Add Jitsi Meet

group_vars/appservers/vars.yml

@@ -11,6 +11,13 @@ apps_include:
   - restic
   - watchtower
 
+db_passwords:
+  nextcloud: "{{ vault_db_passwords.nextcloud }}"
+
+jitsi_passwords:
+  jicofo_auth: "{{ vault_jitsi_passwords.jicofo_auth }}"
+  jvb_auth: "{{ vault_jitsi_passwords.jvb_auth }}"
+
 redis_passwords:
   nextcloud: "{{ vault_redis_passwords.nextcloud }}"
 

group_vars/production/vars.yml

@@ -10,8 +10,3 @@ db_host: "{{ hostvars[db_inventory_hostname].internal_ipv4 }}"
 
 proxy_inventory_hostname: sapt-labr-prx01
 proxy_host: "{{ hostvars[proxy_inventory_hostname].internal_ipv4 }}"
-
-databases:
-  nextcloud:
-    username: nextcloud
-    password: "{{ vault_db_passwords.nextcloud }}"

group_vars/production/vault.yml

@@ -1,26 +1,35 @@
 $ANSIBLE_VAULT;1.1;AES256
-32366636386565356265326466313931393762623762313230653735336565666662353962386132
+34636666353931643133313861616133323761363737363038373162356332653231326334663262
-6533636337326630323066333238346663303238623538390a316230636564386638373233363161
+3537633032363062326532393861323934343030353563630a336436653832316439633035306538
-65323364613131393236373233383639663566323061613638373533643566363864613563306232
+63383039313838373536316165323936636639386564353166363033366538313433636331343166
-3034626662383032390a623036643433366364653135353730346230646437313332333730613933
+3132386339313533660a306631373333663138663566353863633039303630386562303464393031
-64356134343330306536653136343061646432383861666438646463616465323863636466653935
+32653135663931353939623861386637663163393537616531313733623330616239303563336138
-31363565373438313732653466636535346530323836356261666134666661386435306335633235
+37353762363931333134343365343265353638326530313232643963303532613535636236633730
-30363432633635653566396132323536323834393534343631323638363939353237633432303165
+33316635323666616464323432323830646462626466313936393639616339613662363635353661
-63326464386664336338356236306432633739396464313536343138613030646237663731306233
+31633565616137353635333833643963303634333433653437393136353938343734623563646462
-31633735616535336630363563653338343364386533633934386138353265386630326163306331
+31396161633861333830336532303138623162623063656163613362313764623566356563616135
-63663635663434356261373066643833656535353066646363353038376337356134663162626331
+33313730653366623833333066303932303637633836653463373961626466386538346135383265
-31636665346636396630636663393636343861626636393461303233323564373733613564353166
+31613438636566373330616135626638653831306136363365663861316562363338643361333236
-32373332623232303437353931356134616665643863303065396664623736646632336664616235
+38366464366538373838326436383130646662633035663566353366306465303532383432363432
-38303337376466363862353338323033643834303238316639616564363435646136323038333264
+30626132663635306163616332626233393862326632353635666431326532383930656638646633
-31376565333731623930633261656237313263336231366663373930653063373133383536663531
+31313962343035643038393865393036646133326639656336386435616130633962303836643937
-38323665383730616238613239386632333865663465383538326665633631663163643132656138
+30366331316134323831613965383736353431346533656334643632626635623631353632346437
-37386336383239666437336432643361376232363131626162373738666130326434383666373234
+61386634326230383031663061373030353863353539393533343436616366636234666466636431
-62623432666535643461336661373761346165663435376639393633623432383362613032613838
+39393036353064613835353331336333643166353737646461616261633735646430343630636164
-65386361666532303032326362323466303930656536333935633730356636343265306533363238
+38666162366139383235646636333934643965666635363731313138323165313164326535343339
-31396164386463633864303335303136663264343465656663373434376634346234336636313363
+37386363346336653632316430353138336236613762396637346537313537306566336437653661
-38616639336537346163383562333536343663396462363034656563623831346664666230303464
+62383864376237336630316533653338333430313964333663303265396334316166383432303734
-63623432303363653535633536313533343361366235653466653564633034383236613234383861
+31343730396532323431643964663161633037346462313165373462663663633863663561633661
-61333730613164383665643037623836346463656439383931316164653533376236336633343533
+62336633313338313939396464353137366563613036633634313164386564393266393439306331
-35373035346263343138616365343432636336303339313135326135326165353934613439316335
+63393364633863643664393031386161663233333530376364356262363261376166666434633265
-63663964333061333337623365333564353734353733373961633235336230356631333034633430
+34623730333535303837623266333963373063363330396462393031356330333138613635613531
-3161
+34323230616161383165303636393130396231643064316438303430373436616635336166666331
+39386439613166616539393765363066386330633535363132346162343865616234616665633234
+37363139326536316334333130636436616162363562613863663537636538373664653835623665
+62623434346264616663313231373365623634653033343464393464666331353431386139643438
+39306435353833666263353933316233383163363138323931626662383033356535306561343165
+63643233303866663037376137373233623566323732343361626535613138333538666236326136
+35323661376134626333666563366438366336623737326636623634623164626630663336373032
+65643237623463663336393033366433336639396632316539613963643261373632346131656666
+38303733393136656266366337376537366237663661396433323363353663383735356333626461
+3864386539313265396630643335343966313537393438613434

group_vars/staging/vars.yml

@@ -10,8 +10,3 @@ db_host: "{{ hostvars[db_inventory_hostname].internal_ipv4 }}"
 
 proxy_inventory_hostname: sapt-labr-prx01
 proxy_host: "{{ hostvars[proxy_inventory_hostname].internal_ipv4 }}"
-
-databases:
-  nextcloud:
-    username: nextcloud
-    password: "{{ vault_db_passwords.nextcloud }}"

group_vars/staging/vault.yml

@@ -1,26 +1,35 @@
 $ANSIBLE_VAULT;1.1;AES256
-64333431356566356137666636636262306262613664663935633934343532663563333837313963
+36363561316464613066393161623261663336353838393831626465336236363731643264356662
-3638386534636463646461666338356633356462326663360a393966613865613434663136613933
+3564626232643538333531366136386166326366373836380a336630643733616261383662313036
-36343438336364636561333130653436386630356630626139643139303636383762663838383463
+35663531323938303164366537613939366530633439336638323239623466363337616464396132
-6561336438303235610a663339633133613935383464336164323630316536353130333130316237
+3333326336386234380a373365613233356338333166363865656335383562643962653166313837
-33383738383535646135326236646233313166336330386362613534343031373234313634313361
+34343635356231336634653765663031663362383564303331626564313466656436396339393533
-61303362323961636265616666306632326363656261376564633337343632333732663231643165
+39323164353834343563376639666333626239383537653235373736353838323137636439346361
-32356239346535303965653261613437623837326138376231653761366166316639653239653034
+36353133323065633565366333303033346432633832316235396436633132613165306430613533
-30333032363932363961336335623464313333653465373965366430306365663739393335343434
+33623332333765383932316230323936346266396661646237346665633739616138643232396564
-39623531643563303438306264623866383135303534653131626435623139386666633066356630
+32646535336636663736393532636431366530363238616462386164353131343964643436356662
-66633036303264666639663063373635366563313466303932363265623235303432383162636437
+34366634343762313833633762356535366234343064306232383037303466316531313733336662
-31666463306238313138373239306531616264353336393138323538353331656132366361653463
+35346337373766656466656634626364663131666562326435653134336164376236396630303434
-39356236396134303764326165656136636638303436323932643432366662393864646439656631
+37643932383937373038303137623034653731666134656463396362646566643835386162653661
-33316630346330313137383230376433633238626132653861393435313038663066363664633436
+33666166613433393461386537316630366632393731643437313362356662643964613661346334
-64336165363637643732626366336338373961336166353533393235333939323563656336633965
+64636565393262313462366638323864343530393130333032323036343365383462336461643466
-37646161663334666335646436346432383037633430303838386337303835303336323963373135
+34373766393933346264386263373936376536643964396332366138636562313261393638663738
-65643331663933313031323761313765363065383937323461343065313862323032613131666461
+34323637393539623266366637646464316436306139643461613834363361376331626366656133
-34623862353337343535356139373830636563643135633530666164653662346133303837653862
+36643662313164656232383566373438376437653339303962313432303031353335323162373862
-62336664353034653337646662396536396133623763643264383736363163393831376135373265
+34333161343262353331643330646239366132613039323838386237626234313239343066633238
-33613633643962303731623562666435373736336163613465626338663832366334663765353263
+36363466373366376466306463356137653363636466303862353262666635323361636335323061
-66643834623066386465396233333334386333663530613466373332393664356465613565356562
+39623431373265313665363331313363636232643166363863386130326135326332663066623334
-35643265386462333661346533313336306233313335383830363739333334326234663236653461
+65386136623261653732666530373134306635356230623039613130303062356565306466356130
-62396263626637396339373139366332363232326364663764383763666231373532343263393064
+33326431626237303063653236656535336437633235323834396135336335653735326139346665
-36303565393362356134643532303239656236343038303263613538613630346264386236656636
+39646131313464316261396362323733613863383763633238326661666238633137333835663533
-31373066363635356365316432653931393937333664316265623332643932613934333265626231
+31326661363238323032386163323065643166636132616465613237643133623962396264646434
-6564
+65313832373963326430643061353138363430343363663339313133336361356130386638323033
+35326461336238306261656639336334636637613333646336616336353566616537633664663663
+35303561306130323663616261323336666235343038356432383333663731336533306333306331
+39353364646130313633386137393238633163656662386334373161306136623966636135366331
+63633366343438343730663537306631353762396432393864396462383432333461346565633163
+64396462306237383762303430306566323436316566363836663565343633656334313434663566
+66343738353837383364343463656261343337303835313430643739343662613764363862343366
+36626534316263373462623161666535626533326239616436613836343437653366643834396133
+31623830643963323164326133353462323861323338376365623563653633346337333637653337
+3764363865383933323738623062303532353663313465333932

roles/apps/defaults/main.yml

@@ -40,6 +40,14 @@ apps_vars:
     gateway_port: 8080
     version: v0.25.0
 
+  jitsi:
+    backup: false
+    sender: false
+    extra_tasks: true
+    domain: meet.{{ apps_base_domain }}
+    port: 80
+    version: stable
+
   monerod:
     backup: false
     sender: false

roles/apps/tasks/extra_tasks/jitsi.yml

@@ -0,0 +1,27 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+- name: Create subdirectories for Jitsi Meet data
+  ansible.builtin.file:
+    path: "{{ apps_data_root }}/jitsi/data/{{ dir }}"
+    owner: root
+    mode: u=rwx,g=rx,o=rx
+    state: directory
+  loop:
+    - web/transcripts
+    - prosody
+  loop_control:
+    loop_var: dir
+
+- name: Create subdirectories for Jitsi Meet Prosody data
+  ansible.builtin.file:
+    path: "{{ apps_data_root }}/jitsi/data/{{ dir }}"
+    owner: '101'
+    group: root
+    mode: u=rwx,g=rx,o=rx
+    state: directory
+  loop:
+    - prosody/plugins
+    - prosody/config
+  loop_control:
+    loop_var: dir

roles/apps/templates/compose-files/jitsi.yml.j2

@@ -0,0 +1,71 @@
+{# code: language=ansible-jinja #}
+# THIS FILE IS MANAGED BY ANSIBLE
+
+version: "3.8"
+
+services:
+  meet:
+    image: jitsi/web:{{ apps_vars.jitsi.version }}
+    restart: always
+    environment:
+      DISABLE_HTTPS: 1
+      PUBLIC_URL: {{ apps_vars.jitsi.domain }}
+      ENABLE_AUTH: 1
+      ENABLE_GUESTS: 1
+    networks:
+      default:
+      {{ apps_shared_docker_network }}:
+        aliases:
+          - jitsi
+    volumes:
+      - "./data/web/transcripts:/usr/share/jitsi-meet/transcripts:rw"
+    depends_on:
+      - jvb
+
+  prosody:
+    image: jitsi/prosody:{{ apps_vars.jitsi.version }}
+    restart: always
+    environment:
+      JICOFO_AUTH_PASSWORD: {{ jitsi_passwords.jicofo_auth }}
+      JVB_AUTH_PASSWORD: {{ jitsi_passwords.jvb_auth }}
+      ENABLE_AUTH: 1
+      ENABLE_GUESTS: 1
+      AUTH_TYPE: internal
+    volumes:
+      - "./data/prosody/plugins:/prosody-plugins-custom:rw"
+      - "./data/prosody/config:/config:rw"
+    expose:
+      - 5222
+      - 5269
+      - 5280
+      - 5347
+
+  jicofo:
+    image: jitsi/jicofo:{{ apps_vars.jitsi.version }}
+    restart: always
+    environment:
+      JICOFO_AUTH_PASSWORD: "{{ jitsi_passwords.jicofo_auth }}"
+      ENABLE_AUTH: 1
+      AUTH_TYPE: internal
+      XMPP_SERVER: prosody
+    depends_on:
+      - prosody
+
+  jvb:
+    image: jitsi/jvb:{{ apps_vars.jitsi.version }}
+    restart: always
+    environment:
+      JVB_AUTH_PASSWORD: "{{ jitsi_passwords.jvb_auth }}"
+      JVB_WS_DOMAIN: "{{ apps_vars.jitsi.domain }}"
+      XMPP_SERVER: prosody
+{% if hostname not in groups['production'] %}
+      JVB_ADVERTISE_IPS: {{ ansible_host }}
+{% endif %}
+    ports:
+      - 10000:10000/udp
+    depends_on:
+      - prosody
+
+networks:
+  {{ apps_shared_docker_network }}:
+    external: true

roles/apps/templates/compose-files/nextcloud.yml.j2

@@ -17,7 +17,7 @@ services:
     environment:
       POSTGRES_HOST: {{ db_host }}
       POSTGRES_DB: nextcloud
-      POSTGRES_USER: {{ databases.nextcloud.username }}
+      POSTGRES_USER: nextcloud
       POSTGRES_PASSWORD: {{ databases.nextcloud.password }}
       REDIS_HOST: redis
       REDIS_HOST_PASSWORD: {{ redis_passwords.nextcloud }}

roles/apps/templates/nginx/conf.d/ipfs.conf.j2

@@ -14,7 +14,6 @@ server {
 
     proxy_http_version      1.1;
     proxy_buffering         off;
-    proxy_request_buffering off;
 
     location / {
         proxy_pass $upstream;

roles/apps/templates/nginx/conf.d/jitsi.conf.j2

@@ -0,0 +1,29 @@
+{# code: language=ansible-jinja #}
+# THIS FILE IS MANAGED BY ANSIBLE
+
+server {
+    server_name {{ apps_vars.jitsi.domain }};
+    listen 8080;
+
+    set $upstream http://jitsi:{{ apps_vars.jitsi.port }};
+
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto "https";
+
+    proxy_http_version      1.1;
+    proxy_buffering         off;
+
+    location / {
+        proxy_pass $upstream;
+    }
+
+    location ~^/(colibri-ws|xmpp-websocket)$ {
+        proxy_pass $upstream;
+
+        # WebSocket support
+        proxy_set_header Upgrade    $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+}

roles/apps/templates/nginx/conf.d/monerod.conf.j2

@@ -14,7 +14,6 @@ server {
 
     proxy_http_version      1.1;
     proxy_buffering         off;
-    proxy_request_buffering off;
 
     location / {
         proxy_pass $upstream;

roles/apps/templates/nginx/conf.d/nextcloud.conf.j2

@@ -14,7 +14,6 @@ server {
 
     proxy_http_version      1.1;
     proxy_buffering         off;
-    proxy_request_buffering off;
 
     location / {
         proxy_pass $upstream;

roles/postgresql/defaults/main.yml

@@ -5,4 +5,4 @@ postgresql_pgdata: "{{ data_fs }}/pgsql/{{ postgresql_version }}/data"
 postgresql_wal_archive: "{{ data_fs }}/wal-archive"
 postgresql_service: postgresql-{{ postgresql_version }}
 
-postgresql_db_list: "{{ databases | dict2items(key_name='name', value_name='vars') }}"
+postgresql_db_list: "{{ db_passwords | dict2items(key_name='name', value_name='password') }}"

roles/postgresql/tasks/database.yml

@@ -1,16 +1,16 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-- name: Create database user '{{ db.vars.username }}'
+- name: Create database user '{{ db.name }}'
   community.postgresql.postgresql_user:
-    name: "{{ db.vars.username }}"
+    name: "{{ db.name }}"
-    password: "{{ db.vars.password }}"
+    password: "{{ db.password }}"
     state: present
 
 - name: Create database '{{ db.name }}'
   community.postgresql.postgresql_db:
     name: "{{ db.name }}"
-    owner: "{{ db.vars.username }}"
+    owner: "{{ db.name }}"
     template: template0
     encoding: UTF-8
     state: present
@@ -18,7 +18,7 @@
 - name: Grant all priviliges to owner on database '{{ db.name }}'
   community.postgresql.postgresql_privs:
     database: "{{ db.name }}"
-    roles: "{{ db.vars.username }}"
+    roles: "{{ db.name }}"
     type: database
     privs: ALL
     state: present

roles/postgresql/templates/pg_hba.conf.j2

@@ -7,5 +7,5 @@ host    all             all                     127.0.0.1/32            scram-sh
 host    all             all                     ::1/128                 scram-sha-256
 
 {% for db in postgresql_db_list|sort %}
-host    {{ db.name }}   {{ db.vars.username }}  {{ internal_subnet }}   scram-sha-256
+host    {{ db.name }}   {{ db.name }}           {{ internal_subnet }}   scram-sha-256
 {% endfor %}