Role renamed

webapps/jitsimeet-docker/LISEZMOI.md

@@ -0,0 +1,47 @@
+jitsimeet-docker
+=====
+
+Ce rôle installe un serveur jitsimeet via docker-compose. 
+
+Notez qu'hormis le présent fichier LISEZMOI.md, tous les fichiers du rôle jitsimeet-docker sont rédigés en anglais afin de suivre les conventions de la communauté Ansible, favoriser sa réutilisation et son amélioration, etc. Libre à vous cependant de faire appel à ce role dans un playbook rédigé principalement en français ou toute autre langue.
+
+Requis
+------
+
+...
+
+Variables du rôle
+-----------------
+
+Plusieurs des valeurs par défaut dans defaults/main.yml doivent être changées soit directement dans defaults/main.yml ou mieux encore en les supplantant ailleurs, par exemple dans votre playbook (voir l'exemple ci-bas).
+
+Dépendances
+------------
+
+...
+
+Exemple de playbook
+-------------------
+
+```
+- name: "Déployer un serveur jitsimeet (via docker-compose)"
+  hosts: 
+    - all
+  vars:
+    # Supplanter ici les variables du rôle
+    domains: ['votre-vrai-domaine.org']
+    service: 'mon-jitsimeet'
+
+  roles:
+    - { role: webapps/jitsimeet-docker , tags: "jitsimeet-docker" }
+```
+
+Licence
+-------
+
+GPLv3
+
+Infos sur l'auteur
+------------------
+
+Mathieu Gauthier-Pilote, administrateur de systèmes chez Evolix.

webapps/jitsimeet-docker/README.md

@@ -0,0 +1,47 @@
+jitsimeet-docker
+=====
+
+This role installs or upgrades the server for jitsimeet (via docker-compose). 
+
+FRENCH: Voir le fichier LISEZMOI.md pour le français.
+
+Requirements
+------------
+
+...
+
+Role Variables
+--------------
+
+Several of the default values in defaults/main.yml must be changed either directly in defaults/main.yml or better even by overwriting them somewhere else, for example in your playbook (see the example below).
+
+Dependencies
+------------
+
+...
+
+Example Playbook
+----------------
+
+```
+- name: "Deploy a jitsimeet server (via docker_compose)"
+  hosts: 
+    - all
+  vars:
+    # Overwrite the role variables here
+    domains: ['your-real-domain.org']
+    service: 'my-jitsimeet'
+
+  roles:
+    - { role: webapps/jitsimeet-docker , tags: "jitsimeet-docker" }
+```
+
+License
+-------
+
+GPLv3
+
+Author Information
+------------------
+
+Mathieu Gauthier-Pilote, sys. admin. at Evolix.

webapps/jitsimeet-docker/defaults/main.yml

@@ -0,0 +1,18 @@
+---
+# defaults file for main vars
+
+version: "stable-8319" # 7 March 2023
+version_old: "stable-8252" # used by jitsimeet/tasks/upgrade.yml
+unix_user: "jitsi_user362"
+config_dirs: "['~/.jitsi-meet-cfg/web', '~/.jitsi-meet-cfg/web/letsencrypt', '~/.jitsi-meet-cfg/transcripts', '~/.jitsi-meet-cfg/prosody', '~/.jitsi-meet-cfg/prosody/config', '~/.jitsi-meet-cfg/prosody/prosody-plugins-custom', '~/.jitsi-meet-cfg/jicofo', '~/.jitsi-meet-cfg/jvb', '~/.jitsi-meet-cfg/jigasi', '~/.jitsi-meet-cfg/jibri']"
+
+# Variables for the Jitsi Meet docker-compose .env du projet 
+http_port: "80"
+https_port: "443"
+time_zone: "UTC"
+public_url: "https://jitsi.mydomain.net"
+letsencrypt: "1"
+letsencrypt_domain: "jitsi.mydomain.net"
+letsencrypt_email: "somename@mmydomain.net"
+http_redir: "1"
+hsts: "1"

webapps/jitsimeet-docker/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file

webapps/jitsimeet-docker/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Mathieu Gauthier-Pilote
+  description: sys. admin.
+  company: Evolix
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license GPL-3.0-only
+
+  min_ansible_version: 2.10
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

webapps/jitsimeet-docker/tasks/main.yml

@@ -0,0 +1,52 @@
+---
+# tasks file for jitsimeet install
+
+- name: "Add unix user for docker/docker-compose"
+  user:
+    name: "{{ unix_user }}"
+    groups: docker
+    home: "/var/opt/{{ unix_user }}"
+    shell: /bin/bash
+#    umask: "0022" requires ansible-core 2.12
+    append: yes
+
+#- name: "Set the value of umask for unix user"
+#  lineinfile:
+#    path: "/var/opt/{{ unix_user }}/.profile"
+#    regexp: '^#umask'
+#    line: umask 022
+    
+- name: "Download and uncompress Docker Compose project for Jitsi Meet"
+  unarchive: 
+    src: "https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/{{ version }}.tar.gz"
+    dest: "/var/opt/{{ unix_user }}"
+    remote_src: yes
+  become_user: "{{ unix_user }}"
+
+- name: "Template .env for Jitsi Meet's Docker Compose project"
+  template:
+    src: "env.j2"
+    dest: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/.env"
+    owner: "{{ unix_user }}"
+    group: "{{ unix_user }}"
+    mode: '644'
+
+- name: "(Re)generate strong passwords using dev provided script"
+  command: ./gen-passwords.sh
+  args:
+    chdir: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/"
+  become_user: "{{ unix_user }}"
+
+- name: "Add required config directories" 
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '755'
+  loop: "{{ config_dirs }}"
+  become_user: "{{ unix_user }}"
+
+- name: "Start services via docker-compose"
+  docker_compose:
+    project_src: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}"
+    state: present
+  become_user: "{{ unix_user }}"

webapps/jitsimeet-docker/tasks/upgrade.yml

@@ -0,0 +1,35 @@
+---
+# tasks file for jitsimeet upgrade
+
+- name: "Stop running services via docker-compose"
+  docker_compose:
+    project_src: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version_old }}"
+    state: absent
+  become_user: "{{ unix_user }}"
+
+- name: "Download and uncompress new Docker Compose project for Jitsi Meet"
+  unarchive: 
+    src: "https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/{{ version }}.tar.gz"
+    dest: "/var/opt/{{ unix_user }}"
+    remote_src: yes
+  become_user: "{{ unix_user }}"
+
+- name: "Template .env for Jitsi Meet's Docker Compose project"
+  template:
+    src: "env.j2"
+    dest: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/.env"
+    owner: "{{ unix_user }}"
+    group: "{{ unix_user }}"
+    mode: '644'
+
+- name: "(Re)generate strong passwords using dev provided script"
+  command: ./gen-passwords.sh
+  args:
+    chdir: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/"
+  become_user: "{{ unix_user }}"
+  
+- name: "Start services via docker-compose"
+  docker_compose:
+    project_src: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}"
+    state: present
+  become_user: "{{ unix_user }}"

webapps/jitsimeet-docker/templates/env.j2

@@ -0,0 +1,232 @@
+# shellcheck disable=SC2034
+
+################################################################################
+################################################################################
+# Welcome to the Jitsi Meet Docker setup!
+#
+# This sample .env file contains some basic options to get you started.
+# The full options reference can be found here:
+# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
+################################################################################
+################################################################################
+
+
+#
+# Basic configuration options
+#
+
+# Directory where all configuration will be stored
+CONFIG=~/.jitsi-meet-cfg
+
+# Exposed HTTP port
+HTTP_PORT={{ http_port }}
+
+# Exposed HTTPS port
+HTTPS_PORT={{ https_port }}
+
+# System time zone
+TZ={{ time_zone }}
+
+# Public URL for the web service (required)
+PUBLIC_URL={{ public_url }}
+
+# Media IP addresses to advertise by the JVB
+# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
+# See the "Running behind NAT or on a LAN environment" section in the Handbook:
+# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
+#JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4
+
+
+#
+# JaaS Components (beta)
+# https://jaas.8x8.vc
+#
+
+# Enable JaaS Components (hosted Jigasi)
+# NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL
+#ENABLE_JAAS_COMPONENTS=0
+
+#
+# Let's Encrypt configuration
+#
+
+# Enable Let's Encrypt certificate generation
+ENABLE_LETSENCRYPT={{ letsencrypt }}
+
+# Domain for which to generate the certificate
+LETSENCRYPT_DOMAIN={{ letsencrypt_domain }}
+
+# E-Mail for receiving important account notifications (mandatory)
+LETSENCRYPT_EMAIL={{ letsencrypt_email }}
+
+# Use the staging server (for avoiding rate limits while testing)
+#LETSENCRYPT_USE_STAGING=1
+
+
+#
+# Etherpad integration (for document sharing)
+#
+
+# Set etherpad-lite URL in docker local network (uncomment to enable)
+#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
+
+# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
+#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
+
+# Name your etherpad instance!
+ETHERPAD_TITLE=Video Chat
+
+# The default text of a pad
+ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
+
+# Name of the skin for etherpad
+ETHERPAD_SKIN_NAME=colibris
+
+# Skin variants for etherpad
+ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
+
+
+#
+# Basic Jigasi configuration options (needed for SIP gateway support)
+#
+
+# SIP URI for incoming / outgoing calls
+#JIGASI_SIP_URI=test@sip2sip.info
+
+# Password for the specified SIP account as a clear text
+#JIGASI_SIP_PASSWORD=passw0rd
+
+# SIP server (use the SIP account domain if in doubt)
+#JIGASI_SIP_SERVER=sip2sip.info
+
+# SIP server port
+#JIGASI_SIP_PORT=5060
+
+# SIP server transport
+#JIGASI_SIP_TRANSPORT=UDP
+
+
+#
+# Authentication configuration (see handbook for details)
+#
+
+# Enable authentication
+#ENABLE_AUTH=1
+
+# Enable guest access
+#ENABLE_GUESTS=1
+
+# Select authentication type: internal, jwt, ldap or matrix
+#AUTH_TYPE=internal
+
+# JWT authentication
+#
+
+# Application identifier
+#JWT_APP_ID=my_jitsi_app_id
+
+# Application secret known only to your token generator
+#JWT_APP_SECRET=my_jitsi_app_secret
+
+# (Optional) Set asap_accepted_issuers as a comma separated list
+#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
+
+# (Optional) Set asap_accepted_audiences as a comma separated list
+#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
+
+# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
+#
+
+# LDAP url for connection
+#LDAP_URL=ldaps://ldap.domain.com/
+
+# LDAP base DN. Can be empty
+#LDAP_BASE=DC=example,DC=domain,DC=com
+
+# LDAP user DN. Do not specify this parameter for the anonymous bind
+#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
+
+# LDAP user password. Do not specify this parameter for the anonymous bind
+#LDAP_BINDPW=LdapUserPassw0rd
+
+# LDAP filter. Tokens example:
+# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
+# %s - %s is replaced by the complete service string
+# %r - %r is replaced by the complete realm string
+#LDAP_FILTER=(sAMAccountName=%u)
+
+# LDAP authentication method
+#LDAP_AUTH_METHOD=bind
+
+# LDAP version
+#LDAP_VERSION=3
+
+# LDAP TLS using
+#LDAP_USE_TLS=1
+
+# List of SSL/TLS ciphers to allow
+#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
+
+# Require and verify server certificate
+#LDAP_TLS_CHECK_PEER=1
+
+# Path to CA cert file. Used when server certificate verify is enabled
+#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
+# Path to CA certs directory. Used when server certificate verify is enabled
+#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
+
+# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
+# LDAP_START_TLS=1
+
+
+#
+# Security
+#
+# Set these to strong passwords to avoid intruders from impersonating a service account
+# The service(s) won't start unless these are specified
+# Running ./gen-passwords.sh will update .env with strong passwords
+# You may skip the Jigasi and Jibri passwords if you are not using those
+# DO NOT reuse passwords
+#
+
+# XMPP password for Jicofo client connections
+JICOFO_AUTH_PASSWORD=
+
+# XMPP password for JVB client connections
+JVB_AUTH_PASSWORD=
+
+# XMPP password for Jigasi MUC client connections
+JIGASI_XMPP_PASSWORD=
+
+# XMPP recorder password for Jibri client connections
+JIBRI_RECORDER_PASSWORD=
+
+# XMPP password for Jibri client connections
+JIBRI_XMPP_PASSWORD=
+
+#
+# HTTPS, HSTS
+#
+
+# Disable HTTPS: handle TLS connections outside of this setup
+#DISABLE_HTTPS=1
+
+# Redirect HTTP traffic to HTTPS
+# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
+ENABLE_HTTP_REDIRECT={{ http_redir }}
+
+# Send a `strict-transport-security` header to force browsers to use
+# a secure and trusted connection. Recommended for production use.
+# Defaults to 1 (send the header).
+ENABLE_HSTS={{ hsts }}
+
+#
+# Docker Compose options
+#
+
+# Container restart policy
+#RESTART_POLICY=unless-stopped
+
+# Jitsi image version (useful for local development)
+#JITSI_IMAGE_VERSION=latest

webapps/jitsimeet-docker/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

webapps/jitsimeet-docker/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - jitsimeet-docker

webapps/jitsimeet-docker/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file