From 7c640ae5768e9f156154a52ffd6dd08ac759ffa1 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Mon, 8 May 2023 15:54:42 +0200
Subject: [PATCH] add jitsi support

---
 ansible/inventory/host_vars/manager.yml |   1 +
 ansible/playbooks/stacks.yml            |   1 +
 ansible/roles/jitsi/docker-stack.yml.j2 | 102 ++++++++++++++++++++++++
 ansible/roles/jitsi/tasks/main.yml      |  15 ++++
 ansible/roles/jitsi/vars/main.yml       |   8 ++
 terraform/main.tf                       |  15 ++--
 6 files changed, 132 insertions(+), 10 deletions(-)
 create mode 100644 ansible/roles/jitsi/docker-stack.yml.j2
 create mode 100644 ansible/roles/jitsi/tasks/main.yml
 create mode 100644 ansible/roles/jitsi/vars/main.yml

diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml
index 72cbd58..8deb75b 100644
--- a/ansible/inventory/host_vars/manager.yml
+++ b/ansible/inventory/host_vars/manager.yml
@@ -8,6 +8,7 @@ docker_node_labels:
   - hostname: swarmpub2
     labels:
       public: "true"
+      jitsi: "true"
   - hostname: swarmpriv1
     labels:
       private: "true"
diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml
index d91af94..1ee439b 100644
--- a/ansible/playbooks/stacks.yml
+++ b/ansible/playbooks/stacks.yml
@@ -15,3 +15,4 @@
     - {role: kms, tags: kms}
     - {role: swarm_dashboard, tags: swarm_dashboard}
     - {role: shephard, tags: shephard}
+    - {role: jitsi, tags: jitsi}
diff --git a/ansible/roles/jitsi/docker-stack.yml.j2 b/ansible/roles/jitsi/docker-stack.yml.j2
new file mode 100644
index 0000000..127b346
--- /dev/null
+++ b/ansible/roles/jitsi/docker-stack.yml.j2
@@ -0,0 +1,102 @@
+# vi: ft=yaml
+version: '3.5'
+
+networks:
+  traefik:
+    external: true
+  jitsi:
+
+services:
+  web:
+    image: jitsi/web:stable-8218
+    environment:
+      - DISABLE_HTTPS=1
+      - ENABLE_AUTH=0
+      - ENABLE_GUESTS=1
+      - ENABLE_IPV6=1
+      - ENABLE_LETSENCRYPT=0
+      - PUBLIC_URL=https://meet.pim.kunis.nl
+      - TZ=Europe/Amsterdam
+    networks:
+      - jitsi
+      - traefik
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.public == true"
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.jitsi-web.entrypoints=websecure
+        - traefik.http.routers.jitsi-web.rule=Host(`meet.pim.kunis.nl`)
+        - traefik.http.routers.jitsi-web.tls=true
+        - traefik.http.routers.jitsi-web.tls.certresolver=letsencrypt
+        - traefik.http.services.jitsi-web.loadbalancer.server.port=80
+        - traefik.http.routers.jitsi-web.service=jitsi-web
+        - traefik.docker.network=traefik
+
+  prosody:
+    image: jitsi/prosody:stable-8218
+    expose:
+      - '5222'
+      - '5347'
+      - '5280'
+    environment:
+      - AUTH_TYPE=internal
+      - ENABLE_AUTH=0
+      - ENABLE_GUESTS=1
+      - ENABLE_IPV6=1
+      - ENABLE_LOBBY=1
+      - JIBRI_RECORDER_PASSWORD={{ jitsi_password }}
+      - JIBRI_XMPP_PASSWORD={{ jitsi_password }}
+      - JICOFO_AUTH_PASSWORD={{ jitsi_password }}
+      - JIGASI_XMPP_PASSWORD={{ jitsi_password }}
+      - JVB_AUTH_PASSWORD={{ jitsi_password }}
+      - PUBLIC_URL=https://meet.pim.kunis.nl
+      - TZ=Europe/Amsterdam
+    networks:
+      jitsi:
+        aliases:
+          - xmpp.meet.jitsi
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.public == true"
+
+  jicofo:
+    image: jitsi/jicofo:stable-8218
+    environment:
+      - AUTH_TYPE=internal
+      - ENABLE_AUTH=0
+      - JICOFO_AUTH_PASSWORD={{ jitsi_password }}
+      - SENTRY_DSN=0
+      - TZ=Europe/Amsterdam
+    depends_on:
+      - prosody
+    networks:
+      - jitsi
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.public == true"
+
+  jvb:
+    image: jitsi/jvb:stable-8218
+    ports:
+      - '54562:54562/udp'
+    environment:
+      - JVB_ADVERTISE_IPS=84.245.14.149,192.168.30.8
+      - JVB_AUTH_PASSWORD={{ jitsi_password }}
+      - JVB_PORT=54562
+      - PUBLIC_URL=https://meet.pim.kunis.nl
+      - SENTRY_DSN=0
+      - COLIBRI_REST_ENABLED=0
+      - TZ=Europe/Amsterdam
+    depends_on:
+      - prosody
+    networks:
+      - jitsi
+      - traefik
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.public == true"
diff --git a/ansible/roles/jitsi/tasks/main.yml b/ansible/roles/jitsi/tasks/main.yml
new file mode 100644
index 0000000..6ec134f
--- /dev/null
+++ b/ansible/roles/jitsi/tasks/main.yml
@@ -0,0 +1,15 @@
+- name: Create working directory
+  file:
+    path: /srv/jitsi
+    state: directory
+
+- name: Copy Docker stack file
+  template:
+    src: "{{ role_path }}/docker-stack.yml.j2"
+    dest: /srv/jitsi/docker-stack.yml
+
+- name: Deploy Docker stack
+  docker_stack:
+    name: jitsi
+    compose:
+      - /srv/jitsi/docker-stack.yml
diff --git a/ansible/roles/jitsi/vars/main.yml b/ansible/roles/jitsi/vars/main.yml
new file mode 100644
index 0000000..090d3aa
--- /dev/null
+++ b/ansible/roles/jitsi/vars/main.yml
@@ -0,0 +1,8 @@
+jitsi_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  66633139653639396435333239316536326366613338646531373063306333383562613462316561
+  6630373435326631376362643961343936626238663332630a623631613532366539633637333032
+  35383031306566613466643066366361663039633864643733356366386339366265326237653739
+  3062313832313638330a636131393130646564366563626430346436656236333961306363633435
+  39353934386631633132306562396430303738393235656363356666663934626161363365343162
+  6130346338333734653961633037386133396332643831363939
diff --git a/terraform/main.tf b/terraform/main.tf
index 31100c6..73028ad 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -21,8 +21,7 @@ provider "libvirt" {
 }
 
 module "manager" {
-  #source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
-  source = "/home/pim/repos/tf-modules/debian"
+  source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
   name        = "maestro"
   domain_name = "tf-maestro"
   memory      = 1024
@@ -34,8 +33,7 @@ module "manager" {
 }
 
 module "swarmpub1" {
-  #source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
-  source = "/home/pim/repos/tf-modules/debian"
+  source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
   name        = "swarmpub1"
   domain_name = "tf-swarmpub1"
   memory      = 1024 * 5
@@ -46,8 +44,7 @@ module "swarmpub1" {
 }
 
 module "swarmpriv1" {
-  #source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
-  source = "/home/pim/repos/tf-modules/debian"
+  source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
   name        = "swarmpriv1"
   domain_name = "tf-swarmpriv1"
   memory      = 1024 * 5
@@ -58,8 +55,7 @@ module "swarmpriv1" {
 }
 
 module "swarmpub2" {
-  #source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
-  source = "/home/pim/repos/tf-modules/debian"
+  source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
   name        = "swarmpub2"
   domain_name = "tf-swarmpub2"
   memory      = 1024 * 3
@@ -70,8 +66,7 @@ module "swarmpub2" {
 }
 
 module "swarmpriv2" {
-  #source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
-  source = "/home/pim/repos/tf-modules/debian"
+  source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
   name        = "swarmpriv2"
   domain_name = "tf-swarmpriv2"
   memory      = 1024 * 3