Merge branch 'main' of gitlab.com:domaindrivenarchitecture/c4k-jitsi
commit
b627e3d5c1
@ -1,9 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ $# != 4 ]
|
|
||||||
then
|
|
||||||
echo "expected 4 arguments (webserver-pod-name, username, email, password)"
|
|
||||||
exit -1
|
|
||||||
fi
|
|
||||||
|
|
||||||
kubectl exec $1 -- python3 manage.py shell -c "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$2', '$3', '$4')"
|
|
Binary file not shown.
Before Width: | Height: | Size: 48 KiB After Width: | Height: | Size: 83 KiB |
@ -1,56 +1,14 @@
|
|||||||
(ns dda.c4k-jitsi.uberjar
|
(ns dda.c4k-jitsi.uberjar
|
||||||
(:gen-class)
|
(:gen-class)
|
||||||
(:require
|
(:require
|
||||||
[clojure.spec.alpha :as s]
|
[dda.c4k-common.uberjar :as uberjar]
|
||||||
[clojure.string :as cs]
|
|
||||||
[clojure.tools.reader.edn :as edn]
|
|
||||||
[expound.alpha :as expound]
|
|
||||||
[dda.c4k-jitsi.core :as core]))
|
[dda.c4k-jitsi.core :as core]))
|
||||||
|
|
||||||
(def usage
|
|
||||||
"usage:
|
|
||||||
|
|
||||||
c4k-jitsi {your configuraton file} {your authorization file}")
|
|
||||||
|
|
||||||
(s/def ::options (s/* #{"-h"}))
|
|
||||||
(s/def ::filename (s/and string?
|
|
||||||
#(not (cs/starts-with? % "-"))))
|
|
||||||
(s/def ::cmd-args (s/cat :options ::options
|
|
||||||
:args (s/?
|
|
||||||
(s/cat :config ::filename
|
|
||||||
:auth ::filename))))
|
|
||||||
|
|
||||||
(defn expound-config
|
|
||||||
[config]
|
|
||||||
(expound/expound ::core/config config))
|
|
||||||
|
|
||||||
(defn invalid-args-msg
|
|
||||||
[spec args]
|
|
||||||
(s/explain spec args)
|
|
||||||
(println (str "Bad commandline arguments\n" usage)))
|
|
||||||
|
|
||||||
(defn -main [& cmd-args]
|
(defn -main [& cmd-args]
|
||||||
(let [parsed-args-cmd (s/conform ::cmd-args cmd-args)]
|
(uberjar/main-common
|
||||||
(if (= ::s/invalid parsed-args-cmd)
|
"c4k-jitsi"
|
||||||
(invalid-args-msg ::cmd-args cmd-args)
|
core/config?
|
||||||
(let [{:keys [options args]} parsed-args-cmd
|
core/auth?
|
||||||
{:keys [config auth]} args]
|
core/config-defaults
|
||||||
(cond
|
core/k8s-objects
|
||||||
(some #(= "-h" %) options)
|
cmd-args))
|
||||||
(println usage)
|
|
||||||
:default
|
|
||||||
(let [config-str (slurp config)
|
|
||||||
auth-str (slurp auth)
|
|
||||||
config-edn (edn/read-string config-str)
|
|
||||||
auth-edn (edn/read-string auth-str)
|
|
||||||
config-valid? (s/valid? core/config? config-edn)
|
|
||||||
auth-valid? (s/valid? core/auth? auth-edn)]
|
|
||||||
(if (and config-valid? auth-valid?)
|
|
||||||
(println (core/generate config-edn auth-edn))
|
|
||||||
(do
|
|
||||||
(when (not config-valid?)
|
|
||||||
(println
|
|
||||||
(expound/expound-str core/config? config-edn {:print-specs? false})))
|
|
||||||
(when (not auth-valid?)
|
|
||||||
(println
|
|
||||||
(expound/expound-str core/auth? auth-edn {:print-specs? false})))))))))))
|
|
||||||
|
@ -1,35 +1,41 @@
|
|||||||
(ns dda.c4k-jitsi.core
|
(ns dda.c4k-jitsi.core
|
||||||
(:require
|
(:require
|
||||||
[clojure.string :as cs]
|
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
#?(:clj [orchestra.core :refer [defn-spec]]
|
#?(:clj [orchestra.core :refer [defn-spec]]
|
||||||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||||
|
[dda.c4k-common.common :as cm]
|
||||||
|
[dda.c4k-common.predicate :as cp]
|
||||||
|
[dda.c4k-common.monitoring :as mon]
|
||||||
[dda.c4k-common.yaml :as yaml]
|
[dda.c4k-common.yaml :as yaml]
|
||||||
[dda.c4k-jitsi.jitsi :as jitsi]))
|
[dda.c4k-jitsi.jitsi :as jitsi]))
|
||||||
|
|
||||||
(def config-defaults {:issuer :staging})
|
(def config-defaults {:issuer "staging"})
|
||||||
|
|
||||||
|
(s/def ::mon-cfg mon/config?)
|
||||||
|
(s/def ::mon-auth mon/auth?)
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::jitsi/fqdn]
|
(def config? (s/keys :req-un [::jitsi/fqdn]
|
||||||
:opt-un [::jitsi/issuer ::jitsi/ingress-type]))
|
:opt-un [::jitsi/issuer
|
||||||
|
::mon-cfg]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::jitsi/jvb-auth-password ::jitsi/jicofo-auth-password ::jitsi/jicofo-component-secret]))
|
(def auth? (s/keys :req-un [::jitsi/jvb-auth-password
|
||||||
|
::jitsi/jicofo-auth-password
|
||||||
|
::jitsi/jicofo-component-secret]
|
||||||
|
:opt-un [::mon-auth]))
|
||||||
|
|
||||||
(defn k8s-objects [config]
|
(defn-spec k8s-objects cp/map-or-seq?
|
||||||
|
[config config?
|
||||||
|
auth auth?]
|
||||||
(map yaml/to-string
|
(map yaml/to-string
|
||||||
[(jitsi/generate-secret-jitsi config)
|
(filter
|
||||||
(jitsi/generate-certificate-jitsi config)
|
#(not (nil? %))
|
||||||
(jitsi/generate-certificate-etherpad config)
|
(cm/concat-vec
|
||||||
(jitsi/generate-jvb-service)
|
[(jitsi/generate-secret-jitsi auth)
|
||||||
(jitsi/generate-web-service)
|
(jitsi/generate-jvb-service)
|
||||||
(jitsi/generate-etherpad-service)
|
(jitsi/generate-web-service)
|
||||||
(jitsi/generate-ingress-jitsi config)
|
(jitsi/generate-etherpad-service)
|
||||||
(jitsi/generate-ingress-etherpad config)
|
(jitsi/generate-deployment config)]
|
||||||
(jitsi/generate-deployment config)]))
|
(jitsi/generate-ingress-web config)
|
||||||
|
(jitsi/generate-ingress-etherpad config)
|
||||||
(defn-spec generate any?
|
(when (:contains? config :mon-cfg)
|
||||||
[my-config config?
|
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))
|
||||||
my-auth auth?]
|
|
||||||
(let [resulting-config (merge config-defaults my-config my-auth)]
|
|
||||||
(cs/join
|
|
||||||
"\n---\n"
|
|
||||||
(k8s-objects resulting-config))))
|
|
||||||
|
@ -1,15 +0,0 @@
|
|||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: etherpad-cert
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
secretName: etherpad-cert
|
|
||||||
commonName: REPLACE_ETHERPAD_FQDN
|
|
||||||
duration: 2160h # 90d
|
|
||||||
renewBefore: 360h # 15d
|
|
||||||
dnsNames:
|
|
||||||
- REPLACE_ETHERPAD_FQDN
|
|
||||||
issuerRef:
|
|
||||||
name: REPLACEME
|
|
||||||
kind: ClusterIssuer
|
|
@ -1,15 +0,0 @@
|
|||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: jitsi-cert
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
secretName: jitsi-cert
|
|
||||||
commonName: REPLACE_JITSI_FQDN
|
|
||||||
duration: 2160h # 90d
|
|
||||||
renewBefore: 360h # 15d
|
|
||||||
dnsNames:
|
|
||||||
- REPLACE_JITSI_FQDN
|
|
||||||
issuerRef:
|
|
||||||
name: REPLACEME
|
|
||||||
kind: ClusterIssuer
|
|
@ -1,23 +0,0 @@
|
|||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: etherpad
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: REPLACEME
|
|
||||||
ingress.kubernetes.io/ssl-redirect: "true"
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- REPLACE_ETHERPAD_FQDN
|
|
||||||
secretName: etherpad-cert
|
|
||||||
rules:
|
|
||||||
- host: REPLACE_ETHERPAD_FQDN
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: etherpad
|
|
||||||
port:
|
|
||||||
number: 9001
|
|
@ -1,23 +0,0 @@
|
|||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: jitsi
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: REPLACEME
|
|
||||||
ingress.kubernetes.io/ssl-redirect: "true"
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- REPLACE_JITSI_FQDN
|
|
||||||
secretName: jitsi-cert
|
|
||||||
rules:
|
|
||||||
- host: REPLACE_JITSI_FQDN
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: web
|
|
||||||
port:
|
|
||||||
number: 80
|
|
@ -0,0 +1,20 @@
|
|||||||
|
(ns dda.c4k-jitsi.core-test
|
||||||
|
(:require
|
||||||
|
#?(:cljs [shadow.resource :as rc])
|
||||||
|
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||||
|
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||||
|
[clojure.spec.alpha :as s]
|
||||||
|
[dda.c4k-common.yaml :as yaml]
|
||||||
|
[dda.c4k-jitsi.core :as cut]))
|
||||||
|
|
||||||
|
#?(:cljs
|
||||||
|
(defmethod yaml/load-resource :jitsi-test [resource-name]
|
||||||
|
(case resource-name
|
||||||
|
"jitsi-test/valid-auth.yaml" (rc/inline "jitsi-test/valid-auth.yaml")
|
||||||
|
"jitsi-test/valid-config.yaml" (rc/inline "jitsi-test/valid-config.yaml")
|
||||||
|
(throw (js/Error. "Undefined Resource!")))))
|
||||||
|
|
||||||
|
(deftest validate-valid-resources
|
||||||
|
(is (s/valid? cut/config? (yaml/load-as-edn "jitsi-test/valid-config.yaml")))
|
||||||
|
(is (s/valid? cut/auth? (yaml/load-as-edn "jitsi-test/valid-auth.yaml")))
|
||||||
|
)
|
@ -0,0 +1,6 @@
|
|||||||
|
jvb-auth-password: "JvbAuth"
|
||||||
|
jicofo-auth-password: "JicofoAuth"
|
||||||
|
jicofo-component-secret: "JicofoCompSec"
|
||||||
|
mon-auth:
|
||||||
|
grafana-cloud-user: "user"
|
||||||
|
grafana-cloud-password: "password"
|
@ -0,0 +1,6 @@
|
|||||||
|
fqdn: "jitsi.test.meissa-gmbh.de"
|
||||||
|
issuer: "staging"
|
||||||
|
mon-cfg:
|
||||||
|
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
|
||||||
|
cluster-name: "jitsi"
|
||||||
|
cluster-stage: "test"
|
@ -1,216 +0,0 @@
|
|||||||
kind: Ingress
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
metadata:
|
|
||||||
name: jitsi
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
|
|
||||||
kubernetes.io/ingress.class: ''
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- jitsi.test.meissa-gmbh.de
|
|
||||||
secretName: tls-jitsi
|
|
||||||
rules:
|
|
||||||
- host: jitsi.test.meissa-gmbh.de
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: web
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: jitsi-config
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
JVB_AUTH_PASSWORD: SnZiQXV0aA==
|
|
||||||
JICOFO_AUTH_PASSWORD: Smljb2ZvQXV0aA==
|
|
||||||
JICOFO_COMPONENT_SECRET: Smljb2ZvQ29tcFNlYw==
|
|
||||||
|
|
||||||
---
|
|
||||||
- apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
service: jvb
|
|
||||||
name: jvb-udp
|
|
||||||
spec:
|
|
||||||
type: NodePort
|
|
||||||
externalTrafficPolicy: Cluster
|
|
||||||
ports:
|
|
||||||
- port: 30300
|
|
||||||
protocol: UDP
|
|
||||||
targetPort: 30300
|
|
||||||
nodePort: 30300
|
|
||||||
selector:
|
|
||||||
app: jitsi
|
|
||||||
- apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
service: web
|
|
||||||
name: web
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
port: 80
|
|
||||||
targetPort: 80
|
|
||||||
- name: https
|
|
||||||
port: 443
|
|
||||||
targetPort: 443
|
|
||||||
selector:
|
|
||||||
app: jitsi
|
|
||||||
- apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: jitsi
|
|
||||||
name: jitsi
|
|
||||||
spec:
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: jitsi
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: jitsi
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: jicofo
|
|
||||||
image: jitsi/jicofo:stable-6826
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
env:
|
|
||||||
- name: XMPP_SERVER
|
|
||||||
value: localhost
|
|
||||||
- name: XMPP_DOMAIN
|
|
||||||
value: meet.jitsi
|
|
||||||
- name: XMPP_AUTH_DOMAIN
|
|
||||||
value: auth.meet.jitsi
|
|
||||||
- name: XMPP_MUC_DOMAIN
|
|
||||||
value: muc.meet.jitsi
|
|
||||||
- name: XMPP_INTERNAL_MUC_DOMAIN
|
|
||||||
value: internal-muc.meet.jitsi
|
|
||||||
- name: JICOFO_COMPONENT_SECRET
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: jitsi-config
|
|
||||||
key: JICOFO_COMPONENT_SECRET
|
|
||||||
- name: JICOFO_AUTH_USER
|
|
||||||
value: focus
|
|
||||||
- name: JICOFO_AUTH_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: jitsi-config
|
|
||||||
key: JICOFO_AUTH_PASSWORD
|
|
||||||
- name: TZ
|
|
||||||
value: Europe/Berlin
|
|
||||||
- name: JVB_BREWERY_MUC
|
|
||||||
value: jvbbrewery
|
|
||||||
- name: prosody
|
|
||||||
image: jitsi/prosody:stable-6826
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
env:
|
|
||||||
- name: PUBLIC_URL
|
|
||||||
value: https://jitsi.test.meissa-gmbh.de
|
|
||||||
- name: XMPP_DOMAIN
|
|
||||||
value: meet.jitsi
|
|
||||||
- name: XMPP_AUTH_DOMAIN
|
|
||||||
value: auth.meet.jitsi
|
|
||||||
- name: XMPP_MUC_DOMAIN
|
|
||||||
value: muc.meet.jitsi
|
|
||||||
- name: XMPP_INTERNAL_MUC_DOMAIN
|
|
||||||
value: internal-muc.meet.jitsi
|
|
||||||
- name: JICOFO_COMPONENT_SECRET
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: jitsi-config
|
|
||||||
key: JICOFO_COMPONENT_SECRET
|
|
||||||
- name: JVB_AUTH_USER
|
|
||||||
value: jvb
|
|
||||||
- name: JVB_AUTH_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: jitsi-config
|
|
||||||
key: JVB_AUTH_PASSWORD
|
|
||||||
- name: JICOFO_AUTH_USER
|
|
||||||
value: focus
|
|
||||||
- name: JICOFO_AUTH_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: jitsi-config
|
|
||||||
key: JICOFO_AUTH_PASSWORD
|
|
||||||
- name: TZ
|
|
||||||
value: Europe/Berlin
|
|
||||||
- name: JVB_TCP_HARVESTER_DISABLED
|
|
||||||
value: 'true'
|
|
||||||
- name: web
|
|
||||||
image: jitsi/web:stable-6826
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
env:
|
|
||||||
- name: PUBLIC_URL
|
|
||||||
value: https://jitsi.test.meissa-gmbh.de
|
|
||||||
- name: XMPP_SERVER
|
|
||||||
value: localhost
|
|
||||||
- name: JICOFO_AUTH_USER
|
|
||||||
value: focus
|
|
||||||
- name: XMPP_DOMAIN
|
|
||||||
value: meet.jitsi
|
|
||||||
- name: XMPP_AUTH_DOMAIN
|
|
||||||
value: auth.meet.jitsi
|
|
||||||
- name: XMPP_INTERNAL_MUC_DOMAIN
|
|
||||||
value: internal-muc.meet.jitsi
|
|
||||||
- name: XMPP_BOSH_URL_BASE
|
|
||||||
value: http://127.0.0.1:5280
|
|
||||||
- name: XMPP_MUC_DOMAIN
|
|
||||||
value: muc.meet.jitsi
|
|
||||||
- name: TZ
|
|
||||||
value: Europe/Berlin
|
|
||||||
- name: JVB_TCP_HARVESTER_DISABLED
|
|
||||||
value: 'true'
|
|
||||||
- name: jvb
|
|
||||||
image: jitsi/jvb:stable-6826
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
env:
|
|
||||||
- name: XMPP_SERVER
|
|
||||||
value: localhost
|
|
||||||
- name: DOCKER_HOST_ADDRESS
|
|
||||||
value: localhost
|
|
||||||
- name: XMPP_DOMAIN
|
|
||||||
value: meet.jitsi
|
|
||||||
- name: XMPP_AUTH_DOMAIN
|
|
||||||
value: auth.meet.jitsi
|
|
||||||
- name: XMPP_INTERNAL_MUC_DOMAIN
|
|
||||||
value: internal-muc.meet.jitsi
|
|
||||||
- name: JVB_STUN_SERVERS
|
|
||||||
value: stun.1und1.de:3478,stun.t-online.de:3478,stun.hosteurope.de:3478
|
|
||||||
- name: JICOFO_AUTH_USER
|
|
||||||
value: focus
|
|
||||||
- name: JVB_TCP_HARVESTER_DISABLED
|
|
||||||
value: 'true'
|
|
||||||
- name: JVB_AUTH_USER
|
|
||||||
value: jvb
|
|
||||||
- name: JVB_PORT
|
|
||||||
value: '30300'
|
|
||||||
- name: JVB_AUTH_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: jitsi-config
|
|
||||||
key: JVB_AUTH_PASSWORD
|
|
||||||
- name: JICOFO_AUTH_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: jitsi-config
|
|
||||||
key: JICOFO_AUTH_PASSWORD
|
|
||||||
- name: JVB_BREWERY_MUC
|
|
||||||
value: jvbbrewery
|
|
||||||
- name: TZ
|
|
||||||
value: Europe/Berlin
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
{:jvb-auth-password "JvbAuth"
|
|
||||||
:jicofo-auth-password "JicofoAuth"
|
|
||||||
:jicofo-component-secret "JicofoCompSec"}
|
|
@ -1,2 +0,0 @@
|
|||||||
{:fqdn "jitsi.test.meissa-gmbh.de"
|
|
||||||
:issuer :staging}
|
|
Loading…
Reference in New Issue