Implemented the correct setup of the bbb administrator

2025-08-29 15:06:26 +02:00 · 2025-08-06 15:51:08 +02:00
parent f88e57ca52
commit 7a09f223af
15 changed files with 83 additions and 68 deletions
--- a/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2
+++ b/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2
@@ -1,6 +1,5 @@
-listen {{ WEB_PORT }} ssl;
-listen [::]:{{ WEB_PORT }} ssl;
-http2;
+listen {{ WEB_PORT }} ssl http2;
+listen [::]:{{ WEB_PORT }} ssl http2;

 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ecdh_curve X25519:P-256;
--- a/roles/svc-prx-openresty/vars/main.yml
+++ b/roles/svc-prx-openresty/vars/main.yml
@@ -1,5 +1,9 @@
+# General
 application_id:                 "svc-prx-openresty"

+# Deactivate Database for openresty
+database_type:                  false
+
 # Openresty
 openresty_image:                "openresty/openresty"
 openresty_version:              "alpine"
--- a/roles/sys-bkp-docker-2-loc/tasks/main.yml
+++ b/roles/sys-bkp-docker-2-loc/tasks/main.yml
@@ -1,56 +1,54 @@
- name: "pkgmgr install"
-  include_role:
-    name: pkgmgr-install
-  vars:
-    package_name: "{{ bkp_docker_to_local_pkg }}"
-  when: run_once_bkp_docker_to_local is not defined
+- block:
+    - name: "pkgmgr install"
+      include_role:
+        name: pkgmgr-install
+      vars:
+        package_name: "{{ bkp_docker_to_local_pkg }}"

- name: "Retrieve {{ bkp_docker_to_local_pkg }} path from pkgmgr"
-  command: "pkgmgr path {{ bkp_docker_to_local_pkg }}"
-  register: pkgmgr_output
-  changed_when: false
-  when: run_once_bkp_docker_to_local is not defined
+    - name: "Retrieve {{ bkp_docker_to_local_pkg }} path from pkgmgr"
+      command: "pkgmgr path {{ bkp_docker_to_local_pkg }}"
+      register: pkgmgr_output
+      changed_when: false

- name: Set fact for backup_docker_to_local_folder
-  set_fact:
-    backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/"
-  changed_when: false
-  when: run_once_bkp_docker_to_local is not defined
+    - name: Set fact for backup_docker_to_local_folder
+      set_fact:
+        backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/"
+      changed_when: false

- name: "reset (if enabled)"
-  include_tasks: reset.yml 
-  when: mode_reset | bool and run_once_bkp_docker_to_local is not defined
+    - name: "reset (if enabled)"
+      include_tasks: reset.yml

- name: configure sys-bkp-docker-2-loc-everything.infinito.service
-  template: 
-    src: sys-bkp-docker-2-loc-everything.service.j2
-    dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.infinito.service
-  notify: reload sys-bkp-docker-2-loc-everything.infinito.service
-  when: run_once_bkp_docker_to_local is not defined
+    - name: configure sys-bkp-docker-2-loc-everything.infinito.service
+      template: 
+        src: sys-bkp-docker-2-loc-everything.service.j2
+        dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.infinito.service
+      notify: reload sys-bkp-docker-2-loc-everything.infinito.service

- name: configure sys-bkp-docker-2-loc.infinito.service
-  template: 
-    src: sys-bkp-docker-2-loc.service.j2
-    dest: /etc/systemd/system/sys-bkp-docker-2-loc.infinito.service
-  notify: reload sys-bkp-docker-2-loc.infinito.service
-  when: run_once_bkp_docker_to_local is not defined
+    - name: configure sys-bkp-docker-2-loc.infinito.service
+      template: 
+        src: sys-bkp-docker-2-loc.service.j2
+        dest: /etc/systemd/system/sys-bkp-docker-2-loc.infinito.service
+      notify: reload sys-bkp-docker-2-loc.infinito.service

- name: "set 'service_name' to '{{ role_name }}'"
-  set_fact:
-    service_name: "{{ role_name }}"
-  when: run_once_bkp_docker_to_local is not defined
+    - name: "set 'service_name' to '{{ role_name }}'"
+      set_fact:
+        service_name: "{{ role_name }}"

- name: "include role for sys-timer for {{service_name}}"
-  include_role:
-    name: sys-timer
-  vars:
-    on_calendar:  "{{on_calendar_backup_docker_to_local}}"
-  when: run_once_bkp_docker_to_local is not defined
+    - name: "include role for sys-timer for {{service_name}}"
+      include_role:
+        name: sys-timer
+      vars:
+        on_calendar:  "{{on_calendar_backup_docker_to_local}}"
+
+    - name: run the backup_docker_to_local tasks once
+      set_fact:
+        run_once_bkp_docker_to_local: true
+  
+  when: 
+    - run_once_bkp_docker_to_local is not defined
+    - database_type is defined and database_type

 - name: "include seed-database-to-backup.yml"
  include_tasks: seed-database-to-backup.yml
-
- name: run the backup_docker_to_local tasks once
-  set_fact:
-    run_once_bkp_docker_to_local: true
-  when: run_once_bkp_docker_to_local is not defined
+  when:
+    - database_type is defined and database_type
--- a/roles/web-app-bigbluebutton/config/main.yml
+++ b/roles/web-app-bigbluebutton/config/main.yml
@@ -1,5 +1,4 @@
 enable_greenlight:    "true"
-setup:                false
 database:
  name:               "multiple_databases"
  username:           "postgres2"
@@ -7,12 +6,12 @@ api_suffix:           "/bigbluebutton/"
 features:
  matomo:             true
  css:                true
-  port-ui-desktop:     false # Videos can't open in frame due to iframe restrictions
+  port-ui-desktop:    false # Videos can't open in frame due to iframe restrictions
                            # @todo fix this
  ldap:               false
  oidc:               true
  central_database:   false
-  logout:   true
+  logout:             true
 domains:
  canonical:
    - "meet.{{ primary_domain }}"
--- a/roles/web-app-bigbluebutton/tasks/01_docker-compose.yml
+++ b/roles/web-app-bigbluebutton/tasks/01_docker-compose.yml
--- a/roles/web-app-bigbluebutton/tasks/02_administrator.yml
+++ b/roles/web-app-bigbluebutton/tasks/02_administrator.yml
@@ -0,0 +1,16 @@
+- block:
+    - name: "Create default admin"
+      command:
+        cmd: docker compose exec greenlight \
+             bundle exec rake admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password }}']
+        chdir: "{{ docker_compose.directories.instance }}"
+      register: admin_creation_result
+      # Treat exit codes 0 (created) and 2 (already exists) as success
+      failed_when: admin_creation_result.rc not in [0,2]
+  rescue:
+    - name: "Make existing user administrator"
+      command:
+        cmd: >
+          docker compose exec greenlight
+          bundle exec rake user:set_admin_role['{{ users.administrator.email }}']
+        chdir: "{{ docker_compose.directories.instance }}"
--- a/roles/web-app-bigbluebutton/tasks/main.yml
+++ b/roles/web-app-bigbluebutton/tasks/main.yml
@@ -34,7 +34,7 @@
    state:  link

 - name: "Setup docker-compose.yml file"
-  include_tasks: "docker-compose.yml"
+  include_tasks: "01_docker-compose.yml"

 - name: Ensure all containers in instance are running
  include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/04_ensure_up.yml"
@@ -60,10 +60,7 @@
  delay: 5
  changed_when: false

- name: create admin
-  command:
-    cmd: docker compose exec greenlight bundle exec rake admin:create
-    chdir: "{{ docker_compose.directories.instance }}"
-  when: bbb_setup
-  ignore_errors: true
-  register: admin_creation_result
+- name: "Setup administrator"
+  include_tasks: "02_administrator.yml"
+
+
--- a/roles/web-app-bigbluebutton/users/main.yml
+++ b/roles/web-app-bigbluebutton/users/main.yml
@@ -0,0 +1,3 @@
+users:
+  administrator:
+    email:                "administrator@{{ primary_domain }}"
--- a/roles/web-app-bigbluebutton/vars/main.yml
+++ b/roles/web-app-bigbluebutton/vars/main.yml
@@ -12,7 +12,4 @@ http_port:                                "{{ ports.localhost.http[application_i
 docker_compose_skipp_file_creation:       true # Handled in this role
 docker_repository_address:                "https://github.com/bigbluebutton/docker.git"
 docker_pull_git_repository:               true
-docker_compose_flush_handlers:            false
-
-# Setup 
-bbb_setup:                                "{{ applications | get_app_conf(application_id, 'setup') }}"
+docker_compose_flush_handlers:            false
--- a/roles/web-app-mailu/Todo.md
+++ b/roles/web-app-mailu/Todo.md
@@ -1,2 +1,3 @@
 # Todos
- Implement hard restart into Backup for mailu
+- Implement hard restart into Backup for mailu
+- Check if DKIM generation works on new setups
--- a/roles/web-app-mailu/config/main.yml
+++ b/roles/web-app-mailu/config/main.yml
@@ -8,7 +8,7 @@ features:
  port-ui-desktop:        true                             # Deactivated mailu iframe loading until keycloak supports it
  oidc:                   true
  central_database:       false                             # Deactivate central database for mailu, I don't know why the database deactivation is necessary
-  logout:       true
+  logout:                 true
 domains:
  canonical:
    - "mail.{{ primary_domain }}"
--- a/roles/web-app-mailu/tasks/TODO.md
+++ b/roles/web-app-mailu/tasks/TODO.md
@@ -1,2 +0,0 @@
-# Todos
- Check if DKIM generation works on new setups
--- a/roles/web-svc-cdn/templates/nginx.conf.j2
+++ b/roles/web-svc-cdn/templates/nginx.conf.j2
@@ -7,6 +7,7 @@ server
  {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%}

  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
+  
  charset utf-8;
  
  location /
--- a/roles/web-svc-file/templates/nginx.conf.j2
+++ b/roles/web-svc-file/templates/nginx.conf.j2
@@ -7,6 +7,7 @@ server
  {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%}

  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
+  
  charset utf-8;
  
  location /
--- a/roles/web-svc-html/templates/nginx.conf.j2
+++ b/roles/web-svc-html/templates/nginx.conf.j2
@@ -7,6 +7,7 @@ server
  {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%}

  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
+  
  charset utf-8;
  
  location /