Add Jitsi Meet

This commit is contained in:
Sam A. 2024-02-10 22:36:48 +01:00
parent d91cb37303
commit d3772a4463
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
14 changed files with 276 additions and 63 deletions

View file

@ -5,12 +5,17 @@ apps_include:
- nginx
- postfix
- ipfs
- jitsi
- monerod
- nextcloud
- snowflake
- restic
- watchtower
jitsi_passwords:
jicofo_auth: "{{ vault_jitsi_passwords.jicofo_auth }}"
jvb_auth: "{{ vault_jitsi_passwords.jvb_auth }}"
redis_passwords:
nextcloud: "{{ vault_redis_passwords.nextcloud }}"

View file

@ -5,13 +5,13 @@ base_domain: sapti.me
internal_subnet: 10.2.16.0/24
postgresql_version: 14
databases:
nextcloud:
username: nextcloud
password: "{{ vault_databases.nextcloud.password }}"
db_inventory_hostname: sapt-labp-db01
db_host: "{{ hostvars[db_inventory_hostname].internal_ipv4 }}"
proxy_inventory_hostname: sapt-labr-prx01
proxy_host: "{{ hostvars[proxy_inventory_hostname].internal_ipv4 }}"
databases:
nextcloud:
username: nextcloud
password: "{{ vault_db_passwords.nextcloud }}"

View file

@ -1,26 +1,35 @@
$ANSIBLE_VAULT;1.1;AES256
32366636386565356265326466313931393762623762313230653735336565666662353962386132
6533636337326630323066333238346663303238623538390a316230636564386638373233363161
65323364613131393236373233383639663566323061613638373533643566363864613563306232
3034626662383032390a623036643433366364653135353730346230646437313332333730613933
64356134343330306536653136343061646432383861666438646463616465323863636466653935
31363565373438313732653466636535346530323836356261666134666661386435306335633235
30363432633635653566396132323536323834393534343631323638363939353237633432303165
63326464386664336338356236306432633739396464313536343138613030646237663731306233
31633735616535336630363563653338343364386533633934386138353265386630326163306331
63663635663434356261373066643833656535353066646363353038376337356134663162626331
31636665346636396630636663393636343861626636393461303233323564373733613564353166
32373332623232303437353931356134616665643863303065396664623736646632336664616235
38303337376466363862353338323033643834303238316639616564363435646136323038333264
31376565333731623930633261656237313263336231366663373930653063373133383536663531
38323665383730616238613239386632333865663465383538326665633631663163643132656138
37386336383239666437336432643361376232363131626162373738666130326434383666373234
62623432666535643461336661373761346165663435376639393633623432383362613032613838
65386361666532303032326362323466303930656536333935633730356636343265306533363238
31396164386463633864303335303136663264343465656663373434376634346234336636313363
38616639336537346163383562333536343663396462363034656563623831346664666230303464
63623432303363653535633536313533343361366235653466653564633034383236613234383861
61333730613164383665643037623836346463656439383931316164653533376236336633343533
35373035346263343138616365343432636336303339313135326135326165353934613439316335
63663964333061333337623365333564353734353733373961633235336230356631333034633430
3161
38666565393262653238376564633336356466666566613931366465373832646664363362613537
6530326438663035393638666338653434633038613733370a313136306661613565353966643038
39663237653766333462666238373633363736636365333932373939326631663462373239336232
6239613734383439650a393063373963396366396264306437623938366430376531316263653332
39313235383962363566623839663662393363393562383837343630616530363438343930306632
31323561366234353236323163643731336130643163373031666138316238646234303163356465
37306130323338306564356639356165623530366239613965353732333763636132306439613361
65623834313236323064346561666433663830356530633635613065383966386464626438386539
39316366303966393336353666326239633365333264336165373266393430346361373861303666
61333564323834373366316361633966626630316139656331383865663862636437366563366433
64346234386637366435663738356363346466386132306163383432353436626332393832343236
63316335373435653764383963656362306161643438383336396332376532326430366231656330
66356663343939316433386538646364616331316366663433616536666466383432643832316331
35346438353061613630303334656633303861633761623066303734323533663665383535623635
30323233396531633836393931376631663765656563626334343765333237386132383230336163
35373539643033316431373138326130663236663637353638316563613438646438666335643635
63663735663434393062636538323363386439643361633565323938383239666665663838313666
63646461393565656661666335366663366635393833663333613066316561633431303232383138
33323832363461643363303736616234653861323163633231663836316462346237313938343037
30663032663664333965333334636235303035383238323935616339323530613532363661616530
64646365323731646464623539393166633431306263396564353435666637636362616631323034
32303338333066363862643633663735356461626237636665663265316232306561303137656363
35663961333666333666613534383133323662333265646131633963656166646133663737316439
37646266396663316430313764613235623332343838343830663938646133323636366133623666
64633133623564393332663930343530616665306330373131626233653466353334623837653530
65323836646163353865396230313538393062316134383934363337653937663233316665326562
35383038333433633538306134343130353231313365356331643763343561353232333939643935
33663536356639656437343735343965643430646561323434386331616136613832366431383638
61666335383430346166663865643336303337303566333461666630323332623639333836663735
62313533333230353165626431643034383232306165383630623763636634363066653837393166
63303530313830366361653934633661366332336134626231646162336163643964306462363534
66663432376332343030636338663563316630643837316130653137333539333762333833666434
30326634643163343762373035326539666665316130393564376631303538313030656236663239
6462373938366338646539666561666335343665656166383435

View file

@ -5,13 +5,13 @@ base_domain: staging.sapti.me
internal_subnet: 10.2.19.0/24
postgresql_version: 14
databases:
nextcloud:
username: nextcloud
password: "{{ vault_databases.nextcloud.password }}"
db_inventory_hostname: sapt-labs-db01
db_host: "{{ hostvars[db_inventory_hostname].internal_ipv4 }}"
proxy_inventory_hostname: sapt-labr-prx01
proxy_host: "{{ hostvars[proxy_inventory_hostname].internal_ipv4 }}"
databases:
nextcloud:
username: nextcloud
password: "{{ vault_db_passwords.nextcloud }}"

View file

@ -1,26 +1,35 @@
$ANSIBLE_VAULT;1.1;AES256
64333431356566356137666636636262306262613664663935633934343532663563333837313963
3638386534636463646461666338356633356462326663360a393966613865613434663136613933
36343438336364636561333130653436386630356630626139643139303636383762663838383463
6561336438303235610a663339633133613935383464336164323630316536353130333130316237
33383738383535646135326236646233313166336330386362613534343031373234313634313361
61303362323961636265616666306632326363656261376564633337343632333732663231643165
32356239346535303965653261613437623837326138376231653761366166316639653239653034
30333032363932363961336335623464313333653465373965366430306365663739393335343434
39623531643563303438306264623866383135303534653131626435623139386666633066356630
66633036303264666639663063373635366563313466303932363265623235303432383162636437
31666463306238313138373239306531616264353336393138323538353331656132366361653463
39356236396134303764326165656136636638303436323932643432366662393864646439656631
33316630346330313137383230376433633238626132653861393435313038663066363664633436
64336165363637643732626366336338373961336166353533393235333939323563656336633965
37646161663334666335646436346432383037633430303838386337303835303336323963373135
65643331663933313031323761313765363065383937323461343065313862323032613131666461
34623862353337343535356139373830636563643135633530666164653662346133303837653862
62336664353034653337646662396536396133623763643264383736363163393831376135373265
33613633643962303731623562666435373736336163613465626338663832366334663765353263
66643834623066386465396233333334386333663530613466373332393664356465613565356562
35643265386462333661346533313336306233313335383830363739333334326234663236653461
62396263626637396339373139366332363232326364663764383763666231373532343263393064
36303565393362356134643532303239656236343038303263613538613630346264386236656636
31373066363635356365316432653931393937333664316265623332643932613934333265626231
6564
39333261386639633632616336613338323739393565356466333734663163623561613234656136
3364336635623064383363663231303463646432386237300a383734316161366361323333393432
34653231643465656462613165366539663063333335366431313666303730316431643534333533
6164383833393564660a323165633039353166646232626639376664636665313039376664623465
64326462396231393035323739613537323736366462613936666563373139663737626334623837
37613333373662666330633131626363643834323531393735613563303930353537656130316664
31636632306362343162353536356530383530363530323931623930363239373866343266663132
63663036333939316131343162343038323265303336316436373039316134393936613830316465
66646131623833636263633238663637363165396136356436316237373130323737616332396136
66353636653332346261303965613463323562633566383436613761633064613331653164306263
38623063616566376564623535343363383861343338313637666330376161616162613737626434
63356333633963656137333736666431346262383434366662323066646561353530343834316161
32333861346534373038666563366537313832303265386562393630633861313437353135306231
34313766666533306163643237643765616131333830316136336463666637393262313066386663
61623735666165383162353361383137616162393239346432386261633933666530313639623465
36373037333837346231396636633166393565623261636430303965313635353566633238656632
39646136633431326266313066623861333661373431316162316539363139343061656432356365
33363763313366636165346236353666656562356339653239666262386264356539653531666261
33663538376562663838616161306135646331336362306130396534653335633435656133636265
65326431373061393066353732653936343633313366393864633933643563623336353561373234
33326535326264386237316663396633353037373364636435346538636337643839643130643934
39643864386135623664646230343039623234333636633963626537323062363061643036376431
39393537373937363530393039366264633737633661663030303830636636313766373965633531
62646235636238616537626638653263343630663535373064376232376638626438346238616337
62656330373061306564663062363835326664666234616332316566616537626239633837396230
30613036356566383231383631663133653161383334396435363836336364323437353931343231
37333032333135333635366634363836656363663834396231323737343238353035366237343239
31303135336530313432323238653361646662636362326634313763316566323663356236323933
38613262383562626564323434313839633739376536393638363632383933306633333135306263
31623834626163663263396638353238653564653464646239643831343230326432383232323135
34633632343831306537333264396230323732383761376534303661653764646438626561393731
61653434636665346535393763376139656664303738313638336262313830323238343838346536
37313535313662323335353865346665323236363830393663613035633936623439616366643439
6464316134376336646431616466336436393235336234666236

View file

@ -40,6 +40,14 @@ apps_vars:
gateway_port: 8080
version: v0.25.0
jitsi:
backup: false
sender: false
extra_tasks: true
domain: meet.{{ apps_base_domain }}
port: 80
version: stable
monerod:
backup: false
sender: false

View file

@ -0,0 +1,17 @@
# THIS FILE IS MANAGED BY ANSIBLE
#!/usr/bin/env bash
cd "$(dirname "$0")"
chown -R 101:root data/prosody/config/
USERNAME=$1
read -rsp "password: " PASSWORD; echo
if [[ -f "data/prosody/config/data/meet%2ejitsi/accounts/$USERNAME.dat" ]]; then
echo "User $USERNAME exists"
exit 1
fi
docker compose exec prosody \
/usr/bin/prosodyctl --config /config/prosody.cfg.lua \
register $USERNAME meet.jitsi $PASSWORD

View file

@ -0,0 +1,35 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subdirectories for Jitsi Meet data
ansible.builtin.file:
path: "{{ apps_data_root }}/jitsi/data/{{ dir }}"
owner: root
mode: u=rwx,g=rx,o=rx
state: directory
loop:
- web/transcripts
- prosody
loop_control:
loop_var: dir
- name: Create subdirectories for Jitsi Meet Prosody data
ansible.builtin.file:
path: "{{ apps_data_root }}/jitsi/data/{{ dir }}"
owner: '101'
group: root
mode: u=rwx,g=rx,o=rx
state: directory
loop:
- prosody/plugins
- prosody/config
loop_control:
loop_var: dir
- name: Copy user registration script for Jitsi Meet
ansible.builtin.copy:
src: jitsi/register.sh
dest: "{{ apps_data_root }}/jitsi/register.sh"
owner: root
group: root
mode: u=rwx,g=rx,o=rx

View file

@ -0,0 +1,79 @@
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:
meet:
image: jitsi/web:{{ apps_vars.jitsi.version }}
restart: always
environment:
DISABLE_HTTPS: 1
PUBLIC_URL: {{ apps_vars.jitsi.domain }}
ENABLE_AUTH: 1
ENABLE_GUESTS: 1
networks:
meet.jitsi:
{{ apps_shared_docker_network }}:
aliases:
- jitsi
volumes:
- "./data/web/transcripts:/usr/share/jitsi-meet/transcripts:rw"
depends_on:
- jvb
prosody:
image: jitsi/prosody:{{ apps_vars.jitsi.version }}
restart: always
environment:
JICOFO_AUTH_PASSWORD: {{ jitsi_passwords.jicofo_auth }}
JVB_AUTH_PASSWORD: {{ jitsi_passwords.jvb_auth }}
ENABLE_AUTH: 1
ENABLE_GUESTS: 1
AUTH_TYPE: internal
networks:
meet.jitsi:
aliases:
- xmpp.meet.jitsi
volumes:
- "./data/prosody/plugins:/prosody-plugins-custom:rw"
- "./data/prosody/config:/config:rw"
expose:
- 5222
- 5269
- 5280
- 5347
jicofo:
image: jitsi/jicofo:{{ apps_vars.jitsi.version }}
restart: always
environment:
JICOFO_AUTH_PASSWORD: {{ jitsi_passwords.jicofo_auth }}
ENABLE_AUTH: 1
AUTH_TYPE: internal
XMPP_SERVER: prosody
networks:
- meet.jitsi
depends_on:
- prosody
jvb:
image: jitsi/jvb:{{ apps_vars.jitsi.version }}
restart: always
environment:
JVB_AUTH_PASSWORD: {{ jitsi_passwords.jvb_auth }}
JVB_WS_DOMAIN: {{ apps_vars.jitsi.domain }}
{% if hostname not in groups['production'] %}
JVB_ADVERTISE_IPS: {{ ansible_host }}
{% endif %}
networks:
- meet.jitsi
ports:
- 10000:10000/udp
depends_on:
- prosody
networks:
meet.jitsi:
{{ apps_shared_docker_network }}:
external: true

View file

@ -14,7 +14,6 @@ server {
proxy_http_version 1.1;
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_pass $upstream;

View file

@ -0,0 +1,29 @@
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
server {
server_name {{ apps_vars.jitsi.domain }};
listen 8080;
set $upstream http://jitsi:{{ apps_vars.jitsi.port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_http_version 1.1;
proxy_buffering off;
location / {
proxy_pass $upstream;
}
location ~^/(colibri-ws|xmpp-websocket)$ {
proxy_pass $upstream;
# WebSocket support
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}

View file

@ -14,7 +14,6 @@ server {
proxy_http_version 1.1;
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_pass $upstream;

View file

@ -14,7 +14,6 @@ server {
proxy_http_version 1.1;
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_pass $upstream;

View file

@ -77,6 +77,31 @@ ipfs.local.{{ proxy_vars[env].app01.base_domain }} {
respond 403
}
meet.{{ proxy_vars[env].app01.base_domain }} {
tls {{ tls_email }} {
dns njalla {{ njalla_api_token }}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
-Server
}
{% if env == 'production' %}
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
{% else %}
@local {
remote_ip {{ proxy_trusted_subnets | join(' ') }}
}
handle @local {
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
respond 403
{% endif %}
}
xmr.local.{{ proxy_vars[env].app01.base_domain }} {
tls {{ tls_email }} {
dns njalla {{ njalla_api_token }}