diff --git a/fstack/files/jitsi/docker-compose.yml b/fstack/files/jitsi/docker-compose.yml new file mode 100644 index 0000000..52f3113 --- /dev/null +++ b/fstack/files/jitsi/docker-compose.yml @@ -0,0 +1,353 @@ +version: '3.5' + +services: + # Frontend + web: + image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-7882} + restart: ${RESTART_POLICY:-unless-stopped} + ports: + - '${HTTP_PORT}:80' + - '${HTTPS_PORT}:443' + volumes: + - ${CONFIG}/web:/config:Z + - ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z + - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z + - ./data/config/keys:/config/keys:Z + environment: + - VIRTUAL_PROTO=https + - VIRTUAL_PORT=443 + - VIRTUAL_HOST=jitsi.northendnetwork.com + - AMPLITUDE_ID + - ANALYTICS_SCRIPT_URLS + - ANALYTICS_WHITELISTED_EVENTS + - AUDIO_QUALITY_OPUS_BITRATE + - BRANDING_DATA_URL + - CALLSTATS_CUSTOM_SCRIPT_URL + - CALLSTATS_ID + - CALLSTATS_SECRET + - CHROME_EXTENSION_BANNER_JSON + - CONFCODE_URL + - CONFIG_EXTERNAL_CONNECT + - DEFAULT_LANGUAGE + - DEPLOYMENTINFO_ENVIRONMENT + - DEPLOYMENTINFO_ENVIRONMENT_TYPE + - DEPLOYMENTINFO_REGION + - DEPLOYMENTINFO_SHARD + - DEPLOYMENTINFO_USERREGION + - DESKTOP_SHARING_FRAMERATE_MIN + - DESKTOP_SHARING_FRAMERATE_MAX + - DIALIN_NUMBERS_URL + - DIALOUT_AUTH_URL + - DIALOUT_CODES_URL + - DISABLE_AUDIO_LEVELS + - DISABLE_DEEP_LINKING + - DISABLE_GRANT_MODERATOR + - DISABLE_HTTPS + - DISABLE_KICKOUT + - DISABLE_LOCAL_RECORDING + - DISABLE_POLLS + - DISABLE_PRIVATE_CHAT + - DISABLE_PROFILE + - DISABLE_REACTIONS + - DISABLE_REMOTE_VIDEO_MENU + - DROPBOX_APPKEY + - DROPBOX_REDIRECT_URI + - DYNAMIC_BRANDING_URL + - ENABLE_AUDIO_PROCESSING + - ENABLE_AUTH + - ENABLE_BREAKOUT_ROOMS + - ENABLE_CALENDAR + - ENABLE_COLIBRI_WEBSOCKET + - ENABLE_E2EPING + - ENABLE_FILE_RECORDING_SHARING + - ENABLE_GUESTS + - ENABLE_HSTS + - ENABLE_HTTP_REDIRECT + - ENABLE_IPV6 + - ENABLE_LETSENCRYPT + - ENABLE_LIPSYNC + - ENABLE_NO_AUDIO_DETECTION + - ENABLE_NOISY_MIC_DETECTION + - ENABLE_OCTO + - ENABLE_OPUS_RED + - ENABLE_PREJOIN_PAGE + - ENABLE_P2P + - ENABLE_WELCOME_PAGE + - ENABLE_CLOSE_PAGE + - ENABLE_LIVESTREAMING + - ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT + - ENABLE_LOCAL_RECORDING_SELF_START + - ENABLE_RECORDING + - ENABLE_REMB + - ENABLE_REQUIRE_DISPLAY_NAME + - ENABLE_SERVICE_RECORDING + - ENABLE_SIMULCAST + - ENABLE_STATS_ID + - ENABLE_STEREO + - ENABLE_SUBDOMAINS + - ENABLE_TALK_WHILE_MUTED + - ENABLE_TCC + - ENABLE_TRANSCRIPTIONS + - ENABLE_XMPP_WEBSOCKET + - ENABLE_JAAS_COMPONENTS + - ENABLE_MULTI_STREAM + - ETHERPAD_PUBLIC_URL + - ETHERPAD_URL_BASE + - E2EPING_NUM_REQUESTS + - E2EPING_MAX_CONFERENCE_SIZE + - E2EPING_MAX_MESSAGE_PER_SECOND + - GOOGLE_ANALYTICS_ID + - GOOGLE_API_APP_CLIENT_ID + - HIDE_PREMEETING_BUTTONS + - HIDE_PREJOIN_DISPLAY_NAME + - HIDE_PREJOIN_EXTRA_BUTTONS + - INVITE_SERVICE_URL + - JICOFO_AUTH_USER + - LETSENCRYPT_DOMAIN + - LETSENCRYPT_EMAIL + - LETSENCRYPT_USE_STAGING + - MATOMO_ENDPOINT + - MATOMO_SITE_ID + - MICROSOFT_API_APP_CLIENT_ID + - NGINX_RESOLVER + - NGINX_WORKER_PROCESSES + - NGINX_WORKER_CONNECTIONS + - PEOPLE_SEARCH_URL + - PUBLIC_URL + - P2P_PREFERRED_CODEC + - RESOLUTION + - RESOLUTION_MIN + - RESOLUTION_WIDTH + - RESOLUTION_WIDTH_MIN + - START_AUDIO_MUTED + - START_AUDIO_ONLY + - START_BITRATE + - START_SILENT + - START_WITH_AUDIO_MUTED + - START_VIDEO_MUTED + - START_WITH_VIDEO_MUTED + - TESTING_CAP_SCREENSHARE_BITRATE + - TESTING_OCTO_PROBABILITY + - TOKEN_AUTH_URL + - TOOLBAR_BUTTONS + - TZ + - VIDEOQUALITY_BITRATE_H264_LOW + - VIDEOQUALITY_BITRATE_H264_STANDARD + - VIDEOQUALITY_BITRATE_H264_HIGH + - VIDEOQUALITY_BITRATE_VP8_LOW + - VIDEOQUALITY_BITRATE_VP8_STANDARD + - VIDEOQUALITY_BITRATE_VP8_HIGH + - VIDEOQUALITY_BITRATE_VP9_LOW + - VIDEOQUALITY_BITRATE_VP9_STANDARD + - VIDEOQUALITY_BITRATE_VP9_HIGH + - VIDEOQUALITY_ENFORCE_PREFERRED_CODEC + - VIDEOQUALITY_PREFERRED_CODEC + - XMPP_AUTH_DOMAIN + - XMPP_BOSH_URL_BASE + - XMPP_DOMAIN + - XMPP_GUEST_DOMAIN + - XMPP_MUC_DOMAIN + - XMPP_RECORDER_DOMAIN + - XMPP_PORT + networks: + fstack: + ipv4_address: 172.99.0.25 + + # XMPP server + prosody: + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-7882} + restart: ${RESTART_POLICY:-unless-stopped} + expose: + - '${XMPP_PORT:-5222}' + - '5347' + - '5280' + volumes: + - ${CONFIG}/prosody/config:/config:Z + - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z + environment: + - AUTH_TYPE + - DISABLE_POLLS + - ENABLE_AUTH + - ENABLE_AV_MODERATION + - ENABLE_BREAKOUT_ROOMS + - ENABLE_END_CONFERENCE + - ENABLE_GUESTS + - ENABLE_IPV6 + - ENABLE_LOBBY + - ENABLE_RECORDING + - ENABLE_XMPP_WEBSOCKET + - ENABLE_JAAS_COMPONENTS + - GC_TYPE + - GC_INC_TH + - GC_INC_SPEED + - GC_INC_STEP_SIZE + - GC_GEN_MIN_TH + - GC_GEN_MAX_TH + - GLOBAL_CONFIG + - GLOBAL_MODULES + - JIBRI_RECORDER_USER + - JIBRI_RECORDER_PASSWORD + - JIBRI_XMPP_USER + - JIBRI_XMPP_PASSWORD + - JICOFO_AUTH_USER + - JICOFO_AUTH_PASSWORD + - JICOFO_COMPONENT_SECRET + - JIGASI_XMPP_USER + - JIGASI_XMPP_PASSWORD + - JVB_AUTH_USER + - JVB_AUTH_PASSWORD + - JWT_APP_ID + - JWT_APP_SECRET + - JWT_ACCEPTED_ISSUERS + - JWT_ACCEPTED_AUDIENCES + - JWT_ASAP_KEYSERVER + - JWT_ALLOW_EMPTY + - JWT_AUTH_TYPE + - JWT_ENABLE_DOMAIN_VERIFICATION + - JWT_TOKEN_AUTH_MODULE + - MATRIX_UVS_URL + - MATRIX_UVS_ISSUER + - MATRIX_UVS_AUTH_TOKEN + - MATRIX_UVS_SYNC_POWER_LEVELS + - LOG_LEVEL + - LDAP_AUTH_METHOD + - LDAP_BASE + - LDAP_BINDDN + - LDAP_BINDPW + - LDAP_FILTER + - LDAP_VERSION + - LDAP_TLS_CIPHERS + - LDAP_TLS_CHECK_PEER + - LDAP_TLS_CACERT_FILE + - LDAP_TLS_CACERT_DIR + - LDAP_START_TLS + - LDAP_URL + - LDAP_USE_TLS + - MAX_PARTICIPANTS + - PROSODY_RESERVATION_ENABLED + - PROSODY_RESERVATION_REST_BASE_URL + - PUBLIC_URL + - TURN_CREDENTIALS + - TURN_HOST + - TURNS_HOST + - TURN_PORT + - TURNS_PORT + - TZ + - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN + - XMPP_GUEST_DOMAIN + - XMPP_MUC_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_MODULES + - XMPP_MUC_MODULES + - XMPP_MUC_CONFIGURATION + - XMPP_INTERNAL_MUC_MODULES + - XMPP_RECORDER_DOMAIN + - XMPP_PORT + networks: + fstack: + ipv4_address: 172.99.0.26 + aliases: + - xmpp.meet.jitsi + - xmpp.northendnetwork.com + + # Focus component + jicofo: + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-7882} + restart: ${RESTART_POLICY:-unless-stopped} + volumes: + - ${CONFIG}/jicofo:/config:Z + environment: + - AUTH_TYPE + - BRIDGE_AVG_PARTICIPANT_STRESS + - BRIDGE_STRESS_THRESHOLD + - ENABLE_AUTH + - ENABLE_AUTO_OWNER + - ENABLE_CODEC_VP8 + - ENABLE_CODEC_VP9 + - ENABLE_CODEC_H264 + - ENABLE_OCTO + - ENABLE_RECORDING + - ENABLE_SCTP + - ENABLE_AUTO_LOGIN + - JICOFO_AUTH_USER + - JICOFO_AUTH_PASSWORD + - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS + - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT + - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT + - JICOFO_ENABLE_HEALTH_CHECKS + - JICOFO_SHORT_ID + - JIBRI_BREWERY_MUC + - JIBRI_REQUEST_RETRIES + - JIBRI_PENDING_TIMEOUT + - JIGASI_BREWERY_MUC + - JIGASI_SIP_URI + - JVB_BREWERY_MUC + - MAX_BRIDGE_PARTICIPANTS + - OCTO_BRIDGE_SELECTION_STRATEGY + - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" + - SENTRY_ENVIRONMENT + - SENTRY_RELEASE + - TZ + - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_MUC_DOMAIN + - XMPP_RECORDER_DOMAIN + - XMPP_SERVER + - XMPP_PORT + depends_on: + - prosody + networks: + fstack: + ipv4_address: 172.99.0.27 + + # Video bridge + jvb: + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-7882} + restart: ${RESTART_POLICY:-unless-stopped} + ports: + - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' + - '127.0.0.1:${JVB_COLIBRI_PORT:-9090}:9090' + volumes: + - ${CONFIG}/jvb:/config:Z + environment: + - DOCKER_HOST_ADDRESS + - ENABLE_COLIBRI_WEBSOCKET + - ENABLE_OCTO + - ENABLE_MULTI_STREAM + - JVB_ADVERTISE_IPS + - JVB_ADVERTISE_PRIVATE_CANDIDATES + - JVB_AUTH_USER + - JVB_AUTH_PASSWORD + - JVB_BREWERY_MUC + - JVB_DISABLE_STUN + - JVB_PORT + - JVB_MUC_NICKNAME + - JVB_STUN_SERVERS + - JVB_OCTO_BIND_ADDRESS + - JVB_OCTO_REGION + - JVB_OCTO_RELAY_ID + - JVB_WS_DOMAIN + - JVB_WS_SERVER_ID + - PUBLIC_URL + - SENTRY_DSN="${JVB_SENTRY_DSN:-0}" + - SENTRY_ENVIRONMENT + - SENTRY_RELEASE + - COLIBRI_REST_ENABLED + - SHUTDOWN_REST_ENABLED + - TZ + - XMPP_AUTH_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_SERVER + - XMPP_PORT + depends_on: + - prosody + networks: + fstack: + ipv4_address: 172.99.0.28 + +# Custom network so all services can communicate using a FQDN +networks: + fstack: + external: true diff --git a/fstack/files/jitsi/stable-7882.tar.gz b/fstack/files/jitsi/stable-7882.tar.gz new file mode 100644 index 0000000..f83325a Binary files /dev/null and b/fstack/files/jitsi/stable-7882.tar.gz differ diff --git a/fstack/files/new_user.php b/fstack/files/panel/new_user.php similarity index 100% rename from fstack/files/new_user.php rename to fstack/files/panel/new_user.php diff --git a/fstack/lib/dns.sh b/fstack/lib/dns.sh index 179ba1a..3dbae25 100644 --- a/fstack/lib/dns.sh +++ b/fstack/lib/dns.sh @@ -177,6 +177,9 @@ webmail IN A $EXTERNALIP nextcloud IN A $EXTERNALIP computer IN A $EXTERNALIP collabora IN A $EXTERNALIP +jitsi IN A $EXTERNALIP +matrix IN A $EXTERNALIP +element IN A $EXTERNALIP $DOMAIN. IN A $EXTERNALIP EOF diff --git a/fstack/lib/jitsi.sh b/fstack/lib/jitsi.sh new file mode 100644 index 0000000..bae3ba4 --- /dev/null +++ b/fstack/lib/jitsi.sh @@ -0,0 +1,296 @@ +#!/bin/bash +# +# Federated Computer Jitsi Service + +PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +config_jitsi() { + echo -ne "\n* Configuring fstack/jitsi container.." + spin & + SPINPID=$! + + if [ ! -d "fstack/jitsi" ]; then + mkdir -p fstack/jitsi/data/config/keys &> /dev/null + cp -rf fstack/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem fstack/jitsi/data/config/keys + mv fstack/jitsi/data/config/keys/fullchain1.pem fstack/jitsi/data/config/keys/cert.crt + mv fstack/jitsi/data/config/keys/privkey1.pem fstack/jitsi/data/config/keys/cert.key + chmod 644 fstack/jitsi/data/config/keys/*.pem + fi + + DOMAIN_ARRAY=(${DOMAIN//./ }) + DOMAIN_FIRST=${DOMAIN_ARRAY[0]} + DOMAIN_LAST=${DOMAIN_ARRAY[1]} + +# Extract Jitsi into fstack/jitsi +tar zxvf fstack/files/jitsi/stable-* --strip-components 1 -C fstack/jitsi &> /dev/null +[ $? -ne 0 ] && fail "Couldn't extract files/jitsi/stable* into fstack/jitsi" + +# Copy in our own docker-compose file +cp fstack/files/jitsi/docker-compose.yml fstack/jitsi + +# Create Jitsi .env file +cat > fstack/jitsi/.env < /dev/null +echo -ne "done." +} + +start_jitsi() { + # Start fstack/jitsi with output to /dev/null + echo -ne "\n* Starting fstack/jitsi service.." + spin & + SPINPID=$! + + if [ $DEBUG ]; then + # Start fstack/jitsi with output to console for debug + docker-compose -f fstack/jitsi/docker-compose.yml -p jitsi up + [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service fstack/jitsi" + else + docker-compose -f fstack/jitsi/docker-compose.yml -p jitsi up -d &> /dev/null + + # Keep trying jitsi port 443 to make sure it's up + # before we proceed + RETRY="30" + while [ $RETRY -gt 0 ]; do + nc -z 172.99.0.25 443 &> /dev/null + if [ $? -eq 0 ]; then + break + else + if [ "$RETRY" == 1 ]; then + docker-compose -f fstack/jitsi/docker-compose.yml -p jitsi down &> /dev/null + kill -9 $SPINPID &> /dev/null + fail "There was a problem starting service fstack/jitsi\nCheck the output of 'docker logs jitsi' or turn on\ndebug with -d" + fi + ((RETRY--)) + sleep 7 + fi + done + fi + + kill -9 $SPINPID &> /dev/null + echo -ne "done." +} diff --git a/fstack/lib/matrix.sh b/fstack/lib/matrix.sh new file mode 100644 index 0000000..01f6630 --- /dev/null +++ b/fstack/lib/matrix.sh @@ -0,0 +1,204 @@ +#!/bin/bash +# +# Federated Computer Matrix / Element Service + +PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +config_matrix() { + echo -ne "\n* Configuring fstack/matrix container.." + spin & + SPINPID=$! + + if [ ! -d "fstack/matrix" ]; then + mkdir -p fstack/matrix/data/root/certs fstack/matrix/data/matrix fstack/matrix/data/element &> /dev/null + cp -rf fstack/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem fstack/matrix/data/matrix + chmod 644 fstack/matrix/data/matrix/*.pem + fi + + DOMAIN_ARRAY=(${DOMAIN//./ }) + DOMAIN_FIRST=${DOMAIN_ARRAY[0]} + DOMAIN_LAST=${DOMAIN_ARRAY[1]} + +cat > fstack/matrix/docker-compose.yml < fstack/matrix/data/element/element-config.json < /dev/null +[ $? -ne 0 ] && fail "Couldn't run docker matrixdotorg/synapse:latest generate" + +cat >> fstack/matrix/data/matrix/homeserver.yaml < /dev/null +echo -ne "done." +} + +start_matrix() { + # Start fstack/matrix with output to /dev/null + echo -ne "\n* Starting fstack/matrix service.." + spin & + SPINPID=$! + + if [ $DEBUG ]; then + # Start fstack/matrix with output to console for debug + docker-compose -f fstack/matrix/docker-compose.yml -p matrix up + [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service fstack/matrix" + else + docker-compose -f fstack/matrix/docker-compose.yml -p matrix up -d &> /dev/null + + # Keep trying matrix port 8008 to make sure it's up + # before we proceed + RETRY="30" + while [ $RETRY -gt 0 ]; do + nc -z 172.99.0.32 8008 &> /dev/null + if [ $? -eq 0 ]; then + break + else + if [ "$RETRY" == 1 ]; then + docker-compose -f fstack/matrix/docker-compose.yml -p matrix down &> /dev/null + kill -9 $SPINPID &> /dev/null + fail "There was a problem starting service fstack/matrix\nCheck the output of 'docker logs matrix' or turn on\ndebug with -d" + fi + ((RETRY--)) + sleep 7 + fi + done + fi + + kill -9 $SPINPID &> /dev/null + echo -ne "done." +} diff --git a/fstack/lib/panel.sh b/fstack/lib/panel.sh index a6872f7..5b24407 100644 --- a/fstack/lib/panel.sh +++ b/fstack/lib/panel.sh @@ -27,7 +27,7 @@ ansible_python_interpreter=/usr/bin/python3 ansible_ssh_common_args='-o StrictHostKeyChecking=no' EOF -cp fstack/files/new_user.php fstack/panel +cp fstack/files/panel/new_user.php fstack/panel cat > fstack/panel/Dockerfile <