---
- name: Installation des prérequis
  apt:
    name:
      #      - sshguard
      - ufw
      - gnupg2
      - nginx-full
    update_cache: true
    state: present

- name: Mise en place des règle firewall tcp et udp
  # yamllint disable-line rule:line-length
  # source : https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall
  ufw:
    state: enabled
    rule: allow
    port: '{{ item[0] }}'
    proto: '{{ item[1] }}'
  loop:
    - ['80', 'tcp']
    - ['443', 'tcp']
    - ['4443', 'tcp']
    - ['22', 'tcp']
    - ['10000', 'udp']
    - ['3478', 'udp']
    - ['5349', 'tcp']
    - ['5222', 'tcp']  # XMPP port for recorder

# yamllint disable-line rule:line-length
- name: Import de la clé GPG  # source: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#add-the-jitsi-package-repository
  apt_key:
    id: FFD65A0DA2BEBDEB73D44C8BB4D2D216F1FD7806
    url: https://download.jitsi.org/jitsi-key.gpg.key
    keyring: /etc/apt/trusted.gpg.d/jitsi.gpg

- name: Ajout du depot jitsi
  apt_repository:
    # yamllint disable-line rule:line-length
    repo: deb [signed-by=/etc/apt/trusted.gpg.d/jitsi.gpg] https://download.jitsi.org stable/
    update_cache: true

- name: Application du hostname avant installation
  debconf:
    name: jitsi-meet-web-config
    question: jitsi-videobridge/jvb-hostname
    value: '{{ inventory_hostname }}'
    vtype: string

- name: On veut un certificat autogénéré
  debconf:
    name: jitsi-meet-web-config
    question: jitsi-meet/cert-choice
    value: >
      "Generate a new self-signed certificate (You will later get a chance to
      obtain a Let's encrypt certificate)"
    vtype: string

- name: installation de jitsi
  apt:
    name: jitsi-meet

- name: Conf let's encrypt - désactivation de la demande du mail de supervision
  replace:
    path: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
    regexp: "^read EMAIL"
    replace: |
      #read EMAIL
      EMAIL=supervision@nereide.fr

- name: Exécution du script lets encrypt
  shell:
    cmd:
      /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh >> jitsi-le.log
    creates: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
    # Execute le script que si ce fichier n'existe pas

- name: Ajout d'un memo pour suprimer manuellement Jitsi
  copy:
    dest: /root/purgeJitsi.sh
    mode: 0700
    content: |
      systemctl stop jitsi-videobridge2 prosody jicofo nginx coturn
      apt purge jitsi-meet && apt --purge autoremove
      rm -rf /etc/jitsi/ /usr/share/jitsi-* /etc/letsencrypt