roles/apps/jitsi/meet/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

---
- name: create jitsi-meet scripts subdirectories
  loop:
  - jicofo
  - prosody
  - web
  - jvb
  file:
    path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/{{ item }}"
    state: directory

- name: generate stream-ui specific cont-init scripts
  when: jitsi_meet_streamui is defined
  block:
  - name: generate stream-ui specific cont-init scripts for prosody
    copy:
      content: |
        #!/usr/bin/with-contenv bash
        cat << EOF > /config/conf.d/stream-ui.cfg.lua
        VirtualHost "stream-ui.meet.jitsi"
            modules_enabled = {
              "ping";
            }
            authentication = "internal_hashed"
        EOF
        prosodyctl --config "/config/prosody.cfg.lua" register display stream-ui.meet.jitsi "{{ jitsi_meet_secrets.streamuidisplay_auth_password }}"
      dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh"
      mode: 0750

  - name: generate stream-ui specific cont-init scripts for web
    copy:
      content: |
        #!/usr/bin/with-contenv bash
        cat << EOF >> /config/config.js

        // Hide Stream-UI Displays
        config.hiddenDomain = 'stream-ui.meet.jitsi';
        EOF
      dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/web/streamui.sh"
      mode: 0755

- name: generate generic prosody cont-init script
  copy:
    content: |
      #!/usr/bin/with-contenv bash
      sed -e 's#^\(component_interface\s*=\)#-- \1#g' -i /config/prosody.cfg.lua
      {% if jitsi_meet_auth is defined %}

      echo "authentication enabled:"
      {%   for username, password in jitsi_meet_auth.users.items() %}
      echo " * registering user: {{ username }}"
      prosodyctl --config "/config/prosody.cfg.lua" register "{{ username }}" $XMPP_DOMAIN "{{ password }}"
      {%   endfor %}
      {% endif %}
    dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
    mode: 0750


- name: configure base pod config hash items
  set_fact:
    kubernetes_standalone_pod_config_hash_items_base:
    - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
      properties:
      - checksum
    kubernetes_standalone_pod_config_hash_items_streamui: []

- name: configure stream-ui pod config hash items
  when: jitsi_meet_streamui is defined
  set_fact:
    kubernetes_standalone_pod_config_hash_items_streamui:
    - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh"
      properties:
      - checksum
    - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh"
      properties:
      - checksum

- name: install pod manifest
  vars:
    kubernetes_standalone_pod:
      name: "jitsi-meet-{{ jitsi_meet_inst_name }}"
      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
      mode: "0600"
      config_hash_items: "{{ kubernetes_standalone_pod_config_hash_items_base + kubernetes_standalone_pod_config_hash_items_streamui }}"
  include_role:
    name: kubernetes/standalone/pod


- name: configure base http proxy locations
  set_fact:
    nginx_vhost_locations_base:
      '/':
        proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}"
        extra_directives: |-
          client_max_body_size 0;
    nginx_vhost_locations_streamui: {}

- name: configure stream-ui http proxy locations
  when: jitsi_meet_streamui is defined
  block:
  - name: generate basic auth password file for stream-ui
    when: "'http_auth' in jitsi_meet_streamui"
    vars:
      nginx_auth_basic_filename: "jitsi-meet-{{ jitsi_meet_inst_name }}-streamui"
      nginx_auth_basic_users: "{{ jitsi_meet_streamui.http_auth }}"
    include_role:
      name: nginx/auth/basic

  - name: set stream-ui vhost config with authentication
    when: "'http_auth' in jitsi_meet_streamui"
    set_fact:
      nginx_vhost_locations_streamui:
        '/stream-ui/':
          proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
          extra_directives: |-
            auth_basic "Jitsi Stream-UI";
            auth_basic_user_file /etc/nginx/auth/jitsi-meet-{{ jitsi_meet_inst_name }}-streamui.htpasswd;

  - name: set stream-ui vhost config without authentication
    when: "'http_auth' not in jitsi_meet_streamui"
    set_fact:
      nginx_vhost_locations_streamui:
        '/stream-ui/':
          proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"

- name: configure nginx vhost
  vars:
    nginx_vhost:
      name: "jitsi-meet-{{ jitsi_meet_inst_name }}"
      template: generic-proxy-no-buffering-with-acme
      acme: true
      hostnames:
      - "{{ jitsi_meet_hostname }}"
      locations: "{{ nginx_vhost_locations_base | combine(nginx_vhost_locations_streamui) }}"
  include_role:
    name: nginx/vhost