home/max
Archived
2
1
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity

add jitsi meet

Browse source
This commit is contained in:
Pim Kunis 2023-01-14 18:00:01 +01:00
parent 724ce880e3
commit 19e407ad0e
14 changed files with 196 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Makefile
View file

@ -37,4 +37,7 @@ dataserver:
seafile:
ansible-playbook playbooks/seafile.yml -i inventory/hosts.yml --ask-vault-pass
jitsi:
ansible-playbook playbooks/jitsi.yml -i inventory/hosts.yml --ask-vault-pass
.PHONY: run

2
inventory/group_vars/homeserver.yml
View file

@ -1,2 +1,4 @@
base_data_dir: /data
base_service_dir: /srv
jitsi_videobridge_port: 54562
git_ssh_port: 56287

3
playbooks/all.yml
View file

@ -11,7 +11,8 @@
- radicale
- mastodon
- seafile
- jitsi
- name: Setup dataserver
hosts: dataserver
roles:
- dataserver
- dataserver

4
playbooks/jitsi.yml Normal file
View file

@ -0,0 +1,4 @@
- name: Install Jitsi Meet
hosts: homeserver
roles:
- jitsi

2
roles/forgejo/tasks/main.yml
View file

@ -20,7 +20,7 @@
group: 1000
- name: Copy app.ini
template:
src: "{{ role_path }}/templates/app.ini"
src: "{{ role_path }}/templates/app.ini.j2"
dest: "{{ service_dir }}/conf/app.ini"
register: config
- name: Start the Docker Compose

2
roles/forgejo/templates/app.ini → roles/forgejo/templates/app.ini.j2
View file

@ -18,7 +18,7 @@ SSH_DOMAIN = git.pizzapim.nl
HTTP_PORT = 3000
ROOT_URL = {{ forgejo.root_url }}
DISABLE_SSH = false
SSH_PORT = 56287
SSH_PORT = {{ git_ssh_port }}
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ forgejo.lfs_jwt_secret }}

4
roles/jitsi/meta/main.yml Normal file
View file

@ -0,0 +1,4 @@
dependencies:
- role: common
- role: docker
- role: traefik

17
roles/jitsi/tasks/main.yml Normal file
View file

@ -0,0 +1,17 @@
- name: Create Jitsi Meet app directory
file:
path: "{{ service_dir }}"
state: directory
- name: Copy docker-compose.yml file
template:
src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: "{{ service_dir }}/docker-compose.yml"
- name: Create Jitsi Meet data directory
file:
path: "{{ data_dir }}"
state: directory
- name: Start Docker Compose
docker_compose:
project_src: "{{ service_dir }}"
pull: true
remove_orphans: true

107
roles/jitsi/templates/docker-compose.yml.j2 Normal file
View file

@ -0,0 +1,107 @@
version: '3.5'
services:
web:
image: jitsi/web:stable-8218
container_name: jitsi-web
restart: unless-stopped
volumes:
- {{ data_dir }}/web:/config:Z
- {{ data_dir }}/web/crontabs:/var/spool/cron/crontabs:Z
- {{ data_dir }}/transcripts:/usr/share/jitsi-meet/transcripts:Z
environment:
- DISABLE_HTTPS=1
- ENABLE_AUTH=1
- ENABLE_GUESTS=1
- ENABLE_IPV6=1
- ENABLE_LETSENCRYPT=0
- PUBLIC_URL=https://{{ public_domain }}
- TZ=Europe/Amsterdam
networks:
- meet.jitsi
- traefik
labels:
- traefik.http.routers.jitsi-web.entrypoints=websecure
- traefik.http.routers.jitsi-web.rule=Host(`{{ public_domain }}`)
- traefik.http.routers.jitsi-web.tls=true
- traefik.http.routers.jitsi-web.tls.certresolver=pizzapim
- traefik.http.services.jitsi-web.loadbalancer.server.port=80
- traefik.http.routers.jitsi-web.service=jitsi-web
- traefik.docker.network=traefik
prosody:
image: jitsi/prosody:stable-8218
container_name: jitsi-xmpp
restart: unless-stopped
expose:
- '5222'
- '5347'
- '5280'
volumes:
- {{ data_dir }}/prosody/config:/config:Z
- {{ data_dir }}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
environment:
- AUTH_TYPE=internal
- ENABLE_AUTH=1
- ENABLE_GUESTS=1
- ENABLE_IPV6=1
- ENABLE_LOBBY=1
- JIBRI_RECORDER_PASSWORD={{ jibri_recorder_password }}
- JIBRI_XMPP_PASSWORD={{ jibri_xmpp_password }}
- JICOFO_AUTH_PASSWORD={{ jicofo_auth_password }}
- JIGASI_XMPP_PASSWORD={{ jigasi_xmpp_password }}
- JVB_AUTH_PASSWORD={{ jvb_auth_password }}
- PUBLIC_URL=https://{{ public_domain }}
- TZ=Europe/Amsterdam
networks:
meet.jitsi:
aliases:
- xmpp.meet.jitsi
jicofo:
image: jitsi/jicofo:stable-8218
container_name: jitsi-focus
restart: unless-stopped
volumes:
- {{ data_dir }}/jicofo:/config:Z
environment:
- AUTH_TYPE=internal
- ENABLE_AUTH=1
- JICOFO_AUTH_PASSWORD={{ jicofo_auth_password }}
- SENTRY_DSN=0
- TZ=Europe/Amsterdam
depends_on:
- prosody
networks:
meet.jitsi:
jvb:
image: jitsi/jvb:stable-8218
container_name: jitsi-videobridge
restart: unless-stopped
ports:
- '{{ jitsi_videobridge_port }}:{{ jitsi_videobridge_port }}/udp'
volumes:
- {{ data_dir }}/jvb:/config:Z
environment:
- JVB_ADVERTISE_IPS={{ jvb_advertise_ips }}
- JVB_AUTH_PASSWORD={{ jvb_auth_password }}
- JVB_PORT={{ jitsi_videobridge_port }}
- PUBLIC_URL=https://{{ public_domain }}
- SENTRY_DSN=0
- COLIBRI_REST_ENABLED=0
- TZ=Europe/Amsterdam
depends_on:
- prosody
networks:
meet.jitsi:
labels:
- traefik.udp.routers.jitsi-videobridge.rule=HostSNI(`*`)
- traefik.udp.routers.jitsi-videobridge.entrypoints=video
- traefik.udp.routers.jitsi-videobridge.service=jitsi-videobridge
- traefik.udp.services.jitsi-videobridge.loadbalancer.server.port={{ jitsi_videobridge_port }}
networks:
meet.jitsi:
traefik:
external: true

47
roles/jitsi/vars/main.yml Normal file
View file

@ -0,0 +1,47 @@
service_name: jitsi
service_dir: "{{ base_service_dir }}/{{ service_name }}"
data_dir: "{{ base_data_dir }}/{{ service_name }}"
public_domain: "meet.pizzapim.nl"
jvb_advertise_ips: "84.245.14.149,192.168.30.3"
jvb_auth_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
32613939646334396165386233353938306165326532336564343762616465323734653564353939
6363616139653932326436656530613661326135303738370a653530663733343431663535373663
64656565386266613463623036346438636635343061623533343434663131623334333661363135
3633646237393563610a353763333332653462653136373139666566333062386265633234613065
32616565303764646365653165663862383233643839663563353838663663636332323939373665
6131666537326333326332383164333730623865646639353230
jibri_recorder_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65386136383631626262393861313161363563376662623964633138376462386366353035363930
6637353263633731613037623030646365613364303232620a646366356338383665316432613965
35613636343832623731646161373938343866616230613461373964303566323761663536376466
6365616132373532350a316639383266393835636233626562636466663737386234333362663066
65353534303835636430306536653062636466303265623836643030323237323332353431343066
6138383630643735393565363931343162383963343635336138
jibri_xmpp_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34323665313961613830346662346137643339316237316532646330393366373236323036373035
3530376164303730643832393865643231316537303133340a383562633937353139646231343265
33353933633463373366383236643364366631663136313164643231366537303437653962656166
3031333735346538370a616539323531653734663533303463623865613739373433656537613636
39306363313264306535666237376561633439666232303338343832303637366237323339373431
6131333434393931613437383061653238656165356136306331
jicofo_auth_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
39613461623132346632623664633866356261653737393534366665653966623437323962636430
3230656535333631333661653263343663323732376562350a616662353030646164336231366239
32373263303962646232383539656435633436633137383837633162363232336134346461386165
3633613665393264640a323030666235366363313532623732623862346433343336343035663661
63326636386330363362313665643466373935363161383932623839373462613032326331366333
3661313266306166633532643333623266316631386532653834
jigasi_xmpp_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
35303333613961616236623134333063366261336239633836633435323235343864636237626136
3635356538663637656639323161316361663636323933370a326430333066383234643064303961
36393564646131313938363664636266653362373732656634653966663736313231613163313461
6565373230333635650a653630373339376637653634383733613531633535343438326631633739
31303966353235333533353730346135323438343266303431376563393330343563363432626639
3539636136386563376162383835346166663630633463336132

3
roles/nsd/files/zones/pizzapim.nl
View file

@ -1,7 +1,7 @@
$ORIGIN pizzapim.nl.
$TTL 60
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010701 1800 3600 1209600 3600
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023011400 1800 3600 1209600 3600
NS ns.pizzapim.nl.
NS ns0.transip.net.
@ -22,3 +22,4 @@ cloud IN CNAME www.pizzapim.nl.
social IN CNAME www.pizzapim.nl.
dav IN CNAME www.pizzapim.nl.
git IN CNAME www.pizzapim.nl.
meet IN CNAME www.pizzapim.nl.

4
roles/traefik/tasks/main.yml
View file

@ -13,8 +13,8 @@
src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: "{{ service_dir }}/docker-compose.yml"
- name: Copy traefik.toml
copy:
src: "{{ role_path }}/files/traefik.toml"
template:
src: "{{ role_path }}/templates/traefik.toml.j2"
dest: "{{ service_dir }}/traefik.toml"
- name: Copy services.toml
copy:

2
roles/traefik/templates/docker-compose.yml.j2
View file

@ -18,7 +18,7 @@ services:
ports:
- "443:443"
- "80:80"
- "56287:56287"
- "{{ git_ssh_port }}:{{ git_ssh_port }}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml

4
roles/traefik/files/traefik.toml → roles/traefik/templates/traefik.toml.j2
View file

@ -6,7 +6,9 @@ loglevel = "DEBUG"
[entryPoints.websecure]
address = ":443"
[entryPoints.ssh]
address = ":56287"
address = ":{{ git_ssh_port }}"
[entryPoints.video]
address = ":{{ jitsi_videobridge_port }}/udp"
[api]