From 56030f2a747bd69eb940012bb16f5d4189d84004 Mon Sep 17 00:00:00 2001 From: Uumas Date: Sun, 4 Apr 2021 20:57:59 +0300 Subject: [PATCH] Initial commit --- LICENSE | 19 ++++++ README.md | 3 + docs/bitwarden_rs.md | 6 ++ docs/general.md | 6 ++ docs/jitsi.md | 9 +++ galaxy.yml | 10 +++ roles/docker/tasks/main.yml | 29 +++++++++ roles/jitsi/meta/main.yml | 5 ++ roles/jitsi/tasks/main.yml | 124 ++++++++++++++++++++++++++++++++++++ 9 files changed, 211 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 docs/bitwarden_rs.md create mode 100644 docs/general.md create mode 100644 docs/jitsi.md create mode 100644 galaxy.yml create mode 100644 roles/docker/tasks/main.yml create mode 100644 roles/jitsi/meta/main.yml create mode 100644 roles/jitsi/tasks/main.yml diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..4a62de4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,19 @@ +MIT License Copyright (c) 2021 uumas + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice (including the next +paragraph) shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF +OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..43b8906 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# uumas.docker + +Roles for services running on docker. diff --git a/docs/bitwarden_rs.md b/docs/bitwarden_rs.md new file mode 100644 index 0000000..62c047f --- /dev/null +++ b/docs/bitwarden_rs.md @@ -0,0 +1,6 @@ +# Required variables +These variables are required by some roles. Example values included. + +``` +timezone: 'Europe/Helsinki' +``` diff --git a/docs/general.md b/docs/general.md new file mode 100644 index 0000000..62c047f --- /dev/null +++ b/docs/general.md @@ -0,0 +1,6 @@ +# Required variables +These variables are required by some roles. Example values included. + +``` +timezone: 'Europe/Helsinki' +``` diff --git a/docs/jitsi.md b/docs/jitsi.md new file mode 100644 index 0000000..ec4415e --- /dev/null +++ b/docs/jitsi.md @@ -0,0 +1,9 @@ +# Required variables +These variables are required. Example values included. Some general variables might also be required for this role. + +``` +ports: + jitsi_http: 8080 + +jitsi_external_url: 'https://jitsi.domain.tld' +``` diff --git a/galaxy.yml b/galaxy.yml new file mode 100644 index 0000000..c0f49c5 --- /dev/null +++ b/galaxy.yml @@ -0,0 +1,10 @@ +--- + +namespace: uumas +name: docker +version: 0.1.0 +readme: README.md +dependencies: + - uumas.gemeral(>0.3.0) +authors: + - uumas diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 0000000..a8bed6d --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,29 @@ +--- + +- name: Install dependencies + apt: + name: + - apt-transport-https + - ca-certificates + - curl + - gnupg + - lsb-release + update_cache: yes + +- name: Add docker repo signing key + apt_key: + id: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88' + url: 'https://download.docker.com/linux/debian/gpg' +- name: Add docker repo + apt_repository: + repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" + filename: 'docker' + mode: '644' + +- name: Install docker + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - python-docker diff --git a/roles/jitsi/meta/main.yml b/roles/jitsi/meta/main.yml new file mode 100644 index 0000000..c1fee78 --- /dev/null +++ b/roles/jitsi/meta/main.yml @@ -0,0 +1,5 @@ +--- + +dependencies: + - docker + - uumas.general.caddy diff --git a/roles/jitsi/tasks/main.yml b/roles/jitsi/tasks/main.yml new file mode 100644 index 0000000..e3569ad --- /dev/null +++ b/roles/jitsi/tasks/main.yml @@ -0,0 +1,124 @@ +--- + +- name: Jitsi meet docker network + docker_network: + name: meet.jitsi + +- name: Jitsi meet web + docker_container: + name: 'jitsi_meet_web' + image: 'jitsi/web:latest' + pull: yes + container_default_behavior: no_defaults + published_ports: + - "{{ localhost_ip }}:{{ ports.jitsi_http }}:80" + env: + DISABLE_HTTPS: '1' + PUBLIC_URL: "{{ jitsi_external_url }}" + TZ: "{{ timezone }}" + ENABLE_PREJOIN_PAGE: '1' + ENABLE_REQUIRE_DISPLAY_NAME: '1' + ENABLE_NOISY_MIC_DETECTION: '0' + ENABLE_RECORDING: '0' + JICOFO_AUTH_USER: focus + XMPP_BOSH_URL_BASE: 'http://xmpp.meet.jitsi:5280' + XMPP_DOMAIN: meet.jitsi + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_MUC_DOMAIN: muc.meet.jitsi + restart_policy: always + networks: + - name: meet.jitsi + aliases: + - meet.jitsi + +- name: Jitsi meet prosody + docker_container: + name: 'jitsi_meet_prosody' + image: 'jitsi/prosody:latest' + pull: yes + container_default_behavior: no_defaults + env: + PUBLIC_URL: "{{ jitsi_external_url }}" + TZ: "{{ timezone }}" + ENABLE_LOBBY: '1' + JICOFO_COMPONENT_SECRET: "{{ jitsi_pw.jicofo_component }}" + JICOFO_AUTH_USER: focus + JICOFO_AUTH_PASSWORD: "{{ jitsi_pw.jicofo_auth }}" + JVB_AUTH_USER: jvb + JVB_AUTH_PASSWORD: "{{ jitsi_pw.jvb_auth }}" + XMPP_DOMAIN: meet.jitsi + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi + XMPP_MUC_DOMAIN: muc.meet.jitsi + restart_policy: always + exposed_ports: + - '5222' + - '5347' + networks: + - name: meet.jitsi + aliases: + - xmpp.meet.jitsi + +- name: Jitsi meet jicofo + docker_container: + name: 'jitsi_meet_jicofo' + image: 'jitsi/jicofo:latest' + pull: yes + container_default_behavior: no_defaults + env: + TZ: "{{ timezone }}" + JVB_BREWERY_MUC: jvbbrewery + JICOFO_COMPONENT_SECRET: "{{ jitsi_pw.jicofo_component }}" + JICOFO_AUTH_USER: focus + JICOFO_AUTH_PASSWORD: "{{ jitsi_pw.jicofo_auth }}" + XMPP_DOMAIN: meet.jitsi + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_MUC_DOMAIN: muc.meet.jitsi + XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi + XMPP_SERVER: xmpp.meet.jitsi + ENABLE_RECORDING: '0' + restart_policy: always + networks: + - name: meet.jitsi + aliases: + - meet.jitsi + +- name: Jitsi meet video bridge + docker_container: + name: 'jitsi_meet_jvb' + image: 'jitsi/jvb:latest' + pull: yes + container_default_behavior: no_defaults + published_ports: + - "{{ ports.jitsi_jvb | default(10000) }}:10000/udp" + - "{{ ports.jitsi_jvb_tcp | default(4443) }}:4443" + env: + PUBLIC_URL: "{{ jitsi_external_url }}" + TZ: "{{ timezone }}" + JVB_PORT: '10000' + JVB_TCP_PORT: '4443' + JVB_TCP_HARVESTER_DISABLED: 'false' + JVB_BREWERY_MUC: jvbbrewery + JVB_STUN_SERVERS: 'meet-jit-si-turnrelay.jitsi.net:443' + JVB_AUTH_USER: jvb + JVB_AUTH_PASSWORD: "{{ jitsi_pw.jvb_auth }}" + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi + XMPP_SERVER: xmpp.meet.jitsi + restart_policy: always + networks: + - name: meet.jitsi + aliases: + - meet.jitsi + +- name: Add caddy reverse proxy config + blockinfile: + path: /etc/caddy/Caddyfile + marker: "# {mark} ANSIBLE MANAGED BLOCK jitsi" + block: | + {{ jitsi_external_url }} { + reverse_proxy http://{{ localhost_ip }}:{{ ports.jitsi_http }} + } + validate: 'caddy validate --config %s --adapter caddyfile' + backup: yes + notify: reload caddy