forked from Deuxfleurs/infrastructure
Merge branch 'feature/rebase'
This commit is contained in:
commit
484c3fe667
206 changed files with 204 additions and 139 deletions
2
.gitmodules
vendored
2
.gitmodules
vendored
|
@ -1,5 +1,5 @@
|
|||
[submodule "docker/static/goStatic"]
|
||||
path = docker/static/goStatic
|
||||
path = app/build/static/goStatic
|
||||
url = https://github.com/PierreZ/goStatic
|
||||
[submodule "docker/blog/quentin.dufour.io"]
|
||||
path = docker/blog-quentin/quentin.dufour.io
|
||||
|
|
17
README.md
17
README.md
|
@ -10,7 +10,7 @@ We try to build a generic abstraction stack between our different resources (CPU
|
|||
* ansible (physical node conf)
|
||||
* nomad (schedule containers)
|
||||
* consul (distributed key value store / lock / service discovery)
|
||||
* glusterfs (file storage)
|
||||
* garage/glusterfs (file storage)
|
||||
* stolon + postgresql (distributed relational database)
|
||||
* docker (container tool)
|
||||
* bottin (LDAP server, auth)
|
||||
|
@ -23,6 +23,21 @@ Some services we provide:
|
|||
|
||||
As a generic abstraction is provided, deploying new services should be easy.
|
||||
|
||||
## I am lost, how this repo works?
|
||||
|
||||
To ease the development, we make the choice of a fully integrated environment
|
||||
|
||||
1. `os` the base os for the cluster
|
||||
1. `build`: where you will build our OS image based on Debian that you will install on your server
|
||||
2. `config`: our Ansible recipes to configure and update your freshly installed server
|
||||
2. `apps` apps we deploy on the cluster
|
||||
1. `build`: our Docker files to build immutable images of our applications
|
||||
2. `integration`: Our Docker compose files to test locally how our built images interact together
|
||||
3. `config`: Files containing application configurations to be deployed on Consul Key Value Store
|
||||
4. `deployment`: Files containing application definitions to be deployed on Nomad Scheduler
|
||||
3. `op_guide`: Guides to explain you operations you can do cluster wide (like configuring postgres)
|
||||
|
||||
|
||||
## Start hacking
|
||||
|
||||
### Clone the repository
|
||||
|
|
63
app/build/docker-compose.yml
Normal file
63
app/build/docker-compose.yml
Normal file
|
@ -0,0 +1,63 @@
|
|||
version: '3.4'
|
||||
services:
|
||||
|
||||
# Instant Messaging
|
||||
riot:
|
||||
build:
|
||||
context: ./riotweb
|
||||
args:
|
||||
# https://github.com/vector-im/riot-web/releases
|
||||
VERSION: 1.7.5
|
||||
image: superboum/amd64_riotweb:v15
|
||||
|
||||
synapse:
|
||||
build:
|
||||
context: ./matrix-synapse
|
||||
args:
|
||||
# https://github.com/matrix-org/synapse/releases
|
||||
VERSION: 1.19.1
|
||||
image: superboum/amd64_synapse:v33
|
||||
|
||||
# Email
|
||||
sogo:
|
||||
build:
|
||||
context: ./sogo
|
||||
args:
|
||||
# fake for now
|
||||
VERSION: 5.0.0
|
||||
image: superboum/amd64_sogo:v7
|
||||
|
||||
# VoIP
|
||||
jitsi-meet:
|
||||
build:
|
||||
context: ./jitsi-meet
|
||||
args:
|
||||
# https://github.com/jitsi/jitsi-meet
|
||||
PREFIXV: stable/jitsi-meet_
|
||||
VERSION: 4966
|
||||
image: superboum/amd64_jitsi_meet:v1
|
||||
|
||||
jitsi-conference-focus:
|
||||
build:
|
||||
context: ./jitsi-conference-focus
|
||||
args:
|
||||
# https://github.com/jitsi/jicofo
|
||||
PREFIXV: stable/jitsi-meet_
|
||||
VERSION: 4966
|
||||
image: superboum/amd64_jitsi_conference_focus:v5
|
||||
|
||||
jitsi-videobridge:
|
||||
build:
|
||||
context: ./jitsi-videobridge
|
||||
args:
|
||||
# https://github.com/jitsi/jitsi-videobridge
|
||||
PREFIXV: stable/jitsi-meet_
|
||||
VERSION: 4966
|
||||
image: superboum/amd64_jitsi_videobridge:v15
|
||||
|
||||
jitsi-xmpp:
|
||||
build:
|
||||
context: ./jitsi-xmpp
|
||||
args:
|
||||
VERSION: fake-1
|
||||
image: superboum/amd64_jitsi_xmpp:v4
|
27
app/build/jitsi-conference-focus/Dockerfile
Normal file
27
app/build/jitsi-conference-focus/Dockerfile
Normal file
|
@ -0,0 +1,27 @@
|
|||
FROM debian:buster AS builder
|
||||
|
||||
ARG PREFIXV
|
||||
ARG VERSION
|
||||
RUN apt-get update && \
|
||||
apt-get install -y openjdk-11-jdk maven wget unzip && \
|
||||
wget https://github.com/jitsi/jicofo/archive/${PREFIXV}${VERSION}.zip -O jicofo.zip
|
||||
|
||||
RUN unzip jicofo.zip && \
|
||||
mv jicofo*${VERSION} jicofo && \
|
||||
cd jicofo && \
|
||||
mvn package -DskipTests -Dassembly.skipAssembly=false && \
|
||||
unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
|
||||
mv jicofo-1.1-SNAPSHOT /srv/build
|
||||
|
||||
FROM debian:buster
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y openjdk-11-jre-headless ca-certificates
|
||||
|
||||
ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi"
|
||||
|
||||
COPY --from=builder /srv/build /srv/jicofo
|
||||
COPY jicofo /usr/local/bin/jicofo
|
||||
COPY sip-communicator.properties /root/.sip-communicator/sip-communicator.properties
|
||||
|
||||
CMD ["/usr/local/bin/jicofo"]
|
|
@ -0,0 +1,2 @@
|
|||
org.jitsi.jicofo.SHORT_ID=1
|
||||
org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
|
28
app/build/jitsi-meet/Dockerfile
Normal file
28
app/build/jitsi-meet/Dockerfile
Normal file
|
@ -0,0 +1,28 @@
|
|||
FROM debian:buster AS builder
|
||||
|
||||
ARG PREFIXV
|
||||
ARG VERSION
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y curl && \
|
||||
curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
|
||||
apt-get install -y git nodejs make wget unzip && \
|
||||
wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${VERSION}.zip -O jitsi-meet.zip
|
||||
|
||||
RUN unzip jitsi-meet.zip && \
|
||||
mv jitsi-meet-*${VERSION} jitsi-meet && \
|
||||
cd jitsi-meet && \
|
||||
npm install && \
|
||||
make
|
||||
|
||||
FROM debian:buster
|
||||
|
||||
COPY --from=builder /jitsi-meet /srv/jitsi-meet
|
||||
RUN apt-get update && \
|
||||
apt-get install -y nginx && \
|
||||
rm /etc/nginx/sites-enabled/*
|
||||
|
||||
COPY config.js /srv/jitsi-meet/config.js
|
||||
COPY entrypoint.sh /usr/local/bin/entrypoint
|
||||
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
||||
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
|
|
@ -1,21 +1,24 @@
|
|||
FROM debian:buster AS builder
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y wget unzip maven openjdk-11-jdk
|
||||
ARG PREFIXV
|
||||
ARG VERSION
|
||||
|
||||
ENV VERSION=4468
|
||||
RUN wget https://github.com/jitsi/jitsi-videobridge/archive/stable/jitsi-meet_${VERSION}.zip -O jvb.zip && \
|
||||
unzip jvb.zip && \
|
||||
mv jitsi-videobridge-stable-jitsi-meet_${VERSION} jvb && \
|
||||
RUN apt-get update && \
|
||||
apt-get install -y wget unzip maven openjdk-11-jdk && \
|
||||
wget https://github.com/jitsi/jitsi-videobridge/archive/${PREFIXV}${VERSION}.zip -O jvb.zip
|
||||
|
||||
RUN unzip jvb.zip && \
|
||||
mv jitsi-videobridge*${VERSION} jvb && \
|
||||
cd jvb && \
|
||||
mvn package -DskipTests && \
|
||||
unzip target/jitsi-videobridge-*.zip && \
|
||||
ls jvb/target && \
|
||||
unzip jvb/target/jitsi-videobridge*.zip && \
|
||||
mv jitsi-videobridge-*-SNAPSHOT build
|
||||
|
||||
FROM debian:buster
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y openjdk-11-jdk
|
||||
apt-get install -y openjdk-11-jre-headless
|
||||
|
||||
COPY --from=builder /jvb/build /srv/jvb
|
||||
ENV HOME=/root
|
|
@ -8,9 +8,24 @@ EOF
|
|||
mkdir -p /root/.sip-communicator
|
||||
|
||||
cat > /root/.sip-communicator/sip-communicator.properties <<EOF
|
||||
# Enable broadcasting stats/presence in a MUC
|
||||
org.jitsi.videobridge.ENABLE_STATISTICS=true
|
||||
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
|
||||
|
||||
# Connect to the first XMPP server
|
||||
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=jitsi.deuxfleurs.fr
|
||||
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi.deuxfleurs.fr
|
||||
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
|
||||
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=${JITSI_SECRET_VIDEOBRIDGE}
|
||||
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
|
||||
org.jitsi.videobridge.xmpp.user.shard.MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
|
||||
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=singleton
|
||||
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
|
||||
|
||||
# Do we need it? @FIXME
|
||||
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
|
||||
# The videobridge uses 443 by default with 4443 as a fallback, but since we're already
|
||||
# running nginx on 443 in this example doc, we specify 4443 manually to avoid a race condition
|
||||
|
||||
# NAT things, two times just in case...
|
||||
org.ice4j.ice.harvest.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP}
|
||||
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
|
||||
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
|
||||
|
@ -35,4 +50,5 @@ EOF
|
|||
--host=${JITSI_PROSODY_HOST} \
|
||||
--domain=jitsi.deuxfleurs.fr \
|
||||
--port=5347 \
|
||||
--secret=${JITSI_SECRET_VIDEOBRIDGE}
|
||||
--secret=${JITSI_SECRET_VIDEOBRIDGE} \
|
||||
--apis=xmpp,rest
|
|
@ -8,31 +8,36 @@ EOF
|
|||
mkdir -p /etc/prosody/conf.{d,avail}/
|
||||
cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
|
||||
VirtualHost "jitsi.deuxfleurs.fr"
|
||||
authentication = "anonymous"
|
||||
ssl = {
|
||||
key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
|
||||
certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
|
||||
}
|
||||
modules_enabled = {
|
||||
"bosh";
|
||||
"pubsub";
|
||||
}
|
||||
c2s_require_encryption = false
|
||||
authentication = "anonymous"
|
||||
ssl = {
|
||||
key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
|
||||
certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
|
||||
}
|
||||
modules_enabled = {
|
||||
"bosh";
|
||||
"pubsub";
|
||||
}
|
||||
c2s_require_encryption = false
|
||||
|
||||
VirtualHost "auth.jitsi.deuxfleurs.fr"
|
||||
ssl = {
|
||||
key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
|
||||
certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
|
||||
}
|
||||
authentication = "internal_plain"
|
||||
|
||||
admins = { "focus@auth.jitsi.deuxfleurs.fr" }
|
||||
ssl = {
|
||||
key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
|
||||
certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
|
||||
}
|
||||
authentication = "internal_plain"
|
||||
admins = { "focus@auth.jitsi.deuxfleurs.fr"}
|
||||
|
||||
Component "conference.jitsi.deuxfleurs.fr" "muc"
|
||||
Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
|
||||
storage = "memory"
|
||||
modules_enabled = { "ping"; }
|
||||
admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
|
||||
|
||||
Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
|
||||
component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
|
||||
Component "focus.jitsi.deuxfleurs.fr"
|
||||
component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
|
||||
|
||||
EOF
|
||||
|
||||
ln -sf \
|
|
@ -10,6 +10,7 @@ ln -sf \
|
|||
/usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
|
||||
|
||||
prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
|
||||
prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}
|
||||
|
||||
mkdir /run/prosody
|
||||
touch /run/prosody/prosody.pid
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue