tags:
- docker
- bigbluebutton
- conferencing
- education
- greenlight
- sso
- oidc
- ldap
- video
- conference
repository: https://s.veen.world/cymais
issue_tracker_url: https://s.veen.world/cymaisissues
documentation: https://s.veen.world/cymais
logo:
class: "fa-solid fa-chalkboard-teacher"
run_after:
- web-app-keycloak

25
roles/web-app-bigbluebutton/meta/schema.yml Normal file
View File

@@ -0,0 +1,25 @@
credentials:
shared_secret:
description: "Shared secret for BigBlueButton API authentication"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
etherpad_api_key:
description: "API key for Etherpad integration"
algorithm: "plain"
validation: "^[a-zA-Z0-9]{32}$"
rails_secret:
description: "Secret key for Rails backend"
algorithm: "random_hex"
validation: "^[a-f0-9]{128}$"
postgresql_secret:
description: "Password for PostgreSQL user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
fsesl_password:
description: "Password for FreeSWITCH ESL connection"
algorithm: "plain"
validation: "^.{8,}$"
turn_secret:
description: "TURN server shared secret"
algorithm: "sha1"
validation: "^[a-f0-9]{40}$"

78
roles/web-app-bigbluebutton/tasks/main.yml Normal file
View File

@@ -0,0 +1,78 @@
---
# Docker Central Database Role can't be used here
- name: "include docker-compose role"
include_role:
name: docker-compose
vars:
database_instance: "{{ application_id }}"
database_password: "{{ applications[application_id].credentials.postgresql_secret }}"
database_username: "postgres"
database_name: "" # Multiple databases
- name: "Seed BigBlueButton Database for Backup"
include_tasks: "{{ playbook_dir }}/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml"
vars:
database_instance: "{{ application_id }}"
database_password: "{{ applications[application_id].credentials.postgresql_secret }}"
database_username: "postgres"
database_name: "" # Multiple databases
- name: "include role webserver-proxy-domain for {{application_id}}"
include_role:
name: webserver-proxy-domain
- name: pull docker repository
git:
repo: "https://github.com/bigbluebutton/docker.git"
dest: "{{ bbb_repository_directory }}"
update: yes
recursive: yes
version: main
notify: setup bigbluebutton
- name: configure websocket_upgrade.conf
copy:
src: "websocket_upgrade.conf"
dest: "{{nginx.directories.http.maps}}websocket_upgrade.conf"
notify: restart nginx
- name: "Remove directory {{ docker_compose.directories.env }}"
ansible.builtin.file:
path: "{{ docker_compose.directories.env }}"
state: absent
- name: deploy .env
template:
src: env.j2
dest: "{{ bbb_env_file_origine }}"
notify: setup bigbluebutton
- name: Create symbolic link from .env file to target location
ansible.builtin.file:
src: "{{ bbb_env_file_origine }}"
dest: "{{ bbb_env_file_link }}"
state: link
notify: setup bigbluebutton
- name: flush docker service
meta: flush_handlers
- name: Wait for BigBlueButton
wait_for:
host: "{{ domains | get_domain('bigbluebutton') }}"
port: 80
delay: 5
timeout: 600
- name: create admin
command:
cmd: docker compose exec greenlight bundle exec rake admin:create
chdir: "{{ docker_compose.directories.instance }}"
when: applications.bigbluebutton.setup | bool
ignore_errors: true
register: admin_creation_result
- name: print admin user data
debug:
msg: "{{ admin_creation_result.stdout }}"
when: applications.bigbluebutton.setup | bool

295
roles/web-app-bigbluebutton/templates/env.j2 Normal file
View File

@@ -0,0 +1,295 @@
ENABLE_COTURN=true
COTURN_TLS_CERT_PATH={{ certbot_cert_path }}/{{ ssl_cert_folder }}/fullchain.pem
COTURN_TLS_KEY_PATH={{ certbot_cert_path }}/{{ ssl_cert_folder }}/privkey.pem
ENABLE_GREENLIGHT={{applications[application_id].enable_greenlight}}
# Enable Webhooks
# used by some integrations
#ENABLE_WEBHOOKS=true
# Prometheus Exporter
# serves the bigbluebutton-exporter under following URL:
# https://yourdomain/bbb-exporter
#ENABLE_PROMETHEUS_EXPORTER=true
#ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=true
# Recording
# IMPORTANT: this is currently a big privacy issues, because it will
# record everything which happens in the conference, even when the button
# suggets, that it does not.
# https://github.com/bigbluebutton/bigbluebutton/issues/9202
# make sure that you get peoples consent, before they join a room
ENABLE_RECORDING=false
REMOVE_OLD_RECORDING=true
RECORDING_MAX_AGE_DAYS=365
# ====================================
# SECRETS
# ====================================
# important! change these to any random values
SHARED_SECRET={{applications[application_id].credentials.shared_secret}}
ETHERPAD_API_KEY={{applications[application_id].credentials.etherpad_api_key}}
RAILS_SECRET={{applications[application_id].credentials.rails_secret}}
POSTGRESQL_SECRET={{applications[application_id].credentials.postgresql_secret}}
FSESL_PASSWORD={{applications[application_id].credentials.fsesl_password}}
# ====================================
# CONNECTION
# ====================================
DOMAIN={{domains | get_domain(application_id)}}
EXTERNAL_IPv4={{networks.internet.ip4}}
# The following line is not tested and could lead to bugs:
EXTERNAL_IPv6={{networks.internet.ip6}}
# STUN SERVER
# stun.freeswitch.org
STUN_IP={{networks.internet.ip4}}
STUN_PORT={{ ports.public.stun[application_id] }}
# TURN SERVER
# uncomment and adjust following two lines to add an external TURN server
TURN_SERVER=turns:{{domains | get_domain(application_id)}}:{{ ports.public.turn[application_id] }}?transport=tcp
TURN_SECRET={{applications[application_id].credentials.turn_secret}}
# Allowed SIP IPs
# due to high traffic caused by bots, by default the SIP port is blocked.
# but you can allow access by your providers IP or IP ranges (comma seperated)
# Hint: if you want to allow requests from every IP, you can use 0.0.0.0/0
SIP_IP_ALLOWLIST=
# ====================================
# CUSTOMIZATION
# ====================================
CLIENT_TITLE=BigBlueButton
# use following lines to replace the default welcome message and footer
WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others."
WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/'' target='_blank'><u>BigBlueButton</u></a>."
# use following line for an additional SIP dial-in message
#WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/' target='_blank'><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br> INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number."
# for a different default presentation, place the pdf file in ./conf/ and
# adjust the following path
DEFAULT_PRESENTATION=./mod/nginx/default.pdf
# language of sound announcements
# options:
# - en-ca-june - EN Canadian June
# - en-us-allison - US English Allison
# - en-us-callie - US English Callie
# - de-de-daedalus3 - German by Daedalus3 (https://github.com/Daedalus3/freeswitch-german-soundfiles)
# - es-ar-mario - Spanish/Argentina Mario
# - fr-ca-june - FR Canadian June
# - pt-br-karina - Brazilian Portuguese Karina
# - ru-RU-elena - RU Russian Elena
# - ru-RU-kirill - RU Russian Kirill
# - ru-RU-vika - RU Russian Viktoriya
# - sv-se-jakob - Swedish (Sweden) Jakob
# - zh-cn-sinmei - Chinese/China Sinmei
# - zh-hk-sinmei - Chinese/Hong Kong Sinmei
SOUNDS_LANGUAGE=en-us-callie
# set to false to disable listenOnlyMode
LISTEN_ONLY_MODE=true
# set to true to disable echo test
DISABLE_ECHO_TEST=false
# set to true to automatically share webcam
AUTO_SHARE_WEBCAM=false
# set to true to disable video preview for webcam sharing
DISABLE_VIDEO_PREVIEW=false
# set to false to disable chat
CHAT_ENABLED=true
# set to true to start chat closed
CHAT_START_CLOSED=false
# set to true to disable announcements "You are now (un-)muted"
DISABLE_SOUND_MUTED=false
# set to true to disable announcement "You are the only person in this conference"
DISABLE_SOUND_ALONE=false
# maximum count of breakout rooms per meeting
# Warning: increasing the limit of breakout rooms per meeting
# can generate excessive overhead to the server. We recommend
# this value to be kept under 12.
BREAKOUTROOM_LIMIT=8
# set to false to disable the learning dashboard
ENABLE_LEARNING_DASHBOARD=true
# ====================================
# Tuning
# ====================================
# Default = 2; Min = 1; Max = 4
# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events
NUMBER_OF_BACKEND_NODEJS_PROCESSES=2
# Default = 2; Min = 1; Max = 8
# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings
# stretching the recommended number of users in BigBlueButton
NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
# ====================================
# GREENLIGHT CONFIGURATION
# ====================================
# Microsoft Office365 Login Provider (optional)
#
# For in-depth steps on setting up a Office 365 Login Provider, see:
#
# https://docs.bigbluebutton.org/greenlight/gl-config.html#office365-oauth2
#
OFFICE365_KEY=
OFFICE365_SECRET=
OFFICE365_HD=
# OAUTH2_REDIRECT allows you to specify the redirect_url passed to oauth on sign in.
# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
OAUTH2_REDIRECT=
{% if applications | is_feature_enabled('ldap',application_id) %}
# LDAP Login Provider (optional)
#
# You can enable LDAP authentication by providing values for the variables below.
# Configuring LDAP authentication will take precedence over all other providers.
# For information about setting up LDAP, see:
#
# https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth
#
# LDAP_SERVER=ldap.example.com
# LDAP_PORT=389
# LDAP_METHOD=plain
# LDAP_UID={{ldap.user.attributes.id}}
# LDAP_BASE=dc=example,dc=com
# LDAP_AUTH=simple
# LDAP_BIND_DN=cn=admin,dc=example,dc=com
# LDAP_PASSWORD=password
# LDAP_ROLE_FIELD=ou
# LDAP_FILTER=(&(attr1=value1)(attr2=value2))
LDAP_SERVER="{{ldap.server.domain}}"
LDAP_PORT="{{ldap.server.port}}"
LDAP_METHOD=
LDAP_UID={{ldap.user.attributes.id}}
LDAP_BASE="{{ldap.dn.root}}"
LDAP_BIND_DN="{{ldap.dn.administrator.data}}"
LDAP_AUTH=password
LDAP_PASSWORD="{{ldap.bind_credential}}"
LDAP_ROLE_FIELD=
LDAP_FILTER=
{% endif %}
# ====================================
# GREENLIGHT CONFIGURATION
# ====================================
# Set this to true if you want GreenLight to support user signup and login without
# Omniauth. For more information, see:
#
# https://docs.bigbluebutton.org/greenlight/gl-overview.html#accounts-and-profile
#
ALLOW_GREENLIGHT_ACCOUNTS=true
### SMTP CONFIGURATION
# Emails are required for the basic features of Greenlight to function.
# Please refer to your SMTP provider to get the values for the variables below
SMTP_SERVER={{system_email.host}}
SMTP_DOMAIN={{system_email.domain}}
SMTP_PORT={{system_email.port}}
SMTP_USERNAME={{ users['no-reply'].email }}
SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
SMTP_AUTH=plain
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_STARTTLS_AUTO={{system_email.start_tls | lower}}
SMTP_STARTTLS={{system_email.start_tls | lower}}
SMTP_TLS={{system_email.tls | lower}}
SMTP_SSL_VERIFY=true
SMTP_SENDER={{ users['no-reply'].email }}
SMTP_SENDER_EMAIL={{ users['no-reply'].email }}
# Prefix for the applications root URL.
# Useful for deploying the application to a subdirectory, which is highly recommended
# if deploying on a BigBlueButton server. Keep in mind that if you change this, you'll
# have to update your authentication callback URL's to reflect this change.
#
# The recommended prefix is "/b".
#
RELATIVE_URL_ROOT="/b"
# Specify which settings you would like the users to configure on room creation
# or edit after the room has been created
# By default, all settings are turned OFF.
#
# Current settings available:
# mute-on-join: Automatically mute users by default when they join a room
# require-moderator-approval: Require moderators to approve new users before they can join the room
# anyone-can-start: Allows anyone with the join url to start the room in BigBlueButton
# all-join-moderator: All users join as moderators in BigBlueButton
ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator
# Specify the maximum number of records to be sent to the BigBlueButton API in one call
# Default is set to 25 records
PAGINATION_NUMBER=25
# Specify the maximum number of rows that should be displayed per page for a paginated table
# Default is set to 25 rows
NUMBER_OF_ROWS=25
# Specify if you want to display the Google Calendar button
# ENABLE_GOOGLE_CALENDAR_BUTTON=true|false
ENABLE_GOOGLE_CALENDAR_BUTTON=
# Set the application into Maintenance Mode
#
# Current options supported:
# true: Renders an error page that does not allow users to access any of the features in the application
# false: Application runs normally
MAINTENANCE_MODE=false
# Displays a flash that appears to inform the user of a scheduled maintenance window
# This variable should contain ONLY the date and time of the scheduled maintenance
#
# Ex: MAINTENANCE_WINDOW=Friday August 18 6pm-10pm EST
MAINTENANCE_WINDOW=
# The link to the Report an Issue button that appears on the 500 page and in the Account Dropdown
#
# Defaults to the Github Issues Page for Greenlight
# Button can be disabled by setting the value to blank
#
# REPORT_ISSUE_URL=https://github.com/bigbluebutton/greenlight/issues/new
# The link to the Need help? button that appears on the Account Dropdown
#
# Defaults to the Greenlight documentation
# Button can be disabled by setting the value to blank
HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
# Specify the default registration to be used by Greenlight until an administrator sets the
# registration method
# Allowed values are:
# open - For open registration
# invite - For invite only registration
# approval - For approve/decline registration
DEFAULT_REGISTRATION=invite
{% if applications | is_feature_enabled('oidc',application_id) %}
### EXTERNAL AUTHENTICATION METHODS
# @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
#
OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
OPENID_CONNECT_REDIRECT={{ domains | get_url(application_id, web_protocol) }}
# OPENID_CONNECT_UID_FIELD=sub default
{% endif %}

23
roles/web-app-bigbluebutton/vars/configuration.yml Normal file
View File

@@ -0,0 +1,23 @@
enable_greenlight: "true"
setup: false
database:
name: "multiple_databases"
username: "postgres2"
api_suffix: "/bigbluebutton/"
features:
matomo: true
css: true
portfolio_iframe: true
ldap: false
oidc: true
central_database: false
domains:
canonical:
- "meet.{{ primary_domain }}"
csp:
flags:
script-src-elem:
unsafe-inline: true
style-src:
unsafe-inline: true
credentials: {}

15
roles/web-app-bigbluebutton/vars/main.yml Normal file
View File

@@ -0,0 +1,15 @@
application_id: "bigbluebutton"
bbb_repository_directory: "{{ docker_compose.directories.services }}"
docker_compose_file_origine: "{{ docker_compose.directories.services }}docker-compose.yml"
docker_compose_file_final: "{{ docker_compose.directories.instance }}docker-compose.yml"
# Database configuration
database_type: "postgres"
database_password: "{{ applications.bigbluebutton.credentials.postgresql_secret }}"
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"
bbb_env_file_link: "{{ docker_compose.directories.instance }}.env"
bbb_env_file_origine: "{{ bbb_repository_directory }}.env"
docker_compose_skipp_file_creation: true # Skipp creation of docker-compose.yml file