diff --git a/roles/web-app-bigbluebutton/config/main.yml b/roles/web-app-bigbluebutton/config/main.yml index 89dcf3ca..96a6869e 100644 --- a/roles/web-app-bigbluebutton/config/main.yml +++ b/roles/web-app-bigbluebutton/config/main.yml @@ -24,7 +24,7 @@ credentials: {} docker: services: bigbluebutton: - repository: "https://github.com/bigbluebutton/docker.git" + repository: "https://github.com/kevinveenbirkenbach/bigbluebutton-docker.git" version: "bbb3.0" database: # This is set to true to pass integration test, doesn't have any other function @@ -32,4 +32,6 @@ docker: greenlight: enabled: true coturn: - internal: "{{ not 'web-svc-coturn' in group_names | lower }}" + internal: false + collabora: + internal: false diff --git a/roles/web-app-bigbluebutton/schema/main.yml b/roles/web-app-bigbluebutton/schema/main.yml index d70d7328..2335e929 100644 --- a/roles/web-app-bigbluebutton/schema/main.yml +++ b/roles/web-app-bigbluebutton/schema/main.yml @@ -17,7 +17,7 @@ credentials: validation: "^[a-zA-Z0-9]{32}$" fsesl_password: description: "Password for FreeSWITCH ESL connection" - algorithm: "alphanumeric_32" + algorithm: "random_hex" validation: "^.{8,}$" turn_secret: description: "TURN server shared secret" diff --git a/roles/web-app-bigbluebutton/tasks/03_dependencies.yml b/roles/web-app-bigbluebutton/tasks/03_dependencies.yml new file mode 100644 index 00000000..dfb57e9c --- /dev/null +++ b/roles/web-app-bigbluebutton/tasks/03_dependencies.yml @@ -0,0 +1,17 @@ +- name: "Load Coturn Role for '{{ application_id }}'" + include_role: + name: web-svc-coturn + vars: + flush_handlers: true + when: + - run_once_web_svc_coturn is not defined + - not BBB_COTURN_ENABLED + +- name: "Install Collabora Dependency" + include_role: + name: web-svc-collabora + vars: + flush_handlers: true + when: + - run_once_web_svc_collabora is not defined + - not BBB_COLLABORA_ENABLED \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/tasks/main.yml b/roles/web-app-bigbluebutton/tasks/main.yml index 292ec9cd..a6eb9aac 100644 --- a/roles/web-app-bigbluebutton/tasks/main.yml +++ b/roles/web-app-bigbluebutton/tasks/main.yml @@ -67,14 +67,5 @@ - name: "Setup administrator" include_tasks: "02_administrator.yml" - -- name: "Load Coturn Role for '{{ application_id }}'" - include_role: - name: web-svc-coturn - vars: - flush_handlers: true - when: - - run_once_web_svc_coturn is not defined - - not BBB_INTERNAL_COTURN_ENABLED - - +- name: "Load '{{ application_id }}' dependencies" + include_tasks: "03_dependencies.yml" diff --git a/roles/web-app-bigbluebutton/templates/docker-compose.override.yml.j2 b/roles/web-app-bigbluebutton/templates/docker-compose.override.yml.j2 index 746aecbc..6db93ea9 100644 --- a/roles/web-app-bigbluebutton/templates/docker-compose.override.yml.j2 +++ b/roles/web-app-bigbluebutton/templates/docker-compose.override.yml.j2 @@ -5,6 +5,7 @@ services: MS_ENABLE_IPV6: "false" MS_WEBRTC_LISTEN_IPS: >- [{"ip":"0.0.0.0","announcedIp":"${EXTERNAL_IPv4}"}] +{% if BBB_COTURN_ENABLED | bool %} coturn: ports: - "{{ BBB_TURN_PORT }}:{{ BBB_TURN_PORT }}/udp" @@ -27,3 +28,19 @@ services: {% if BBB_IP6_ENABLED %}--external-ip=${EXTERNAL_IPv6}{% endif %} --cert=${COTURN_TLS_CERT_PATH} --pkey=${COTURN_TLS_KEY_PATH} +{% endif %} +{% if BBB_GREENLIGHT_ENABLED | bool %} + greenlight: +{% set container_port = 3000 %} +{% include 'roles/docker-container/templates/healthcheck/nc.yml.j2' %} +{% endif %} +{% if BBB_COLLABORA_ENABLED | bool %} + bbb-web: + depends_on: + - redis + - etherpad + - bbb-pads + etherpad: + depends_on: + - redis +{% endif %} diff --git a/roles/web-app-bigbluebutton/templates/env.j2 b/roles/web-app-bigbluebutton/templates/env.j2 index 01b01ccd..1973acb7 100644 --- a/roles/web-app-bigbluebutton/templates/env.j2 +++ b/roles/web-app-bigbluebutton/templates/env.j2 @@ -1,11 +1,15 @@ # Coturn -ENABLE_COTURN={{ BBB_INTERNAL_COTURN_ENABLED }} +ENABLE_COTURN={{ BBB_COTURN_ENABLED | lower }} + +# Collabora +ENABLE_COLLABORA={{ BBB_COLLABORA_ENABLED | lower }} +COLLABORA_URL={{ BBB_COLLABORA_URL }} ## Credentials COTURN_TLS_CERT_PATH={{ BBB_COTURN_TLS_CERT_PATH }} COTURN_TLS_KEY_PATH={{ BBB_COTURN_TLS_KEY_PATH }} -ENABLE_GREENLIGHT={{ BBB_GREENLIGHT_ENABLED }} +ENABLE_GREENLIGHT={{ BBB_GREENLIGHT_ENABLED | lower }} # Enable Webhooks # used by some integrations diff --git a/roles/web-app-bigbluebutton/vars/main.yml b/roles/web-app-bigbluebutton/vars/main.yml index 1edfbaa1..70f1749c 100644 --- a/roles/web-app-bigbluebutton/vars/main.yml +++ b/roles/web-app-bigbluebutton/vars/main.yml @@ -14,12 +14,13 @@ domain: "{{ domains | get_domain(application_id) } http_port: "{{ ports.localhost.http[application_id] }}" # Docker -docker_compose_file_creation_enabled: false # Handled in this role +docker_compose_file_creation_enabled: false +docker_pull_git_repository: true docker_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}" docker_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}" -docker_pull_git_repository: true # BigBlueButton +_BBB_COTURN_ROLE: 'web-svc-coturn' ## Credentials BBB_SHARED_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.shared_secret') }}" @@ -27,19 +28,24 @@ BBB_ETHERPAD_API_KEY: "{{ applications | get_app_conf(applicatio BBB_RAILS_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.rails_secret') }}" BBB_POSTGRESQL_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}" BBB_FSESL_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.fsesl_password') }}" -BBB_TURN_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.turn_secret') }}" +BBB_TURN_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.turn_secret') if BBB_COTURN_ENABLED else applications | get_app_conf(_BBB_COTURN_ROLE, 'credentials.auth_secret') }}" ## TLS BBB_COTURN_TLS_CERT_PATH: "{{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'fullchain.pem'] | path_join }}" BBB_COTURN_TLS_KEY_PATH: "{{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'privkey.pem'] | path_join }}" ## Turn -BBB_TURN_DOMAIN: "{{ networks.internet.ip4 if BBB_INTERNAL_COTURN_ENABLED else domains | get_domain('web-svc-coturn') }}" -BBB_TURN_PORT: "{{ ports.public.turn[application_id] if BBB_INTERNAL_COTURN_ENABLED else ports.public.turn['web-svc-coturn'] }}" -BBB_STUN_PORT: "{{ ports.public.turn[application_id] if BBB_INTERNAL_COTURN_ENABLED else ports.public.stun['web-svc-coturn'] }}" -BBB_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}" -BBB_RELAY_PORT_END: "{{ ports.public.relay_port_ranges[application_id ~ '_end'] }}" -BBB_RELAY_PORT_RANGE: "{{ BBB_RELAY_PORT_START }}-{{ BBB_RELAY_PORT_END }}" +BBB_COTURN_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.coturn.internal') }}" +BBB_TURN_DOMAIN: "{{ networks.internet.ip4 if BBB_COTURN_ENABLED else domains | get_domain(_BBB_COTURN_ROLE) }}" +BBB_TURN_PORT: "{{ ports.public.stun_turn[application_id] if BBB_COTURN_ENABLED else ports.public.stun_turn[_BBB_COTURN_ROLE] }}" +BBB_STUN_PORT: "{{ ports.public.stun_turn[application_id] if BBB_COTURN_ENABLED else ports.public.stun_turn_tls[_BBB_COTURN_ROLE] }}" +BBB_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}" +BBB_RELAY_PORT_END: "{{ ports.public.relay_port_ranges[application_id ~ '_end'] }}" +BBB_RELAY_PORT_RANGE: "{{ BBB_RELAY_PORT_START }}-{{ BBB_RELAY_PORT_END }}" + +# Collabora +BBB_COLLABORA_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.collabora.internal') }}" +BBB_COLLABORA_URL: "{{ 'https://collabora:9980/cool' if BBB_COLLABORA_ENABLED else (domains | get_url('web-svc-collabora', WEB_PROTOCOL)) }}" ## Switchs @@ -48,7 +54,6 @@ BBB_IP6_ENABLED: "{{ applications | get_app_conf(applicatio ### Container BBB_GREENLIGHT_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.greenlight.enabled') }}" -BBB_INTERNAL_COTURN_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.coturn.internal') }}" ### SSO BBB_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}" diff --git a/roles/web-app-nextcloud/config/main.yml b/roles/web-app-nextcloud/config/main.yml index 68bc048c..bbbc0d58 100644 --- a/roles/web-app-nextcloud/config/main.yml +++ b/roles/web-app-nextcloud/config/main.yml @@ -28,9 +28,9 @@ docker: database: enabled: true nextcloud: - name: "nextcloud" - image: "nextcloud" - version: "production-fpm-alpine" + name: "nextcloud" + image: "nextcloud" + version: "production-fpm-alpine" backup: no_stop_required: true cpus: "2.0" @@ -38,27 +38,28 @@ docker: mem_limit: "3g" pids_limit: 512 proxy: - name: "nextcloud-proxy" - image: "nginx" - version: "alpine" + name: "nextcloud-proxy" + image: "nginx" + version: "alpine" backup: no_stop_required: true cron: - name: "nextcloud-cron" + name: "nextcloud-cron" talk: - name: "nextcloud-talk" - image: "nextcloud/aio-talk" - version: "latest" + name: "nextcloud-talk" + image: "nextcloud/aio-talk" + version: "latest" backup: no_stop_required: false - internal: "{{ not 'web-svc-coturn' in group_names | lower }}" + internal: false + network_mode: host whiteboard: - name: "nextcloud-whiteboard" - image: "ghcr.io/nextcloud-releases/whiteboard" - version: "latest" + name: "nextcloud-whiteboard" + image: "ghcr.io/nextcloud-releases/whiteboard" + version: "latest" backup: no_stop_required: true - enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Activate OIDC for Nextcloud + enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.oidc', False) }}" # Activate OIDC for Nextcloud # floavor decides which OICD plugin should be used. # Available options: oidc_login, sociallogin # @see https://apps.nextcloud.com/apps/oidc_login diff --git a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 b/roles/web-app-nextcloud/templates/docker-compose.yml.j2 index 3fd49530..2ddef516 100644 --- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2 @@ -34,7 +34,7 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} ipv4_address: 192.168.102.69 -{% if NEXTCLOUD_TALK_INTERNAL_ENABLED %} +{% if NEXTCLOUD_TALK_SERVICE_ENABLED %} talk: {% set container_port = NEXTCLOUD_TALK_PORT_INTERNAL %} {% include 'roles/docker-container/templates/base.yml.j2' %} @@ -42,6 +42,8 @@ image: "{{ NEXTCLOUD_TALK_IMAGE }}:{{ NEXTCLOUD_TALK_VERSION }}" container_name: {{ NEXTCLOUD_TALK_CONTAINER }} init: true + network_mode: {{ COTURN_NETWORK_MODE }} +{% if NEXTCLOUD_TALK_NETWORK_MODE == 'bridge' %} ports: - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_INT_TURN_PORT }}/tcp - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_INT_TURN_PORT }}/udp @@ -52,6 +54,7 @@ default: ipv4_address: 192.168.102.68 {% endif %} +{% endif %} {% if NEXTCLOUD_WHITEBOARD_ENABLED %} whiteboard: diff --git a/roles/web-app-nextcloud/templates/env.j2 b/roles/web-app-nextcloud/templates/env.j2 index c8a1467f..04eb0d5f 100644 --- a/roles/web-app-nextcloud/templates/env.j2 +++ b/roles/web-app-nextcloud/templates/env.j2 @@ -39,7 +39,7 @@ OVERWRITEPROTOCOL= "{{ WEB_PROTOCOL }}" REDIS_HOST= redis REDIS_PORT= 6379 -{% if NEXTCLOUD_TALK_ENABLED %} +{% if NEXTCLOUD_TALK_PLUGIN_ENABLED %} # Talk Configuration # @todo move it to an own env file for encapsulation reasons NC_DOMAIN={{ NEXTCLOUD_DOMAIN }} diff --git a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 index b630cc8a..bcbdda4e 100644 --- a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 +++ b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 @@ -190,6 +190,7 @@ http { proxy_read_timeout 3600; } +{% if NEXTCLOUD_TALK_SERVICE_ENABLED %} location {{ NEXTCLOUD_TALK_LOCATION }} { proxy_pass http://talk:{{ NEXTCLOUD_TALK_PORT_INTERNAL }}/; proxy_http_version 1.1; @@ -198,5 +199,7 @@ http { proxy_set_header Connection "upgrade"; proxy_read_timeout 3600; } +{% endif %} + } } diff --git a/roles/web-app-nextcloud/vars/main.yml b/roles/web-app-nextcloud/vars/main.yml index 12acc406..ee99e5d2 100644 --- a/roles/web-app-nextcloud/vars/main.yml +++ b/roles/web-app-nextcloud/vars/main.yml @@ -62,17 +62,18 @@ NEXTCLOUD_CRON_CONTAINER: "{{ applications | get_app_conf(application_ NEXTCLOUD_TALK_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}" NEXTCLOUD_TALK_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}" NEXTCLOUD_TALK_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}" -NEXTCLOUD_TALK_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.internal') }}" -NEXTCLOUD_TALK_INTERNAL_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}" +NEXTCLOUD_TALK_PLUGIN_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}" +NEXTCLOUD_TALK_SERVICE_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.internal') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}" NEXTCLOUD_TALK_LOCATION: "/standalone-signaling/" NEXTCLOUD_TALK_PORT_INTERNAL: "8081" NEXTCLOUD_TALK_INT_TURN_PORT: "3478" NEXTCLOUD_TALK_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}" NEXTCLOUD_TALK_RELAY_PORT_END: "{{ ports.public.relay_port_ranges[application_id ~ '_end' ] }}" NEXTCLOUD_TALK_RELAY_PORT_RANGE: "{{ NEXTCLOUD_TALK_RELAY_PORT_START }}-{{ NEXTCLOUD_TALK_RELAY_PORT_END }}" +NEXTCLOUD_TALK_NETWORK_MODE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.network_mode') }}" # Connection -NEXTCLOUD_TALK_STUN_PORT: "{{ ports.public.stun[application_id] }}" +NEXTCLOUD_TALK_STUN_PORT: "{{ ports.public.stun_turn_tls[application_id] }}" NEXTCLOUD_TALK_DOMAIN: "{{ NEXTCLOUD_DOMAIN }}" NEXTCLOUD_TALK_URL: "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_LOCATION ] | url_join }}"