Release v3.0.0

CHANGELOG.md

@@ -1,9 +1,19 @@
 # Change Log
 
-## Not released yet
-
-* Change jitsi_meet_disable_third_party_requests default from true to false and make it work with ansible.
-
+## [v3.0.0](https://github.com/UdelaRInterior/ansible-role-jitsi-meet/tree/v3.0.0)
+
+* **`jitsi_meet_install_recommends: no` changed to `jitsi_meet_install_recommends: yes` on *defaults/main.yml*** (See [PR #5729](https://github.com/jitsi/jitsi-meet/pull/5729))
+* **`jitsi_meet_configure_firewall: true` changed to `jitsi_meet_configure_firewall: false` on *defaults/main.yml***. To avoid overlapping with the rest of your roles/playbooks and lose SSH access. (This role focuses on configuring Jitsi Meet)
+* Manage videobridge stats and colibri exposure over HTTPS
+* Thanks to [@tabacha](https://github.com/tabacha):
+    * `jitsi_meet_disable_third_party_requests` used correctly ([#10](https://github.com/UdelaRInterior/ansible-role-jitsi-meet/pull/10))
+    * UFW ports configurable from vars ([#11](https://github.com/UdelaRInterior/ansible-role-jitsi-meet/pull/11))
+      **Note that now enabling SSH port isn't part of the default behavior**
+    * Manage Prosody authentication ([#12](https://github.com/UdelaRInterior/ansible-role-jitsi-meet/pull/12))
+* Thanks to [@fabiogermann](https://github.com/fabiogermann):
+    * Settings to run behind a NAT firewall ([#7](https://github.com/UdelaRInterior/ansible-role-jitsi-meet/pull/7))
+* Added Ansible tags for each component in *tasks/main.yml*
+* Various improvements in code quality
 
 ## [v2.0.0](https://github.com/UdelaRInterior/ansible-role-jitsi-meet/tree/v2.0.0)
 

README.md

@@ -1,23 +1,17 @@
 jitsi-meet
 =========
 
-[![Galaxy](https://img.shields.io/badge/galaxy-UdelaRInterior.jitsi_meet-blue.svg)](https://galaxy.ansible.com/udelarinterior/jitsi_meet)
+[![Galaxy](https://img.shields.io/badge/galaxy-UdelaRInterior.jitsi__meet-blue.svg)](https://galaxy.ansible.com/udelarinterior/jitsi_meet) ![GitHub release (latest by date)](https://img.shields.io/github/v/release/udelarinterior/ansible-role-jitsi-meet?style=social) ![GitHub stars](https://img.shields.io/github/stars/udelarinterior/ansible-role-jitsi-meet?style=social) ![GitHub forks](https://img.shields.io/github/forks/udelarinterior/ansible-role-jitsi-meet?style=social)
 
 Installs and configures the [Jitsi Meet] videoconferencing software.
 
 
 Requirements
 ------------
 
-You should have DNS pointed at the server already, and SSL keys. If you don't have SSL
-keys for the domain yet, consider using the [geerlingguy.certbot] Ansible role
-to obtain (free!) SSL certs from [LetsEncrypt].
+You should have DNS pointed at the server already, and SSL keys. If you don't have SSL keys for the domain yet, consider using the [geerlingguy.certbot] Ansible role to obtain (free!) SSL certs from [LetsEncrypt].
 
-You will also need to expose ports 443 TCP and 10000 UDP for the Jitsi Meet
-components to work. By default the role will use `ufw` to allow these ports. If you
-use another host-based firewall solution such as iptables, set
-`jitsi_meet_configure_firewall: false`. If you use AWS or similar, you'll need to
-expose those ports in the associated Security Group.
+You will also need to expose ports 443 TCP and 10000 UDP for the Jitsi Meet components to work. This role can use `ufw` to allow these ports setting `jitsi_meet_configure_firewall: true`. If you use another host-based firewall solution such as iptables, keep `jitsi_meet_configure_firewall: false`. If you use AWS or similar, you'll need to expose those ports in the associated Security Group.
 
 Role Variables
 --------------
@@ -140,9 +134,9 @@ jitsi_meet_debconf_settings:
 
 #######################
 ### Server firewall ###
-# This role will automatically install configure ufw with jitsi-meet port holes.
-# If you're managing a firewall elsewise, set this to false, and ufw will be skipped.
-jitsi_meet_configure_firewall: true
+# This role can automatically install and configure ufw with jitsi-meet port holes setting this variable in true.
+# If you're managing a firewall elsewise, keep in false, and ufw tasks will be skipped.
+jitsi_meet_configure_firewall: false
 
 # WARNING: until v2.0.0 of this role, also SSH port (22/tcp) was enabled.
 # This role focuses on configuring Jitsi Meet, so to avoid overlapping with the rest of
@@ -195,7 +189,7 @@ jitsi_meet_expose_colibri_stats: false
 
 ############
 ### Meet ###
-# Only "anonymous" auth is supported, which lets anyone use the videoconference server.
+# "anonymous" lets anyone use the videoconference server.
 jitsi_meet_authentication: anonymous
 
 # Privacy-friendly addition, see here for details:

defaults/main.yml

@@ -117,9 +117,9 @@ jitsi_meet_debconf_settings:
 
 #######################
 ### Server firewall ###
-# This role will automatically install configure ufw with jitsi-meet port holes.
-# If you're managing a firewall elsewise, set this to false, and ufw will be skipped.
-jitsi_meet_configure_firewall: true
+# This role can automatically install and configure ufw with jitsi-meet port holes setting this variable in true.
+# If you're managing a firewall elsewise, keep in false, and ufw tasks will be skipped.
+jitsi_meet_configure_firewall: false
 
 # WARNING: until v2.0.0 of this role, also SSH port (22/tcp) was enabled.
 # This role focuses on configuring Jitsi Meet, so to avoid overlapping with the rest of
@@ -172,7 +172,7 @@ jitsi_meet_expose_colibri_stats: false
 
 ############
 ### Meet ###
-# Only "anonymous" auth is supported, which lets anyone use the videoconference server.
+# "anonymous" lets anyone use the videoconference server.
 jitsi_meet_authentication: anonymous
 
 # Privacy-friendly addition, see here for details:

tasks/main.yml

@@ -1,41 +1,54 @@
 ---
 
 - include: packages.yml
+  tags: jitsi_packages
 
   # Read Jitsi Meet config files and extract secrets for use in template configs.
   # Import to run these tasks after package installation, but before config tasks.
 - include: dynamic_vars.yml
+  tags: always
 
 - include: jitsi_meet.yml
+  tags: jitsi_meet
 
 - include: jicofo.yml
+  tags: jitsi_jicofo
 
 - include: prosody.yml
+  tags: jitsi_prosody
 
 - include: sip_gateway.yml
-  when: jitsi_meet_configure_sip_gateway  | bool
+  tags: jitsi_sip
+  when: jitsi_meet_configure_sip_gateway | bool
 
 - include: videobridge.yml
+  tags: jitsi_videobridge
 
 - include: nginx.yml
+  tags: jitsi_nginx
   when:
-    - jitsi_meet_configure_nginx  | bool
+    - jitsi_meet_configure_nginx | bool
     - jitsi_meet_ssl_cert_path | length > 0
-    - jitsi_meet_ssl_key_path  | length > 0
+    - jitsi_meet_ssl_key_path | length > 0
 
 - include: ufw.yml
-  when: jitsi_meet_configure_firewall  | bool
+  tags: jitsi_ufw
+  when: jitsi_meet_configure_firewall | bool
 
 - include: clean_up_default_configs.yml
+  tags: jitsi_clean
   when: jitsi_meet_server_name != 'localhost'
 
   # Official recommended tweaks
 - include: systemd.yml
+  tags: jitsi_systemd
 
 - include: ui_customization.yml
+  tags: jitsi_ui
   when: jitsi_meet_customize_the_ui | bool
 
   # Placing the browser extensions last so the associated debugging tasks
   # that display URLs are visible near the end of the play.
   # Build your own with https://github.com/jitsi/jidesha
 - include: browser_extensions.yml
+  tags: jitsi_browser_extensions

tasks/prosody.yml

@@ -5,7 +5,6 @@
     path: "/etc/prosody/conf.avail/{{ jitsi_meet_server_name }}.cfg.lua"
     regexp: "(VirtualHost \"{{ jitsi_meet_server_name }}\"\n *--.*\n *)authentication = .*\n"
     replace: "\\1authentication = \"{{ jitsi_meet_authentication }}\"\n"
-  tags: jitsi-prosody
   notify: restart prosody
 
 - name: Set guest Prosody vhost
@@ -17,5 +16,4 @@
       VirtualHost "guest.{{ jitsi_meet_server_name }}"
           authentication = "anonymous"
           c2s_require_encryption = false
-  tags: jitsi-prosody
   notify: restart prosody

templates/videobridge_sip-communicator.properties.j2

@@ -10,7 +10,7 @@ org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsi_meet_videobridge_secret
 org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ jitsi_meet_server_name }}
 org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=52eaf948-9d6c-436f-bf63-80f7a31444c2
 
-{% if jitsi_meet_behind_nat_firewall -%}
+{% if (jitsi_meet_behind_nat_firewall) -%}
 org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS={{ jitsi_meet_nat_private_ip }}
 org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ jitsi_meet_nat_public_ip }}
 {%- endif %}