From 8d9cb1dfce65a422e9f19b73351d2dbfaea827b5 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sun, 7 May 2023 14:52:00 +0200
Subject: [PATCH] jitsi stack

---
 ansible/inventory/host_vars/manager.yml |   1 +
 ansible/playbooks/stacks.yml            |   1 +
 ansible/roles/jitsi/docker-stack.yml    | 119 ++++++++++++++++++++++++
 ansible/roles/jitsi/tasks/main.yml      |  15 +++
 4 files changed, 136 insertions(+)
 create mode 100644 ansible/roles/jitsi/docker-stack.yml
 create mode 100644 ansible/roles/jitsi/tasks/main.yml

diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml
index 72cbd58..8deb75b 100644
--- a/ansible/inventory/host_vars/manager.yml
+++ b/ansible/inventory/host_vars/manager.yml
@@ -8,6 +8,7 @@ docker_node_labels:
   - hostname: swarmpub2
     labels:
       public: "true"
+      jitsi: "true"
   - hostname: swarmpriv1
     labels:
       private: "true"
diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml
index d91af94..1ee439b 100644
--- a/ansible/playbooks/stacks.yml
+++ b/ansible/playbooks/stacks.yml
@@ -15,3 +15,4 @@
     - {role: kms, tags: kms}
     - {role: swarm_dashboard, tags: swarm_dashboard}
     - {role: shephard, tags: shephard}
+    - {role: jitsi, tags: jitsi}
diff --git a/ansible/roles/jitsi/docker-stack.yml b/ansible/roles/jitsi/docker-stack.yml
new file mode 100644
index 0000000..c8912ab
--- /dev/null
+++ b/ansible/roles/jitsi/docker-stack.yml
@@ -0,0 +1,119 @@
+version: '3.5'
+
+networks:
+  traefik:
+    external: true
+  jitsi:
+
+volumes:
+  web-config:
+  crontabs:
+  transcripts:
+  prosody-plugins-custom:
+  prosody-config:
+  jicofo-config:
+  jvb-config:
+
+services:
+  web:
+    image: jitsi/web:stable-8218
+    volumes:
+      - web-config:/config
+      - crontabs:/var/spool/cron/crontabs
+      - transcripts:/user/share/jitsi-meet/transcripts
+    environment:
+      - DISABLE_HTTPS=1
+      - ENABLE_AUTH=1
+      - ENABLE_GUESTS=1
+      - ENABLE_IPV6=1
+      - ENABLE_LETSENCRYPT=0
+      - PUBLIC_URL=https://meet.pim.kunis.nl
+      - TZ=Europe/Amsterdam
+    networks:
+      - jitsi
+      - traefik
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.jitsi == true"
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.jitsi-web.entrypoints=websecure
+        - traefik.http.routers.jitsi-web.rule=Host(`meet.pim.kunis.nl`)
+        - traefik.http.routers.jitsi-web.tls=true
+        - traefik.http.routers.jitsi-web.tls.certresolver=letsencrypt
+        - traefik.http.services.jitsi-web.loadbalancer.server.port=80
+        - traefik.http.routers.jitsi-web.service=jitsi-web
+        - traefik.docker.network=traefik
+
+  prosody:
+    image: jitsi/prosody:stable-8218
+    expose:
+      - '5222'
+      - '5347'
+      - '5280'
+    volumes:
+      - prosody-config:/config
+      - prosody-plugins-custom:/prosody-plugins-custom
+    environment:
+      - AUTH_TYPE=internal
+      - ENABLE_AUTH=1
+      - ENABLE_GUESTS=1
+      - ENABLE_IPV6=1
+      - ENABLE_LOBBY=1
+      - JIBRI_RECORDER_PASSWORD=279fd02ecb4f3993b8a7793178fdba4d
+      - JIBRI_XMPP_PASSWORD=318f5f8bcf393227da71c1653f3756ca
+      - JICOFO_AUTH_PASSWORD=98a5071b500dea9184f72921bb062739
+      - JIGASI_XMPP_PASSWORD=80d60b0e6df379168b380dbf570954d2
+      - JVB_AUTH_PASSWORD=221db0f442cbbbee62639a77ec7e973c
+      - PUBLIC_URL=https://meet.pim.kunis.nl
+      - TZ=Europe/Amsterdam
+    networks:
+      - jitsi
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.jitsi == true"
+
+  jicofo:
+    image: jitsi/jicofo:stable-8218
+    volumes:
+      - jicofo-config:/config
+    environment:
+      - AUTH_TYPE=internal
+      - ENABLE_AUTH=1
+      - JICOFO_AUTH_PASSWORD=98a5071b500dea9184f72921bb062739
+      - SENTRY_DSN=0
+      - TZ=Europe/Amsterdam
+    depends_on:
+      - prosody
+    networks:
+      - jitsi
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.jitsi == true"
+
+  jvb:
+    image: jitsi/jvb:stable-8218
+    ports:
+      - '54562:54562/udp'
+    volumes:
+      - jvb-config:/config
+    environment:
+      - JVB_ADVERTISE_IPS=84.245.14.149,192.168.30.8
+      - JVB_AUTH_PASSWORD=221db0f442cbbbee62639a77ec7e973c
+      - JVB_PORT=54562
+      - PUBLIC_URL=https://meet.pim.kunis.nl
+      - SENTRY_DSN=0
+      - COLIBRI_REST_ENABLED=0
+      - TZ=Europe/Amsterdam
+    depends_on:
+      - prosody
+    networks:
+      - jitsi
+      - traefik
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.jitsi == true"
diff --git a/ansible/roles/jitsi/tasks/main.yml b/ansible/roles/jitsi/tasks/main.yml
new file mode 100644
index 0000000..e446aba
--- /dev/null
+++ b/ansible/roles/jitsi/tasks/main.yml
@@ -0,0 +1,15 @@
+- name: Create working directory
+  file:
+    path: /srv/jitsi
+    state: directory
+
+- name: Copy Docker stack file
+  copy:
+    src: "{{ role_path }}/docker-stack.yml"
+    dest: /srv/jitsi/docker-stack.yml
+
+- name: Deploy Docker stack
+  docker_stack:
+    name: jitsi
+    compose:
+      - /srv/jitsi/docker-stack.yml