From 7a09f223afa0010194d3a8bc677c41df6f9ccb34 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 6 Aug 2025 15:51:08 +0200 Subject: [PATCH] Implemented the correct setup of the bbb administrator --- .../templates/ssl_header.j2 | 5 +- roles/svc-prx-openresty/vars/main.yml | 4 + roles/sys-bkp-docker-2-loc/tasks/main.yml | 90 +++++++++---------- roles/web-app-bigbluebutton/config/main.yml | 5 +- ...cker-compose.yml => 01_docker-compose.yml} | 0 .../tasks/02_administrator.yml | 16 ++++ roles/web-app-bigbluebutton/tasks/main.yml | 13 ++- roles/web-app-bigbluebutton/users/main.yml | 3 + roles/web-app-bigbluebutton/vars/main.yml | 5 +- roles/web-app-mailu/Todo.md | 3 +- roles/web-app-mailu/config/main.yml | 2 +- roles/web-app-mailu/tasks/TODO.md | 2 - roles/web-svc-cdn/templates/nginx.conf.j2 | 1 + roles/web-svc-file/templates/nginx.conf.j2 | 1 + roles/web-svc-html/templates/nginx.conf.j2 | 1 + 15 files changed, 83 insertions(+), 68 deletions(-) rename roles/web-app-bigbluebutton/tasks/{docker-compose.yml => 01_docker-compose.yml} (100%) create mode 100644 roles/web-app-bigbluebutton/tasks/02_administrator.yml create mode 100644 roles/web-app-bigbluebutton/users/main.yml delete mode 100644 roles/web-app-mailu/tasks/TODO.md diff --git a/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2 b/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2 index 8d971b76..c4e5849d 100644 --- a/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2 +++ b/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2 @@ -1,6 +1,5 @@ -listen {{ WEB_PORT }} ssl; -listen [::]:{{ WEB_PORT }} ssl; -http2; +listen {{ WEB_PORT }} ssl http2; +listen [::]:{{ WEB_PORT }} ssl http2; ssl_protocols TLSv1.2 TLSv1.3; ssl_ecdh_curve X25519:P-256; diff --git a/roles/svc-prx-openresty/vars/main.yml b/roles/svc-prx-openresty/vars/main.yml index cb93c131..7e3a6610 100644 --- a/roles/svc-prx-openresty/vars/main.yml +++ b/roles/svc-prx-openresty/vars/main.yml @@ -1,5 +1,9 @@ +# General application_id: "svc-prx-openresty" +# Deactivate Database for openresty +database_type: false + # Openresty openresty_image: "openresty/openresty" openresty_version: "alpine" diff --git a/roles/sys-bkp-docker-2-loc/tasks/main.yml b/roles/sys-bkp-docker-2-loc/tasks/main.yml index 07df9be3..6880915c 100644 --- a/roles/sys-bkp-docker-2-loc/tasks/main.yml +++ b/roles/sys-bkp-docker-2-loc/tasks/main.yml @@ -1,56 +1,54 @@ -- name: "pkgmgr install" - include_role: - name: pkgmgr-install - vars: - package_name: "{{ bkp_docker_to_local_pkg }}" - when: run_once_bkp_docker_to_local is not defined +- block: + - name: "pkgmgr install" + include_role: + name: pkgmgr-install + vars: + package_name: "{{ bkp_docker_to_local_pkg }}" -- name: "Retrieve {{ bkp_docker_to_local_pkg }} path from pkgmgr" - command: "pkgmgr path {{ bkp_docker_to_local_pkg }}" - register: pkgmgr_output - changed_when: false - when: run_once_bkp_docker_to_local is not defined + - name: "Retrieve {{ bkp_docker_to_local_pkg }} path from pkgmgr" + command: "pkgmgr path {{ bkp_docker_to_local_pkg }}" + register: pkgmgr_output + changed_when: false -- name: Set fact for backup_docker_to_local_folder - set_fact: - backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/" - changed_when: false - when: run_once_bkp_docker_to_local is not defined + - name: Set fact for backup_docker_to_local_folder + set_fact: + backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/" + changed_when: false -- name: "reset (if enabled)" - include_tasks: reset.yml - when: mode_reset | bool and run_once_bkp_docker_to_local is not defined + - name: "reset (if enabled)" + include_tasks: reset.yml -- name: configure sys-bkp-docker-2-loc-everything.infinito.service - template: - src: sys-bkp-docker-2-loc-everything.service.j2 - dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.infinito.service - notify: reload sys-bkp-docker-2-loc-everything.infinito.service - when: run_once_bkp_docker_to_local is not defined + - name: configure sys-bkp-docker-2-loc-everything.infinito.service + template: + src: sys-bkp-docker-2-loc-everything.service.j2 + dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.infinito.service + notify: reload sys-bkp-docker-2-loc-everything.infinito.service -- name: configure sys-bkp-docker-2-loc.infinito.service - template: - src: sys-bkp-docker-2-loc.service.j2 - dest: /etc/systemd/system/sys-bkp-docker-2-loc.infinito.service - notify: reload sys-bkp-docker-2-loc.infinito.service - when: run_once_bkp_docker_to_local is not defined + - name: configure sys-bkp-docker-2-loc.infinito.service + template: + src: sys-bkp-docker-2-loc.service.j2 + dest: /etc/systemd/system/sys-bkp-docker-2-loc.infinito.service + notify: reload sys-bkp-docker-2-loc.infinito.service -- name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - when: run_once_bkp_docker_to_local is not defined + - name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" -- name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_backup_docker_to_local}}" - when: run_once_bkp_docker_to_local is not defined + - name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_backup_docker_to_local}}" + + - name: run the backup_docker_to_local tasks once + set_fact: + run_once_bkp_docker_to_local: true + + when: + - run_once_bkp_docker_to_local is not defined + - database_type is defined and database_type - name: "include seed-database-to-backup.yml" include_tasks: seed-database-to-backup.yml - -- name: run the backup_docker_to_local tasks once - set_fact: - run_once_bkp_docker_to_local: true - when: run_once_bkp_docker_to_local is not defined + when: + - database_type is defined and database_type diff --git a/roles/web-app-bigbluebutton/config/main.yml b/roles/web-app-bigbluebutton/config/main.yml index 91c4b4f5..8e173670 100644 --- a/roles/web-app-bigbluebutton/config/main.yml +++ b/roles/web-app-bigbluebutton/config/main.yml @@ -1,5 +1,4 @@ enable_greenlight: "true" -setup: false database: name: "multiple_databases" username: "postgres2" @@ -7,12 +6,12 @@ api_suffix: "/bigbluebutton/" features: matomo: true css: true - port-ui-desktop: false # Videos can't open in frame due to iframe restrictions + port-ui-desktop: false # Videos can't open in frame due to iframe restrictions # @todo fix this ldap: false oidc: true central_database: false - logout: true + logout: true domains: canonical: - "meet.{{ primary_domain }}" diff --git a/roles/web-app-bigbluebutton/tasks/docker-compose.yml b/roles/web-app-bigbluebutton/tasks/01_docker-compose.yml similarity index 100% rename from roles/web-app-bigbluebutton/tasks/docker-compose.yml rename to roles/web-app-bigbluebutton/tasks/01_docker-compose.yml diff --git a/roles/web-app-bigbluebutton/tasks/02_administrator.yml b/roles/web-app-bigbluebutton/tasks/02_administrator.yml new file mode 100644 index 00000000..4041bae3 --- /dev/null +++ b/roles/web-app-bigbluebutton/tasks/02_administrator.yml @@ -0,0 +1,16 @@ +- block: + - name: "Create default admin" + command: + cmd: docker compose exec greenlight \ + bundle exec rake admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password }}'] + chdir: "{{ docker_compose.directories.instance }}" + register: admin_creation_result + # Treat exit codes 0 (created) and 2 (already exists) as success + failed_when: admin_creation_result.rc not in [0,2] + rescue: + - name: "Make existing user administrator" + command: + cmd: > + docker compose exec greenlight + bundle exec rake user:set_admin_role['{{ users.administrator.email }}'] + chdir: "{{ docker_compose.directories.instance }}" \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/tasks/main.yml b/roles/web-app-bigbluebutton/tasks/main.yml index d9b9acbe..f9e996b9 100644 --- a/roles/web-app-bigbluebutton/tasks/main.yml +++ b/roles/web-app-bigbluebutton/tasks/main.yml @@ -34,7 +34,7 @@ state: link - name: "Setup docker-compose.yml file" - include_tasks: "docker-compose.yml" + include_tasks: "01_docker-compose.yml" - name: Ensure all containers in instance are running include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/04_ensure_up.yml" @@ -60,10 +60,7 @@ delay: 5 changed_when: false -- name: create admin - command: - cmd: docker compose exec greenlight bundle exec rake admin:create - chdir: "{{ docker_compose.directories.instance }}" - when: bbb_setup - ignore_errors: true - register: admin_creation_result \ No newline at end of file +- name: "Setup administrator" + include_tasks: "02_administrator.yml" + + diff --git a/roles/web-app-bigbluebutton/users/main.yml b/roles/web-app-bigbluebutton/users/main.yml new file mode 100644 index 00000000..0e8e6748 --- /dev/null +++ b/roles/web-app-bigbluebutton/users/main.yml @@ -0,0 +1,3 @@ +users: + administrator: + email: "administrator@{{ primary_domain }}" \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/vars/main.yml b/roles/web-app-bigbluebutton/vars/main.yml index 1e8558a5..c2521197 100644 --- a/roles/web-app-bigbluebutton/vars/main.yml +++ b/roles/web-app-bigbluebutton/vars/main.yml @@ -12,7 +12,4 @@ http_port: "{{ ports.localhost.http[application_i docker_compose_skipp_file_creation: true # Handled in this role docker_repository_address: "https://github.com/bigbluebutton/docker.git" docker_pull_git_repository: true -docker_compose_flush_handlers: false - -# Setup -bbb_setup: "{{ applications | get_app_conf(application_id, 'setup') }}" \ No newline at end of file +docker_compose_flush_handlers: false \ No newline at end of file diff --git a/roles/web-app-mailu/Todo.md b/roles/web-app-mailu/Todo.md index 81710cfc..c39a98cd 100644 --- a/roles/web-app-mailu/Todo.md +++ b/roles/web-app-mailu/Todo.md @@ -1,2 +1,3 @@ # Todos -- Implement hard restart into Backup for mailu \ No newline at end of file +- Implement hard restart into Backup for mailu +- Check if DKIM generation works on new setups \ No newline at end of file diff --git a/roles/web-app-mailu/config/main.yml b/roles/web-app-mailu/config/main.yml index 252dd498..d375bfa5 100644 --- a/roles/web-app-mailu/config/main.yml +++ b/roles/web-app-mailu/config/main.yml @@ -8,7 +8,7 @@ features: port-ui-desktop: true # Deactivated mailu iframe loading until keycloak supports it oidc: true central_database: false # Deactivate central database for mailu, I don't know why the database deactivation is necessary - logout: true + logout: true domains: canonical: - "mail.{{ primary_domain }}" diff --git a/roles/web-app-mailu/tasks/TODO.md b/roles/web-app-mailu/tasks/TODO.md deleted file mode 100644 index 92d9c454..00000000 --- a/roles/web-app-mailu/tasks/TODO.md +++ /dev/null @@ -1,2 +0,0 @@ -# Todos -- Check if DKIM generation works on new setups \ No newline at end of file diff --git a/roles/web-svc-cdn/templates/nginx.conf.j2 b/roles/web-svc-cdn/templates/nginx.conf.j2 index da672710..40448b13 100644 --- a/roles/web-svc-cdn/templates/nginx.conf.j2 +++ b/roles/web-svc-cdn/templates/nginx.conf.j2 @@ -7,6 +7,7 @@ server {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%} {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} + charset utf-8; location / diff --git a/roles/web-svc-file/templates/nginx.conf.j2 b/roles/web-svc-file/templates/nginx.conf.j2 index 11df2a2a..060882ea 100644 --- a/roles/web-svc-file/templates/nginx.conf.j2 +++ b/roles/web-svc-file/templates/nginx.conf.j2 @@ -7,6 +7,7 @@ server {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%} {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} + charset utf-8; location / diff --git a/roles/web-svc-html/templates/nginx.conf.j2 b/roles/web-svc-html/templates/nginx.conf.j2 index bbc93394..d9e04ef4 100644 --- a/roles/web-svc-html/templates/nginx.conf.j2 +++ b/roles/web-svc-html/templates/nginx.conf.j2 @@ -7,6 +7,7 @@ server {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%} {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} + charset utf-8; location /