WIP integration jitsi

11 files changed, 88 insertions, 62 deletions

diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile
index a682984..b32953a 100644
--- a/app/jitsi/build/jitsi-xmpp/Dockerfile
+++ b/app/jitsi/build/jitsi-xmpp/Dockerfile
@@ -5,15 +5,16 @@ ARG VERSION
 RUN apt-get update && \
     apt-get install -y prosody=${VERSION}
 
-mkdir -p /usr/local/share/ca-certificates/
-ln -sf \
-  /var/lib/prosody/auth.jitsi.crt \
-  /usr/local/share/ca-certificates/auth.jitsi.crt
+RUN mkdir -p /usr/local/share/ca-certificates/ && \
+    ln -sf \
+      /var/lib/prosody/certs/auth.jitsi.crt \
+      /usr/local/share/ca-certificates/auth.jitsi.crt && \
+    mkdir /run/prosody && \
+    touch /run/prosody/prosody.pid && \
+    mkdir -p /var/lib/prosody
 
-COPY xmpp_gen /usr/local/bin/xmpp_gen
-COPY xmpp_run /usr/local/bin/xmpp_run
+COPY xmpp_root /usr/local/bin/xmpp_root
+COPY xmpp_prosody /usr/local/bin/xmpp_prosody
 
-USER prosody
-RUN mkdir /run/prosody && touch /run/prosody/prosody.pid
 WORKDIR /var/lib/prosody
-CMD ["/usr/local/bin/xmpp_run"]
+CMD ["/usr/local/bin/xmpp_root"]
diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_gen b/app/jitsi/build/jitsi-xmpp/xmpp_gen
deleted file mode 100755
index a66aad8..0000000
--- a/app/jitsi/build/jitsi-xmpp/xmpp_gen
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-prosodyctl cert generate jitsi.deuxfleurs.fr
-prosodyctl cert generate auth.jitsi.deuxfleurs.fr
diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_prosody b/app/jitsi/build/jitsi-xmpp/xmpp_prosody
new file mode 100755
index 0000000..1101302
--- /dev/null
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_prosody
@@ -0,0 +1,5 @@
+#!/bin/bash
+chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody
+
+cat /etc/prosody/accounts.txt | xargs -n3 prosodyctl register
+exec prosody
diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_root b/app/jitsi/build/jitsi-xmpp/xmpp_root
new file mode 100755
index 0000000..293915f
--- /dev/null
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_root
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody
+exec su -s /bin/bash -c /usr/local/bin/xmpp_prosody - prosody
diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_run b/app/jitsi/build/jitsi-xmpp/xmpp_run
deleted file mode 100755
index 81329d2..0000000
--- a/app/jitsi/build/jitsi-xmpp/xmpp_run
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
-prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}
-exec prosody
diff --git a/app/jitsi/integration/01_gen_certs.yml b/app/jitsi/integration/01_gen_certs.yml
deleted file mode 100644
index bf73291..0000000
--- a/app/jitsi/integration/01_gen_certs.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-version: '3'
-services:
-  jitsi-xmpp:
-    image: superboum/amd64_jitsi_xmpp:v2
-    command: ["/usr/local/bin/xmpp_gen"]
-    volumes: [ './jitsi-certs/:/certs:rw' ]
-    env_file: [ 'dev.env' ]
-
diff --git a/app/jitsi/integration/02_run.yml b/app/jitsi/integration/02_run.yml
deleted file mode 100644
index 73eefad..0000000
--- a/app/jitsi/integration/02_run.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-version: '3.4'
-services:
-  jitsi-xmpp:
-    image: superboum/amd64_jitsi_xmpp:v3
-    ports:
-      - "5222:5222"
-      - "5347:5347"
-      - "5280:5280"
-    env_file: [ 'dev.env' ]
-    volumes: [ './jitsi-certs/:/certs:ro' ]
-  jitsi-meet:
-    image: superboum/amd64_jitsi_meet:v1
-    ports:
-      - "443:443"
-    env_file: [ 'dev.env' ]
-    volumes: [ './jitsi-certs/:/certs:ro' ]
-  jitsi-conference-focus:
-    image: superboum/amd64_jitsi_conference_focus:v4
-    env_file: [ 'dev.env' ]
-    volumes: [ './jitsi-certs/:/certs:ro' ]
-  jitsi-videobridge:
-    image: superboum/amd64_jitsi_videobridge:v14
-    ports:
-      - "8080:8080/tcp"
-      - "10000:10000/udp"
-    env_file: [ 'dev.env' ]
-    volumes: [ './jitsi-certs/:/certs:ro' ]
diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md
index e295745..d2d25c1 100644
--- a/app/jitsi/integration/README.md
+++ b/app/jitsi/integration/README.md
@@ -46,6 +46,12 @@ But we can see this is a deprecated thing, it has been already removed from mast
 For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set
 But maybe this value is deprecated: the check is still here but it is not used anymore?!
 
+## Generate certs with prosody
+```
+prosodyctl cert generate auth.jitsi
+prosodyctl cert generate jitsi
+```
+
 ## Resources to understand jitsi
 
   - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst)
diff --git a/app/jitsi/integration/docker-compose.yml b/app/jitsi/integration/docker-compose.yml
new file mode 100644
index 0000000..0a4012a
--- /dev/null
+++ b/app/jitsi/integration/docker-compose.yml
@@ -0,0 +1,22 @@
+version: '3.4'
+services:
+  jitsi-xmpp:
+    image: superboum/amd64_jitsi_xmpp:v9
+    volumes:
+      - "./prosody/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua"
+      - "./prosody/accounts.txt:/etc/prosody/accounts.txt"
+      - "./prosody/certs/jitsi.crt:/var/lib/prosody/jitsi.crt"
+      - "./prosody/certs/jitsi.key:/var/lib/prosody/jitsi.key"
+      - "./prosody/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt"
+      - "./prosody/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key"
+  jitsi-meet:
+    image: superboum/amd64_jitsi_meet:v1
+    ports:
+      - "443:443"
+  jitsi-conference-focus:
+    image: superboum/amd64_jitsi_conference_focus:v4
+  jitsi-videobridge:
+    image: superboum/amd64_jitsi_videobridge:v14
+    ports:
+      - "8080:8080/tcp"
+      - "10000:10000/udp"
diff --git a/app/jitsi/integration/prosody/accounts.txt b/app/jitsi/integration/prosody/accounts.txt
new file mode 100644
index 0000000..ef4f2cd
--- /dev/null
+++ b/app/jitsi/integration/prosody/accounts.txt
@@ -0,0 +1,2 @@
+focus auth.jitsi xxx
+jvb auth.jitsi yyy
diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua
index edfd820..5f18e2a 100644
--- a/app/jitsi/integration/prosody/prosody.cfg.lua
+++ b/app/jitsi/integration/prosody/prosody.cfg.lua
@@ -1,12 +1,41 @@
-component_ports = { 5347 }
+daemonize = false
+allow_registration = false
+use_libevent = true
 component_interface = "0.0.0.0"
-http_ports = { ${JITSI_PROSODY_BOSH_PORT} }
+component_ports = { 5347 }
+http_ports = { 5280 }
+
+-- Not sure all modules are required
+modules_enabled = {
+  "roster"; -- Allow users to have a roster. Recommended ;)
+  "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+  "tls"; -- Add support for secure TLS on c2s/s2s connections
+  "dialback"; -- s2s dialback support
+  "disco"; -- Service discovery
+  "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+  "compression"; -- Stream compression (requires the lua-zlib package installed)
+  "version"; -- Replies to server version requests
+  "uptime"; -- Report how long server has been running
+  "time"; -- Let others know the time here on this server
+  "ping"; -- Replies to XMPP pings with pongs
+  "pep"; -- Enables users to publish their mood, activity, playing music and more
+  -- jitsi
+  "smacks";
+  "carbons";
+  "mam";
+  "lastactivity";
+  "offline";
+  "pubsub";
+  "adhoc";
+  "websocket";
+  "http_altconnect";
+}
+
 log = {
-  error="/dev/stderr"
-  info="/dev/stdout"
+ "*console";
 }
 
-VirtualHost "jitsi.deuxfleurs.fr"
+VirtualHost "jitsi"
   authentication = "anonymous"
   ssl = {
     key = "/var/lib/prosody/jitsi.key";
@@ -18,17 +47,17 @@ VirtualHost "jitsi.deuxfleurs.fr"
   }
   c2s_require_encryption = false
 
-VirtualHost "auth.jitsi.deuxfleurs.fr"
+VirtualHost "auth.jitsi"
   ssl = {
     key = "/var/lib/prosody/auth.jitsi.key";
     certificate = "/var/lib/prosody/auth.jitsi.crt";
   }
   authentication = "internal_plain"
-  admins = { "focus@auth.jitsi.deuxfleurs.fr"}
+  admins = { "focus@auth.jitsi"}
 
-Component "conference.jitsi.deuxfleurs.fr" "muc"
-Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
+Component "conference.jitsi" "muc"
+Component "internal.auth.jitsi" "muc"
   storage = "memory"
   modules_enabled = { "ping"; }
-  admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
+  admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }