Merge branch 'main' of gitlab.com:domaindrivenarchitecture/c4k-jitsi
commit
b627e3d5c1
@ -1,9 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# != 4 ]
|
||||
then
|
||||
echo "expected 4 arguments (webserver-pod-name, username, email, password)"
|
||||
exit -1
|
||||
fi
|
||||
|
||||
kubectl exec $1 -- python3 manage.py shell -c "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$2', '$3', '$4')"
|
Binary file not shown.
Before Width: | Height: | Size: 48 KiB After Width: | Height: | Size: 83 KiB |
@ -1,56 +1,14 @@
|
||||
(ns dda.c4k-jitsi.uberjar
|
||||
(:gen-class)
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
[clojure.string :as cs]
|
||||
[clojure.tools.reader.edn :as edn]
|
||||
[expound.alpha :as expound]
|
||||
[dda.c4k-common.uberjar :as uberjar]
|
||||
[dda.c4k-jitsi.core :as core]))
|
||||
|
||||
(def usage
|
||||
"usage:
|
||||
|
||||
c4k-jitsi {your configuraton file} {your authorization file}")
|
||||
|
||||
(s/def ::options (s/* #{"-h"}))
|
||||
(s/def ::filename (s/and string?
|
||||
#(not (cs/starts-with? % "-"))))
|
||||
(s/def ::cmd-args (s/cat :options ::options
|
||||
:args (s/?
|
||||
(s/cat :config ::filename
|
||||
:auth ::filename))))
|
||||
|
||||
(defn expound-config
|
||||
[config]
|
||||
(expound/expound ::core/config config))
|
||||
|
||||
(defn invalid-args-msg
|
||||
[spec args]
|
||||
(s/explain spec args)
|
||||
(println (str "Bad commandline arguments\n" usage)))
|
||||
|
||||
(defn -main [& cmd-args]
|
||||
(let [parsed-args-cmd (s/conform ::cmd-args cmd-args)]
|
||||
(if (= ::s/invalid parsed-args-cmd)
|
||||
(invalid-args-msg ::cmd-args cmd-args)
|
||||
(let [{:keys [options args]} parsed-args-cmd
|
||||
{:keys [config auth]} args]
|
||||
(cond
|
||||
(some #(= "-h" %) options)
|
||||
(println usage)
|
||||
:default
|
||||
(let [config-str (slurp config)
|
||||
auth-str (slurp auth)
|
||||
config-edn (edn/read-string config-str)
|
||||
auth-edn (edn/read-string auth-str)
|
||||
config-valid? (s/valid? core/config? config-edn)
|
||||
auth-valid? (s/valid? core/auth? auth-edn)]
|
||||
(if (and config-valid? auth-valid?)
|
||||
(println (core/generate config-edn auth-edn))
|
||||
(do
|
||||
(when (not config-valid?)
|
||||
(println
|
||||
(expound/expound-str core/config? config-edn {:print-specs? false})))
|
||||
(when (not auth-valid?)
|
||||
(println
|
||||
(expound/expound-str core/auth? auth-edn {:print-specs? false})))))))))))
|
||||
(uberjar/main-common
|
||||
"c4k-jitsi"
|
||||
core/config?
|
||||
core/auth?
|
||||
core/config-defaults
|
||||
core/k8s-objects
|
||||
cmd-args))
|
||||
|
@ -1,35 +1,41 @@
|
||||
(ns dda.c4k-jitsi.core
|
||||
(:require
|
||||
[clojure.string :as cs]
|
||||
[clojure.spec.alpha :as s]
|
||||
#?(:clj [orchestra.core :refer [defn-spec]]
|
||||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||
[dda.c4k-common.common :as cm]
|
||||
[dda.c4k-common.predicate :as cp]
|
||||
[dda.c4k-common.monitoring :as mon]
|
||||
[dda.c4k-common.yaml :as yaml]
|
||||
[dda.c4k-jitsi.jitsi :as jitsi]))
|
||||
|
||||
(def config-defaults {:issuer :staging})
|
||||
(def config-defaults {:issuer "staging"})
|
||||
|
||||
(s/def ::mon-cfg mon/config?)
|
||||
(s/def ::mon-auth mon/auth?)
|
||||
|
||||
(def config? (s/keys :req-un [::jitsi/fqdn]
|
||||
:opt-un [::jitsi/issuer ::jitsi/ingress-type]))
|
||||
:opt-un [::jitsi/issuer
|
||||
::mon-cfg]))
|
||||
|
||||
(def auth? (s/keys :req-un [::jitsi/jvb-auth-password ::jitsi/jicofo-auth-password ::jitsi/jicofo-component-secret]))
|
||||
(def auth? (s/keys :req-un [::jitsi/jvb-auth-password
|
||||
::jitsi/jicofo-auth-password
|
||||
::jitsi/jicofo-component-secret]
|
||||
:opt-un [::mon-auth]))
|
||||
|
||||
(defn k8s-objects [config]
|
||||
(defn-spec k8s-objects cp/map-or-seq?
|
||||
[config config?
|
||||
auth auth?]
|
||||
(map yaml/to-string
|
||||
[(jitsi/generate-secret-jitsi config)
|
||||
(jitsi/generate-certificate-jitsi config)
|
||||
(jitsi/generate-certificate-etherpad config)
|
||||
(jitsi/generate-jvb-service)
|
||||
(jitsi/generate-web-service)
|
||||
(jitsi/generate-etherpad-service)
|
||||
(jitsi/generate-ingress-jitsi config)
|
||||
(jitsi/generate-ingress-etherpad config)
|
||||
(jitsi/generate-deployment config)]))
|
||||
|
||||
(defn-spec generate any?
|
||||
[my-config config?
|
||||
my-auth auth?]
|
||||
(let [resulting-config (merge config-defaults my-config my-auth)]
|
||||
(cs/join
|
||||
"\n---\n"
|
||||
(k8s-objects resulting-config))))
|
||||
(filter
|
||||
#(not (nil? %))
|
||||
(cm/concat-vec
|
||||
[(jitsi/generate-secret-jitsi auth)
|
||||
(jitsi/generate-jvb-service)
|
||||
(jitsi/generate-web-service)
|
||||
(jitsi/generate-etherpad-service)
|
||||
(jitsi/generate-deployment config)]
|
||||
(jitsi/generate-ingress-web config)
|
||||
(jitsi/generate-ingress-etherpad config)
|
||||
(when (:contains? config :mon-cfg)
|
||||
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))
|
||||
|
@ -1,15 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: etherpad-cert
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: etherpad-cert
|
||||
commonName: REPLACE_ETHERPAD_FQDN
|
||||
duration: 2160h # 90d
|
||||
renewBefore: 360h # 15d
|
||||
dnsNames:
|
||||
- REPLACE_ETHERPAD_FQDN
|
||||
issuerRef:
|
||||
name: REPLACEME
|
||||
kind: ClusterIssuer
|
@ -1,15 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: jitsi-cert
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: jitsi-cert
|
||||
commonName: REPLACE_JITSI_FQDN
|
||||
duration: 2160h # 90d
|
||||
renewBefore: 360h # 15d
|
||||
dnsNames:
|
||||
- REPLACE_JITSI_FQDN
|
||||
issuerRef:
|
||||
name: REPLACEME
|
||||
kind: ClusterIssuer
|
@ -1,23 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: etherpad
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: REPLACEME
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- REPLACE_ETHERPAD_FQDN
|
||||
secretName: etherpad-cert
|
||||
rules:
|
||||
- host: REPLACE_ETHERPAD_FQDN
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: etherpad
|
||||
port:
|
||||
number: 9001
|
@ -1,23 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: jitsi
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: REPLACEME
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- REPLACE_JITSI_FQDN
|
||||
secretName: jitsi-cert
|
||||
rules:
|
||||
- host: REPLACE_JITSI_FQDN
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: web
|
||||
port:
|
||||
number: 80
|
@ -0,0 +1,20 @@
|
||||
(ns dda.c4k-jitsi.core-test
|
||||
(:require
|
||||
#?(:cljs [shadow.resource :as rc])
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[clojure.spec.alpha :as s]
|
||||
[dda.c4k-common.yaml :as yaml]
|
||||
[dda.c4k-jitsi.core :as cut]))
|
||||
|
||||
#?(:cljs
|
||||
(defmethod yaml/load-resource :jitsi-test [resource-name]
|
||||
(case resource-name
|
||||
"jitsi-test/valid-auth.yaml" (rc/inline "jitsi-test/valid-auth.yaml")
|
||||
"jitsi-test/valid-config.yaml" (rc/inline "jitsi-test/valid-config.yaml")
|
||||
(throw (js/Error. "Undefined Resource!")))))
|
||||
|
||||
(deftest validate-valid-resources
|
||||
(is (s/valid? cut/config? (yaml/load-as-edn "jitsi-test/valid-config.yaml")))
|
||||
(is (s/valid? cut/auth? (yaml/load-as-edn "jitsi-test/valid-auth.yaml")))
|
||||
)
|
@ -0,0 +1,6 @@
|
||||
jvb-auth-password: "JvbAuth"
|
||||
jicofo-auth-password: "JicofoAuth"
|
||||
jicofo-component-secret: "JicofoCompSec"
|
||||
mon-auth:
|
||||
grafana-cloud-user: "user"
|
||||
grafana-cloud-password: "password"
|
@ -0,0 +1,6 @@
|
||||
fqdn: "jitsi.test.meissa-gmbh.de"
|
||||
issuer: "staging"
|
||||
mon-cfg:
|
||||
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
|
||||
cluster-name: "jitsi"
|
||||
cluster-stage: "test"
|
@ -1,216 +0,0 @@
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: jitsi
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
|
||||
kubernetes.io/ingress.class: ''
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- jitsi.test.meissa-gmbh.de
|
||||
secretName: tls-jitsi
|
||||
rules:
|
||||
- host: jitsi.test.meissa-gmbh.de
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: web
|
||||
port:
|
||||
number: 80
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: jitsi-config
|
||||
type: Opaque
|
||||
data:
|
||||
JVB_AUTH_PASSWORD: SnZiQXV0aA==
|
||||
JICOFO_AUTH_PASSWORD: Smljb2ZvQXV0aA==
|
||||
JICOFO_COMPONENT_SECRET: Smljb2ZvQ29tcFNlYw==
|
||||
|
||||
---
|
||||
- apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
service: jvb
|
||||
name: jvb-udp
|
||||
spec:
|
||||
type: NodePort
|
||||
externalTrafficPolicy: Cluster
|
||||
ports:
|
||||
- port: 30300
|
||||
protocol: UDP
|
||||
targetPort: 30300
|
||||
nodePort: 30300
|
||||
selector:
|
||||
app: jitsi
|
||||
- apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
service: web
|
||||
name: web
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 80
|
||||
- name: https
|
||||
port: 443
|
||||
targetPort: 443
|
||||
selector:
|
||||
app: jitsi
|
||||
- apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: jitsi
|
||||
name: jitsi
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: jitsi
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: jitsi
|
||||
spec:
|
||||
containers:
|
||||
- name: jicofo
|
||||
image: jitsi/jicofo:stable-6826
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: XMPP_SERVER
|
||||
value: localhost
|
||||
- name: XMPP_DOMAIN
|
||||
value: meet.jitsi
|
||||
- name: XMPP_AUTH_DOMAIN
|
||||
value: auth.meet.jitsi
|
||||
- name: XMPP_MUC_DOMAIN
|
||||
value: muc.meet.jitsi
|
||||
- name: XMPP_INTERNAL_MUC_DOMAIN
|
||||
value: internal-muc.meet.jitsi
|
||||
- name: JICOFO_COMPONENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jitsi-config
|
||||
key: JICOFO_COMPONENT_SECRET
|
||||
- name: JICOFO_AUTH_USER
|
||||
value: focus
|
||||
- name: JICOFO_AUTH_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jitsi-config
|
||||
key: JICOFO_AUTH_PASSWORD
|
||||
- name: TZ
|
||||
value: Europe/Berlin
|
||||
- name: JVB_BREWERY_MUC
|
||||
value: jvbbrewery
|
||||
- name: prosody
|
||||
image: jitsi/prosody:stable-6826
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: PUBLIC_URL
|
||||
value: https://jitsi.test.meissa-gmbh.de
|
||||
- name: XMPP_DOMAIN
|
||||
value: meet.jitsi
|
||||
- name: XMPP_AUTH_DOMAIN
|
||||
value: auth.meet.jitsi
|
||||
- name: XMPP_MUC_DOMAIN
|
||||
value: muc.meet.jitsi
|
||||
- name: XMPP_INTERNAL_MUC_DOMAIN
|
||||
value: internal-muc.meet.jitsi
|
||||
- name: JICOFO_COMPONENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jitsi-config
|
||||
key: JICOFO_COMPONENT_SECRET
|
||||
- name: JVB_AUTH_USER
|
||||
value: jvb
|
||||
- name: JVB_AUTH_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jitsi-config
|
||||
key: JVB_AUTH_PASSWORD
|
||||
- name: JICOFO_AUTH_USER
|
||||
value: focus
|
||||
- name: JICOFO_AUTH_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jitsi-config
|
||||
key: JICOFO_AUTH_PASSWORD
|
||||
- name: TZ
|
||||
value: Europe/Berlin
|
||||
- name: JVB_TCP_HARVESTER_DISABLED
|
||||
value: 'true'
|
||||
- name: web
|
||||
image: jitsi/web:stable-6826
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: PUBLIC_URL
|
||||
value: https://jitsi.test.meissa-gmbh.de
|
||||
- name: XMPP_SERVER
|
||||
value: localhost
|
||||
- name: JICOFO_AUTH_USER
|
||||
value: focus
|
||||
- name: XMPP_DOMAIN
|
||||
value: meet.jitsi
|
||||
- name: XMPP_AUTH_DOMAIN
|
||||
value: auth.meet.jitsi
|
||||
- name: XMPP_INTERNAL_MUC_DOMAIN
|
||||
value: internal-muc.meet.jitsi
|
||||
- name: XMPP_BOSH_URL_BASE
|
||||
value: http://127.0.0.1:5280
|
||||
- name: XMPP_MUC_DOMAIN
|
||||
value: muc.meet.jitsi
|
||||
- name: TZ
|
||||
value: Europe/Berlin
|
||||
- name: JVB_TCP_HARVESTER_DISABLED
|
||||
value: 'true'
|
||||
- name: jvb
|
||||
image: jitsi/jvb:stable-6826
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: XMPP_SERVER
|
||||
value: localhost
|
||||
- name: DOCKER_HOST_ADDRESS
|
||||
value: localhost
|
||||
- name: XMPP_DOMAIN
|
||||
value: meet.jitsi
|
||||
- name: XMPP_AUTH_DOMAIN
|
||||
value: auth.meet.jitsi
|
||||
- name: XMPP_INTERNAL_MUC_DOMAIN
|
||||
value: internal-muc.meet.jitsi
|
||||
- name: JVB_STUN_SERVERS
|
||||
value: stun.1und1.de:3478,stun.t-online.de:3478,stun.hosteurope.de:3478
|
||||
- name: JICOFO_AUTH_USER
|
||||
value: focus
|
||||
- name: JVB_TCP_HARVESTER_DISABLED
|
||||
value: 'true'
|
||||
- name: JVB_AUTH_USER
|
||||
value: jvb
|
||||
- name: JVB_PORT
|
||||
value: '30300'
|
||||
- name: JVB_AUTH_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jitsi-config
|
||||
key: JVB_AUTH_PASSWORD
|
||||
- name: JICOFO_AUTH_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jitsi-config
|
||||
key: JICOFO_AUTH_PASSWORD
|
||||
- name: JVB_BREWERY_MUC
|
||||
value: jvbbrewery
|
||||
- name: TZ
|
||||
value: Europe/Berlin
|
||||
|
@ -1,3 +0,0 @@
|
||||
{:jvb-auth-password "JvbAuth"
|
||||
:jicofo-auth-password "JicofoAuth"
|
||||
:jicofo-component-secret "JicofoCompSec"}
|
@ -1,2 +0,0 @@
|
||||
{:fqdn "jitsi.test.meissa-gmbh.de"
|
||||
:issuer :staging}
|
Loading…
Reference in New Issue