Move roles/matrix* to roles/custom/matrix*

This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.

roles/custom/matrix-jitsi/defaults/main.yml

@@ -0,0 +1,269 @@
+---
+# Project source code URL: https://github.com/jitsi/docker-jitsi-meet
+
+matrix_jitsi_enabled: true
+
+matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
+
+matrix_jitsi_enable_auth: false
+matrix_jitsi_enable_guests: false
+matrix_jitsi_enable_recording: false
+matrix_jitsi_enable_transcriptions: false
+matrix_jitsi_enable_jaas_components: false
+matrix_jitsi_enable_p2p: true
+matrix_jitsi_enable_av_moderation: true
+matrix_jitsi_enable_breakout_rooms: true
+
+# Authentication type, must be one of internal, jwt or ldap.
+# Currently only internal and ldap mechanisms are supported by this playbook.
+matrix_jitsi_auth_type: internal
+
+# A list of Jitsi (Prosody) accounts to create using the internal authentication mechanism.
+#
+# Accounts added here and subsquently removed will not be automatically removed
+# from the Prosody server until user account cleaning is integrated into the playbook.
+#
+# Example:
+# matrix_jitsi_prosody_auth_internal_accounts:
+#  - username: "jitsi-moderator"
+#    password: "secret-password"
+#  - username: "another-user"
+#    password: "another-password"
+matrix_jitsi_prosody_auth_internal_accounts: []
+
+# Configuration options for LDAP authentication. For details see upstream:
+#   https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap.
+# Defaults are taken from:
+#   https://github.com/jitsi/docker-jitsi-meet/blob/master/prosody/rootfs/defaults/saslauthd.conf
+matrix_jitsi_ldap_url: ""
+matrix_jitsi_ldap_base: ""
+matrix_jitsi_ldap_binddn: ""
+matrix_jitsi_ldap_bindpw: ""
+matrix_jitsi_ldap_filter: "uid=%u"
+matrix_jitsi_ldap_auth_method: "bind"
+matrix_jitsi_ldap_version: "3"
+matrix_jitsi_ldap_use_tls: false
+matrix_jitsi_ldap_tls_ciphers: ""
+matrix_jitsi_ldap_tls_check_peer: false
+matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
+matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
+matrix_jitsi_ldap_start_tls: false
+
+matrix_jitsi_timezone: UTC
+
+matrix_jitsi_xmpp_domain: meet.jitsi
+matrix_jitsi_xmpp_server: xmpp.meet.jitsi
+matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi
+matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280
+matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
+matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi
+matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi
+matrix_jitsi_xmpp_modules: ''
+
+matrix_jitsi_recorder_domain: recorder.meet.jitsi
+
+
+matrix_jitsi_jibri_brewery_muc: jibribrewery
+matrix_jitsi_jibri_pending_timeout: 90
+matrix_jitsi_jibri_xmpp_user: jibri
+matrix_jitsi_jibri_xmpp_password: ''
+matrix_jitsi_jibri_recorder_user: recorder
+matrix_jitsi_jibri_recorder_password: ''
+
+matrix_jitsi_enable_lobby: false
+
+matrix_jitsi_version: stable-7882
+matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}"  # for backward-compatibility
+
+matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
+matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
+matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config"
+matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts"
+matrix_jitsi_web_crontabs_path: "{{ matrix_jitsi_web_base_path }}/crontabs"
+
+matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"
+
+# STUN servers used in the web UI. Feel free to point them to your own STUN server.
+# Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`.
+matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443']
+
+# Setting up TURN
+# Default set with Coturn container
+matrix_jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret }}"
+matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}"
+matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}"
+matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}"
+matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}"
+
+# Controls whether Etherpad will be available within Jitsi
+matrix_jitsi_etherpad_enabled: false
+
+# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:13080"), or empty string to not expose.
+matrix_jitsi_web_container_http_host_bind_port: ''
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_web_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-web.service depends on
+matrix_jitsi_web_systemd_required_services_list: ['docker.service']
+
+
+# Custom configuration to be appended to `interface_config.js`, passed to Jitsi Web.
+#
+# Note: not to be confused with `matrix_jitsi_web_custom_config_extension`.
+#
+# For interface configuration, the flow is like this:
+# - a default `interface_config.js` is generated from within the docker image
+# - the contents of `matrix_jitsi_web_custom_interface_config_extension` is appended and can define new settings or override defaults.
+#
+# Example:
+# matrix_jitsi_web_custom_interface_config_extension: |
+#   interfaceConfig.LANG_DETECTION = false;
+#   interfaceConfig.SHOW_JITSI_WATERMARK = false;
+#   interfaceConfig.DISABLE_VIDEO_BACKGROUND = true;
+matrix_jitsi_web_custom_interface_config_extension: ''
+
+
+# Controls after which participant audio will be muted. If not specified, defaults to Jitsi's default value (likely 10)
+matrix_jitsi_web_config_start_audio_muted_after_nth_participant: ~
+# Controls after which participant video will be muted. If not specified, defaults to Jitsi's default value (likely 10)
+matrix_jitsi_web_config_start_video_muted_after_nth_participant: ~
+
+matrix_jitsi_web_config_defaultLanguage: 'en'  # noqa var-naming
+
+# Ideal and also maximum resolution width. If not specified, defaults to Jitsi's default value (likely 1280)
+matrix_jitsi_web_config_resolution_width_ideal_and_max: ~
+# Minimum resolution width. If not specified, defaults to Jitsi's default value (likely 320)
+matrix_jitsi_web_config_resolution_width_min: ~
+# Ideal and also maximum resolution height. If not specified, defaults to Jitsi's default value (likely 720)
+matrix_jitsi_web_config_resolution_height_ideal_and_max: ~
+# Minimum resolution height. If not specified, defaults to Jitsi's default value (likely 180)
+matrix_jitsi_web_config_resolution_height_min: ~
+
+# Custom configuration to be injected into `custom-config.js`, passed to Jitsi Web.
+# This configuration gets appended to the final configuration that Jitsi Web uses.
+#
+# Note: not to be confused with `matrix_jitsi_web_custom_interface_config_extension`.
+#
+# The flow is like this:
+# - some default configuration is automatically generated based on the environment variables passed to the Jitsi Web container
+# - the contents of `custom-config.js` is appended to it (see `templates/web/custom-config.js.j2`)
+# - said `custom-config.js` contains your custom contents specified in `matrix_jitsi_web_custom_config_extension`.
+#
+# Example:
+# matrix_jitsi_web_custom_config_extension: |
+#   if (!config.hasOwnProperty('testing')) config.testing = {};
+#   config.testing.p2pTestMode = true
+matrix_jitsi_web_custom_config_extension: ''
+
+# Additional environment variables to pass to the Jitsi Web container.
+# You can use this to further influence the default configuration generated by the Jitsi Web container on every startup.
+# Besides influencing the final configuration by passing environment variables, you can also inject custom configuration
+# by using `matrix_jitsi_web_custom_config_extension`.
+#
+# Example:
+# matrix_jitsi_web_environment_variables_extension: |
+#   ENABLE_FILE_RECORDING_SERVICE=1
+#   DROPBOX_APPKEY=something
+#   DROPBOX_REDIRECT_URI=something
+matrix_jitsi_web_environment_variables_extension: ''
+
+
+matrix_jitsi_prosody_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/prosody:{{ matrix_jitsi_container_image_tag }}"
+matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
+matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config"
+matrix_jitsi_prosody_plugins_path: "{{ matrix_jitsi_prosody_base_path }}/prosody-plugins-custom"
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_prosody_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-prosody.service depends on
+matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
+
+# Neccessary Port binding for those disabling the integrated nginx proxy
+matrix_jitsi_prosody_container_http_host_bind_port: ''
+
+matrix_jitsi_jicofo_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
+matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
+matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config"
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_jicofo_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-jicofo.service depends on
+matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
+
+matrix_jitsi_jicofo_component_secret: ''
+matrix_jitsi_jicofo_auth_user: focus
+matrix_jitsi_jicofo_auth_password: ''
+
+matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
+matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"
+matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config"
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_jvb_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-jvb.service depends on
+matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
+
+matrix_jitsi_jvb_auth_user: jvb
+matrix_jitsi_jvb_auth_password: ''
+
+# STUN servers used by JVB on the server-side, so it can discover its own external IP address.
+# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.
+matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443']
+
+matrix_jitsi_jvb_brewery_muc: jvbbrewery
+matrix_jitsi_jvb_rtp_udp_port: 10000
+matrix_jitsi_jvb_rtp_tcp_port: 4443
+
+# Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB.
+# This configuration gets appended to the final configuration that Jitsi JVB uses.
+#
+# The flow is like this:
+# - some default configuration is automatically generated based on the environment variables passed to the Jitsi JVB container
+# - the contents of `custom-sip-communicator.properties` is appended to it (see `templates/jvb/custom-sip-communicator.properties.j2`)
+# - said `custom-sip-communicator.properties` contains your custom contents specified in `matrix_jitsi_jvb_custom_config_extension`.
+#
+# Example:
+# matrix_jitsi_jvb_custom_config_extension: |
+#   org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=false
+#   org.jitsi.videobridge.ENABLE_STATISTICS=false
+matrix_jitsi_jvb_custom_config_extension: ''
+
+# Additional environment variables to pass to the Jitsi JVB container.
+# You can use this to further influence the default configuration generated by the Jitsi JVB container on every startup.
+# Besides influencing the final configuration by passing environment variables, you can also inject custom configuration
+# by using `matrix_jitsi_jvb_custom_config_extension`.
+#
+# Example:
+# matrix_jitsi_jvb_environment_variables_extension: |
+#   SOME_VARIABLE=1
+#   ANOTHER_VARIABLE=something
+matrix_jitsi_jvb_environment_variables_extension: ''
+
+# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:10000"), or empty string to not expose.
+matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}"
+
+# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4443"), or empty string to not expose.
+matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}"
+
+# Controls whether the matrix-jitsi-jvb container exposes its Colibri WebSocket port (tcp/9090 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12090"), or empty string to not expose.
+matrix_jitsi_jvb_container_colibri_ws_host_bind_port: ''

roles/custom/matrix-jitsi/tasks/init.yml

@@ -0,0 +1,10 @@
+---
+
+- ansible.builtin.set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}"
+  when: matrix_jitsi_enabled | bool
+
+- name: Fail if on an unsupported architecture
+  ansible.builtin.fail:
+    msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214"
+  when: matrix_jitsi_enabled | bool and matrix_architecture not in ['amd64', 'arm64']

roles/custom/matrix-jitsi/tasks/main.yml

@@ -0,0 +1,41 @@
+---
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup | bool and matrix_jitsi_enabled | bool"
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
+  when: run_setup | bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml"
+  when: run_setup | bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml"
+  when: run_setup | bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml"
+  when: run_setup | bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml"
+  when: run_setup | bool
+  tags:
+    - setup-all
+    - setup-jitsi

roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml

@@ -0,0 +1,22 @@
+---
+
+- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
+
+#
+# Tasks related to setting up jitsi
+#
+
+- name: Ensure Matrix jitsi base path exists
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_jitsi_base_path }}", when: true}
+  when: matrix_jitsi_enabled | bool and item.when
+
+#
+# Tasks related to getting rid of jitsi (if it was previously enabled)
+#

roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml

@@ -0,0 +1,102 @@
+---
+
+#
+# Tasks related to setting up jitsi-jicofo
+#
+
+- name: Ensure Matrix jitsi-jicofo path exists
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_jitsi_jicofo_base_path }}", when: true}
+    - {path: "{{ matrix_jitsi_jicofo_config_path }}", when: true}
+  when: matrix_jitsi_enabled | bool and item.when
+
+- name: Ensure jitsi-jicofo Docker image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_jitsi_jicofo_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled | bool
+  register: result
+  retries: "{{ matrix_container_retries_count }}"
+  delay: "{{ matrix_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure jitsi-jicofo environment variables file created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/jicofo/env.j2"
+    dest: "{{ matrix_jitsi_jicofo_base_path }}/env"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0640
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure jitsi-jicofo configuration files created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/jicofo/{{ item }}.j2"
+    dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0644
+  with_items:
+    - sip-communicator.properties
+    - logging.properties
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure matrix-jitsi-jicofo.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service"
+    mode: 0644
+  register: matrix_jitsi_jicofo_systemd_service_result
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation
+  ansible.builtin.service:
+    daemon_reload: true
+  when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-jicofo (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-jicofo service
+  ansible.builtin.stat:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service"
+  register: matrix_jitsi_jicofo_service_stat
+  when: "not matrix_jitsi_enabled | bool"
+
+- name: Ensure matrix-jitsi-jicofo is stopped
+  ansible.builtin.service:
+    name: matrix-jitsi-jicofo
+    state: stopped
+    enabled: false
+    daemon_reload: true
+  register: stopping_result
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-jicofo.service doesn't exist
+  ansible.builtin.file:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service"
+    state: absent
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal
+  ansible.builtin.service:
+    daemon_reload: true
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-jicofo paths doesn't exist
+  ansible.builtin.file:
+    path: "{{ matrix_jitsi_jicofo_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled | bool"
+
+# Intentionally not removing the Docker image when uninstalling.
+# We can't be sure it had been pulled by us in the first place.

roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml

@@ -0,0 +1,102 @@
+---
+
+#
+# Tasks related to setting up jitsi-jvb
+#
+
+- name: Ensure Matrix jitsi-jvb path exists
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_jitsi_jvb_base_path }}", when: true}
+    - {path: "{{ matrix_jitsi_jvb_config_path }}", when: true}
+  when: matrix_jitsi_enabled | bool and item.when
+
+- name: Ensure jitsi-jvb Docker image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_jitsi_jvb_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled | bool
+  register: result
+  retries: "{{ matrix_container_retries_count }}"
+  delay: "{{ matrix_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure jitsi-jvb configuration files created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/jvb/{{ item }}.j2"
+    dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0644
+  with_items:
+    - custom-sip-communicator.properties
+    - logging.properties
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure jitsi-jvb environment variables file created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/jvb/env.j2"
+    dest: "{{ matrix_jitsi_jvb_base_path }}/env"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0640
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure matrix-jitsi-jvb.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service"
+    mode: 0644
+  register: matrix_jitsi_jvb_systemd_service_result
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation
+  ansible.builtin.service:
+    daemon_reload: true
+  when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-jvb (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-jvb service
+  ansible.builtin.stat:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service"
+  register: matrix_jitsi_jvb_service_stat
+  when: "not matrix_jitsi_enabled | bool"
+
+- name: Ensure matrix-jitsi-jvb is stopped
+  ansible.builtin.service:
+    name: matrix-jitsi-jvb
+    state: stopped
+    enabled: false
+    daemon_reload: true
+  register: stopping_result
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-jvb.service doesn't exist
+  ansible.builtin.file:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service"
+    state: absent
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal
+  ansible.builtin.service:
+    daemon_reload: true
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-jvb paths doesn't exist
+  ansible.builtin.file:
+    path: "{{ matrix_jitsi_jvb_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled | bool"
+
+# Intentionally not removing the Docker image when uninstalling.
+# We can't be sure it had been pulled by us in the first place.

roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml

@@ -0,0 +1,99 @@
+---
+
+#
+# Tasks related to setting up jitsi-prosody
+#
+
+- name: Ensure Matrix jitsi-prosody environment exists
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_jitsi_prosody_base_path }}", when: true}
+    - {path: "{{ matrix_jitsi_prosody_config_path }}", when: true}
+    - {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true}
+  when: matrix_jitsi_enabled | bool and item.when
+
+- name: Ensure jitsi-prosody Docker image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_jitsi_prosody_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled | bool
+  register: result
+  retries: "{{ matrix_container_retries_count }}"
+  delay: "{{ matrix_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure jitsi-prosody environment variables file is created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/prosody/env.j2"
+    dest: "{{ matrix_jitsi_prosody_base_path }}/env"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0640
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure matrix-jitsi-prosody.service file is installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
+    mode: 0644
+  register: matrix_jitsi_prosody_systemd_service_result
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation
+  ansible.builtin.service:
+    daemon_reload: true
+  when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed"
+
+- name: Ensure authentication is properly configured
+  ansible.builtin.include_tasks:
+    file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml"
+  when:
+    - matrix_jitsi_enabled | bool
+    - matrix_jitsi_enable_auth | bool
+
+
+#
+# Tasks related to getting rid of jitsi-prosody (if it was previously enabled)
+#
+
+- name: Ensure matrix-jitsi-prosody.service file exists
+  ansible.builtin.stat:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
+  register: matrix_jitsi_prosody_service_stat
+  when: "not matrix_jitsi_enabled | bool"
+
+- name: Ensure matrix-jitsi-prosody is stopped
+  ansible.builtin.service:
+    name: matrix-jitsi-prosody
+    state: stopped
+    enabled: false
+    daemon_reload: true
+  register: stopping_result
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-prosody.service file doesn't exist
+  ansible.builtin.file:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
+    state: absent
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists"
+
+- name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal
+  ansible.builtin.service:
+    daemon_reload: true
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-prosody paths doesn't exist
+  ansible.builtin.file:
+    path: "{{ matrix_jitsi_prosody_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled | bool"
+
+# Intentionally not removing the Docker image when uninstalling.
+# We can't be sure it had been pulled by us in the first place.

roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml

@@ -0,0 +1,104 @@
+---
+
+#
+# Tasks related to setting up jitsi-web
+#
+
+- name: Ensure Matrix jitsi-web path exists
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_jitsi_web_base_path }}", when: true}
+    - {path: "{{ matrix_jitsi_web_config_path }}", when: true}
+    - {path: "{{ matrix_jitsi_web_transcripts_path }}", when: true}
+    - {path: "{{ matrix_jitsi_web_crontabs_path }}", when: true}
+  when: matrix_jitsi_enabled | bool and item.when
+
+- name: Ensure jitsi-web Docker image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_jitsi_web_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled | bool
+  register: result
+  retries: "{{ matrix_container_retries_count }}"
+  delay: "{{ matrix_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure jitsi-web environment variables file created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/web/env.j2"
+    dest: "{{ matrix_jitsi_web_base_path }}/env"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0640
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure jitsi-web configuration files created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/web/{{ item }}.j2"
+    dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0644
+  with_items:
+    - custom-config.js
+    - custom-interface_config.js
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure matrix-jitsi-web.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-jitsi-web.service"
+    mode: 0644
+  register: matrix_jitsi_web_systemd_service_result
+  when: matrix_jitsi_enabled | bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-web.service installation
+  ansible.builtin.service:
+    daemon_reload: true
+  when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-web (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-web service
+  ansible.builtin.stat:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service"
+  register: matrix_jitsi_web_service_stat
+  when: "not matrix_jitsi_enabled | bool"
+
+- name: Ensure matrix-jitsi-web is stopped
+  ansible.builtin.service:
+    name: matrix-jitsi-web
+    state: stopped
+    enabled: false
+    daemon_reload: true
+  register: stopping_result
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-web.service doesn't exist
+  ansible.builtin.file:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service"
+    state: absent
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-web.service removal
+  ansible.builtin.service:
+    daemon_reload: true
+  when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-web paths doesn't exist
+  ansible.builtin.file:
+    path: "{{ matrix_jitsi_web_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled | bool"
+
+# Intentionally not removing the Docker image when uninstalling.
+# We can't be sure it had been pulled by us in the first place.

roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml

@@ -0,0 +1,41 @@
+---
+#
+# Start Necessary Services
+#
+
+- name: Ensure matrix-jitsi-prosody container is running
+  ansible.builtin.systemd:
+    state: started
+    name: matrix-jitsi-prosody
+  register: matrix_jitsi_prosody_start_result
+
+
+#
+# Tasks related to configuring Jitsi internal authentication
+#
+
+- name: Ensure Jitsi internal authentication users are configured
+  ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}"
+  with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}"
+  when:
+    - matrix_jitsi_auth_type == "internal"
+    - matrix_jitsi_prosody_auth_internal_accounts|length > 0
+  register: matrix_jitsi_user_configuration_result
+  changed_when: matrix_jitsi_user_configuration_result.rc == 0
+
+#
+# Tasks related to configuring other Jitsi authentication mechanisms
+#
+
+#
+# Tasks related to cleaning after Jitsi authentication configuration
+#
+
+#
+# Stop Necessary Services
+#
+- name: Ensure matrix-jitsi-prosody container is stopped if necessary
+  ansible.builtin.systemd:
+    state: stopped
+    name: matrix-jitsi-prosody
+  when: matrix_jitsi_prosody_start_result.changed | bool

roles/custom/matrix-jitsi/tasks/validate_config.yml

@@ -0,0 +1,68 @@
+---
+
+- name: Fail if required Jitsi settings not defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`) to properly configure Jitsi.
+
+      If you're setting up Jitsi for the first time, you may have missed a step.
+      Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
+
+      If you had previously setup Jitsi successfully and are only now facing this error,
+      it means that your installation is most likely using default passwords previously defined by the playbook.
+      These defaults are insecure. Jitsi should be rebuilt with secure values.
+      Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_jitsi_jibri_xmpp_password"
+    - "matrix_jitsi_jibri_recorder_password"
+    - "matrix_jitsi_jicofo_auth_password"
+    - "matrix_jitsi_jvb_auth_password"
+
+
+- name: Fail if a Jitsi internal authentication account is not defined
+  ansible.builtin.fail:
+    msg: >-
+      At least one Jitsi user needs to be defined in `matrix_jitsi_prosody_auth_internal_accounts` when using internal authentication.
+      If you're setting up Jitsi for the first time, you may have missed a step.
+      Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
+  when:
+    - matrix_jitsi_enable_auth | bool
+    - matrix_jitsi_auth_type == 'internal'
+    - matrix_jitsi_prosody_auth_internal_accounts|length == 0
+
+
+- name: (Deprecation) Catch and report renamed settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_jitsi_web_config_constraints_enabled', 'new': '<Now unnecessary. Constraints are always applied automatically>'}
+    - {'old': 'matrix_jitsi_web_config_constraints_video_aspectRatio', 'new': '<Not applicable anymore>'}
+    - {'old': 'matrix_jitsi_web_config_constraints_video_height_ideal', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'}
+    - {'old': 'matrix_jitsi_web_config_constraints_video_height_max', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'}
+    - {'old': 'matrix_jitsi_web_config_constraints_video_height_min', 'new': 'matrix_jitsi_web_config_resolution_height_min'}
+    - {'old': 'matrix_jitsi_web_config_disableAudioLevels', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
+    - {'old': 'matrix_jitsi_web_config_enableLayerSuspension', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
+    - {'old': 'matrix_jitsi_web_config_channelLastN', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
+    - {'old': 'matrix_jitsi_web_config_testing_p2pTestMode', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension>'}
+    - {'old': 'matrix_jitsi_web_config_start_with_audio_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_audio_muted_after_nth_participant>'}
+    - {'old': 'matrix_jitsi_web_config_start_with_video_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_video_muted_after_nth_participant>'}
+    - {'old': 'matrix_jitsi_web_interface_config_show_watermark_for_guests', 'new': '<Not applicable anymore>'}
+    - {'old': 'matrix_jitsi_web_interface_config_invitation_powered_by', 'new': '<Not applicable anymore>'}
+    - {'old': 'matrix_jisti_web_interface_config_show_deep_linking_image', 'new': 'matrix_jitsi_web_interface_config_show_deep_linking_image'}
+    - {'old': 'matrix_jitsi_web_interface_config_lang_detection', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_show_jitsi_watermark', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_jitsi_watermark_link', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_show_brand_watermark', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_brand_watermark_link', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_generate_room_names_on_welcome_page', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_display_welcome_page_content', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_app_name', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_native_app_name', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_provider_name', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_show_powered_by', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_disable_transcription_subtitles', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
+    - {'old': 'matrix_jitsi_web_interface_config_show_deep_linking_image', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}

roles/custom/matrix-jitsi/templates/jicofo/env.j2

@@ -0,0 +1,38 @@
+AUTH_TYPE={{ matrix_jitsi_auth_type }}
+BRIDGE_AVG_PARTICIPANT_STRESS
+BRIDGE_STRESS_THRESHOLD
+ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+ENABLE_AUTO_OWNER
+ENABLE_CODEC_VP8
+ENABLE_CODEC_VP9
+ENABLE_CODEC_H264
+ENABLE_OCTO
+ENABLE_RECORDING
+ENABLE_SCTP
+ENABLE_AUTO_LOGIN
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
+JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
+JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
+JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
+JICOFO_ENABLE_HEALTH_CHECKS
+JICOFO_SHORT_ID
+JICOFO_RESERVATION_ENABLED
+JICOFO_RESERVATION_REST_BASE_URL
+JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
+JIBRI_REQUEST_RETRIES
+JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
+JIGASI_BREWERY_MUC
+JIGASI_SIP_URI
+JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
+MAX_BRIDGE_PARTICIPANTS
+OCTO_BRIDGE_SELECTION_STRATEGY
+SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
+SENTRY_ENVIRONMENT
+SENTRY_RELEASE
+TZ={{ matrix_jitsi_timezone }}
+XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
+XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
+XMPP_SERVER={{ matrix_jitsi_xmpp_server }}

roles/custom/matrix-jitsi/templates/jicofo/logging.properties.j2

@@ -0,0 +1,27 @@
+{% raw %}
+{{ if .Env.SENTRY_DSN | default "0" | toBool }}
+handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
+{{ else }}
+handlers= java.util.logging.ConsoleHandler
+{{ end }}
+{% endraw %}
+
+java.util.logging.ConsoleHandler.level = ALL
+java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
+
+net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo
+
+.level=INFO
+net.sf.level=SEVERE
+net.java.sip.communicator.plugin.reconnectplugin.level=FINE
+org.ice4j.level=SEVERE
+org.jitsi.impl.neomedia.level=SEVERE
+io.sentry.jul.SentryHandler.level=WARNING
+
+# Do not worry about missing strings
+net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE
+
+#net.java.sip.communicator.service.protocol.level=ALL
+
+# Enable debug packets logging
+#org.jitsi.impl.protocol.xmpp.level=FINE

roles/custom/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2

@@ -0,0 +1,33 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-jicofo server
+{% for service in matrix_jitsi_jicofo_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true'
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
+			--mount type=bind,src={{ matrix_jitsi_jicofo_config_path }},dst=/config \
+			{% for arg in matrix_jitsi_jicofo_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_jicofo_docker_image }}
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-jicofo
+
+[Install]
+WantedBy=multi-user.target

roles/custom/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2

@@ -0,0 +1,9 @@
+org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
+org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
+
+org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
+org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
+
+{% if matrix_jitsi_enable_auth %}
+org.jitsi.jicofo.auth.URL=XMPP:{{ matrix_jitsi_xmpp_domain }}
+{% endif %}

roles/custom/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2

@@ -0,0 +1,7 @@
+org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
+
+org.jitsi.videobridge.ENABLE_STATISTICS=true
+org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
+org.jitsi.videobridge.STATISTICS_INTERVAL=5000
+
+{{ matrix_jitsi_jvb_custom_config_extension }}

roles/custom/matrix-jitsi/templates/jvb/env.j2

@@ -0,0 +1,31 @@
+DOCKER_HOST_ADDRESS
+ENABLE_COLIBRI_WEBSOCKET
+ENABLE_OCTO
+JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
+JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
+JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
+JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
+JVB_TCP_HARVESTER_DISABLED=true
+JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
+JVB_TCP_MAPPED_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
+{% if matrix_jitsi_jvb_stun_servers|length > 0 %}
+JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }}
+{% endif %}
+JVB_OCTO_BIND_ADDRESS
+JVB_OCTO_PUBLIC_ADDRESS
+JVB_OCTO_BIND_PORT
+JVB_OCTO_REGION
+JVB_WS_DOMAIN
+JVB_WS_SERVER_ID
+PUBLIC_URL={{ matrix_jitsi_web_public_url }}
+SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
+SENTRY_ENVIRONMENT
+SENTRY_RELEASE
+COLIBRI_REST_ENABLED
+SHUTDOWN_REST_ENABLED
+TZ={{ matrix_jitsi_timezone }}
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
+XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
+
+{{ matrix_jitsi_jvb_environment_variables_extension }}

roles/custom/matrix-jitsi/templates/jvb/logging.properties.j2

@@ -0,0 +1,20 @@
+{% raw %}
+{{ if .Env.SENTRY_DSN | default "0" | toBool }}
+handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
+{{ else }}
+handlers= java.util.logging.ConsoleHandler
+{{ end }}
+{% endraw %}
+
+java.util.logging.ConsoleHandler.level = ALL
+java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
+
+net.java.sip.communicator.util.ScLogFormatter.programname=JVB
+
+.level=INFO
+
+org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE
+io.sentry.jul.SentryHandler.level=WARNING
+
+# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge.
+org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING

roles/custom/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2

@@ -0,0 +1,43 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-jvb server
+{% for service in matrix_jitsi_jvb_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true'
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			--network-alias=jvb.meet.jitsi \
+			--env-file={{ matrix_jitsi_jvb_base_path }}/env \
+			{% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %}
+			-p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \
+			{% endif %}
+			{% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %}
+			-p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \
+			{% endif %}
+			{% if matrix_jitsi_jvb_container_colibri_ws_host_bind_port %}
+			-p {{ matrix_jitsi_jvb_container_colibri_ws_host_bind_port }}:9090 \
+			{% endif %}
+			--mount type=bind,src={{ matrix_jitsi_jvb_config_path }},dst=/config \
+			{% for arg in matrix_jitsi_jvb_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_jvb_docker_image }}
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-jvb
+
+[Install]
+WantedBy=multi-user.target

roles/custom/matrix-jitsi/templates/prosody/env.j2

@@ -0,0 +1,60 @@
+AUTH_TYPE={{ matrix_jitsi_auth_type }}
+DISABLE_POLLS
+ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}}
+ENABLE_BREAKOUT_ROOMS={{1 if matrix_jitsi_enable_breakout_rooms else 0}}
+ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
+ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }}
+ENABLE_XMPP_WEBSOCKET
+GLOBAL_CONFIG
+GLOBAL_MODULES
+JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
+JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
+JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
+JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
+JICOFO_COMPONENT_SECRET
+JIGASI_XMPP_USER=
+JIGASI_XMPP_PASSWORD=
+JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
+JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
+JWT_APP_ID
+JWT_APP_SECRET
+JWT_ACCEPTED_ISSUERS
+JWT_ACCEPTED_AUDIENCES
+JWT_ASAP_KEYSERVER
+JWT_ALLOW_EMPTY
+JWT_AUTH_TYPE
+JWT_TOKEN_AUTH_MODULE
+LOG_LEVEL
+LDAP_AUTH_METHOD={{ matrix_jitsi_ldap_auth_method }}
+LDAP_BASE={{ matrix_jitsi_ldap_base }}
+LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }}
+LDAP_BINDPW={{ matrix_jitsi_ldap_bindpw }}
+LDAP_FILTER={{ matrix_jitsi_ldap_filter }}
+LDAP_VERSION={{ matrix_jitsi_ldap_version }}
+LDAP_TLS_CIPHERS={{ matrix_jitsi_ldap_tls_ciphers }}
+LDAP_TLS_CHECK_PEER={{ 1 if matrix_jitsi_ldap_tls_check_peer else 0 }}
+LDAP_TLS_CACERT_FILE={{ matrix_jitsi_ldap_tls_cacert_file }}
+LDAP_TLS_CACERT_DIR={{ matrix_jitsi_ldap_tls_cacert_dir }}
+LDAP_START_TLS={{ 1 if matrix_jitsi_ldap_start_tls else 0 }}
+LDAP_URL={{ matrix_jitsi_ldap_url }}
+LDAP_USE_TLS={{ 1 if matrix_jitsi_ldap_use_tls else 0 }}
+PUBLIC_URL={{ matrix_jitsi_web_public_url }}
+TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }}
+TURN_HOST={{ matrix_jitsi_turn_host }}
+TURNS_HOST={{ matrix_jitsi_turns_host }}
+TURN_PORT={{ matrix_jitsi_turn_port }}
+TURNS_PORT={{ matrix_jitsi_turns_port }}
+TZ={{ matrix_jitsi_timezone }}
+XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
+XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
+XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
+XMPP_MODULES={{ matrix_jitsi_xmpp_modules }}
+XMPP_MUC_MODULES=
+XMPP_INTERNAL_MUC_MODULES=
+XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
+XMPP_CROSS_DOMAIN=true

roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2

@@ -0,0 +1,38 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-prosody server
+{% for service in matrix_jitsi_prosody_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true'
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			--network-alias={{ matrix_jitsi_xmpp_server }} \
+			{% if matrix_jitsi_prosody_container_http_host_bind_port %}
+			-p {{ matrix_jitsi_prosody_container_http_host_bind_port }}:5280 \
+			{% endif %}
+			--env-file={{ matrix_jitsi_prosody_base_path }}/env \
+			--mount type=bind,src={{ matrix_jitsi_prosody_config_path }},dst=/config \
+			--mount type=bind,src={{ matrix_jitsi_prosody_plugins_path }},dst=/prosody-plugins-custom \
+			{% for arg in matrix_jitsi_prosody_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_prosody_docker_image }}
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-prosody
+
+[Install]
+WantedBy=multi-user.target

roles/custom/matrix-jitsi/templates/web/custom-config.js.j2

@@ -0,0 +1,18 @@
+config.defaultLanguage = {{ matrix_jitsi_web_config_defaultLanguage|to_json }};
+
+
+if (!config.hasOwnProperty('p2p')) config.p2p = {% raw %}{}{% endraw %};
+
+{% if matrix_jitsi_web_stun_servers|length > 0 %}
+config.p2p.stunServers = [
+	{% for url in matrix_jitsi_web_stun_servers %}
+		{ urls: {{ url|to_json }} }{% if not loop.last %},{% endif %}
+	{% endfor %}
+];
+{% endif %}
+
+{% if matrix_jitsi_etherpad_enabled %}
+config.etherpad_base = {{ (matrix_jitsi_etherpad_base + '/p/') |to_json }}
+{% endif %}
+
+{{ matrix_jitsi_web_custom_config_extension }}

roles/custom/matrix-jitsi/templates/web/custom-interface_config.js.j2

@@ -0,0 +1,3 @@
+
+{{ matrix_jitsi_web_custom_interface_config_extension }}
+

roles/custom/matrix-jitsi/templates/web/env.j2

@@ -0,0 +1,111 @@
+AMPLITUDE_ID
+ANALYTICS_SCRIPT_URLS
+ANALYTICS_WHITELISTED_EVENTS
+CALLSTATS_CUSTOM_SCRIPT_URL
+CALLSTATS_ID
+CALLSTATS_SECRET
+CHROME_EXTENSION_BANNER_JSON
+CONFCODE_URL
+CONFIG_EXTERNAL_CONNECT
+DEFAULT_LANGUAGE
+DEPLOYMENTINFO_ENVIRONMENT
+DEPLOYMENTINFO_ENVIRONMENT_TYPE
+DEPLOYMENTINFO_REGION
+DEPLOYMENTINFO_SHARD
+DEPLOYMENTINFO_USERREGION
+DESKTOP_SHARING_FRAMERATE_MIN
+DESKTOP_SHARING_FRAMERATE_MAX
+DIALIN_NUMBERS_URL
+DIALOUT_AUTH_URL
+DIALOUT_CODES_URL
+DISABLE_AUDIO_LEVELS
+DISABLE_DEEP_LINKING
+DISABLE_HTTPS=0
+DISABLE_POLLS
+DISABLE_REACTIONS
+DROPBOX_APPKEY
+DROPBOX_REDIRECT_URI
+DYNAMIC_BRANDING_URL
+ENABLE_AUDIO_PROCESSING
+ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+ENABLE_BREAKOUT_ROOMS={{1 if matrix_jitsi_enable_breakout_rooms else 0}}
+ENABLE_CALENDAR
+ENABLE_COLIBRI_WEBSOCKET
+ENABLE_FILE_RECORDING_SERVICE
+ENABLE_FILE_RECORDING_SERVICE_SHARING
+ENABLE_FLOC=0
+ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
+ENABLE_HSTS=0
+ENABLE_HTTP_REDIRECT=0
+ENABLE_IPV6
+ENABLE_LETSENCRYPT=0
+ENABLE_LIPSYNC
+ENABLE_NO_AUDIO_DETECTION
+ENABLE_NOISY_MIC_DETECTION
+ENABLE_PREJOIN_PAGE
+ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }}
+ENABLE_WELCOME_PAGE
+ENABLE_CLOSE_PAGE
+ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }}
+ENABLE_REMB
+ENABLE_REQUIRE_DISPLAY_NAME
+ENABLE_SIMULCAST
+ENABLE_STATS_ID
+ENABLE_STEREO
+ENABLE_SUBDOMAINS
+ENABLE_TALK_WHILE_MUTED
+ENABLE_TCC
+ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
+ENABLE_XMPP_WEBSOCKET
+ENABLE_JAAS_COMPONENTS={{ 1 if matrix_jitsi_enable_jaas_components else false }}
+ETHERPAD_PUBLIC_URL
+ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}}
+GOOGLE_ANALYTICS_ID
+GOOGLE_API_APP_CLIENT_ID
+INVITE_SERVICE_URL
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+LETSENCRYPT_DOMAIN={{ matrix_server_fqn_jitsi }}
+LETSENCRYPT_EMAIL={{ matrix_ssl_lets_encrypt_support_email }}
+LETSENCRYPT_USE_STAGING=0
+MATOMO_ENDPOINT
+MATOMO_SITE_ID
+MICROSOFT_API_APP_CLIENT_ID
+NGINX_RESOLVER
+NGINX_WORKER_PROCESSES
+NGINX_WORKER_CONNECTIONS
+PEOPLE_SEARCH_URL
+PUBLIC_URL={{ matrix_jitsi_web_public_url }}
+RESOLUTION={{ matrix_jitsi_web_config_resolution_height_ideal_and_max }}
+RESOLUTION_MIN={{ matrix_jitsi_web_config_resolution_height_min }}
+RESOLUTION_WIDTH={{ matrix_jitsi_web_config_resolution_width_ideal_and_max }}
+RESOLUTION_WIDTH_MIN={{ matrix_jitsi_web_config_resolution_width_min }}
+START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }}
+START_AUDIO_ONLY
+START_BITRATE
+START_SILENT
+START_WITH_AUDIO_MUTED
+START_VIDEO_MUTED={{ matrix_jitsi_web_config_start_video_muted_after_nth_participant }}
+START_WITH_VIDEO_MUTED
+TESTING_CAP_SCREENSHARE_BITRATE
+TESTING_OCTO_PROBABILITY
+TOKEN_AUTH_URL
+TZ={{ matrix_jitsi_timezone }}
+VIDEOQUALITY_BITRATE_H264_LOW
+VIDEOQUALITY_BITRATE_H264_STANDARD
+VIDEOQUALITY_BITRATE_H264_HIGH
+VIDEOQUALITY_BITRATE_VP8_LOW
+VIDEOQUALITY_BITRATE_VP8_STANDARD
+VIDEOQUALITY_BITRATE_VP8_HIGH
+VIDEOQUALITY_BITRATE_VP9_LOW
+VIDEOQUALITY_BITRATE_VP9_STANDARD
+VIDEOQUALITY_BITRATE_VP9_HIGH
+VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
+VIDEOQUALITY_PREFERRED_CODEC
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
+XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
+XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
+XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
+XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
+
+{{ matrix_jitsi_web_environment_variables_extension }}

roles/custom/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2

@@ -0,0 +1,39 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-web server
+{% for service in matrix_jitsi_web_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true'
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			--network-alias={{ matrix_jitsi_xmpp_domain }} \
+			--env-file={{ matrix_jitsi_web_base_path }}/env \
+			{% if matrix_jitsi_web_container_http_host_bind_port %}
+			-p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \
+			{% endif %}
+			--mount type=bind,src={{ matrix_jitsi_web_config_path }},dst=/config \
+			--mount type=bind,src={{ matrix_jitsi_web_transcripts_path }},dst=/usr/share/jitsi-meet/transcripts \
+			--mount type=bind,src={{ matrix_jitsi_web_crontabs_path }},dst=/var/spool/cron/crontabs \
+			{% for arg in matrix_jitsi_web_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_web_docker_image }}
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-web
+
+[Install]
+WantedBy=multi-user.target