blob: dab48eac41b4014a548af473b741cf2f72be825c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
---
- name: prepare storage volume
vars:
storage_volume: "{{ jitsi_meet_storage }}"
include_role:
name: "storage/{{ jitsi_meet_storage.type }}/volume"
- set_fact:
jitsi_meet_basepath: "{{ storage_volume_mountpoint }}"
- name: create jitsi-meet scripts subdirectories
loop:
- jicofo
- prosody
- web
- jvb
file:
path: "{{ jitsi_meet_basepath }}/{{ jitsi_meet_inst_name }}/scripts/{{ item }}"
state: directory
- name: configure base pod config hash items
set_fact:
kubernetes_standalone_pod_config_hash_items_base:
- path: "{{ jitsi_meet_basepath }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
properties:
- checksum
kubernetes_standalone_pod_config_hash_items_streamui: []
kubernetes_standalone_pod_config_hash_items_jvb_conf_extra: []
- name: generate generic prosody cont-init script
copy:
content: |
#!/usr/bin/with-contenv bash
sed -e 's#^\(component_interface\s*=\)#-- \1#g' -i /config/prosody.cfg.lua
{% if jitsi_meet_auth is defined %}
echo "authentication enabled:"
{% for username, password in jitsi_meet_auth.users.items() %}
echo " * registering user: {{ username }}"
prosodyctl --config "/config/prosody.cfg.lua" register "{{ username }}" $XMPP_DOMAIN "{{ password }}"
{% endfor %}
{% endif %}
dest: "{{ jitsi_meet_basepath }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
mode: 0750
- name: generate stream-ui specific cont-init scripts
when: jitsi_meet_streamui is defined
block:
- name: generate stream-ui specific cont-init scripts for prosody
copy:
content: |
#!/usr/bin/with-contenv bash
cat << EOF > /config/conf.d/stream-ui.cfg.lua
VirtualHost "stream-ui.meet.jitsi"
modules_enabled = {
"ping";
}
authentication = "internal_hashed"
EOF
prosodyctl --config "/config/prosody.cfg.lua" register display stream-ui.meet.jitsi "{{ jitsi_meet_secrets.streamuidisplay_auth_password }}"
dest: "{{ jitsi_meet_basepath }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh"
mode: 0750
- name: generate stream-ui specific cont-init scripts for web
copy:
content: |
#!/usr/bin/with-contenv bash
cat << EOF >> /config/config.js
// Hide Stream-UI Displays
config.hiddenDomain = 'stream-ui.meet.jitsi';
EOF
dest: "{{ jitsi_meet_basepath }}/{{ jitsi_meet_inst_name }}/scripts/web/streamui.sh"
mode: 0755
- name: configure stream-ui pod config hash items
set_fact:
kubernetes_standalone_pod_config_hash_items_streamui:
- path: "{{ jitsi_meet_basepath }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh"
properties:
- checksum
- path: "{{ jitsi_meet_basepath }}/{{ jitsi_meet_inst_name }}/scripts/web/streamui.sh"
properties:
- checksum
- name: generate jvb cont-init script for extra config snippet
when: jitsi_meet_jvb_config_extra is defined
block:
- name: add jvb extra config snippet to cont-init script of jvb
copy:
content: |
#!/usr/bin/with-contenv bash
cat << EOF >> /config/jvb.conf
{{ jitsi_meet_jvb_config_extra }}
EOF
dest: "{{ jitsi_meet_basepath }}/{{ jitsi_meet_inst_name }}/scripts/jvb/cont-init.sh"
mode: 0750
- name: configure jvb extra config pod config hash items
set_fact:
kubernetes_standalone_pod_config_hash_items_jvb_conf_extra:
- path: "{{ jitsi_meet_basepath }}/{{ jitsi_meet_inst_name }}/scripts/jvb/cont-init.sh"
properties:
- checksum
- name: install pod manifest
vars:
kubernetes_standalone_pod:
name: "jitsi-meet-{{ jitsi_meet_inst_name }}"
spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
mode: "0600"
config_hash_items: "{{ kubernetes_standalone_pod_config_hash_items_base + kubernetes_standalone_pod_config_hash_items_streamui + kubernetes_standalone_pod_config_hash_items_jvb_conf_extra }}"
include_role:
name: kubernetes/standalone/pod
- name: configure base http proxy locations
set_fact:
nginx_vhost_locations_base:
'/':
proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}"
extra_directives: |-
client_max_body_size 0;
nginx_vhost_locations_streamui: {}
- name: configure stream-ui http proxy locations
when: jitsi_meet_streamui is defined
block:
- name: generate basic auth password file for stream-ui
when: "'http_auth' in jitsi_meet_streamui"
vars:
nginx_auth_basic_filename: "jitsi-meet-{{ jitsi_meet_inst_name }}-streamui"
nginx_auth_basic_users: "{{ jitsi_meet_streamui.http_auth }}"
include_role:
name: nginx/auth/basic
- name: set stream-ui vhost config with authentication
when: "'http_auth' in jitsi_meet_streamui"
set_fact:
nginx_vhost_locations_streamui:
'/stream-ui/':
proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
extra_directives: |-
auth_basic "Jitsi Stream-UI";
auth_basic_user_file /etc/nginx/auth/jitsi-meet-{{ jitsi_meet_inst_name }}-streamui.htpasswd;
- name: set stream-ui vhost config without authentication
when: "'http_auth' not in jitsi_meet_streamui"
set_fact:
nginx_vhost_locations_streamui:
'/stream-ui/':
proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
- name: configure nginx vhost
vars:
nginx_vhost:
name: "jitsi-meet-{{ jitsi_meet_inst_name }}"
template: generic
tls:
certificate_provider: "{{ acme_client }}"
hostnames:
- "{{ jitsi_meet_hostname }}"
locations: "{{ nginx_vhost_locations_base | combine(nginx_vhost_locations_streamui) }}"
include_role:
name: nginx/vhost
|