ansible-debops-infrastructure

DebOps and Ansible scripts to manage my infrastructure
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

commit 2cdb150c73b201d9dc82fd3fc9ce38da4cb41d18
parent 16ca4f9315cbe879c8e1db7a2319695b431ab110
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Fri, 10 Apr 2020 00:46:12 +0300

jitsi: Create group & host vars for a Jitsi Meet

Diffstat:
ansible/inventory/group_vars/jitsi_service/apt.yml | 7+++++++
ansible/inventory/group_vars/jitsi_service/apt_install.yml | 24++++++++++++++++++++++++
ansible/inventory/group_vars/jitsi_service/ferm.yml | 19+++++++++++++++++++
ansible/inventory/group_vars/jitsi_service/nginx.yml | 59+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ansible/inventory/group_vars/jitsi_service/tcpwrappers.yml | 4++++
ansible/inventory/host_vars/jitsi/jitsi.yml | 3+++
ansible/inventory/host_vars/jitsi/pki.yml | 5+++++
7 files changed, 121 insertions(+), 0 deletions(-)

diff --git a/ansible/inventory/group_vars/jitsi_service/apt.yml b/ansible/inventory/group_vars/jitsi_service/apt.yml @@ -0,0 +1,7 @@ +--- + +apt__group_keys: + - url: 'https://download.jitsi.org/jitsi-key.gpg.key' + +apt__group_repositories: + - repo: 'deb https://download.jitsi.org stable/' diff --git a/ansible/inventory/group_vars/jitsi_service/apt_install.yml b/ansible/inventory/group_vars/jitsi_service/apt_install.yml @@ -0,0 +1,24 @@ +--- + +apt_install__group_packages: ['jitsi-meet'] +apt_install__debconf: + - name: 'jitsi-meet-web-config' + question: 'jitsi-videobridge/jvb-hostname:' + value: '{{ jitsi__hostname }}' + vtype: string + - name: 'jitsi-meet-prosody' + question: 'jitsi-videobridge/jvb-hostname' + value: '{{ jitsi__hostname }}' + vtype: string + - name: 'jitsi-videobridge2' + question: 'jitsi-videobridge/jvb-hostname' + value: '{{ jitsi__hostname }}' + vtype: string + - name: 'jicofo' + question: 'jitsi-videobridge/jvb-hostname' + value: '{{ jitsi__hostname }}' + vtype: string + - name: 'jitsi-meet-web-config' + question: 'jitsi-meet/cert-choice' + value: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)" + vtype: select diff --git a/ansible/inventory/group_vars/jitsi_service/ferm.yml b/ansible/inventory/group_vars/jitsi_service/ferm.yml @@ -0,0 +1,19 @@ +--- + +ferm__group_rules: + - type: 'accept' + filename: 'jvb' + name: 'jvb' + table: 'filter' + chain: 'INPUT' + dport: ['10000'] + protocol: 'udp' + domain: 'ip' + - type: 'accept' + filename: 'jvb-fallback' + name: 'jvb-fallback' + table: 'filter' + chain: 'INPUT' + dport: ['4443'] + protocol: 'tcp' + domain: 'ip' diff --git a/ansible/inventory/group_vars/jitsi_service/nginx.yml b/ansible/inventory/group_vars/jitsi_service/nginx.yml @@ -0,0 +1,59 @@ +--- + +nginx__servers: + - name: "{{ jitsi__hostname }}" + acme: True + redirect_to_ssl: True + root: /usr/share/jitsi-meet + options: | + ssi on; + ssi_types application/x-javascript application/javascript; + + location_list: + - pattern: '= /config.js' + options: 'alias /etc/jitsi/meet/{{jitsi__hostname}}-config.js;' + - pattern: '= /external_api.js' + options: 'alias /usr/share/jitsi-meet/libs/external_api.min.js;' + - pattern: '~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$' + options: | + add_header 'Access-Control-Allow-Origin' '*'; + alias /usr/share/jitsi-meet/$1/$2; + - pattern: '= /http-bind' + options: | + proxy_pass http://localhost:5280/http-bind; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $http_host; + - pattern: '= /xmpp-websocket' + options: | + proxy_pass http://localhost:5280/xmpp-websocket; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + tcp_nodelay on; + - pattern: '~ ^/([^/?&:''"]+)$' + options: 'try_files $uri @root_path;' + - pattern: '@root_path' + options: 'rewrite ^/(.*)$ / break;' + - pattern: '~ ^/([^/?&:''"]+)/config.js$' + options: | + set $subdomain "$1."; + set $subdir "$1/"; + alias /etc/jitsi/meet/{{jitsi__hostname}}-config.js; + - pattern: '~ ^/([^/?&:i''"]+)/(.*)$' + options: | + set $subdomain "$1."; + set $subdir "$1/"; + rewrite ^/([^/?&:'"]+)/(.*)$ /$2; + - pattern: '~ ^/([^/?&:''"]+)/http-bind' + options: | + set $subdomain "$1."; + set $subdir "$1/"; + set $prefix "$1"; + rewrite ^/(.*)$ /http-bind; + - pattern: '~ ^/([^/?&:''"]+)/xmpp-websocket' + options: | + set $subdomain "$1."; + set $subdir "$1/"; + set $prefix "$1"; + rewrite ^/(.*)$ /xmpp-websocket; diff --git a/ansible/inventory/group_vars/jitsi_service/tcpwrappers.yml b/ansible/inventory/group_vars/jitsi_service/tcpwrappers.yml @@ -0,0 +1,4 @@ +--- + +tcpwrappers__allow: + - daemon: 'nginx' diff --git a/ansible/inventory/host_vars/jitsi/jitsi.yml b/ansible/inventory/host_vars/jitsi/jitsi.yml @@ -0,0 +1,3 @@ +--- + +jitsi__hostname: 'jitsi.erethon.com' diff --git a/ansible/inventory/host_vars/jitsi/pki.yml b/ansible/inventory/host_vars/jitsi/pki.yml @@ -0,0 +1,5 @@ +--- + +pki_realms: + - name: 'jitsi.erethon.com' + acme: True