Initial commit

LICENSE

@@ -0,0 +1,19 @@
+MIT License Copyright (c) 2021 uumas
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next
+paragraph) shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
+OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
+OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,3 @@
+# uumas.docker
+
+Roles for services running on docker.

docs/bitwarden_rs.md

@@ -0,0 +1,6 @@
+# Required variables
+These variables are required by some roles. Example values included.
+
+```
+timezone: 'Europe/Helsinki'
+```

docs/general.md

@@ -0,0 +1,6 @@
+# Required variables
+These variables are required by some roles. Example values included.
+
+```
+timezone: 'Europe/Helsinki'
+```

docs/jitsi.md

@@ -0,0 +1,9 @@
+# Required variables
+These variables are required. Example values included. Some general variables might also be required for this role.
+
+```
+ports:
+  jitsi_http: 8080
+
+jitsi_external_url: 'https://jitsi.domain.tld'
+```

galaxy.yml

@@ -0,0 +1,10 @@
+---
+
+namespace: uumas
+name: docker
+version: 0.1.0
+readme: README.md
+dependencies:
+  - uumas.gemeral(>0.3.0)
+authors:
+  - uumas

roles/docker/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+
+- name: Install dependencies
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - gnupg
+      - lsb-release
+    update_cache: yes
+
+- name: Add docker repo signing key
+  apt_key:
+    id: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
+    url: 'https://download.docker.com/linux/debian/gpg'
+- name: Add docker repo
+  apt_repository:
+    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+    filename: 'docker'
+    mode: '644'
+
+- name: Install docker
+  apt:
+    name: 
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+      - python-docker

roles/jitsi/meta/main.yml

@@ -0,0 +1,5 @@
+---
+
+dependencies:
+  - docker
+  - uumas.general.caddy

roles/jitsi/tasks/main.yml

@@ -0,0 +1,124 @@
+---
+
+- name: Jitsi meet docker network
+  docker_network:
+    name: meet.jitsi
+
+- name: Jitsi meet web
+  docker_container:
+    name: 'jitsi_meet_web'
+    image: 'jitsi/web:latest'
+    pull: yes
+    container_default_behavior: no_defaults
+    published_ports:
+      - "{{ localhost_ip }}:{{ ports.jitsi_http }}:80"
+    env:
+      DISABLE_HTTPS: '1'
+      PUBLIC_URL: "{{ jitsi_external_url }}"
+      TZ: "{{ timezone }}"
+      ENABLE_PREJOIN_PAGE: '1'
+      ENABLE_REQUIRE_DISPLAY_NAME: '1'
+      ENABLE_NOISY_MIC_DETECTION: '0'
+      ENABLE_RECORDING: '0'
+      JICOFO_AUTH_USER: focus
+      XMPP_BOSH_URL_BASE: 'http://xmpp.meet.jitsi:5280'
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_MUC_DOMAIN: muc.meet.jitsi
+    restart_policy: always
+    networks:
+      - name: meet.jitsi
+        aliases:
+          - meet.jitsi
+
+- name: Jitsi meet prosody
+  docker_container:
+    name: 'jitsi_meet_prosody'
+    image: 'jitsi/prosody:latest'
+    pull: yes
+    container_default_behavior: no_defaults
+    env:
+      PUBLIC_URL: "{{ jitsi_external_url }}"
+      TZ: "{{ timezone }}"
+      ENABLE_LOBBY: '1'
+      JICOFO_COMPONENT_SECRET: "{{ jitsi_pw.jicofo_component }}"
+      JICOFO_AUTH_USER: focus
+      JICOFO_AUTH_PASSWORD: "{{ jitsi_pw.jicofo_auth }}"
+      JVB_AUTH_USER: jvb
+      JVB_AUTH_PASSWORD: "{{ jitsi_pw.jvb_auth }}"
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      XMPP_MUC_DOMAIN: muc.meet.jitsi
+    restart_policy: always
+    exposed_ports:
+      - '5222'
+      - '5347'
+    networks:
+      - name: meet.jitsi
+        aliases:
+          - xmpp.meet.jitsi
+
+- name: Jitsi meet jicofo
+  docker_container:
+    name: 'jitsi_meet_jicofo'
+    image: 'jitsi/jicofo:latest'
+    pull: yes
+    container_default_behavior: no_defaults
+    env:
+      TZ: "{{ timezone }}"
+      JVB_BREWERY_MUC: jvbbrewery
+      JICOFO_COMPONENT_SECRET: "{{ jitsi_pw.jicofo_component }}"
+      JICOFO_AUTH_USER: focus
+      JICOFO_AUTH_PASSWORD: "{{ jitsi_pw.jicofo_auth }}"
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_MUC_DOMAIN: muc.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      XMPP_SERVER: xmpp.meet.jitsi
+      ENABLE_RECORDING: '0'
+    restart_policy: always
+    networks:
+      - name: meet.jitsi
+        aliases:
+          - meet.jitsi
+
+- name: Jitsi meet video bridge
+  docker_container:
+    name: 'jitsi_meet_jvb'
+    image: 'jitsi/jvb:latest'
+    pull: yes
+    container_default_behavior: no_defaults
+    published_ports:
+      - "{{ ports.jitsi_jvb | default(10000) }}:10000/udp"
+      - "{{ ports.jitsi_jvb_tcp | default(4443) }}:4443"
+    env:
+      PUBLIC_URL: "{{ jitsi_external_url }}"
+      TZ: "{{ timezone }}"
+      JVB_PORT: '10000'
+      JVB_TCP_PORT: '4443'
+      JVB_TCP_HARVESTER_DISABLED: 'false'
+      JVB_BREWERY_MUC: jvbbrewery
+      JVB_STUN_SERVERS: 'meet-jit-si-turnrelay.jitsi.net:443'
+      JVB_AUTH_USER: jvb
+      JVB_AUTH_PASSWORD: "{{ jitsi_pw.jvb_auth }}"
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      XMPP_SERVER: xmpp.meet.jitsi
+    restart_policy: always
+    networks:
+      - name: meet.jitsi
+        aliases:
+          - meet.jitsi
+
+- name: Add caddy reverse proxy config
+  blockinfile:
+    path: /etc/caddy/Caddyfile
+    marker: "# {mark} ANSIBLE MANAGED BLOCK jitsi"
+    block: |
+      {{ jitsi_external_url }} {
+        reverse_proxy http://{{ localhost_ip }}:{{ ports.jitsi_http }}
+      }
+    validate: 'caddy validate --config %s --adapter caddyfile'
+    backup: yes
+  notify: reload caddy