diff options
author | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
---|---|---|
committer | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
commit | ad6017eea058f7cb6fdf078783f992a4f45a3e15 (patch) | |
tree | 6620bcc9e1ea61a5689b763b9ad8280275e35e76 /app/jitsi/build/jitsi-xmpp | |
parent | 79b7273ff2a487d6721d393682c8ad3927467a75 (diff) | |
parent | c642370def01f09d966b3b9c643cfe416ea115cf (diff) | |
download | infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.tar.gz infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.zip |
Merge pull request 'Reorganize app/ and add script for secret management' (#29) from test_reorganize into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/29
Diffstat (limited to 'app/jitsi/build/jitsi-xmpp')
-rw-r--r-- | app/jitsi/build/jitsi-xmpp/Dockerfile | 13 | ||||
-rw-r--r-- | app/jitsi/build/jitsi-xmpp/external_components.cfg.lua | 2 | ||||
-rwxr-xr-x | app/jitsi/build/jitsi-xmpp/xmpp_conf | 49 | ||||
-rwxr-xr-x | app/jitsi/build/jitsi-xmpp/xmpp_gen | 9 | ||||
-rwxr-xr-x | app/jitsi/build/jitsi-xmpp/xmpp_run | 20 |
5 files changed, 93 insertions, 0 deletions
diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile new file mode 100644 index 0000000..f3dcd36 --- /dev/null +++ b/app/jitsi/build/jitsi-xmpp/Dockerfile @@ -0,0 +1,13 @@ +FROM debian:buster + +ARG VERSION + +RUN apt-get update && \ + apt-get install -y prosody=${VERSION} + +COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua +COPY xmpp_conf /usr/local/bin/xmpp_conf +COPY xmpp_gen /usr/local/bin/xmpp_gen +COPY xmpp_run /usr/local/bin/xmpp_run + +CMD ["/usr/local/bin/xmpp_run"] diff --git a/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua b/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua new file mode 100644 index 0000000..beaaa87 --- /dev/null +++ b/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua @@ -0,0 +1,2 @@ +component_ports = { 5347 } +component_interface = "0.0.0.0" diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_conf b/app/jitsi/build/jitsi-xmpp/xmpp_conf new file mode 100755 index 0000000..34b2cb3 --- /dev/null +++ b/app/jitsi/build/jitsi-xmpp/xmpp_conf @@ -0,0 +1,49 @@ +#!/bin/bash + +cat >> /etc/hosts <<EOF +${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr +127.0.0.1 `hostname` +EOF + +mkdir -p /etc/prosody/conf.{d,avail}/ +cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF +http_ports = { ${JITSI_PROSODY_BOSH_PORT} } + +VirtualHost "jitsi.deuxfleurs.fr" + authentication = "anonymous" + ssl = { + key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key"; + certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt"; + } + modules_enabled = { + "bosh"; + "pubsub"; + } + c2s_require_encryption = false + +VirtualHost "auth.jitsi.deuxfleurs.fr" + ssl = { + key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key"; + certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt"; + } + authentication = "internal_plain" + admins = { "focus@auth.jitsi.deuxfleurs.fr"} + +Component "conference.jitsi.deuxfleurs.fr" "muc" +Component "internal.auth.jitsi.deuxfleurs.fr" "muc" + storage = "memory" + modules_enabled = { "ping"; } + admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" } + +Component "jitsi-videobridge.jitsi.deuxfleurs.fr" + component_secret = "${JITSI_SECRET_VIDEOBRIDGE}" +Component "focus.jitsi.deuxfleurs.fr" + component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}" + +EOF + +ln -sf \ + /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \ + /etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua + + diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_gen b/app/jitsi/build/jitsi-xmpp/xmpp_gen new file mode 100755 index 0000000..3a2e04a --- /dev/null +++ b/app/jitsi/build/jitsi-xmpp/xmpp_gen @@ -0,0 +1,9 @@ +#!/bin/bash + +/usr/local/bin/xmpp_conf + +prosodyctl cert generate jitsi.deuxfleurs.fr +prosodyctl cert generate auth.jitsi.deuxfleurs.fr + +cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER} +cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER} diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_run b/app/jitsi/build/jitsi-xmpp/xmpp_run new file mode 100755 index 0000000..6383b65 --- /dev/null +++ b/app/jitsi/build/jitsi-xmpp/xmpp_run @@ -0,0 +1,20 @@ +#!/bin/bash + +/usr/local/bin/xmpp_conf +cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/ +chown -R prosody:prosody /var/lib/prosody + +mkdir -p /usr/local/share/ca-certificates/ +ln -sf \ + /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \ + /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt + +prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} +prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE} + +mkdir /run/prosody +touch /run/prosody/prosody.pid +chown -R prosody:prosody /run/prosody + +cd /var/lib/prosody +su - prosody -s /bin/bash -c prosody |