Compare commits
5 commits
stable
...
jitsimeet_
Author | SHA1 | Date | |
---|---|---|---|
418031339c | |||
3f675712be | |||
870f54de11 | |||
745cc82003 | |||
c72bf2ac9e |
47
webapps/jitsimeet-docker/LISEZMOI.md
Normal file
47
webapps/jitsimeet-docker/LISEZMOI.md
Normal file
|
@ -0,0 +1,47 @@
|
|||
jitsimeet-docker
|
||||
=====
|
||||
|
||||
Ce rôle installe un serveur jitsimeet via docker-compose.
|
||||
|
||||
Notez qu'hormis le présent fichier LISEZMOI.md, tous les fichiers du rôle jitsimeet-docker sont rédigés en anglais afin de suivre les conventions de la communauté Ansible, favoriser sa réutilisation et son amélioration, etc. Libre à vous cependant de faire appel à ce role dans un playbook rédigé principalement en français ou toute autre langue.
|
||||
|
||||
Requis
|
||||
------
|
||||
|
||||
...
|
||||
|
||||
Variables du rôle
|
||||
-----------------
|
||||
|
||||
Plusieurs des valeurs par défaut dans defaults/main.yml doivent être changées soit directement dans defaults/main.yml ou mieux encore en les supplantant ailleurs, par exemple dans votre playbook (voir l'exemple ci-bas).
|
||||
|
||||
Dépendances
|
||||
------------
|
||||
|
||||
...
|
||||
|
||||
Exemple de playbook
|
||||
-------------------
|
||||
|
||||
```
|
||||
- name: "Déployer un serveur jitsimeet (via docker-compose)"
|
||||
hosts:
|
||||
- all
|
||||
vars:
|
||||
# Supplanter ici les variables du rôle
|
||||
domains: ['votre-vrai-domaine.org']
|
||||
service: 'mon-jitsimeet'
|
||||
|
||||
roles:
|
||||
- { role: webapps/jitsimeet-docker , tags: "jitsimeet-docker" }
|
||||
```
|
||||
|
||||
Licence
|
||||
-------
|
||||
|
||||
GPLv3
|
||||
|
||||
Infos sur l'auteur
|
||||
------------------
|
||||
|
||||
Mathieu Gauthier-Pilote, administrateur de systèmes chez Evolix.
|
47
webapps/jitsimeet-docker/README.md
Normal file
47
webapps/jitsimeet-docker/README.md
Normal file
|
@ -0,0 +1,47 @@
|
|||
jitsimeet-docker
|
||||
=====
|
||||
|
||||
This role installs or upgrades the server for jitsimeet (via docker-compose).
|
||||
|
||||
FRENCH: Voir le fichier LISEZMOI.md pour le français.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
...
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
Several of the default values in defaults/main.yml must be changed either directly in defaults/main.yml or better even by overwriting them somewhere else, for example in your playbook (see the example below).
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
...
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
```
|
||||
- name: "Deploy a jitsimeet server (via docker_compose)"
|
||||
hosts:
|
||||
- all
|
||||
vars:
|
||||
# Overwrite the role variables here
|
||||
domains: ['your-real-domain.org']
|
||||
service: 'my-jitsimeet'
|
||||
|
||||
roles:
|
||||
- { role: webapps/jitsimeet-docker , tags: "jitsimeet-docker" }
|
||||
```
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
GPLv3
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
Mathieu Gauthier-Pilote, sys. admin. at Evolix.
|
18
webapps/jitsimeet-docker/defaults/main.yml
Normal file
18
webapps/jitsimeet-docker/defaults/main.yml
Normal file
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
# defaults file for main vars
|
||||
|
||||
version: "stable-8319" # 7 March 2023
|
||||
version_old: "stable-8252" # used by jitsimeet/tasks/upgrade.yml
|
||||
unix_user: "jitsi_user362"
|
||||
config_dirs: "['~/.jitsi-meet-cfg/web', '~/.jitsi-meet-cfg/web/letsencrypt', '~/.jitsi-meet-cfg/transcripts', '~/.jitsi-meet-cfg/prosody', '~/.jitsi-meet-cfg/prosody/config', '~/.jitsi-meet-cfg/prosody/prosody-plugins-custom', '~/.jitsi-meet-cfg/jicofo', '~/.jitsi-meet-cfg/jvb', '~/.jitsi-meet-cfg/jigasi', '~/.jitsi-meet-cfg/jibri']"
|
||||
|
||||
# Variables for the Jitsi Meet docker-compose .env du projet
|
||||
http_port: "80"
|
||||
https_port: "443"
|
||||
time_zone: "UTC"
|
||||
public_url: "https://jitsi.mydomain.net"
|
||||
letsencrypt: "1"
|
||||
letsencrypt_domain: "jitsi.mydomain.net"
|
||||
letsencrypt_email: "somename@mmydomain.net"
|
||||
http_redir: "1"
|
||||
hsts: "1"
|
2
webapps/jitsimeet-docker/handlers/main.yml
Normal file
2
webapps/jitsimeet-docker/handlers/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# handlers file
|
52
webapps/jitsimeet-docker/meta/main.yml
Normal file
52
webapps/jitsimeet-docker/meta/main.yml
Normal file
|
@ -0,0 +1,52 @@
|
|||
galaxy_info:
|
||||
author: Mathieu Gauthier-Pilote
|
||||
description: sys. admin.
|
||||
company: Evolix
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license GPL-3.0-only
|
||||
|
||||
min_ansible_version: 2.10
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
52
webapps/jitsimeet-docker/tasks/main.yml
Normal file
52
webapps/jitsimeet-docker/tasks/main.yml
Normal file
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
# tasks file for jitsimeet install
|
||||
|
||||
- name: "Add unix user for docker/docker-compose"
|
||||
user:
|
||||
name: "{{ unix_user }}"
|
||||
groups: docker
|
||||
home: "/var/opt/{{ unix_user }}"
|
||||
shell: /bin/bash
|
||||
# umask: "0022" requires ansible-core 2.12
|
||||
append: yes
|
||||
|
||||
#- name: "Set the value of umask for unix user"
|
||||
# lineinfile:
|
||||
# path: "/var/opt/{{ unix_user }}/.profile"
|
||||
# regexp: '^#umask'
|
||||
# line: umask 022
|
||||
|
||||
- name: "Download and uncompress Docker Compose project for Jitsi Meet"
|
||||
unarchive:
|
||||
src: "https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/{{ version }}.tar.gz"
|
||||
dest: "/var/opt/{{ unix_user }}"
|
||||
remote_src: yes
|
||||
become_user: "{{ unix_user }}"
|
||||
|
||||
- name: "Template .env for Jitsi Meet's Docker Compose project"
|
||||
template:
|
||||
src: "env.j2"
|
||||
dest: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/.env"
|
||||
owner: "{{ unix_user }}"
|
||||
group: "{{ unix_user }}"
|
||||
mode: '644'
|
||||
|
||||
- name: "(Re)generate strong passwords using dev provided script"
|
||||
command: ./gen-passwords.sh
|
||||
args:
|
||||
chdir: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/"
|
||||
become_user: "{{ unix_user }}"
|
||||
|
||||
- name: "Add required config directories"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: '755'
|
||||
loop: "{{ config_dirs }}"
|
||||
become_user: "{{ unix_user }}"
|
||||
|
||||
- name: "Start services via docker-compose"
|
||||
docker_compose:
|
||||
project_src: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}"
|
||||
state: present
|
||||
become_user: "{{ unix_user }}"
|
35
webapps/jitsimeet-docker/tasks/upgrade.yml
Normal file
35
webapps/jitsimeet-docker/tasks/upgrade.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
# tasks file for jitsimeet upgrade
|
||||
|
||||
- name: "Stop running services via docker-compose"
|
||||
docker_compose:
|
||||
project_src: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version_old }}"
|
||||
state: absent
|
||||
become_user: "{{ unix_user }}"
|
||||
|
||||
- name: "Download and uncompress new Docker Compose project for Jitsi Meet"
|
||||
unarchive:
|
||||
src: "https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/{{ version }}.tar.gz"
|
||||
dest: "/var/opt/{{ unix_user }}"
|
||||
remote_src: yes
|
||||
become_user: "{{ unix_user }}"
|
||||
|
||||
- name: "Template .env for Jitsi Meet's Docker Compose project"
|
||||
template:
|
||||
src: "env.j2"
|
||||
dest: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/.env"
|
||||
owner: "{{ unix_user }}"
|
||||
group: "{{ unix_user }}"
|
||||
mode: '644'
|
||||
|
||||
- name: "(Re)generate strong passwords using dev provided script"
|
||||
command: ./gen-passwords.sh
|
||||
args:
|
||||
chdir: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}/"
|
||||
become_user: "{{ unix_user }}"
|
||||
|
||||
- name: "Start services via docker-compose"
|
||||
docker_compose:
|
||||
project_src: "/var/opt/{{ unix_user }}/docker-jitsi-meet-{{ version }}"
|
||||
state: present
|
||||
become_user: "{{ unix_user }}"
|
232
webapps/jitsimeet-docker/templates/env.j2
Normal file
232
webapps/jitsimeet-docker/templates/env.j2
Normal file
|
@ -0,0 +1,232 @@
|
|||
# shellcheck disable=SC2034
|
||||
|
||||
################################################################################
|
||||
################################################################################
|
||||
# Welcome to the Jitsi Meet Docker setup!
|
||||
#
|
||||
# This sample .env file contains some basic options to get you started.
|
||||
# The full options reference can be found here:
|
||||
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
|
||||
################################################################################
|
||||
################################################################################
|
||||
|
||||
|
||||
#
|
||||
# Basic configuration options
|
||||
#
|
||||
|
||||
# Directory where all configuration will be stored
|
||||
CONFIG=~/.jitsi-meet-cfg
|
||||
|
||||
# Exposed HTTP port
|
||||
HTTP_PORT={{ http_port }}
|
||||
|
||||
# Exposed HTTPS port
|
||||
HTTPS_PORT={{ https_port }}
|
||||
|
||||
# System time zone
|
||||
TZ={{ time_zone }}
|
||||
|
||||
# Public URL for the web service (required)
|
||||
PUBLIC_URL={{ public_url }}
|
||||
|
||||
# Media IP addresses to advertise by the JVB
|
||||
# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
|
||||
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
|
||||
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
|
||||
#JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4
|
||||
|
||||
|
||||
#
|
||||
# JaaS Components (beta)
|
||||
# https://jaas.8x8.vc
|
||||
#
|
||||
|
||||
# Enable JaaS Components (hosted Jigasi)
|
||||
# NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL
|
||||
#ENABLE_JAAS_COMPONENTS=0
|
||||
|
||||
#
|
||||
# Let's Encrypt configuration
|
||||
#
|
||||
|
||||
# Enable Let's Encrypt certificate generation
|
||||
ENABLE_LETSENCRYPT={{ letsencrypt }}
|
||||
|
||||
# Domain for which to generate the certificate
|
||||
LETSENCRYPT_DOMAIN={{ letsencrypt_domain }}
|
||||
|
||||
# E-Mail for receiving important account notifications (mandatory)
|
||||
LETSENCRYPT_EMAIL={{ letsencrypt_email }}
|
||||
|
||||
# Use the staging server (for avoiding rate limits while testing)
|
||||
#LETSENCRYPT_USE_STAGING=1
|
||||
|
||||
|
||||
#
|
||||
# Etherpad integration (for document sharing)
|
||||
#
|
||||
|
||||
# Set etherpad-lite URL in docker local network (uncomment to enable)
|
||||
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
|
||||
|
||||
# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
|
||||
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
|
||||
|
||||
# Name your etherpad instance!
|
||||
ETHERPAD_TITLE=Video Chat
|
||||
|
||||
# The default text of a pad
|
||||
ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
|
||||
|
||||
# Name of the skin for etherpad
|
||||
ETHERPAD_SKIN_NAME=colibris
|
||||
|
||||
# Skin variants for etherpad
|
||||
ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
|
||||
|
||||
|
||||
#
|
||||
# Basic Jigasi configuration options (needed for SIP gateway support)
|
||||
#
|
||||
|
||||
# SIP URI for incoming / outgoing calls
|
||||
#JIGASI_SIP_URI=test@sip2sip.info
|
||||
|
||||
# Password for the specified SIP account as a clear text
|
||||
#JIGASI_SIP_PASSWORD=passw0rd
|
||||
|
||||
# SIP server (use the SIP account domain if in doubt)
|
||||
#JIGASI_SIP_SERVER=sip2sip.info
|
||||
|
||||
# SIP server port
|
||||
#JIGASI_SIP_PORT=5060
|
||||
|
||||
# SIP server transport
|
||||
#JIGASI_SIP_TRANSPORT=UDP
|
||||
|
||||
|
||||
#
|
||||
# Authentication configuration (see handbook for details)
|
||||
#
|
||||
|
||||
# Enable authentication
|
||||
#ENABLE_AUTH=1
|
||||
|
||||
# Enable guest access
|
||||
#ENABLE_GUESTS=1
|
||||
|
||||
# Select authentication type: internal, jwt, ldap or matrix
|
||||
#AUTH_TYPE=internal
|
||||
|
||||
# JWT authentication
|
||||
#
|
||||
|
||||
# Application identifier
|
||||
#JWT_APP_ID=my_jitsi_app_id
|
||||
|
||||
# Application secret known only to your token generator
|
||||
#JWT_APP_SECRET=my_jitsi_app_secret
|
||||
|
||||
# (Optional) Set asap_accepted_issuers as a comma separated list
|
||||
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
|
||||
|
||||
# (Optional) Set asap_accepted_audiences as a comma separated list
|
||||
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
|
||||
|
||||
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
|
||||
#
|
||||
|
||||
# LDAP url for connection
|
||||
#LDAP_URL=ldaps://ldap.domain.com/
|
||||
|
||||
# LDAP base DN. Can be empty
|
||||
#LDAP_BASE=DC=example,DC=domain,DC=com
|
||||
|
||||
# LDAP user DN. Do not specify this parameter for the anonymous bind
|
||||
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
|
||||
|
||||
# LDAP user password. Do not specify this parameter for the anonymous bind
|
||||
#LDAP_BINDPW=LdapUserPassw0rd
|
||||
|
||||
# LDAP filter. Tokens example:
|
||||
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
|
||||
# %s - %s is replaced by the complete service string
|
||||
# %r - %r is replaced by the complete realm string
|
||||
#LDAP_FILTER=(sAMAccountName=%u)
|
||||
|
||||
# LDAP authentication method
|
||||
#LDAP_AUTH_METHOD=bind
|
||||
|
||||
# LDAP version
|
||||
#LDAP_VERSION=3
|
||||
|
||||
# LDAP TLS using
|
||||
#LDAP_USE_TLS=1
|
||||
|
||||
# List of SSL/TLS ciphers to allow
|
||||
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
|
||||
|
||||
# Require and verify server certificate
|
||||
#LDAP_TLS_CHECK_PEER=1
|
||||
|
||||
# Path to CA cert file. Used when server certificate verify is enabled
|
||||
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
# Path to CA certs directory. Used when server certificate verify is enabled
|
||||
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
|
||||
|
||||
# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
|
||||
# LDAP_START_TLS=1
|
||||
|
||||
|
||||
#
|
||||
# Security
|
||||
#
|
||||
# Set these to strong passwords to avoid intruders from impersonating a service account
|
||||
# The service(s) won't start unless these are specified
|
||||
# Running ./gen-passwords.sh will update .env with strong passwords
|
||||
# You may skip the Jigasi and Jibri passwords if you are not using those
|
||||
# DO NOT reuse passwords
|
||||
#
|
||||
|
||||
# XMPP password for Jicofo client connections
|
||||
JICOFO_AUTH_PASSWORD=
|
||||
|
||||
# XMPP password for JVB client connections
|
||||
JVB_AUTH_PASSWORD=
|
||||
|
||||
# XMPP password for Jigasi MUC client connections
|
||||
JIGASI_XMPP_PASSWORD=
|
||||
|
||||
# XMPP recorder password for Jibri client connections
|
||||
JIBRI_RECORDER_PASSWORD=
|
||||
|
||||
# XMPP password for Jibri client connections
|
||||
JIBRI_XMPP_PASSWORD=
|
||||
|
||||
#
|
||||
# HTTPS, HSTS
|
||||
#
|
||||
|
||||
# Disable HTTPS: handle TLS connections outside of this setup
|
||||
#DISABLE_HTTPS=1
|
||||
|
||||
# Redirect HTTP traffic to HTTPS
|
||||
# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
|
||||
ENABLE_HTTP_REDIRECT={{ http_redir }}
|
||||
|
||||
# Send a `strict-transport-security` header to force browsers to use
|
||||
# a secure and trusted connection. Recommended for production use.
|
||||
# Defaults to 1 (send the header).
|
||||
ENABLE_HSTS={{ hsts }}
|
||||
|
||||
#
|
||||
# Docker Compose options
|
||||
#
|
||||
|
||||
# Container restart policy
|
||||
#RESTART_POLICY=unless-stopped
|
||||
|
||||
# Jitsi image version (useful for local development)
|
||||
#JITSI_IMAGE_VERSION=latest
|
2
webapps/jitsimeet-docker/tests/inventory
Normal file
2
webapps/jitsimeet-docker/tests/inventory
Normal file
|
@ -0,0 +1,2 @@
|
|||
localhost
|
||||
|
5
webapps/jitsimeet-docker/tests/test.yml
Normal file
5
webapps/jitsimeet-docker/tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- jitsimeet-docker
|
2
webapps/jitsimeet-docker/vars/main.yml
Normal file
2
webapps/jitsimeet-docker/vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# vars file
|
Loading…
Reference in a new issue