Merge branch 'feature/rebase'

.gitmodules

@@ -1,5 +1,5 @@
 [submodule "docker/static/goStatic"]
-	path = docker/static/goStatic
+	path = app/build/static/goStatic
 	url = https://github.com/PierreZ/goStatic
 [submodule "docker/blog/quentin.dufour.io"]
 	path = docker/blog-quentin/quentin.dufour.io

README.md

@@ -10,7 +10,7 @@ We try to build a generic abstraction stack between our different resources (CPU
   * ansible (physical node conf)
   * nomad (schedule containers)
   * consul (distributed key value store / lock / service discovery)
-  * glusterfs (file storage)
+  * garage/glusterfs (file storage)
   * stolon + postgresql (distributed relational database)
   * docker (container tool)
   * bottin (LDAP server, auth)
@@ -23,6 +23,21 @@ Some services we provide:
 
 As a generic abstraction is provided, deploying new services should be easy.
 
+## I am lost, how this repo works?
+
+To ease the development, we make the choice of a fully integrated environment
+
+  1. `os` the base os for the cluster
+      1. `build`: where you will build our OS image based on Debian that you will install on your server
+      2. `config`: our Ansible recipes to configure and update your freshly installed server
+  2. `apps` apps we deploy on the cluster
+      1. `build`: our Docker files to build immutable images of our applications
+      2. `integration`: Our Docker compose files to test locally how our built images interact together
+      3. `config`: Files containing application configurations to be deployed on Consul Key Value Store
+      4. `deployment`: Files containing application definitions to be deployed on Nomad Scheduler
+  3. `op_guide`: Guides to explain you operations you can do cluster wide (like configuring postgres)
+
+
 ## Start hacking
 
 ### Clone the repository

app/build/docker-compose.yml

@@ -0,0 +1,63 @@
+version: '3.4'
+services:
+
+  # Instant Messaging
+  riot:
+    build:
+      context: ./riotweb
+      args:
+        # https://github.com/vector-im/riot-web/releases
+        VERSION: 1.7.5
+    image: superboum/amd64_riotweb:v15
+
+  synapse:
+    build: 
+      context: ./matrix-synapse
+      args:
+        # https://github.com/matrix-org/synapse/releases
+        VERSION: 1.19.1
+    image: superboum/amd64_synapse:v33
+
+  # Email
+  sogo:
+    build:
+      context: ./sogo
+      args:
+        # fake for now
+        VERSION: 5.0.0
+    image: superboum/amd64_sogo:v7
+
+  # VoIP
+  jitsi-meet:
+    build:
+      context: ./jitsi-meet
+      args:
+        # https://github.com/jitsi/jitsi-meet
+        PREFIXV: stable/jitsi-meet_
+        VERSION: 4966
+    image: superboum/amd64_jitsi_meet:v1
+
+  jitsi-conference-focus:
+    build:
+      context: ./jitsi-conference-focus
+      args:
+        # https://github.com/jitsi/jicofo
+        PREFIXV: stable/jitsi-meet_
+        VERSION: 4966
+    image: superboum/amd64_jitsi_conference_focus:v5
+
+  jitsi-videobridge:
+    build:
+      context: ./jitsi-videobridge
+      args:
+        # https://github.com/jitsi/jitsi-videobridge
+        PREFIXV: stable/jitsi-meet_
+        VERSION: 4966
+    image: superboum/amd64_jitsi_videobridge:v15
+
+  jitsi-xmpp:
+    build:
+      context: ./jitsi-xmpp
+      args:
+        VERSION: fake-1
+    image: superboum/amd64_jitsi_xmpp:v4

app/build/jitsi-conference-focus/Dockerfile

@@ -0,0 +1,27 @@
+FROM debian:buster AS builder
+
+ARG PREFIXV
+ARG VERSION
+RUN apt-get update && \
+    apt-get install -y openjdk-11-jdk maven wget unzip && \
+    wget https://github.com/jitsi/jicofo/archive/${PREFIXV}${VERSION}.zip -O jicofo.zip
+
+RUN unzip jicofo.zip && \
+    mv jicofo*${VERSION} jicofo && \
+    cd jicofo && \
+    mvn package -DskipTests -Dassembly.skipAssembly=false && \
+    unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
+    mv jicofo-1.1-SNAPSHOT /srv/build
+
+FROM debian:buster
+
+RUN apt-get update && \
+    apt-get install -y openjdk-11-jre-headless ca-certificates
+
+ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi"
+
+COPY --from=builder /srv/build /srv/jicofo
+COPY jicofo /usr/local/bin/jicofo
+COPY sip-communicator.properties /root/.sip-communicator/sip-communicator.properties
+
+CMD ["/usr/local/bin/jicofo"]

app/build/jitsi-conference-focus/sip-communicator.properties

@@ -0,0 +1,2 @@
+org.jitsi.jicofo.SHORT_ID=1
+org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr

app/build/jitsi-meet/Dockerfile

@@ -0,0 +1,28 @@
+FROM debian:buster AS builder
+
+ARG PREFIXV
+ARG VERSION
+
+RUN apt-get update && \
+    apt-get install -y curl && \
+    curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
+    apt-get install -y git nodejs make wget unzip && \
+    wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${VERSION}.zip -O jitsi-meet.zip
+
+RUN unzip jitsi-meet.zip && \
+    mv jitsi-meet-*${VERSION} jitsi-meet && \
+    cd jitsi-meet && \
+    npm install && \
+    make
+
+FROM debian:buster
+
+COPY --from=builder /jitsi-meet /srv/jitsi-meet
+RUN apt-get update && \
+    apt-get install -y nginx && \
+    rm /etc/nginx/sites-enabled/*
+
+COPY config.js /srv/jitsi-meet/config.js
+COPY entrypoint.sh /usr/local/bin/entrypoint
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+CMD ["/usr/sbin/nginx", "-g", "daemon off;"]

app/build/jitsi-videobridge/Dockerfile

@@ -1,21 +1,24 @@
 FROM debian:buster AS builder
 
-RUN apt-get update && \
-    apt-get install -y wget unzip maven openjdk-11-jdk 
+ARG PREFIXV
+ARG VERSION
 
-ENV VERSION=4468
-RUN wget https://github.com/jitsi/jitsi-videobridge/archive/stable/jitsi-meet_${VERSION}.zip -O jvb.zip && \
-    unzip jvb.zip && \
-    mv jitsi-videobridge-stable-jitsi-meet_${VERSION} jvb && \
+RUN apt-get update && \
+    apt-get install -y wget unzip maven openjdk-11-jdk && \
+    wget https://github.com/jitsi/jitsi-videobridge/archive/${PREFIXV}${VERSION}.zip -O jvb.zip
+
+RUN unzip jvb.zip && \
+    mv jitsi-videobridge*${VERSION} jvb && \
     cd jvb && \
     mvn package  -DskipTests && \
-    unzip target/jitsi-videobridge-*.zip && \
+    ls jvb/target && \
+    unzip jvb/target/jitsi-videobridge*.zip && \
     mv jitsi-videobridge-*-SNAPSHOT build
 
 FROM debian:buster
 
 RUN apt-get update && \
-    apt-get install -y openjdk-11-jdk
+    apt-get install -y openjdk-11-jre-headless
 
 COPY --from=builder /jvb/build /srv/jvb
 ENV HOME=/root

app/build/jitsi-videobridge/jvb_run

@@ -8,9 +8,24 @@ EOF
 mkdir -p /root/.sip-communicator
 
 cat > /root/.sip-communicator/sip-communicator.properties <<EOF
+# Enable broadcasting stats/presence in a MUC
+org.jitsi.videobridge.ENABLE_STATISTICS=true
+org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
+
+# Connect to the first XMPP server
+org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
+org.jitsi.videobridge.xmpp.user.shard.PASSWORD=${JITSI_SECRET_VIDEOBRIDGE}
+org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=singleton
+org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
+
+# Do we need it? @FIXME
 org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
-# The videobridge uses 443 by default with 4443 as a fallback, but since we're already
-# running nginx on 443 in this example doc, we specify 4443 manually to avoid a race condition
+
+# NAT things, two times just in case...
 org.ice4j.ice.harvest.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP}
 org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
 org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
@@ -35,4 +50,5 @@ EOF
   --host=${JITSI_PROSODY_HOST} \
   --domain=jitsi.deuxfleurs.fr \
   --port=5347 \
-  --secret=${JITSI_SECRET_VIDEOBRIDGE}
+  --secret=${JITSI_SECRET_VIDEOBRIDGE} \
+  --apis=xmpp,rest

app/build/jitsi-xmpp/xmpp_conf

@@ -8,31 +8,36 @@ EOF
 mkdir -p /etc/prosody/conf.{d,avail}/
 cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
 VirtualHost "jitsi.deuxfleurs.fr"
-    authentication = "anonymous"
-    ssl = {
-        key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
-        certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
-    }
-    modules_enabled = {
-        "bosh";
-        "pubsub";
-    }
-    c2s_require_encryption = false
+  authentication = "anonymous"
+  ssl = {
+    key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
+    certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
+  }
+  modules_enabled = {
+    "bosh";
+    "pubsub";
+  }
+  c2s_require_encryption = false
 
 VirtualHost "auth.jitsi.deuxfleurs.fr"
-    ssl = {
-        key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
-        certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
-    }
-    authentication = "internal_plain"
-
-admins = { "focus@auth.jitsi.deuxfleurs.fr" }
+  ssl = {
+    key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
+    certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
+  }
+  authentication = "internal_plain"
+  admins = { "focus@auth.jitsi.deuxfleurs.fr"}
 
 Component "conference.jitsi.deuxfleurs.fr" "muc"
+Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
+  storage = "memory"
+  modules_enabled = { "ping"; }
+  admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
+
 Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
     component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
 Component "focus.jitsi.deuxfleurs.fr"
     component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
+
 EOF
 
 ln -sf \

app/build/jitsi-xmpp/xmpp_run

@@ -10,6 +10,7 @@ ln -sf \
   /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
 
 prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
+prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}
 
 mkdir /run/prosody
 touch /run/prosody/prosody.pid