From 03e0c62c70d4e2089420e50f5fceace9fbc0e9b9 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 10 Feb 2024 22:36:48 +0100 Subject: [PATCH] Add Jitsi Meet --- group_vars/appservers/vars.yml | 5 ++ group_vars/production/vars.yml | 10 +-- group_vars/production/vault.yml | 59 ++++++++------- group_vars/staging/vars.yml | 10 +-- group_vars/staging/vault.yml | 59 ++++++++------- roles/apps/defaults/main.yml | 8 +++ roles/apps/tasks/extra_tasks/jitsi.yml | 27 +++++++ .../apps/templates/compose-files/jitsi.yml.j2 | 71 +++++++++++++++++++ .../apps/templates/nginx/conf.d/ipfs.conf.j2 | 1 - .../apps/templates/nginx/conf.d/jitsi.conf.j2 | 29 ++++++++ .../templates/nginx/conf.d/monerod.conf.j2 | 1 - .../templates/nginx/conf.d/nextcloud.conf.j2 | 1 - 12 files changed, 218 insertions(+), 63 deletions(-) create mode 100644 roles/apps/tasks/extra_tasks/jitsi.yml create mode 100644 roles/apps/templates/compose-files/jitsi.yml.j2 create mode 100644 roles/apps/templates/nginx/conf.d/jitsi.conf.j2 diff --git a/group_vars/appservers/vars.yml b/group_vars/appservers/vars.yml index 55acae4..624d041 100644 --- a/group_vars/appservers/vars.yml +++ b/group_vars/appservers/vars.yml @@ -5,12 +5,17 @@ apps_include: - nginx - postfix - ipfs + - jitsi - monerod - nextcloud - snowflake - restic - watchtower +jitsi_passwords: + jicofo_auth: "{{ vault_jitsi_passwords.jicofo_auth }}" + jvb_auth: "{{ vault_jitsi_passwords.jvb_auth }}" + redis_passwords: nextcloud: "{{ vault_redis_passwords.nextcloud }}" diff --git a/group_vars/production/vars.yml b/group_vars/production/vars.yml index afa3824..06f2d5c 100644 --- a/group_vars/production/vars.yml +++ b/group_vars/production/vars.yml @@ -5,13 +5,13 @@ base_domain: sapti.me internal_subnet: 10.2.16.0/24 postgresql_version: 14 +databases: + nextcloud: + username: nextcloud + password: "{{ vault_databases.nextcloud.password }}" + db_inventory_hostname: sapt-labp-db01 db_host: "{{ hostvars[db_inventory_hostname].internal_ipv4 }}" proxy_inventory_hostname: sapt-labr-prx01 proxy_host: "{{ hostvars[proxy_inventory_hostname].internal_ipv4 }}" - -databases: - nextcloud: - username: nextcloud - password: "{{ vault_db_passwords.nextcloud }}" diff --git a/group_vars/production/vault.yml b/group_vars/production/vault.yml index fac5baa..552b8e6 100644 --- a/group_vars/production/vault.yml +++ b/group_vars/production/vault.yml @@ -1,26 +1,35 @@ $ANSIBLE_VAULT;1.1;AES256 -32366636386565356265326466313931393762623762313230653735336565666662353962386132 -6533636337326630323066333238346663303238623538390a316230636564386638373233363161 -65323364613131393236373233383639663566323061613638373533643566363864613563306232 -3034626662383032390a623036643433366364653135353730346230646437313332333730613933 -64356134343330306536653136343061646432383861666438646463616465323863636466653935 -31363565373438313732653466636535346530323836356261666134666661386435306335633235 -30363432633635653566396132323536323834393534343631323638363939353237633432303165 -63326464386664336338356236306432633739396464313536343138613030646237663731306233 -31633735616535336630363563653338343364386533633934386138353265386630326163306331 -63663635663434356261373066643833656535353066646363353038376337356134663162626331 -31636665346636396630636663393636343861626636393461303233323564373733613564353166 -32373332623232303437353931356134616665643863303065396664623736646632336664616235 -38303337376466363862353338323033643834303238316639616564363435646136323038333264 -31376565333731623930633261656237313263336231366663373930653063373133383536663531 -38323665383730616238613239386632333865663465383538326665633631663163643132656138 -37386336383239666437336432643361376232363131626162373738666130326434383666373234 -62623432666535643461336661373761346165663435376639393633623432383362613032613838 -65386361666532303032326362323466303930656536333935633730356636343265306533363238 -31396164386463633864303335303136663264343465656663373434376634346234336636313363 -38616639336537346163383562333536343663396462363034656563623831346664666230303464 -63623432303363653535633536313533343361366235653466653564633034383236613234383861 -61333730613164383665643037623836346463656439383931316164653533376236336633343533 -35373035346263343138616365343432636336303339313135326135326165353934613439316335 -63663964333061333337623365333564353734353733373961633235336230356631333034633430 -3161 +38666565393262653238376564633336356466666566613931366465373832646664363362613537 +6530326438663035393638666338653434633038613733370a313136306661613565353966643038 +39663237653766333462666238373633363736636365333932373939326631663462373239336232 +6239613734383439650a393063373963396366396264306437623938366430376531316263653332 +39313235383962363566623839663662393363393562383837343630616530363438343930306632 +31323561366234353236323163643731336130643163373031666138316238646234303163356465 +37306130323338306564356639356165623530366239613965353732333763636132306439613361 +65623834313236323064346561666433663830356530633635613065383966386464626438386539 +39316366303966393336353666326239633365333264336165373266393430346361373861303666 +61333564323834373366316361633966626630316139656331383865663862636437366563366433 +64346234386637366435663738356363346466386132306163383432353436626332393832343236 +63316335373435653764383963656362306161643438383336396332376532326430366231656330 +66356663343939316433386538646364616331316366663433616536666466383432643832316331 +35346438353061613630303334656633303861633761623066303734323533663665383535623635 +30323233396531633836393931376631663765656563626334343765333237386132383230336163 +35373539643033316431373138326130663236663637353638316563613438646438666335643635 +63663735663434393062636538323363386439643361633565323938383239666665663838313666 +63646461393565656661666335366663366635393833663333613066316561633431303232383138 +33323832363461643363303736616234653861323163633231663836316462346237313938343037 +30663032663664333965333334636235303035383238323935616339323530613532363661616530 +64646365323731646464623539393166633431306263396564353435666637636362616631323034 +32303338333066363862643633663735356461626237636665663265316232306561303137656363 +35663961333666333666613534383133323662333265646131633963656166646133663737316439 +37646266396663316430313764613235623332343838343830663938646133323636366133623666 +64633133623564393332663930343530616665306330373131626233653466353334623837653530 +65323836646163353865396230313538393062316134383934363337653937663233316665326562 +35383038333433633538306134343130353231313365356331643763343561353232333939643935 +33663536356639656437343735343965643430646561323434386331616136613832366431383638 +61666335383430346166663865643336303337303566333461666630323332623639333836663735 +62313533333230353165626431643034383232306165383630623763636634363066653837393166 +63303530313830366361653934633661366332336134626231646162336163643964306462363534 +66663432376332343030636338663563316630643837316130653137333539333762333833666434 +30326634643163343762373035326539666665316130393564376631303538313030656236663239 +6462373938366338646539666561666335343665656166383435 diff --git a/group_vars/staging/vars.yml b/group_vars/staging/vars.yml index e59eba5..d5011df 100644 --- a/group_vars/staging/vars.yml +++ b/group_vars/staging/vars.yml @@ -5,13 +5,13 @@ base_domain: staging.sapti.me internal_subnet: 10.2.19.0/24 postgresql_version: 14 +databases: + nextcloud: + username: nextcloud + password: "{{ vault_databases.nextcloud.password }}" + db_inventory_hostname: sapt-labs-db01 db_host: "{{ hostvars[db_inventory_hostname].internal_ipv4 }}" proxy_inventory_hostname: sapt-labr-prx01 proxy_host: "{{ hostvars[proxy_inventory_hostname].internal_ipv4 }}" - -databases: - nextcloud: - username: nextcloud - password: "{{ vault_db_passwords.nextcloud }}" diff --git a/group_vars/staging/vault.yml b/group_vars/staging/vault.yml index 86f76ff..594b55b 100644 --- a/group_vars/staging/vault.yml +++ b/group_vars/staging/vault.yml @@ -1,26 +1,35 @@ $ANSIBLE_VAULT;1.1;AES256 -64333431356566356137666636636262306262613664663935633934343532663563333837313963 -3638386534636463646461666338356633356462326663360a393966613865613434663136613933 -36343438336364636561333130653436386630356630626139643139303636383762663838383463 -6561336438303235610a663339633133613935383464336164323630316536353130333130316237 -33383738383535646135326236646233313166336330386362613534343031373234313634313361 -61303362323961636265616666306632326363656261376564633337343632333732663231643165 -32356239346535303965653261613437623837326138376231653761366166316639653239653034 -30333032363932363961336335623464313333653465373965366430306365663739393335343434 -39623531643563303438306264623866383135303534653131626435623139386666633066356630 -66633036303264666639663063373635366563313466303932363265623235303432383162636437 -31666463306238313138373239306531616264353336393138323538353331656132366361653463 -39356236396134303764326165656136636638303436323932643432366662393864646439656631 -33316630346330313137383230376433633238626132653861393435313038663066363664633436 -64336165363637643732626366336338373961336166353533393235333939323563656336633965 -37646161663334666335646436346432383037633430303838386337303835303336323963373135 -65643331663933313031323761313765363065383937323461343065313862323032613131666461 -34623862353337343535356139373830636563643135633530666164653662346133303837653862 -62336664353034653337646662396536396133623763643264383736363163393831376135373265 -33613633643962303731623562666435373736336163613465626338663832366334663765353263 -66643834623066386465396233333334386333663530613466373332393664356465613565356562 -35643265386462333661346533313336306233313335383830363739333334326234663236653461 -62396263626637396339373139366332363232326364663764383763666231373532343263393064 -36303565393362356134643532303239656236343038303263613538613630346264386236656636 -31373066363635356365316432653931393937333664316265623332643932613934333265626231 -6564 +39333261386639633632616336613338323739393565356466333734663163623561613234656136 +3364336635623064383363663231303463646432386237300a383734316161366361323333393432 +34653231643465656462613165366539663063333335366431313666303730316431643534333533 +6164383833393564660a323165633039353166646232626639376664636665313039376664623465 +64326462396231393035323739613537323736366462613936666563373139663737626334623837 +37613333373662666330633131626363643834323531393735613563303930353537656130316664 +31636632306362343162353536356530383530363530323931623930363239373866343266663132 +63663036333939316131343162343038323265303336316436373039316134393936613830316465 +66646131623833636263633238663637363165396136356436316237373130323737616332396136 +66353636653332346261303965613463323562633566383436613761633064613331653164306263 +38623063616566376564623535343363383861343338313637666330376161616162613737626434 +63356333633963656137333736666431346262383434366662323066646561353530343834316161 +32333861346534373038666563366537313832303265386562393630633861313437353135306231 +34313766666533306163643237643765616131333830316136336463666637393262313066386663 +61623735666165383162353361383137616162393239346432386261633933666530313639623465 +36373037333837346231396636633166393565623261636430303965313635353566633238656632 +39646136633431326266313066623861333661373431316162316539363139343061656432356365 +33363763313366636165346236353666656562356339653239666262386264356539653531666261 +33663538376562663838616161306135646331336362306130396534653335633435656133636265 +65326431373061393066353732653936343633313366393864633933643563623336353561373234 +33326535326264386237316663396633353037373364636435346538636337643839643130643934 +39643864386135623664646230343039623234333636633963626537323062363061643036376431 +39393537373937363530393039366264633737633661663030303830636636313766373965633531 +62646235636238616537626638653263343630663535373064376232376638626438346238616337 +62656330373061306564663062363835326664666234616332316566616537626239633837396230 +30613036356566383231383631663133653161383334396435363836336364323437353931343231 +37333032333135333635366634363836656363663834396231323737343238353035366237343239 +31303135336530313432323238653361646662636362326634313763316566323663356236323933 +38613262383562626564323434313839633739376536393638363632383933306633333135306263 +31623834626163663263396638353238653564653464646239643831343230326432383232323135 +34633632343831306537333264396230323732383761376534303661653764646438626561393731 +61653434636665346535393763376139656664303738313638336262313830323238343838346536 +37313535313662323335353865346665323236363830393663613035633936623439616366643439 +6464316134376336646431616466336436393235336234666236 diff --git a/roles/apps/defaults/main.yml b/roles/apps/defaults/main.yml index 9bc944d..8332541 100644 --- a/roles/apps/defaults/main.yml +++ b/roles/apps/defaults/main.yml @@ -40,6 +40,14 @@ apps_vars: gateway_port: 8080 version: v0.25.0 + jitsi: + backup: false + sender: false + extra_tasks: true + domain: meet.{{ apps_base_domain }} + port: 80 + version: stable + monerod: backup: false sender: false diff --git a/roles/apps/tasks/extra_tasks/jitsi.yml b/roles/apps/tasks/extra_tasks/jitsi.yml new file mode 100644 index 0000000..3b8f7d9 --- /dev/null +++ b/roles/apps/tasks/extra_tasks/jitsi.yml @@ -0,0 +1,27 @@ +# vim: ft=yaml.ansible +# code: language=ansible +--- +- name: Create subdirectories for Jitsi Meet data + ansible.builtin.file: + path: "{{ apps_data_root }}/jitsi/data/{{ dir }}" + owner: root + mode: u=rwx,g=rx,o=rx + state: directory + loop: + - web/transcripts + - prosody + loop_control: + loop_var: dir + +- name: Create subdirectories for Jitsi Meet Prosody data + ansible.builtin.file: + path: "{{ apps_data_root }}/jitsi/data/{{ dir }}" + owner: '101' + group: root + mode: u=rwx,g=rx,o=rx + state: directory + loop: + - prosody/plugins + - prosody/config + loop_control: + loop_var: dir diff --git a/roles/apps/templates/compose-files/jitsi.yml.j2 b/roles/apps/templates/compose-files/jitsi.yml.j2 new file mode 100644 index 0000000..57e575a --- /dev/null +++ b/roles/apps/templates/compose-files/jitsi.yml.j2 @@ -0,0 +1,71 @@ +{# code: language=ansible-jinja #} +# THIS FILE IS MANAGED BY ANSIBLE + +version: "3.8" + +services: + meet: + image: jitsi/web:{{ apps_vars.jitsi.version }} + restart: always + environment: + DISABLE_HTTPS: 1 + PUBLIC_URL: {{ apps_vars.jitsi.domain }} + ENABLE_AUTH: 1 + ENABLE_GUESTS: 1 + networks: + default: + {{ apps_shared_docker_network }}: + aliases: + - jitsi + volumes: + - "./data/web/transcripts:/usr/share/jitsi-meet/transcripts:rw" + depends_on: + - jvb + + prosody: + image: jitsi/prosody:{{ apps_vars.jitsi.version }} + restart: always + environment: + JICOFO_AUTH_PASSWORD: {{ jitsi_passwords.jicofo_auth }} + JVB_AUTH_PASSWORD: {{ jitsi_passwords.jvb_auth }} + ENABLE_AUTH: 1 + ENABLE_GUESTS: 1 + AUTH_TYPE: internal + volumes: + - "./data/prosody/plugins:/prosody-plugins-custom:rw" + - "./data/prosody/config:/config:rw" + expose: + - 5222 + - 5269 + - 5280 + - 5347 + + jicofo: + image: jitsi/jicofo:{{ apps_vars.jitsi.version }} + restart: always + environment: + JICOFO_AUTH_PASSWORD: "{{ jitsi_passwords.jicofo_auth }}" + ENABLE_AUTH: 1 + AUTH_TYPE: internal + XMPP_SERVER: prosody + depends_on: + - prosody + + jvb: + image: jitsi/jvb:{{ apps_vars.jitsi.version }} + restart: always + environment: + JVB_AUTH_PASSWORD: "{{ jitsi_passwords.jvb_auth }}" + JVB_WS_DOMAIN: "{{ apps_vars.jitsi.domain }}" + XMPP_SERVER: prosody +{% if hostname not in groups['production'] %} + JVB_ADVERTISE_IPS: {{ ansible_host }} +{% endif %} + ports: + - 10000:10000/udp + depends_on: + - prosody + +networks: + {{ apps_shared_docker_network }}: + external: true diff --git a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 index 8fde97b..78b8bdc 100644 --- a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 @@ -14,7 +14,6 @@ server { proxy_http_version 1.1; proxy_buffering off; - proxy_request_buffering off; location / { proxy_pass $upstream; diff --git a/roles/apps/templates/nginx/conf.d/jitsi.conf.j2 b/roles/apps/templates/nginx/conf.d/jitsi.conf.j2 new file mode 100644 index 0000000..42a7412 --- /dev/null +++ b/roles/apps/templates/nginx/conf.d/jitsi.conf.j2 @@ -0,0 +1,29 @@ +{# code: language=ansible-jinja #} +# THIS FILE IS MANAGED BY ANSIBLE + +server { + server_name {{ apps_vars.jitsi.domain }}; + listen 8080; + + set $upstream http://jitsi:{{ apps_vars.jitsi.port }}; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; + + proxy_http_version 1.1; + proxy_buffering off; + + location / { + proxy_pass $upstream; + } + + location ~^/(colibri-ws|xmpp-websocket)$ { + proxy_pass $upstream; + + # WebSocket support + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } +} diff --git a/roles/apps/templates/nginx/conf.d/monerod.conf.j2 b/roles/apps/templates/nginx/conf.d/monerod.conf.j2 index 2a59fec..d7dbf5c 100644 --- a/roles/apps/templates/nginx/conf.d/monerod.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/monerod.conf.j2 @@ -14,7 +14,6 @@ server { proxy_http_version 1.1; proxy_buffering off; - proxy_request_buffering off; location / { proxy_pass $upstream; diff --git a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 index fd8660e..7366d54 100644 --- a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 @@ -14,7 +14,6 @@ server { proxy_http_version 1.1; proxy_buffering off; - proxy_request_buffering off; location / { proxy_pass $upstream;