meissa/c4k-jitsi
6
0
Fork 0
Code Issues Pull requests Projects Releases14 Packages Wiki Activity

Compare commits

...

19 commits
3.0.0 ... main

Author SHA1 Message Date
Michael Jerger
e9bc2dee53 bump version to: 3.0.3-SNAPSHOT 2025-03-07 10:07:14 +01:00
Michael Jerger
dd2ea976ff release: 3.0.2 2025-03-07 10:07:14 +01:00
Michael Jerger
d067386c89 fix jvb-restart 2025-03-07 09:56:26 +01:00
Michael Jerger
e809a505fb update 2025-03-07 09:56:06 +01:00
jem
a8c93c3ce1 Merge pull request 'improve-stun-turn' () from improve-stun-turn into main 
Reviewed-on:
2025-03-01 09:35:45 +00:00
jem
588b583cc0 Merge branch 'main' into improve-stun-turn 2025-03-01 09:35:31 +00:00
Michael Jerger
43c8116106 disable turn 2025-03-01 10:27:53 +01:00
Michael Jerger
2f48a556d2 missing stun/turn configs 2025-02-28 19:15:02 +01:00
Michael Jerger
19e1b136d9 expose via ingress 2025-02-28 19:14:38 +01:00
Michael Jerger
dcfbb984f4 expose via ingress 2025-02-28 19:13:20 +01:00
ansgarz
635a4d8110 add cmt 2025-02-28 11:31:33 +01:00
ansgarz
9961ace4cc fix typos 2025-02-26 18:35:05 +01:00
Michael Jerger
72c46fe32a update doc 2025-02-21 11:50:32 +01:00
Michael Jerger
b74b4bee03 update doc 2025-02-21 11:49:54 +01:00
Michael Jerger
7181f3387a update screenshoot [skip ci] 2025-02-20 17:42:56 +01:00
Michael Jerger
20af7cd602 bump version to: 3.0.2-SNAPSHOT 2025-02-20 17:15:30 +01:00
Michael Jerger
578cc0c4ce release: 3.0.1 2025-02-20 17:15:30 +01:00
Michael Jerger
e51b114bef fix excalidraw ci build 2025-02-20 17:11:12 +01:00
Michael Jerger
19c343dd5e bump version to: 3.0.1-SNAPSHOT 2025-02-20 16:56:17 +01:00
18 changed files with 5407 additions and 85 deletions

2
.gitignore vendored
View file

@ -14,7 +14,7 @@ pom.*
# cljs
.shadow-cljs
.nrepl-*
package-lock.json
/package-lock.json
node_modules/
public/js/

14
README.md
View file

@ -5,11 +5,19 @@
## Purpose
c4k-jitsi provides a k8s deployment for jitsi containing:
* jitsi
c4k-jitsi provides a k8s deployment for jitsi containing [see also Jitsi Architecture](https://jitsi.github.io/handbook/docs/architecture/)
* jitsi-web
* jvb
* jicofo
* prosody
* etherpad for shared documents
* excalidraw for shared whiteboards
* coturn as stun server
* moderator-election as tool for electing the next moderator
* ingress having a letsencrypt managed certificate
* monitoring connected to grafana cloud
The package aims to a low load sceanrio.
The package is intended for a low-load scenario.
## Status

28
doc/SetupOnHetzner.md
View file

@ -17,10 +17,10 @@ resource "aws_s3_bucket" "backup" {
}
}
resource "hcloud_server" "jitsi_09_2021" {
resource "hcloud_server" "jitsi_2025_02" {
name = "the name"
image = "ubuntu-20.04"
server_type = "cx31"
image = "ubuntu-24.04"
server_type = "cx32"
location = "fsn1"
ssh_keys = ...
@ -29,31 +29,30 @@ resource "hcloud_server" "jitsi_09_2021" {
}
}
resource "aws_route53_record" "v4_neu" {
resource "aws_route53_record" "v4" {
for_each ["jitsi", "stun.jitsi", "excalidraw.jitsi", "etherpad.jitsi"]
zone_id = the_dns_zone
name = "jitsi-neu"
name = each.key
type = "A"
ttl = "300"
records = [hcloud_server.jitsi_09_2021.ipv4_address]
records = [hcloud_server.jitsi_2025_01.ipv4_address]
}
output "ipv4" {
value = hcloud_server.jitsi_09_2021.ipv4_address
value = hcloud_server.jitsi_2025_01.ipv4_address
}
```
## k8s minicluster
For k8s installation we use our [provs](https://repo.prod.meissa.de/meissa/provs) with the following configuation:
For k8s installation we use our [provs](https://repo.prod.meissa.de/meissa/provs) with the following configuration:
```
{:user :k8s
:k8s {:external-ip "ip-from-above"}
:cert-manager :letsencrypt-prod-issuer
:persistent-dirs ["postgres"]
}
{:fqdn "fqdn-from-above"
:node {:ipv4 "ip-from-above"}
:certmanager {:email "admin-email" :letsencryptEndpoint "prod"}}
```
## kubectl apply c4k-jitsi
@ -67,7 +66,6 @@ c4k-jitsi config.edn auth.edn | kubectl apply -f -
with the following config.edn:
```
{:fqdn "the-fqdn-from aws_route53_record.v4_neu"
:postgres-data-volume-path "/var/postgres" ;; Volume was configured at dda-k8s-crate, results in a PersistentVolume definition.
{:fqdn "fqdn-from-above"
:issuer "prod" }
```

BIN
doc/tryItOut.png
View file

Binary file not shown.
Side by side Swipe

Before

(image error) Size: 83 KiB

After

(image error) Size: 84 KiB

2
infrastructure/excalidraw/build.py
View file

@ -6,7 +6,7 @@ from ddadevops import *
name = "c4k-jitsi"
MODULE = "excalidraw"
PROJECT_ROOT_PATH = "../.."
version = "3.0.0"
version = "3.0.3-dev"
@init

5325
infrastructure/excalidraw/image/resources/package-lock.json generated Normal file
View file

File diff suppressed because it is too large Load diff

2
package.json
View file

@ -2,7 +2,7 @@
"name": "c4k-jitsi",
"description": "Generate c4k yaml for a jitsi deployment.",
"author": "meissa GmbH",
"version": "3.0.0",
"version": "3.0.3-SNAPSHOT",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-jitsi#readme",
"repository": "https://www.npmjs.com/package/c4k-jitsi",
"license": "APACHE2",

8
project.clj
View file

@ -1,10 +1,10 @@
(defproject org.domaindrivenarchitecture/c4k-jitsi "3.0.0"
(defproject org.domaindrivenarchitecture/c4k-jitsi "3.0.3-SNAPSHOT"
:description "jitsi c4k-installation package"
:url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.12.0"]
[org.clojure/tools.reader "1.5.0"]
[org.clojure/tools.reader "1.5.1"]
[org.domaindrivenarchitecture/c4k-common-clj "9.0.1"]
[hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]]
:target-path "target/%s/"
@ -24,9 +24,9 @@
:main dda.c4k-jitsi.uberjar
:uberjar-name "c4k-jitsi-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.1.230"]
[ch.qos.logback/logback-classic "1.5.16"
[ch.qos.logback/logback-classic "1.5.17"
:exclusions [com.sun.mail/javax.mail]]
[org.slf4j/jcl-over-slf4j "2.0.16"]
[org.slf4j/jcl-over-slf4j "2.0.17"]
[com.github.clj-easy/graal-build-time "1.0.5"]]}}
:release-tasks [["test"]
["vcs" "assert-committed"]

6
src/main/cljc/dda/c4k_jitsi/core.cljc
View file

@ -39,6 +39,7 @@
(jitsi/jicofo-config resolved-config)
(jitsi/web-config resolved-config)
(jitsi/jvb-config resolved-config)
;not yet working, needs fix
;(jitsi/jibri-config resolved-config)
(jitsi/restart-config resolved-config)
(jitsi/etherpad-config resolved-config)
@ -65,6 +66,11 @@
:service-port 80
:fqdns [(str "moderator-elector." (:fqdn resolved-config))]}
resolved-config))
(ing/generate-ingress-and-cert (merge
{:service-name "coturn-turn-tcp"
:service-port 3478
:fqdns [(str "stun." (:fqdn resolved-config))]}
resolved-config))
(when (:contains? resolved-config :mon-cfg)
(mon/generate-config)))))))

4
src/main/cljc/dda/c4k_jitsi/jitsi.cljc
View file

@ -40,7 +40,8 @@
[(load-and-adjust-namespace "jitsi/prosody-config-serviceaccount.yaml" namespace)
(->
(load-and-adjust-namespace "jitsi/prosody-config-common-cm.yaml" namespace)
(cm/replace-all-matching "JITSI_FQDN" fqdn))
(cm/replace-all-matching "JITSI_FQDN" fqdn)
(cm/replace-key-value :STUN_HOST (str "stun." fqdn)))
(load-and-adjust-namespace "jitsi/prosody-config-default-cm.yaml" namespace)
(load-and-adjust-namespace "jitsi/prosody-config-envs-cm.yaml" namespace)
(load-and-adjust-namespace "jitsi/prosody-config-init-cm.yaml" namespace)
@ -87,6 +88,7 @@
(->
(load-and-adjust-namespace "jitsi/web-config-envs-cm.yaml" namespace)
(cm/replace-key-value :XMPP_BOSH_URL_BASE (str "http://prosody." namespace ".svc.cluster.local:5280"))
(cm/replace-key-value :P2P_STUN_SERVERS (str "stun." fqdn ":443"))
(cm/replace-key-value :ETHERPAD_PUBLIC_URL (str "https://etherpad." fqdn "/p/"))
(cm/replace-key-value :WHITEBOARD_COLLAB_SERVER_PUBLIC_URL (str "https://excalidraw." fqdn))
)

79
src/main/cljs/dda/c4k_jitsi/browser.cljs
View file

@ -1,11 +1,9 @@
(ns dda.c4k-jitsi.browser
(:require
[clojure.tools.reader.edn :as edn]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-common.common :as cm]
[dda.c4k-common.browser :as br]
[dda.c4k-jitsi.core :as core]
[dda.c4k-jitsi.jitsi :as jitsi]))
[dda.c4k-jitsi.core :as core]))
(defn generate-content []
(cm/concat-vec
@ -13,22 +11,22 @@
(br/generate-needs-validation) :content
(cm/concat-vec
(br/generate-group
"domain"
(cm/concat-vec
(br/generate-input-field "fqdn" "Your fqdn:" "jitsi.prod.meissa-gmbh.de")
(br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "")
(br/generate-input-field "mon-cluster-name" "(Optional) monitoring cluster name:" "jitsi")
(br/generate-input-field "mon-cluster-stage" "(Optional) monitoring cluster stage:" "test")
(br/generate-input-field "mon-cloud-url" "(Optional) grafana cloud url:" "https://prometheus-prod-01-eu-west-0.grafana.net/api/prom/push")
))
"config"
(br/generate-text-area
"config" "Your config.edn:"
"{:fqdn \"jitsi.your.domain\"
:mon-cfg {:cluster-name \"jitsi\"
:cluster-stage \"test\"
:grafana-cloud-url \"https://prometheus-prod-01-eu-west-0.grafana.net/api/prom/push\"}}"
"5"))
(br/generate-group
"credentials"
"auth"
(br/generate-text-area "auth" "Your auth.edn:" "{:jvb-auth-password \"jitsi\"
:jicofo-auth-password \"jicofo-password\"
:jicofo-component-secret \"jicofo-component-secrect\"
:mon-auth {:grafana-cloud-user \"your-user-id\"
:grafana-cloud-password \"your-cloud-password\"}}}"
"5"))
"6"))
[(br/generate-br)]
(br/generate-button "generate-button" "Generate c4k yaml")))]
(br/generate-output "c4k-jitsi-output" "Your c4k deployment.yaml:" "25")))
@ -40,27 +38,8 @@
:content
(generate-content)})
(defn config-from-document []
(let [issuer (br/get-content-from-element "issuer" :optional true)
mon-cluster-name (br/get-content-from-element "mon-cluster-name" :optional true)
mon-cluster-stage (br/get-content-from-element "mon-cluster-stage" :optional true)
mon-cloud-url (br/get-content-from-element "mon-cloud-url" :optional true)]
(merge
{:fqdn (br/get-content-from-element "fqdn")}
(when (some? issuer)
{:issuer issuer})
(when (some? mon-cluster-name)
{:mon-cfg {:cluster-name mon-cluster-name
:cluster-stage (keyword mon-cluster-stage)
:grafana-cloud-url mon-cloud-url}})
)))
(defn validate-all! []
(br/validate! "fqdn" ::jitsi/fqdn)
(br/validate! "issuer" ::jitsi/issuer :optional true)
(br/validate! "mon-cluster-name" ::mon/cluster-name :optional true)
(br/validate! "mon-cluster-stage" ::mon/cluster-stage :optional true)
(br/validate! "mon-cloud-url" ::mon/grafana-cloud-url :optional true)
(br/validate! "config" core/config? :deserializer edn/read-string)
(br/validate! "auth" core/auth? :deserializer edn/read-string)
(br/set-form-validated!))
@ -68,22 +47,22 @@
(-> (br/get-element-by-id name)
(.addEventListener "blur" #(do (validate-all!)))))
(defn init []
(br/append-hickory (generate-content-div))
(-> js/document
(.getElementById "generate-button")
(.addEventListener "click"
#(do (validate-all!)
(-> (cm/generate-common
(config-from-document)
(br/get-content-from-element "auth" :deserializer edn/read-string)
{}
core/k8s-objects)
(br/set-output!)))))
(add-validate-listener "fqdn")
(add-validate-listener "issuer")
(add-validate-listener "mon-cluster-name")
(add-validate-listener "mon-cluster-stage")
(add-validate-listener "mon-cloud-url")
(add-validate-listener "auth"))
(let [config-only false
auth-only false]
(-> js/document
(.getElementById "generate-button")
(.addEventListener "click"
#(do (validate-all!)
(-> (cm/generate-cm
(br/get-content-from-element "config" :deserializer edn/read-string)
(br/get-content-from-element "auth" :deserializer edn/read-string)
core/config-defaults
core/config-objects
core/auth-objects
config-only
auth-only)
(br/set-output!)))))
(add-validate-listener "config")
(add-validate-listener "auth")))

1
src/main/resources/jitsi/coturn-config-tcp-service.yaml
View file

@ -9,7 +9,6 @@ metadata:
metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
metallb.universe.tf/address-pool: public
spec:
type: LoadBalancer
ports:
- name: turn-tcp
port: 3478

1
src/main/resources/jitsi/coturn-config-udp-service.yaml
View file

@ -9,7 +9,6 @@ metadata:
metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
metallb.universe.tf/address-pool: public
spec:
type: LoadBalancer
ports:
- name: turn-udp
port: 3478

5
src/main/resources/jitsi/jvb-config-deployment.yaml
View file

@ -21,6 +21,11 @@ spec:
serviceAccountName: jitsi-meet
securityContext:
{}
initContainers:
- name: wait-for-prosody
image: curlimages/curl:latest
command: ["/bin/sh","-c"]
args: ["while [ $(curl -sw '%{http_code}' http://prosody:5280 -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for the prosody...'; done"]
containers:
- name: jitsi-meet
securityContext:

4
src/main/resources/jitsi/prosody-config-common-cm.yaml
View file

@ -22,4 +22,6 @@ data:
ENABLE_XMPP_WEBSOCKET: 'true'
ENABLE_RECORDING: "true"
ENABLE_FILE_RECORDING_SERVICE_SHARING: "true"
TZ: 'Europe/Berlin'
TZ: 'Europe/Berlin'
STUN_HOST: STUN_FQDN
STUN_PORT: "443"

5
src/main/resources/jitsi/web-config-envs-cm.yaml
View file

@ -12,9 +12,6 @@ data:
JICOFO_AUTH_USER: focus
XMPP_BOSH_URL_BASE: REPLACE_ME
DEFAULT_LANGUAGE: de
RESOLUTION: "480"
RESOLUTION_MIN: "240"
RESOLUTION_WIDTH: "853"
RESOLUTION_WIDTH_MIN: "427"
P2P_STUN_SERVERS: REPLACE_ME
ETHERPAD_PUBLIC_URL: REPLACE_ME
WHITEBOARD_COLLAB_SERVER_PUBLIC_URL: REPLACE_ME

2
src/test/cljc/dda/c4k_jitsi/core_test.cljc
View file

@ -17,7 +17,7 @@
(is (s/valid? cut/auth? (yaml/load-as-edn "jitsi-test/valid-auth.yaml"))))
(deftest test-whole-generation
(is (= 63
(is (= 65
(count
(cut/config-objects
(yaml/load-as-edn "jitsi-test/valid-config.yaml")))))

4
src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc
View file

@ -47,7 +47,9 @@
:ENABLE_XMPP_WEBSOCKET "true",
:ENABLE_RECORDING "true",
:ENABLE_FILE_RECORDING_SERVICE_SHARING "true",
:TZ "Europe/Berlin"}}
:TZ "Europe/Berlin"
:STUN_HOST "stun.xy.xy.xy",
:STUN_PORT "443"}}
(second (cut/prosody-config
{:fqdn "xy.xy.xy"
:namespace "jitsi"}))))