From 6016da6f1fe53c030c0fdcc557a26841c065b69e Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sat, 23 Aug 2025 19:21:07 +0200 Subject: [PATCH] Optimized bbb variables --- roles/web-app-bigbluebutton/templates/env.j2 | 38 +++++++++---------- roles/web-app-bigbluebutton/vars/main.yml | 8 ++++ .../templates/import/realm.json.j2 | 2 +- 3 files changed, 28 insertions(+), 20 deletions(-) diff --git a/roles/web-app-bigbluebutton/templates/env.j2 b/roles/web-app-bigbluebutton/templates/env.j2 index e0e70270..6ca5cfa1 100644 --- a/roles/web-app-bigbluebutton/templates/env.j2 +++ b/roles/web-app-bigbluebutton/templates/env.j2 @@ -27,17 +27,17 @@ RECORDING_MAX_AGE_DAYS=365 # SECRETS # ==================================== # important! change these to any random values -SHARED_SECRET={{applications | get_app_conf(application_id, 'credentials.shared_secret', True)}} -ETHERPAD_API_KEY={{applications | get_app_conf(application_id, 'credentials.etherpad_api_key', True)}} -RAILS_SECRET={{applications | get_app_conf(application_id, 'credentials.rails_secret', True)}} -POSTGRESQL_SECRET={{applications | get_app_conf(application_id, 'credentials.postgresql_secret', True)}} -FSESL_PASSWORD={{applications | get_app_conf(application_id, 'credentials.fsesl_password', True)}} +SHARED_SECRET={{ BBB_SHARED_SECRET }} +ETHERPAD_API_KEY={{ BBB_ETHERPAD_API_KEY }} +RAILS_SECRET={{ BBB_RAILS_SECRET }} +POSTGRESQL_SECRET={{ BBB_POSTGRESQL_SECRET }} +FSESL_PASSWORD={{ BBB_FSESL_PASSWORD }} # ==================================== # CONNECTION # ==================================== -DOMAIN={{ domains | get_domain(application_id) }} +DOMAIN={{ domain }} EXTERNAL_IPv4={{ networks.internet.ip4 }} # The following line is not tested and could lead to bugs: @@ -50,8 +50,8 @@ STUN_PORT={{ ports.public.stun[application_id] }} # TURN SERVER # uncomment and adjust following two lines to add an external TURN server -TURN_SERVER=turns:{{ domains | get_domain(application_id) }}:{{ ports.public.turn[application_id] }}?transport=tcp -TURN_SECRET={{applications | get_app_conf(application_id, 'credentials.turn_secret', True)}} +TURN_SERVER=turns:{{ domain }}:{{ ports.public.turn[application_id] }}?transport=tcp +TURN_SECRET={{ BBB_TURN_SECRET }} # Allowed SIP IPs # due to high traffic caused by bots, by default the SIP port is blocked. @@ -170,21 +170,21 @@ OAUTH2_REDIRECT= # LDAP_SERVER=ldap.example.com # LDAP_PORT=389 # LDAP_METHOD=plain -# LDAP_UID={{ldap.user.attributes.id}} +# LDAP_UID={{ ldap.user.attributes.id }} # LDAP_BASE=dc=example,dc=com # LDAP_AUTH=simple # LDAP_BIND_DN=cn=admin,dc=example,dc=com # LDAP_PASSWORD=password # LDAP_ROLE_FIELD=ou # LDAP_FILTER=(&(attr1=value1)(attr2=value2)) -LDAP_SERVER="{{ldap.server.domain}}" -LDAP_PORT="{{ldap.server.port}}" +LDAP_SERVER="{{ ldap.server.domain }}" +LDAP_PORT="{{ ldap.server.port }}" LDAP_METHOD= -LDAP_UID={{ldap.user.attributes.id}} -LDAP_BASE="{{ldap.dn.root}}" -LDAP_BIND_DN="{{ldap.dn.administrator.data}}" +LDAP_UID={{ ldap.user.attributes.id }} +LDAP_BASE="{{ ldap.dn.root }}" +LDAP_BIND_DN="{{ ldap.dn.administrator.data }}" LDAP_AUTH=password -LDAP_PASSWORD="{{ldap.bind_credential}}" +LDAP_PASSWORD="{{ ldap.bind_credential }}" LDAP_ROLE_FIELD= LDAP_FILTER= {% endif %} @@ -204,15 +204,15 @@ ALLOW_GREENLIGHT_ACCOUNTS=true # Please refer to your SMTP provider to get the values for the variables below SMTP_SERVER={{ SYSTEM_EMAIL.HOST }} -SMTP_DOMAIN={{SYSTEM_EMAIL.DOMAIN}} +SMTP_DOMAIN={{ SYSTEM_EMAIL.DOMAIN }} SMTP_PORT={{ SYSTEM_EMAIL.PORT }} SMTP_USERNAME={{ users['no-reply'].email }} SMTP_PASSWORD={{ users['no-reply'].mailu_token }} SMTP_AUTH=plain SMTP_OPENSSL_VERIFY_MODE=none -SMTP_STARTTLS_AUTO={{SYSTEM_EMAIL.START_TLS | lower}} -SMTP_STARTTLS={{SYSTEM_EMAIL.START_TLS | lower}} -SMTP_TLS={{SYSTEM_EMAIL.TLS | lower}} +SMTP_STARTTLS_AUTO={{ SYSTEM_EMAIL.START_TLS | lower }} +SMTP_STARTTLS={{ SYSTEM_EMAIL.START_TLS | lower }} +SMTP_TLS={{ SYSTEM_EMAIL.TLS | lower }} SMTP_SSL_VERIFY=true SMTP_SENDER={{ users['no-reply'].email }} SMTP_SENDER_EMAIL={{ users['no-reply'].email }} diff --git a/roles/web-app-bigbluebutton/vars/main.yml b/roles/web-app-bigbluebutton/vars/main.yml index 8d1ac94a..02f7b698 100644 --- a/roles/web-app-bigbluebutton/vars/main.yml +++ b/roles/web-app-bigbluebutton/vars/main.yml @@ -17,3 +17,11 @@ docker_compose_skipp_file_creation: true # Handled in this role docker_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.bigbluebutton.repository') }}" docker_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.bigbluebutton.version') }}" docker_pull_git_repository: true + +# BigBlueButton +BBB_SHARED_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.shared_secret') }}" +BBB_ETHERPAD_API_KEY: "{{ applications | get_app_conf(application_id, 'credentials.etherpad_api_key') }}" +BBB_RAILS_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.rails_secret') }}" +BBB_POSTGRESQL_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}" +BBB_FSESL_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.fsesl_password') }}" +BBB_TURN_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.turn_secret') }}" \ No newline at end of file diff --git a/roles/web-app-keycloak/templates/import/realm.json.j2 b/roles/web-app-keycloak/templates/import/realm.json.j2 index 47294474..a2c4ea9f 100644 --- a/roles/web-app-keycloak/templates/import/realm.json.j2 +++ b/roles/web-app-keycloak/templates/import/realm.json.j2 @@ -1446,7 +1446,7 @@ "smtpServer": { "password": "{{ users['no-reply'].mailu_token }}", "replyToDisplayName": "", - "starttls": "{{SYSTEM_EMAIL.START_TLS | lower}}", + "starttls": "{{ SYSTEM_EMAIL.START_TLS | lower }}", "auth": "true", "port": "{{ SYSTEM_EMAIL.PORT }}", "replyTo": "",