5 files changed, 126 insertions, 30 deletions
diff --git a/dan/host_vars/ele-jitsi.yml b/dan/host_vars/ele-jitsi.yml
index 3ef1aa07..a97ec42a 100644
--- a/dan/host_vars/ele-jitsi.yml
+++ b/dan/host_vars/ele-jitsi.yml
@@ -1,20 +1,22 @@
 $ANSIBLE_VAULT;1.2;AES256;dan
-37376463653363343963386430623631633766653236303632303262363339666536346538613938
-3739343265623563333764383665653930323961346437630a356335306364306331353736613036
-62643965613432333332623235646365396431323265303862393836303531623039353233623433
-3736303336383538620a656338336565343661633563346637373037333435653062303262643236
-33323433323931656162336237396535363863316165336462643833303335656238306237383338
-37323062653334393565306661663033653531666562623130326537666536333339663932363066
-31633530343439373336366161333965393531393634663666333865353563343037343933626263
-34313935333839326439343837653531356664373566373038333432363163386262653636396537
-32323162346664663435626463333761373166386639313663626338316662626166666131633632
-31366231336339366363636639363233366162666330646234306134316262666363656136646463
-65393561336234376433313937363030366435366434663830326438656262636465363762663036
-38646230636564383364346238393765386565313430353037356134643330353138383262373733
-61626365353931383064343938353238316263313834366337623836343132313535643135396635
-33636165386530623839333834313338613536363466333261343161383737306437366561383238
-37666662663231316338623331613961353663343639623138363830623731306530633937346163
-37323834376631396636373831396539386233623464653039613737316561646332306365663662
-66393737333561376431393831316331653236386639366531613736386364616130323435353532
-37656461386463323465653737373038616537353435653665656137333764393865343630346335
-623437643137663136616261383763313264
+65396235316532653335326234663533333566343234613963356665343735353438326336306661
+3232376265623734393135363137343565646366383766650a373063663439313266633066656361
+32646335633534643536316631353764393061366363353162613533643338393461633166346133
+3962313836326438340a343531356237396536346437383934393838353232303632303735353230
+33363361323833626366613666636262336363306664363861613434626163303862366234373739
+30333065316264396532306666353863653533313139663766393934346337656133393362343565
+33616637633832653639346431373634373830623266326339326364313136316639363335626361
+39633131653762316266326538616239663833303664333131363665366638313736343165616439
+64383336353032366331333233623939626463656261393834653563373464366165323664396463
+66376431633965643261656231346666613163306639636431616139616466643137313931613833
+66323862646362616433393862633634656330313766396564396461646530363062616333616231
+38643036663961316139376635613039306362303635306265376435633662353066393633643435
+37386136666130363363396438386166363161393832646439323137616236303861643231353433
+39386134626533383964623731383938636632616435663335346561303061633535313266313336
+62303637616631653663386236396664363164303032333133313330303164346464666135623065
+61313131616335663531343364306462633732633766333838666333646133653965393033636663
+39613462653262343461616233323939623432386136643633623162633462376630656265373032
+65626266356562393237303338646461393030386464393835613566356334393663323462303237
+61666331653838363233626165636230646361393662666337323932643032343434386139363664
+63356235646230343265613163353534316264303237373830393832333937616535313233666639
+34353034636562633532616231633463633132376463646631363939323830616133
diff --git a/inventory/host_vars/ele-jitsi.yml b/inventory/host_vars/ele-jitsi.yml
index c3251ac0..80032c54 100644
--- a/inventory/host_vars/ele-jitsi.yml
+++ b/inventory/host_vars/ele-jitsi.yml
@@ -46,3 +46,7 @@ jitsi_meet_auth:
   enable_guests: yes
   users:
     operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}"
+
+jitsi_meet_streamui:
+  http_port: "{{ jitsi_meet_http_port + 1 }}"
+  image_tag: latest
diff --git a/roles/apps/jitsi/meet/defaults/main.yml b/roles/apps/jitsi/meet/defaults/main.yml
index 9f249f0e..2580fe15 100644
--- a/roles/apps/jitsi/meet/defaults/main.yml
+++ b/roles/apps/jitsi/meet/defaults/main.yml
@@ -17,8 +17,13 @@ jitsi_meet_timezone: Europe/Vienna
 #   jicofo_component_secret: "" ### only needed for versions older than stable-5765-1
 #   jicofo_auth_password: ""
 #   jvb_auth_password: ""
+#   streamuidisplay_auth_password: "" ### only needed if streamui is enabled
 
 # jitsi_meet_auth:
 #   enable_guests: true
 #   users:
 #     foo: secret
+
+# jitsi_meet_streamui:
+#   http_port: "{{ jitsi_meet_http_port + 1 }}"
+#   image_tag: latest
diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml
index b433a900..e83c789e 100644
--- a/roles/apps/jitsi/meet/tasks/main.yml
+++ b/roles/apps/jitsi/meet/tasks/main.yml
@@ -9,7 +9,37 @@
     path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/{{ item }}"
     state: directory
 
-- name: generate prosody cont-init.d script
+- name: generate stream-ui specific cont-init scripts
+  when: jitsi_meet_streamui is defined
+  block:
+  - name: generate stream-ui specific cont-init scripts for prosody
+    copy:
+      content: |
+        #!/usr/bin/with-contenv bash
+        cat << EOF > /config/conf.d/stream-ui.cfg.lua
+        VirtualHost "stream-ui.meet.jitsi"
+            modules_enabled = {
+              "ping";
+            }
+            authentication = "internal_hashed"
+        EOF
+        prosodyctl --config "/config/prosody.cfg.lua" register display stream-ui.meet.jitsi "{{ jitsi_meet_secrets.streamuidisplay_auth_password }}"
+      dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh"
+      mode: 0750
+
+  - name: generate stream-ui specific cont-init scripts for web
+    copy:
+      content: |
+        #!/usr/bin/with-contenv bash
+        cat << EOF >> /config/config.js
+
+        // Hide Stream-UI Displays
+        config.hiddenDomain = 'stream-ui.meet.jitsi';
+        EOF
+      dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/web/streamui.sh"
+      mode: 0755
+
+- name: generate generic prosody cont-init script
   copy:
     content: |
       #!/usr/bin/with-contenv bash
@@ -25,20 +55,52 @@
     dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
     mode: 0750
 
+
+- name: configure base pod config hash items
+  set_fact:
+    kubernetes_standalone_pod_config_hash_items_base:
+    - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
+      properties:
+      - checksum
+    kubernetes_standalone_pod_config_hash_items_streamui: []
+
+- name: configure stream-ui pod config hash items
+  when: jitsi_meet_streamui is defined
+  set_fact:
+    kubernetes_standalone_pod_config_hash_items_streamui:
+    - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh"
+      properties:
+      - checksum
+    - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh"
+      properties:
+      - checksum
+
 - name: install pod manifest
   vars:
     kubernetes_standalone_pod:
       name: "jitsi-meet-{{ jitsi_meet_inst_name }}"
       spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
       mode: "0600"
-      config_hash_items:
-      - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
-        properties:
-        - checksum
+      config_hash_items: "{{ kubernetes_standalone_pod_config_hash_items_base + kubernetes_standalone_pod_config_hash_items_streamui }}"
   include_role:
     name: kubernetes/standalone/pod
 
-## TODO: https://github.com/jitsi/jitsi-meet/blob/master/doc/turn.md
+
+- name: configure base http proxy locations
+  set_fact:
+    nginx_vhost_locations_base:
+      '/':
+        proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}"
+        extra_directives: |-
+          client_max_body_size 0;
+    nginx_vhost_locations_streamui: {}
+
+- name: configure stream-ui http proxy locations
+  when: jitsi_meet_streamui is defined
+  set_fact:
+    nginx_vhost_locations_streamui:
+      '/stream-ui/':
+        proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
 
 - name: configure nginx vhost
   vars:
@@ -48,10 +110,6 @@
       acme: true
       hostnames:
       - "{{ jitsi_meet_hostname }}"
-      locations:
-        '/':
-          proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}"
-          extra_directives: |-
-            client_max_body_size 0;
+      locations: "{{ nginx_vhost_locations_base | combine(nginx_vhost_locations_streamui) }}"
   include_role:
     name: nginx/vhost
diff --git a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
index 0d6905a0..95f49982 100644
--- a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
+++ b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
@@ -67,6 +67,12 @@ containers:
     subPath: prosody/cont-init.sh
     mountPath: /etc/cont-init.d/99-k8s
     readOnly: yes
+{% if jitsi_meet_streamui is defined %}
+  - name: scripts
+    subPath: prosody/streamui.sh
+    mountPath: /etc/cont-init.d/90-streamui
+    readOnly: yes
+{% endif %}
   - name: config
     subPath: prosody
     mountPath: /config
@@ -128,6 +134,12 @@ containers:
     hostPort: {{ jitsi_meet_http_port }}
     hostIP: 127.0.0.1
   volumeMounts:
+{% if jitsi_meet_streamui is defined %}
+  - name: scripts
+    subPath: web/streamui.sh
+    mountPath: /etc/cont-init.d/90-streamui
+    readOnly: yes
+{% endif %}
   - name: config
     subPath: web
     mountPath: /config
@@ -210,6 +222,21 @@ containers:
   - name: TZ
     value: {{ jitsi_meet_timezone }}
 
+{% if jitsi_meet_streamui is defined %}
+- name: stream-ui
+  image: "get.more.failed.systems/public_projects/jitsi-stream-ui:{{ jitsi_meet_streamui.image_tag }}"
+  resources:
+    requests:
+      memory: "256Mi"
+    limits:
+      memory: "1Gi"
+  ports:
+  - protocol: TCP
+    containerPort: 3000
+    hostPort: {{ jitsi_meet_streamui.http_port }}
+    hostIP: 127.0.0.1
+
+{% endif %}
 volumes:
 - name: scripts
   hostPath: