From 1a98add8660a2a990db9615d8d958ca295fb79f5 Mon Sep 17 00:00:00 2001 From: Uumas Date: Sun, 21 Mar 2021 20:45:41 +0200 Subject: [PATCH] more things --- docs/vars/optional.yaml | 11 +++ docs/vars/required.yaml | 5 ++ roles/caddy/handlers/main.yml | 6 ++ roles/caddy/tasks/main.yml | 45 +++++++++++ roles/docker/tasks/main.yml | 1 + roles/jitsi_docker/meta/main.yml | 5 ++ roles/jitsi_docker/tasks/main.yml | 124 ++++++++++++++++++++++++++++++ roles/packages/defaults/main.yml | 11 +++ roles/packages/tasks/main.yml | 1 + 9 files changed, 209 insertions(+) create mode 100644 docs/vars/optional.yaml create mode 100644 docs/vars/required.yaml create mode 100644 roles/caddy/handlers/main.yml create mode 100644 roles/caddy/tasks/main.yml create mode 100644 roles/jitsi_docker/meta/main.yml create mode 100644 roles/jitsi_docker/tasks/main.yml create mode 100644 roles/packages/defaults/main.yml diff --git a/docs/vars/optional.yaml b/docs/vars/optional.yaml new file mode 100644 index 0000000..7022943 --- /dev/null +++ b/docs/vars/optional.yaml @@ -0,0 +1,11 @@ +--- + +install_packages: + - vim + - git + - etckeeper + - net-tools + - nmap + - ncdu + - fish + - parted diff --git a/docs/vars/required.yaml b/docs/vars/required.yaml new file mode 100644 index 0000000..108464a --- /dev/null +++ b/docs/vars/required.yaml @@ -0,0 +1,5 @@ +--- + +timezone: 'Europe/Helsinki' +domain: 'example.tld' +email: 'admin@domain.tld' diff --git a/roles/caddy/handlers/main.yml b/roles/caddy/handlers/main.yml new file mode 100644 index 0000000..10b1181 --- /dev/null +++ b/roles/caddy/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: reload caddy + systemd: + name: caddy + state: reloaded diff --git a/roles/caddy/tasks/main.yml b/roles/caddy/tasks/main.yml new file mode 100644 index 0000000..7407961 --- /dev/null +++ b/roles/caddy/tasks/main.yml @@ -0,0 +1,45 @@ +--- + +- name: Install dependencies + apt: + name: + - debian-keyring + - debian-archive-keyring + - apt-transport-https + update_cache: yes + +- name: Add caddy repo signing key + apt_key: + id: '65760C51EDEA2017CEA2CA15155B6D79CA56EA34' + url: 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' +- name: Add caddy repo + apt_repository: + repo: "deb https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main" + filename: 'caddy-stable' + mode: '644' + +- name: Install caddy + apt: + name: caddy + +- name: Remove default settings from caddyfile + blockinfile: + path: /etc/caddy/Caddyfile + marker: "{mark}" + marker_begin: ':80' + marker_end: '# https://caddyserver.com/docs/caddyfile' + state: absent + validate: 'caddy validate --config %s --adapter caddyfile' + backup: yes + +- name: Put caddy general config in place + blockinfile: + path: /etc/caddy/Caddyfile + marker: "# {mark} ANSIBLE MANAGED BLOCK general" + block: | + { + email {{ email }} + } + validate: 'caddy validate --config %s --adapter caddyfile' + backup: yes + notify: reload caddy diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 16e744e..a8bed6d 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -26,3 +26,4 @@ - docker-ce - docker-ce-cli - containerd.io + - python-docker diff --git a/roles/jitsi_docker/meta/main.yml b/roles/jitsi_docker/meta/main.yml new file mode 100644 index 0000000..c39100e --- /dev/null +++ b/roles/jitsi_docker/meta/main.yml @@ -0,0 +1,5 @@ +--- + +dependencies: + - docker + - caddy diff --git a/roles/jitsi_docker/tasks/main.yml b/roles/jitsi_docker/tasks/main.yml new file mode 100644 index 0000000..e3569ad --- /dev/null +++ b/roles/jitsi_docker/tasks/main.yml @@ -0,0 +1,124 @@ +--- + +- name: Jitsi meet docker network + docker_network: + name: meet.jitsi + +- name: Jitsi meet web + docker_container: + name: 'jitsi_meet_web' + image: 'jitsi/web:latest' + pull: yes + container_default_behavior: no_defaults + published_ports: + - "{{ localhost_ip }}:{{ ports.jitsi_http }}:80" + env: + DISABLE_HTTPS: '1' + PUBLIC_URL: "{{ jitsi_external_url }}" + TZ: "{{ timezone }}" + ENABLE_PREJOIN_PAGE: '1' + ENABLE_REQUIRE_DISPLAY_NAME: '1' + ENABLE_NOISY_MIC_DETECTION: '0' + ENABLE_RECORDING: '0' + JICOFO_AUTH_USER: focus + XMPP_BOSH_URL_BASE: 'http://xmpp.meet.jitsi:5280' + XMPP_DOMAIN: meet.jitsi + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_MUC_DOMAIN: muc.meet.jitsi + restart_policy: always + networks: + - name: meet.jitsi + aliases: + - meet.jitsi + +- name: Jitsi meet prosody + docker_container: + name: 'jitsi_meet_prosody' + image: 'jitsi/prosody:latest' + pull: yes + container_default_behavior: no_defaults + env: + PUBLIC_URL: "{{ jitsi_external_url }}" + TZ: "{{ timezone }}" + ENABLE_LOBBY: '1' + JICOFO_COMPONENT_SECRET: "{{ jitsi_pw.jicofo_component }}" + JICOFO_AUTH_USER: focus + JICOFO_AUTH_PASSWORD: "{{ jitsi_pw.jicofo_auth }}" + JVB_AUTH_USER: jvb + JVB_AUTH_PASSWORD: "{{ jitsi_pw.jvb_auth }}" + XMPP_DOMAIN: meet.jitsi + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi + XMPP_MUC_DOMAIN: muc.meet.jitsi + restart_policy: always + exposed_ports: + - '5222' + - '5347' + networks: + - name: meet.jitsi + aliases: + - xmpp.meet.jitsi + +- name: Jitsi meet jicofo + docker_container: + name: 'jitsi_meet_jicofo' + image: 'jitsi/jicofo:latest' + pull: yes + container_default_behavior: no_defaults + env: + TZ: "{{ timezone }}" + JVB_BREWERY_MUC: jvbbrewery + JICOFO_COMPONENT_SECRET: "{{ jitsi_pw.jicofo_component }}" + JICOFO_AUTH_USER: focus + JICOFO_AUTH_PASSWORD: "{{ jitsi_pw.jicofo_auth }}" + XMPP_DOMAIN: meet.jitsi + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_MUC_DOMAIN: muc.meet.jitsi + XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi + XMPP_SERVER: xmpp.meet.jitsi + ENABLE_RECORDING: '0' + restart_policy: always + networks: + - name: meet.jitsi + aliases: + - meet.jitsi + +- name: Jitsi meet video bridge + docker_container: + name: 'jitsi_meet_jvb' + image: 'jitsi/jvb:latest' + pull: yes + container_default_behavior: no_defaults + published_ports: + - "{{ ports.jitsi_jvb | default(10000) }}:10000/udp" + - "{{ ports.jitsi_jvb_tcp | default(4443) }}:4443" + env: + PUBLIC_URL: "{{ jitsi_external_url }}" + TZ: "{{ timezone }}" + JVB_PORT: '10000' + JVB_TCP_PORT: '4443' + JVB_TCP_HARVESTER_DISABLED: 'false' + JVB_BREWERY_MUC: jvbbrewery + JVB_STUN_SERVERS: 'meet-jit-si-turnrelay.jitsi.net:443' + JVB_AUTH_USER: jvb + JVB_AUTH_PASSWORD: "{{ jitsi_pw.jvb_auth }}" + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi + XMPP_SERVER: xmpp.meet.jitsi + restart_policy: always + networks: + - name: meet.jitsi + aliases: + - meet.jitsi + +- name: Add caddy reverse proxy config + blockinfile: + path: /etc/caddy/Caddyfile + marker: "# {mark} ANSIBLE MANAGED BLOCK jitsi" + block: | + {{ jitsi_external_url }} { + reverse_proxy http://{{ localhost_ip }}:{{ ports.jitsi_http }} + } + validate: 'caddy validate --config %s --adapter caddyfile' + backup: yes + notify: reload caddy diff --git a/roles/packages/defaults/main.yml b/roles/packages/defaults/main.yml new file mode 100644 index 0000000..7022943 --- /dev/null +++ b/roles/packages/defaults/main.yml @@ -0,0 +1,11 @@ +--- + +install_packages: + - vim + - git + - etckeeper + - net-tools + - nmap + - ncdu + - fish + - parted diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml index b70b97e..95b44fd 100644 --- a/roles/packages/tasks/main.yml +++ b/roles/packages/tasks/main.yml @@ -3,3 +3,4 @@ - name: Install packages apt: name: "{{ install_packages }}" + update_cache: yes