summaryrefslogtreecommitdiff
path: root/roles/apps/jitsi/meet/tasks/main.yml
blob: 1d55fc78787f66f98f562e35eb4dab4a919a8a46 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
---
- name: create jitsi-meet scripts subdirectories
  loop:
  - jicofo
  - prosody
  - web
  - jvb
  file:
    path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/{{ item }}"
    state: directory

- name: configure base pod config hash items
  set_fact:
    kubernetes_standalone_pod_config_hash_items_base:
    - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
      properties:
      - checksum
    kubernetes_standalone_pod_config_hash_items_streamui: []
    kubernetes_standalone_pod_config_hash_items_jvb_conf_extra: []

- name: generate generic prosody cont-init script
  copy:
    content: |
      #!/usr/bin/with-contenv bash
      sed -e 's#^\(component_interface\s*=\)#-- \1#g' -i /config/prosody.cfg.lua
      {% if jitsi_meet_auth is defined %}

      echo "authentication enabled:"
      {%   for username, password in jitsi_meet_auth.users.items() %}
      echo " * registering user: {{ username }}"
      prosodyctl --config "/config/prosody.cfg.lua" register "{{ username }}" $XMPP_DOMAIN "{{ password }}"
      {%   endfor %}
      {% endif %}
    dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
    mode: 0750


- name: generate stream-ui specific cont-init scripts
  when: jitsi_meet_streamui is defined
  block:
  - name: generate stream-ui specific cont-init scripts for prosody
    copy:
      content: |
        #!/usr/bin/with-contenv bash
        cat << EOF > /config/conf.d/stream-ui.cfg.lua
        VirtualHost "stream-ui.meet.jitsi"
            modules_enabled = {
              "ping";
            }
            authentication = "internal_hashed"
        EOF
        prosodyctl --config "/config/prosody.cfg.lua" register display stream-ui.meet.jitsi "{{ jitsi_meet_secrets.streamuidisplay_auth_password }}"
      dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh"
      mode: 0750

  - name: generate stream-ui specific cont-init scripts for web
    copy:
      content: |
        #!/usr/bin/with-contenv bash
        cat << EOF >> /config/config.js

        // Hide Stream-UI Displays
        config.hiddenDomain = 'stream-ui.meet.jitsi';
        EOF
      dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/web/streamui.sh"
      mode: 0755

  - name: configure stream-ui pod config hash items
    set_fact:
      kubernetes_standalone_pod_config_hash_items_streamui:
      - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh"
        properties:
        - checksum
      - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/web/streamui.sh"
        properties:
        - checksum


- name: generate jvb cont-init script for extra config snippet
  when: jitsi_meet_jvb_config_extra is defined
  block:
  - name: add jvb extra config snippet to cont-init script of jvb
    copy:
      content: |
        #!/usr/bin/with-contenv bash
        cat << EOF >> /config/jvb.conf

        {{ jitsi_meet_jvb_config_extra }}
        EOF
      dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/jvb/cont-init.sh"
      mode: 0750

  - name: configure jvb extra config pod config hash items
    set_fact:
      kubernetes_standalone_pod_config_hash_items_jvb_conf_extra:
      - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/jvb/cont-init.sh"
        properties:
        - checksum


- name: install pod manifest
  vars:
    kubernetes_standalone_pod:
      name: "jitsi-meet-{{ jitsi_meet_inst_name }}"
      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
      mode: "0600"
      config_hash_items: "{{ kubernetes_standalone_pod_config_hash_items_base + kubernetes_standalone_pod_config_hash_items_streamui + kubernetes_standalone_pod_config_hash_items_jvb_conf_extra }}"
  include_role:
    name: kubernetes/standalone/pod


- name: configure base http proxy locations
  set_fact:
    nginx_vhost_locations_base:
      '/':
        proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}"
        extra_directives: |-
          client_max_body_size 0;
    nginx_vhost_locations_streamui: {}

- name: configure stream-ui http proxy locations
  when: jitsi_meet_streamui is defined
  block:
  - name: generate basic auth password file for stream-ui
    when: "'http_auth' in jitsi_meet_streamui"
    vars:
      nginx_auth_basic_filename: "jitsi-meet-{{ jitsi_meet_inst_name }}-streamui"
      nginx_auth_basic_users: "{{ jitsi_meet_streamui.http_auth }}"
    include_role:
      name: nginx/auth/basic

  - name: set stream-ui vhost config with authentication
    when: "'http_auth' in jitsi_meet_streamui"
    set_fact:
      nginx_vhost_locations_streamui:
        '/stream-ui/':
          proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
          extra_directives: |-
            auth_basic "Jitsi Stream-UI";
            auth_basic_user_file /etc/nginx/auth/jitsi-meet-{{ jitsi_meet_inst_name }}-streamui.htpasswd;

  - name: set stream-ui vhost config without authentication
    when: "'http_auth' not in jitsi_meet_streamui"
    set_fact:
      nginx_vhost_locations_streamui:
        '/stream-ui/':
          proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"

- name: configure nginx vhost
  vars:
    nginx_vhost:
      name: "jitsi-meet-{{ jitsi_meet_inst_name }}"
      template: generic
      tls:
        certificate_provider: "{{ acme_client }}"
      hostnames:
      - "{{ jitsi_meet_hostname }}"
      locations: "{{ nginx_vhost_locations_base | combine(nginx_vhost_locations_streamui) }}"
  include_role:
    name: nginx/vhost