From cdd9ee1962a88ce57dbf958fec655647fb163d1f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Mar 2020 17:19:15 +0200 Subject: [PATCH 1/2] Add Jitsi support --- docs/configuring-dns.md | 3 + docs/configuring-playbook-jitsi.md | 39 +++++++ group_vars/matrix_servers | 45 ++++++++ roles/matrix-base/defaults/main.yml | 5 +- roles/matrix-jitsi/defaults/main.yml | 109 ++++++++++++++++++ roles/matrix-jitsi/tasks/init.yml | 3 + roles/matrix-jitsi/tasks/main.yml | 33 ++++++ roles/matrix-jitsi/tasks/setup_jitsi_base.yml | 20 ++++ .../matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 86 ++++++++++++++ roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 86 ++++++++++++++ .../tasks/setup_jitsi_prosody.yml | 86 ++++++++++++++ roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 87 ++++++++++++++ roles/matrix-jitsi/templates/jicofo/env.j2 | 17 +++ .../jicofo/matrix-jitsi-jicofo.service.j2 | 31 +++++ roles/matrix-jitsi/templates/jvb/env.j2 | 14 +++ .../templates/jvb/matrix-jitsi-jvb.service.j2 | 37 ++++++ roles/matrix-jitsi/templates/prosody/env.j2 | 31 +++++ .../prosody/matrix-jitsi-prosody.service.j2 | 31 +++++ roles/matrix-jitsi/templates/web/env.j2 | 28 +++++ .../templates/web/matrix-jitsi-web.service.j2 | 35 ++++++ roles/matrix-nginx-proxy/defaults/main.yml | 7 ++ .../tasks/setup_nginx_proxy.yml | 13 +++ .../nginx/conf.d/matrix-jitsi.conf.j2 | 72 ++++++++++++ roles/matrix-riot-web/defaults/main.yml | 2 + .../matrix-riot-web/templates/config.json.j2 | 6 + setup.yml | 1 + 26 files changed, 926 insertions(+), 1 deletion(-) create mode 100644 docs/configuring-playbook-jitsi.md create mode 100644 roles/matrix-jitsi/defaults/main.yml create mode 100644 roles/matrix-jitsi/tasks/init.yml create mode 100644 roles/matrix-jitsi/tasks/main.yml create mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_base.yml create mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml create mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml create mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml create mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_web.yml create mode 100644 roles/matrix-jitsi/templates/jicofo/env.j2 create mode 100644 roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 create mode 100644 roles/matrix-jitsi/templates/jvb/env.j2 create mode 100644 roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 create mode 100644 roles/matrix-jitsi/templates/prosody/env.j2 create mode 100644 roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 create mode 100644 roles/matrix-jitsi/templates/web/env.j2 create mode 100644 roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 create mode 100644 roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index aefaabf9..735b348f 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -23,6 +23,7 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR | A | `matrix` | - | - | - | `matrix-server-IP` | | CNAME | `riot` | - | - | - | `matrix.` | | CNAME | `dimension` (*) | - | - | - | `matrix.` | +| CNAME | `jitsi` (*) | - | - | - | `matrix.` | | SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | @@ -38,6 +39,8 @@ If you'd rather instruct the playbook not to install Riot (`matrix_riot_web_enab The `dimension.` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.` DNS record. +The `jitsi.` subdomain may be necessary, because this playbook could install the [Jitsi video-conferencing platform](https://jitsi.org/) for you. Jitsi installation is disabled by default, because it may be heavy and is not a core required component. To learn how to install it, see our [Jitsi](configuring-playbook-jitsi.md) guide. If you do not wish to set up Jitsi, feel free to skip the `jitsi.` DNS record. + ## `_matrix-identity._tcp` SRV record setup diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md new file mode 100644 index 00000000..b2afac46 --- /dev/null +++ b/docs/configuring-playbook-jitsi.md @@ -0,0 +1,39 @@ +# Jitsi + +The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md). + +Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services. + +The setup done by the playbook is very similar to [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet). + + +## Prerequisites + +Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. See [Configuring DNS](configuring-dns.md). + +You may also need to open the following ports to your server: + +- `udp/10000` - RTP media over UDP +- `tcp/4443` - RTP media fallback over TCP + + +## Installation + +Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_enabled: true + +# We only need this temporarily - until Jitsi integration in riot-web is finalized. +# Remove this line in the future, to switch back to a stable riot-web version. +matrix_riot_web_docker_image: "vectorim/riot-web:develop" +``` + +Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +.. and fully reload your riot-web page (at `riot.DOMAIN`). + +Starting a video-conference in a room with more than 2 members should then create a Jitsi widget which utilizes your self-hosted Jitsi server. + + +**NOTE**: the playbook currently configures the Jitsi JVB component to use Google's STUN servers even in cases where our own [Coturn TURN server](configuring-playbook-turn.md) is enabled (it is by default). This is because JVB fails to discover its own external IP correctly when pointed to our own Coturn server. The failure happens because JVB reaches Coturn via the localnetwork and discovers a local Docker IP address instead of the public one, leading to a non-working service. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f722e265..8e3c7ed6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -392,6 +392,46 @@ matrix_email2matrix_enabled: false +###################################################################### +# +# matrix-jitsi +# +###################################################################### + +matrix_jitsi_enabled: false + +# Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# the Jitsi HTTP port to the local host. +matrix_jitsi_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12080' }}" + +matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}" +matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}" +matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}" + +# TODO. Using our own STUN server fails, so we're using Google's STUN servers (the default for the matrix-jitsi role). +# +# When using our STUN server, JVB tries to discover its own IP by contacting it and gets a local Docker IP address instead of the external one. +# > matrix-jitsi-jvb[30965]: JVB 2020-03-23 14:52:59.253 INFO: [21] org.ice4j.ice.harvest.StunMappingCandidateHarvester.discover() Discovered public address 172.19.0.1:60385/udp from STUN server x.x.x.x:5349/udp using local address 172.18.0.10:0/udp +# +# matrix_jitsi_jvb_stun_servers: | +# {{ +# [ +# matrix_server_fqn_matrix + ':5349', +# matrix_server_fqn_matrix + ':3478', +# ] +# if matrix_coturn_enabled +# else [ 'stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] +# }} + +###################################################################### +# +# /matrix-jitsi +# +###################################################################### + + + ###################################################################### # # matrix-mailer @@ -482,6 +522,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_s matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_riot_enabled: "{{ matrix_riot_web_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" +matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -525,6 +566,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + + ([matrix_server_fqn_jitsi]) + + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) }} @@ -596,6 +639,8 @@ matrix_riot_web_enable_presence_by_hs_url: | matrix_riot_web_welcome_user_id: ~ +matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}" + ###################################################################### # # /matrix-riot-web diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index c2a81c29..0be463d1 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -18,6 +18,9 @@ matrix_server_fqn_riot: "riot.{{ matrix_domain }}" # This is where you access the Dimension. matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" +# This is where you access Jitsi. +matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}" + matrix_user_username: "matrix" matrix_user_uid: 991 matrix_user_gid: 991 @@ -69,4 +72,4 @@ run_stop: true # Building every docker image from source on the target host # Controlling docker image build is possible on a per unit base -matrix_container_images_self_build: false \ No newline at end of file +matrix_container_images_self_build: false diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml new file mode 100644 index 00000000..284e6f61 --- /dev/null +++ b/roles/matrix-jitsi/defaults/main.yml @@ -0,0 +1,109 @@ +matrix_jitsi_enabled: true + +matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi" + +matrix_jitsi_enable_auth: false +matrix_jitsi_enable_guests: false +matrix_jitsi_enable_recording: true +matrix_jitsi_enable_transcriptions: true + +matrix_jitsi_timezone: UTC + +matrix_jitsi_xmpp_domain: matrix-jitsi-web +matrix_jitsi_xmpp_server: matrix-jitsi-prosody +matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi +matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280 +matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi +matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi +matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi + +matrix_jitsi_recorder_domain: recorder.meet.jitsi + + +matrix_jitsi_jibri_brewery_muc: jibribrewery +matrix_jitsi_jibri_pending_timeout: 90 +matrix_jitsi_jibri_xmpp_user: jibri +matrix_jitsi_jibri_xmpp_password: jibri-password +matrix_jitsi_jibri_recorder_user: recorder +matrix_jitsi_jibri_recorder_password: recorder-password + + +matrix_jitsi_web_docker_image: "jitsi/web:4101" +matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" + +matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" +matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config" +matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts" + +matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}" + +# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:12080"), or empty string to not expose. +matrix_jitsi_web_container_http_host_bind_port: '' + +# A list of extra arguments to pass to the container +matrix_jitsi_web_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-web.service depends on +matrix_jitsi_web_systemd_required_services_list: ['docker.service'] + + +matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101" +matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" + +matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" +matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_jitsi_prosody_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-prosody.service depends on +matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] + + +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101" +matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" + +matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" +matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_jitsi_jicofo_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-jicofo.service depends on +matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] + +matrix_jitsi_jicofo_component_secret: s3cr37 +matrix_jitsi_jicofo_auth_user: focus +matrix_jitsi_jicofo_auth_password: passw0rd + + +matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101" +matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" + +matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" +matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_jitsi_jvb_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-jvb.service depends on +matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] + +matrix_jitsi_jvb_auth_user: jvb +matrix_jitsi_jvb_auth_password: passw0rd +matrix_jitsi_jvb_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] +matrix_jitsi_jvb_brewery_muc: jvbbrewery +matrix_jitsi_jvb_rtp_udp_port: 10000 +matrix_jitsi_jvb_rtp_tcp_port: 4443 + +# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:10000"), or empty string to not expose. +matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}" + +# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:4443"), or empty string to not expose. +matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml new file mode 100644 index 00000000..328a3a25 --- /dev/null +++ b/roles/matrix-jitsi/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web', 'matrix-jitsi-prosody', 'matrix-jitsi-jicofo', 'matrix-jitsi-jvb'] }}" + when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/matrix-jitsi/tasks/main.yml new file mode 100644 index 00000000..2bc4a57f --- /dev/null +++ b/roles/matrix-jitsi/tasks/main.yml @@ -0,0 +1,33 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml new file mode 100644 index 00000000..fcfbb8f6 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -0,0 +1,20 @@ +--- + +# +# Tasks related to setting up jitsi +# + +- name: Ensure Matrix jitsi base path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_base_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +# +# Tasks related to getting rid of jitsi (if it was previously enabled) +# diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml new file mode 100644 index 00000000..7d1bc815 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -0,0 +1,86 @@ +--- + +# +# Tasks related to setting up jitsi-jicofo +# + +- name: Ensure Matrix jitsi-jicofo path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true } + - { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-jicofo Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_jicofo_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-jicofo environment variables file created + template: + src: "{{ role_path }}/templates/jicofo/env.j2" + dest: "{{ matrix_jitsi_jicofo_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-jicofo.service installed + template: + src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2" + dest: "/etc/systemd/system/matrix-jitsi-jicofo.service" + mode: 0644 + register: matrix_jitsi_jicofo_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-jicofo (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-jicofo service + stat: + path: "/etc/systemd/system/matrix-jitsi-jicofo.service" + register: matrix_jitsi_jicofo_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-jicofo is stopped + service: + name: matrix-jitsi-jicofo + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-jicofo.service doesn't exist + file: + path: "/etc/systemd/system/matrix-jitsi-jicofo.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-jicofo paths doesn't exist + file: + path: "{{ matrix_jitsi_jicofo_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-jicofo Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_jicofo_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml new file mode 100644 index 00000000..bd6e97d8 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -0,0 +1,86 @@ +--- + +# +# Tasks related to setting up jitsi-jvb +# + +- name: Ensure Matrix jitsi-jvb path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_jvb_base_path }}", when: true } + - { path: "{{ matrix_jitsi_jvb_config_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-jvb Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_jvb_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-jvb environment variables file created + template: + src: "{{ role_path }}/templates/jvb/env.j2" + dest: "{{ matrix_jitsi_jvb_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-jvb.service installed + template: + src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2" + dest: "/etc/systemd/system/matrix-jitsi-jvb.service" + mode: 0644 + register: matrix_jitsi_jvb_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-jvb (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-jvb service + stat: + path: "/etc/systemd/system/matrix-jitsi-jvb.service" + register: matrix_jitsi_jvb_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-jvb is stopped + service: + name: matrix-jitsi-jvb + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-jvb.service doesn't exist + file: + path: "/etc/systemd/system/matrix-jitsi-jvb.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-jvb paths doesn't exist + file: + path: "{{ matrix_jitsi_jvb_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-jvb Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_jvb_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml new file mode 100644 index 00000000..6ea70248 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -0,0 +1,86 @@ +--- + +# +# Tasks related to setting up jitsi-prosody +# + +- name: Ensure Matrix jitsi-prosody path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true } + - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-prosody Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_prosody_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-prosody environment variables file created + template: + src: "{{ role_path }}/templates/prosody/env.j2" + dest: "{{ matrix_jitsi_prosody_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-prosody.service installed + template: + src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" + dest: "/etc/systemd/system/matrix-jitsi-prosody.service" + mode: 0644 + register: matrix_jitsi_prosody_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-prosody (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-prosody service + stat: + path: "/etc/systemd/system/matrix-jitsi-prosody.service" + register: matrix_jitsi_prosody_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-prosody is stopped + service: + name: matrix-jitsi-prosody + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-prosody.service doesn't exist + file: + path: "/etc/systemd/system/matrix-jitsi-prosody.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-prosody paths doesn't exist + file: + path: "{{ matrix_jitsi_prosody_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-prosody Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_prosody_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml new file mode 100644 index 00000000..7d363543 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -0,0 +1,87 @@ +--- + +# +# Tasks related to setting up jitsi-web +# + +- name: Ensure Matrix jitsi-web path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_web_base_path }}", when: true } + - { path: "{{ matrix_jitsi_web_config_path }}", when: true } + - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-web Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_web_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-web environment variables file created + template: + src: "{{ role_path }}/templates/web/env.j2" + dest: "{{ matrix_jitsi_web_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-web.service installed + template: + src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2" + dest: "/etc/systemd/system/matrix-jitsi-web.service" + mode: 0644 + register: matrix_jitsi_web_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-web.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-web (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-web service + stat: + path: "/etc/systemd/system/matrix-jitsi-web.service" + register: matrix_jitsi_web_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-web is stopped + service: + name: matrix-jitsi-web + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-web.service doesn't exist + file: + path: "/etc/systemd/system/matrix-jitsi-web.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-web.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-web paths doesn't exist + file: + path: "{{ matrix_jitsi_web_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-web Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_web_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/templates/jicofo/env.j2 b/roles/matrix-jitsi/templates/jicofo/env.j2 new file mode 100644 index 00000000..a402d2d7 --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/env.j2 @@ -0,0 +1,17 @@ +ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} + +XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} +XMPP_SERVER={{ matrix_jitsi_xmpp_server }} + +JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }} +JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} +JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} + +JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} + +JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }} +JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }} + +TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 new file mode 100644 index 00000000..53f08688 --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -0,0 +1,31 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-jicofo server +{% for service in matrix_jitsi_jicofo_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_jicofo_base_path }}/env \ + -v {{ matrix_jitsi_jicofo_config_path }}:/config \ + {% for arg in matrix_jitsi_jicofo_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_jicofo_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo +ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-jicofo + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/jvb/env.j2 b/roles/matrix-jitsi/templates/jvb/env.j2 new file mode 100644 index 00000000..0b88f8cc --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/env.j2 @@ -0,0 +1,14 @@ +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} +XMPP_SERVER={{ matrix_jitsi_xmpp_server }} + +JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} +JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} +JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} +JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }} +JVB_TCP_HARVESTER_DISABLED=false +JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }} + +JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }} + +TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 new file mode 100644 index 00000000..5df5807a --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -0,0 +1,37 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-jvb server +{% for service in matrix_jitsi_jvb_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_jvb_base_path }}/env \ + {% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %} + -p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \ + {% endif %} + {% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %} + -p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \ + {% endif %} + -v {{ matrix_jitsi_jvb_config_path }}:/config \ + {% for arg in matrix_jitsi_jvb_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_jvb_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb +ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-jvb + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/matrix-jitsi/templates/prosody/env.j2 new file mode 100644 index 00000000..caa79213 --- /dev/null +++ b/roles/matrix-jitsi/templates/prosody/env.j2 @@ -0,0 +1,31 @@ +AUTH_TYPE=internal + +ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} +ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} + +XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} +XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} +XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} + +XMPP_MODULES= +XMPP_MUC_MODULES= +XMPP_INTERNAL_MUC_MODULES= + +XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} + +JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }} +JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} +JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} + +JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} +JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} + +JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }} +JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }} + +JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }} +JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }} + +TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 new file mode 100644 index 00000000..bf43021d --- /dev/null +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -0,0 +1,31 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-prosody server +{% for service in matrix_jitsi_prosody_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_prosody_base_path }}/env \ + -v {{ matrix_jitsi_prosody_config_path }}:/config \ + {% for arg in matrix_jitsi_prosody_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_prosody_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody +ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-prosody + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/web/env.j2 b/roles/matrix-jitsi/templates/web/env.j2 new file mode 100644 index 00000000..b85e9af5 --- /dev/null +++ b/roles/matrix-jitsi/templates/web/env.j2 @@ -0,0 +1,28 @@ +ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} +ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} + +ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }} + +DISABLE_HTTPS=1 + +JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} + +PUBLIC_URL={{ matrix_jitsi_web_public_url }} + +XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }} +XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} +XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} +XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} + +TZ={{ matrix_jitsi_timezone }} + +JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }} +JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }} +JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }} +JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }} +JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }} +JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }} + +ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }} diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 new file mode 100644 index 00000000..deed5025 --- /dev/null +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -0,0 +1,35 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-web server +{% for service in matrix_jitsi_web_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_web_base_path }}/env \ + {% if matrix_jitsi_web_container_http_host_bind_port %} + -p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \ + {% endif %} + -v {{ matrix_jitsi_web_config_path }}:/config \ + -v {{ matrix_jitsi_web_transcripts_path }}:/usr/share/jitsi-meet/transcripts \ + {% for arg in matrix_jitsi_web_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_web_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-web +ExecStop=-/usr/bin/docker rm matrix-jitsi-web +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-web + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index aeede0e2..5bf0fc0c 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -105,6 +105,10 @@ matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" matrix_nginx_proxy_proxy_dimension_enabled: false matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}" +# Controls whether proxying the jitsi domain should be done. +matrix_nginx_proxy_proxy_jitsi_enabled: false +matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}" + # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -164,6 +168,9 @@ matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration. matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to the jitsi's server configuration. +matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to the matrix domain server configuration. matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index a4e3a538..b5d7ad6b 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -66,6 +66,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_dimension_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for jitsi domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_jitsi_enabled|bool + - name: Ensure Matrix nginx-proxy data directory for base domain exists file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain" @@ -163,6 +170,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_jitsi_enabled|bool" + - name: Ensure Matrix nginx-proxy homepage for base domain deleted file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 new file mode 100644 index 00000000..7488d611 --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -0,0 +1,72 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; +{% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-jitsi-web:80"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:12080; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/privkey.pem; + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index e0002326..808d4ffd 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -58,6 +58,8 @@ matrix_riot_web_branding_welcomeBackgroundUrl: ~ # point this to a `home.html` template file on your local filesystem. matrix_riot_web_embedded_pages_home_path: ~ +matrix_riot_web_jitsi_preferredDomain: '' + # Controls whether the self-check feature should validate SSL certificates. matrix_riot_web_self_check_validate_certificates: true diff --git a/roles/matrix-riot-web/templates/config.json.j2 b/roles/matrix-riot-web/templates/config.json.j2 index b82d53e0..41cbee7c 100644 --- a/roles/matrix-riot-web/templates/config.json.j2 +++ b/roles/matrix-riot-web/templates/config.json.j2 @@ -30,6 +30,12 @@ "embeddedPages": { "homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }} }, + {% if matrix_riot_web_jitsi_preferredDomain is not none %} + "jitsi": { + "preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }}, + "externalApiUrl": "https://{{ matrix_riot_web_jitsi_preferredDomain }}/libs/external_api.min.js" + }, + {% endif %} "branding": { "authFooterLinks": {{ matrix_riot_web_branding_authFooterLinks|to_json }}, "authHeaderLogoUrl": {{ matrix_riot_web_branding_authHeaderLogoUrl|to_json }}, diff --git a/setup.yml b/setup.yml index 429a6c4f..61d448f3 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-mautrix-whatsapp - matrix-synapse - matrix-riot-web + - matrix-jitsi - matrix-mxisd - matrix-dimension - matrix-email2matrix From d605b219a24435923103bf37b0fd58b26c4280fe Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Mar 2020 09:35:21 +0200 Subject: [PATCH 2/2] Manage Jitsi configuration by ourselves for most components We do this for 2 reasons: - so we can control things which are not controllable using environment variables (for example `stunServers` in jitsi/web, since we don't wish to use the hardcoded Google STUN servers if our own Coturn is enabled) - so playbook variable changes will properly rebuild the configuration. When using Jitsi environment variables, the configuration is only built once (the first time) and never rebuilt again. This is not the consistent with the rest of the playbook and with how Ansible operates. We're not perfect at it (yet), because we still let the Jitsi containers generate some files on their own, but we are closer and it should be good enough for most things. Related to #415 (Github Pull Request). --- docs/configuring-playbook-jitsi.md | 3 - group_vars/matrix_servers | 23 +- roles/matrix-jitsi/defaults/main.yml | 7 + .../matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 10 + roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 11 +- roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 10 + .../templates/jicofo/logging.properties.j2 | 20 + .../jicofo/sip-communicator.properties.j2 | 5 + roles/matrix-jitsi/templates/jvb/env.j2 | 14 - .../templates/jvb/logging.properties.j2 | 13 + .../templates/jvb/matrix-jitsi-jvb.service.j2 | 1 - .../jvb/sip-communicator.properties.j2 | 19 + roles/matrix-jitsi/templates/web/config.js.j2 | 486 ++++++++++++++++++ .../templates/web/interface_config.js.j2 | 230 +++++++++ 14 files changed, 816 insertions(+), 36 deletions(-) create mode 100644 roles/matrix-jitsi/templates/jicofo/logging.properties.j2 create mode 100644 roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 delete mode 100644 roles/matrix-jitsi/templates/jvb/env.j2 create mode 100644 roles/matrix-jitsi/templates/jvb/logging.properties.j2 create mode 100644 roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 create mode 100644 roles/matrix-jitsi/templates/web/config.js.j2 create mode 100644 roles/matrix-jitsi/templates/web/interface_config.js.j2 diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index b2afac46..7239758b 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -34,6 +34,3 @@ Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags= .. and fully reload your riot-web page (at `riot.DOMAIN`). Starting a video-conference in a room with more than 2 members should then create a Jitsi widget which utilizes your self-hosted Jitsi server. - - -**NOTE**: the playbook currently configures the Jitsi JVB component to use Google's STUN servers even in cases where our own [Coturn TURN server](configuring-playbook-turn.md) is enabled (it is by default). This is because JVB fails to discover its own external IP correctly when pointed to our own Coturn server. The failure happens because JVB reaches Coturn via the localnetwork and discovers a local Docker IP address instead of the public one, leading to a non-working service. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8e3c7ed6..84d24aa9 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -409,20 +409,15 @@ matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | passw matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}" matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}" -# TODO. Using our own STUN server fails, so we're using Google's STUN servers (the default for the matrix-jitsi role). -# -# When using our STUN server, JVB tries to discover its own IP by contacting it and gets a local Docker IP address instead of the external one. -# > matrix-jitsi-jvb[30965]: JVB 2020-03-23 14:52:59.253 INFO: [21] org.ice4j.ice.harvest.StunMappingCandidateHarvester.discover() Discovered public address 172.19.0.1:60385/udp from STUN server x.x.x.x:5349/udp using local address 172.18.0.10:0/udp -# -# matrix_jitsi_jvb_stun_servers: | -# {{ -# [ -# matrix_server_fqn_matrix + ':5349', -# matrix_server_fqn_matrix + ':3478', -# ] -# if matrix_coturn_enabled -# else [ 'stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] -# }} +matrix_jitsi_web_stun_servers: | + {{ + [ + matrix_server_fqn_matrix + ':5349', + matrix_server_fqn_matrix + ':3478', + ] + if matrix_coturn_enabled + else [ 'stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] + }} ###################################################################### # diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 284e6f61..ae5dcb8f 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -37,6 +37,9 @@ matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}" +# STUN servers used in the web UI. Feel free to point them to your own STUN server. +matrix_jitsi_web_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] + # Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:12080"), or empty string to not expose. @@ -93,7 +96,11 @@ matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jits matrix_jitsi_jvb_auth_user: jvb matrix_jitsi_jvb_auth_password: passw0rd + +# STUN servers used by JVB on the server-side, so it can discover its own external IP address. +# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery. matrix_jitsi_jvb_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] + matrix_jitsi_jvb_brewery_muc: jvbbrewery matrix_jitsi_jvb_rtp_udp_port: 10000 matrix_jitsi_jvb_rtp_tcp_port: 4443 diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 7d1bc815..98ebfb25 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -31,6 +31,16 @@ mode: 0640 when: matrix_jitsi_enabled|bool +- name: Ensure jitsi-jicofo configuration files created + template: + src: "{{ role_path }}/templates/jicofo/{{ item }}.j2" + dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}" + mode: 0644 + with_items: + - sip-communicator.properties + - logging.properties + when: matrix_jitsi_enabled|bool + - name: Ensure matrix-jitsi-jicofo.service installed template: src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index bd6e97d8..86067c23 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -24,11 +24,14 @@ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool -- name: Ensure jitsi-jvb environment variables file created +- name: Ensure jitsi-jvb configuration files created template: - src: "{{ role_path }}/templates/jvb/env.j2" - dest: "{{ matrix_jitsi_jvb_base_path }}/env" - mode: 0640 + src: "{{ role_path }}/templates/jvb/{{ item }}.j2" + dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}" + mode: 0644 + with_items: + - sip-communicator.properties + - logging.properties when: matrix_jitsi_enabled|bool - name: Ensure matrix-jitsi-jvb.service installed diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 7d363543..93d69023 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -32,6 +32,16 @@ mode: 0640 when: matrix_jitsi_enabled|bool +- name: Ensure jitsi-web configuration files created + template: + src: "{{ role_path }}/templates/web/{{ item }}.j2" + dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}" + mode: 0644 + with_items: + - config.js + - interface_config.js + when: matrix_jitsi_enabled|bool + - name: Ensure matrix-jitsi-web.service installed template: src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2" diff --git a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 new file mode 100644 index 00000000..7eba95af --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 @@ -0,0 +1,20 @@ +handlers= java.util.logging.ConsoleHandler + +java.util.logging.ConsoleHandler.level = ALL +java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter + +net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo + +.level=INFO +net.sf.level=SEVERE +net.java.sip.communicator.plugin.reconnectplugin.level=FINE +org.ice4j.level=SEVERE +org.jitsi.impl.neomedia.level=SEVERE + +# Do not worry about missing strings +net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE + +#net.java.sip.communicator.service.protocol.level=ALL + +# Enable debug packets logging +#org.jitsi.impl.protocol.xmpp.level=FINE diff --git a/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 b/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 new file mode 100644 index 00000000..6736becc --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 @@ -0,0 +1,5 @@ +org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true +org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} + +org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} +org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90 diff --git a/roles/matrix-jitsi/templates/jvb/env.j2 b/roles/matrix-jitsi/templates/jvb/env.j2 deleted file mode 100644 index 0b88f8cc..00000000 --- a/roles/matrix-jitsi/templates/jvb/env.j2 +++ /dev/null @@ -1,14 +0,0 @@ -XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} -XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} -XMPP_SERVER={{ matrix_jitsi_xmpp_server }} - -JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} -JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} -JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} -JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }} -JVB_TCP_HARVESTER_DISABLED=false -JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }} - -JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }} - -TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 new file mode 100644 index 00000000..48c1e9fa --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 @@ -0,0 +1,13 @@ +handlers= java.util.logging.ConsoleHandler + +java.util.logging.ConsoleHandler.level = ALL +java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter + +net.java.sip.communicator.util.ScLogFormatter.programname=JVB + +.level=INFO + +org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE + +# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge. +org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index 5df5807a..03aef079 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -14,7 +14,6 @@ ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \ --log-driver=none \ --network={{ matrix_docker_network }} \ - --env-file={{ matrix_jitsi_jvb_base_path }}/env \ {% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %} -p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \ {% endif %} diff --git a/roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 b/roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 new file mode 100644 index 00000000..173af0b6 --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 @@ -0,0 +1,19 @@ +org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_udp_port }} +org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false +org.jitsi.videobridge.TCP_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }} + +{% if matrix_jitsi_jvb_stun_servers|length > 0 %} +org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ matrix_jitsi_jvb_stun_servers|join(',') }} +{% endif %} + +org.jitsi.videobridge.xmpp.user.shard.HOSTNAME={{ matrix_jitsi_xmpp_server }} +org.jitsi.videobridge.xmpp.user.shard.DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +org.jitsi.videobridge.xmpp.user.shard.USERNAME={{ matrix_jitsi_jvb_auth_user }} +org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ matrix_jitsi_jvb_auth_password }} +org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} +org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=matrix-jitsi-jvb +org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true + +org.jitsi.videobridge.ENABLE_STATISTICS=true +org.jitsi.videobridge.STATISTICS_TRANSPORT=muc +org.jitsi.videobridge.STATISTICS_INTERVAL=5000 diff --git a/roles/matrix-jitsi/templates/web/config.js.j2 b/roles/matrix-jitsi/templates/web/config.js.j2 new file mode 100644 index 00000000..f18471e1 --- /dev/null +++ b/roles/matrix-jitsi/templates/web/config.js.j2 @@ -0,0 +1,486 @@ +/* eslint-disable no-unused-vars, no-var */ + +var config = { + // Configuration + // + + // Alternative location for the configuration. + // configLocation: './config.json', + + // Custom function which given the URL path should return a room name. + // getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; }, + + + // Connection + // + + hosts: { + // XMPP domain. + domain: '{{ matrix_jitsi_xmpp_domain }}', + + {% if matrix_jitsi_enable_guests %} + // When using authentication, domain for guest users. + anonymousdomain: 'guest.example.com', + + // Domain for authenticated users. Defaults to . + authdomain: '{{ matrix_jitsi_xmpp_domain }}', + {% endif %} + + // Jirecon recording component domain. + // jirecon: 'jirecon.{{ matrix_jitsi_xmpp_domain }}', + + // Call control component (Jigasi). + // call_control: 'callcontrol.{{ matrix_jitsi_xmpp_domain }}', + + // Focus component domain. Defaults to focus.. + // focus: 'focus.{{ matrix_jitsi_xmpp_domain }}', + + // XMPP MUC domain. FIXME: use XEP-0030 to discover it. + muc: {{ matrix_jitsi_xmpp_muc_domain|to_json }}, + }, + + // BOSH URL. FIXME: use XEP-0156 to discover it. + bosh: '/http-bind', + + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + + // The real JID of focus participant - can be overridden here + focusUserJid: {{ matrix_jitsi_jicofo_auth_user|to_json }} + '@' + {{ matrix_jitsi_xmpp_auth_domain|to_json }}, + + + // Testing / experimental features. + // + + testing: { + // Enables experimental simulcast support on Firefox. + enableFirefoxSimulcast: false, + + // P2P test mode disables automatic switching to P2P when there are 2 + // participants in the conference. + p2pTestMode: false + + // Enables the test specific features consumed by jitsi-meet-torture + // testMode: false + }, + + // Disables ICE/UDP by filtering out local and remote UDP candidates in + // signalling. + // webrtcIceUdpDisable: false, + + // Disables ICE/TCP by filtering out local and remote TCP candidates in + // signalling. + // webrtcIceTcpDisable: false, + + + // Media + // + + // Audio + + // Disable measuring of audio levels. + // disableAudioLevels: false, + + // Start the conference in audio only mode (no video is being received nor + // sent). + // startAudioOnly: false, + + // Every participant after the Nth will start audio muted. + // startAudioMuted: 10, + + // Start calls with audio muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithAudioMuted: false, + + // Enabling it (with #params) will disable local audio output of remote + // participants and to enable it back a reload is needed. + // startSilent: false + + // Video + + // Sets the preferred resolution (height) for local video. Defaults to 720. + // resolution: 720, + + // w3c spec-compliant video constraints to use for video capture. Currently + // used by browsers that return true from lib-jitsi-meet's + // util#browser#usesNewGumFlow. The constraints are independency from + // this config's resolution value. Defaults to requesting an ideal aspect + // ratio of 16:9 with an ideal resolution of 720. + // constraints: { + // video: { + // aspectRatio: 16 / 9, + // height: { + // ideal: 720, + // max: 720, + // min: 240 + // } + // } + // }, + + // Enable / disable simulcast support. + // disableSimulcast: false, + + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. + // enableLayerSuspension: false, + + // Suspend sending video if bandwidth estimation is too low. This may cause + // problems with audio playback. Disabled until these are fixed. + disableSuspendVideo: true, + + // Every participant after the Nth will start video muted. + // startVideoMuted: 10, + + // Start calls with video muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithVideoMuted: false, + + // If set to true, prefer to use the H.264 video codec (if supported). + // Note that it's not recommended to do this because simulcast is not + // supported when using H.264. For 1-to-1 calls this setting is enabled by + // default and can be toggled in the p2p section. + // preferH264: true, + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // Desktop sharing + + // The ID of the jidesha extension for Chrome. + desktopSharingChromeExtId: null, + + // Whether desktop sharing should be disabled on Chrome. + // desktopSharingChromeDisabled: false, + + // The media sources to use when using screen sharing with the Chrome + // extension. + desktopSharingChromeSources: [ 'screen', 'window', 'tab' ], + + // Required version of Chrome extension + desktopSharingChromeMinExtVersion: '0.1', + + // Whether desktop sharing should be disabled on Firefox. + // desktopSharingFirefoxDisabled: false, + + // Optional desktop sharing frame rate options. Default value: min:5, max:5. + // desktopSharingFrameRate: { + // min: 5, + // max: 5 + // }, + + // Try to start calls with screen-sharing instead of camera video. + // startScreenSharing: false, + + // Recording +hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }}, + + // Whether to enable file recording or not. + fileRecordingsEnabled: {{ matrix_jitsi_enable_recording|to_json }}, + // Enable the dropbox integration. + // dropbox: { + // appKey: '' // Specify your app key here. + // // A URL to redirect the user to, after authenticating + // // by default uses: + // // 'https://{{ matrix_jitsi_xmpp_domain }}/static/oauth.html' + // redirectURI: + // 'https://{{ matrix_jitsi_xmpp_domain }}/subfolder/static/oauth.html' + // }, + // When integrations like dropbox are enabled only that will be shown, + // by enabling fileRecordingsServiceEnabled, we show both the integrations + // and the generic recording service (its configuration and storage type + // depends on jibri configuration) + // fileRecordingsServiceEnabled: false, + // Whether to show the possibility to share file recording with other people + // (e.g. meeting participants), based on the actual implementation + // on the backend. + // fileRecordingsServiceSharingEnabled: false, + + // Whether to enable live streaming or not. + liveStreamingEnabled: {{ matrix_jitsi_enable_recording|to_json }}, + + // Transcription (in interface_config, + // subtitles and buttons can be configured) + transcribingEnabled: {{ matrix_jitsi_enable_transcriptions|to_json }}, + + // Misc + + // Default value for the channel "last N" attribute. -1 for unlimited. + channelLastN: -1, + + // Disables or enables RTX (RFC 4588) (defaults to false). + // disableRtx: false, + + // Disables or enables TCC (the default is in Jicofo and set to true) + // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting + // affects congestion control, it practically enables send-side bandwidth + // estimations. + // enableTcc: true, + + // Disables or enables REMB (the default is in Jicofo and set to false) + // (draft-alvestrand-rmcat-remb-03). This setting affects congestion + // control, it practically enables recv-side bandwidth estimations. When + // both TCC and REMB are enabled, TCC takes precedence. When both are + // disabled, then bandwidth estimations are disabled. + // enableRemb: false, + + // Defines the minimum number of participants to start a call (the default + // is set in Jicofo and set to 2). + // minParticipants: 2, + + // Use XEP-0215 to fetch STUN and TURN servers. + // useStunTurn: true, + + // Enable IPv6 support. + // useIPv6: true, + + // Enables / disables a data communication channel with the Videobridge. + // Values can be 'datachannel', 'websocket', true (treat it as + // 'datachannel'), undefined (treat it as 'datachannel') and false (don't + // open any channel). + // openBridgeChannel: true, + + + // UI + // + + // Use display name as XMPP nickname. + // useNicks: false, + + // Require users to always specify a display name. + // requireDisplayName: true, + + // Whether to use a welcome page or not. In case it's false a random room + // will be joined when no room is specified. + enableWelcomePage: true, + + // Enabling the close page will ignore the welcome page redirection when + // a call is hangup. + // enableClosePage: false, + + // Disable hiding of remote thumbnails when in a 1-on-1 conference call. + // disable1On1Mode: false, + + // Default language for the user interface. + // defaultLanguage: 'en', + + // If true all users without a token will be considered guests and all users + // with token will be considered non-guests. Only guests will be allowed to + // edit their profile. + enableUserRolesBasedOnToken: false, + + // Whether or not some features are checked based on token. + // enableFeaturesBasedOnToken: false, + + // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests. + // lockRoomGuestEnabled: false, + + // When enabled the password used for locking a room is restricted to up to the number of digits specified + // roomPasswordNumberOfDigits: 10, + // default: roomPasswordNumberOfDigits: false, + + // Message to show the users. Example: 'The service will be down for + // maintenance at 01:00 AM GMT, + // noticeMessage: '', + + // Enables calendar integration, depends on googleApiApplicationClientID + // and microsoftApiApplicationClientID + // enableCalendarIntegration: false, + + // Stats + // + + // Whether to enable stats collection or not in the TraceablePeerConnection. + // This can be useful for debugging purposes (post-processing/analysis of + // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth + // estimation tests. + // gatherStats: false, + + // To enable sending statistics to callstats.io you must provide the + // Application ID and Secret. + // callStatsID: '', + // callStatsSecret: '', + + // enables callstatsUsername to be reported as statsId and used + // by callstats as repoted remote id + // enableStatsID: false + + // enables sending participants display name to callstats + // enableDisplayNameInStats: false + + + // Privacy + // + + // If third party requests are disabled, no other server will be contacted. + // This means avatars will be locally generated and callstats integration + // will not function. + // disableThirdPartyRequests: false, + + + // Peer-To-Peer mode: used (if enabled) when there are just 2 participants. + // + + p2p: { + // Enables peer to peer mode. When enabled the system will try to + // establish a direct connection when there are exactly 2 participants + // in the room. If that succeeds the conference will stop sending data + // through the JVB and use the peer to peer connection instead. When a + // 3rd participant joins the conference will be moved back to the JVB + // connection. + enabled: true, + + // Use XEP-0215 to fetch STUN and TURN servers. + // useStunTurn: true, + + // The STUN servers that will be used in the peer to peer connections + {% if matrix_jitsi_web_stun_servers|length > 0 %} + stunServers: [ + {% for url in matrix_jitsi_web_stun_servers %} + { urls: {{ url|to_json }} }{% if not loop.last %},{% endif %} + {% endfor %} + ], + {% endif %} + + // Sets the ICE transport policy for the p2p connection. At the time + // of this writing the list of possible values are 'all' and 'relay', + // but that is subject to change in the future. The enum is defined in + // the WebRTC standard: + // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum. + // If not set, the effective value is 'all'. + // iceTransportPolicy: 'all', + + // If set to true, it will prefer to use H.264 for P2P calls (if H.264 + // is supported). + preferH264: true + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // How long we're going to wait, before going back to P2P after the 3rd + // participant has left the conference (to filter out page reload). + // backToP2PDelay: 5 + }, + + analytics: { + // The Google Analytics Tracking ID: + // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' + + // The Amplitude APP Key: + // amplitudeAPPKey: '' + + // Array of script URLs to load as lib-jitsi-meet "analytics handlers". + // scriptURLs: [ + // "libs/analytics-ga.min.js", // google-analytics + // "https://example.com/my-custom-analytics.js" + // ], + }, + + // Information about the jitsi-meet instance we are connecting to, including + // the user region as seen by the server. + deploymentInfo: { + // shard: "shard1", + // region: "europe", + // userRegion: "asia" + } + + // Local Recording + // + + // localRecording: { + // Enables local recording. + // Additionally, 'localrecording' (all lowercase) needs to be added to + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. + // + // enabled: true, + // + + // The recording format, can be one of 'ogg', 'flac' or 'wav'. + // format: 'flac' + // + + // } + + // Options related to end-to-end (participant to participant) ping. + // e2eping: { + // // The interval in milliseconds at which pings will be sent. + // // Defaults to 10000, set to <= 0 to disable. + // pingInterval: 10000, + // + // // The interval in milliseconds at which analytics events + // // with the measured RTT will be sent. Defaults to 60000, set + // // to <= 0 to disable. + // analyticsInterval: 60000, + // } + + // If set, will attempt to use the provided video input device label when + // triggering a screenshare, instead of proceeding through the normal flow + // for obtaining a desktop stream. + // NOTE: This option is experimental and is currently intended for internal + // use only. + // _desktopSharingSourceDevice: 'sample-id-or-label' + + // If true, any checks to handoff to another application will be prevented + // and instead the app will continue to display in the current browser. + // disableDeepLinking: false + + // A property to disable the right click context menu for localVideo + // the menu has option to flip the locally seen video for local presentations + // disableLocalVideoFlip: false + + // List of undocumented settings used in jitsi-meet + /** + _immediateReloadThreshold + autoRecord + autoRecordToken + debug + debugAudioLevels + deploymentInfo + dialInConfCodeUrl + dialInNumbersUrl + dialOutAuthUrl + dialOutCodesUrl + disableRemoteControl + displayJids + etherpad_base + externalConnectUrl + firefox_fake_device + googleApiApplicationClientID + iAmRecorder + iAmSipGateway + microsoftApiApplicationClientID + peopleSearchQueryTypes + peopleSearchUrl + requireDisplayName + tokenAuthUrl + */ + + // List of undocumented settings used in lib-jitsi-meet + /** + _peerConnStatusOutOfLastNTimeout + _peerConnStatusRtcMuteTimeout + abTesting + avgRtpStatsN + callStatsConfIDNamespace + callStatsCustomScriptUrl + desktopSharingSources + disableAEC + disableAGC + disableAP + disableHPF + disableNS + enableLipSync + enableTalkWhileMuted + forceJVB121Ratio + hiddenDomain + ignoreStartMuted + nick + startBitrate + */ + +}; + +/* eslint-enable no-unused-vars, no-var */ diff --git a/roles/matrix-jitsi/templates/web/interface_config.js.j2 b/roles/matrix-jitsi/templates/web/interface_config.js.j2 new file mode 100644 index 00000000..dd5abc59 --- /dev/null +++ b/roles/matrix-jitsi/templates/web/interface_config.js.j2 @@ -0,0 +1,230 @@ +/* eslint-disable no-unused-vars, no-var, max-len */ + +var interfaceConfig = { + // TO FIX: this needs to be handled from SASS variables. There are some + // methods allowing to use variables both in css and js. + DEFAULT_BACKGROUND: '#474747', + + /** + * Whether or not the blurred video background for large video should be + * displayed on browsers that can support it. + */ + DISABLE_VIDEO_BACKGROUND: false, + + INITIAL_TOOLBAR_TIMEOUT: 20000, + TOOLBAR_TIMEOUT: 4000, + TOOLBAR_ALWAYS_VISIBLE: false, + DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', + DEFAULT_LOCAL_DISPLAY_NAME: 'me', + SHOW_JITSI_WATERMARK: true, + JITSI_WATERMARK_LINK: 'https://jitsi.org', + + // if watermark is disabled by default, it can be shown only for guests + SHOW_WATERMARK_FOR_GUESTS: true, + SHOW_BRAND_WATERMARK: false, + BRAND_WATERMARK_LINK: '', + SHOW_POWERED_BY: false, + SHOW_DEEP_LINKING_IMAGE: false, + GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true, + DISPLAY_WELCOME_PAGE_CONTENT: true, + APP_NAME: 'Jitsi Meet', + NATIVE_APP_NAME: 'Jitsi Meet', + PROVIDER_NAME: 'Jitsi', + LANG_DETECTION: false, // Allow i18n to detect the system language + INVITATION_POWERED_BY: true, + + /** + * If we should show authentication block in profile + */ + AUTHENTICATION_ENABLE: true, + + /** + * The name of the toolbar buttons to display in the toolbar. If present, + * the button will display. Exceptions are "livestreaming" and "recording" + * which also require being a moderator and some values in config.js to be + * enabled. Also, the "profile" button will not display for user's with a + * jwt. + */ + TOOLBAR_BUTTONS: [ + {% if matrix_jitsi_enable_transcriptions %} + 'closedcaptions', + {% endif %} + + 'microphone', 'camera', 'desktop', 'fullscreen', + 'fodeviceselection', 'hangup', 'profile', 'info', 'chat', 'recording', + 'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand', + 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', + 'tileview', 'videobackgroundblur' + ], + + SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ], + + // Determines how the video would fit the screen. 'both' would fit the whole + // screen, 'height' would fit the original video height to the height of the + // screen, 'width' would fit the original video width to the width of the + // screen respecting ratio. + VIDEO_LAYOUT_FIT: 'both', + + /** + * Whether to only show the filmstrip (and hide the toolbar). + */ + filmStripOnly: false, + + /** + * Whether to show thumbnails in filmstrip as a column instead of as a row. + */ + VERTICAL_FILMSTRIP: true, + + // A html text to be shown to guests on the close page, false disables it + CLOSE_PAGE_GUEST_HINT: false, + RANDOM_AVATAR_URL_PREFIX: false, + RANDOM_AVATAR_URL_SUFFIX: false, + FILM_STRIP_MAX_HEIGHT: 120, + + // Enables feedback star animation. + ENABLE_FEEDBACK_ANIMATION: false, + DISABLE_FOCUS_INDICATOR: false, + DISABLE_DOMINANT_SPEAKER_INDICATOR: false, + + /** + * Whether the speech to text transcription subtitles panel is disabled. + * If {@code undefined}, defaults to {@code false}. + * + * @type {boolean} + */ + DISABLE_TRANSCRIPTION_SUBTITLES: false, + + /** + * Whether the ringing sound in the call/ring overlay is disabled. If + * {@code undefined}, defaults to {@code false}. + * + * @type {boolean} + */ + DISABLE_RINGING: false, + AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)', + AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)', + POLICY_LOGO: null, + LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9 + REMOTE_THUMBNAIL_RATIO: 1, // 1:1 + // Documentation reference for the live streaming feature. + LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', + + /** + * Whether the mobile app Jitsi Meet is to be promoted to participants + * attempting to join a conference in a mobile Web browser. If + * {@code undefined}, defaults to {@code true}. + * + * @type {boolean} + */ + MOBILE_APP_PROMO: true, + + /** + * Maximum coeficient of the ratio of the large video to the visible area + * after the large video is scaled to fit the window. + * + * @type {number} + */ + MAXIMUM_ZOOMING_COEFFICIENT: 1.3, + + /* + * If indicated some of the error dialogs may point to the support URL for + * help. + */ + SUPPORT_URL: 'https://github.com/jitsi/jitsi-meet/issues/new', + + /** + * Whether the connection indicator icon should hide itself based on + * connection strength. If true, the connection indicator will remain + * displayed while the participant has a weak connection and will hide + * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is + * strong. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true, + + /** + * How long the connection indicator should remain displayed before hiding. + * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED. + * + * @type {number} + */ + CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000, + + /** + * If true, hides the connection indicators completely. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_DISABLED: false, + + /** + * If true, hides the video quality label indicating the resolution status + * of the current large video. + * + * @type {boolean} + */ + VIDEO_QUALITY_LABEL_DISABLED: false, + + /** + * If true, will display recent list + * + * @type {boolean} + */ + RECENT_LIST_ENABLED: true, + + // Names of browsers which should show a warning stating the current browser + // has a suboptimal experience. Browsers which are not listed as optimal or + // unsupported are considered suboptimal. Valid values are: + // chrome, chromium, edge, electron, firefox, nwjs, opera, safari + OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron' ], + + // Browsers, in addition to those which do not fully support WebRTC, that + // are not supported and should show the unsupported browser page. + UNSUPPORTED_BROWSERS: [], + + /** + * A UX mode where the last screen share participant is automatically + * pinned. Valid values are the string "remote-only" so remote participants + * get pinned but not local, otherwise any truthy value for all participants, + * and any falsy value to disable the feature. + * + * Note: this mode is experimental and subject to breakage. + */ + AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only' + + /** + * How many columns the tile view can expand to. The respected range is + * between 1 and 5. + */ + // TILE_VIEW_MAX_COLUMNS: 5, + + /** + * Specify custom URL for downloading android mobile app. + */ + // MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet', + + /** + * Specify URL for downloading ios mobile app. + */ + // MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905', + + /** + * Specify mobile app scheme for opening the app from the mobile browser. + */ + // APP_SCHEME: 'org.jitsi.meet', + + /** + * Specify the Android app package name. + */ + // ANDROID_APP_PACKAGE: 'org.jitsi.meet', + + /** + * Override the behavior of some notifications to remain displayed until + * explicitly dismissed through a user action. The value is how long, in + * milliseconds, those notifications should remain displayed. + */ + // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000, +}; + +/* eslint-enable no-unused-vars, no-var, max-len */