Resolve "migration Jitsi IMIO"

roles/jitsi-enable-multidomain/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+- name: restart jitsi-videobridge2
+  systemd:
+    name: jitsi-videobridge2
+    state: restarted
+    enabled: true
+
+- name: restart nginx
+  systemd:
+    name: nginx
+    state: restarted
+    enabled: true

roles/jitsi-enable-multidomain/tasks/jitsi.yml

@@ -0,0 +1,9 @@
+---
+- name: Conf Jitsi MultiDomain - rend l'url bosh dynamique dans la conf js
+  replace:
+    path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js
+    regexp: '[^?]{{ inventory_hostname }}/http-bind'
+    replace: '<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind'
+  notify:
+    - restart jitsi-videobridge2
+    - restart nginx

roles/jitsi-enable-multidomain/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+- include_tasks: nginx.yml
+  loop: "{{ jitsi_multidomain_domain }}"
+  loop_control:
+    loop_var: hostname
+- include_tasks: ssl.yml
+- include_tasks: jitsi.yml

roles/jitsi-enable-multidomain/tasks/nginx.yml

@@ -0,0 +1,39 @@
+---
+- name: Check that the somefile.conf exists
+  stat:
+    path: /etc/nginx/sites-available/{{ hostname }}.conf
+  register: nginx_file
+
+- name: Conf Jitsi MultiDomain - Duplication de la conf nginx
+  copy:
+    src: /etc/nginx/sites-available/{{ inventory_hostname }}.conf
+    dest: /etc/nginx/sites-available/{{ hostname }}.conf
+    remote_src: yes
+  when: not nginx_file.stat.exists
+
+- name: Conf Jitsi MultiDomain - Change le ServerName des conf nginx
+  replace:
+    path: /etc/nginx/sites-available/{{ hostname }}.conf
+    regexp: "[^?]server_name {{ inventory_hostname }}"
+    replace: "server_name {{ hostname }}"
+
+- name: Conf Jitsi MultiDomain - surcharge le header proxy
+  replace:
+    path: /etc/nginx/sites-available/{{ hostname }}.conf
+    regexp: '[^?]\$http_host'
+    replace: ' {{ inventory_hostname }}'
+
+- name: Conf Jitsi MultiDomain - suppression du paramètre server_names_hash_bucket_size car génère une erreur si en doublon
+  lineinfile:
+    path: /etc/nginx/sites-available/{{ hostname }}.conf
+    state: absent
+    regexp: '^server_names_hash_bucket_size'
+
+- name: Activation des nouvelles conf nginx
+  file:
+    src: /etc/nginx/sites-available/{{ hostname }}.conf
+    dest: /etc/nginx/sites-enabled/{{ hostname }}.conf
+    state: link
+  notify:
+    - restart jitsi-videobridge2
+    - restart nginx

roles/jitsi-enable-multidomain/tasks/ssl.yml

@@ -0,0 +1,43 @@
+---
+- name: Check that the somefile.conf exists
+  stat:
+    path: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert-with-param.sh
+  register: ssl_file
+
+- name: Conf SSL MultiDomain - Duplication du script Let's Encrypt d'origine
+  copy:
+    src: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
+    dest: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert-with-param.sh
+    mode: u+x
+    remote_src: yes
+  when: not ssl_file.stat.exists
+
+- name: Conf SSL MultiDomain - rend le nom de domaine paramétrable dans le script certbot de jitsi
+  replace:
+    path: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert-with-param.sh
+    regexp: '^DOMAIN="\${DEB_CONF_RESULT##\*:}"'
+    replace: "DOMAIN=$1"
+
+- name: Conf SSL MultiDomain - Exécution du script lets encrypt
+  shell:
+    cmd: "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert-with-param.sh {{ item }}"
+    creates: /etc/letsencrypt/live/{{ item }}/fullchain.pem # Execute le script que si ce fichier n'existe pas
+  loop: "{{ jitsi_multidomain_domain }}"
+
+- name: Conf Jitsi MultiDomain - Change le ServerName des conf nginx
+  replace:
+    path: /etc/nginx/sites-available/{{ item }}.conf
+    regexp: "[^?]ssl_certificate /etc/letsencrypt/live/{{ inventory_hostname }}.*$"
+    replace: "ssl_certificate /etc/letsencrypt/live/{{ item }}/fullchain.pem;"
+  loop: "{{ jitsi_multidomain_domain }}"
+  notify:
+    - restart nginx
+
+- name: Conf Jitsi MultiDomain - Change le ServerName des conf nginx
+  replace:
+    path: /etc/nginx/sites-available/{{ item }}.conf
+    regexp: "[^?]ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}.*$"
+    replace: "ssl_certificate_key /etc/letsencrypt/live/{{ item }}/privkey.pem;"
+  loop: "{{ jitsi_multidomain_domain }}"
+  notify:
+    - restart nginx

roles/jitsi-enable-specific-imio/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: reload nginx
+  systemd:
+    name: nginx
+    state: reloaded

roles/jitsi-enable-specific-imio/tasks/main.yml

@@ -0,0 +1,66 @@
+---
+- name: création du répertoire pour recevoir les fichiers statiques de IMIO
+  file:
+    path: /usr/share/jitsi-meet/static-imio
+    state: directory
+
+- name: personnalise la config nginx de l'accès jitsi principal
+  blockinfile:
+    path: /etc/nginx/sites-enabled/{{ inventory_hostname }}.conf
+    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+    insertafter: "gzip_min_length 512;"
+    block: |
+      ### Pages static
+        location = /rgpd {
+            try_files /static-imio/imio-rgpd.html =404;
+        }
+
+        location ~ ^/$ {
+            try_files /static-imio/imio-index.html =404;
+        }
+
+        location ~ ^/static-imio/(.*)$ {
+          alias /usr/share/jitsi-meet/static-imio/$1;
+        }
+  notify:
+    - reload nginx
+
+- name: personnalise la config nginx de l'accès à cpas
+  blockinfile:
+    path: /etc/nginx/sites-enabled/{{ jitsi_multidomain_domain[0] }}.conf
+    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+    insertafter: "gzip_min_length 512;"
+    block: |
+      #### Pages static
+          location = /cpas {
+            try_files /static-imio/cpas-cpas.html =404;
+          }
+
+          location = /rgpd {
+              try_files /static-imio/cpas-rgpd.html =404;
+          }
+
+          location ~ ^/$ {
+            try_files /static-imio/cpas-index.html =404;
+          }
+
+          location ~ ^/static-imio/(.*)$ {
+            alias /usr/share/jitsi-meet/static-imio/$1;
+          }
+  notify:
+    - reload nginx
+
+- name: gestion du cookie la config nginx
+  blockinfile:
+    path: /etc/nginx/sites-enabled/{{ item }}.conf
+    marker: "# {mark} ANSIBLE MANAGED COOKIE BLOCK"
+    insertbefore: 'try_files \$uri @root_path'
+    block: |
+        # Ajout du cookie
+        set $room $1;
+        if ($http_cookie !~* "rgpd") {
+           return 302 $scheme://$host/rgpd?room=$room;
+        }
+  loop: "{{ jitsi_multidomain_domain }}"
+  notify:
+    - reload nginx

roles/jitsi-install/tasks/main.yml

@@ -12,7 +12,7 @@
       EMAIL=supervision@nereide.fr
 
 - name: Exécution du script lets encrypt
-  shell: 
+  shell:
     cmd: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh >> jitsi-le.log
     creates: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem # Execute le script que si ce fichier n'existe pas