Merge pull request #415 from spantaleev/jitsi

Add Jitsi support
This commit is contained in:
Slavi Pantaleev 2020-03-24 15:23:05 +02:00 committed by GitHub
commit be00452782
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 1706 additions and 1 deletions

View File

@ -23,6 +23,7 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR
| A | `matrix` | - | - | - | `matrix-server-IP` |
| CNAME | `riot` | - | - | - | `matrix.<your-domain>` |
| CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` |
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
@ -38,6 +39,8 @@ If you'd rather instruct the playbook not to install Riot (`matrix_riot_web_enab
The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
The `jitsi.<your-domain>` subdomain may be necessary, because this playbook could install the [Jitsi video-conferencing platform](https://jitsi.org/) for you. Jitsi installation is disabled by default, because it may be heavy and is not a core required component. To learn how to install it, see our [Jitsi](configuring-playbook-jitsi.md) guide. If you do not wish to set up Jitsi, feel free to skip the `jitsi.<your-domain>` DNS record.
## `_matrix-identity._tcp` SRV record setup

View File

@ -0,0 +1,36 @@
# Jitsi
The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md).
Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services.
The setup done by the playbook is very similar to [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet).
## Prerequisites
Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. See [Configuring DNS](configuring-dns.md).
You may also need to open the following ports to your server:
- `udp/10000` - RTP media over UDP
- `tcp/4443` - RTP media fallback over TCP
## Installation
Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
```yaml
matrix_jitsi_enabled: true
# We only need this temporarily - until Jitsi integration in riot-web is finalized.
# Remove this line in the future, to switch back to a stable riot-web version.
matrix_riot_web_docker_image: "vectorim/riot-web:develop"
```
Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
.. and fully reload your riot-web page (at `riot.DOMAIN`).
Starting a video-conference in a room with more than 2 members should then create a Jitsi widget which utilizes your self-hosted Jitsi server.

View File

@ -392,6 +392,41 @@ matrix_email2matrix_enabled: false
######################################################################
#
# matrix-jitsi
#
######################################################################
matrix_jitsi_enabled: false
# Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# the Jitsi HTTP port to the local host.
matrix_jitsi_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12080' }}"
matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}"
matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}"
matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}"
matrix_jitsi_web_stun_servers: |
{{
[
matrix_server_fqn_matrix + ':5349',
matrix_server_fqn_matrix + ':3478',
]
if matrix_coturn_enabled
else [ 'stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302']
}}
######################################################################
#
# /matrix-jitsi
#
######################################################################
######################################################################
#
# matrix-mailer
@ -482,6 +517,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_s
matrix_nginx_proxy_proxy_matrix_enabled: true
matrix_nginx_proxy_proxy_riot_enabled: "{{ matrix_riot_web_enabled }}"
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@ -525,6 +561,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
+
([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
+
([matrix_server_fqn_jitsi])
+
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
}}
@ -596,6 +634,8 @@ matrix_riot_web_enable_presence_by_hs_url: |
matrix_riot_web_welcome_user_id: ~
matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
######################################################################
#
# /matrix-riot-web

View File

@ -18,6 +18,9 @@ matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
# This is where you access the Dimension.
matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
# This is where you access Jitsi.
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
matrix_user_username: "matrix"
matrix_user_uid: 991
matrix_user_gid: 991
@ -69,4 +72,4 @@ run_stop: true
# Building every docker image from source on the target host
# Controlling docker image build is possible on a per unit base
matrix_container_images_self_build: false
matrix_container_images_self_build: false

View File

@ -0,0 +1,116 @@
matrix_jitsi_enabled: true
matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
matrix_jitsi_enable_auth: false
matrix_jitsi_enable_guests: false
matrix_jitsi_enable_recording: true
matrix_jitsi_enable_transcriptions: true
matrix_jitsi_timezone: UTC
matrix_jitsi_xmpp_domain: matrix-jitsi-web
matrix_jitsi_xmpp_server: matrix-jitsi-prosody
matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi
matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280
matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi
matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi
matrix_jitsi_recorder_domain: recorder.meet.jitsi
matrix_jitsi_jibri_brewery_muc: jibribrewery
matrix_jitsi_jibri_pending_timeout: 90
matrix_jitsi_jibri_xmpp_user: jibri
matrix_jitsi_jibri_xmpp_password: jibri-password
matrix_jitsi_jibri_recorder_user: recorder
matrix_jitsi_jibri_recorder_password: recorder-password
matrix_jitsi_web_docker_image: "jitsi/web:4101"
matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"
matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config"
matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts"
matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"
# STUN servers used in the web UI. Feel free to point them to your own STUN server.
matrix_jitsi_web_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302']
# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12080"), or empty string to not expose.
matrix_jitsi_web_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_jitsi_web_container_extra_arguments: []
# List of systemd services that matrix-jitsi-web.service depends on
matrix_jitsi_web_systemd_required_services_list: ['docker.service']
matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101"
matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config"
# A list of extra arguments to pass to the container
matrix_jitsi_prosody_container_extra_arguments: []
# List of systemd services that matrix-jitsi-prosody.service depends on
matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101"
matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config"
# A list of extra arguments to pass to the container
matrix_jitsi_jicofo_container_extra_arguments: []
# List of systemd services that matrix-jitsi-jicofo.service depends on
matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
matrix_jitsi_jicofo_component_secret: s3cr37
matrix_jitsi_jicofo_auth_user: focus
matrix_jitsi_jicofo_auth_password: passw0rd
matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101"
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"
matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config"
# A list of extra arguments to pass to the container
matrix_jitsi_jvb_container_extra_arguments: []
# List of systemd services that matrix-jitsi-jvb.service depends on
matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
matrix_jitsi_jvb_auth_user: jvb
matrix_jitsi_jvb_auth_password: passw0rd
# STUN servers used by JVB on the server-side, so it can discover its own external IP address.
# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.
matrix_jitsi_jvb_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302']
matrix_jitsi_jvb_brewery_muc: jvbbrewery
matrix_jitsi_jvb_rtp_udp_port: 10000
matrix_jitsi_jvb_rtp_tcp_port: 4443
# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:10000"), or empty string to not expose.
matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}"
# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4443"), or empty string to not expose.
matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}"

View File

@ -0,0 +1,3 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web', 'matrix-jitsi-prosody', 'matrix-jitsi-jicofo', 'matrix-jitsi-jvb'] }}"
when: matrix_jitsi_enabled|bool

View File

@ -0,0 +1,33 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
when: run_setup|bool
tags:
- setup-all
- setup-jitsi
- import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml"
when: run_setup|bool
tags:
- setup-all
- setup-jitsi
- import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml"
when: run_setup|bool
tags:
- setup-all
- setup-jitsi
- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml"
when: run_setup|bool
tags:
- setup-all
- setup-jitsi
- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml"
when: run_setup|bool
tags:
- setup-all
- setup-jitsi

View File

@ -0,0 +1,20 @@
---
#
# Tasks related to setting up jitsi
#
- name: Ensure Matrix jitsi base path exists
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- { path: "{{ matrix_jitsi_base_path }}", when: true }
when: matrix_jitsi_enabled|bool and item.when
#
# Tasks related to getting rid of jitsi (if it was previously enabled)
#

View File

@ -0,0 +1,96 @@
---
#
# Tasks related to setting up jitsi-jicofo
#
- name: Ensure Matrix jitsi-jicofo path exists
file:
path: "{{ item.path }}"
state: directory
mode: 0777
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true }
- { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true }
when: matrix_jitsi_enabled|bool and item.when
- name: Ensure jitsi-jicofo Docker image is pulled
docker_image:
name: "{{ matrix_jitsi_jicofo_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}"
when: matrix_jitsi_enabled|bool
- name: Ensure jitsi-jicofo environment variables file created
template:
src: "{{ role_path }}/templates/jicofo/env.j2"
dest: "{{ matrix_jitsi_jicofo_base_path }}/env"
mode: 0640
when: matrix_jitsi_enabled|bool
- name: Ensure jitsi-jicofo configuration files created
template:
src: "{{ role_path }}/templates/jicofo/{{ item }}.j2"
dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}"
mode: 0644
with_items:
- sip-communicator.properties
- logging.properties
when: matrix_jitsi_enabled|bool
- name: Ensure matrix-jitsi-jicofo.service installed
template:
src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2"
dest: "/etc/systemd/system/matrix-jitsi-jicofo.service"
mode: 0644
register: matrix_jitsi_jicofo_systemd_service_result
when: matrix_jitsi_enabled|bool
- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation
service:
daemon_reload: yes
when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed"
#
# Tasks related to getting rid of jitsi-jicofo (if it was previously enabled)
#
- name: Check existence of matrix-jitsi-jicofo service
stat:
path: "/etc/systemd/system/matrix-jitsi-jicofo.service"
register: matrix_jitsi_jicofo_service_stat
when: "not matrix_jitsi_enabled|bool"
- name: Ensure matrix-jitsi-jicofo is stopped
service:
name: matrix-jitsi-jicofo
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"
- name: Ensure matrix-jitsi-jicofo.service doesn't exist
file:
path: "/etc/systemd/system/matrix-jitsi-jicofo.service"
state: absent
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal
service:
daemon_reload: yes
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"
- name: Ensure Matrix jitsi-jicofo paths doesn't exist
file:
path: "{{ matrix_jitsi_jicofo_base_path }}"
state: absent
when: "not matrix_jitsi_enabled|bool"
- name: Ensure jitsi-jicofo Docker image doesn't exist
docker_image:
name: "{{ matrix_jitsi_jicofo_docker_image }}"
state: absent
when: "not matrix_jitsi_enabled|bool"

View File

@ -0,0 +1,89 @@
---
#
# Tasks related to setting up jitsi-jvb
#
- name: Ensure Matrix jitsi-jvb path exists
file:
path: "{{ item.path }}"
state: directory
mode: 0777
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- { path: "{{ matrix_jitsi_jvb_base_path }}", when: true }
- { path: "{{ matrix_jitsi_jvb_config_path }}", when: true }
when: matrix_jitsi_enabled|bool and item.when
- name: Ensure jitsi-jvb Docker image is pulled
docker_image:
name: "{{ matrix_jitsi_jvb_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}"
when: matrix_jitsi_enabled|bool
- name: Ensure jitsi-jvb configuration files created
template:
src: "{{ role_path }}/templates/jvb/{{ item }}.j2"
dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
mode: 0644
with_items:
- sip-communicator.properties
- logging.properties
when: matrix_jitsi_enabled|bool
- name: Ensure matrix-jitsi-jvb.service installed
template:
src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2"
dest: "/etc/systemd/system/matrix-jitsi-jvb.service"
mode: 0644
register: matrix_jitsi_jvb_systemd_service_result
when: matrix_jitsi_enabled|bool
- name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation
service:
daemon_reload: yes
when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed"
#
# Tasks related to getting rid of jitsi-jvb (if it was previously enabled)
#
- name: Check existence of matrix-jitsi-jvb service
stat:
path: "/etc/systemd/system/matrix-jitsi-jvb.service"
register: matrix_jitsi_jvb_service_stat
when: "not matrix_jitsi_enabled|bool"
- name: Ensure matrix-jitsi-jvb is stopped
service:
name: matrix-jitsi-jvb
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"
- name: Ensure matrix-jitsi-jvb.service doesn't exist
file:
path: "/etc/systemd/system/matrix-jitsi-jvb.service"
state: absent
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal
service:
daemon_reload: yes
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"
- name: Ensure Matrix jitsi-jvb paths doesn't exist
file:
path: "{{ matrix_jitsi_jvb_base_path }}"
state: absent
when: "not matrix_jitsi_enabled|bool"
- name: Ensure jitsi-jvb Docker image doesn't exist
docker_image:
name: "{{ matrix_jitsi_jvb_docker_image }}"
state: absent
when: "not matrix_jitsi_enabled|bool"

View File

@ -0,0 +1,86 @@
---
#
# Tasks related to setting up jitsi-prosody
#
- name: Ensure Matrix jitsi-prosody path exists
file:
path: "{{ item.path }}"
state: directory
mode: 0777
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- { path: "{{ matrix_jitsi_prosody_base_path }}", when: true }
- { path: "{{ matrix_jitsi_prosody_config_path }}", when: true }
when: matrix_jitsi_enabled|bool and item.when
- name: Ensure jitsi-prosody Docker image is pulled
docker_image:
name: "{{ matrix_jitsi_prosody_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
when: matrix_jitsi_enabled|bool
- name: Ensure jitsi-prosody environment variables file created
template:
src: "{{ role_path }}/templates/prosody/env.j2"
dest: "{{ matrix_jitsi_prosody_base_path }}/env"
mode: 0640
when: matrix_jitsi_enabled|bool
- name: Ensure matrix-jitsi-prosody.service installed
template:
src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
dest: "/etc/systemd/system/matrix-jitsi-prosody.service"
mode: 0644
register: matrix_jitsi_prosody_systemd_service_result
when: matrix_jitsi_enabled|bool
- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation
service:
daemon_reload: yes
when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed"
#
# Tasks related to getting rid of jitsi-prosody (if it was previously enabled)
#
- name: Check existence of matrix-jitsi-prosody service
stat:
path: "/etc/systemd/system/matrix-jitsi-prosody.service"
register: matrix_jitsi_prosody_service_stat
when: "not matrix_jitsi_enabled|bool"
- name: Ensure matrix-jitsi-prosody is stopped
service:
name: matrix-jitsi-prosody
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
- name: Ensure matrix-jitsi-prosody.service doesn't exist
file:
path: "/etc/systemd/system/matrix-jitsi-prosody.service"
state: absent
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal
service:
daemon_reload: yes
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
- name: Ensure Matrix jitsi-prosody paths doesn't exist
file:
path: "{{ matrix_jitsi_prosody_base_path }}"
state: absent
when: "not matrix_jitsi_enabled|bool"
- name: Ensure jitsi-prosody Docker image doesn't exist
docker_image:
name: "{{ matrix_jitsi_prosody_docker_image }}"
state: absent
when: "not matrix_jitsi_enabled|bool"

View File

@ -0,0 +1,97 @@
---
#
# Tasks related to setting up jitsi-web
#
- name: Ensure Matrix jitsi-web path exists
file:
path: "{{ item.path }}"
state: directory
mode: 0777
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- { path: "{{ matrix_jitsi_web_base_path }}", when: true }
- { path: "{{ matrix_jitsi_web_config_path }}", when: true }
- { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true }
when: matrix_jitsi_enabled|bool and item.when
- name: Ensure jitsi-web Docker image is pulled
docker_image:
name: "{{ matrix_jitsi_web_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}"
when: matrix_jitsi_enabled|bool
- name: Ensure jitsi-web environment variables file created
template:
src: "{{ role_path }}/templates/web/env.j2"
dest: "{{ matrix_jitsi_web_base_path }}/env"
mode: 0640
when: matrix_jitsi_enabled|bool
- name: Ensure jitsi-web configuration files created
template:
src: "{{ role_path }}/templates/web/{{ item }}.j2"
dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
mode: 0644
with_items:
- config.js
- interface_config.js
when: matrix_jitsi_enabled|bool
- name: Ensure matrix-jitsi-web.service installed
template:
src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2"
dest: "/etc/systemd/system/matrix-jitsi-web.service"
mode: 0644
register: matrix_jitsi_web_systemd_service_result
when: matrix_jitsi_enabled|bool
- name: Ensure systemd reloaded after matrix-jitsi-web.service installation
service:
daemon_reload: yes
when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed"
#
# Tasks related to getting rid of jitsi-web (if it was previously enabled)
#
- name: Check existence of matrix-jitsi-web service
stat:
path: "/etc/systemd/system/matrix-jitsi-web.service"
register: matrix_jitsi_web_service_stat
when: "not matrix_jitsi_enabled|bool"
- name: Ensure matrix-jitsi-web is stopped
service:
name: matrix-jitsi-web
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"
- name: Ensure matrix-jitsi-web.service doesn't exist
file:
path: "/etc/systemd/system/matrix-jitsi-web.service"
state: absent
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-jitsi-web.service removal
service:
daemon_reload: yes
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"
- name: Ensure Matrix jitsi-web paths doesn't exist
file:
path: "{{ matrix_jitsi_web_base_path }}"
state: absent
when: "not matrix_jitsi_enabled|bool"
- name: Ensure jitsi-web Docker image doesn't exist
docker_image:
name: "{{ matrix_jitsi_web_docker_image }}"
state: absent
when: "not matrix_jitsi_enabled|bool"

View File

@ -0,0 +1,17 @@
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
TZ={{ matrix_jitsi_timezone }}

View File

@ -0,0 +1,20 @@
handlers= java.util.logging.ConsoleHandler
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo
.level=INFO
net.sf.level=SEVERE
net.java.sip.communicator.plugin.reconnectplugin.level=FINE
org.ice4j.level=SEVERE
org.jitsi.impl.neomedia.level=SEVERE
# Do not worry about missing strings
net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE
#net.java.sip.communicator.service.protocol.level=ALL
# Enable debug packets logging
#org.jitsi.impl.protocol.xmpp.level=FINE

View File

@ -0,0 +1,31 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix jitsi-jicofo server
{% for service in matrix_jitsi_jicofo_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
-v {{ matrix_jitsi_jicofo_config_path }}:/config \
{% for arg in matrix_jitsi_jicofo_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_jitsi_jicofo_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo
ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-jicofo
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,5 @@
org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90

View File

@ -0,0 +1,13 @@
handlers= java.util.logging.ConsoleHandler
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
net.java.sip.communicator.util.ScLogFormatter.programname=JVB
.level=INFO
org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE
# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge.
org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING

View File

@ -0,0 +1,36 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix jitsi-jvb server
{% for service in matrix_jitsi_jvb_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
--log-driver=none \
--network={{ matrix_docker_network }} \
{% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %}
-p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \
{% endif %}
{% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %}
-p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \
{% endif %}
-v {{ matrix_jitsi_jvb_config_path }}:/config \
{% for arg in matrix_jitsi_jvb_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_jitsi_jvb_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb
ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-jvb
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,19 @@
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
org.jitsi.videobridge.TCP_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
{% if matrix_jitsi_jvb_stun_servers|length > 0 %}
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ matrix_jitsi_jvb_stun_servers|join(',') }}
{% endif %}
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME={{ matrix_jitsi_xmpp_server }}
org.jitsi.videobridge.xmpp.user.shard.DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
org.jitsi.videobridge.xmpp.user.shard.USERNAME={{ matrix_jitsi_jvb_auth_user }}
org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ matrix_jitsi_jvb_auth_password }}
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=matrix-jitsi-jvb
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.STATISTICS_INTERVAL=5000

View File

@ -0,0 +1,31 @@
AUTH_TYPE=internal
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_MODULES=
XMPP_MUC_MODULES=
XMPP_INTERNAL_MUC_MODULES=
XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
TZ={{ matrix_jitsi_timezone }}

View File

@ -0,0 +1,31 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix jitsi-prosody server
{% for service in matrix_jitsi_prosody_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
-v {{ matrix_jitsi_prosody_config_path }}:/config \
{% for arg in matrix_jitsi_prosody_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_jitsi_prosody_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody
ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-prosody
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,486 @@
/* eslint-disable no-unused-vars, no-var */
var config = {
// Configuration
//
// Alternative location for the configuration.
// configLocation: './config.json',
// Custom function which given the URL path should return a room name.
// getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; },
// Connection
//
hosts: {
// XMPP domain.
domain: '{{ matrix_jitsi_xmpp_domain }}',
{% if matrix_jitsi_enable_guests %}
// When using authentication, domain for guest users.
anonymousdomain: 'guest.example.com',
// Domain for authenticated users. Defaults to <domain>.
authdomain: '{{ matrix_jitsi_xmpp_domain }}',
{% endif %}
// Jirecon recording component domain.
// jirecon: 'jirecon.{{ matrix_jitsi_xmpp_domain }}',
// Call control component (Jigasi).
// call_control: 'callcontrol.{{ matrix_jitsi_xmpp_domain }}',
// Focus component domain. Defaults to focus.<domain>.
// focus: 'focus.{{ matrix_jitsi_xmpp_domain }}',
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
muc: {{ matrix_jitsi_xmpp_muc_domain|to_json }},
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '/http-bind',
// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',
// The real JID of focus participant - can be overridden here
focusUserJid: {{ matrix_jitsi_jicofo_auth_user|to_json }} + '@' + {{ matrix_jitsi_xmpp_auth_domain|to_json }},
// Testing / experimental features.
//
testing: {
// Enables experimental simulcast support on Firefox.
enableFirefoxSimulcast: false,
// P2P test mode disables automatic switching to P2P when there are 2
// participants in the conference.
p2pTestMode: false
// Enables the test specific features consumed by jitsi-meet-torture
// testMode: false
},
// Disables ICE/UDP by filtering out local and remote UDP candidates in
// signalling.
// webrtcIceUdpDisable: false,
// Disables ICE/TCP by filtering out local and remote TCP candidates in
// signalling.
// webrtcIceTcpDisable: false,
// Media
//
// Audio
// Disable measuring of audio levels.
// disableAudioLevels: false,
// Start the conference in audio only mode (no video is being received nor
// sent).
// startAudioOnly: false,
// Every participant after the Nth will start audio muted.
// startAudioMuted: 10,
// Start calls with audio muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithAudioMuted: false,
// Enabling it (with #params) will disable local audio output of remote
// participants and to enable it back a reload is needed.
// startSilent: false
// Video
// Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720,
// w3c spec-compliant video constraints to use for video capture. Currently
// used by browsers that return true from lib-jitsi-meet's
// util#browser#usesNewGumFlow. The constraints are independency from
// this config's resolution value. Defaults to requesting an ideal aspect
// ratio of 16:9 with an ideal resolution of 720.
// constraints: {
// video: {
// aspectRatio: 16 / 9,
// height: {
// ideal: 720,
// max: 720,
// min: 240
// }
// }
// },
// Enable / disable simulcast support.
// disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD
// layers are not in use will be suspended (no longer sent) until they
// are requested again.
// enableLayerSuspension: false,
// Suspend sending video if bandwidth estimation is too low. This may cause
// problems with audio playback. Disabled until these are fixed.
disableSuspendVideo: true,
// Every participant after the Nth will start video muted.
// startVideoMuted: 10,
// Start calls with video muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithVideoMuted: false,
// If set to true, prefer to use the H.264 video codec (if supported).
// Note that it's not recommended to do this because simulcast is not
// supported when using H.264. For 1-to-1 calls this setting is enabled by
// default and can be toggled in the p2p section.
// preferH264: true,
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// Desktop sharing
// The ID of the jidesha extension for Chrome.
desktopSharingChromeExtId: null,
// Whether desktop sharing should be disabled on Chrome.
// desktopSharingChromeDisabled: false,
// The media sources to use when using screen sharing with the Chrome
// extension.
desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
// Required version of Chrome extension
desktopSharingChromeMinExtVersion: '0.1',
// Whether desktop sharing should be disabled on Firefox.
// desktopSharingFirefoxDisabled: false,
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
// desktopSharingFrameRate: {
// min: 5,
// max: 5
// },
// Try to start calls with screen-sharing instead of camera video.
// startScreenSharing: false,
// Recording
hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }},
// Whether to enable file recording or not.
fileRecordingsEnabled: {{ matrix_jitsi_enable_recording|to_json }},
// Enable the dropbox integration.
// dropbox: {
// appKey: '<APP_KEY>' // Specify your app key here.
// // A URL to redirect the user to, after authenticating
// // by default uses:
// // 'https://{{ matrix_jitsi_xmpp_domain }}/static/oauth.html'
// redirectURI:
// 'https://{{ matrix_jitsi_xmpp_domain }}/subfolder/static/oauth.html'
// },
// When integrations like dropbox are enabled only that will be shown,
// by enabling fileRecordingsServiceEnabled, we show both the integrations
// and the generic recording service (its configuration and storage type
// depends on jibri configuration)
// fileRecordingsServiceEnabled: false,
// Whether to show the possibility to share file recording with other people
// (e.g. meeting participants), based on the actual implementation
// on the backend.
// fileRecordingsServiceSharingEnabled: false,
// Whether to enable live streaming or not.
liveStreamingEnabled: {{ matrix_jitsi_enable_recording|to_json }},
// Transcription (in interface_config,
// subtitles and buttons can be configured)
transcribingEnabled: {{ matrix_jitsi_enable_transcriptions|to_json }},
// Misc
// Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: -1,
// Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false,
// Disables or enables TCC (the default is in Jicofo and set to true)
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
// affects congestion control, it practically enables send-side bandwidth
// estimations.
// enableTcc: true,
// Disables or enables REMB (the default is in Jicofo and set to false)
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
// control, it practically enables recv-side bandwidth estimations. When
// both TCC and REMB are enabled, TCC takes precedence. When both are
// disabled, then bandwidth estimations are disabled.
// enableRemb: false,
// Defines the minimum number of participants to start a call (the default
// is set in Jicofo and set to 2).
// minParticipants: 2,
// Use XEP-0215 to fetch STUN and TURN servers.
// useStunTurn: true,
// Enable IPv6 support.
// useIPv6: true,
// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel).
// openBridgeChannel: true,
// UI
//
// Use display name as XMPP nickname.
// useNicks: false,
// Require users to always specify a display name.
// requireDisplayName: true,
// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
enableWelcomePage: true,
// Enabling the close page will ignore the welcome page redirection when
// a call is hangup.
// enableClosePage: false,
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// disable1On1Mode: false,
// Default language for the user interface.
// defaultLanguage: 'en',
// If true all users without a token will be considered guests and all users
// with token will be considered non-guests. Only guests will be allowed to
// edit their profile.
enableUserRolesBasedOnToken: false,
// Whether or not some features are checked based on token.
// enableFeaturesBasedOnToken: false,
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
// lockRoomGuestEnabled: false,
// When enabled the password used for locking a room is restricted to up to the number of digits specified
// roomPasswordNumberOfDigits: 10,
// default: roomPasswordNumberOfDigits: false,
// Message to show the users. Example: 'The service will be down for
// maintenance at 01:00 AM GMT,
// noticeMessage: '',
// Enables calendar integration, depends on googleApiApplicationClientID
// and microsoftApiApplicationClientID
// enableCalendarIntegration: false,
// Stats
//
// Whether to enable stats collection or not in the TraceablePeerConnection.
// This can be useful for debugging purposes (post-processing/analysis of
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
// estimation tests.
// gatherStats: false,
// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',
// enables callstatsUsername to be reported as statsId and used
// by callstats as repoted remote id
// enableStatsID: false
// enables sending participants display name to callstats
// enableDisplayNameInStats: false
// Privacy
//
// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// will not function.
// disableThirdPartyRequests: false,
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
//
p2p: {
// Enables peer to peer mode. When enabled the system will try to
// establish a direct connection when there are exactly 2 participants
// in the room. If that succeeds the conference will stop sending data
// through the JVB and use the peer to peer connection instead. When a
// 3rd participant joins the conference will be moved back to the JVB
// connection.
enabled: true,
// Use XEP-0215 to fetch STUN and TURN servers.
// useStunTurn: true,
// The STUN servers that will be used in the peer to peer connections
{% if matrix_jitsi_web_stun_servers|length > 0 %}
stunServers: [
{% for url in matrix_jitsi_web_stun_servers %}
{ urls: {{ url|to_json }} }{% if not loop.last %},{% endif %}
{% endfor %}
],
{% endif %}
// Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay',
// but that is subject to change in the future. The enum is defined in
// the WebRTC standard:
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
// If not set, the effective value is 'all'.
// iceTransportPolicy: 'all',
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
// is supported).
preferH264: true
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload).
// backToP2PDelay: 5
},
analytics: {
// The Google Analytics Tracking ID:
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
// The Amplitude APP Key:
// amplitudeAPPKey: '<APP_KEY>'
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
// scriptURLs: [
// "libs/analytics-ga.min.js", // google-analytics
// "https://example.com/my-custom-analytics.js"
// ],
},
// Information about the jitsi-meet instance we are connecting to, including
// the user region as seen by the server.
deploymentInfo: {
// shard: "shard1",
// region: "europe",
// userRegion: "asia"
}
// Local Recording
//
// localRecording: {
// Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
// button to show up on the toolbar.
//
// enabled: true,
//
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
// format: 'flac'
//
// }
// Options related to end-to-end (participant to participant) ping.
// e2eping: {
// // The interval in milliseconds at which pings will be sent.
// // Defaults to 10000, set to <= 0 to disable.
// pingInterval: 10000,
//
// // The interval in milliseconds at which analytics events
// // with the measured RTT will be sent. Defaults to 60000, set
// // to <= 0 to disable.
// analyticsInterval: 60000,
// }
// If set, will attempt to use the provided video input device label when
// triggering a screenshare, instead of proceeding through the normal flow
// for obtaining a desktop stream.
// NOTE: This option is experimental and is currently intended for internal
// use only.
// _desktopSharingSourceDevice: 'sample-id-or-label'
// If true, any checks to handoff to another application will be prevented
// and instead the app will continue to display in the current browser.
// disableDeepLinking: false
// A property to disable the right click context menu for localVideo
// the menu has option to flip the locally seen video for local presentations
// disableLocalVideoFlip: false
// List of undocumented settings used in jitsi-meet
/**
_immediateReloadThreshold
autoRecord
autoRecordToken
debug
debugAudioLevels
deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl
dialOutCodesUrl
disableRemoteControl
displayJids
etherpad_base
externalConnectUrl
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
iAmSipGateway
microsoftApiApplicationClientID
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
*/
// List of undocumented settings used in lib-jitsi-meet
/**
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableNS
enableLipSync
enableTalkWhileMuted
forceJVB121Ratio
hiddenDomain
ignoreStartMuted
nick
startBitrate
*/
};
/* eslint-enable no-unused-vars, no-var */

View File

@ -0,0 +1,28 @@
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
DISABLE_HTTPS=1
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
TZ={{ matrix_jitsi_timezone }}
JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }}

View File

@ -0,0 +1,230 @@
/* eslint-disable no-unused-vars, no-var, max-len */
var interfaceConfig = {
// TO FIX: this needs to be handled from SASS variables. There are some
// methods allowing to use variables both in css and js.
DEFAULT_BACKGROUND: '#474747',
/**
* Whether or not the blurred video background for large video should be
* displayed on browsers that can support it.
*/
DISABLE_VIDEO_BACKGROUND: false,
INITIAL_TOOLBAR_TIMEOUT: 20000,
TOOLBAR_TIMEOUT: 4000,
TOOLBAR_ALWAYS_VISIBLE: false,
DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
DEFAULT_LOCAL_DISPLAY_NAME: 'me',
SHOW_JITSI_WATERMARK: true,
JITSI_WATERMARK_LINK: 'https://jitsi.org',
// if watermark is disabled by default, it can be shown only for guests
SHOW_WATERMARK_FOR_GUESTS: true,
SHOW_BRAND_WATERMARK: false,
BRAND_WATERMARK_LINK: '',
SHOW_POWERED_BY: false,
SHOW_DEEP_LINKING_IMAGE: false,
GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
DISPLAY_WELCOME_PAGE_CONTENT: true,
APP_NAME: 'Jitsi Meet',
NATIVE_APP_NAME: 'Jitsi Meet',
PROVIDER_NAME: 'Jitsi',
LANG_DETECTION: false, // Allow i18n to detect the system language
INVITATION_POWERED_BY: true,
/**
* If we should show authentication block in profile
*/
AUTHENTICATION_ENABLE: true,
/**
* The name of the toolbar buttons to display in the toolbar. If present,
* the button will display. Exceptions are "livestreaming" and "recording"
* which also require being a moderator and some values in config.js to be
* enabled. Also, the "profile" button will not display for user's with a
* jwt.
*/
TOOLBAR_BUTTONS: [
{% if matrix_jitsi_enable_transcriptions %}
'closedcaptions',
{% endif %}
'microphone', 'camera', 'desktop', 'fullscreen',
'fodeviceselection', 'hangup', 'profile', 'info', 'chat', 'recording',
'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
'tileview', 'videobackgroundblur'
],
SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ],
// Determines how the video would fit the screen. 'both' would fit the whole
// screen, 'height' would fit the original video height to the height of the
// screen, 'width' would fit the original video width to the width of the
// screen respecting ratio.
VIDEO_LAYOUT_FIT: 'both',
/**
* Whether to only show the filmstrip (and hide the toolbar).
*/
filmStripOnly: false,
/**
* Whether to show thumbnails in filmstrip as a column instead of as a row.
*/
VERTICAL_FILMSTRIP: true,
// A html text to be shown to guests on the close page, false disables it
CLOSE_PAGE_GUEST_HINT: false,
RANDOM_AVATAR_URL_PREFIX: false,
RANDOM_AVATAR_URL_SUFFIX: false,
FILM_STRIP_MAX_HEIGHT: 120,
// Enables feedback star animation.
ENABLE_FEEDBACK_ANIMATION: false,
DISABLE_FOCUS_INDICATOR: false,
DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
/**
* Whether the speech to text transcription subtitles panel is disabled.
* If {@code undefined}, defaults to {@code false}.
*
* @type {boolean}
*/
DISABLE_TRANSCRIPTION_SUBTITLES: false,
/**
* Whether the ringing sound in the call/ring overlay is disabled. If
* {@code undefined}, defaults to {@code false}.
*
* @type {boolean}
*/
DISABLE_RINGING: false,
AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
POLICY_LOGO: null,
LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
REMOTE_THUMBNAIL_RATIO: 1, // 1:1
// Documentation reference for the live streaming feature.
LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live',
/**
* Whether the mobile app Jitsi Meet is to be promoted to participants
* attempting to join a conference in a mobile Web browser. If
* {@code undefined}, defaults to {@code true}.
*
* @type {boolean}
*/
MOBILE_APP_PROMO: true,
/**
* Maximum coeficient of the ratio of the large video to the visible area
* after the large video is scaled to fit the window.
*
* @type {number}
*/
MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
/*
* If indicated some of the error dialogs may point to the support URL for
* help.
*/
SUPPORT_URL: 'https://github.com/jitsi/jitsi-meet/issues/new',
/**
* Whether the connection indicator icon should hide itself based on
* connection strength. If true, the connection indicator will remain
* displayed while the participant has a weak connection and will hide
* itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is
* strong.
*
* @type {boolean}
*/
CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true,
/**
* How long the connection indicator should remain displayed before hiding.
* Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED.
*
* @type {number}
*/
CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000,
/**
* If true, hides the connection indicators completely.
*
* @type {boolean}
*/
CONNECTION_INDICATOR_DISABLED: false,
/**
* If true, hides the video quality label indicating the resolution status
* of the current large video.
*
* @type {boolean}
*/
VIDEO_QUALITY_LABEL_DISABLED: false,
/**
* If true, will display recent list
*
* @type {boolean}
*/
RECENT_LIST_ENABLED: true,
// Names of browsers which should show a warning stating the current browser
// has a suboptimal experience. Browsers which are not listed as optimal or
// unsupported are considered suboptimal. Valid values are:
// chrome, chromium, edge, electron, firefox, nwjs, opera, safari
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron' ],
// Browsers, in addition to those which do not fully support WebRTC, that
// are not supported and should show the unsupported browser page.
UNSUPPORTED_BROWSERS: [],
/**
* A UX mode where the last screen share participant is automatically
* pinned. Valid values are the string "remote-only" so remote participants
* get pinned but not local, otherwise any truthy value for all participants,
* and any falsy value to disable the feature.
*
* Note: this mode is experimental and subject to breakage.
*/
AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only'
/**
* How many columns the tile view can expand to. The respected range is
* between 1 and 5.
*/
// TILE_VIEW_MAX_COLUMNS: 5,
/**
* Specify custom URL for downloading android mobile app.
*/
// MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
/**
* Specify URL for downloading ios mobile app.
*/
// MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
/**
* Specify mobile app scheme for opening the app from the mobile browser.
*/
// APP_SCHEME: 'org.jitsi.meet',
/**
* Specify the Android app package name.
*/
// ANDROID_APP_PACKAGE: 'org.jitsi.meet',
/**
* Override the behavior of some notifications to remain displayed until
* explicitly dismissed through a user action. The value is how long, in
* milliseconds, those notifications should remain displayed.
*/
// ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000,
};
/* eslint-enable no-unused-vars, no-var, max-len */

View File

@ -0,0 +1,35 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix jitsi-web server
{% for service in matrix_jitsi_web_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_web_base_path }}/env \
{% if matrix_jitsi_web_container_http_host_bind_port %}
-p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \
{% endif %}
-v {{ matrix_jitsi_web_config_path }}:/config \
-v {{ matrix_jitsi_web_transcripts_path }}:/usr/share/jitsi-meet/transcripts \
{% for arg in matrix_jitsi_web_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_jitsi_web_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-web
ExecStop=-/usr/bin/docker rm matrix-jitsi-web
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-web
[Install]
WantedBy=multi-user.target

View File

@ -105,6 +105,10 @@ matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_nginx_proxy_proxy_dimension_enabled: false
matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
# Controls whether proxying the jitsi domain should be done.
matrix_nginx_proxy_proxy_jitsi_enabled: false
matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@ -164,6 +168,9 @@ matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration.
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to the jitsi's server configuration.
matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to the matrix domain server configuration.
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []

View File

@ -66,6 +66,13 @@
mode: 0644
when: matrix_nginx_proxy_proxy_dimension_enabled|bool
- name: Ensure Matrix nginx-proxy configuration for jitsi domain exists
template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
mode: 0644
when: matrix_nginx_proxy_proxy_jitsi_enabled|bool
- name: Ensure Matrix nginx-proxy data directory for base domain exists
file:
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain"
@ -163,6 +170,12 @@
state: absent
when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool"
- name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted
file:
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
state: absent
when: "not matrix_nginx_proxy_proxy_jitsi_enabled|bool"
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
file:
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"

View File

@ -0,0 +1,72 @@
#jinja2: lstrip_blocks: "True"
{% macro render_vhost_directives() %}
gzip on;
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
{% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %}
{{- configuration_block }}
{% endfor %}
location / {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-jitsi-web:80";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:12080;
{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
{% endmacro %}
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }};
server_tokens off;
root /dev/null;
{% if matrix_nginx_proxy_https_enabled %}
location /.well-known/acme-challenge {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-certbot:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
{% endif %}
}
location / {
return 301 https://$http_host$request_uri;
}
{% else %}
{{ render_vhost_directives() }}
{% endif %}
}
{% if matrix_nginx_proxy_https_enabled %}
server {
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }};
server_tokens off;
root /dev/null;
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/fullchain.pem;
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/privkey.pem;
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
{{ render_vhost_directives() }}
}
{% endif %}

View File

@ -58,6 +58,8 @@ matrix_riot_web_branding_welcomeBackgroundUrl: ~
# point this to a `home.html` template file on your local filesystem.
matrix_riot_web_embedded_pages_home_path: ~
matrix_riot_web_jitsi_preferredDomain: ''
# Controls whether the self-check feature should validate SSL certificates.
matrix_riot_web_self_check_validate_certificates: true

View File

@ -30,6 +30,12 @@
"embeddedPages": {
"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }}
},
{% if matrix_riot_web_jitsi_preferredDomain is not none %}
"jitsi": {
"preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }},
"externalApiUrl": "https://{{ matrix_riot_web_jitsi_preferredDomain }}/libs/external_api.min.js"
},
{% endif %}
"branding": {
"authFooterLinks": {{ matrix_riot_web_branding_authFooterLinks|to_json }},
"authHeaderLogoUrl": {{ matrix_riot_web_branding_authHeaderLogoUrl|to_json }},

View File

@ -18,6 +18,7 @@
- matrix-bridge-mautrix-whatsapp
- matrix-synapse
- matrix-riot-web
- matrix-jitsi
- matrix-mxisd
- matrix-dimension
- matrix-email2matrix