Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into maubot

CHANGELOG.md

@@ -1,3 +1,12 @@
+# 2020-03-24
+
+## Jitsi support
+
+The playbook can now (optionally) install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](docs/configuring-playbook-riot-web.md).
+
+See our [Jitsi documentation page](docs/configuring-playbook-jitsi.md) to get started.
+
+
 # 2020-03-15
 
 ## Raspberry Pi support

README.md

@@ -56,6 +56,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients
 
+- (optional) [Jitsi](https://jitsi.org/), an open source video-conferencing platform
+
 Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else.
 
 **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.
@@ -144,6 +146,14 @@ This playbook sets up your server using the following Docker images:
 
 - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
 
+- [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional)
+
+- [jitsi/jicofo](https://hub.docker.com/r/jitsi/jicofo) - the [Jitsi](https://jitsi.org/) Focus component (optional)
+
+- [jitsi/prosody](https://hub.docker.com/r/jitsi/prosody) - the [Jitsi](https://jitsi.org/) Prosody XMPP server component (optional)
+
+- [jitsi/jvb](https://hub.docker.com/r/jitsi/jvb) - the [Jitsi](https://jitsi.org/) Video Bridge component (optional)
+
 
 ## Deficiencies
 

docs/configuring-dns.md

@@ -18,12 +18,16 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR
 
 ## General outline of DNS settings you need to do
 
-| Type  | Host                    | Priority | Weight | Port | Target                 |
-| ----- | ----------------------- | -------- | ------ | ---- | ---------------------- |
-| A     | `matrix`                | -        | -      | -    | `matrix-server-IP`     |
-| CNAME | `riot`                  | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `dimension`             | -        | -      | -    | `matrix.<your-domain>` |
-| SRV   | `_matrix-identity._tcp` | 10       | 0      | 443  | `matrix.<your-domain>` |
+| Type  | Host                         | Priority | Weight | Port | Target                 |
+| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
+| A     | `matrix`                     | -        | -      | -    | `matrix-server-IP`     |
+| CNAME | `riot`                       | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `dimension` (*)              | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `jitsi` (*)                  | -        | -      | -    | `matrix.<your-domain>` |
+| SRV   | `_matrix-identity._tcp`      | 10       | 0      | 443  | `matrix.<your-domain>` |
+
+
+DNS records marked with `(*)` above are optional. They refer to services that will not be installed by default (see the section below). If you won't be installing these services, feel free to skip creating these DNS records.
 
 
 ## Subdomains setup
@@ -35,6 +39,8 @@ If you'd rather instruct the playbook not to install Riot (`matrix_riot_web_enab
 
 The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
 
+The `jitsi.<your-domain>` subdomain may be necessary, because this playbook could install the [Jitsi video-conferencing platform](https://jitsi.org/) for you. Jitsi installation is disabled by default, because it may be heavy and is not a core required component. To learn how to install it, see our [Jitsi](configuring-playbook-jitsi.md) guide. If you do not wish to set up Jitsi, feel free to skip the `jitsi.<your-domain>` DNS record.
+
 
 ## `_matrix-identity._tcp` SRV record setup
 

docs/configuring-playbook-jitsi.md

@@ -0,0 +1,39 @@
+# Jitsi
+
+The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md).
+
+Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services.
+
+The setup done by the playbook is very similar to [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet).
+
+
+## Prerequisites
+
+Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. See [Configuring DNS](configuring-dns.md).
+
+You may also need to open the following ports to your server:
+
+- `10000/udp` - RTP media over UDP
+- `4443/tcp` - RTP media fallback over TCP
+
+
+## Installation
+
+Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+
+```yaml
+matrix_jitsi_enabled: true
+
+# We only need this temporarily - until Jitsi integration in riot-web is finalized.
+# Remove this line in the future, to switch back to a stable riot-web version.
+matrix_riot_web_docker_image: "vectorim/riot-web:develop"
+```
+
+Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
+
+
+## Usage
+
+You can use the self-hosted Jitsi server through Riot, through an Integration Manager like [Dimension](docs/configuring-playbook-dimension.md) or directly at `https://jitsi.DOMAIN`.
+
+To use it via riot-web, make sure you've installed the `develop` version and fully reloaded your riot-web page (at `riot.DOMAIN`). Starting a video-conference in a room containing more than 2 members should then create a Jitsi widget which utilizes your self-hosted Jitsi server.

docs/configuring-playbook-own-webserver.md

@@ -22,7 +22,7 @@ For an alternative, make sure to check Method #2 as well.
 
 No matter which external webserver you decide to go with, you'll need to:
 
-1) Make sure your web server user (something like `http`, `apache`, `www-data`, `nginx`) is part of the `matrix` group. You should run something like this: `usermod -a -G matrix nginx`
+1) Make sure your web server user (something like `http`, `apache`, `www-data`, `nginx`) is part of the `matrix` group. You should run something like this: `usermod -a -G matrix nginx`. This allows your webserver user to access files owned by the `matrix` group. When using an external nginx webserver, this allows it to read configuration files from `/matrix/nginx-proxy/conf.d`. When using another server, it would make other files, such as `/matrix/static-files/.well-known`, accessible to it.
 
 2) Edit your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) to disable the integrated nginx server:
 

docs/configuring-playbook-shared-secret-auth.md

@@ -4,7 +4,7 @@ The playbook can install and configure [matrix-synapse-shared-secret-auth](https
 
 See that project's documentation to learn what it does and why it might be useful to you.
 
-If you decide that you'd like to let this playbook install it for you, you need some configuration like this:
+If you decide that you'd like to let this playbook install it for you, you need some configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`) like this:
 
 ```yaml
 matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true

docs/configuring-playbook.md

@@ -31,6 +31,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional, but recommended; after [installing](installing.md))
 
+- [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional)
+
 
 ### Core service adjustments
 

group_vars/matrix_servers

@@ -392,6 +392,41 @@ matrix_email2matrix_enabled: false
 
 
 
+######################################################################
+#
+# matrix-jitsi
+#
+######################################################################
+
+matrix_jitsi_enabled: false
+
+# Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network.
+# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
+# the Jitsi HTTP port to the local host.
+matrix_jitsi_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12080' }}"
+
+matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}"
+matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}"
+matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}"
+
+matrix_jitsi_web_stun_servers: |
+  {{
+    [
+      matrix_server_fqn_matrix + ':5349',
+      matrix_server_fqn_matrix + ':3478',
+    ]
+    if matrix_coturn_enabled
+    else [ 'stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302']
+  }}
+
+######################################################################
+#
+# /matrix-jitsi
+#
+######################################################################
+
+
+
 ######################################################################
 #
 # matrix-mailer
@@ -482,6 +517,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_s
 matrix_nginx_proxy_proxy_matrix_enabled: true
 matrix_nginx_proxy_proxy_riot_enabled: "{{ matrix_riot_web_enabled }}"
 matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
+matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
 
 matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
 matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@@ -525,6 +561,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
     +
     ([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
     +
+    ([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else [])
+    +
     ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
   }}
 
@@ -596,6 +634,8 @@ matrix_riot_web_enable_presence_by_hs_url: |
 
 matrix_riot_web_welcome_user_id: ~
 
+matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
+
 ######################################################################
 #
 # /matrix-riot-web

roles/matrix-base/defaults/main.yml

@@ -18,6 +18,9 @@ matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
 # This is where you access the Dimension.
 matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
 
+# This is where you access Jitsi.
+matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
+
 matrix_user_username: "matrix"
 matrix_user_uid: 991
 matrix_user_gid: 991
@@ -26,6 +29,9 @@ matrix_base_data_path: "/matrix"
 matrix_base_data_path_mode: "750"
 
 matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
+matrix_systemd_path: "/etc/systemd/system"
+matrix_cron_path: "/etc/cron.d"
+matrix_local_bin_path: "/usr/local/bin"
 
 matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
 
@@ -69,4 +75,4 @@ run_stop: true
 
 # Building every docker image from source on the target host
 # Controlling docker image build is possible on a per unit base
-matrix_container_images_self_build: false
+matrix_container_images_self_build: false

roles/matrix-base/tasks/setup_matrix_base.yml

@@ -52,6 +52,6 @@
 - name: Ensure matrix-remove-all script created
   template:
     src: "{{ role_path }}/templates/usr-local-bin/matrix-remove-all.j2"
-    dest: "/usr/local/bin/matrix-remove-all"
+    dest: "{{ matrix_local_bin_path }}/matrix-remove-all"
     mode: 0750
 

roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2

@@ -15,15 +15,15 @@ if [ "$sure" != "Yes, I really want to remove everything!" ]; then
 	exit 0
 else
 	echo "Stop and remove matrix services"
-	for s in $(find /etc/systemd/system/ -name "matrix-*" -printf "%f\n"); do
+	for s in $(find {{ matrix_systemd_path }}/ -name "matrix-*" -printf "%f\n"); do
 		systemctl stop $s
-		rm -f /etc/systemd/system/$s
+		rm -f {{ matrix_systemd_path }}/$s
 	done
 	systemctl daemon-reload
 	echo "Remove matrix cronjobs"
 	find /etc/cron.d/ -name "matrix-*" -delete
 	echo "Remove matrix scripts"
-	find /usr/local/bin/ -name "matrix-*" -delete
+	find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete
 	echo "Remove every docker images"
 	docker rmi $(docker images -aq)
 	echo "Remove docker matrix network"

roles/matrix-bridge-appservice-discord/tasks/setup_install.yml

@@ -72,7 +72,7 @@
 - name: Ensure matrix-appservice-discord.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2"
-    dest: "/etc/systemd/system/matrix-appservice-discord.service"
+    dest: "{{ matrix_systemd_path }}/matrix-appservice-discord.service"
     mode: 0644
   register: matrix_appservice_discord_systemd_service_result
 

roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml

@@ -2,7 +2,7 @@
 
 - name: Check existence of matrix-appservice-discord service
   stat:
-    path: "/etc/systemd/system/matrix-appservice-discord.service"
+    path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service"
   register: matrix_appservice_discord_service_stat
 
 - name: Ensure matrix-appservice-discord is stopped
@@ -14,7 +14,7 @@
 
 - name: Ensure matrix-appservice-discord.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-appservice-discord.service"
+    path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service"
     state: absent
   when: "matrix_appservice_discord_service_stat.stat.exists"
 

roles/matrix-bridge-appservice-irc/tasks/setup_install.yml

@@ -139,7 +139,7 @@
 - name: Ensure matrix-appservice-irc.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2"
-    dest: "/etc/systemd/system/matrix-appservice-irc.service"
+    dest: "{{ matrix_systemd_path }}/matrix-appservice-irc.service"
     mode: 0644
   register: matrix_appservice_irc_systemd_service_result
 

roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml

@@ -2,7 +2,7 @@
 
 - name: Check existence of matrix-appservice-irc service
   stat:
-    path: "/etc/systemd/system/matrix-appservice-irc.service"
+    path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service"
   register: matrix_appservice_irc_service_stat
 
 - name: Ensure matrix-appservice-irc is stopped
@@ -14,7 +14,7 @@
 
 - name: Ensure matrix-appservice-irc.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-appservice-irc.service"
+    path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service"
     state: absent
   when: "matrix_appservice_irc_service_stat.stat.exists"
 

roles/matrix-bridge-appservice-slack/tasks/setup_install.yml

@@ -38,7 +38,7 @@
 - name: Ensure matrix-appservice-slack.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2"
-    dest: "/etc/systemd/system/matrix-appservice-slack.service"
+    dest: "{{ matrix_systemd_path }}/matrix-appservice-slack.service"
     mode: 0644
   register: matrix_appservice_slack_systemd_service_result
 

roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml

@@ -2,7 +2,7 @@
 
 - name: Check existence of matrix-appservice-slack service
   stat:
-    path: "/etc/systemd/system/matrix-appservice-slack.service"
+    path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service"
   register: matrix_appservice_slack_service_stat
 
 - name: Ensure matrix-appservice-slack is stopped
@@ -14,7 +14,7 @@
 
 - name: Ensure matrix-appservice-slack.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-appservice-slack.service"
+    path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service"
     state: absent
   when: "matrix_appservice_slack_service_stat.stat.exists"
 

roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml

@@ -54,7 +54,7 @@
 - name: Ensure matrix-appservice-webhooks.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2"
-    dest: "/etc/systemd/system/matrix-appservice-webhooks.service"
+    dest: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service"
     mode: 0644
   register: matrix_appservice_webhooks_systemd_service_result
 

roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml

@@ -2,7 +2,7 @@
 
 - name: Check existence of matrix-appservice-webhooks service
   stat:
-    path: "/etc/systemd/system/matrix-appservice-webhooks.service"
+    path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service"
   register: matrix_appservice_webhooks_service_stat
 
 - name: Ensure matrix-appservice-webhooks is stopped
@@ -14,7 +14,7 @@
 
 - name: Ensure matrix-appservice-webhooks.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-appservice-webhooks.service"
+    path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service"
     state: absent
   when: "matrix_appservice_webhooks_service_stat.stat.exists"
 

roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml

@@ -84,7 +84,7 @@
 - name: Ensure matrix-mautrix-facebook.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2"
-    dest: "/etc/systemd/system/matrix-mautrix-facebook.service"
+    dest: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service"
     mode: 0644
   register: matrix_mautrix_facebook_systemd_service_result
 

roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml

@@ -2,7 +2,7 @@
 
 - name: Check existence of matrix-mautrix-facebook service
   stat:
-    path: "/etc/systemd/system/matrix-mautrix-facebook.service"
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service"
   register: matrix_mautrix_facebook_service_stat
 
 - name: Ensure matrix-mautrix-facebook is stopped
@@ -14,7 +14,7 @@
 
 - name: Ensure matrix-mautrix-facebook.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-mautrix-facebook.service"
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service"
     state: absent
   when: "matrix_mautrix_facebook_service_stat.stat.exists"
 

roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml

@@ -83,7 +83,7 @@
 - name: Ensure matrix-mautrix-hangouts.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2"
-    dest: "/etc/systemd/system/matrix-mautrix-hangouts.service"
+    dest: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service"
     mode: 0644
   register: matrix_mautrix_hangouts_systemd_service_result
 

roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml

@@ -2,7 +2,7 @@
 
 - name: Check existence of matrix-mautrix-hangouts service
   stat:
-    path: "/etc/systemd/system/matrix-mautrix-hangouts.service"
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service"
   register: matrix_mautrix_hangouts_service_stat
 
 - name: Ensure matrix-mautrix-hangouts is stopped
@@ -14,7 +14,7 @@
 
 - name: Ensure matrix-mautrix-hangouts.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-mautrix-hangouts.service"
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service"
     state: absent
   when: "matrix_mautrix_hangouts_service_stat.stat.exists"
 

roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2

@@ -11,8 +11,8 @@ Wants={{ service }}
 
 [Service]
 Type=simple
-ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts
-ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts
+ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
+ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
 ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \

roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml

@@ -63,7 +63,7 @@
 - name: Ensure matrix-mautrix-telegram.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2"
-    dest: "/etc/systemd/system/matrix-mautrix-telegram.service"
+    dest: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service"
     mode: 0644
   register: matrix_mautrix_telegram_systemd_service_result
 

roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml

@@ -2,7 +2,7 @@
 
 - name: Check existence of matrix-mautrix-telegram service
   stat:
-    path: "/etc/systemd/system/matrix-mautrix-telegram.service"
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service"
   register: matrix_mautrix_telegram_service_stat
 
 - name: Ensure matrix-mautrix-telegram is stopped
@@ -14,7 +14,7 @@
 
 - name: Ensure matrix-mautrix-telegram.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-mautrix-telegram.service"
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service"
     state: absent
   when: "matrix_mautrix_telegram_service_stat.stat.exists"
 

roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml

@@ -72,7 +72,7 @@
 - name: Ensure matrix-mautrix-whatsapp.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2"
-    dest: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
+    dest: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service"
     mode: 0644
   register: matrix_mautrix_whatsapp_systemd_service_result
 

roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml

@@ -2,7 +2,7 @@
 
 - name: Check existence of matrix-mautrix-whatsapp service
   stat:
-    path: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service"
   register: matrix_mautrix_whatsapp_service_stat
 
 - name: Ensure matrix-mautrix-whatsapp is stopped
@@ -14,7 +14,7 @@
 
 - name: Ensure matrix-mautrix-whatsapp.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service"
     state: absent
   when: "matrix_mautrix_whatsapp_service_stat.stat.exists"
 

roles/matrix-corporal/defaults/main.yml

@@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']
 
-matrix_corporal_docker_image: "devture/matrix-corporal:1.7.1"
+matrix_corporal_docker_image: "devture/matrix-corporal:1.8.0"
 matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
 
 matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"
@@ -46,8 +46,11 @@ matrix_corporal_matrix_timeout_milliseconds: 45000
 matrix_corporal_reconciliation_retry_interval_milliseconds: 30000
 matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal"
 
+matrix_corporal_http_gateway_timeout_milliseconds: 60000
+
 matrix_corporal_http_api_enabled: false
 matrix_corporal_http_api_auth_token: ""
+matrix_corporal_http_api_timeout_milliseconds: 15000
 
 # Matrix Corporal policy provider configuration (goes directly into the configuration's `PolicyProvider` value)
 matrix_corporal_policy_provider_config: ""

roles/matrix-corporal/tasks/setup_corporal.yml

@@ -37,7 +37,7 @@
 - name: Ensure matrix-corporal.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-corporal.service.j2"
-    dest: "/etc/systemd/system/matrix-corporal.service"
+    dest: "{{ matrix_systemd_path }}/matrix-corporal.service"
     mode: 0644
   register: matrix_corporal_systemd_service_result
   when: matrix_corporal_enabled|bool
@@ -54,7 +54,7 @@
 
 - name: Check existence of matrix-corporal service
   stat:
-    path: "/etc/systemd/system/matrix-corporal.service"
+    path: "{{ matrix_systemd_path }}/matrix-corporal.service"
   register: matrix_corporal_service_stat
   when: "not matrix_corporal_enabled|bool"
 
@@ -68,7 +68,7 @@
 
 - name: Ensure matrix-corporal.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-corporal.service"
+    path: "{{ matrix_systemd_path }}/matrix-corporal.service"
     state: absent
   when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists"
 
@@ -82,7 +82,7 @@
     path: "{{ item }}"
     state: absent
   with_items:
-    - /etc/systemd/system/matrix-corporal.service
+    - "{{ matrix_systemd_path }}/matrix-corporal.service"
     - "{{ matrix_corporal_config_dir_path }}/config.json"
   when: "not matrix_corporal_enabled|bool"
 

roles/matrix-corporal/templates/config.json.j2

@@ -13,13 +13,15 @@
 	},
 
 	"HttpGateway": {
-		"ListenAddress": "0.0.0.0:41080"
+		"ListenAddress": "0.0.0.0:41080",
+		"TimeoutMilliseconds": {{ matrix_corporal_http_gateway_timeout_milliseconds }}
 	},
 
 	"HttpApi": {
 		"Enabled": {{ matrix_corporal_http_api_enabled|to_json }},
 		"ListenAddress": "0.0.0.0:41081",
-		"AuthorizationBearerToken": "{{ matrix_corporal_http_api_auth_token }}"
+		"AuthorizationBearerToken": "{{ matrix_corporal_http_api_auth_token }}",
+		"TimeoutMilliseconds": {{ matrix_corporal_http_api_timeout_milliseconds }}
 	},
 
 	"PolicyProvider": {{ matrix_corporal_policy_provider_config }},

roles/matrix-coturn/tasks/setup_coturn.yml

@@ -77,7 +77,7 @@
 - name: Ensure matrix-coturn.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
-    dest: "/etc/systemd/system/matrix-coturn.service"
+    dest: "{{ matrix_systemd_path }}/matrix-coturn.service"
     mode: 0644
   register: matrix_coturn_systemd_service_result
   when: matrix_coturn_enabled|bool
@@ -116,7 +116,7 @@
 
 - name: Check existence of matrix-coturn service
   stat:
-    path: "/etc/systemd/system/matrix-coturn.service"
+    path: "{{ matrix_systemd_path }}/matrix-coturn.service"
   register: matrix_coturn_service_stat
   when: "not matrix_coturn_enabled|bool"
 
@@ -130,7 +130,7 @@
 
 - name: Ensure matrix-coturn.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-coturn.service"
+    path: "{{ matrix_systemd_path }}/matrix-coturn.service"
     state: absent
   when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
 

roles/matrix-dimension/tasks/setup_dimension.yml

@@ -33,7 +33,7 @@
 - name: Ensure matrix-dimension.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-dimension.service.j2"
-    dest: "/etc/systemd/system/matrix-dimension.service"
+    dest: "{{ matrix_systemd_path }}/matrix-dimension.service"
     mode: 0644
   register: matrix_dimension_systemd_service_result
   when: matrix_dimension_enabled|bool
@@ -49,7 +49,7 @@
 
 - name: Check existence of matrix-dimension service
   stat:
-    path: "/etc/systemd/system/matrix-dimension.service"
+    path: "{{ matrix_systemd_path }}/matrix-dimension.service"
   register: matrix_dimension_service_stat
   when: "not matrix_dimension_enabled|bool"
 
@@ -63,7 +63,7 @@
 
 - name: Ensure matrix-dimension.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-dimension.service"
+    path: "{{ matrix_systemd_path }}/matrix-dimension.service"
     state: absent
   when: "not matrix_dimension_enabled|bool and matrix_dimension_service_stat.stat.exists"
 

roles/matrix-email2matrix/tasks/setup_email2matrix.yml

@@ -36,7 +36,7 @@
 - name: Ensure matrix-email2matrix.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2"
-    dest: "/etc/systemd/system/matrix-email2matrix.service"
+    dest: "{{ matrix_systemd_path }}/matrix-email2matrix.service"
     mode: 0644
   register: matrix_email2matrix_systemd_service_result
   when: matrix_email2matrix_enabled|bool
@@ -52,7 +52,7 @@
 
 - name: Check existence of matrix-email2matrix service
   stat:
-    path: "/etc/systemd/system/matrix-email2matrix.service"
+    path: "{{ matrix_systemd_path }}/matrix-email2matrix.service"
   register: matrix_email2matrix_service_stat
   when: "not matrix_email2matrix_enabled|bool"
 
@@ -66,7 +66,7 @@
 
 - name: Ensure matrix-email2matrix.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-email2matrix.service"
+    path: "{{ matrix_systemd_path }}/matrix-email2matrix.service"
     state: absent
   when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists"
 

roles/matrix-jitsi/defaults/main.yml

@@ -0,0 +1,116 @@
+matrix_jitsi_enabled: true
+
+matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
+
+matrix_jitsi_enable_auth: false
+matrix_jitsi_enable_guests: false
+matrix_jitsi_enable_recording: true
+matrix_jitsi_enable_transcriptions: true
+
+matrix_jitsi_timezone: UTC
+
+matrix_jitsi_xmpp_domain: matrix-jitsi-web
+matrix_jitsi_xmpp_server: matrix-jitsi-prosody
+matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi
+matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280
+matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
+matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi
+matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi
+
+matrix_jitsi_recorder_domain: recorder.meet.jitsi
+
+
+matrix_jitsi_jibri_brewery_muc: jibribrewery
+matrix_jitsi_jibri_pending_timeout: 90
+matrix_jitsi_jibri_xmpp_user: jibri
+matrix_jitsi_jibri_xmpp_password: jibri-password
+matrix_jitsi_jibri_recorder_user: recorder
+matrix_jitsi_jibri_recorder_password: recorder-password
+
+
+matrix_jitsi_web_docker_image: "jitsi/web:4101"
+matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
+matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config"
+matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts"
+
+matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"
+
+# STUN servers used in the web UI. Feel free to point them to your own STUN server.
+matrix_jitsi_web_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302']
+
+# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12080"), or empty string to not expose.
+matrix_jitsi_web_container_http_host_bind_port: ''
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_web_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-web.service depends on
+matrix_jitsi_web_systemd_required_services_list: ['docker.service']
+
+
+matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101"
+matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
+matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config"
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_prosody_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-prosody.service depends on
+matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
+
+
+matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101"
+matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
+matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config"
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_jicofo_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-jicofo.service depends on
+matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
+
+matrix_jitsi_jicofo_component_secret: s3cr37
+matrix_jitsi_jicofo_auth_user: focus
+matrix_jitsi_jicofo_auth_password: passw0rd
+
+
+matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101"
+matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"
+matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config"
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_jvb_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-jvb.service depends on
+matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
+
+matrix_jitsi_jvb_auth_user: jvb
+matrix_jitsi_jvb_auth_password: passw0rd
+
+# STUN servers used by JVB on the server-side, so it can discover its own external IP address.
+# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.
+matrix_jitsi_jvb_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302']
+
+matrix_jitsi_jvb_brewery_muc: jvbbrewery
+matrix_jitsi_jvb_rtp_udp_port: 10000
+matrix_jitsi_jvb_rtp_tcp_port: 4443
+
+# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:10000"), or empty string to not expose.
+matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}"
+
+# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4443"), or empty string to not expose.
+matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}"

roles/matrix-jitsi/tasks/init.yml

@@ -0,0 +1,3 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web', 'matrix-jitsi-prosody', 'matrix-jitsi-jicofo', 'matrix-jitsi-jvb'] }}"
+  when: matrix_jitsi_enabled|bool

roles/matrix-jitsi/tasks/main.yml

@@ -0,0 +1,33 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-jitsi

roles/matrix-jitsi/tasks/setup_jitsi_base.yml

@@ -0,0 +1,20 @@
+---
+
+#
+# Tasks related to setting up jitsi
+#
+
+- name: Ensure Matrix jitsi base path exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { path: "{{ matrix_jitsi_base_path }}", when: true }
+  when: matrix_jitsi_enabled|bool and item.when
+
+#
+# Tasks related to getting rid of jitsi (if it was previously enabled)
+#

roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml

@@ -0,0 +1,96 @@
+---
+
+#
+# Tasks related to setting up jitsi-jicofo
+#
+
+- name: Ensure Matrix jitsi-jicofo path exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true }
+    - { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true }
+  when: matrix_jitsi_enabled|bool and item.when
+
+- name: Ensure jitsi-jicofo Docker image is pulled
+  docker_image:
+    name: "{{ matrix_jitsi_jicofo_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-jicofo environment variables file created
+  template:
+    src: "{{ role_path }}/templates/jicofo/env.j2"
+    dest: "{{ matrix_jitsi_jicofo_base_path }}/env"
+    mode: 0640
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-jicofo configuration files created
+  template:
+    src: "{{ role_path }}/templates/jicofo/{{ item }}.j2"
+    dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}"
+    mode: 0644
+  with_items:
+    - sip-communicator.properties
+    - logging.properties
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure matrix-jitsi-jicofo.service installed
+  template:
+    src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service"
+    mode: 0644
+  register: matrix_jitsi_jicofo_systemd_service_result
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-jicofo (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-jicofo service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service"
+  register: matrix_jitsi_jicofo_service_stat
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure matrix-jitsi-jicofo is stopped
+  service:
+    name: matrix-jitsi-jicofo
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-jicofo.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-jicofo paths doesn't exist
+  file:
+    path: "{{ matrix_jitsi_jicofo_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure jitsi-jicofo Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_jitsi_jicofo_docker_image }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"

roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml

@@ -0,0 +1,89 @@
+---
+
+#
+# Tasks related to setting up jitsi-jvb
+#
+
+- name: Ensure Matrix jitsi-jvb path exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { path: "{{ matrix_jitsi_jvb_base_path }}", when: true }
+    - { path: "{{ matrix_jitsi_jvb_config_path }}", when: true }
+  when: matrix_jitsi_enabled|bool and item.when
+
+- name: Ensure jitsi-jvb Docker image is pulled
+  docker_image:
+    name: "{{ matrix_jitsi_jvb_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-jvb configuration files created
+  template:
+    src: "{{ role_path }}/templates/jvb/{{ item }}.j2"
+    dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
+    mode: 0644
+  with_items:
+    - sip-communicator.properties
+    - logging.properties
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure matrix-jitsi-jvb.service installed
+  template:
+    src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service"
+    mode: 0644
+  register: matrix_jitsi_jvb_systemd_service_result
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-jvb (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-jvb service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service"
+  register: matrix_jitsi_jvb_service_stat
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure matrix-jitsi-jvb is stopped
+  service:
+    name: matrix-jitsi-jvb
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-jvb.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-jvb paths doesn't exist
+  file:
+    path: "{{ matrix_jitsi_jvb_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure jitsi-jvb Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_jitsi_jvb_docker_image }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"

roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml

@@ -0,0 +1,86 @@
+---
+
+#
+# Tasks related to setting up jitsi-prosody
+#
+
+- name: Ensure Matrix jitsi-prosody path exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true }
+    - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true }
+  when: matrix_jitsi_enabled|bool and item.when
+
+- name: Ensure jitsi-prosody Docker image is pulled
+  docker_image:
+    name: "{{ matrix_jitsi_prosody_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-prosody environment variables file created
+  template:
+    src: "{{ role_path }}/templates/prosody/env.j2"
+    dest: "{{ matrix_jitsi_prosody_base_path }}/env"
+    mode: 0640
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure matrix-jitsi-prosody.service installed
+  template:
+    src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
+    mode: 0644
+  register: matrix_jitsi_prosody_systemd_service_result
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-prosody (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-prosody service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
+  register: matrix_jitsi_prosody_service_stat
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure matrix-jitsi-prosody is stopped
+  service:
+    name: matrix-jitsi-prosody
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-prosody.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-prosody paths doesn't exist
+  file:
+    path: "{{ matrix_jitsi_prosody_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure jitsi-prosody Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_jitsi_prosody_docker_image }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"

roles/matrix-jitsi/tasks/setup_jitsi_web.yml

@@ -0,0 +1,97 @@
+---
+
+#
+# Tasks related to setting up jitsi-web
+#
+
+- name: Ensure Matrix jitsi-web path exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { path: "{{ matrix_jitsi_web_base_path }}", when: true }
+    - { path: "{{ matrix_jitsi_web_config_path }}", when: true }
+    - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true }
+  when: matrix_jitsi_enabled|bool and item.when
+
+- name: Ensure jitsi-web Docker image is pulled
+  docker_image:
+    name: "{{ matrix_jitsi_web_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-web environment variables file created
+  template:
+    src: "{{ role_path }}/templates/web/env.j2"
+    dest: "{{ matrix_jitsi_web_base_path }}/env"
+    mode: 0640
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-web configuration files created
+  template:
+    src: "{{ role_path }}/templates/web/{{ item }}.j2"
+    dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
+    mode: 0644
+  with_items:
+    - config.js
+    - interface_config.js
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure matrix-jitsi-web.service installed
+  template:
+    src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-jitsi-web.service"
+    mode: 0644
+  register: matrix_jitsi_web_systemd_service_result
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-web.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-web (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-web service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service"
+  register: matrix_jitsi_web_service_stat
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure matrix-jitsi-web is stopped
+  service:
+    name: matrix-jitsi-web
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-web.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-web.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-web paths doesn't exist
+  file:
+    path: "{{ matrix_jitsi_web_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure jitsi-web Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_jitsi_web_docker_image }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"

roles/matrix-jitsi/templates/jicofo/env.j2

@@ -0,0 +1,17 @@
+ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+
+XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
+XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
+
+JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
+
+JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
+
+JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
+JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
+
+TZ={{ matrix_jitsi_timezone }}

roles/matrix-jitsi/templates/jicofo/logging.properties.j2

@@ -0,0 +1,20 @@
+handlers= java.util.logging.ConsoleHandler
+
+java.util.logging.ConsoleHandler.level = ALL
+java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
+
+net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo
+
+.level=INFO
+net.sf.level=SEVERE
+net.java.sip.communicator.plugin.reconnectplugin.level=FINE
+org.ice4j.level=SEVERE
+org.jitsi.impl.neomedia.level=SEVERE
+
+# Do not worry about missing strings
+net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE
+
+#net.java.sip.communicator.service.protocol.level=ALL
+
+# Enable debug packets logging
+#org.jitsi.impl.protocol.xmpp.level=FINE

roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2

@@ -0,0 +1,31 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-jicofo server
+{% for service in matrix_jitsi_jicofo_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo
+ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo
+
+ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
+			-v {{ matrix_jitsi_jicofo_config_path }}:/config \
+			{% for arg in matrix_jitsi_jicofo_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_jicofo_docker_image }}
+
+ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo
+ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-jicofo
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2

@@ -0,0 +1,5 @@
+org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
+org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
+
+org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
+org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90

roles/matrix-jitsi/templates/jvb/logging.properties.j2

@@ -0,0 +1,13 @@
+handlers= java.util.logging.ConsoleHandler
+
+java.util.logging.ConsoleHandler.level = ALL
+java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
+
+net.java.sip.communicator.util.ScLogFormatter.programname=JVB
+
+.level=INFO
+
+org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE
+
+# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge.
+org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING

roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2

@@ -0,0 +1,36 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-jvb server
+{% for service in matrix_jitsi_jvb_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb
+ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb
+
+ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			{% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %}
+			-p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \
+			{% endif %}
+			{% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %}
+			-p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \
+			{% endif %}
+			-v {{ matrix_jitsi_jvb_config_path }}:/config \
+			{% for arg in matrix_jitsi_jvb_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_jvb_docker_image }}
+
+ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb
+ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-jvb
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2

@@ -0,0 +1,19 @@
+org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
+org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
+org.jitsi.videobridge.TCP_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
+
+{% if matrix_jitsi_jvb_stun_servers|length > 0 %}
+org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ matrix_jitsi_jvb_stun_servers|join(',') }}
+{% endif %}
+
+org.jitsi.videobridge.xmpp.user.shard.HOSTNAME={{ matrix_jitsi_xmpp_server }}
+org.jitsi.videobridge.xmpp.user.shard.DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+org.jitsi.videobridge.xmpp.user.shard.USERNAME={{ matrix_jitsi_jvb_auth_user }}
+org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ matrix_jitsi_jvb_auth_password }}
+org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
+org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=matrix-jitsi-jvb
+org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
+
+org.jitsi.videobridge.ENABLE_STATISTICS=true
+org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
+org.jitsi.videobridge.STATISTICS_INTERVAL=5000

roles/matrix-jitsi/templates/prosody/env.j2

@@ -0,0 +1,31 @@
+AUTH_TYPE=internal
+
+ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
+
+XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
+XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
+XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
+
+XMPP_MODULES=
+XMPP_MUC_MODULES=
+XMPP_INTERNAL_MUC_MODULES=
+
+XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
+
+JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
+
+JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
+JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
+
+JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
+JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
+
+JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
+JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
+
+TZ={{ matrix_jitsi_timezone }}

roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2

@@ -0,0 +1,31 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-prosody server
+{% for service in matrix_jitsi_prosody_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody
+ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody
+
+ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			--env-file={{ matrix_jitsi_prosody_base_path }}/env \
+			-v {{ matrix_jitsi_prosody_config_path }}:/config \
+			{% for arg in matrix_jitsi_prosody_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_prosody_docker_image }}
+
+ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody
+ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-prosody
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-jitsi/templates/web/config.js.j2

@@ -0,0 +1,486 @@
+/* eslint-disable no-unused-vars, no-var */
+
+var config = {
+    // Configuration
+    //
+
+    // Alternative location for the configuration.
+    // configLocation: './config.json',
+
+    // Custom function which given the URL path should return a room name.
+    // getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; },
+
+
+    // Connection
+    //
+
+    hosts: {
+        // XMPP domain.
+        domain: '{{ matrix_jitsi_xmpp_domain }}',
+
+        {% if matrix_jitsi_enable_guests %}
+        // When using authentication, domain for guest users.
+		anonymousdomain: 'guest.example.com',
+
+        // Domain for authenticated users. Defaults to <domain>.
+        authdomain: '{{ matrix_jitsi_xmpp_domain }}',
+        {% endif %}
+
+        // Jirecon recording component domain.
+        // jirecon: 'jirecon.{{ matrix_jitsi_xmpp_domain }}',
+
+        // Call control component (Jigasi).
+        // call_control: 'callcontrol.{{ matrix_jitsi_xmpp_domain }}',
+
+        // Focus component domain. Defaults to focus.<domain>.
+        // focus: 'focus.{{ matrix_jitsi_xmpp_domain }}',
+
+        // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
+        muc: {{ matrix_jitsi_xmpp_muc_domain|to_json }},
+    },
+
+    // BOSH URL. FIXME: use XEP-0156 to discover it.
+    bosh: '/http-bind',
+
+    // The name of client node advertised in XEP-0115 'c' stanza
+    clientNode: 'http://jitsi.org/jitsimeet',
+
+    // The real JID of focus participant - can be overridden here
+    focusUserJid: {{ matrix_jitsi_jicofo_auth_user|to_json }} + '@' + {{ matrix_jitsi_xmpp_auth_domain|to_json }},
+
+
+    // Testing / experimental features.
+    //
+
+    testing: {
+        // Enables experimental simulcast support on Firefox.
+        enableFirefoxSimulcast: false,
+
+        // P2P test mode disables automatic switching to P2P when there are 2
+        // participants in the conference.
+        p2pTestMode: false
+
+        // Enables the test specific features consumed by jitsi-meet-torture
+        // testMode: false
+    },
+
+    // Disables ICE/UDP by filtering out local and remote UDP candidates in
+    // signalling.
+    // webrtcIceUdpDisable: false,
+
+    // Disables ICE/TCP by filtering out local and remote TCP candidates in
+    // signalling.
+    // webrtcIceTcpDisable: false,
+
+
+    // Media
+    //
+
+    // Audio
+
+    // Disable measuring of audio levels.
+    // disableAudioLevels: false,
+
+    // Start the conference in audio only mode (no video is being received nor
+    // sent).
+    // startAudioOnly: false,
+
+    // Every participant after the Nth will start audio muted.
+    // startAudioMuted: 10,
+
+    // Start calls with audio muted. Unlike the option above, this one is only
+    // applied locally. FIXME: having these 2 options is confusing.
+    // startWithAudioMuted: false,
+
+    // Enabling it (with #params) will disable local audio output of remote
+    // participants and to enable it back a reload is needed.
+    // startSilent: false
+
+    // Video
+
+    // Sets the preferred resolution (height) for local video. Defaults to 720.
+    // resolution: 720,
+
+    // w3c spec-compliant video constraints to use for video capture. Currently
+    // used by browsers that return true from lib-jitsi-meet's
+    // util#browser#usesNewGumFlow. The constraints are independency from
+    // this config's resolution value. Defaults to requesting an ideal aspect
+    // ratio of 16:9 with an ideal resolution of 720.
+    // constraints: {
+    //     video: {
+    //         aspectRatio: 16 / 9,
+    //         height: {
+    //             ideal: 720,
+    //             max: 720,
+    //             min: 240
+    //         }
+    //     }
+    // },
+
+    // Enable / disable simulcast support.
+    // disableSimulcast: false,
+
+    // Enable / disable layer suspension.  If enabled, endpoints whose HD
+    // layers are not in use will be suspended (no longer sent) until they
+    // are requested again.
+    // enableLayerSuspension: false,
+
+    // Suspend sending video if bandwidth estimation is too low. This may cause
+    // problems with audio playback. Disabled until these are fixed.
+    disableSuspendVideo: true,
+
+    // Every participant after the Nth will start video muted.
+    // startVideoMuted: 10,
+
+    // Start calls with video muted. Unlike the option above, this one is only
+    // applied locally. FIXME: having these 2 options is confusing.
+    // startWithVideoMuted: false,
+
+    // If set to true, prefer to use the H.264 video codec (if supported).
+    // Note that it's not recommended to do this because simulcast is not
+    // supported when  using H.264. For 1-to-1 calls this setting is enabled by
+    // default and can be toggled in the p2p section.
+    // preferH264: true,
+
+    // If set to true, disable H.264 video codec by stripping it out of the
+    // SDP.
+    // disableH264: false,
+
+    // Desktop sharing
+
+    // The ID of the jidesha extension for Chrome.
+    desktopSharingChromeExtId: null,
+
+    // Whether desktop sharing should be disabled on Chrome.
+    // desktopSharingChromeDisabled: false,
+
+    // The media sources to use when using screen sharing with the Chrome
+    // extension.
+    desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
+
+    // Required version of Chrome extension
+    desktopSharingChromeMinExtVersion: '0.1',
+
+    // Whether desktop sharing should be disabled on Firefox.
+    // desktopSharingFirefoxDisabled: false,
+
+    // Optional desktop sharing frame rate options. Default value: min:5, max:5.
+    // desktopSharingFrameRate: {
+    //     min: 5,
+    //     max: 5
+    // },
+
+    // Try to start calls with screen-sharing instead of camera video.
+    // startScreenSharing: false,
+
+    // Recording
+hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }},
+
+    // Whether to enable file recording or not.
+    fileRecordingsEnabled: {{ matrix_jitsi_enable_recording|to_json }},
+    // Enable the dropbox integration.
+    // dropbox: {
+    //     appKey: '<APP_KEY>' // Specify your app key here.
+    //     // A URL to redirect the user to, after authenticating
+    //     // by default uses:
+    //     // 'https://{{ matrix_jitsi_xmpp_domain }}/static/oauth.html'
+    //     redirectURI:
+    //          'https://{{ matrix_jitsi_xmpp_domain }}/subfolder/static/oauth.html'
+    // },
+    // When integrations like dropbox are enabled only that will be shown,
+    // by enabling fileRecordingsServiceEnabled, we show both the integrations
+    // and the generic recording service (its configuration and storage type
+    // depends on jibri configuration)
+    // fileRecordingsServiceEnabled: false,
+    // Whether to show the possibility to share file recording with other people
+    // (e.g. meeting participants), based on the actual implementation
+    // on the backend.
+    // fileRecordingsServiceSharingEnabled: false,
+
+    // Whether to enable live streaming or not.
+    liveStreamingEnabled: {{ matrix_jitsi_enable_recording|to_json }},
+
+    // Transcription (in interface_config,
+    // subtitles and buttons can be configured)
+    transcribingEnabled: {{ matrix_jitsi_enable_transcriptions|to_json }},
+
+    // Misc
+
+    // Default value for the channel "last N" attribute. -1 for unlimited.
+    channelLastN: -1,
+
+    // Disables or enables RTX (RFC 4588) (defaults to false).
+    // disableRtx: false,
+
+    // Disables or enables TCC (the default is in Jicofo and set to true)
+    // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
+    // affects congestion control, it practically enables send-side bandwidth
+    // estimations.
+    // enableTcc: true,
+
+    // Disables or enables REMB (the default is in Jicofo and set to false)
+    // (draft-alvestrand-rmcat-remb-03). This setting affects congestion
+    // control, it practically enables recv-side bandwidth estimations. When
+    // both TCC and REMB are enabled, TCC takes precedence. When both are
+    // disabled, then bandwidth estimations are disabled.
+    // enableRemb: false,
+
+    // Defines the minimum number of participants to start a call (the default
+    // is set in Jicofo and set to 2).
+    // minParticipants: 2,
+
+    // Use XEP-0215 to fetch STUN and TURN servers.
+    // useStunTurn: true,
+
+    // Enable IPv6 support.
+    // useIPv6: true,
+
+    // Enables / disables a data communication channel with the Videobridge.
+    // Values can be 'datachannel', 'websocket', true (treat it as
+    // 'datachannel'), undefined (treat it as 'datachannel') and false (don't
+    // open any channel).
+    // openBridgeChannel: true,
+
+
+    // UI
+    //
+
+    // Use display name as XMPP nickname.
+    // useNicks: false,
+
+    // Require users to always specify a display name.
+    // requireDisplayName: true,
+
+    // Whether to use a welcome page or not. In case it's false a random room
+    // will be joined when no room is specified.
+    enableWelcomePage: true,
+
+    // Enabling the close page will ignore the welcome page redirection when
+    // a call is hangup.
+    // enableClosePage: false,
+
+    // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
+    // disable1On1Mode: false,
+
+    // Default language for the user interface.
+    // defaultLanguage: 'en',
+
+    // If true all users without a token will be considered guests and all users
+    // with token will be considered non-guests. Only guests will be allowed to
+    // edit their profile.
+    enableUserRolesBasedOnToken: false,
+
+    // Whether or not some features are checked based on token.
+    // enableFeaturesBasedOnToken: false,
+
+    // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
+    // lockRoomGuestEnabled: false,
+
+    // When enabled the password used for locking a room is restricted to up to the number of digits specified
+    // roomPasswordNumberOfDigits: 10,
+    // default: roomPasswordNumberOfDigits: false,
+
+    // Message to show the users. Example: 'The service will be down for
+    // maintenance at 01:00 AM GMT,
+    // noticeMessage: '',
+
+    // Enables calendar integration, depends on googleApiApplicationClientID
+    // and microsoftApiApplicationClientID
+    // enableCalendarIntegration: false,
+
+    // Stats
+    //
+
+    // Whether to enable stats collection or not in the TraceablePeerConnection.
+    // This can be useful for debugging purposes (post-processing/analysis of
+    // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
+    // estimation tests.
+    // gatherStats: false,
+
+    // To enable sending statistics to callstats.io you must provide the
+    // Application ID and Secret.
+    // callStatsID: '',
+    // callStatsSecret: '',
+
+    // enables callstatsUsername to be reported as statsId and used
+    // by callstats as repoted remote id
+    // enableStatsID: false
+
+    // enables sending participants display name to callstats
+    // enableDisplayNameInStats: false
+
+
+    // Privacy
+    //
+
+    // If third party requests are disabled, no other server will be contacted.
+    // This means avatars will be locally generated and callstats integration
+    // will not function.
+    // disableThirdPartyRequests: false,
+
+
+    // Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
+    //
+
+    p2p: {
+        // Enables peer to peer mode. When enabled the system will try to
+        // establish a direct connection when there are exactly 2 participants
+        // in the room. If that succeeds the conference will stop sending data
+        // through the JVB and use the peer to peer connection instead. When a
+        // 3rd participant joins the conference will be moved back to the JVB
+        // connection.
+        enabled: true,
+
+        // Use XEP-0215 to fetch STUN and TURN servers.
+        // useStunTurn: true,
+
+        // The STUN servers that will be used in the peer to peer connections
+        {% if matrix_jitsi_web_stun_servers|length > 0 %}
+        stunServers: [
+            {% for url in matrix_jitsi_web_stun_servers %}
+                { urls: {{ url|to_json }} }{% if not loop.last %},{% endif %}
+            {% endfor %}
+        ],
+        {% endif %}
+
+        // Sets the ICE transport policy for the p2p connection. At the time
+        // of this writing the list of possible values are 'all' and 'relay',
+        // but that is subject to change in the future. The enum is defined in
+        // the WebRTC standard:
+        // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
+        // If not set, the effective value is 'all'.
+        // iceTransportPolicy: 'all',
+
+        // If set to true, it will prefer to use H.264 for P2P calls (if H.264
+        // is supported).
+        preferH264: true
+
+        // If set to true, disable H.264 video codec by stripping it out of the
+        // SDP.
+        // disableH264: false,
+
+        // How long we're going to wait, before going back to P2P after the 3rd
+        // participant has left the conference (to filter out page reload).
+        // backToP2PDelay: 5
+    },
+
+    analytics: {
+        // The Google Analytics Tracking ID:
+        // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
+
+        // The Amplitude APP Key:
+        // amplitudeAPPKey: '<APP_KEY>'
+
+        // Array of script URLs to load as lib-jitsi-meet "analytics handlers".
+        // scriptURLs: [
+        //      "libs/analytics-ga.min.js", // google-analytics
+        //      "https://example.com/my-custom-analytics.js"
+        // ],
+    },
+
+    // Information about the jitsi-meet instance we are connecting to, including
+    // the user region as seen by the server.
+    deploymentInfo: {
+        // shard: "shard1",
+        // region: "europe",
+        // userRegion: "asia"
+    }
+
+    // Local Recording
+    //
+
+    // localRecording: {
+    // Enables local recording.
+    // Additionally, 'localrecording' (all lowercase) needs to be added to
+    // TOOLBAR_BUTTONS in interface_config.js for the Local Recording
+    // button to show up on the toolbar.
+    //
+    //     enabled: true,
+    //
+
+    // The recording format, can be one of 'ogg', 'flac' or 'wav'.
+    //     format: 'flac'
+    //
+
+    // }
+
+    // Options related to end-to-end (participant to participant) ping.
+    // e2eping: {
+    //   // The interval in milliseconds at which pings will be sent.
+    //   // Defaults to 10000, set to <= 0 to disable.
+    //   pingInterval: 10000,
+    //
+    //   // The interval in milliseconds at which analytics events
+    //   // with the measured RTT will be sent. Defaults to 60000, set
+    //   // to <= 0 to disable.
+    //   analyticsInterval: 60000,
+    //   }
+
+    // If set, will attempt to use the provided video input device label when
+    // triggering a screenshare, instead of proceeding through the normal flow
+    // for obtaining a desktop stream.
+    // NOTE: This option is experimental and is currently intended for internal
+    // use only.
+    // _desktopSharingSourceDevice: 'sample-id-or-label'
+
+    // If true, any checks to handoff to another application will be prevented
+    // and instead the app will continue to display in the current browser.
+    // disableDeepLinking: false
+
+    // A property to disable the right click context menu for localVideo
+    // the menu has option to flip the locally seen video for local presentations
+    // disableLocalVideoFlip: false
+
+    // List of undocumented settings used in jitsi-meet
+    /**
+     _immediateReloadThreshold
+     autoRecord
+     autoRecordToken
+     debug
+     debugAudioLevels
+     deploymentInfo
+     dialInConfCodeUrl
+     dialInNumbersUrl
+     dialOutAuthUrl
+     dialOutCodesUrl
+     disableRemoteControl
+     displayJids
+     etherpad_base
+     externalConnectUrl
+     firefox_fake_device
+     googleApiApplicationClientID
+     iAmRecorder
+     iAmSipGateway
+     microsoftApiApplicationClientID
+     peopleSearchQueryTypes
+     peopleSearchUrl
+     requireDisplayName
+     tokenAuthUrl
+     */
+
+    // List of undocumented settings used in lib-jitsi-meet
+    /**
+     _peerConnStatusOutOfLastNTimeout
+     _peerConnStatusRtcMuteTimeout
+     abTesting
+     avgRtpStatsN
+     callStatsConfIDNamespace
+     callStatsCustomScriptUrl
+     desktopSharingSources
+     disableAEC
+     disableAGC
+     disableAP
+     disableHPF
+     disableNS
+     enableLipSync
+     enableTalkWhileMuted
+     forceJVB121Ratio
+     hiddenDomain
+     ignoreStartMuted
+     nick
+     startBitrate
+     */
+
+};
+
+/* eslint-enable no-unused-vars, no-var */

roles/matrix-jitsi/templates/web/env.j2

@@ -0,0 +1,28 @@
+ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
+
+ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
+
+DISABLE_HTTPS=1
+
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+
+PUBLIC_URL={{ matrix_jitsi_web_public_url }}
+
+XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
+XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
+XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
+XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
+
+TZ={{ matrix_jitsi_timezone }}
+
+JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
+JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
+JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
+JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
+JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
+JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
+
+ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }}

roles/matrix-jitsi/templates/web/interface_config.js.j2

@@ -0,0 +1,230 @@
+/* eslint-disable no-unused-vars, no-var, max-len */
+
+var interfaceConfig = {
+    // TO FIX: this needs to be handled from SASS variables. There are some
+    // methods allowing to use variables both in css and js.
+    DEFAULT_BACKGROUND: '#474747',
+
+    /**
+     * Whether or not the blurred video background for large video should be
+     * displayed on browsers that can support it.
+     */
+    DISABLE_VIDEO_BACKGROUND: false,
+
+    INITIAL_TOOLBAR_TIMEOUT: 20000,
+    TOOLBAR_TIMEOUT: 4000,
+    TOOLBAR_ALWAYS_VISIBLE: false,
+    DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
+    DEFAULT_LOCAL_DISPLAY_NAME: 'me',
+    SHOW_JITSI_WATERMARK: true,
+    JITSI_WATERMARK_LINK: 'https://jitsi.org',
+
+    // if watermark is disabled by default, it can be shown only for guests
+    SHOW_WATERMARK_FOR_GUESTS: true,
+    SHOW_BRAND_WATERMARK: false,
+    BRAND_WATERMARK_LINK: '',
+    SHOW_POWERED_BY: false,
+    SHOW_DEEP_LINKING_IMAGE: false,
+    GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
+    DISPLAY_WELCOME_PAGE_CONTENT: true,
+    APP_NAME: 'Jitsi Meet',
+    NATIVE_APP_NAME: 'Jitsi Meet',
+    PROVIDER_NAME: 'Jitsi',
+    LANG_DETECTION: false, // Allow i18n to detect the system language
+    INVITATION_POWERED_BY: true,
+
+    /**
+     * If we should show authentication block in profile
+     */
+    AUTHENTICATION_ENABLE: true,
+
+    /**
+     * The name of the toolbar buttons to display in the toolbar. If present,
+     * the button will display. Exceptions are "livestreaming" and "recording"
+     * which also require being a moderator and some values in config.js to be
+     * enabled. Also, the "profile" button will not display for user's with a
+     * jwt.
+     */
+    TOOLBAR_BUTTONS: [
+		{% if matrix_jitsi_enable_transcriptions %}
+            'closedcaptions',
+		{% endif %}
+
+        'microphone', 'camera', 'desktop', 'fullscreen',
+        'fodeviceselection', 'hangup', 'profile', 'info', 'chat', 'recording',
+        'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
+        'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
+        'tileview', 'videobackgroundblur'
+    ],
+
+    SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ],
+
+    // Determines how the video would fit the screen. 'both' would fit the whole
+    // screen, 'height' would fit the original video height to the height of the
+    // screen, 'width' would fit the original video width to the width of the
+    // screen respecting ratio.
+    VIDEO_LAYOUT_FIT: 'both',
+
+    /**
+     * Whether to only show the filmstrip (and hide the toolbar).
+     */
+    filmStripOnly: false,
+
+    /**
+     * Whether to show thumbnails in filmstrip as a column instead of as a row.
+     */
+    VERTICAL_FILMSTRIP: true,
+
+    // A html text to be shown to guests on the close page, false disables it
+    CLOSE_PAGE_GUEST_HINT: false,
+    RANDOM_AVATAR_URL_PREFIX: false,
+    RANDOM_AVATAR_URL_SUFFIX: false,
+    FILM_STRIP_MAX_HEIGHT: 120,
+
+    // Enables feedback star animation.
+    ENABLE_FEEDBACK_ANIMATION: false,
+    DISABLE_FOCUS_INDICATOR: false,
+    DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
+
+    /**
+     * Whether the speech to text transcription subtitles panel is disabled.
+     * If {@code undefined}, defaults to {@code false}.
+     *
+     * @type {boolean}
+     */
+    DISABLE_TRANSCRIPTION_SUBTITLES: false,
+
+    /**
+     * Whether the ringing sound in the call/ring overlay is disabled. If
+     * {@code undefined}, defaults to {@code false}.
+     *
+     * @type {boolean}
+     */
+    DISABLE_RINGING: false,
+    AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
+    AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
+    POLICY_LOGO: null,
+    LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
+    REMOTE_THUMBNAIL_RATIO: 1, // 1:1
+    // Documentation reference for the live streaming feature.
+    LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live',
+
+    /**
+     * Whether the mobile app Jitsi Meet is to be promoted to participants
+     * attempting to join a conference in a mobile Web browser. If
+     * {@code undefined}, defaults to {@code true}.
+     *
+     * @type {boolean}
+     */
+    MOBILE_APP_PROMO: true,
+
+    /**
+     * Maximum coeficient of the ratio of the large video to the visible area
+     * after the large video is scaled to fit the window.
+     *
+     * @type {number}
+     */
+    MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
+
+    /*
+     * If indicated some of the error dialogs may point to the support URL for
+     * help.
+     */
+    SUPPORT_URL: 'https://github.com/jitsi/jitsi-meet/issues/new',
+
+    /**
+     * Whether the connection indicator icon should hide itself based on
+     * connection strength. If true, the connection indicator will remain
+     * displayed while the participant has a weak connection and will hide
+     * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is
+     * strong.
+     *
+     * @type {boolean}
+     */
+    CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true,
+
+    /**
+     * How long the connection indicator should remain displayed before hiding.
+     * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED.
+     *
+     * @type {number}
+     */
+    CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000,
+
+    /**
+     * If true, hides the connection indicators completely.
+     *
+     * @type {boolean}
+     */
+    CONNECTION_INDICATOR_DISABLED: false,
+
+    /**
+     * If true, hides the video quality label indicating the resolution status
+     * of the current large video.
+     *
+     * @type {boolean}
+     */
+    VIDEO_QUALITY_LABEL_DISABLED: false,
+
+    /**
+     * If true, will display recent list
+     *
+     * @type {boolean}
+     */
+    RECENT_LIST_ENABLED: true,
+
+    // Names of browsers which should show a warning stating the current browser
+    // has a suboptimal experience. Browsers which are not listed as optimal or
+    // unsupported are considered suboptimal. Valid values are:
+    // chrome, chromium, edge, electron, firefox, nwjs, opera, safari
+    OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron' ],
+
+    // Browsers, in addition to those which do not fully support WebRTC, that
+    // are not supported and should show the unsupported browser page.
+    UNSUPPORTED_BROWSERS: [],
+
+    /**
+     * A UX mode where the last screen share participant is automatically
+     * pinned. Valid values are the string "remote-only" so remote participants
+     * get pinned but not local, otherwise any truthy value for all participants,
+     * and any falsy value to disable the feature.
+     *
+     * Note: this mode is experimental and subject to breakage.
+     */
+    AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only'
+
+    /**
+     * How many columns the tile view can expand to. The respected range is
+     * between 1 and 5.
+     */
+    // TILE_VIEW_MAX_COLUMNS: 5,
+
+    /**
+     * Specify custom URL for downloading android mobile app.
+     */
+    // MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
+
+    /**
+     * Specify URL for downloading ios mobile app.
+     */
+    // MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
+
+    /**
+     * Specify mobile app scheme for opening the app from the mobile browser.
+     */
+    // APP_SCHEME: 'org.jitsi.meet',
+
+    /**
+     * Specify the Android app package name.
+     */
+    // ANDROID_APP_PACKAGE: 'org.jitsi.meet',
+
+    /**
+     * Override the behavior of some notifications to remain displayed until
+     * explicitly dismissed through a user action. The value is how long, in
+     * milliseconds, those notifications should remain displayed.
+     */
+    // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000,
+};
+
+/* eslint-enable no-unused-vars, no-var, max-len */

roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2

@@ -0,0 +1,35 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-web server
+{% for service in matrix_jitsi_web_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web
+ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web
+
+ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			--env-file={{ matrix_jitsi_web_base_path }}/env \
+			{% if matrix_jitsi_web_container_http_host_bind_port %}
+			-p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \
+			{% endif %}
+			-v {{ matrix_jitsi_web_config_path }}:/config \
+			-v {{ matrix_jitsi_web_transcripts_path }}:/usr/share/jitsi-meet/transcripts \
+			{% for arg in matrix_jitsi_web_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_web_docker_image }}
+
+ExecStop=-/usr/bin/docker kill matrix-jitsi-web
+ExecStop=-/usr/bin/docker rm matrix-jitsi-web
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-web
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-mailer/tasks/setup_mailer.yml

@@ -31,7 +31,7 @@
 - name: Ensure matrix-mailer.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-mailer.service.j2"
-    dest: "/etc/systemd/system/matrix-mailer.service"
+    dest: "{{ matrix_systemd_path }}/matrix-mailer.service"
     mode: 0644
   register: matrix_mailer_systemd_service_result
   when: matrix_mailer_enabled|bool
@@ -47,7 +47,7 @@
 
 - name: Check existence of matrix-mailer service
   stat:
-    path: "/etc/systemd/system/matrix-mailer.service"
+    path: "{{ matrix_systemd_path }}/matrix-mailer.service"
   register: matrix_mailer_service_stat
   when: "not matrix_mailer_enabled|bool"
 
@@ -61,7 +61,7 @@
 
 - name: Ensure matrix-mailer.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-mailer.service"
+    path: "{{ matrix_systemd_path }}/matrix-mailer.service"
     state: absent
   when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists"
 

roles/matrix-mxisd/tasks/setup_mxisd.yml

@@ -78,7 +78,7 @@
 - name: Ensure matrix-mxisd.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-mxisd.service.j2"
-    dest: "/etc/systemd/system/matrix-mxisd.service"
+    dest: "{{ matrix_systemd_path }}/matrix-mxisd.service"
     mode: 0644
   register: matrix_mxisd_systemd_service_result
   when: matrix_mxisd_enabled|bool
@@ -94,7 +94,7 @@
 
 - name: Check existence of matrix-mxisd service
   stat:
-    path: "/etc/systemd/system/matrix-mxisd.service"
+    path: "{{ matrix_systemd_path }}/matrix-mxisd.service"
   register: matrix_mxisd_service_stat
 
 - name: Ensure matrix-mxisd is stopped
@@ -107,7 +107,7 @@
 
 - name: Ensure matrix-mxisd.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-mxisd.service"
+    path: "{{ matrix_systemd_path }}/matrix-mxisd.service"
     state: absent
   when: "not matrix_mxisd_enabled|bool and matrix_mxisd_service_stat.stat.exists"
 

roles/matrix-nginx-proxy/defaults/main.yml

@@ -105,6 +105,10 @@ matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_nginx_proxy_proxy_dimension_enabled: false
 matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
 
+# Controls whether proxying the jitsi domain should be done.
+matrix_nginx_proxy_proxy_jitsi_enabled: false
+matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
+
 # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
 matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
 matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@@ -164,6 +168,9 @@ matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []
 # A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration.
 matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
 
+# A list of strings containing additional configuration blocks to add to the jitsi's server configuration.
+matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
+
 # A list of strings containing additional configuration blocks to add to the matrix domain server configuration.
 matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
 

roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml

@@ -66,6 +66,13 @@
     mode: 0644
   when: matrix_nginx_proxy_proxy_dimension_enabled|bool
 
+- name: Ensure Matrix nginx-proxy configuration for jitsi domain exists
+  template:
+    src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2"
+    dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
+    mode: 0644
+  when: matrix_nginx_proxy_proxy_jitsi_enabled|bool
+
 - name: Ensure Matrix nginx-proxy data directory for base domain exists
   file:
     path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain"
@@ -105,7 +112,7 @@
 - name: Ensure matrix-nginx-proxy.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
-    dest: "/etc/systemd/system/matrix-nginx-proxy.service"
+    dest: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service"
     mode: 0644
   register: matrix_nginx_proxy_systemd_service_result
   when: matrix_nginx_proxy_enabled|bool
@@ -122,7 +129,7 @@
 
 - name: Check existence of matrix-nginx-proxy service
   stat:
-    path: "/etc/systemd/system/matrix-nginx-proxy.service"
+    path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service"
   register: matrix_nginx_proxy_service_stat
   when: "not matrix_nginx_proxy_enabled|bool"
 
@@ -136,7 +143,7 @@
 
 - name: Ensure matrix-nginx-proxy.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-nginx-proxy.service"
+    path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service"
     state: absent
   when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
 
@@ -163,6 +170,12 @@
     state: absent
   when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool"
 
+- name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted
+  file:
+    path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
+    state: absent
+  when: "not matrix_nginx_proxy_proxy_jitsi_enabled|bool"
+
 - name: Ensure Matrix nginx-proxy homepage for base domain deleted
   file:
     path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml

@@ -7,9 +7,9 @@
     path: "{{ item }}"
     state: absent
   with_items:
-    - /usr/local/bin/matrix-ssl-certificates-renew
-    - /etc/cron.d/matrix-ssl-certificate-renewal
-    - /etc/cron.d/matrix-nginx-proxy-periodic-restarter
+    - "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew"
+    - "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal"
+    - "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter"
 
 
 #
@@ -51,7 +51,7 @@
 - name: Ensure Let's Encrypt SSL renewal script installed
   template:
     src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2"
-    dest: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
+    dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
     mode: 0750
   when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
 
@@ -73,7 +73,7 @@
       hour: "4"
       minute: "15"
       day: "*"
-      job: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
+      job: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
 
   - name: Ensure periodic reloading of matrix-nginx-proxy is configured for SSL renewal (matrix-nginx-proxy-reload)
     cron:
@@ -113,6 +113,6 @@
 
 - name: Ensure Let's Encrypt SSL renewal script removed
   file:
-    path: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
+    path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
     state: absent
   when: "matrix_ssl_retrieval_method != 'lets-encrypt'"

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2

@@ -0,0 +1,72 @@
+#jinja2: lstrip_blocks: "True"
+
+{% macro render_vhost_directives() %}
+	gzip on;
+	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
+{% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %}
+	{{- configuration_block }}
+{% endfor %}
+
+	location / {
+		{% if matrix_nginx_proxy_enabled %}
+			{# Use the embedded DNS resolver in Docker containers to discover the service #}
+			resolver 127.0.0.11 valid=5s;
+			set $backend "matrix-jitsi-web:80";
+			proxy_pass http://$backend;
+		{% else %}
+			{# Generic configuration for use outside of our container setup #}
+			proxy_pass http://127.0.0.1:12080;
+		{% endif %}
+
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+	}
+{% endmacro %}
+
+server {
+	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
+	server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }};
+
+	server_tokens off;
+	root /dev/null;
+
+	{% if matrix_nginx_proxy_https_enabled %}
+		location /.well-known/acme-challenge {
+			{% if matrix_nginx_proxy_enabled %}
+				{# Use the embedded DNS resolver in Docker containers to discover the service #}
+				resolver 127.0.0.11 valid=5s;
+				set $backend "matrix-certbot:8080";
+				proxy_pass http://$backend;
+			{% else %}
+				{# Generic configuration for use outside of our container setup #}
+				proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
+			{% endif %}
+		}
+
+		location / {
+			return 301 https://$http_host$request_uri;
+		}
+	{% else %}
+		{{ render_vhost_directives() }}
+	{% endif %}
+}
+
+{% if matrix_nginx_proxy_https_enabled %}
+server {
+	listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
+	listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
+
+	server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }};
+
+	server_tokens off;
+	root /dev/null;
+
+	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/fullchain.pem;
+	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/privkey.pem;
+	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+
+	{{ render_vhost_directives() }}
+}
+{% endif %}

roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml

@@ -62,7 +62,7 @@
 
 - name: Ensure outdated matrix-postgres.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-postgres.service"
+    path: "{{ matrix_systemd_path }}/matrix-postgres.service"
     state: absent
   when: "result_pg_old_data_dir_stat.stat.exists"
 

roles/matrix-postgres/tasks/setup_postgres.yml

@@ -69,34 +69,34 @@
 - name: Ensure matrix-postgres-cli script created
   template:
     src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli.j2"
-    dest: "/usr/local/bin/matrix-postgres-cli"
+    dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli"
     mode: 0750
   when: matrix_postgres_enabled|bool
 
 - name: Ensure matrix-change-user-admin-status script created
   template:
     src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2"
-    dest: "/usr/local/bin/matrix-change-user-admin-status"
+    dest: "{{ matrix_local_bin_path }}/matrix-change-user-admin-status"
     mode: 0750
   when: matrix_postgres_enabled|bool
 
 - name: (Migration) Ensure old matrix-make-user-admin script deleted
   file:
-    path: "/usr/local/bin/matrix-make-user-admin"
+    path: "{{ matrix_local_bin_path }}/matrix-make-user-admin"
     state: absent
   when: matrix_postgres_enabled|bool
 
 - name: Ensure matrix-postgres-update-user-password-hash script created
   template:
     src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2"
-    dest: "/usr/local/bin/matrix-postgres-update-user-password-hash"
+    dest: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash"
     mode: 0750
   when: matrix_postgres_enabled|bool
 
 - name: Ensure matrix-postgres.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-postgres.service.j2"
-    dest: "/etc/systemd/system/matrix-postgres.service"
+    dest: "{{ matrix_systemd_path }}/matrix-postgres.service"
     mode: 0644
   register: matrix_postgres_systemd_service_result
   when: matrix_postgres_enabled|bool
@@ -112,7 +112,7 @@
 
 - name: Check existence of matrix-postgres service
   stat:
-    path: "/etc/systemd/system/matrix-postgres.service"
+    path: "{{ matrix_systemd_path }}/matrix-postgres.service"
   register: matrix_postgres_service_stat
   when: "not matrix_postgres_enabled|bool"
 
@@ -125,7 +125,7 @@
 
 - name: Ensure matrix-postgres.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-postgres.service"
+    path: "{{ matrix_systemd_path }}/matrix-postgres.service"
     state: absent
   when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists"
 
@@ -148,7 +148,7 @@
 
 - name: Remove Postgres scripts
   file:
-    path: "/usr/local/bin/{{ item }}"
+    path: "{{ matrix_local_bin_path }}/{{ item }}"
     state: absent
   with_items:
     - matrix-postgres-cli

roles/matrix-riot-web/defaults/main.yml

@@ -58,6 +58,8 @@ matrix_riot_web_branding_welcomeBackgroundUrl: ~
 # point this to a `home.html` template file on your local filesystem.
 matrix_riot_web_embedded_pages_home_path: ~
 
+matrix_riot_web_jitsi_preferredDomain: ''
+
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_riot_web_self_check_validate_certificates: true
 

roles/matrix-riot-web/tasks/setup_riot_web.yml

@@ -75,7 +75,7 @@
 - name: Ensure matrix-riot-web.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-riot-web.service.j2"
-    dest: "/etc/systemd/system/matrix-riot-web.service"
+    dest: "{{ matrix_systemd_path }}/matrix-riot-web.service"
     mode: 0644
   register: matrix_riot_web_systemd_service_result
   when: matrix_riot_web_enabled|bool
@@ -91,7 +91,7 @@
 
 - name: Check existence of matrix-riot-web service
   stat:
-    path: "/etc/systemd/system/matrix-riot-web.service"
+    path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
   register: matrix_riot_web_service_stat
   when: "not matrix_riot_web_enabled|bool"
 
@@ -105,7 +105,7 @@
 
 - name: Ensure matrix-riot-web.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-riot-web.service"
+    path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
     state: absent
   when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
 

roles/matrix-riot-web/templates/config.json.j2

@@ -30,6 +30,12 @@
 	"embeddedPages": {
 		"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }}
 	},
+	{% if matrix_riot_web_jitsi_preferredDomain is not none %}
+	"jitsi": {
+        "preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }},
+        "externalApiUrl": "https://{{ matrix_riot_web_jitsi_preferredDomain }}/libs/external_api.min.js"
+    },
+	{% endif %}
 	"branding": {
 		"authFooterLinks": {{ matrix_riot_web_branding_authFooterLinks|to_json }},
 		"authHeaderLogoUrl": {{ matrix_riot_web_branding_authHeaderLogoUrl|to_json }},

roles/matrix-synapse/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_synapse_enabled: true
 
 matrix_synapse_container_image_self_build: false
 
-matrix_synapse_docker_image: "matrixdotorg/synapse:v1.11.1"
+matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.0"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"

roles/matrix-synapse/tasks/goofys/setup_install.yml

@@ -31,7 +31,7 @@
 - name: Ensure matrix-goofys.service installed
   template:
     src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2"
-    dest: "/etc/systemd/system/matrix-goofys.service"
+    dest: "{{ matrix_systemd_path }}/matrix-goofys.service"
     mode: 0644
   register: matrix_goofys_systemd_service_result
 

roles/matrix-synapse/tasks/goofys/setup_uninstall.yml

@@ -1,6 +1,6 @@
 - name: Check existence of matrix-goofys service
   stat:
-    path: "/etc/systemd/system/matrix-goofys.service"
+    path: "{{ matrix_systemd_path }}/matrix-goofys.service"
   register: matrix_goofys_service_stat
 
 - name: Ensure matrix-goofys is stopped
@@ -13,7 +13,7 @@
 
 - name: Ensure matrix-goofys.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-goofys.service"
+    path: "{{ matrix_systemd_path }}/matrix-goofys.service"
     state: absent
   when: "matrix_goofys_service_stat.stat.exists"
 

roles/matrix-synapse/tasks/register_user.yml

@@ -28,4 +28,4 @@
   when: "start_result.changed"
 
 - name: Register user
-  shell: "/usr/local/bin/matrix-synapse-register-user {{ username }} {{ password }} {{ '1' if admin == 'yes' else '0' }}"
+  shell: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username }} {{ password }} {{ '1' if admin == 'yes' else '0' }}"

roles/matrix-synapse/tasks/synapse/setup_install.yml

@@ -90,7 +90,7 @@
 - name: Ensure matrix-synapse.service installed
   template:
     src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2"
-    dest: "/etc/systemd/system/matrix-synapse.service"
+    dest: "{{ matrix_systemd_path }}/matrix-synapse.service"
     mode: 0644
   register: matrix_synapse_systemd_service_result
 
@@ -102,5 +102,5 @@
 - name: Ensure matrix-synapse-register-user script created
   template:
     src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2"
-    dest: "/usr/local/bin/matrix-synapse-register-user"
+    dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user"
     mode: 0750

roles/matrix-synapse/tasks/synapse/setup_uninstall.yml

@@ -1,6 +1,6 @@
 - name: Check existence of matrix-synapse service
   stat:
-    path: "/etc/systemd/system/matrix-synapse.service"
+    path: "{{ matrix_systemd_path }}/matrix-synapse.service"
   register: matrix_synapse_service_stat
 
 - name: Ensure matrix-synapse is stopped
@@ -13,7 +13,7 @@
 
 - name: Ensure matrix-synapse.service doesn't exist
   file:
-    path: "/etc/systemd/system/matrix-synapse.service"
+    path: "{{ matrix_systemd_path }}/matrix-synapse.service"
     state: absent
   when: "matrix_synapse_service_stat.stat.exists"
 

roles/matrix-synapse/tasks/update_user_password.yml

@@ -45,4 +45,4 @@
   register: password_hash
 
 - name: Update user password hash
-  shell: "/usr/local/bin/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'"
+  shell: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'"

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -1358,6 +1358,25 @@ saml2_config:
   #
   #grandfathered_mxid_source_attribute: upn
 
+  # Directory in which Synapse will try to find the template files below.
+  # If not set, default templates from within the Synapse package will be used.
+  #
+  # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
+  # If you *do* uncomment it, you will need to make sure that all the templates
+  # below are in the directory.
+  #
+  # Synapse will look for the following templates in this directory:
+  #
+  # * HTML page to display to users if something goes wrong during the
+  #   authentication process: 'saml_error.html'.
+  #
+  #   This template doesn't currently need any variable to render.
+  #
+  # You can see the default templates at:
+  # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
+  #
+  #template_dir: "res/templates"
+
 
 
 # Enable CAS for registration and login.
@@ -1508,10 +1527,6 @@ email:
   # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
   #
   #template_dir: "res/templates"
-  notif_template_html: notif_mail.html
-  notif_template_text: notif_mail.txt
-  expiry_template_html: notice_expiry.html
-  expiry_template_text: notice_expiry.txt
 {% endif %}
 
 

setup.yml

@@ -18,6 +18,7 @@
     - matrix-bridge-mautrix-whatsapp
     - matrix-synapse
     - matrix-riot-web
+    - matrix-jitsi
     - matrix-mxisd
     - matrix-dimension
     - matrix-email2matrix