upgrade ffmpeg role, add nginx role

roles/ffmpeg/handlers/main.yml

@@ -2,7 +2,7 @@
 - name: Apt update
   become: true
   ansible.builtin.apt:
+    clean: true
     update_cache: true
-    cache_valid_time: 0
   when:
     - ansible_pkg_mgr == "apt"

roles/ffmpeg/tasks/main.yml

@@ -5,7 +5,7 @@
 - name: Update apt cache
   become: true
   ansible.builtin.apt:
-    cache_valid_time: 3600
+    clean: true
     update_cache: true
   register: _pre_update_apt_cache
   until: _pre_update_apt_cache is succeeded

roles/nginx_rtmp/README.md

@@ -0,0 +1,21 @@
+ ansible role nginx with rtmp
+==============================
+
+Installs nginx and rtmp module
+See https://medium.com/@peer5/setting-up-hls-live-streaming-server-using-nginx-67f6b71758db
+
+ TODO:
+-----
++ [x] Make compile working for me
++ [ ] make configure working for me
++ [ ] Make compile working for others
++ [ ] Make compile working for others
++ [ ] Idempotent
++ [ ] Linting
++ [ ] Own git repo
++ [ ] default name schema
++ [ ] not default to unstable packages
++ [ ] Import all keys from https://nginx.org/en/pgp_keys.html but only if needed
++ [ ] documentation
++ [ ] galaxy release
+

roles/nginx_rtmp/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+rtmp_module_git_repo: 'https://github.com/sergey-dryabzhinsky/nginx-rtmp-module.git'
+rtmp_module_git_version: 'v1.2.2-r1'
+nginx_gpg_key: 'https://nginx.org/keys/nginx_signing.key'
+nginx_gpg_key2: 'https://nginx.org/keys/thresh.key'
+nginx_version: '1.23.3'
+nginx_download: "https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz"

roles/nginx_rtmp/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Apt update
+  become: true
+  ansible.builtin.apt:
+    clean: true
+    update_cache: true
+  when:
+    - ansible_pkg_mgr == "apt"

roles/nginx_rtmp/tasks/apt.yml

@@ -0,0 +1,20 @@
+---
+- name: Create /etc/apt/preferences
+  become: true
+  ansible.builtin.template:
+    src: templates/package_preferences.j2
+    dest: /etc/apt/preferences
+    owner: root
+    group: root
+    mode: 0644
+  notify: Apt update
+
+- name: Add eth zurich and default apt for Debian unstable/testing
+  become: true
+  ansible.builtin.template:
+    src: "templates/apt_list.j2"
+    dest: '/etc/apt/sources.list.d/ffmpeg_debian.list'
+    mode: 0644
+    group: root
+    owner: root
+  notify: Apt update

roles/nginx_rtmp/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: Update apt cache
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: 3600
+  when:
+    - ansible_pkg_mgr == "apt"
+
+- name: Prepare Nginx Module
+  ansible.builtin.include_tasks: rtmp_module.yml
+
+- name: Download NginX
+  ansible.builtin.include_tasks: nginx_download.yml
+
+- name: Compile NginX
+  ansible.builtin.include_tasks: nginx_compile.yml

roles/nginx_rtmp/tasks/nginx_compile.yml

@@ -0,0 +1,40 @@
+---
+- name: Install more nginx build deps
+  become: true
+  ansible.builtin.package:
+    name:
+      - build-essential
+      - libpcre3
+      - libpcre3-dev
+      - zlib1g
+      - zlib1g-dev
+      - libssl-dev
+      - libgd-dev
+      - libxml2
+      - libxml2-dev
+      - uuid-dev
+    default_release: unstable
+    state: present
+
+- name: Compile NginX
+  become: true
+  ansible.builtin.command:
+    cmd: "./configure --with-http_ssl_module --add-module=/srv/checkout/rtmp_{{ rtmp_module_git_version }}/"
+    chdir: "/srv/checkout/nginx_{{ nginx_version }}"
+  register: _compile
+
+- name: Compile Output
+  ansible.builtin.debug:
+    msg: "{{ _compile.msg }}"
+    verbosity: 1
+
+- name: Make nginx
+  become: true
+  community.general.make:
+    chdir: "/srv/checkout/nginx_{{ nginx_version }}"
+
+- name: Make install nginx
+  become: true
+  community.general.make:
+    chdir: "/srv/checkout/nginx_{{ nginx_version }}"
+    target: 'install'

roles/nginx_rtmp/tasks/nginx_download.yml

@@ -0,0 +1,84 @@
+---
+- name: Download NginX
+  become: true
+  ansible.builtin.get_url:
+    url: "{{ nginx_download }}"
+    dest: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Download NginX signature
+  become: true
+  ansible.builtin.get_url:
+    url: "{{ nginx_download }}.asc"
+    dest: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz.asc"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Download NginX GPG Key
+  become: true
+  ansible.builtin.get_url:
+    url: "{{ nginx_gpg_key }}"
+    dest: "/srv/checkout/nginx_{{ nginx_version }}_signing.key"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Download NginX GPG Key 2
+  become: true
+  ansible.builtin.get_url:
+    url: "{{ nginx_gpg_key2 }}"
+    dest: "/srv/checkout/nginx_{{ nginx_version }}_2_signing.key"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Install gpg2
+  become: true
+  ansible.builtin.package:
+    name:
+      - gnupg2
+    state: present
+
+- name: Import GPG key 2
+  ansible.builtin.command: "gpg2 --import /srv/checkout/nginx_{{ nginx_version }}_2_signing.key"
+  register: import_key
+  ignore_errors: true
+
+- name: Import GPG key
+  ansible.builtin.command: "gpg2 --import /srv/checkout/nginx_{{ nginx_version }}_signing.key"
+  register: import_key
+  ignore_errors: true
+
+- name: Verify GPG signature
+  ansible.builtin.command: "gpg2 --verify /srv/checkout/nginx_{{ nginx_version }}.tar.gz.asc /srv/checkout/nginx_{{ nginx_version }}.tar.gz"
+  register: verify_gpg
+  failed_when: verify_gpg.rc not in [0, 1]
+
+- name: Create compile folder
+  become: true
+  ansible.builtin.file:
+    owner: root
+    group: root
+    state: directory
+    path: "/srv/checkout/nginx_{{ nginx_version }}/"
+    mode: 0755
+
+- name: Extract tar.gz file
+  become: true
+  ansible.builtin.unarchive:
+    src: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz"
+    dest: "/srv/checkout/nginx_{{ nginx_version }}/"
+    remote_src: true
+    extra_opts: ['--strip-components=1']
+    owner: root
+    group: root
+    mode: 'u=rwX,g=rX,o='
+  when: verify_gpg.rc == 0
+
+- name: Verify failed notification
+  ansible.builtin.fail:
+    msg: 'GPG Verification failed'
+  when: verify_gpg.rc == 1

roles/nginx_rtmp/tasks/rtmp_module.yml

@@ -0,0 +1,18 @@
+---
+- name: Install RTMP Build deps
+  become: true
+  ansible.builtin.package:
+    name:
+      - build-essential
+      - libpcre3
+      - libpcre3-dev
+      - libssl-dev
+    default_release: unstable
+    state: present
+
+- name: Clone RTMP Module
+  become: true
+  ansible.builtin.git:
+    repo: "{{ rtmp_module_git_repo }}"
+    version: "{{ rtmp_module_git_version }}"
+    dest: "/srv/checkout/rtmp_{{ rtmp_module_git_version }}"

roles/nginx_rtmp/templates/apt_list.j2

@@ -0,0 +1,18 @@
+# Debian mirror der ETH Zürich
+# https://debian.ethz.ch/
+# https://wiki.debianforum.de/Sources.list
+
+# Testing mirror:
+deb https://debian.ethz.ch/debian testing main contrib non-free
+deb http://deb.debian.org/debian/ testing main contrib non-free
+deb-src http://deb.debian.org/debian/ testing main contrib non-free
+
+
+deb https://debian.ethz.ch/debian unstable main contrib non-free
+deb http://deb.debian.org/debian/ unstable main contrib non-free
+deb-src http://deb.debian.org/debian/ unstable main contrib non-free
+
+
+# Contact for proplems with the mirror:
+# https://readme.phys.ethz.ch/services/contact/
+# Or #isgphys on irc.phys.ethz.ch

roles/nginx_rtmp/templates/package_preferences.j2

@@ -0,0 +1,18 @@
+# /etc/apt/preferences
+{{ ansible_managed | comment }}
+
+Package: *
+Pin: release a=stable
+Pin-Priority: 700
+
+Package: *
+Pin: release a={{ ansible_distribution_release }}
+Pin-Priority: 699
+
+Package: *
+Pin: release a=testing
+Pin-Priority: 65
+
+Package: *
+Pin: release a=unstable
+Pin-Priority: 60

site.yml

@@ -22,4 +22,4 @@
   hosts: all
   roles:
     - {role: ffmpeg, tags: ffmpeg}
-
+    - {role: nginx_rtmp, tags: nginx}