(Draft) Add automated Nextcloud Talk recording backend deployment and configuration

Includes: - Talk recording Docker service - Schema credential for recording secret - Compose integration - Automatic Talk 'recording_servers' app config Details: https://chatgpt.com/share/6920d8fc-81b4-800f-8d83-af22eeed94b5
2025-11-23 13:35:04 +00:00 · 2025-11-21 22:26:55 +01:00
parent cc1ed2b125
commit 854e6902d3
5 changed files with 59 additions and 0 deletions
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@@ -105,6 +105,16 @@ docker:
      mem_reservation:      "128m"
      mem_limit:            "1g"
      pids_limit:           1024
+    talk_recording:
+      name:                "nextcloud-talk-recording"
+      image:               "nextcloud/aio-talk-recording"
+      version:             "latest"
+      backup:
+        no_stop_required:  true
+      cpus:                "2.0"
+      mem_reservation:     "2g"
+      mem_limit:           "4g"
+      pids_limit:          1024
  enabled:  "{{ applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True, True) }}"   # Activate OIDC for Nextcloud
  # floavor decides which OICD plugin should be used. 
  # Available options: oidc_login, sociallogin
--- a/roles/web-app-nextcloud/schema/main.yml
+++ b/roles/web-app-nextcloud/schema/main.yml
@@ -1,4 +1,8 @@
 credentials:
+  talk_recording_secret:
+    description: "Shared secret between Nextcloud Talk and the recording backend"
+    algorithm: "random_hex_32"
+    validation: "^[a-f0-9]{64}$"
  whiteboard_jwt_secret:
    description: "Secret used for JWT signing"
    algorithm: "base64_prefixed_32"
--- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2
@@ -112,6 +112,26 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
        ipv4_address: 192.168.102.70

+{% if NEXTCLOUD_RECORDING_ENABLED | bool %}
+{% set service_name = 'talk_recording' %}
+  {{ service_name }}:
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    image: "{{ NEXTCLOUD_RECORDING_IMAGE }}:{{ NEXTCLOUD_RECORDING_VERSION }}"
+    container_name: "{{ NEXTCLOUD_RECORDING_CONTAINER }}"
+    environment:
+      - HPB_DOMAIN={{ NEXTCLOUD_HPB_DOMAIN }}
+      - NC_DOMAIN={{ NEXTCLOUD_DOMAIN }}
+      - RECORDING_SECRET={{ NEXTCLOUD_RECORDING_SECRET }}
+      - INTERNAL_SECRET={{ NEXTCLOUD_HPB_INTERNAL_SECRET }}
+      - TZ={{ HOST_TIMEZONE }}
+    expose:
+      - "{{ NEXTCLOUD_RECORDING_PORT }}"
+    networks:
+      default:
+        ipv4_address: 192.168.102.72
+{% endif %}
+
+
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
    name: {{ NEXTCLOUD_VOLUME }}
--- a/roles/web-app-nextcloud/vars/main.yml
+++ b/roles/web-app-nextcloud/vars/main.yml
@@ -133,6 +133,15 @@ NEXTCLOUD_WHITEBOARD_SERVICE_DIRECTORY:   "{{ [ docker_compose.directories.servi
 NEXTCLOUD_WHITEBOARD_SERVICE_DOCKERFILE:  "{{ [ NEXTCLOUD_WHITEBOARD_SERVICE_DIRECTORY, 'Dockerfile' ] | path_join }}"
 NEXTCLOUD_WHITEBOARD_MAX_OLD_SPACE_SIZE:  "{{ applications | node_max_old_space_size(application_id, NEXTCLOUD_WHITEBOARD_SERVICE) }}"

+### Talk Recording backend
+NEXTCLOUD_RECORDING_SERVICE:              "talk_recording"
+NEXTCLOUD_RECORDING_CONTAINER:            "{{ applications | get_app_conf(application_id, 'docker.services.' ~ NEXTCLOUD_RECORDING_SERVICE ~ '.name') }}"
+NEXTCLOUD_RECORDING_IMAGE:                "{{ applications | get_app_conf(application_id, 'docker.services.' ~ NEXTCLOUD_RECORDING_SERVICE ~ '.image') }}"
+NEXTCLOUD_RECORDING_VERSION:              "{{ applications | get_app_conf(application_id, 'docker.services.' ~ NEXTCLOUD_RECORDING_SERVICE ~ '.version') }}"
+NEXTCLOUD_RECORDING_ENABLED:              "{{ NEXTCLOUD_HPB_PLUGIN_ENABLED }}"
+NEXTCLOUD_RECORDING_PORT:                 1234
+NEXTCLOUD_RECORDING_SECRET:               "{{ applications | get_app_conf(application_id, 'credentials.talk_recording_secret') }}"
+
 ### Collabora
 NEXTCLOUD_COLLABORA_URL:                  "{{ domains | get_url('web-svc-collabora', WEB_PROTOCOL) }}"

--- a/roles/web-app-nextcloud/vars/plugins/spreed.yml
+++ b/roles/web-app-nextcloud/vars/plugins/spreed.yml
@@ -39,3 +39,19 @@ plugin_configuration:
  - appid: "spreed"
    configkey: "internal_secret"
    configvalue: "{{ NEXTCLOUD_HPB_INTERNAL_SECRET }}"
+
+  - appid: "spreed"
+    configkey: "recording_servers"
+    configvalue: >-
+      {{
+        {
+          'servers': [
+            {
+              'server': 'http://' ~ NEXTCLOUD_RECORDING_SERVICE ~ ':' ~ NEXTCLOUD_RECORDING_PORT ~ '/',
+              'verify': false
+            }
+          ],
+          'secret': NEXTCLOUD_RECORDING_SECRET
+        }
+        | to_json
+      }}