Implemented the correct setup of the bbb administrator

2025-08-29 15:06:26 +02:00 · 2025-08-06 15:51:08 +02:00
parent f88e57ca52
commit 7a09f223af
15 changed files with 83 additions and 68 deletions
--- a/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2
+++ b/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2
@@ -1,6 +1,5 @@
-listen {{ WEB_PORT }} ssl;
+listen {{ WEB_PORT }} ssl http2;
-listen [::]:{{ WEB_PORT }} ssl;
+listen [::]:{{ WEB_PORT }} ssl http2;
 http2;
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ecdh_curve X25519:P-256;
--- a/roles/svc-prx-openresty/vars/main.yml
+++ b/roles/svc-prx-openresty/vars/main.yml
@@ -1,5 +1,9 @@
 # General
 application_id:                 "svc-prx-openresty"
 # Deactivate Database for openresty
 database_type:                  false
 # Openresty
 openresty_image:                "openresty/openresty"
 openresty_version:              "alpine"
--- a/roles/sys-bkp-docker-2-loc/tasks/main.yml
+++ b/roles/sys-bkp-docker-2-loc/tasks/main.yml
@@ -1,56 +1,54 @@
- name: "pkgmgr install"
+- block:
-  include_role:
+    - name: "pkgmgr install"
-    name: pkgmgr-install
+      include_role:
-  vars:
+        name: pkgmgr-install
-    package_name: "{{ bkp_docker_to_local_pkg }}"
+      vars:
-  when: run_once_bkp_docker_to_local is not defined
+        package_name: "{{ bkp_docker_to_local_pkg }}"
- name: "Retrieve {{ bkp_docker_to_local_pkg }} path from pkgmgr"
+    - name: "Retrieve {{ bkp_docker_to_local_pkg }} path from pkgmgr"
-  command: "pkgmgr path {{ bkp_docker_to_local_pkg }}"
+      command: "pkgmgr path {{ bkp_docker_to_local_pkg }}"
-  register: pkgmgr_output
+      register: pkgmgr_output
-  changed_when: false
+      changed_when: false
  when: run_once_bkp_docker_to_local is not defined
- name: Set fact for backup_docker_to_local_folder
+    - name: Set fact for backup_docker_to_local_folder
-  set_fact:
+      set_fact:
-    backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/"
+        backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/"
-  changed_when: false
+      changed_when: false
  when: run_once_bkp_docker_to_local is not defined
- name: "reset (if enabled)"
+    - name: "reset (if enabled)"
-  include_tasks: reset.yml 
+      include_tasks: reset.yml
  when: mode_reset | bool and run_once_bkp_docker_to_local is not defined
- name: configure sys-bkp-docker-2-loc-everything.infinito.service
+    - name: configure sys-bkp-docker-2-loc-everything.infinito.service
-  template: 
+      template: 
-    src: sys-bkp-docker-2-loc-everything.service.j2
+        src: sys-bkp-docker-2-loc-everything.service.j2
-    dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.infinito.service
+        dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.infinito.service
-  notify: reload sys-bkp-docker-2-loc-everything.infinito.service
+      notify: reload sys-bkp-docker-2-loc-everything.infinito.service
  when: run_once_bkp_docker_to_local is not defined
- name: configure sys-bkp-docker-2-loc.infinito.service
+    - name: configure sys-bkp-docker-2-loc.infinito.service
-  template: 
+      template: 
-    src: sys-bkp-docker-2-loc.service.j2
+        src: sys-bkp-docker-2-loc.service.j2
-    dest: /etc/systemd/system/sys-bkp-docker-2-loc.infinito.service
+        dest: /etc/systemd/system/sys-bkp-docker-2-loc.infinito.service
-  notify: reload sys-bkp-docker-2-loc.infinito.service
+      notify: reload sys-bkp-docker-2-loc.infinito.service
  when: run_once_bkp_docker_to_local is not defined
- name: "set 'service_name' to '{{ role_name }}'"
+    - name: "set 'service_name' to '{{ role_name }}'"
-  set_fact:
+      set_fact:
-    service_name: "{{ role_name }}"
+        service_name: "{{ role_name }}"
  when: run_once_bkp_docker_to_local is not defined
- name: "include role for sys-timer for {{service_name}}"
+    - name: "include role for sys-timer for {{service_name}}"
-  include_role:
+      include_role:
-    name: sys-timer
+        name: sys-timer
-  vars:
+      vars:
-    on_calendar:  "{{on_calendar_backup_docker_to_local}}"
+        on_calendar:  "{{on_calendar_backup_docker_to_local}}"
-  when: run_once_bkp_docker_to_local is not defined
+
    - name: run the backup_docker_to_local tasks once
      set_fact:
        run_once_bkp_docker_to_local: true
  when: 
    - run_once_bkp_docker_to_local is not defined
    - database_type is defined and database_type
 - name: "include seed-database-to-backup.yml"
  include_tasks: seed-database-to-backup.yml
-
+  when:
- name: run the backup_docker_to_local tasks once
+    - database_type is defined and database_type
  set_fact:
    run_once_bkp_docker_to_local: true
  when: run_once_bkp_docker_to_local is not defined
--- a/roles/web-app-bigbluebutton/config/main.yml
+++ b/roles/web-app-bigbluebutton/config/main.yml
@@ -1,5 +1,4 @@
 enable_greenlight:    "true"
 setup:                false
 database:
  name:               "multiple_databases"
  username:           "postgres2"
@@ -7,12 +6,12 @@ api_suffix:           "/bigbluebutton/"
 features:
  matomo:             true
  css:                true
-  port-ui-desktop:     false # Videos can't open in frame due to iframe restrictions
+  port-ui-desktop:    false # Videos can't open in frame due to iframe restrictions
                            # @todo fix this
  ldap:               false
  oidc:               true
  central_database:   false
-  logout:   true
+  logout:             true
 domains:
  canonical:
    - "meet.{{ primary_domain }}"
--- a/roles/web-app-bigbluebutton/tasks/01_docker-compose.yml
+++ b/roles/web-app-bigbluebutton/tasks/01_docker-compose.yml
--- a/roles/web-app-bigbluebutton/tasks/02_administrator.yml
+++ b/roles/web-app-bigbluebutton/tasks/02_administrator.yml
@@ -0,0 +1,16 @@
 - block:
    - name: "Create default admin"
      command:
        cmd: docker compose exec greenlight \
             bundle exec rake admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password }}']
        chdir: "{{ docker_compose.directories.instance }}"
      register: admin_creation_result
      # Treat exit codes 0 (created) and 2 (already exists) as success
      failed_when: admin_creation_result.rc not in [0,2]
  rescue:
    - name: "Make existing user administrator"
      command:
        cmd: >
          docker compose exec greenlight
          bundle exec rake user:set_admin_role['{{ users.administrator.email }}']
        chdir: "{{ docker_compose.directories.instance }}"
--- a/roles/web-app-bigbluebutton/tasks/main.yml
+++ b/roles/web-app-bigbluebutton/tasks/main.yml
@@ -34,7 +34,7 @@
    state:  link
 - name: "Setup docker-compose.yml file"
-  include_tasks: "docker-compose.yml"
+  include_tasks: "01_docker-compose.yml"
 - name: Ensure all containers in instance are running
  include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/04_ensure_up.yml"
@@ -60,10 +60,7 @@
  delay: 5
  changed_when: false
- name: create admin
+- name: "Setup administrator"
-  command:
+  include_tasks: "02_administrator.yml"
-    cmd: docker compose exec greenlight bundle exec rake admin:create
+
-    chdir: "{{ docker_compose.directories.instance }}"
+
  when: bbb_setup
  ignore_errors: true
  register: admin_creation_result
--- a/roles/web-app-bigbluebutton/users/main.yml
+++ b/roles/web-app-bigbluebutton/users/main.yml
@@ -0,0 +1,3 @@
 users:
  administrator:
    email:                "administrator@{{ primary_domain }}"
--- a/roles/web-app-bigbluebutton/vars/main.yml
+++ b/roles/web-app-bigbluebutton/vars/main.yml
@@ -12,7 +12,4 @@ http_port:                                "{{ ports.localhost.http[application_i
 docker_compose_skipp_file_creation:       true # Handled in this role
 docker_repository_address:                "https://github.com/bigbluebutton/docker.git"
 docker_pull_git_repository:               true
-docker_compose_flush_handlers:            false
+docker_compose_flush_handlers:            false
 # Setup 
 bbb_setup:                                "{{ applications | get_app_conf(application_id, 'setup') }}"
--- a/roles/web-app-mailu/Todo.md
+++ b/roles/web-app-mailu/Todo.md
@@ -1,2 +1,3 @@
 # Todos
- Implement hard restart into Backup for mailu
+- Implement hard restart into Backup for mailu
 - Check if DKIM generation works on new setups
--- a/roles/web-app-mailu/config/main.yml
+++ b/roles/web-app-mailu/config/main.yml
@@ -8,7 +8,7 @@ features:
  port-ui-desktop:        true                             # Deactivated mailu iframe loading until keycloak supports it
  oidc:                   true
  central_database:       false                             # Deactivate central database for mailu, I don't know why the database deactivation is necessary
-  logout:       true
+  logout:                 true
 domains:
  canonical:
    - "mail.{{ primary_domain }}"
--- a/roles/web-app-mailu/tasks/TODO.md
+++ b/roles/web-app-mailu/tasks/TODO.md
@@ -1,2 +0,0 @@
 # Todos
 - Check if DKIM generation works on new setups
--- a/roles/web-svc-cdn/templates/nginx.conf.j2
+++ b/roles/web-svc-cdn/templates/nginx.conf.j2
@@ -7,6 +7,7 @@ server
  {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%}
  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
  charset utf-8;
  location /
--- a/roles/web-svc-file/templates/nginx.conf.j2
+++ b/roles/web-svc-file/templates/nginx.conf.j2
@@ -7,6 +7,7 @@ server
  {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%}
  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
  charset utf-8;
  location /
--- a/roles/web-svc-html/templates/nginx.conf.j2
+++ b/roles/web-svc-html/templates/nginx.conf.j2
@@ -7,6 +7,7 @@ server
  {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%}
  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
  charset utf-8;
  location /
		`@@ -1,2 +0,0 @@`
			`# Todos`
			`- Check if DKIM generation works on new setups`