From c4142ebcc194a17789c4a3330f3148c93bdd93c3 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Wed, 15 Feb 2023 01:45:45 +0100
Subject: [PATCH] upgrade ffmpeg role, add nginx role

---
 roles/ffmpeg/handlers/main.yml                |  2 +-
 roles/ffmpeg/tasks/main.yml                   |  2 +-
 roles/nginx_rtmp/README.md                    | 21 +++++
 roles/nginx_rtmp/defaults/main.yml            |  7 ++
 roles/nginx_rtmp/handlers/main.yml            |  8 ++
 roles/nginx_rtmp/tasks/apt.yml                | 20 +++++
 roles/nginx_rtmp/tasks/main.yml               | 17 ++++
 roles/nginx_rtmp/tasks/nginx_compile.yml      | 40 +++++++++
 roles/nginx_rtmp/tasks/nginx_download.yml     | 84 +++++++++++++++++++
 roles/nginx_rtmp/tasks/rtmp_module.yml        | 18 ++++
 roles/nginx_rtmp/templates/apt_list.j2        | 18 ++++
 .../templates/package_preferences.j2          | 18 ++++
 site.yml                                      |  2 +-
 13 files changed, 254 insertions(+), 3 deletions(-)
 create mode 100644 roles/nginx_rtmp/README.md
 create mode 100644 roles/nginx_rtmp/defaults/main.yml
 create mode 100644 roles/nginx_rtmp/handlers/main.yml
 create mode 100644 roles/nginx_rtmp/tasks/apt.yml
 create mode 100644 roles/nginx_rtmp/tasks/main.yml
 create mode 100644 roles/nginx_rtmp/tasks/nginx_compile.yml
 create mode 100644 roles/nginx_rtmp/tasks/nginx_download.yml
 create mode 100644 roles/nginx_rtmp/tasks/rtmp_module.yml
 create mode 100644 roles/nginx_rtmp/templates/apt_list.j2
 create mode 100644 roles/nginx_rtmp/templates/package_preferences.j2

diff --git a/roles/ffmpeg/handlers/main.yml b/roles/ffmpeg/handlers/main.yml
index 4b5ce9d..09a3446 100644
--- a/roles/ffmpeg/handlers/main.yml
+++ b/roles/ffmpeg/handlers/main.yml
@@ -2,7 +2,7 @@
 - name: Apt update
   become: true
   ansible.builtin.apt:
+    clean: true
     update_cache: true
-    cache_valid_time: 0
   when:
     - ansible_pkg_mgr == "apt"
diff --git a/roles/ffmpeg/tasks/main.yml b/roles/ffmpeg/tasks/main.yml
index 5158e0d..c9a4b7d 100644
--- a/roles/ffmpeg/tasks/main.yml
+++ b/roles/ffmpeg/tasks/main.yml
@@ -5,7 +5,7 @@
 - name: Update apt cache
   become: true
   ansible.builtin.apt:
-    cache_valid_time: 3600
+    clean: true
     update_cache: true
   register: _pre_update_apt_cache
   until: _pre_update_apt_cache is succeeded
diff --git a/roles/nginx_rtmp/README.md b/roles/nginx_rtmp/README.md
new file mode 100644
index 0000000..26ab271
--- /dev/null
+++ b/roles/nginx_rtmp/README.md
@@ -0,0 +1,21 @@
+ ansible role nginx with rtmp
+==============================
+
+Installs nginx and rtmp module
+See https://medium.com/@peer5/setting-up-hls-live-streaming-server-using-nginx-67f6b71758db
+
+ TODO:
+-----
++ [x] Make compile working for me
++ [ ] make configure working for me
++ [ ] Make compile working for others
++ [ ] Make compile working for others
++ [ ] Idempotent
++ [ ] Linting
++ [ ] Own git repo
++ [ ] default name schema
++ [ ] not default to unstable packages
++ [ ] Import all keys from https://nginx.org/en/pgp_keys.html but only if needed
++ [ ] documentation
++ [ ] galaxy release
+
diff --git a/roles/nginx_rtmp/defaults/main.yml b/roles/nginx_rtmp/defaults/main.yml
new file mode 100644
index 0000000..b4f93bf
--- /dev/null
+++ b/roles/nginx_rtmp/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+rtmp_module_git_repo: 'https://github.com/sergey-dryabzhinsky/nginx-rtmp-module.git'
+rtmp_module_git_version: 'v1.2.2-r1'
+nginx_gpg_key: 'https://nginx.org/keys/nginx_signing.key'
+nginx_gpg_key2: 'https://nginx.org/keys/thresh.key'
+nginx_version: '1.23.3'
+nginx_download: "https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz"
diff --git a/roles/nginx_rtmp/handlers/main.yml b/roles/nginx_rtmp/handlers/main.yml
new file mode 100644
index 0000000..09a3446
--- /dev/null
+++ b/roles/nginx_rtmp/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+- name: Apt update
+  become: true
+  ansible.builtin.apt:
+    clean: true
+    update_cache: true
+  when:
+    - ansible_pkg_mgr == "apt"
diff --git a/roles/nginx_rtmp/tasks/apt.yml b/roles/nginx_rtmp/tasks/apt.yml
new file mode 100644
index 0000000..3c1bf9c
--- /dev/null
+++ b/roles/nginx_rtmp/tasks/apt.yml
@@ -0,0 +1,20 @@
+---
+- name: Create /etc/apt/preferences
+  become: true
+  ansible.builtin.template:
+    src: templates/package_preferences.j2
+    dest: /etc/apt/preferences
+    owner: root
+    group: root
+    mode: 0644
+  notify: Apt update
+
+- name: Add eth zurich and default apt for Debian unstable/testing
+  become: true
+  ansible.builtin.template:
+    src: "templates/apt_list.j2"
+    dest: '/etc/apt/sources.list.d/ffmpeg_debian.list'
+    mode: 0644
+    group: root
+    owner: root
+  notify: Apt update
diff --git a/roles/nginx_rtmp/tasks/main.yml b/roles/nginx_rtmp/tasks/main.yml
new file mode 100644
index 0000000..e35d27d
--- /dev/null
+++ b/roles/nginx_rtmp/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: Update apt cache
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: 3600
+  when:
+    - ansible_pkg_mgr == "apt"
+
+- name: Prepare Nginx Module
+  ansible.builtin.include_tasks: rtmp_module.yml
+
+- name: Download NginX
+  ansible.builtin.include_tasks: nginx_download.yml
+
+- name: Compile NginX
+  ansible.builtin.include_tasks: nginx_compile.yml
diff --git a/roles/nginx_rtmp/tasks/nginx_compile.yml b/roles/nginx_rtmp/tasks/nginx_compile.yml
new file mode 100644
index 0000000..67f3deb
--- /dev/null
+++ b/roles/nginx_rtmp/tasks/nginx_compile.yml
@@ -0,0 +1,40 @@
+---
+- name: Install more nginx build deps
+  become: true
+  ansible.builtin.package:
+    name:
+      - build-essential
+      - libpcre3
+      - libpcre3-dev
+      - zlib1g
+      - zlib1g-dev
+      - libssl-dev
+      - libgd-dev
+      - libxml2
+      - libxml2-dev
+      - uuid-dev
+    default_release: unstable
+    state: present
+
+- name: Compile NginX
+  become: true
+  ansible.builtin.command:
+    cmd: "./configure --with-http_ssl_module --add-module=/srv/checkout/rtmp_{{ rtmp_module_git_version }}/"
+    chdir: "/srv/checkout/nginx_{{ nginx_version }}"
+  register: _compile
+
+- name: Compile Output
+  ansible.builtin.debug:
+    msg: "{{ _compile.msg }}"
+    verbosity: 1
+
+- name: Make nginx
+  become: true
+  community.general.make:
+    chdir: "/srv/checkout/nginx_{{ nginx_version }}"
+
+- name: Make install nginx
+  become: true
+  community.general.make:
+    chdir: "/srv/checkout/nginx_{{ nginx_version }}"
+    target: 'install'
diff --git a/roles/nginx_rtmp/tasks/nginx_download.yml b/roles/nginx_rtmp/tasks/nginx_download.yml
new file mode 100644
index 0000000..cdb5b7f
--- /dev/null
+++ b/roles/nginx_rtmp/tasks/nginx_download.yml
@@ -0,0 +1,84 @@
+---
+- name: Download NginX
+  become: true
+  ansible.builtin.get_url:
+    url: "{{ nginx_download }}"
+    dest: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Download NginX signature
+  become: true
+  ansible.builtin.get_url:
+    url: "{{ nginx_download }}.asc"
+    dest: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz.asc"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Download NginX GPG Key
+  become: true
+  ansible.builtin.get_url:
+    url: "{{ nginx_gpg_key }}"
+    dest: "/srv/checkout/nginx_{{ nginx_version }}_signing.key"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Download NginX GPG Key 2
+  become: true
+  ansible.builtin.get_url:
+    url: "{{ nginx_gpg_key2 }}"
+    dest: "/srv/checkout/nginx_{{ nginx_version }}_2_signing.key"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Install gpg2
+  become: true
+  ansible.builtin.package:
+    name:
+      - gnupg2
+    state: present
+
+- name: Import GPG key 2
+  ansible.builtin.command: "gpg2 --import /srv/checkout/nginx_{{ nginx_version }}_2_signing.key"
+  register: import_key
+  ignore_errors: true
+
+- name: Import GPG key
+  ansible.builtin.command: "gpg2 --import /srv/checkout/nginx_{{ nginx_version }}_signing.key"
+  register: import_key
+  ignore_errors: true
+
+- name: Verify GPG signature
+  ansible.builtin.command: "gpg2 --verify /srv/checkout/nginx_{{ nginx_version }}.tar.gz.asc /srv/checkout/nginx_{{ nginx_version }}.tar.gz"
+  register: verify_gpg
+  failed_when: verify_gpg.rc not in [0, 1]
+
+- name: Create compile folder
+  become: true
+  ansible.builtin.file:
+    owner: root
+    group: root
+    state: directory
+    path: "/srv/checkout/nginx_{{ nginx_version }}/"
+    mode: 0755
+
+- name: Extract tar.gz file
+  become: true
+  ansible.builtin.unarchive:
+    src: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz"
+    dest: "/srv/checkout/nginx_{{ nginx_version }}/"
+    remote_src: true
+    extra_opts: ['--strip-components=1']
+    owner: root
+    group: root
+    mode: 'u=rwX,g=rX,o='
+  when: verify_gpg.rc == 0
+
+- name: Verify failed notification
+  ansible.builtin.fail:
+    msg: 'GPG Verification failed'
+  when: verify_gpg.rc == 1
diff --git a/roles/nginx_rtmp/tasks/rtmp_module.yml b/roles/nginx_rtmp/tasks/rtmp_module.yml
new file mode 100644
index 0000000..5fd57fc
--- /dev/null
+++ b/roles/nginx_rtmp/tasks/rtmp_module.yml
@@ -0,0 +1,18 @@
+---
+- name: Install RTMP Build deps
+  become: true
+  ansible.builtin.package:
+    name:
+      - build-essential
+      - libpcre3
+      - libpcre3-dev
+      - libssl-dev
+    default_release: unstable
+    state: present
+
+- name: Clone RTMP Module
+  become: true
+  ansible.builtin.git:
+    repo: "{{ rtmp_module_git_repo }}"
+    version: "{{ rtmp_module_git_version }}"
+    dest: "/srv/checkout/rtmp_{{ rtmp_module_git_version }}"
diff --git a/roles/nginx_rtmp/templates/apt_list.j2 b/roles/nginx_rtmp/templates/apt_list.j2
new file mode 100644
index 0000000..0fe771b
--- /dev/null
+++ b/roles/nginx_rtmp/templates/apt_list.j2
@@ -0,0 +1,18 @@
+# Debian mirror der ETH Zürich
+# https://debian.ethz.ch/
+# https://wiki.debianforum.de/Sources.list
+
+# Testing mirror:
+deb https://debian.ethz.ch/debian testing main contrib non-free
+deb http://deb.debian.org/debian/ testing main contrib non-free
+deb-src http://deb.debian.org/debian/ testing main contrib non-free
+
+
+deb https://debian.ethz.ch/debian unstable main contrib non-free
+deb http://deb.debian.org/debian/ unstable main contrib non-free
+deb-src http://deb.debian.org/debian/ unstable main contrib non-free
+
+
+# Contact for proplems with the mirror:
+# https://readme.phys.ethz.ch/services/contact/
+# Or #isgphys on irc.phys.ethz.ch
diff --git a/roles/nginx_rtmp/templates/package_preferences.j2 b/roles/nginx_rtmp/templates/package_preferences.j2
new file mode 100644
index 0000000..2274632
--- /dev/null
+++ b/roles/nginx_rtmp/templates/package_preferences.j2
@@ -0,0 +1,18 @@
+# /etc/apt/preferences
+{{ ansible_managed | comment }}
+
+Package: *
+Pin: release a=stable
+Pin-Priority: 700
+
+Package: *
+Pin: release a={{ ansible_distribution_release }}
+Pin-Priority: 699
+
+Package: *
+Pin: release a=testing
+Pin-Priority: 65
+
+Package: *
+Pin: release a=unstable
+Pin-Priority: 60
diff --git a/site.yml b/site.yml
index 2e86eeb..595e257 100644
--- a/site.yml
+++ b/site.yml
@@ -22,4 +22,4 @@
   hosts: all
   roles:
     - {role: ffmpeg, tags: ffmpeg}
-
+    - {role: nginx_rtmp, tags: nginx}