home/max
Archived
2
1
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity

add jitsi meet

Browse source
This commit is contained in:
Pim Kunis 2023-01-14 18:00:01 +01:00
parent 724ce880e3
commit 19e407ad0e
14 changed files with 196 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Makefile
View file

@ -37,4 +37,7 @@ dataserver:
seafile: seafile:
ansible-playbook playbooks/seafile.yml -i inventory/hosts.yml --ask-vault-pass ansible-playbook playbooks/seafile.yml -i inventory/hosts.yml --ask-vault-pass
jitsi:
ansible-playbook playbooks/jitsi.yml -i inventory/hosts.yml --ask-vault-pass
.PHONY: run .PHONY: run

2
inventory/group_vars/homeserver.yml
View file

@ -1,2 +1,4 @@
base_data_dir: /data base_data_dir: /data
base_service_dir: /srv base_service_dir: /srv
jitsi_videobridge_port: 54562
git_ssh_port: 56287

1
playbooks/all.yml
View file

@ -11,6 +11,7 @@
- radicale - radicale
- mastodon - mastodon
- seafile - seafile
- jitsi
- name: Setup dataserver - name: Setup dataserver
hosts: dataserver hosts: dataserver
roles: roles:

4
playbooks/jitsi.yml Normal file
View file

@ -0,0 +1,4 @@
- name: Install Jitsi Meet
hosts: homeserver
roles:
- jitsi

2
roles/forgejo/tasks/main.yml
View file

@ -20,7 +20,7 @@
group: 1000 group: 1000
- name: Copy app.ini - name: Copy app.ini
template: template:
src: "{{ role_path }}/templates/app.ini" src: "{{ role_path }}/templates/app.ini.j2"
dest: "{{ service_dir }}/conf/app.ini" dest: "{{ service_dir }}/conf/app.ini"
register: config register: config
- name: Start the Docker Compose - name: Start the Docker Compose

2
roles/forgejo/templates/app.ini → roles/forgejo/templates/app.ini.j2
View file

@ -18,7 +18,7 @@ SSH_DOMAIN = git.pizzapim.nl
HTTP_PORT = 3000 HTTP_PORT = 3000
ROOT_URL = {{ forgejo.root_url }} ROOT_URL = {{ forgejo.root_url }}
DISABLE_SSH = false DISABLE_SSH = false
SSH_PORT = 56287 SSH_PORT = {{ git_ssh_port }}
SSH_LISTEN_PORT = 22 SSH_LISTEN_PORT = 22
LFS_START_SERVER = true LFS_START_SERVER = true
LFS_JWT_SECRET = {{ forgejo.lfs_jwt_secret }} LFS_JWT_SECRET = {{ forgejo.lfs_jwt_secret }}

4
roles/jitsi/meta/main.yml Normal file
View file

@ -0,0 +1,4 @@
dependencies:
- role: common
- role: docker
- role: traefik

17
roles/jitsi/tasks/main.yml Normal file
View file

@ -0,0 +1,17 @@
- name: Create Jitsi Meet app directory
file:
path: "{{ service_dir }}"
state: directory
- name: Copy docker-compose.yml file
template:
src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: "{{ service_dir }}/docker-compose.yml"
- name: Create Jitsi Meet data directory
file:
path: "{{ data_dir }}"
state: directory
- name: Start Docker Compose
docker_compose:
project_src: "{{ service_dir }}"
pull: true
remove_orphans: true

107
roles/jitsi/templates/docker-compose.yml.j2 Normal file
View file

@ -0,0 +1,107 @@
version: '3.5'
services:
web:
image: jitsi/web:stable-8218
container_name: jitsi-web
restart: unless-stopped
volumes:
- {{ data_dir }}/web:/config:Z
- {{ data_dir }}/web/crontabs:/var/spool/cron/crontabs:Z
- {{ data_dir }}/transcripts:/usr/share/jitsi-meet/transcripts:Z
environment:
- DISABLE_HTTPS=1
- ENABLE_AUTH=1
- ENABLE_GUESTS=1
- ENABLE_IPV6=1
- ENABLE_LETSENCRYPT=0
- PUBLIC_URL=https://{{ public_domain }}
- TZ=Europe/Amsterdam
networks:
- meet.jitsi
- traefik
labels:
- traefik.http.routers.jitsi-web.entrypoints=websecure
- traefik.http.routers.jitsi-web.rule=Host(`{{ public_domain }}`)
- traefik.http.routers.jitsi-web.tls=true
- traefik.http.routers.jitsi-web.tls.certresolver=pizzapim
- traefik.http.services.jitsi-web.loadbalancer.server.port=80
- traefik.http.routers.jitsi-web.service=jitsi-web
- traefik.docker.network=traefik
prosody:
image: jitsi/prosody:stable-8218
container_name: jitsi-xmpp
restart: unless-stopped
expose:
- '5222'
- '5347'
- '5280'
volumes:
- {{ data_dir }}/prosody/config:/config:Z
- {{ data_dir }}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
environment:
- AUTH_TYPE=internal
- ENABLE_AUTH=1
- ENABLE_GUESTS=1
- ENABLE_IPV6=1
- ENABLE_LOBBY=1
- JIBRI_RECORDER_PASSWORD={{ jibri_recorder_password }}
- JIBRI_XMPP_PASSWORD={{ jibri_xmpp_password }}
- JICOFO_AUTH_PASSWORD={{ jicofo_auth_password }}
- JIGASI_XMPP_PASSWORD={{ jigasi_xmpp_password }}
- JVB_AUTH_PASSWORD={{ jvb_auth_password }}
- PUBLIC_URL=https://{{ public_domain }}
- TZ=Europe/Amsterdam
networks:
meet.jitsi:
aliases:
- xmpp.meet.jitsi
jicofo:
image: jitsi/jicofo:stable-8218
container_name: jitsi-focus
restart: unless-stopped
volumes:
- {{ data_dir }}/jicofo:/config:Z
environment:
- AUTH_TYPE=internal
- ENABLE_AUTH=1
- JICOFO_AUTH_PASSWORD={{ jicofo_auth_password }}
- SENTRY_DSN=0
- TZ=Europe/Amsterdam
depends_on:
- prosody
networks:
meet.jitsi:
jvb:
image: jitsi/jvb:stable-8218
container_name: jitsi-videobridge
restart: unless-stopped
ports:
- '{{ jitsi_videobridge_port }}:{{ jitsi_videobridge_port }}/udp'
volumes:
- {{ data_dir }}/jvb:/config:Z
environment:
- JVB_ADVERTISE_IPS={{ jvb_advertise_ips }}
- JVB_AUTH_PASSWORD={{ jvb_auth_password }}
- JVB_PORT={{ jitsi_videobridge_port }}
- PUBLIC_URL=https://{{ public_domain }}
- SENTRY_DSN=0
- COLIBRI_REST_ENABLED=0
- TZ=Europe/Amsterdam
depends_on:
- prosody
networks:
meet.jitsi:
labels:
- traefik.udp.routers.jitsi-videobridge.rule=HostSNI(`*`)
- traefik.udp.routers.jitsi-videobridge.entrypoints=video
- traefik.udp.routers.jitsi-videobridge.service=jitsi-videobridge
- traefik.udp.services.jitsi-videobridge.loadbalancer.server.port={{ jitsi_videobridge_port }}
networks:
meet.jitsi:
traefik:
external: true

47
roles/jitsi/vars/main.yml Normal file
View file

@ -0,0 +1,47 @@
service_name: jitsi
service_dir: "{{ base_service_dir }}/{{ service_name }}"
data_dir: "{{ base_data_dir }}/{{ service_name }}"
public_domain: "meet.pizzapim.nl"
jvb_advertise_ips: "84.245.14.149,192.168.30.3"
jvb_auth_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
32613939646334396165386233353938306165326532336564343762616465323734653564353939
6363616139653932326436656530613661326135303738370a653530663733343431663535373663
64656565386266613463623036346438636635343061623533343434663131623334333661363135
3633646237393563610a353763333332653462653136373139666566333062386265633234613065
32616565303764646365653165663862383233643839663563353838663663636332323939373665
6131666537326333326332383164333730623865646639353230
jibri_recorder_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65386136383631626262393861313161363563376662623964633138376462386366353035363930
6637353263633731613037623030646365613364303232620a646366356338383665316432613965
35613636343832623731646161373938343866616230613461373964303566323761663536376466
6365616132373532350a316639383266393835636233626562636466663737386234333362663066
65353534303835636430306536653062636466303265623836643030323237323332353431343066
6138383630643735393565363931343162383963343635336138
jibri_xmpp_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34323665313961613830346662346137643339316237316532646330393366373236323036373035
3530376164303730643832393865643231316537303133340a383562633937353139646231343265
33353933633463373366383236643364366631663136313164643231366537303437653962656166
3031333735346538370a616539323531653734663533303463623865613739373433656537613636
39306363313264306535666237376561633439666232303338343832303637366237323339373431
6131333434393931613437383061653238656165356136306331
jicofo_auth_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
39613461623132346632623664633866356261653737393534366665653966623437323962636430
3230656535333631333661653263343663323732376562350a616662353030646164336231366239
32373263303962646232383539656435633436633137383837633162363232336134346461386165
3633613665393264640a323030666235366363313532623732623862346433343336343035663661
63326636386330363362313665643466373935363161383932623839373462613032326331366333
3661313266306166633532643333623266316631386532653834
jigasi_xmpp_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
35303333613961616236623134333063366261336239633836633435323235343864636237626136
3635356538663637656639323161316361663636323933370a326430333066383234643064303961
36393564646131313938363664636266653362373732656634653966663736313231613163313461
6565373230333635650a653630373339376637653634383733613531633535343438326631633739
31303966353235333533353730346135323438343266303431376563393330343563363432626639
3539636136386563376162383835346166663630633463336132

3
roles/nsd/files/zones/pizzapim.nl
View file

@ -1,7 +1,7 @@
$ORIGIN pizzapim.nl. $ORIGIN pizzapim.nl.
$TTL 60 $TTL 60
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010701 1800 3600 1209600 3600 pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023011400 1800 3600 1209600 3600
NS ns.pizzapim.nl. NS ns.pizzapim.nl.
NS ns0.transip.net. NS ns0.transip.net.
@ -22,3 +22,4 @@ cloud IN CNAME www.pizzapim.nl.
social IN CNAME www.pizzapim.nl. social IN CNAME www.pizzapim.nl.
dav IN CNAME www.pizzapim.nl. dav IN CNAME www.pizzapim.nl.
git IN CNAME www.pizzapim.nl. git IN CNAME www.pizzapim.nl.
meet IN CNAME www.pizzapim.nl.

4
roles/traefik/tasks/main.yml
View file

@ -13,8 +13,8 @@
src: "{{ role_path }}/templates/docker-compose.yml.j2" src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: "{{ service_dir }}/docker-compose.yml" dest: "{{ service_dir }}/docker-compose.yml"
- name: Copy traefik.toml - name: Copy traefik.toml
copy: template:
src: "{{ role_path }}/files/traefik.toml" src: "{{ role_path }}/templates/traefik.toml.j2"
dest: "{{ service_dir }}/traefik.toml" dest: "{{ service_dir }}/traefik.toml"
- name: Copy services.toml - name: Copy services.toml
copy: copy:

2
roles/traefik/templates/docker-compose.yml.j2
View file

@ -18,7 +18,7 @@ services:
ports: ports:
- "443:443" - "443:443"
- "80:80" - "80:80"
- "56287:56287" - "{{ git_ssh_port }}:{{ git_ssh_port }}"
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml

4
roles/traefik/files/traefik.toml → roles/traefik/templates/traefik.toml.j2
View file

@ -6,7 +6,9 @@ loglevel = "DEBUG"
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[entryPoints.ssh] [entryPoints.ssh]
address = ":56287" address = ":{{ git_ssh_port }}"
[entryPoints.video]
address = ":{{ jitsi_videobridge_port }}/udp"
[api] [api]