Merge branch 'master' into pub.solar

This commit is contained in:
teutat3s 2023-04-13 15:49:16 +02:00
commit 8e959cf895
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
80 changed files with 339 additions and 1753 deletions

View file

@ -21,6 +21,6 @@ jobs:
- name: Check out
uses: actions/checkout@v3
- name: Run ansible-lint
uses: ansible-community/ansible-lint-action@v6.11.0
uses: ansible-community/ansible-lint-action@v6.14.4
with:
path: roles/custom

View file

@ -1,3 +1,24 @@
# 2023-04-03
## The matrix-jitsi role lives independently now
**TLDR**: the `matrix-jitsi` role is now included from the [ansible-role-jitsi](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi) repository, part of the [MASH playbook](https://github.com/mother-of-all-self-hosting/mash-playbook). Some variables have been renamed. All functionality remains intact.
The `matrix-jitsi` role has been relocated in its own repository, part of the [MASH playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) project - an Ansible playbook for self-hosting [a growing list of FOSS software](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/supported-services.md). If hosting a Jitsi stack on the Matrix server itself did not stand right with you or you always wanted to host most stuff, you can now use this new playbook to do so.
As part of the extraction process of this role out of the Matrix playbook, a few other things improved:
- **native Traefik support** has been added
- **support for hosting under a subpath** has been added, although it suffers from a few minor issues listed [here](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/jitsi.md#url)
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're using Jitsi or not.
If you're making use of Jitsi via this playbook, you will need to update variable references in your `vars.yml` file:
- `matrix_jitsi_*_docker_image_` -> `matrix_jitsi_*_container_image_`
- `matrix_jitsi_` -> `jitsi_`
- some other internal variables have changed, but the playbook will tell you about them
# 2023-03-22
## ntfy Web App is disabled by default
@ -17,7 +38,7 @@ The `matrix-prometheus` role has been relocated in its own repository, part of t
Extracting the Prometheus role out of this Matrix playbook required huge internal refactoring to the way the Prometheus configuration (scraping jobs) is generated. If you notice any breakage after upgrading, let us know.
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're using Prometheus or not.
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're using Prometheus or not.
If you're making use of Prometheus via this playbook, you will need to update variable references in your `vars.yml` file:
@ -59,7 +80,7 @@ To get started, see our [Setting up Sliding Sync Proxy](docs/configuring-playboo
**TLDR**: the `matrix-etherpad` role is now included from [another repository](https://gitlab.com/etke.cc/roles/etherpad). Some variables have been renamed. All functionality remains intact.
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're using Etherpad or not.
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're using Etherpad or not.
If you're making use of Etherpad via this playbook, you will need to update variable references in your `vars.yml` file:
@ -167,7 +188,7 @@ Additional details are available in the [Customizing templates](docs/configuring
The `matrix-redis` role (which configures [Redis](https://redis.io/)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/redis). This makes it possible to easily use it in other Ansible playbooks.
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're enabling Ntfy or not. If you're making use of Ntfy via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_redis_` -> `redis_`).
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're enabling Ntfy or not. If you're making use of Ntfy via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_redis_` -> `redis_`).
## The matrix-ntfy role lives independently now
@ -175,7 +196,7 @@ You need to **update you roles** (`just roles` or `make roles`) regardless of wh
The `matrix-ntfy` role (which configures [Ntfy](https://ntfy.sh/)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/ntfy). This makes it possible to easily use it in other Ansible playbooks.
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're enabling Ntfy or not. If you're making use of Ntfy via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_ntfy_` -> `ntfy_`).
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're enabling Ntfy or not. If you're making use of Ntfy via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_ntfy_` -> `ntfy_`).
# 2023-02-15
@ -186,7 +207,7 @@ You need to **update you roles** (`just roles` or `make roles`) regardless of wh
The `matrix-grafana` role (which configures [Grafana](docs/configuring-playbook-prometheus-grafana.md)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/grafana). This makes it possible to easily use it in other Ansible playbooks.
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're enabling Grafana or not. If you're making use of Grafana via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_grafana_` -> `grafana_`).
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're enabling Grafana or not. If you're making use of Grafana via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_grafana_` -> `grafana_`).
# 2023-02-13
@ -197,7 +218,7 @@ You need to **update you roles** (`just roles` or `make roles`) regardless of wh
Thanks to [moan0s](https://github.com/moan0s), the `matrix-backup-borg` role (which configures [Borg backups](docs/configuring-playbook-backup-borg.md)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/backup_borg). This makes it possible to easily use it in other Ansible playbooks and will become part of [nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy) soon.
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're enabling Borg backup functionality or not. If you're making use of Borg backups via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_backup_borg_` -> `backup_borg_`).
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're enabling Borg backup functionality or not. If you're making use of Borg backups via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_backup_borg_` -> `backup_borg_`).
# 2023-02-12
@ -1555,7 +1576,7 @@ People who have [fine-tuned Jitsi](docs/configuring-playbook-jitsi.md#optional-f
The next time you run the playbook [installation](docs/installing.md) command, our validation logic will tell you if you're using some variables like that and will recommend a migration path for each one.
Additionally, we've recently disabled transcriptions (`matrix_jitsi_enable_transcriptions: false`) and recording (`matrix_jitsi_enable_recording: false`) by default. These features did not work anyway, because we don't install the required dependencies for them (Jigasi and Jibri, respectively). If you've been somehow pointing your Jitsi installation to some manually installed Jigasi/Jibri service, you may need to toggle these flags back to enabled to have transcriptions and recordings working.
Additionally, we've recently disabled transcriptions (`jitsi_enable_transcriptions: false`) and recording (`jitsi_enable_recording: false`) by default. These features did not work anyway, because we don't install the required dependencies for them (Jigasi and Jibri, respectively). If you've been somehow pointing your Jitsi installation to some manually installed Jigasi/Jibri service, you may need to toggle these flags back to enabled to have transcriptions and recordings working.
# 2020-11-23

View file

@ -9,12 +9,12 @@ The setup done by the playbook is very similar to [docker-jitsi-meet](https://gi
## Prerequisites
Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. See [Configuring DNS](configuring-dns.md).
Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record (unless you've changed `jitsi_hostname`, as described below). See [Configuring DNS](configuring-dns.md) for details about DNS changes.
You may also need to open the following ports to your server:
- `4443/tcp` - RTP media fallback over TCP
- `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/custom/matrix-jitsi/defaults/main.yml)).
- `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`jitsi_jvb_stun_servers`](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/defaults/main.yml)).
## Installation
@ -22,17 +22,15 @@ You may also need to open the following ports to your server:
Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
```yaml
matrix_jitsi_enabled: true
jitsi_enabled: true
# Run `bash inventory/scripts/jitsi-generate-passwords.sh` to generate these passwords,
# or define your own strong passwords manually.
matrix_jitsi_jicofo_auth_password: ""
matrix_jitsi_jvb_auth_password: ""
matrix_jitsi_jibri_recorder_password: ""
matrix_jitsi_jibri_xmpp_password: ""
# Uncomment and adjust if you need to use another hostname
# jitsi_hostname: "jitsi.{{ matrix_domain }}"
# Uncomment and possible adjust if you'd like to host under a subpath
# jitsi_path_prefix: /jitsi
```
## (Optional) Configure Jitsi authentication and guests mode
By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration.
@ -54,9 +52,9 @@ If a registered host is not yet present, guests are put on hold in individual wa
Add these lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
```yaml
matrix_jitsi_enable_auth: true
matrix_jitsi_enable_guests: true
matrix_jitsi_prosody_auth_internal_accounts:
jitsi_enable_auth: true
jitsi_enable_guests: true
jitsi_prosody_auth_internal_accounts:
- username: "jitsi-moderator"
password: "secret-password"
- username: "another-user"
@ -69,7 +67,7 @@ matrix_jitsi_prosody_auth_internal_accounts:
### Authenticate using Matrix OpenID (Auth-Type 'matrix')
**Attention: Probably breaks jitsi in federated rooms and does not allow sharing conference links with guests.**
**Attention: Probably breaks Jitsi in federated rooms and does not allow sharing conference links with guests.**
Using this authentication type require a [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service).
By default, this playbook creates and configures a user-verification-service to run locally, see [configuring-user-verification-service](configuring-playbook-user-verification-service.md).
@ -77,8 +75,8 @@ By default, this playbook creates and configures a user-verification-service to
To enable set this configuration at host level:
```yaml
matrix_jitsi_enable_auth: true
matrix_jitsi_auth_type: "matrix"
jitsi_enable_auth: true
jitsi_auth_type: matrix
matrix_user_verification_service_enabled: true
```
@ -89,21 +87,21 @@ For more information see also [https://github.com/matrix-org/prosody-mod-auth-ma
An example LDAP configuration could be:
```yaml
matrix_jitsi_enable_auth: true
matrix_jitsi_auth_type: ldap
matrix_jitsi_ldap_url: "ldap://ldap.DOMAIN"
matrix_jitsi_ldap_base: "OU=People,DC=DOMAIN"
#matrix_jitsi_ldap_binddn: ""
#matrix_jitsi_ldap_bindpw: ""
matrix_jitsi_ldap_filter: "uid=%u"
matrix_jitsi_ldap_auth_method: "bind"
matrix_jitsi_ldap_version: "3"
matrix_jitsi_ldap_use_tls: true
matrix_jitsi_ldap_tls_ciphers: ""
matrix_jitsi_ldap_tls_check_peer: true
matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
matrix_jitsi_ldap_start_tls: false
jitsi_enable_auth: true
jitsi_auth_type: ldap
jitsi_ldap_url: "ldap://ldap.DOMAIN"
jitsi_ldap_base: "OU=People,DC=DOMAIN"
#jitsi_ldap_binddn: ""
#jitsi_ldap_bindpw: ""
jitsi_ldap_filter: "uid=%u"
jitsi_ldap_auth_method: "bind"
jitsi_ldap_version: "3"
jitsi_ldap_use_tls: true
jitsi_ldap_tls_ciphers: ""
jitsi_ldap_tls_check_peer: true
jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
jitsi_ldap_start_tls: false
```
For more information refer to the [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap) and the [saslauthd `LDAP_SASLAUTHD`](https://github.com/winlibs/cyrus-sasl/blob/master/saslauthd/LDAP_SASLAUTHD) documentation.
@ -120,7 +118,7 @@ Here is how to do it in the playbook.
Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
```yaml
matrix_jitsi_jvb_container_extra_arguments:
jitsi_jvb_container_extra_arguments:
- '--env "JVB_ADVERTISE_IPS=<Local IP address of the host>"'
```
@ -129,7 +127,7 @@ matrix_jitsi_jvb_container_extra_arguments:
Sample **additional** `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration to save up resources (explained below):
```yaml
matrix_jitsi_web_custom_config_extension: |
jitsi_web_custom_config_extension: |
config.enableLayerSuspension = true;
config.disableAudioLevels = true;
@ -137,13 +135,12 @@ matrix_jitsi_web_custom_config_extension: |
// Limit the number of video feeds forwarded to each client
config.channelLastN = 4;
matrix_jitsi_web_config_resolution_width_ideal_and_max: 480
matrix_jitsi_web_config_resolution_height_ideal_and_max: 240
jitsi_web_config_resolution_width_ideal_and_max: 480
jitsi_web_config_resolution_height_ideal_and_max: 240
```
You may want to **suspend unused video layers** until they are requested again, to save up resources on both server and clients.
Read more on this feature [here](https://jitsi.org/blog/new-off-stage-layer-suppression-feature/)
For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
You may wish to **disable audio levels** to avoid excessive refresh of the client-side page and decrease the CPU consumption involved.
@ -157,10 +154,10 @@ You may want to **limit the maximum video resolution**, to save up resources on
The playbook allows a user to set a max number of participants allowed to join a Jitsi conference. By default there is no limit.
In order to set the max number of participants add the following variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
In order to set the max number of participants use the following **additional** configuration:
```
matrix_prosody_jitsi_max_participants: <INTEGER OF MAX PARTICPANTS>
```yaml
jitsi_prosody_max_participants: 4 # example value
```
## (Optional) Additional JVBs
@ -177,17 +174,17 @@ For this role to work you will need an additional section in the ansible hosts f
```
Each JVB will require a server id to be set so that it can be uniquely identified and this allows Jitsi to keep track of which conferences are on which JVB.
The server id is set with the variable `matrix_jitsi_jvb_server_id` which ends up as the JVB_WS_SERVER_ID environment variables in the JVB docker container.
The server id is set with the variable `jitsi_jvb_server_id` which ends up as the JVB_WS_SERVER_ID environment variables in the JVB docker container.
This variable can be set via the host file, a parameter to the ansible command or in the `vars.yaml` for the host which will have the additional JVB. For example:
``` yaml
matrix_jitsi_jvb_server_id: 'jvb-2'
jitsi_jvb_server_id: 'jvb-2'
```
``` INI
[jitsi_jvb_servers]
jvb-2.example.com ansible_host=192.168.0.2 matrix_jitsi_jvb_server_id=jvb-2
jvb-3.example.com ansible_host=192.168.0.3 matrix_jitsi_jvb_server_id=jvb-2
jvb-2.example.com ansible_host=192.168.0.2 jitsi_jvb_server_id=jvb-2
jvb-3.example.com ansible_host=192.168.0.3 jitsi_jvb_server_id=jvb-2
```
Note that the server id `jvb-1` is reserved for the JVB instance running on the Matrix host and therefore should not be used as the id of an additional jvb host.
@ -195,20 +192,20 @@ Note that the server id `jvb-1` is reserved for the JVB instance running on the
The additional JVB will also need to expose the colibri web socket port and this can be done with the following variable:
```yaml
matrix_jitsi_jvb_container_colibri_ws_host_bind_port: 9090
jitsi_jvb_container_colibri_ws_host_bind_port: 9090
```
The JVB will also need to know where the prosody xmpp server is located, similar to the server id this can be set in the vars for the JVB by using the variable
`matrix_jitsi_xmpp_server`. The Jitsi prosody container is deployed on the matrix server by default so the value can be set to the matrix domain. For example:
`jitsi_xmpp_server`. The Jitsi prosody container is deployed on the matrix server by default so the value can be set to the matrix domain. For example:
```yaml
matrix_jitsi_xmpp_server: "{{ matrix_domain }}"
jitsi_xmpp_server: "{{ matrix_domain }}"
```
However, it can also be set the ip address of the matrix server. This can be useful if you wish to use a private ip. For example:
```yaml
matrix_jitsi_xmpp_server: "192.168.0.1"
jitsi_xmpp_server: "192.168.0.1"
```
The nginx configuration will also need to be updated in order to deal with the additional JVB servers. This is achieved via its own configuration variable
@ -234,7 +231,7 @@ Since element already sends the url of configured Matrix avatars to Jitsi, we di
To enable Gravatar set:
```yaml
matrix_jitsi_disable_gravatar: false
jitsi_disable_gravatar: false
```
**Beware:** This leaks information to a third party, namely the Gravatar-Service (unless configured otherwise: gravatar.com).
@ -262,7 +259,7 @@ You can use the self-hosted Jitsi server in multiple ways:
### Rebuilding your Jitsi installation
**If you ever run into any trouble** or **if you change configuration (`matrix_jitsi_*` variables) too much**, we urge you to rebuild your Jitsi setup.
**If you ever run into any trouble** or **if you change configuration (`jitsi_*` variables) too much**, we urge you to rebuild your Jitsi setup.
We normally don't require such manual intervention for other services, but Jitsi services generate a lot of configuration files on their own.
@ -270,7 +267,6 @@ These files are not all managed by Ansible (at least not yet), so you may someti
To rebuild your Jitsi configuration:
- SSH into the server and do this:
- stop all Jitsi services (`systemctl stop matrix-jitsi-*`).
- remove all Jitsi configuration & data (`rm -rf /matrix/jitsi`)
- ask Ansible to set up Jitsi anew and restart services (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-jitsi,start`)
- ask Ansible to stop all Jitsi services: `just run-tags stop-group --extra-vars=group=jitsi`
- SSH into the server and do this and remove all Jitsi configuration & data (`rm -rf /matrix/jitsi`)
- ask Ansible to set up Jitsi anew and restart services (`just install-service jitsi`)

View file

@ -33,6 +33,13 @@ matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
```
Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
**for all bridges with encryption support**:
```yaml
matrix_bridges_encryption_enabled: true
```
**Alternatively**, for a specific bridge:
```yaml
matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
bridge:

View file

@ -42,8 +42,6 @@ devture_postgres_process_extra_arguments: [
]
```
**NOTE**: Disabling `matrix-nginx-proxy` (`matrix_nginx_proxy_enabled: false`) (that is, [using your own other webserver](configuring-playbook-own-webserver.md) when running a Synapse worker setup is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)).
In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/matrix-org/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`.
@ -119,3 +117,10 @@ matrix_synapse_container_image_customizations_templates_git_repository_ssh_priva
As mentioned in Synapse's Templates documentation, Synapse will fall back to its own templates if a template is not found in that directory.
Due to this, it's recommended to only store and maintain template files in your repository if you need to make custom changes. Other files (which you don't need to change), should not be duplicated, so that you don't need to worry about getting out-of-sync with the original Synapse templates.
## Monitoring Synapse Metrics with Prometheus and Grafana
This playbook allows you to enable Synapse metrics, which can provide insight into the performance and activity of Synapse.
To enable Synapse metrics see [`configuring-playbook-prometheus-grafana.md`](./configuring-playbook-prometheus-grafana.md)

View file

@ -36,7 +36,7 @@ If you have or want to enable [Jitsi](configuring-playbook-jitsi.md), you might
If you do not do it, Jitsi will fall back to an upstream service.
```yaml
matrix_jitsi_web_stun_servers:
jitsi_web_stun_servers:
- stun:HOSTNAME_OR_IP:PORT
```
You can put multiple host/port combinations if you like.

View file

@ -262,7 +262,7 @@ matrix_server_fqn_element: "element.YOUR_BASE_DOMAIN"
# Feel free to use `dimension.matrix.YOUR_BASE_DOMAIN`, if you'd prefer that.
matrix_server_fqn_dimension: "dimension.YOUR_BASE_DOMAIN"
# This is where you access Jitsi (if enabled via `matrix_jitsi_enabled: true`; NOT enabled by default).
# This is where you access Jitsi (if enabled via `jitsi_enabled: true`; NOT enabled by default).
#
# Feel free to use `jitsi.matrix.YOUR_BASE_DOMAIN`, if you'd prefer that.
matrix_server_fqn_jitsi: "jitsi.YOUR_BASE_DOMAIN"

View file

@ -192,7 +192,7 @@ matrix_homeserver_app_service_config_files_auto: |
# This list is not exhaustive and final.
# Synapse workers are still injected into the list at runtime.
# Additional JVB workers (playbooks/jitsi_jvb.yml -- roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
# Additional JVB workers (playbooks/jitsi_jvb.yml -- roles/galaxy/jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
#
# Priority levels are like this:
# - core services (the homeserver) get a level of ~1000
@ -314,13 +314,13 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': (grafana_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'grafana']}] if grafana_enabled else [])
+
([{'name': 'matrix-jitsi-web.service', 'priority': 4200, 'groups': ['matrix', 'jitsi', 'jitsi-web']}] if matrix_jitsi_enabled else [])
([{'name': (jitsi_identifier + '-web.service'), 'priority': 4200, 'groups': ['matrix', 'jitsi', 'jitsi-web']}] if jitsi_enabled else [])
+
([{'name': 'matrix-jitsi-prosody.service', 'priority': 4000, 'groups': ['matrix', 'jitsi', 'jitsi-prosody']}] if matrix_jitsi_enabled else [])
([{'name': (jitsi_identifier + '-prosody.service'), 'priority': 4000, 'groups': ['matrix', 'jitsi', 'jitsi-prosody']}] if jitsi_enabled else [])
+
([{'name': 'matrix-jitsi-jicofo.service', 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jicofo']}] if matrix_jitsi_enabled else [])
([{'name': (jitsi_identifier + '-jicofo.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jicofo']}] if jitsi_enabled else [])
+
([{'name': 'matrix-jitsi-jvb.service', 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if matrix_jitsi_enabled else [])
([{'name': (jitsi_identifier + '-jvb.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if jitsi_enabled else [])
+
([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000, 'groups': ['matrix', 'ldap-registration-proxy']}] if matrix_ldap_registration_proxy_enabled else [])
+
@ -2278,7 +2278,7 @@ etherpad_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"
etherpad_framing_enabled: "{{ matrix_dimension_enabled or matrix_jitsi_enabled }}"
etherpad_framing_enabled: "{{ matrix_dimension_enabled or jitsi_enabled }}"
etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"
@ -2352,26 +2352,57 @@ matrix_email2matrix_container_image_self_build: "{{ matrix_architecture not in [
######################################################################
#
# matrix-jitsi
# jitsi
#
######################################################################
matrix_jitsi_enabled: false
jitsi_enabled: false
jitsi_architecture: "{{ matrix_architecture }}"
jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
jitsi_identifier: matrix-jitsi
jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
jitsi_uid: "{{ matrix_user_uid }}"
jitsi_gid: "{{ matrix_user_gid }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# the Jitsi HTTP port to the local host.
matrix_jitsi_web_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
jitsi_web_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
jitsi_web_container_additional_networks_auto: |
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
}}
matrix_jitsi_prosody_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '5280') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
jitsi_jvb_container_colibri_ws_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
jitsi_jvb_container_additional_networks_auto: |
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
}}
matrix_jitsi_web_stun_servers: |
jitsi_prosody_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '5280') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
jitsi_prosody_container_additional_networks_auto: |
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
jitsi_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
jitsi_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
jitsi_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
jitsi_web_stun_servers: |
{{
[
'stun:' + matrix_server_fqn_matrix + ':5349',
@ -2381,24 +2412,39 @@ matrix_jitsi_web_stun_servers: |
else [ 'stun:meet-jit-si-turnrelay.jitsi.net:443']
}}
# The Jitsi instance installed by this playbook is meant for embedding into Matrix clients, so framing is allowed.
jitsi_web_framing_enabled: true
jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
jitsi_turn_host: "{{ ('turn.' + matrix_server_fqn_matrix) if matrix_coturn_enabled else '' }}"
jitsi_turns_host: "{{ ('turn.' + matrix_server_fqn_matrix) if matrix_coturn_enabled else '' }}"
jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port if matrix_coturn_enabled else '' }}"
jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port if matrix_coturn_enabled else '' }}"
# If the self-hosted Etherpad instance is available, it will also show up in Jitsi conferences,
# unless explicitly disabled by setting `matrix_jitsi_etherpad_enabled` to false.
# Falls back to the scalar.vector.im etherpad in case someone sets `matrix_jitsi_etherpad_enabled` to true,
# unless explicitly disabled by setting `jitsi_etherpad_enabled` to false.
# Falls back to the scalar.vector.im etherpad in case someone sets `jitsi_etherpad_enabled` to true,
# while also setting `etherpad_enabled` to false.
matrix_jitsi_etherpad_enabled: "{{ etherpad_enabled }}"
matrix_jitsi_etherpad_base: "{{ etherpad_base_url if etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"
jitsi_etherpad_enabled: "{{ etherpad_enabled }}"
jitsi_etherpad_base: "{{ etherpad_base_url if etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"
# Allow verification using JWT and matrix-UVS
matrix_jitsi_prosody_auth_matrix_uvs_auth_token: "{{ matrix_user_verification_service_uvs_auth_token }}"
matrix_jitsi_prosody_auth_matrix_uvs_location: "{{ matrix_user_verification_service_container_url }}"
jitsi_prosody_auth_matrix_uvs_auth_token: "{{ matrix_user_verification_service_uvs_auth_token }}"
jitsi_prosody_auth_matrix_uvs_location: "{{ matrix_user_verification_service_container_url }}"
matrix_jitsi_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}"
jitsi_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}"
# Gravatar is enabled by default upstream, but there's no need to leak data there needlessly
# when embedding Jitsi in Matrix rooms.
jitsi_disable_gravatar: true
######################################################################
#
# /matrix-jitsi
# /jitsi
#
######################################################################
######################################################################
#
# matrix-ldap-registration-proxy
@ -2530,7 +2576,14 @@ matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_pu
matrix_nginx_proxy_trust_forwarded_proto: "{{ matrix_playbook_reverse_proxy_type != 'playbook-managed-nginx' }}"
matrix_nginx_proxy_x_forwarded_for: "{{ '$remote_addr' if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else '$proxy_add_x_forwarded_for' }}"
matrix_nginx_proxy_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
matrix_nginx_proxy_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([jitsi_container_network] if jitsi_enabled and matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' and jitsi_container_network != matrix_nginx_proxy_container_network else [])
) | unique
}}
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-nginx-proxy:12080' }}"
matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:41080' if matrix_corporal_enabled else '127.0.0.1:12080' }}"
@ -2557,8 +2610,7 @@ matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled and mat
matrix_nginx_proxy_proxy_etherpad_enabled: "{{ etherpad_enabled and not etherpad_nginx_proxy_dimension_integration_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
matrix_nginx_proxy_proxy_jitsi_manage_wellknown: "{{ matrix_jitsi_require_well_known }}"
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ jitsi_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_grafana_enabled: "{{ grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
@ -2570,7 +2622,6 @@ matrix_nginx_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_ent
matrix_nginx_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: true
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@ -2638,33 +2689,31 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
+
(['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
+
(['matrix-client-cinny.service'] if matrix_client_cinny_enabled else [])
(['matrix-client-cinny.service'] if matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled else [])
(['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-client-element.service'] if matrix_client_element_enabled else [])
(['matrix-client-element.service'] if matrix_client_element_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled else [])
(['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
([(grafana_identifier + '.service')] if grafana_enabled else [])
([(grafana_identifier + '.service')] if grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-dimension.service'] if matrix_dimension_enabled else [])
(['matrix-dimension.service'] if matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-rageshake.service'] if matrix_rageshake_enabled else [])
(['matrix-rageshake.service'] if matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-sygnal.service'] if matrix_sygnal_enabled else [])
(['matrix-sygnal.service'] if matrix_sygnal_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
([(ntfy_identifier + '.service')] if ntfy_enabled else [])
([(ntfy_identifier + '.service')] if ntfy_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-jitsi.service'] if matrix_jitsi_enabled else [])
([(jitsi_identifier + '-web.service')] if jitsi_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-sliding-sync-proxy.service'] if matrix_sliding_sync_enabled else [])
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
([etherpad_identifier + '.service'] if etherpad_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
([etherpad_identifier + '.service'] if etherpad_enabled else [])
+
(['matrix-hookshot.service'] if matrix_hookshot_enabled else [])
(['matrix-hookshot.service'] if matrix_hookshot_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
}}
matrix_ssl_domains_to_obtain_certificates_for: |
@ -2687,7 +2736,7 @@ matrix_ssl_domains_to_obtain_certificates_for: |
+
([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else [])
+
([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else [])
([matrix_server_fqn_jitsi] if jitsi_enabled else [])
+
([matrix_server_fqn_grafana] if grafana_enabled else [])
+
@ -3185,7 +3234,7 @@ matrix_client_element_enable_presence_by_hs_url: |
matrix_client_element_welcome_user_id: ~
matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
######################################################################
#
@ -4007,7 +4056,7 @@ matrix_user_verification_service_systemd_required_services_list: |
# If Jitsi is not managed by this playbook, or you otherwise have a need for it, you can expose
# matrix-user-verfification-services's client-server port to port 3003.
# By default Matrix-User-Verification-Service binds to port 3000, which collides with grafana, therefore this uses port 3003.
matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (matrix_jitsi_enabled | bool and matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == 'matrix') else matrix_playbook_service_host_bind_interface_prefix ~ '3003' }}"
matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (jitsi_enabled | bool and jitsi_enable_auth | bool and jitsi_auth_type == 'matrix') else matrix_playbook_service_host_bind_interface_prefix ~ '3003' }}"
# URL exposed in the docker network
matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000"
@ -4064,11 +4113,16 @@ devture_traefik_base_path: "{{ matrix_base_data_path }}/traefik"
devture_traefik_uid: "{{ matrix_user_uid }}"
devture_traefik_gid: "{{ matrix_user_gid }}"
devture_traefik_additional_entrypoints_auto:
- name: matrix-federation
port: "{{ matrix_federation_public_port }}"
host_bind_port: "{{ matrix_federation_public_port }}"
config: {}
devture_traefik_federation_entrypoint:
name: matrix-federation
port: "{{ matrix_federation_public_port }}"
host_bind_port: "{{ matrix_federation_public_port }}"
config: {}
devture_traefik_additional_entrypoints_auto: |
{{
([devture_traefik_federation_entrypoint] if (matrix_federation_public_port != devture_traefik_config_entrypoint_web_port) and (matrix_federation_public_port != devture_traefik_config_entrypoint_web_secure_port) else [])
}}
devture_traefik_additional_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains_to_obtain_certificates_for }}"

View file

@ -1,24 +0,0 @@
#!/usr/bin/env bash
# This is a bash script for generating strong passwords for the Jitsi role in this ansible project:
# https://github.com/spantaleev/matrix-docker-ansible-deploy
function generatePassword() {
openssl rand -hex 16
}
echo "# If this script fails, it's likely because you don't have the openssl tool installed."
echo "# Install it before using this script, or simply create your own passwords manually."
echo ""
JICOFO_AUTH_PASSWORD=$(generatePassword)
JVB_AUTH_PASSWORD=$(generatePassword)
JIBRI_RECORDER_PASSWORD=$(generatePassword)
JIBRI_XMPP_PASSWORD=$(generatePassword)
echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:"
echo ""
echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD"
echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD"
echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD"
echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD"

View file

@ -35,7 +35,7 @@ setup-all *extra_args: (run-tags "setup-all,ensure-matrix-users-created,start" e
# Runs the playbook with the given list of arguments
run +extra_args:
time ansible-playbook -i inventory/hosts setup.yml {{ extra_args }}
ansible-playbook -i inventory/hosts setup.yml {{ extra_args }}
# Runs the playbook with the given list of comma-separated tags and optional arguments
run-tags tags *extra_args:
@ -43,7 +43,7 @@ run-tags tags *extra_args:
# Runs the playbook in user-registration mode
register-user username password admin_yes_or_no *extra_args:
time ansible-playbook -i inventory/hosts setup.yml --tags=register-user --extra-vars="username={{ username }} password={{ password }} admin={{ admin_yes_or_no }}" {{ extra_args }}
ansible-playbook -i inventory/hosts setup.yml --tags=register-user --extra-vars="username={{ username }} password={{ password }} admin={{ admin_yes_or_no }}" {{ extra_args }}
# Starts all services
start-all *extra_args: (run-tags "start-all" extra_args)

View file

@ -8,5 +8,5 @@
- role: galaxy/com.devture.ansible.role.systemd_docker_base
- custom/matrix-base
- custom/matrix-jitsi
- galaxy/jitsi
- custom/matrix-common-after

View file

@ -100,7 +100,7 @@
- custom/matrix-client-element
- custom/matrix-client-hydrogen
- custom/matrix-client-cinny
- custom/matrix-jitsi
- galaxy/jitsi
- custom/matrix-user-verification-service
- custom/matrix-ldap-registration-proxy
- custom/matrix-ma1sd

View file

@ -1,47 +1,52 @@
- src: git+https://github.com/geerlingguy/ansible-role-docker
version: 6.1.0
name: geerlingguy.docker
---
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
version: v1.0.0-0
name: aux
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
version: v1.2.4-1.7.11-1
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
version: v0.1.1-1
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
version: 129c8590e106b83e6f4c259649a613c6279e937a
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: 327d2e17f5189ac2480d6012f58cf64a2b46efba
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: 3d5bb2976815958cdce3f368fa34fb51554f899b
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
version: 38764398bf82b06a1736c3bfedc71dfd229e4b52
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
version: 8e9ec48a09284c84704d7a2dce17da35f181574d
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: 327d2e17f5189ac2480d6012f58cf64a2b46efba
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: v1.0.0-0
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: 3d5bb2976815958cdce3f368fa34fb51554f899b
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
version: v2.9.10-0
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
version: v2.8.1-0
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
version: v1.8.18-2
- src: git+https://github.com/geerlingguy/ansible-role-docker
version: 6.1.0
name: geerlingguy.docker
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
version: v9.4.7-1
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v8319-6
name: jitsi
- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
version: v2.3.1-0
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v2.43.0-0
name: prometheus
- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
version: v1.5.0-7
- src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git
version: v0.12.0-0
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
version: v1.2.4-1.7.10-0
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
version: v9.4.7-1
- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
version: v2.2.0-0
- src: git+https://gitlab.com/etke.cc/roles/redis.git
version: v7.0.10-0
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
version: v1.8.18-2
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
version: v0.1.1-1
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
version: v2.9.9-0
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
version: v2.8.1-0
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
version: v1.0.0-0
name: aux
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v2.43.0-0
name: prometheus

View file

@ -13,6 +13,9 @@ matrix_domain: ~
# Example value: "@someone:{{ matrix_domain }}"
matrix_admin: ''
# Global var to enable/disable encryption across all bridges with encryption support
matrix_bridges_encryption_enabled: false
# matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc.
#
# Unless you're wrapping this playbook in another one

View file

@ -10,7 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock
matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
matrix_bot_maubot_version: v0.4.0
matrix_bot_maubot_version: v0.4.1
matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}"
matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"

View file

@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser
# matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
# It's a bare version number now. We try to somewhat retain compatibility below.
matrix_appservice_irc_version: 0.37.0
matrix_appservice_irc_version: 0.37.1
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

View file

@ -120,7 +120,7 @@ matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot
matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_'
# End-to-bridge encryption configuration
matrix_appservice_kakaotalk_bridge_encryption_allow: false
matrix_appservice_kakaotalk_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}"
# Specifies the default log level for all bridge loggers.

View file

@ -83,6 +83,11 @@ matrix_beeper_linkedin_login_shared_secret: ''
# Specifies the default log level for all bridge loggers.
matrix_beeper_linkedin_logging_level: WARNING
# Enable End-to-bridge encryption
matrix_beeper_linkedin_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
matrix_beeper_linkedin_bridge_encryption_key_sharing_allow: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
# Default beeper-linkedin configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#

View file

@ -156,15 +156,15 @@ bridge:
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_beeper_linkedin_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_beeper_linkedin_bridge_encryption_default|to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
allow: {{ matrix_beeper_linkedin_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.

View file

@ -86,7 +86,7 @@ matrix_go_skype_bridge_bridge_double_puppet_server_map:
"{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}"
# Enable End-to-bridge encryption
matrix_go_skype_bridge_bridge_encryption_allow: false
matrix_go_skype_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
# Minimum severity of journal log messages.

View file

@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
matrix_hookshot_version: 3.1.1
matrix_hookshot_version: 3.2.0
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"

View file

@ -137,7 +137,7 @@ matrix_mautrix_discord_registration_yaml: |
matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_discord_bridge_encryption_allow: false
matrix_mautrix_discord_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"

View file

@ -149,3 +149,8 @@ matrix_mautrix_facebook_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_facebook_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_facebook_bridge_encryption_default: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}"
matrix_mautrix_facebook_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}"

View file

@ -126,15 +126,15 @@ bridge:
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_facebook_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_mautrix_facebook_bridge_encryption_default|to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
allow_key_sharing: {{ matrix_mautrix_facebook_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.

View file

@ -129,3 +129,7 @@ matrix_mautrix_googlechat_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_googlechat_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_googlechat_bridge_encryption_default: "{{ matrix_mautrix_googlechat_bridge_encryption_allow }}"

View file

@ -88,10 +88,10 @@ bridge:
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_googlechat_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_mautrix_googlechat_bridge_encryption_default|to_json }}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.

View file

@ -126,3 +126,7 @@ matrix_mautrix_hangouts_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_hangouts_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_hangouts_bridge_encryption_default: "{{ matrix_mautrix_hangouts_bridge_encryption_allow }}"

View file

@ -88,10 +88,10 @@ bridge:
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_hangouts_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_mautrix_hangouts_bridge_encryption_default|to_json }}
# Public website and API configs
web:

View file

@ -129,3 +129,8 @@ matrix_mautrix_instagram_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_instagram_bridge_encryption_default: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}"
matrix_mautrix_instagram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}"

View file

@ -143,15 +143,15 @@ bridge:
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_discord_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_mautrix_discord_bridge_encryption_default|to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
allow: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.

View file

@ -152,7 +152,7 @@ matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml
matrix_mautrix_signal_log_level: 'DEBUG'
matrix_mautrix_signal_bridge_encryption_allow: false
matrix_mautrix_signal_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"

View file

@ -133,6 +133,6 @@ matrix_mautrix_slack_registration_yaml: |
matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_slack_bridge_encryption_allow: false
matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"

View file

@ -163,6 +163,6 @@ matrix_mautrix_telegram_alias_template: 'telegram_{groupname}'
matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'
# Enable End-to-bridge encryption
matrix_mautrix_telegram_bridge_encryption_allow: false
matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"

View file

@ -127,3 +127,8 @@ matrix_mautrix_twitter_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_twitter_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"
matrix_mautrix_twitter_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"

View file

@ -126,15 +126,15 @@ bridge:
# this to work. See https://github.com/tulir/mautrix-telegram/wiki/Endtobridge-encryption
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_twitter_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_mautrix_twitter_bridge_encryption_default|to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
allow: {{ matrix_mautrix_twitter_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.

View file

@ -97,7 +97,7 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}"
# Enable End-to-bridge encryption
matrix_mautrix_whatsapp_bridge_encryption_allow: false
matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"

View file

@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true
matrix_client_cinny_container_image_self_build: false
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
matrix_client_cinny_version: v2.2.5
matrix_client_cinny_version: v2.2.6
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"

View file

@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.11.26
matrix_client_element_version: v1.11.29
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

View file

@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
matrix_coturn_version: 4.6.1-r2
matrix_coturn_version: 4.6.1-r3
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"

View file

@ -73,7 +73,6 @@
src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-coturn.service"
mode: 0644
register: matrix_coturn_systemd_service_change_results
# This may be unnecessary when more long-lived certificates are used.
# We optimize for the common use-case though (short-lived Let's Encrypt certificates).
@ -83,7 +82,6 @@
src: "{{ role_path }}/templates/systemd/{{ item }}.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}"
mode: 0644
register: "matrix_coturn_systemd_service_change_results"
when: "matrix_coturn_tls_enabled | bool"
with_items:
- matrix-coturn-reload.service
@ -94,13 +92,7 @@
ansible.builtin.file:
path: "{{ item }}"
state: absent
register: "matrix_coturn_systemd_service_change_results"
when: "not matrix_coturn_tls_enabled | bool"
with_items:
- matrix-coturn-reload.service
- matrix-coturn-reload.timer
- name: Ensure systemd reloaded if systemd units changed
ansible.builtin.service:
daemon_reload: true
when: "matrix_coturn_systemd_service_change_results.changed"

View file

@ -1,320 +0,0 @@
---
# Project source code URL: https://github.com/jitsi/docker-jitsi-meet
matrix_jitsi_enabled: true
matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
matrix_jitsi_enable_auth: false
matrix_jitsi_enable_guests: false
matrix_jitsi_enable_recording: false
matrix_jitsi_enable_transcriptions: false
matrix_jitsi_enable_jaas_components: false
matrix_jitsi_enable_p2p: true
matrix_jitsi_enable_av_moderation: true
matrix_jitsi_enable_breakout_rooms: true
matrix_jitsi_disable_gravatar: true
# Authentication type, must be one of internal, jwt, matrix or ldap.
# Currently, only internal, matrix and ldap mechanisms are supported by this playbook.
# matrix auth verifies against matrix openID, and requires a user-verification-service to run.
matrix_jitsi_auth_type: internal
# A list of Jitsi (Prosody) accounts to create using the internal authentication mechanism.
#
# Accounts added here and subsequently removed will not be automatically removed
# from the Prosody server until user account cleaning is integrated into the playbook.
#
# Example:
# matrix_jitsi_prosody_auth_internal_accounts:
# - username: "jitsi-moderator"
# password: "secret-password"
# - username: "another-user"
# password: "another-password"
matrix_jitsi_prosody_auth_internal_accounts: []
# Configuration options for LDAP authentication. For details see upstream:
# https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap.
# Defaults are taken from:
# https://github.com/jitsi/docker-jitsi-meet/blob/master/prosody/rootfs/defaults/saslauthd.conf
matrix_jitsi_ldap_url: ""
matrix_jitsi_ldap_base: ""
matrix_jitsi_ldap_binddn: ""
matrix_jitsi_ldap_bindpw: ""
matrix_jitsi_ldap_filter: "uid=%u"
matrix_jitsi_ldap_auth_method: "bind"
matrix_jitsi_ldap_version: "3"
matrix_jitsi_ldap_use_tls: false
matrix_jitsi_ldap_tls_ciphers: ""
matrix_jitsi_ldap_tls_check_peer: false
matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
matrix_jitsi_ldap_start_tls: false
# Auth type: matrix
matrix_jitsi_prosody_auth_matrix_user_verification_repo_location: "https://github.com/matrix-org/prosody-mod-auth-matrix-user-verification"
matrix_jitsi_prosody_auth_matrix_user_verification_repo_target: "{{ matrix_jitsi_prosody_ext_path }}/prosody_auth_matrix_user_verification"
matrix_jitsi_prosody_auth_matrix_user_verification_repo_version: "2839499cb03894d8cfc3e5b2219441427cb133d8" # v1.8.0
matrix_jitsi_prosody_auth_matrix_uvs_sync_power_levels: true
matrix_jitsi_prosody_auth_matrix_uvs_location: ""
# Should match domain, see https://github.com/vector-im/element-web/pull/15114/commits/0410a6b3be82a41457275e4d1ce879dea146e092
matrix_jitsi_prosody_auth_matrix_jwt_app_id: "{{ matrix_server_fqn_jitsi }}"
matrix_jitsi_prosody_auth_matrix_files:
- path: "mod_auth_matrix_user_verification.lua"
when: true
- path: "mod_matrix_power_sync.lua"
when: "{{ matrix_jitsi_prosody_auth_matrix_uvs_sync_power_levels }}"
# Plugged in group_vars
matrix_jitsi_prosody_auth_matrix_uvs_auth_token: ''
matrix_jitsi_timezone: UTC
matrix_jitsi_xmpp_domain: meet.jitsi
matrix_jitsi_xmpp_server: xmpp.meet.jitsi
matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi
matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280
matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi
matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi
matrix_jitsi_xmpp_modules: ''
matrix_jitsi_recorder_domain: recorder.meet.jitsi
matrix_jitsi_jibri_brewery_muc: jibribrewery
matrix_jitsi_jibri_pending_timeout: 90
matrix_jitsi_jibri_xmpp_user: jibri
matrix_jitsi_jibri_xmpp_password: ''
matrix_jitsi_jibri_recorder_user: recorder
matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false
matrix_jitsi_version: stable-8319
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"
matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config"
matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts"
matrix_jitsi_web_crontabs_path: "{{ matrix_jitsi_web_base_path }}/crontabs"
matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"
# STUN servers used in the web UI. Feel free to point them to your own STUN server.
# Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`.
matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443']
# Setting up TURN
# Default set with Coturn container
matrix_jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret }}"
matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}"
matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}"
matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}"
matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}"
matrix_jitsi_turn_transport: tcp
# Controls whether Etherpad will be available within Jitsi
matrix_jitsi_etherpad_enabled: false
# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:13080"), or empty string to not expose.
matrix_jitsi_web_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_jitsi_web_container_extra_arguments: []
# List of systemd services that matrix-jitsi-web.service depends on
matrix_jitsi_web_systemd_required_services_list: ['docker.service']
# Custom configuration to be appended to `interface_config.js`, passed to Jitsi Web.
#
# Note: not to be confused with `matrix_jitsi_web_custom_config_extension`.
#
# For interface configuration, the flow is like this:
# - a default `interface_config.js` is generated from within the docker image
# - the contents of `matrix_jitsi_web_custom_interface_config_extension` is appended and can define new settings or override defaults.
#
# Example:
# matrix_jitsi_web_custom_interface_config_extension: |
# interfaceConfig.LANG_DETECTION = false;
# interfaceConfig.SHOW_JITSI_WATERMARK = false;
# interfaceConfig.DISABLE_VIDEO_BACKGROUND = true;
matrix_jitsi_web_custom_interface_config_extension: ''
# Controls after which participant audio will be muted. If not specified, defaults to Jitsi's default value (likely 10)
matrix_jitsi_web_config_start_audio_muted_after_nth_participant: ~
# Controls after which participant video will be muted. If not specified, defaults to Jitsi's default value (likely 10)
matrix_jitsi_web_config_start_video_muted_after_nth_participant: ~
matrix_jitsi_web_config_defaultLanguage: 'en' # noqa var-naming
# Ideal and also maximum resolution width. If not specified, defaults to Jitsi's default value (likely 1280)
matrix_jitsi_web_config_resolution_width_ideal_and_max: ~
# Minimum resolution width. If not specified, defaults to Jitsi's default value (likely 320)
matrix_jitsi_web_config_resolution_width_min: ~
# Ideal and also maximum resolution height. If not specified, defaults to Jitsi's default value (likely 720)
matrix_jitsi_web_config_resolution_height_ideal_and_max: ~
# Minimum resolution height. If not specified, defaults to Jitsi's default value (likely 180)
matrix_jitsi_web_config_resolution_height_min: ~
# Custom configuration to be injected into `custom-config.js`, passed to Jitsi Web.
# This configuration gets appended to the final configuration that Jitsi Web uses.
#
# Note: not to be confused with `matrix_jitsi_web_custom_interface_config_extension`.
#
# The flow is like this:
# - some default configuration is automatically generated based on the environment variables passed to the Jitsi Web container
# - the contents of `custom-config.js` is appended to it (see `templates/web/custom-config.js.j2`)
# - said `custom-config.js` contains your custom contents specified in `matrix_jitsi_web_custom_config_extension`.
#
# Example:
# matrix_jitsi_web_custom_config_extension: |
# if (!config.hasOwnProperty('testing')) config.testing = {};
# config.testing.p2pTestMode = true
matrix_jitsi_web_custom_config_extension: ''
# Additional environment variables to pass to the Jitsi Web container.
# You can use this to further influence the default configuration generated by the Jitsi Web container on every startup.
# Besides influencing the final configuration by passing environment variables, you can also inject custom configuration
# by using `matrix_jitsi_web_custom_config_extension`.
#
# Example:
# matrix_jitsi_web_environment_variables_extension: |
# ENABLE_FILE_RECORDING_SERVICE=1
# DROPBOX_APPKEY=something
# DROPBOX_REDIRECT_URI=something
matrix_jitsi_web_environment_variables_extension: ''
matrix_jitsi_prosody_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/prosody:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config"
matrix_jitsi_prosody_plugins_path: "{{ matrix_jitsi_prosody_base_path }}/prosody-plugins-custom"
matrix_jitsi_prosody_ext_path: "{{ matrix_jitsi_prosody_base_path }}/ext"
# well known is currently only needed for auth type "matrix"
matrix_jitsi_require_well_known: "{{ matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == 'matrix' }}"
matrix_jitsi_wellknown_element_jitsi_json: '{"auth": "openidtoken-jwt"}'
#
matrix_jitsi_muc_modules: |
{{
(['matrix_power_sync'] if matrix_jitsi_prosody_auth_matrix_uvs_sync_power_levels | bool else [])
}}
# A list of extra arguments to pass to the container
matrix_jitsi_prosody_container_extra_arguments: []
# List of systemd services that matrix-jitsi-prosody.service depends on
matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
# Neccessary Port binding for those disabling the integrated nginx proxy
matrix_jitsi_prosody_container_http_host_bind_port: ''
matrix_jitsi_prosody_container_jvb_host_bind_port: 5222
matrix_jitsi_jicofo_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config"
# A list of extra arguments to pass to the container
matrix_jitsi_jicofo_container_extra_arguments: []
# List of systemd services that matrix-jitsi-jicofo.service depends on
matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
matrix_jitsi_jicofo_component_secret: ''
matrix_jitsi_jicofo_auth_user: focus
matrix_jitsi_jicofo_auth_password: ''
# To enable Sentry integration for Jicofo, specify a valid DSN connection string
matrix_jitsi_jicofo_sentry_dsn: ''
matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"
matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config"
# A list of extra arguments to pass to the container
matrix_jitsi_jvb_container_extra_arguments: []
# List of systemd services that matrix-jitsi-jvb.service depends on
matrix_jitsi_jvb_systemd_required_services_list: ['docker.service']
matrix_jitsi_jvb_auth_user: jvb
matrix_jitsi_jvb_auth_password: ''
# To enable Sentry integration for JVB, specify a valid DSN connection string
matrix_jitsi_jvb_sentry_dsn: ''
# STUN servers used by JVB on the server-side, so it can discover its own external IP address.
# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.
matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443']
matrix_jitsi_jvb_brewery_muc: jvbbrewery
matrix_jitsi_jvb_rtp_udp_port: 10000
matrix_jitsi_jvb_rtp_tcp_port: 4443
matrix_jitsi_jvb_server_id: 'jvb-1'
# Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB.
# This configuration gets appended to the final configuration that Jitsi JVB uses.
#
# The flow is like this:
# - some default configuration is automatically generated based on the environment variables passed to the Jitsi JVB container
# - the contents of `custom-sip-communicator.properties` is appended to it (see `templates/jvb/custom-sip-communicator.properties.j2`)
# - said `custom-sip-communicator.properties` contains your custom contents specified in `matrix_jitsi_jvb_custom_config_extension`.
#
# Example:
# matrix_jitsi_jvb_custom_config_extension: |
# org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=false
# org.jitsi.videobridge.ENABLE_STATISTICS=false
matrix_jitsi_jvb_custom_config_extension: ''
# Additional environment variables to pass to the Jitsi JVB container.
# You can use this to further influence the default configuration generated by the Jitsi JVB container on every startup.
# Besides influencing the final configuration by passing environment variables, you can also inject custom configuration
# by using `matrix_jitsi_jvb_custom_config_extension`.
#
# Example:
# matrix_jitsi_jvb_environment_variables_extension: |
# SOME_VARIABLE=1
# ANOTHER_VARIABLE=something
matrix_jitsi_jvb_environment_variables_extension: ''
# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:10000"), or empty string to not expose.
matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}"
# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4443"), or empty string to not expose.
matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}"
# Controls whether the matrix-jitsi-jvb container exposes its Colibri WebSocket port (tcp/9090 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12090"), or empty string to not expose.
matrix_jitsi_jvb_container_colibri_ws_host_bind_port: ''
# Default max participants to the empty string
#
# The setting requires an integer to be set for usage and allows a user to specify the max number of particpants on a conference.
matrix_prosody_jitsi_max_participants: ''
# Allows abailty to set XMPP AUTH user if using JIGASI
matrix_jitsi_jigasi_xmpp_user: ''
# Allows abailty to set XMPP AUTH pasword if using JIGASI
matrix_jitsi_jigasi_xmpp_password: ''

View file

@ -1,5 +0,0 @@
---
- ansible.builtin.set_fact:
devture_systemd_service_manager_services_list_auto: "{{ [{'name': 'matrix-jitsi-jvb.service', 'priority': 1000, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] }}"
when: matrix_jitsi_enabled | bool

View file

@ -1,75 +0,0 @@
---
- tags:
- setup-additional-jitsi-jvb
- install-additional-jitsi-jvb
block:
- when: matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/init_additional_jvb.yml"
- tags:
- setup-all
- setup-jitsi
- setup-additional-jitsi-jvb
- install-all
- install-jitsi
- install-additional-jitsi-jvb
block:
- when: matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
- tags:
- setup-all
- setup-jitsi
- install-all
- install-jitsi
block:
- when: matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_install.yml"
- when: matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_install.yml"
- when: matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo_install.yml"
- tags:
- setup-all
- setup-jitsi
block:
- when: not matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_uninstall.yml"
- when: not matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_uninstall.yml"
- when: not matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo_uninstall.yml"
- tags:
- setup-all
- setup-jitsi
- setup-additional-jitsi-jvb
- install-all
- install-jitsi
- install-additional-jitsi-jvb
block:
- when: matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb_install.yml"
- tags:
- setup-all
- setup-jitsi
- setup-additional-jitsi-jvb
block:
- when: not matrix_jitsi_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb_uninstall.yml"
- tags:
- self-check
block:
- when: matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == 'matrix'
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_matrix_auth.yml"

View file

@ -1,63 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_jitsi_prosody_self_check_uvs_health_url: "{{ matrix_jitsi_prosody_auth_matrix_uvs_location }}/health"
matrix_jitsi_element_jitsi_well_known_url: "{{ matrix_jitsi_web_public_url }}/.well-known/element/jitsi"
- name: Check if jitsi serves the .well-known/element/jitsi
ansible.builtin.uri:
url: "{{ matrix_jitsi_element_jitsi_well_known_url }}"
follow_redirects: none
return_content: true
validate_certs: "{{ matrix_jitsi_self_check_validate_certificates }}"
headers:
Origin: example.com
check_mode: false
register: result_well_known_jitsi_element_jitsi
ignore_errors: true
- name: Fail if .well-known not working
ansible.builtin.fail:
msg: |
Failed checking that the Jitsi well-known file for Element auth is configured at `{{ matrix_jitsi_element_jitsi_well_known_url }}`
Full error: {{ result_well_known_jitsi_element_jitsi }}
when: "result_well_known_jitsi_element_jitsi.failed"
- name: Parse JSON for well-known payload at the matrix hostname
ansible.builtin.set_fact:
well_known_matrix_payload: "{{ result_well_known_jitsi_element_jitsi.content | from_json }}"
- name: Fail if .well-known not CORS-aware
ansible.builtin.fail:
msg: "The well-known file on `{{ matrix_jitsi_element_jitsi_well_known_url }}` is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
when: "'access_control_allow_origin' not in result_well_known_jitsi_element_jitsi"
- name: Report working .well-known
ansible.builtin.debug:
msg: "well-known is configured correctly at `{{ matrix_jitsi_element_jitsi_well_known_url }}`"
- name: Check if we can reach the user verification service and if it's healthy
ansible.builtin.command:
argv:
- "docker"
- "exec"
- "matrix-jitsi-prosody"
- "wget"
- "-O"
- "-"
- "--quiet"
- "{{ matrix_jitsi_prosody_self_check_uvs_health_url | quote }}"
register: matrix_jitsi_prosody_self_check_uvs_result
changed_when: false
ignore_errors: true
- name: Fail if user verification service is not (reachable and healthy)
ansible.builtin.fail:
msg: |
Failed checking user verification service is up (checked endpoint: `{{ matrix_jitsi_prosody_self_check_uvs_health_url }}`).
Full error: {{ matrix_jitsi_prosody_self_check_uvs_result }}
when: "matrix_jitsi_prosody_self_check_uvs_result.failed"
- name: Report healthy user verification service
ansible.builtin.debug:
msg: "User verification service is working (checked endpoint: `{{ matrix_jitsi_prosody_self_check_uvs_health_url }}`)"

View file

@ -1,16 +0,0 @@
---
- ansible.builtin.include_role:
name: custom/matrix-base
tasks_from: ensure_openssl_installed
- name: Ensure Matrix jitsi base path exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_jitsi_base_path }}", when: true}
when: item.when | bool

View file

@ -1,51 +0,0 @@
---
- name: Ensure Matrix jitsi-jicofo path exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0777
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_jitsi_jicofo_base_path }}", when: true}
- {path: "{{ matrix_jitsi_jicofo_config_path }}", when: true}
when: item.when | bool
- name: Ensure jitsi-jicofo Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_jitsi_jicofo_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure jitsi-jicofo environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/jicofo/env.j2"
dest: "{{ matrix_jitsi_jicofo_base_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
when: matrix_jitsi_enabled | bool
- name: Ensure jitsi-jicofo configuration files created
ansible.builtin.template:
src: "{{ role_path }}/templates/jicofo/{{ item }}.j2"
dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0644
with_items:
- sip-communicator.properties
- logging.properties
- name: Ensure matrix-jitsi-jicofo.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
mode: 0644
register: matrix_jitsi_jicofo_systemd_service_result

View file

@ -1,25 +0,0 @@
---
- name: Check existence of matrix-jitsi-jicofo service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
register: matrix_jitsi_jicofo_service_stat
- when: matrix_jitsi_jicofo_service_stat.stat.exists | bool
block:
- name: Ensure matrix-jitsi-jicofo is stopped
ansible.builtin.service:
name: matrix-jitsi-jicofo
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-jitsi-jicofo.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
state: absent
- name: Ensure Matrix jitsi-jicofo paths doesn't exist
ansible.builtin.file:
path: "{{ matrix_jitsi_jicofo_base_path }}"
state: absent

View file

@ -1,49 +0,0 @@
---
- name: Ensure Matrix jitsi-jvb path exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0777
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_jitsi_jvb_base_path }}", when: true}
- {path: "{{ matrix_jitsi_jvb_config_path }}", when: true}
when: item.when | bool
- name: Ensure jitsi-jvb Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_jitsi_jvb_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure jitsi-jvb configuration files created
ansible.builtin.template:
src: "{{ role_path }}/templates/jvb/{{ item }}.j2"
dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0644
with_items:
- custom-sip-communicator.properties
- logging.properties
- name: Ensure jitsi-jvb environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/jvb/env.j2"
dest: "{{ matrix_jitsi_jvb_base_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure matrix-jitsi-jvb.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
mode: 0644

View file

@ -1,25 +0,0 @@
---
- name: Check existence of matrix-jitsi-jvb service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
register: matrix_jitsi_jvb_service_stat
- when: matrix_jitsi_jvb_service_stat.stat.exists | bool
block:
- name: Ensure matrix-jitsi-jvb is stopped
ansible.builtin.service:
name: matrix-jitsi-jvb
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-jitsi-jvb.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
state: absent
- name: Ensure Matrix jitsi-jvb paths doesn't exist
ansible.builtin.file:
path: "{{ matrix_jitsi_jvb_base_path }}"
state: absent

View file

@ -1,85 +0,0 @@
---
- name: Ensure Matrix jitsi-prosody environment exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0777
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_jitsi_prosody_base_path }}", when: true}
- {path: "{{ matrix_jitsi_prosody_config_path }}", when: true}
- {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true}
- {path: "{{ matrix_jitsi_prosody_ext_path }}", when: true}
when: item.when | bool
- name: Ensure jitsi-prosody Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_jitsi_prosody_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure jitsi-prosody environment variables file is created
ansible.builtin.template:
src: "{{ role_path }}/templates/prosody/env.j2"
dest: "{{ matrix_jitsi_prosody_base_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
# Configure matrix authentication.
- name: Install user verification plugin
ansible.builtin.include_tasks:
file: "{{ role_path }}/tasks/util/setup_jitsi_auth_uvs_install.yml"
when: matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == "matrix"
- name: Manage Jitsi .well-known
when: matrix_jitsi_require_well_known | bool
block:
- name: Ensure .well-known directories exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0775
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_static_files_base_path }}/.well-known/element", when: "{{ matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == 'matrix' }}"}
when: item.when | bool
# Create .well-known/element/jitsi in the static file directory for nginx-proxy.
- name: Ensure Jitsi /.well-known/element/jitsi configured
ansible.builtin.copy:
content: "{{ matrix_jitsi_wellknown_element_jitsi_json }}"
dest: "{{ matrix_static_files_base_path }}/.well-known/element/jitsi"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == "matrix"
# END Block
# Remove matrix authentication if disabled
- name: Ensure user verification plugin is not present if matrix auth is disabled
ansible.builtin.include_tasks:
file: "{{ role_path }}/tasks/util/setup_jitsi_auth_uvs_uninstall.yml"
when: (not matrix_jitsi_enable_auth | bool) or (matrix_jitsi_auth_type != "matrix")
- name: Ensure matrix-jitsi-prosody.service file is installed
ansible.builtin.template:
src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
mode: 0644
register: matrix_jitsi_prosody_systemd_service_result
# Tasks that require a running prosody container are called in this file.
- name: Run prosody related tasks, that require a running container.
ansible.builtin.include_tasks:
file: "{{ role_path }}/tasks/util/setup_jitsi_prosody_post_setup_hooks.yml"
when:
- matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == "internal"

View file

@ -1,25 +0,0 @@
---
- name: Check if matrix-jitsi-prosody.service file exists
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
register: matrix_jitsi_prosody_service_stat
- when: matrix_jitsi_prosody_service_stat.stat.exists | bool
block:
- name: Ensure matrix-jitsi-prosody is stopped
ansible.builtin.service:
name: matrix-jitsi-prosody
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-jitsi-prosody.service file doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
state: absent
- name: Ensure Matrix jitsi-prosody paths doesn't exist
ansible.builtin.file:
path: "{{ matrix_jitsi_prosody_base_path }}"
state: absent

View file

@ -1,52 +0,0 @@
---
- name: Ensure Matrix jitsi-web path exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0777
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_jitsi_web_base_path }}", when: true}
- {path: "{{ matrix_jitsi_web_config_path }}", when: true}
- {path: "{{ matrix_jitsi_web_transcripts_path }}", when: true}
- {path: "{{ matrix_jitsi_web_crontabs_path }}", when: true}
when: item.when | bool
- name: Ensure jitsi-web Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_jitsi_web_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure jitsi-web environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/web/env.j2"
dest: "{{ matrix_jitsi_web_base_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure jitsi-web configuration files created
ansible.builtin.template:
src: "{{ role_path }}/templates/web/{{ item }}.j2"
dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0644
with_items:
- custom-config.js
- custom-interface_config.js
- name: Ensure matrix-jitsi-web.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
mode: 0644
register: matrix_jitsi_web_systemd_service_result

View file

@ -1,25 +0,0 @@
---
- name: Check existence of matrix-jitsi-web service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
register: matrix_jitsi_web_service_stat
- when: matrix_jitsi_web_service_stat.stat.exists | bool
block:
- name: Ensure matrix-jitsi-web is stopped
ansible.builtin.service:
name: matrix-jitsi-web
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-jitsi-web.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
state: absent
- name: Ensure Matrix jitsi-web paths doesn't exist
ansible.builtin.file:
path: "{{ matrix_jitsi_web_base_path }}"
state: absent

View file

@ -1,17 +0,0 @@
---
#
# Tasks related to configuring Jitsi internal authentication on a running prosody instance.
#
- name: Ensure Jitsi internal authentication users are configured
ansible.builtin.shell: "{{ devture_systemd_docker_base_host_command_docker }} exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}"
with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}"
when:
- matrix_jitsi_prosody_auth_internal_accounts|length > 0
register: matrix_jitsi_user_configuration_result
changed_when: matrix_jitsi_user_configuration_result.rc == 0
no_log: true
#
# Tasks related to clean up after configuring internal authentication.
#

View file

@ -1,20 +0,0 @@
---
- name: Checkout Prosody Auth Matrix User Verification Plugin Repo
ansible.builtin.git:
repo: "{{ matrix_jitsi_prosody_auth_matrix_user_verification_repo_location }}"
dest: "{{ matrix_jitsi_prosody_auth_matrix_user_verification_repo_target }}"
version: "{{ matrix_jitsi_prosody_auth_matrix_user_verification_repo_version }}"
become: true
become_user: "{{ matrix_user_username }}"
- name: Install Prosody Auth Matrix User Verification Plugin
ansible.builtin.copy:
remote_src: true
src: "{{ matrix_jitsi_prosody_auth_matrix_user_verification_repo_target }}/{{ item.path }}"
dest: "{{ matrix_jitsi_prosody_plugins_path }}/{{ item.path }}"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items: "{{ matrix_jitsi_prosody_auth_matrix_files }}"
when: item.when | bool

View file

@ -1,20 +0,0 @@
---
- name: Remove all files regarding prosody mod auth_matrix_user_verification and .well-known/element/jitsi
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_flattened:
- "{{ matrix_static_files_base_path }}/.well-known/element/jitsi"
- "{{ matrix_jitsi_prosody_auth_matrix_user_verification_repo_target }}"
- "{{ matrix_jitsi_prosody_auth_matrix_files | map(attribute='path') | map('regex_replace', '^', matrix_jitsi_prosody_plugins_path+'/') | list }}"
register: matrix_jitsi_prosody_auth_matrix_user_verification_uninstalled
- when: matrix_jitsi_prosody_auth_matrix_user_verification_uninstalled.changed
block:
- name: Populate service facts
ansible.builtin.service_facts:
- name: Ensure prosody is restarted later on if currently running
ansible.builtin.set_fact:
matrix_jitsi_prosody_require_restart: "{{ true if ansible_facts.services['matrix-jitsi-prosody.service']['state'] == 'running' else false }}"

View file

@ -1,49 +0,0 @@
---
#####
#
# This tasks file starts and stops (if state before was stopped) a prosody container during setup to run commands,
# that require a running prosody container.
# The task is called in ../setup_jitsi_prosody_install.yml.
#
# Important: The task is called conditionally, as to only start if really needed.
# So if you add or change anything - remember to also change the 'when' in: ../setup_jitsi_prosody_install.yml
#
#####
#
# Start Necessary Services
#
- name: Ensure matrix-jitsi-prosody container is running
ansible.builtin.systemd:
state: "{{ 'restarted' if matrix_jitsi_prosody_require_restart | default(false) | bool else 'started' }}"
name: matrix-jitsi-prosody
register: matrix_jitsi_prosody_start_result
# If the flag was set, we can safely disable now.
- name: Disable require restart flag
ansible.builtin.set_fact:
matrix_jitsi_prosody_require_restart: false
#
# Tasks related to configuring Jitsi internal authentication
#
- name: Ensure internal authentication is properly configured
ansible.builtin.include_tasks:
file: "{{ role_path }}/tasks/util/prosody_post_setup_hooks/setup_jitsi_auth_internal.yml"
when: matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == "internal"
#
# Tasks related to ...
#
#
# Stop Necessary Services
#
- name: Ensure matrix-jitsi-prosody container is stopped if necessary
ansible.builtin.systemd:
state: stopped
name: matrix-jitsi-prosody
when: matrix_jitsi_prosody_start_result.changed | bool

View file

@ -1,81 +0,0 @@
---
- name: Fail if on an unsupported architecture
ansible.builtin.fail:
msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214"
when: matrix_jitsi_enabled | bool and matrix_architecture not in ['amd64', 'arm64']
- name: Fail if required Jitsi settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) to properly configure Jitsi.
If you're setting up Jitsi for the first time, you may have missed a step.
Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
If you had previously setup Jitsi successfully and are only now facing this error,
it means that your installation is most likely using default passwords previously defined by the playbook.
These defaults are insecure. Jitsi should be rebuilt with secure values.
Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md).
when: "vars[item] == ''"
with_items:
- "matrix_jitsi_jibri_xmpp_password"
- "matrix_jitsi_jibri_recorder_password"
- "matrix_jitsi_jicofo_auth_password"
- "matrix_jitsi_jvb_auth_password"
- name: Fail if authentication is enabled, but not properly configured.
ansible.builtin.fail:
msg: >-
You have enabled authentication, but the configured auth type is missing required configuration.
Auth type 'internal':
At least one Jitsi user needs to be defined in `matrix_jitsi_prosody_auth_internal_accounts` when using internal authentication.
If you're setting up Jitsi for the first time, you may have missed a step.
Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
Auth type 'matrix':
If you want to enable matrix_user_verification in jitsi,
please provide an auth token for the user verification service (uvs) using `matrix_jitsi_prosody_auth_matrix_uvs_auth_token`.
If the user-verfication-service is also managed by this playbook the token is derived from `matrix_homeserver_generic_secret_key` in the group vars.
when:
- matrix_jitsi_enable_auth | bool
- ((matrix_jitsi_auth_type == 'internal' and matrix_jitsi_prosody_auth_internal_accounts|length == 0)
or (matrix_jitsi_auth_type == 'matrix' and matrix_jitsi_prosody_auth_matrix_uvs_auth_token|length == 0))
- name: (Deprecation) Catch and report renamed settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_jitsi_web_config_constraints_enabled', 'new': '<Now unnecessary. Constraints are always applied automatically>'}
- {'old': 'matrix_jitsi_web_config_constraints_video_aspectRatio', 'new': '<Not applicable anymore>'}
- {'old': 'matrix_jitsi_web_config_constraints_video_height_ideal', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'}
- {'old': 'matrix_jitsi_web_config_constraints_video_height_max', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'}
- {'old': 'matrix_jitsi_web_config_constraints_video_height_min', 'new': 'matrix_jitsi_web_config_resolution_height_min'}
- {'old': 'matrix_jitsi_web_config_disableAudioLevels', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
- {'old': 'matrix_jitsi_web_config_enableLayerSuspension', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
- {'old': 'matrix_jitsi_web_config_channelLastN', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
- {'old': 'matrix_jitsi_web_config_testing_p2pTestMode', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension>'}
- {'old': 'matrix_jitsi_web_config_start_with_audio_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_audio_muted_after_nth_participant>'}
- {'old': 'matrix_jitsi_web_config_start_with_video_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_video_muted_after_nth_participant>'}
- {'old': 'matrix_jitsi_web_interface_config_show_watermark_for_guests', 'new': '<Not applicable anymore>'}
- {'old': 'matrix_jitsi_web_interface_config_invitation_powered_by', 'new': '<Not applicable anymore>'}
- {'old': 'matrix_jisti_web_interface_config_show_deep_linking_image', 'new': 'matrix_jitsi_web_interface_config_show_deep_linking_image'}
- {'old': 'matrix_jitsi_web_interface_config_lang_detection', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_show_jitsi_watermark', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_jitsi_watermark_link', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_show_brand_watermark', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_brand_watermark_link', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_generate_room_names_on_welcome_page', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_display_welcome_page_content', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_app_name', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_native_app_name', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_provider_name', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_show_powered_by', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_disable_transcription_subtitles', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
- {'old': 'matrix_jitsi_web_interface_config_show_deep_linking_image', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}

View file

@ -1,38 +0,0 @@
AUTH_TYPE={{ matrix_jitsi_auth_type }}
BRIDGE_AVG_PARTICIPANT_STRESS
BRIDGE_STRESS_THRESHOLD
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_AUTO_OWNER
ENABLE_CODEC_VP8
ENABLE_CODEC_VP9
ENABLE_CODEC_H264
ENABLE_OCTO
ENABLE_RECORDING
ENABLE_SCTP
ENABLE_AUTO_LOGIN
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
JICOFO_ENABLE_HEALTH_CHECKS
JICOFO_SHORT_ID
JICOFO_RESERVATION_ENABLED
JICOFO_RESERVATION_REST_BASE_URL
JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
JIBRI_REQUEST_RETRIES
JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
JIGASI_BREWERY_MUC
JIGASI_SIP_URI
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
MAX_BRIDGE_PARTICIPANTS
OCTO_BRIDGE_SELECTION_STRATEGY
SENTRY_DSN={{ matrix_jitsi_jicofo_sentry_dsn }}
SENTRY_ENVIRONMENT
SENTRY_RELEASE
TZ={{ matrix_jitsi_timezone }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}

View file

@ -1,27 +0,0 @@
{% raw %}
{{ if .Env.SENTRY_DSN | default "0" | toBool }}
handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
{{ else }}
handlers= java.util.logging.ConsoleHandler
{{ end }}
{% endraw %}
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo
.level=INFO
net.sf.level=SEVERE
net.java.sip.communicator.plugin.reconnectplugin.level=FINE
org.ice4j.level=SEVERE
org.jitsi.impl.neomedia.level=SEVERE
io.sentry.jul.SentryHandler.level=WARNING
# Do not worry about missing strings
net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE
#net.java.sip.communicator.service.protocol.level=ALL
# Enable debug packets logging
#org.jitsi.impl.protocol.xmpp.level=FINE

View file

@ -1,33 +0,0 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix jitsi-jicofo server
{% for service in matrix_jitsi_jicofo_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
--mount type=bind,src={{ matrix_jitsi_jicofo_config_path }},dst=/config \
{% for arg in matrix_jitsi_jicofo_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_jitsi_jicofo_docker_image }}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-jicofo
[Install]
WantedBy=multi-user.target

View file

@ -1,9 +0,0 @@
org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
{% if matrix_jitsi_enable_auth %}
org.jitsi.jicofo.auth.URL=XMPP:{{ matrix_jitsi_xmpp_domain }}
{% endif %}

View file

@ -1,7 +0,0 @@
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.STATISTICS_INTERVAL=5000
{{ matrix_jitsi_jvb_custom_config_extension }}

View file

@ -1,31 +0,0 @@
DOCKER_HOST_ADDRESS
ENABLE_COLIBRI_WEBSOCKET
ENABLE_OCTO
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
JVB_TCP_HARVESTER_DISABLED=true
JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
JVB_TCP_MAPPED_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
{% if matrix_jitsi_jvb_stun_servers|length > 0 %}
JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }}
{% endif %}
JVB_OCTO_BIND_ADDRESS
JVB_OCTO_PUBLIC_ADDRESS
JVB_OCTO_BIND_PORT
JVB_OCTO_REGION
JVB_WS_DOMAIN
JVB_WS_SERVER_ID={{ matrix_jitsi_jvb_server_id }}
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
SENTRY_DSN={{ matrix_jitsi_jvb_sentry_dsn }}
SENTRY_ENVIRONMENT
SENTRY_RELEASE
COLIBRI_REST_ENABLED
SHUTDOWN_REST_ENABLED
TZ={{ matrix_jitsi_timezone }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
{{ matrix_jitsi_jvb_environment_variables_extension }}

View file

@ -1,20 +0,0 @@
{% raw %}
{{ if .Env.SENTRY_DSN | default "0" | toBool }}
handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
{{ else }}
handlers= java.util.logging.ConsoleHandler
{{ end }}
{% endraw %}
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
net.java.sip.communicator.util.ScLogFormatter.programname=JVB
.level=INFO
org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE
io.sentry.jul.SentryHandler.level=WARNING
# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge.
org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING

View file

@ -1,43 +0,0 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix jitsi-jvb server
{% for service in matrix_jitsi_jvb_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-jvb \
--log-driver=none \
--network={{ matrix_docker_network }} \
--network-alias=jvb.meet.jitsi \
--env-file={{ matrix_jitsi_jvb_base_path }}/env \
{% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %}
-p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \
{% endif %}
{% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %}
-p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \
{% endif %}
{% if matrix_jitsi_jvb_container_colibri_ws_host_bind_port %}
-p {{ matrix_jitsi_jvb_container_colibri_ws_host_bind_port }}:9090 \
{% endif %}
--mount type=bind,src={{ matrix_jitsi_jvb_config_path }},dst=/config \
{% for arg in matrix_jitsi_jvb_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_jitsi_jvb_docker_image }}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-jvb
[Install]
WantedBy=multi-user.target

View file

@ -1,70 +0,0 @@
AUTH_TYPE={{ matrix_jitsi_auth_type }}
DISABLE_POLLS
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}}
ENABLE_BREAKOUT_ROOMS={{1 if matrix_jitsi_enable_breakout_rooms else 0}}
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }}
ENABLE_XMPP_WEBSOCKET
GLOBAL_CONFIG
GLOBAL_MODULES
JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JICOFO_COMPONENT_SECRET
JIGASI_XMPP_USER={{ matrix_jitsi_jigasi_xmpp_user }}
JIGASI_XMPP_PASSWORD={{ matrix_jitsi_jigasi_xmpp_password }}
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JWT_APP_ID
JWT_APP_SECRET
JWT_ACCEPTED_ISSUERS
JWT_ACCEPTED_AUDIENCES
JWT_ASAP_KEYSERVER
JWT_ALLOW_EMPTY
JWT_AUTH_TYPE
JWT_TOKEN_AUTH_MODULE
LOG_LEVEL
LDAP_AUTH_METHOD={{ matrix_jitsi_ldap_auth_method }}
LDAP_BASE={{ matrix_jitsi_ldap_base }}
LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }}
LDAP_BINDPW={{ matrix_jitsi_ldap_bindpw }}
LDAP_FILTER={{ matrix_jitsi_ldap_filter }}
LDAP_VERSION={{ matrix_jitsi_ldap_version }}
LDAP_TLS_CIPHERS={{ matrix_jitsi_ldap_tls_ciphers }}
LDAP_TLS_CHECK_PEER={{ 1 if matrix_jitsi_ldap_tls_check_peer else 0 }}
LDAP_TLS_CACERT_FILE={{ matrix_jitsi_ldap_tls_cacert_file }}
LDAP_TLS_CACERT_DIR={{ matrix_jitsi_ldap_tls_cacert_dir }}
LDAP_START_TLS={{ 1 if matrix_jitsi_ldap_start_tls else 0 }}
LDAP_URL={{ matrix_jitsi_ldap_url }}
LDAP_USE_TLS={{ 1 if matrix_jitsi_ldap_use_tls else 0 }}
MATRIX_UVS_ISSUER={{ matrix_jitsi_prosody_auth_matrix_jwt_app_id }}
MATRIX_UVS_URL={{ matrix_jitsi_prosody_auth_matrix_uvs_location }}
{% if matrix_jitsi_prosody_auth_matrix_uvs_auth_token is defined %}
MATRIX_UVS_AUTH_TOKEN={{ matrix_jitsi_prosody_auth_matrix_uvs_auth_token }}
{% endif %}
MATRIX_UVS_SYNC_POWER_LEVELS={{ 'true' if matrix_jitsi_prosody_auth_matrix_uvs_sync_power_levels else 'false' }}
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }}
TURN_HOST={{ matrix_jitsi_turn_host }}
TURNS_HOST={{ matrix_jitsi_turns_host }}
TURN_PORT={{ matrix_jitsi_turn_port }}
TURNS_PORT={{ matrix_jitsi_turns_port }}
TURN_TRANSPORT={{ matrix_jitsi_turn_transport }}
TZ={{ matrix_jitsi_timezone }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_MODULES={{ matrix_jitsi_xmpp_modules }}
XMPP_MUC_MODULES={{ matrix_jitsi_muc_modules | join(',') }}
XMPP_INTERNAL_MUC_MODULES=
XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
XMPP_CROSS_DOMAIN=true
{% if matrix_prosody_jitsi_max_participants is number %}
MAX_PARTICIPANTS={{ matrix_prosody_jitsi_max_participants }}
{% endif %}

View file

@ -1,41 +0,0 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix jitsi-prosody server
{% for service in matrix_jitsi_prosody_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-prosody \
--log-driver=none \
--network={{ matrix_docker_network }} \
--network-alias={{ matrix_jitsi_xmpp_server }} \
{% if matrix_jitsi_prosody_container_http_host_bind_port %}
-p {{ matrix_jitsi_prosody_container_http_host_bind_port }}:5280 \
{% endif %}
{% if matrix_jitsi_prosody_container_jvb_host_bind_port %}
-p {{ matrix_jitsi_prosody_container_jvb_host_bind_port }}:5222 \
{% endif %}
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
--mount type=bind,src={{ matrix_jitsi_prosody_config_path }},dst=/config \
--mount type=bind,src={{ matrix_jitsi_prosody_plugins_path }},dst=/prosody-plugins-custom \
{% for arg in matrix_jitsi_prosody_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_jitsi_prosody_docker_image }}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-prosody
[Install]
WantedBy=multi-user.target

View file

@ -1,22 +0,0 @@
config.defaultLanguage = {{ matrix_jitsi_web_config_defaultLanguage|to_json }};
if (!config.hasOwnProperty('p2p')) config.p2p = {% raw %}{}{% endraw %};
{% if matrix_jitsi_web_stun_servers|length > 0 %}
config.p2p.stunServers = [
{% for url in matrix_jitsi_web_stun_servers %}
{ urls: {{ url|to_json }} }{% if not loop.last %},{% endif %}
{% endfor %}
];
{% endif %}
{% if matrix_jitsi_disable_gravatar %}
config.gravatar = {'disabled': true};
{% endif %}
{% if matrix_jitsi_etherpad_enabled %}
config.etherpad_base = {{ (matrix_jitsi_etherpad_base + '/p/') |to_json }}
{% endif %}
{{ matrix_jitsi_web_custom_config_extension }}

View file

@ -1,3 +0,0 @@
{{ matrix_jitsi_web_custom_interface_config_extension }}

View file

@ -1,111 +0,0 @@
AMPLITUDE_ID
ANALYTICS_SCRIPT_URLS
ANALYTICS_WHITELISTED_EVENTS
CALLSTATS_CUSTOM_SCRIPT_URL
CALLSTATS_ID
CALLSTATS_SECRET
CHROME_EXTENSION_BANNER_JSON
CONFCODE_URL
CONFIG_EXTERNAL_CONNECT
DEFAULT_LANGUAGE
DEPLOYMENTINFO_ENVIRONMENT
DEPLOYMENTINFO_ENVIRONMENT_TYPE
DEPLOYMENTINFO_REGION
DEPLOYMENTINFO_SHARD
DEPLOYMENTINFO_USERREGION
DESKTOP_SHARING_FRAMERATE_MIN
DESKTOP_SHARING_FRAMERATE_MAX
DIALIN_NUMBERS_URL
DIALOUT_AUTH_URL
DIALOUT_CODES_URL
DISABLE_AUDIO_LEVELS
DISABLE_DEEP_LINKING
DISABLE_HTTPS=0
DISABLE_POLLS
DISABLE_REACTIONS
DROPBOX_APPKEY
DROPBOX_REDIRECT_URI
DYNAMIC_BRANDING_URL
ENABLE_AUDIO_PROCESSING
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_BREAKOUT_ROOMS={{1 if matrix_jitsi_enable_breakout_rooms else 0}}
ENABLE_CALENDAR
ENABLE_COLIBRI_WEBSOCKET
ENABLE_FILE_RECORDING_SERVICE
ENABLE_FILE_RECORDING_SERVICE_SHARING
ENABLE_FLOC=0
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
ENABLE_HSTS=0
ENABLE_HTTP_REDIRECT=0
ENABLE_IPV6
ENABLE_LETSENCRYPT=0
ENABLE_LIPSYNC
ENABLE_NO_AUDIO_DETECTION
ENABLE_NOISY_MIC_DETECTION
ENABLE_PREJOIN_PAGE
ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }}
ENABLE_WELCOME_PAGE
ENABLE_CLOSE_PAGE
ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }}
ENABLE_REMB
ENABLE_REQUIRE_DISPLAY_NAME
ENABLE_SIMULCAST
ENABLE_STATS_ID
ENABLE_STEREO
ENABLE_SUBDOMAINS
ENABLE_TALK_WHILE_MUTED
ENABLE_TCC
ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
ENABLE_XMPP_WEBSOCKET
ENABLE_JAAS_COMPONENTS={{ 1 if matrix_jitsi_enable_jaas_components else false }}
ETHERPAD_PUBLIC_URL
ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}}
GOOGLE_ANALYTICS_ID
GOOGLE_API_APP_CLIENT_ID
INVITE_SERVICE_URL
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
LETSENCRYPT_DOMAIN={{ matrix_server_fqn_jitsi }}
LETSENCRYPT_EMAIL={{ matrix_ssl_lets_encrypt_support_email }}
LETSENCRYPT_USE_STAGING=0
MATOMO_ENDPOINT
MATOMO_SITE_ID
MICROSOFT_API_APP_CLIENT_ID
NGINX_RESOLVER
NGINX_WORKER_PROCESSES
NGINX_WORKER_CONNECTIONS
PEOPLE_SEARCH_URL
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
RESOLUTION={{ matrix_jitsi_web_config_resolution_height_ideal_and_max }}
RESOLUTION_MIN={{ matrix_jitsi_web_config_resolution_height_min }}
RESOLUTION_WIDTH={{ matrix_jitsi_web_config_resolution_width_ideal_and_max }}
RESOLUTION_WIDTH_MIN={{ matrix_jitsi_web_config_resolution_width_min }}
START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }}
START_AUDIO_ONLY
START_BITRATE
START_SILENT
START_WITH_AUDIO_MUTED
START_VIDEO_MUTED={{ matrix_jitsi_web_config_start_video_muted_after_nth_participant }}
START_WITH_VIDEO_MUTED
TESTING_CAP_SCREENSHARE_BITRATE
TESTING_OCTO_PROBABILITY
TOKEN_AUTH_URL
TZ={{ matrix_jitsi_timezone }}
VIDEOQUALITY_BITRATE_H264_LOW
VIDEOQUALITY_BITRATE_H264_STANDARD
VIDEOQUALITY_BITRATE_H264_HIGH
VIDEOQUALITY_BITRATE_VP8_LOW
VIDEOQUALITY_BITRATE_VP8_STANDARD
VIDEOQUALITY_BITRATE_VP8_HIGH
VIDEOQUALITY_BITRATE_VP9_LOW
VIDEOQUALITY_BITRATE_VP9_STANDARD
VIDEOQUALITY_BITRATE_VP9_HIGH
VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
VIDEOQUALITY_PREFERRED_CODEC
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
{{ matrix_jitsi_web_environment_variables_extension }}

View file

@ -1,39 +0,0 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix jitsi-web server
{% for service in matrix_jitsi_web_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-web \
--log-driver=none \
--network={{ matrix_docker_network }} \
--network-alias={{ matrix_jitsi_xmpp_domain }} \
--env-file={{ matrix_jitsi_web_base_path }}/env \
{% if matrix_jitsi_web_container_http_host_bind_port %}
-p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \
{% endif %}
--mount type=bind,src={{ matrix_jitsi_web_config_path }},dst=/config \
--mount type=bind,src={{ matrix_jitsi_web_transcripts_path }},dst=/usr/share/jitsi-meet/transcripts \
--mount type=bind,src={{ matrix_jitsi_web_crontabs_path }},dst=/var/spool/cron/crontabs \
{% for arg in matrix_jitsi_web_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_jitsi_web_docker_image }}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-web
[Install]
WantedBy=multi-user.target

View file

@ -63,11 +63,6 @@ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_rule: "Host(
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint: "{{ matrix_federation_traefik_entrypoint }}"
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints: "{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint }}"
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_hostname }}`)"
# matrix_nginx_proxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
@ -249,8 +244,6 @@ matrix_nginx_proxy_proxy_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }
# Controls whether proxying the jitsi domain should be done.
matrix_nginx_proxy_proxy_jitsi_enabled: false
matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
matrix_nginx_proxy_proxy_jitsi_manage_wellknown: false
matrix_nginx_proxy_proxy_jitsi_well_known_configuration_blocks: []
# Controls whether proxying the grafana domain should be done.
matrix_nginx_proxy_proxy_grafana_enabled: false

View file

@ -38,19 +38,6 @@ traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls.certResolver={{ ma
traefik.http.routers.matrix-nginx-proxy-matrix-federation.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints }}
{% endif %}
{% if matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled %}
# Jitsi
traefik.http.routers.matrix-nginx-proxy-jitsi.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_rule }}
traefik.http.routers.matrix-nginx-proxy-jitsi.service=matrix-nginx-proxy-web
traefik.http.routers.matrix-nginx-proxy-jitsi.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_tls | to_json }}
{% if matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_tls %}
traefik.http.routers.matrix-nginx-proxy-jitsi.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
{% endif %}
traefik.http.routers.matrix-nginx-proxy-jitsi.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
{% endif %}
traefik.http.services.matrix-nginx-proxy-web.loadbalancer.server.port=8080
{% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled %}

View file

@ -18,15 +18,6 @@
{{- configuration_block }}
{% endfor %}
{% if matrix_nginx_proxy_proxy_jitsi_manage_wellknown %}
location /.well-known {
root {{ matrix_static_files_base_path }};
expires 4h;
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
{% endif %}
location / {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
@ -83,7 +74,7 @@
location = /xmpp-websocket {
{% if matrix_nginx_proxy_enabled %}
resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
set $backend {{ matrix_jitsi_xmpp_bosh_url_base }};
set $backend {{ jitsi_xmpp_bosh_url_base }};
proxy_pass $backend$request_uri;
{% else %}
{# Generic configuration for use outside of our container setup #}

View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-synapse-auto-compressor
- install-all
- install-synapse-auto-compressor
block:
- when: matrix_synapse_auto_compressor_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_synapse_auto_compressor_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
tags:
- tags:
- setup-all
- setup-synapse-auto-compressor
- install-all
- install-synapse-auto-compressor
- block:
block:
- when: not matrix_synapse_auto_compressor_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
tags:
- setup-all
- setup-synapse-auto-compressor

View file

@ -4,7 +4,7 @@
matrix_synapse_enabled: true
matrix_synapse_version: v1.80.0
matrix_synapse_version: v1.81.0
matrix_synapse_username: ''
matrix_synapse_uid: ''
@ -371,6 +371,11 @@ matrix_synapse_auto_join_rooms: []
# automatically if they don't already exist.
matrix_synapse_autocreate_auto_join_rooms: true
# Controls whether password authentication is allowed
# It may be useful when you've configured OAuth, SAML or CAS and want authentication
# to happen only through them
matrix_synapse_password_config_enabled: true
# Controls password-peppering for Synapse. Not to be changed after initial setup.
matrix_synapse_password_config_pepper: ""

View file

@ -2242,7 +2242,7 @@ sso:
password_config:
# Uncomment to disable password login
#
#enabled: false
enabled: {{ matrix_synapse_password_config_enabled|to_json }}
# Uncomment to disable authentication against the local password
# database. This is ignored if `enabled` is false, and is only useful

View file

@ -23,3 +23,6 @@ matrix_playbook_migration_matrix_etherpad_migration_validation_enabled: true
# Controls if (`matrix_aux` -> `aux`) validation will run.
matrix_playbook_migration_matrix_aux_migration_validation_enabled: true
# Controls if (`matrix_jitsi` -> `jitsi`) validation will run.
matrix_playbook_migration_matrix_jitsi_migration_validation_enabled: true

View file

@ -56,7 +56,9 @@
- {'old': 'matrix_prometheus_scraper_hookshot_targets', 'new': '<superseded by matrix_prometheus_services_connect_scraper_hookshot_static_configs_target>'}
- {'old': 'matrix_prometheus_scraper_nginxlog_enabled', 'new': 'matrix_prometheus_services_connect_scraper_nginxlog_enabled'}
- {'old': 'matrix_prometheus_scraper_nginxlog_server_port', 'new': 'matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target'}
- {'old': 'XXXXX', 'new': 'XXXXX'}
- {'old': 'matrix_prosody_jitsi_max_participants', 'new': 'jitsi_prosody_max_participants'}
- {'old': 'jitsi_require_well_known', 'new': 'jitsi_web_well_known_element_jitsi_enabled'}
- {'old': 'jitsi_wellknown_element_jitsi_json', 'new': 'jitsi_web_well_known_element_jitsi_json'}
- name: (Deprecation) Catch and report matrix_postgres variables
ansible.builtin.fail:
@ -191,3 +193,18 @@
Please change your configuration (vars.yml) to rename all variables (`matrix_aux_` -> `aux_`).
We found usage of the following variables: {{ matrix_playbook_migration_aux_migration_vars.keys() | join(', ') }}
when: "matrix_playbook_migration_aux_migration_vars | length > 0"
- when: matrix_playbook_migration_matrix_jitsi_migration_validation_enabled | bool
block:
- ansible.builtin.set_fact:
matrix_playbook_migration_jitsi_migration_vars: |-
{{ vars | dict2items | selectattr('key', 'match', 'matrix_jitsi_.*') | list | items2dict }}
- name: (Deprecation) Catch and report matrix_jitsi variables
ansible.builtin.fail:
msg: >-
The matrix-jitsi role that used to be part of this playbook has been replaced by https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.
The new role is compatible with the old one, but uses different names for its variables.
Please change your configuration (vars.yml) to rename all variables (`matrix_jitsi_` -> `jitsi_`).
We found usage of the following variables: {{ matrix_playbook_migration_jitsi_migration_vars.keys() | join(', ') }}
when: "matrix_playbook_migration_jitsi_migration_vars | length > 0"