Initial commit after Claude implementation

roles/jitsi/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+jitsi_data_dir: "{{ sovereign_base_dir }}/jitsi"

roles/jitsi/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart jitsi
+  community.docker.docker_compose_v2:
+    project_src: "{{ jitsi_data_dir }}"
+    state: present
+    recreate: always

roles/jitsi/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Create Jitsi directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "{{ jitsi_data_dir }}"
+    - "{{ jitsi_data_dir }}/web"
+    - "{{ jitsi_data_dir }}/prosody"
+    - "{{ jitsi_data_dir }}/jicofo"
+    - "{{ jitsi_data_dir }}/jvb"
+
+- name: Deploy Jitsi docker-compose
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: "{{ jitsi_data_dir }}/docker-compose.yml"
+    mode: '0644'
+  notify: restart jitsi
+
+- name: Start Jitsi
+  community.docker.docker_compose_v2:
+    project_src: "{{ jitsi_data_dir }}"
+    state: present

roles/jitsi/templates/docker-compose.yml.j2

@@ -0,0 +1,131 @@
+services:
+  jitsi-web:
+    image: jitsi/web:{{ jitsi_version }}
+    container_name: jitsi-web
+    restart: unless-stopped
+    environment:
+      PUBLIC_URL: "https://{{ jitsi_domain }}"
+      XMPP_SERVER: jitsi-prosody
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      XMPP_MUC_DOMAIN: muc.meet.jitsi
+      XMPP_BOSH_URL_BASE: http://jitsi-prosody:5280
+      XMPP_RECORDER_DOMAIN: recorder.meet.jitsi
+      ENABLE_AUTH: 1
+      ENABLE_GUESTS: 1
+      AUTH_TYPE: jwt
+      JWT_APP_ID: "jitsi"
+      JWT_APP_SECRET: "{{ jitsi_turn_secret }}"
+      TURN_CREDENTIALS: "{{ jitsi_turn_secret }}"
+      LETSENCRYPT_DOMAIN: "{{ jitsi_domain }}"
+      TZ: UTC
+    volumes:
+      - {{ jitsi_data_dir }}/web:/config
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.jitsi.rule=Host(`{{ jitsi_domain }}`)"
+      - "traefik.http.routers.jitsi.tls=true"
+      - "traefik.http.routers.jitsi.tls.certresolver=letsencrypt"
+      - "traefik.http.services.jitsi.loadbalancer.server.port=80"
+    networks:
+      - internal
+      - {{ sovereign_network_name }}
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
+        tag: "jitsi-web"
+
+  jitsi-prosody:
+    image: jitsi/prosody:{{ jitsi_version }}
+    container_name: jitsi-prosody
+    restart: unless-stopped
+    environment:
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_MUC_DOMAIN: muc.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      XMPP_RECORDER_DOMAIN: recorder.meet.jitsi
+      JICOFO_AUTH_USER: focus
+      JICOFO_AUTH_PASSWORD: "{{ jitsi_jicofo_auth_password }}"
+      JVB_AUTH_USER: jvb
+      JVB_AUTH_PASSWORD: "{{ jitsi_jvb_auth_password }}"
+      JIBRI_RECORDER_USER: recorder
+      JIBRI_RECORDER_PASSWORD: "{{ jitsi_jibri_recorder_password }}"
+      JIBRI_XMPP_USER: jibri
+      JIBRI_XMPP_PASSWORD: "{{ jitsi_jibri_xmpp_password }}"
+      JWT_APP_ID: "jitsi"
+      JWT_APP_SECRET: "{{ jitsi_turn_secret }}"
+      ENABLE_AUTH: 1
+      ENABLE_GUESTS: 1
+      AUTH_TYPE: jwt
+      TZ: UTC
+    volumes:
+      - {{ jitsi_data_dir }}/prosody:/config
+    networks:
+      - internal
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
+        tag: "jitsi-prosody"
+
+  jitsi-jicofo:
+    image: jitsi/jicofo:{{ jitsi_version }}
+    container_name: jitsi-jicofo
+    restart: unless-stopped
+    depends_on:
+      - jitsi-prosody
+    environment:
+      XMPP_SERVER: jitsi-prosody
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      JICOFO_AUTH_USER: focus
+      JICOFO_AUTH_PASSWORD: "{{ jitsi_jicofo_auth_password }}"
+      JVB_BREWERY_MUC: jvbbrewery
+      TZ: UTC
+    volumes:
+      - {{ jitsi_data_dir }}/jicofo:/config
+    networks:
+      - internal
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
+        tag: "jitsi-jicofo"
+
+  jitsi-jvb:
+    image: jitsi/jvb:{{ jitsi_version }}
+    container_name: jitsi-jvb
+    restart: unless-stopped
+    depends_on:
+      - jitsi-prosody
+    environment:
+      XMPP_SERVER: jitsi-prosody
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      JVB_AUTH_USER: jvb
+      JVB_AUTH_PASSWORD: "{{ jitsi_jvb_auth_password }}"
+      JVB_BREWERY_MUC: jvbbrewery
+      JVB_PORT: 10000
+      JVB_TCP_HARVESTER_DISABLED: "true"
+      TZ: UTC
+    ports:
+      - "10000:10000/udp"
+    volumes:
+      - {{ jitsi_data_dir }}/jvb:/config
+    networks:
+      - internal
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
+        tag: "jitsi-jvb"
+
+networks:
+  internal:
+  {{ sovereign_network_name }}:
+    external: true