diff --git a/CHANGELOG.md b/CHANGELOG.md index 31771186b..24a6af083 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2020-03-24 + +## Jitsi support + +The playbook can now (optionally) install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](docs/configuring-playbook-riot-web.md). + +See our [Jitsi documentation page](docs/configuring-playbook-jitsi.md) to get started. + + # 2020-03-15 ## Raspberry Pi support diff --git a/README.md b/README.md index bf6398cd4..a991e533e 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients +- (optional) [Jitsi](https://jitsi.org/), an open source video-conferencing platform + Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. @@ -144,6 +146,14 @@ This playbook sets up your server using the following Docker images: - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional) +- [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional) + +- [jitsi/jicofo](https://hub.docker.com/r/jitsi/jicofo) - the [Jitsi](https://jitsi.org/) Focus component (optional) + +- [jitsi/prosody](https://hub.docker.com/r/jitsi/prosody) - the [Jitsi](https://jitsi.org/) Prosody XMPP server component (optional) + +- [jitsi/jvb](https://hub.docker.com/r/jitsi/jvb) - the [Jitsi](https://jitsi.org/) Video Bridge component (optional) + ## Deficiencies diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 678c1679e..735b348fb 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -18,12 +18,16 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR ## General outline of DNS settings you need to do -| Type | Host | Priority | Weight | Port | Target | -| ----- | ----------------------- | -------- | ------ | ---- | ---------------------- | -| A | `matrix` | - | - | - | `matrix-server-IP` | -| CNAME | `riot` | - | - | - | `matrix.` | -| CNAME | `dimension` | - | - | - | `matrix.` | -| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | +| Type | Host | Priority | Weight | Port | Target | +| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- | +| A | `matrix` | - | - | - | `matrix-server-IP` | +| CNAME | `riot` | - | - | - | `matrix.` | +| CNAME | `dimension` (*) | - | - | - | `matrix.` | +| CNAME | `jitsi` (*) | - | - | - | `matrix.` | +| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | + + +DNS records marked with `(*)` above are optional. They refer to services that will not be installed by default (see the section below). If you won't be installing these services, feel free to skip creating these DNS records. ## Subdomains setup @@ -35,6 +39,8 @@ If you'd rather instruct the playbook not to install Riot (`matrix_riot_web_enab The `dimension.` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.` DNS record. +The `jitsi.` subdomain may be necessary, because this playbook could install the [Jitsi video-conferencing platform](https://jitsi.org/) for you. Jitsi installation is disabled by default, because it may be heavy and is not a core required component. To learn how to install it, see our [Jitsi](configuring-playbook-jitsi.md) guide. If you do not wish to set up Jitsi, feel free to skip the `jitsi.` DNS record. + ## `_matrix-identity._tcp` SRV record setup diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md new file mode 100644 index 000000000..67d2830ce --- /dev/null +++ b/docs/configuring-playbook-jitsi.md @@ -0,0 +1,39 @@ +# Jitsi + +The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md). + +Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services. + +The setup done by the playbook is very similar to [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet). + + +## Prerequisites + +Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. See [Configuring DNS](configuring-dns.md). + +You may also need to open the following ports to your server: + +- `10000/udp` - RTP media over UDP +- `4443/tcp` - RTP media fallback over TCP + + +## Installation + +Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_enabled: true + +# We only need this temporarily - until Jitsi integration in riot-web is finalized. +# Remove this line in the future, to switch back to a stable riot-web version. +matrix_riot_web_docker_image: "vectorim/riot-web:develop" +``` + +Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + + +## Usage + +You can use the self-hosted Jitsi server through Riot, through an Integration Manager like [Dimension](docs/configuring-playbook-dimension.md) or directly at `https://jitsi.DOMAIN`. + +To use it via riot-web, make sure you've installed the `develop` version and fully reloaded your riot-web page (at `riot.DOMAIN`). Starting a video-conference in a room containing more than 2 members should then create a Jitsi widget which utilizes your self-hosted Jitsi server. diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index d686c9470..4adcd934b 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -22,7 +22,7 @@ For an alternative, make sure to check Method #2 as well. No matter which external webserver you decide to go with, you'll need to: -1) Make sure your web server user (something like `http`, `apache`, `www-data`, `nginx`) is part of the `matrix` group. You should run something like this: `usermod -a -G matrix nginx` +1) Make sure your web server user (something like `http`, `apache`, `www-data`, `nginx`) is part of the `matrix` group. You should run something like this: `usermod -a -G matrix nginx`. This allows your webserver user to access files owned by the `matrix` group. When using an external nginx webserver, this allows it to read configuration files from `/matrix/nginx-proxy/conf.d`. When using another server, it would make other files, such as `/matrix/static-files/.well-known`, accessible to it. 2) Edit your configuration file (`inventory/host_vars/matrix./vars.yml`) to disable the integrated nginx server: diff --git a/docs/configuring-playbook-shared-secret-auth.md b/docs/configuring-playbook-shared-secret-auth.md index 0ec60d2ea..87b151a4a 100644 --- a/docs/configuring-playbook-shared-secret-auth.md +++ b/docs/configuring-playbook-shared-secret-auth.md @@ -4,7 +4,7 @@ The playbook can install and configure [matrix-synapse-shared-secret-auth](https See that project's documentation to learn what it does and why it might be useful to you. -If you decide that you'd like to let this playbook install it for you, you need some configuration like this: +If you decide that you'd like to let this playbook install it for you, you need some configuration (`inventory/host_vars/matrix./vars.yml`) like this: ```yaml matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 4d84fac33..051abf166 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -31,6 +31,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional, but recommended; after [installing](installing.md)) +- [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional) + ### Core service adjustments diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f722e2659..c2dd57866 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -392,6 +392,41 @@ matrix_email2matrix_enabled: false +###################################################################### +# +# matrix-jitsi +# +###################################################################### + +matrix_jitsi_enabled: false + +# Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# the Jitsi HTTP port to the local host. +matrix_jitsi_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12080' }}" + +matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}" +matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}" +matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}" + +matrix_jitsi_web_stun_servers: | + {{ + [ + matrix_server_fqn_matrix + ':5349', + matrix_server_fqn_matrix + ':3478', + ] + if matrix_coturn_enabled + else [ 'stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] + }} + +###################################################################### +# +# /matrix-jitsi +# +###################################################################### + + + ###################################################################### # # matrix-mailer @@ -482,6 +517,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_s matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_riot_enabled: "{{ matrix_riot_web_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" +matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -525,6 +561,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + + ([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else []) + + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) }} @@ -596,6 +634,8 @@ matrix_riot_web_enable_presence_by_hs_url: | matrix_riot_web_welcome_user_id: ~ +matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}" + ###################################################################### # # /matrix-riot-web diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index c2a81c294..6800df869 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -18,6 +18,9 @@ matrix_server_fqn_riot: "riot.{{ matrix_domain }}" # This is where you access the Dimension. matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" +# This is where you access Jitsi. +matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}" + matrix_user_username: "matrix" matrix_user_uid: 991 matrix_user_gid: 991 @@ -26,6 +29,9 @@ matrix_base_data_path: "/matrix" matrix_base_data_path_mode: "750" matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" +matrix_systemd_path: "/etc/systemd/system" +matrix_cron_path: "/etc/cron.d" +matrix_local_bin_path: "/usr/local/bin" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" @@ -69,4 +75,4 @@ run_stop: true # Building every docker image from source on the target host # Controlling docker image build is possible on a per unit base -matrix_container_images_self_build: false \ No newline at end of file +matrix_container_images_self_build: false diff --git a/roles/matrix-base/tasks/setup_matrix_base.yml b/roles/matrix-base/tasks/setup_matrix_base.yml index b4aa92b9a..24217883d 100644 --- a/roles/matrix-base/tasks/setup_matrix_base.yml +++ b/roles/matrix-base/tasks/setup_matrix_base.yml @@ -52,6 +52,6 @@ - name: Ensure matrix-remove-all script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-remove-all.j2" - dest: "/usr/local/bin/matrix-remove-all" + dest: "{{ matrix_local_bin_path }}/matrix-remove-all" mode: 0750 diff --git a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 index ac810595f..972919e31 100644 --- a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 +++ b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 @@ -15,15 +15,15 @@ if [ "$sure" != "Yes, I really want to remove everything!" ]; then exit 0 else echo "Stop and remove matrix services" - for s in $(find /etc/systemd/system/ -name "matrix-*" -printf "%f\n"); do + for s in $(find {{ matrix_systemd_path }}/ -name "matrix-*" -printf "%f\n"); do systemctl stop $s - rm -f /etc/systemd/system/$s + rm -f {{ matrix_systemd_path }}/$s done systemctl daemon-reload echo "Remove matrix cronjobs" find /etc/cron.d/ -name "matrix-*" -delete echo "Remove matrix scripts" - find /usr/local/bin/ -name "matrix-*" -delete + find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete echo "Remove every docker images" docker rmi $(docker images -aq) echo "Remove docker matrix network" diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 6f4f5979d..e2144f6ae 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -72,7 +72,7 @@ - name: Ensure matrix-appservice-discord.service installed template: src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2" - dest: "/etc/systemd/system/matrix-appservice-discord.service" + dest: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" mode: 0644 register: matrix_appservice_discord_systemd_service_result diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index 6790f2035..4e8c1fdc3 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-discord service stat: - path: "/etc/systemd/system/matrix-appservice-discord.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" register: matrix_appservice_discord_service_stat - name: Ensure matrix-appservice-discord is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-appservice-discord.service doesn't exist file: - path: "/etc/systemd/system/matrix-appservice-discord.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" state: absent when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index e2c2c2b65..1c69b2a82 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -139,7 +139,7 @@ - name: Ensure matrix-appservice-irc.service installed template: src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2" - dest: "/etc/systemd/system/matrix-appservice-irc.service" + dest: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" mode: 0644 register: matrix_appservice_irc_systemd_service_result diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index ce65d0e6c..2b5e5dfd3 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-irc service stat: - path: "/etc/systemd/system/matrix-appservice-irc.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" register: matrix_appservice_irc_service_stat - name: Ensure matrix-appservice-irc is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-appservice-irc.service doesn't exist file: - path: "/etc/systemd/system/matrix-appservice-irc.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" state: absent when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 1e8bc9cdb..b4132e966 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -38,7 +38,7 @@ - name: Ensure matrix-appservice-slack.service installed template: src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2" - dest: "/etc/systemd/system/matrix-appservice-slack.service" + dest: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" mode: 0644 register: matrix_appservice_slack_systemd_service_result diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index 92bee3e6d..0b83d02e8 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-slack service stat: - path: "/etc/systemd/system/matrix-appservice-slack.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" register: matrix_appservice_slack_service_stat - name: Ensure matrix-appservice-slack is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-appservice-slack.service doesn't exist file: - path: "/etc/systemd/system/matrix-appservice-slack.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" state: absent when: "matrix_appservice_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 94b4ef0ce..5d167dc0b 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -54,7 +54,7 @@ - name: Ensure matrix-appservice-webhooks.service installed template: src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2" - dest: "/etc/systemd/system/matrix-appservice-webhooks.service" + dest: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" mode: 0644 register: matrix_appservice_webhooks_systemd_service_result diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index 605b2525e..d8e973ce5 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-webhooks service stat: - path: "/etc/systemd/system/matrix-appservice-webhooks.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" register: matrix_appservice_webhooks_service_stat - name: Ensure matrix-appservice-webhooks is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-appservice-webhooks.service doesn't exist file: - path: "/etc/systemd/system/matrix-appservice-webhooks.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" state: absent when: "matrix_appservice_webhooks_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 2656c5ae0..77f3346f8 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -84,7 +84,7 @@ - name: Ensure matrix-mautrix-facebook.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2" - dest: "/etc/systemd/system/matrix-mautrix-facebook.service" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" mode: 0644 register: matrix_mautrix_facebook_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index 06c9b4992..efc8aa748 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-facebook service stat: - path: "/etc/systemd/system/matrix-mautrix-facebook.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" register: matrix_mautrix_facebook_service_stat - name: Ensure matrix-mautrix-facebook is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-facebook.service doesn't exist file: - path: "/etc/systemd/system/matrix-mautrix-facebook.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" state: absent when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index a30367f3d..db1dc884b 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -83,7 +83,7 @@ - name: Ensure matrix-mautrix-hangouts.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2" - dest: "/etc/systemd/system/matrix-mautrix-hangouts.service" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" mode: 0644 register: matrix_mautrix_hangouts_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index ef33e238d..14413e946 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-hangouts service stat: - path: "/etc/systemd/system/matrix-mautrix-hangouts.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" register: matrix_mautrix_hangouts_service_stat - name: Ensure matrix-mautrix-hangouts is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-hangouts.service doesn't exist file: - path: "/etc/systemd/system/matrix-mautrix-hangouts.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" state: absent when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index e241db3d6..c110ed79a 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -11,8 +11,8 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts -ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts +ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db +ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index a5f6983a8..1c8b063d8 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -63,7 +63,7 @@ - name: Ensure matrix-mautrix-telegram.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2" - dest: "/etc/systemd/system/matrix-mautrix-telegram.service" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" mode: 0644 register: matrix_mautrix_telegram_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index 190c18401..b14bd737e 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-telegram service stat: - path: "/etc/systemd/system/matrix-mautrix-telegram.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" register: matrix_mautrix_telegram_service_stat - name: Ensure matrix-mautrix-telegram is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-telegram.service doesn't exist file: - path: "/etc/systemd/system/matrix-mautrix-telegram.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" state: absent when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 0806e5599..a818afb18 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -72,7 +72,7 @@ - name: Ensure matrix-mautrix-whatsapp.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2" - dest: "/etc/systemd/system/matrix-mautrix-whatsapp.service" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" mode: 0644 register: matrix_mautrix_whatsapp_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index 7f5e65594..93f5c4c8d 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-whatsapp service stat: - path: "/etc/systemd/system/matrix-mautrix-whatsapp.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" register: matrix_mautrix_whatsapp_service_stat - name: Ensure matrix-mautrix-whatsapp is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-whatsapp.service doesn't exist file: - path: "/etc/systemd/system/matrix-mautrix-whatsapp.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" state: absent when: "matrix_mautrix_whatsapp_service_stat.stat.exists" diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 81d2c16cb..9430f0532 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.7.1" +matrix_corporal_docker_image: "devture/matrix-corporal:1.8.0" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" @@ -46,8 +46,11 @@ matrix_corporal_matrix_timeout_milliseconds: 45000 matrix_corporal_reconciliation_retry_interval_milliseconds: 30000 matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal" +matrix_corporal_http_gateway_timeout_milliseconds: 60000 + matrix_corporal_http_api_enabled: false matrix_corporal_http_api_auth_token: "" +matrix_corporal_http_api_timeout_milliseconds: 15000 # Matrix Corporal policy provider configuration (goes directly into the configuration's `PolicyProvider` value) matrix_corporal_policy_provider_config: "" diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index d3e4f9073..2e09f013b 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -37,7 +37,7 @@ - name: Ensure matrix-corporal.service installed template: src: "{{ role_path }}/templates/systemd/matrix-corporal.service.j2" - dest: "/etc/systemd/system/matrix-corporal.service" + dest: "{{ matrix_systemd_path }}/matrix-corporal.service" mode: 0644 register: matrix_corporal_systemd_service_result when: matrix_corporal_enabled|bool @@ -54,7 +54,7 @@ - name: Check existence of matrix-corporal service stat: - path: "/etc/systemd/system/matrix-corporal.service" + path: "{{ matrix_systemd_path }}/matrix-corporal.service" register: matrix_corporal_service_stat when: "not matrix_corporal_enabled|bool" @@ -68,7 +68,7 @@ - name: Ensure matrix-corporal.service doesn't exist file: - path: "/etc/systemd/system/matrix-corporal.service" + path: "{{ matrix_systemd_path }}/matrix-corporal.service" state: absent when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" @@ -82,7 +82,7 @@ path: "{{ item }}" state: absent with_items: - - /etc/systemd/system/matrix-corporal.service + - "{{ matrix_systemd_path }}/matrix-corporal.service" - "{{ matrix_corporal_config_dir_path }}/config.json" when: "not matrix_corporal_enabled|bool" diff --git a/roles/matrix-corporal/templates/config.json.j2 b/roles/matrix-corporal/templates/config.json.j2 index 378b2c19b..dff738301 100644 --- a/roles/matrix-corporal/templates/config.json.j2 +++ b/roles/matrix-corporal/templates/config.json.j2 @@ -13,13 +13,15 @@ }, "HttpGateway": { - "ListenAddress": "0.0.0.0:41080" + "ListenAddress": "0.0.0.0:41080", + "TimeoutMilliseconds": {{ matrix_corporal_http_gateway_timeout_milliseconds }} }, "HttpApi": { "Enabled": {{ matrix_corporal_http_api_enabled|to_json }}, "ListenAddress": "0.0.0.0:41081", - "AuthorizationBearerToken": "{{ matrix_corporal_http_api_auth_token }}" + "AuthorizationBearerToken": "{{ matrix_corporal_http_api_auth_token }}", + "TimeoutMilliseconds": {{ matrix_corporal_http_api_timeout_milliseconds }} }, "PolicyProvider": {{ matrix_corporal_policy_provider_config }}, diff --git a/roles/matrix-coturn/tasks/setup_coturn.yml b/roles/matrix-coturn/tasks/setup_coturn.yml index 479e60449..8a2ad3bdd 100644 --- a/roles/matrix-coturn/tasks/setup_coturn.yml +++ b/roles/matrix-coturn/tasks/setup_coturn.yml @@ -77,7 +77,7 @@ - name: Ensure matrix-coturn.service installed template: src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2" - dest: "/etc/systemd/system/matrix-coturn.service" + dest: "{{ matrix_systemd_path }}/matrix-coturn.service" mode: 0644 register: matrix_coturn_systemd_service_result when: matrix_coturn_enabled|bool @@ -116,7 +116,7 @@ - name: Check existence of matrix-coturn service stat: - path: "/etc/systemd/system/matrix-coturn.service" + path: "{{ matrix_systemd_path }}/matrix-coturn.service" register: matrix_coturn_service_stat when: "not matrix_coturn_enabled|bool" @@ -130,7 +130,7 @@ - name: Ensure matrix-coturn.service doesn't exist file: - path: "/etc/systemd/system/matrix-coturn.service" + path: "{{ matrix_systemd_path }}/matrix-coturn.service" state: absent when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists" diff --git a/roles/matrix-dimension/tasks/setup_dimension.yml b/roles/matrix-dimension/tasks/setup_dimension.yml index 0b52c5a2f..2437a5472 100644 --- a/roles/matrix-dimension/tasks/setup_dimension.yml +++ b/roles/matrix-dimension/tasks/setup_dimension.yml @@ -33,7 +33,7 @@ - name: Ensure matrix-dimension.service installed template: src: "{{ role_path }}/templates/systemd/matrix-dimension.service.j2" - dest: "/etc/systemd/system/matrix-dimension.service" + dest: "{{ matrix_systemd_path }}/matrix-dimension.service" mode: 0644 register: matrix_dimension_systemd_service_result when: matrix_dimension_enabled|bool @@ -49,7 +49,7 @@ - name: Check existence of matrix-dimension service stat: - path: "/etc/systemd/system/matrix-dimension.service" + path: "{{ matrix_systemd_path }}/matrix-dimension.service" register: matrix_dimension_service_stat when: "not matrix_dimension_enabled|bool" @@ -63,7 +63,7 @@ - name: Ensure matrix-dimension.service doesn't exist file: - path: "/etc/systemd/system/matrix-dimension.service" + path: "{{ matrix_systemd_path }}/matrix-dimension.service" state: absent when: "not matrix_dimension_enabled|bool and matrix_dimension_service_stat.stat.exists" diff --git a/roles/matrix-email2matrix/tasks/setup_email2matrix.yml b/roles/matrix-email2matrix/tasks/setup_email2matrix.yml index 9d9109e3d..1e64627af 100644 --- a/roles/matrix-email2matrix/tasks/setup_email2matrix.yml +++ b/roles/matrix-email2matrix/tasks/setup_email2matrix.yml @@ -36,7 +36,7 @@ - name: Ensure matrix-email2matrix.service installed template: src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2" - dest: "/etc/systemd/system/matrix-email2matrix.service" + dest: "{{ matrix_systemd_path }}/matrix-email2matrix.service" mode: 0644 register: matrix_email2matrix_systemd_service_result when: matrix_email2matrix_enabled|bool @@ -52,7 +52,7 @@ - name: Check existence of matrix-email2matrix service stat: - path: "/etc/systemd/system/matrix-email2matrix.service" + path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" register: matrix_email2matrix_service_stat when: "not matrix_email2matrix_enabled|bool" @@ -66,7 +66,7 @@ - name: Ensure matrix-email2matrix.service doesn't exist file: - path: "/etc/systemd/system/matrix-email2matrix.service" + path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" state: absent when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml new file mode 100644 index 000000000..ae5dcb8f9 --- /dev/null +++ b/roles/matrix-jitsi/defaults/main.yml @@ -0,0 +1,116 @@ +matrix_jitsi_enabled: true + +matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi" + +matrix_jitsi_enable_auth: false +matrix_jitsi_enable_guests: false +matrix_jitsi_enable_recording: true +matrix_jitsi_enable_transcriptions: true + +matrix_jitsi_timezone: UTC + +matrix_jitsi_xmpp_domain: matrix-jitsi-web +matrix_jitsi_xmpp_server: matrix-jitsi-prosody +matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi +matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280 +matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi +matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi +matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi + +matrix_jitsi_recorder_domain: recorder.meet.jitsi + + +matrix_jitsi_jibri_brewery_muc: jibribrewery +matrix_jitsi_jibri_pending_timeout: 90 +matrix_jitsi_jibri_xmpp_user: jibri +matrix_jitsi_jibri_xmpp_password: jibri-password +matrix_jitsi_jibri_recorder_user: recorder +matrix_jitsi_jibri_recorder_password: recorder-password + + +matrix_jitsi_web_docker_image: "jitsi/web:4101" +matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" + +matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" +matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config" +matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts" + +matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}" + +# STUN servers used in the web UI. Feel free to point them to your own STUN server. +matrix_jitsi_web_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] + +# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:12080"), or empty string to not expose. +matrix_jitsi_web_container_http_host_bind_port: '' + +# A list of extra arguments to pass to the container +matrix_jitsi_web_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-web.service depends on +matrix_jitsi_web_systemd_required_services_list: ['docker.service'] + + +matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101" +matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" + +matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" +matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_jitsi_prosody_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-prosody.service depends on +matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] + + +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101" +matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" + +matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" +matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_jitsi_jicofo_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-jicofo.service depends on +matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] + +matrix_jitsi_jicofo_component_secret: s3cr37 +matrix_jitsi_jicofo_auth_user: focus +matrix_jitsi_jicofo_auth_password: passw0rd + + +matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101" +matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" + +matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" +matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_jitsi_jvb_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-jvb.service depends on +matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] + +matrix_jitsi_jvb_auth_user: jvb +matrix_jitsi_jvb_auth_password: passw0rd + +# STUN servers used by JVB on the server-side, so it can discover its own external IP address. +# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery. +matrix_jitsi_jvb_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] + +matrix_jitsi_jvb_brewery_muc: jvbbrewery +matrix_jitsi_jvb_rtp_udp_port: 10000 +matrix_jitsi_jvb_rtp_tcp_port: 4443 + +# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:10000"), or empty string to not expose. +matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}" + +# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:4443"), or empty string to not expose. +matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml new file mode 100644 index 000000000..328a3a25a --- /dev/null +++ b/roles/matrix-jitsi/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web', 'matrix-jitsi-prosody', 'matrix-jitsi-jicofo', 'matrix-jitsi-jvb'] }}" + when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/matrix-jitsi/tasks/main.yml new file mode 100644 index 000000000..2bc4a57ff --- /dev/null +++ b/roles/matrix-jitsi/tasks/main.yml @@ -0,0 +1,33 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml new file mode 100644 index 000000000..fcfbb8f65 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -0,0 +1,20 @@ +--- + +# +# Tasks related to setting up jitsi +# + +- name: Ensure Matrix jitsi base path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_base_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +# +# Tasks related to getting rid of jitsi (if it was previously enabled) +# diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml new file mode 100644 index 000000000..b7ff409a0 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -0,0 +1,96 @@ +--- + +# +# Tasks related to setting up jitsi-jicofo +# + +- name: Ensure Matrix jitsi-jicofo path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true } + - { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-jicofo Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_jicofo_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-jicofo environment variables file created + template: + src: "{{ role_path }}/templates/jicofo/env.j2" + dest: "{{ matrix_jitsi_jicofo_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-jicofo configuration files created + template: + src: "{{ role_path }}/templates/jicofo/{{ item }}.j2" + dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}" + mode: 0644 + with_items: + - sip-communicator.properties + - logging.properties + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-jicofo.service installed + template: + src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" + mode: 0644 + register: matrix_jitsi_jicofo_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-jicofo (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-jicofo service + stat: + path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" + register: matrix_jitsi_jicofo_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-jicofo is stopped + service: + name: matrix-jitsi-jicofo + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-jicofo.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-jicofo paths doesn't exist + file: + path: "{{ matrix_jitsi_jicofo_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-jicofo Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_jicofo_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml new file mode 100644 index 000000000..e4d652eda --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -0,0 +1,89 @@ +--- + +# +# Tasks related to setting up jitsi-jvb +# + +- name: Ensure Matrix jitsi-jvb path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_jvb_base_path }}", when: true } + - { path: "{{ matrix_jitsi_jvb_config_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-jvb Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_jvb_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-jvb configuration files created + template: + src: "{{ role_path }}/templates/jvb/{{ item }}.j2" + dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}" + mode: 0644 + with_items: + - sip-communicator.properties + - logging.properties + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-jvb.service installed + template: + src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" + mode: 0644 + register: matrix_jitsi_jvb_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-jvb (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-jvb service + stat: + path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" + register: matrix_jitsi_jvb_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-jvb is stopped + service: + name: matrix-jitsi-jvb + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-jvb.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-jvb paths doesn't exist + file: + path: "{{ matrix_jitsi_jvb_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-jvb Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_jvb_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml new file mode 100644 index 000000000..e783aad90 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -0,0 +1,86 @@ +--- + +# +# Tasks related to setting up jitsi-prosody +# + +- name: Ensure Matrix jitsi-prosody path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true } + - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-prosody Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_prosody_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-prosody environment variables file created + template: + src: "{{ role_path }}/templates/prosody/env.j2" + dest: "{{ matrix_jitsi_prosody_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-prosody.service installed + template: + src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" + mode: 0644 + register: matrix_jitsi_prosody_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-prosody (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-prosody service + stat: + path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" + register: matrix_jitsi_prosody_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-prosody is stopped + service: + name: matrix-jitsi-prosody + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-prosody.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-prosody paths doesn't exist + file: + path: "{{ matrix_jitsi_prosody_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-prosody Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_prosody_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml new file mode 100644 index 000000000..3610a084d --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -0,0 +1,97 @@ +--- + +# +# Tasks related to setting up jitsi-web +# + +- name: Ensure Matrix jitsi-web path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_web_base_path }}", when: true } + - { path: "{{ matrix_jitsi_web_config_path }}", when: true } + - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-web Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_web_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-web environment variables file created + template: + src: "{{ role_path }}/templates/web/env.j2" + dest: "{{ matrix_jitsi_web_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-web configuration files created + template: + src: "{{ role_path }}/templates/web/{{ item }}.j2" + dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}" + mode: 0644 + with_items: + - config.js + - interface_config.js + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-web.service installed + template: + src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" + mode: 0644 + register: matrix_jitsi_web_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-web.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-web (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-web service + stat: + path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" + register: matrix_jitsi_web_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-web is stopped + service: + name: matrix-jitsi-web + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-web.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-web.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-web paths doesn't exist + file: + path: "{{ matrix_jitsi_web_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-web Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_web_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/templates/jicofo/env.j2 b/roles/matrix-jitsi/templates/jicofo/env.j2 new file mode 100644 index 000000000..a402d2d75 --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/env.j2 @@ -0,0 +1,17 @@ +ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} + +XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} +XMPP_SERVER={{ matrix_jitsi_xmpp_server }} + +JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }} +JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} +JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} + +JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} + +JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }} +JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }} + +TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 new file mode 100644 index 000000000..7eba95af6 --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 @@ -0,0 +1,20 @@ +handlers= java.util.logging.ConsoleHandler + +java.util.logging.ConsoleHandler.level = ALL +java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter + +net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo + +.level=INFO +net.sf.level=SEVERE +net.java.sip.communicator.plugin.reconnectplugin.level=FINE +org.ice4j.level=SEVERE +org.jitsi.impl.neomedia.level=SEVERE + +# Do not worry about missing strings +net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE + +#net.java.sip.communicator.service.protocol.level=ALL + +# Enable debug packets logging +#org.jitsi.impl.protocol.xmpp.level=FINE diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 new file mode 100644 index 000000000..53f086885 --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -0,0 +1,31 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-jicofo server +{% for service in matrix_jitsi_jicofo_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_jicofo_base_path }}/env \ + -v {{ matrix_jitsi_jicofo_config_path }}:/config \ + {% for arg in matrix_jitsi_jicofo_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_jicofo_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo +ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-jicofo + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 b/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 new file mode 100644 index 000000000..6736becc3 --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 @@ -0,0 +1,5 @@ +org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true +org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} + +org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} +org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90 diff --git a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 new file mode 100644 index 000000000..48c1e9fa5 --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 @@ -0,0 +1,13 @@ +handlers= java.util.logging.ConsoleHandler + +java.util.logging.ConsoleHandler.level = ALL +java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter + +net.java.sip.communicator.util.ScLogFormatter.programname=JVB + +.level=INFO + +org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE + +# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge. +org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 new file mode 100644 index 000000000..03aef079e --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -0,0 +1,36 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-jvb server +{% for service in matrix_jitsi_jvb_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + {% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %} + -p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \ + {% endif %} + {% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %} + -p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \ + {% endif %} + -v {{ matrix_jitsi_jvb_config_path }}:/config \ + {% for arg in matrix_jitsi_jvb_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_jvb_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb +ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-jvb + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 b/roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 new file mode 100644 index 000000000..173af0b65 --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 @@ -0,0 +1,19 @@ +org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_udp_port }} +org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false +org.jitsi.videobridge.TCP_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }} + +{% if matrix_jitsi_jvb_stun_servers|length > 0 %} +org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ matrix_jitsi_jvb_stun_servers|join(',') }} +{% endif %} + +org.jitsi.videobridge.xmpp.user.shard.HOSTNAME={{ matrix_jitsi_xmpp_server }} +org.jitsi.videobridge.xmpp.user.shard.DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +org.jitsi.videobridge.xmpp.user.shard.USERNAME={{ matrix_jitsi_jvb_auth_user }} +org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ matrix_jitsi_jvb_auth_password }} +org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} +org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=matrix-jitsi-jvb +org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true + +org.jitsi.videobridge.ENABLE_STATISTICS=true +org.jitsi.videobridge.STATISTICS_TRANSPORT=muc +org.jitsi.videobridge.STATISTICS_INTERVAL=5000 diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/matrix-jitsi/templates/prosody/env.j2 new file mode 100644 index 000000000..caa792134 --- /dev/null +++ b/roles/matrix-jitsi/templates/prosody/env.j2 @@ -0,0 +1,31 @@ +AUTH_TYPE=internal + +ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} +ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} + +XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} +XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} +XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} + +XMPP_MODULES= +XMPP_MUC_MODULES= +XMPP_INTERNAL_MUC_MODULES= + +XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} + +JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }} +JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} +JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} + +JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} +JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} + +JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }} +JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }} + +JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }} +JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }} + +TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 new file mode 100644 index 000000000..bf43021de --- /dev/null +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -0,0 +1,31 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-prosody server +{% for service in matrix_jitsi_prosody_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_prosody_base_path }}/env \ + -v {{ matrix_jitsi_prosody_config_path }}:/config \ + {% for arg in matrix_jitsi_prosody_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_prosody_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody +ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-prosody + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/web/config.js.j2 b/roles/matrix-jitsi/templates/web/config.js.j2 new file mode 100644 index 000000000..f18471e1c --- /dev/null +++ b/roles/matrix-jitsi/templates/web/config.js.j2 @@ -0,0 +1,486 @@ +/* eslint-disable no-unused-vars, no-var */ + +var config = { + // Configuration + // + + // Alternative location for the configuration. + // configLocation: './config.json', + + // Custom function which given the URL path should return a room name. + // getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; }, + + + // Connection + // + + hosts: { + // XMPP domain. + domain: '{{ matrix_jitsi_xmpp_domain }}', + + {% if matrix_jitsi_enable_guests %} + // When using authentication, domain for guest users. + anonymousdomain: 'guest.example.com', + + // Domain for authenticated users. Defaults to . + authdomain: '{{ matrix_jitsi_xmpp_domain }}', + {% endif %} + + // Jirecon recording component domain. + // jirecon: 'jirecon.{{ matrix_jitsi_xmpp_domain }}', + + // Call control component (Jigasi). + // call_control: 'callcontrol.{{ matrix_jitsi_xmpp_domain }}', + + // Focus component domain. Defaults to focus.. + // focus: 'focus.{{ matrix_jitsi_xmpp_domain }}', + + // XMPP MUC domain. FIXME: use XEP-0030 to discover it. + muc: {{ matrix_jitsi_xmpp_muc_domain|to_json }}, + }, + + // BOSH URL. FIXME: use XEP-0156 to discover it. + bosh: '/http-bind', + + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + + // The real JID of focus participant - can be overridden here + focusUserJid: {{ matrix_jitsi_jicofo_auth_user|to_json }} + '@' + {{ matrix_jitsi_xmpp_auth_domain|to_json }}, + + + // Testing / experimental features. + // + + testing: { + // Enables experimental simulcast support on Firefox. + enableFirefoxSimulcast: false, + + // P2P test mode disables automatic switching to P2P when there are 2 + // participants in the conference. + p2pTestMode: false + + // Enables the test specific features consumed by jitsi-meet-torture + // testMode: false + }, + + // Disables ICE/UDP by filtering out local and remote UDP candidates in + // signalling. + // webrtcIceUdpDisable: false, + + // Disables ICE/TCP by filtering out local and remote TCP candidates in + // signalling. + // webrtcIceTcpDisable: false, + + + // Media + // + + // Audio + + // Disable measuring of audio levels. + // disableAudioLevels: false, + + // Start the conference in audio only mode (no video is being received nor + // sent). + // startAudioOnly: false, + + // Every participant after the Nth will start audio muted. + // startAudioMuted: 10, + + // Start calls with audio muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithAudioMuted: false, + + // Enabling it (with #params) will disable local audio output of remote + // participants and to enable it back a reload is needed. + // startSilent: false + + // Video + + // Sets the preferred resolution (height) for local video. Defaults to 720. + // resolution: 720, + + // w3c spec-compliant video constraints to use for video capture. Currently + // used by browsers that return true from lib-jitsi-meet's + // util#browser#usesNewGumFlow. The constraints are independency from + // this config's resolution value. Defaults to requesting an ideal aspect + // ratio of 16:9 with an ideal resolution of 720. + // constraints: { + // video: { + // aspectRatio: 16 / 9, + // height: { + // ideal: 720, + // max: 720, + // min: 240 + // } + // } + // }, + + // Enable / disable simulcast support. + // disableSimulcast: false, + + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. + // enableLayerSuspension: false, + + // Suspend sending video if bandwidth estimation is too low. This may cause + // problems with audio playback. Disabled until these are fixed. + disableSuspendVideo: true, + + // Every participant after the Nth will start video muted. + // startVideoMuted: 10, + + // Start calls with video muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithVideoMuted: false, + + // If set to true, prefer to use the H.264 video codec (if supported). + // Note that it's not recommended to do this because simulcast is not + // supported when using H.264. For 1-to-1 calls this setting is enabled by + // default and can be toggled in the p2p section. + // preferH264: true, + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // Desktop sharing + + // The ID of the jidesha extension for Chrome. + desktopSharingChromeExtId: null, + + // Whether desktop sharing should be disabled on Chrome. + // desktopSharingChromeDisabled: false, + + // The media sources to use when using screen sharing with the Chrome + // extension. + desktopSharingChromeSources: [ 'screen', 'window', 'tab' ], + + // Required version of Chrome extension + desktopSharingChromeMinExtVersion: '0.1', + + // Whether desktop sharing should be disabled on Firefox. + // desktopSharingFirefoxDisabled: false, + + // Optional desktop sharing frame rate options. Default value: min:5, max:5. + // desktopSharingFrameRate: { + // min: 5, + // max: 5 + // }, + + // Try to start calls with screen-sharing instead of camera video. + // startScreenSharing: false, + + // Recording +hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }}, + + // Whether to enable file recording or not. + fileRecordingsEnabled: {{ matrix_jitsi_enable_recording|to_json }}, + // Enable the dropbox integration. + // dropbox: { + // appKey: '' // Specify your app key here. + // // A URL to redirect the user to, after authenticating + // // by default uses: + // // 'https://{{ matrix_jitsi_xmpp_domain }}/static/oauth.html' + // redirectURI: + // 'https://{{ matrix_jitsi_xmpp_domain }}/subfolder/static/oauth.html' + // }, + // When integrations like dropbox are enabled only that will be shown, + // by enabling fileRecordingsServiceEnabled, we show both the integrations + // and the generic recording service (its configuration and storage type + // depends on jibri configuration) + // fileRecordingsServiceEnabled: false, + // Whether to show the possibility to share file recording with other people + // (e.g. meeting participants), based on the actual implementation + // on the backend. + // fileRecordingsServiceSharingEnabled: false, + + // Whether to enable live streaming or not. + liveStreamingEnabled: {{ matrix_jitsi_enable_recording|to_json }}, + + // Transcription (in interface_config, + // subtitles and buttons can be configured) + transcribingEnabled: {{ matrix_jitsi_enable_transcriptions|to_json }}, + + // Misc + + // Default value for the channel "last N" attribute. -1 for unlimited. + channelLastN: -1, + + // Disables or enables RTX (RFC 4588) (defaults to false). + // disableRtx: false, + + // Disables or enables TCC (the default is in Jicofo and set to true) + // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting + // affects congestion control, it practically enables send-side bandwidth + // estimations. + // enableTcc: true, + + // Disables or enables REMB (the default is in Jicofo and set to false) + // (draft-alvestrand-rmcat-remb-03). This setting affects congestion + // control, it practically enables recv-side bandwidth estimations. When + // both TCC and REMB are enabled, TCC takes precedence. When both are + // disabled, then bandwidth estimations are disabled. + // enableRemb: false, + + // Defines the minimum number of participants to start a call (the default + // is set in Jicofo and set to 2). + // minParticipants: 2, + + // Use XEP-0215 to fetch STUN and TURN servers. + // useStunTurn: true, + + // Enable IPv6 support. + // useIPv6: true, + + // Enables / disables a data communication channel with the Videobridge. + // Values can be 'datachannel', 'websocket', true (treat it as + // 'datachannel'), undefined (treat it as 'datachannel') and false (don't + // open any channel). + // openBridgeChannel: true, + + + // UI + // + + // Use display name as XMPP nickname. + // useNicks: false, + + // Require users to always specify a display name. + // requireDisplayName: true, + + // Whether to use a welcome page or not. In case it's false a random room + // will be joined when no room is specified. + enableWelcomePage: true, + + // Enabling the close page will ignore the welcome page redirection when + // a call is hangup. + // enableClosePage: false, + + // Disable hiding of remote thumbnails when in a 1-on-1 conference call. + // disable1On1Mode: false, + + // Default language for the user interface. + // defaultLanguage: 'en', + + // If true all users without a token will be considered guests and all users + // with token will be considered non-guests. Only guests will be allowed to + // edit their profile. + enableUserRolesBasedOnToken: false, + + // Whether or not some features are checked based on token. + // enableFeaturesBasedOnToken: false, + + // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests. + // lockRoomGuestEnabled: false, + + // When enabled the password used for locking a room is restricted to up to the number of digits specified + // roomPasswordNumberOfDigits: 10, + // default: roomPasswordNumberOfDigits: false, + + // Message to show the users. Example: 'The service will be down for + // maintenance at 01:00 AM GMT, + // noticeMessage: '', + + // Enables calendar integration, depends on googleApiApplicationClientID + // and microsoftApiApplicationClientID + // enableCalendarIntegration: false, + + // Stats + // + + // Whether to enable stats collection or not in the TraceablePeerConnection. + // This can be useful for debugging purposes (post-processing/analysis of + // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth + // estimation tests. + // gatherStats: false, + + // To enable sending statistics to callstats.io you must provide the + // Application ID and Secret. + // callStatsID: '', + // callStatsSecret: '', + + // enables callstatsUsername to be reported as statsId and used + // by callstats as repoted remote id + // enableStatsID: false + + // enables sending participants display name to callstats + // enableDisplayNameInStats: false + + + // Privacy + // + + // If third party requests are disabled, no other server will be contacted. + // This means avatars will be locally generated and callstats integration + // will not function. + // disableThirdPartyRequests: false, + + + // Peer-To-Peer mode: used (if enabled) when there are just 2 participants. + // + + p2p: { + // Enables peer to peer mode. When enabled the system will try to + // establish a direct connection when there are exactly 2 participants + // in the room. If that succeeds the conference will stop sending data + // through the JVB and use the peer to peer connection instead. When a + // 3rd participant joins the conference will be moved back to the JVB + // connection. + enabled: true, + + // Use XEP-0215 to fetch STUN and TURN servers. + // useStunTurn: true, + + // The STUN servers that will be used in the peer to peer connections + {% if matrix_jitsi_web_stun_servers|length > 0 %} + stunServers: [ + {% for url in matrix_jitsi_web_stun_servers %} + { urls: {{ url|to_json }} }{% if not loop.last %},{% endif %} + {% endfor %} + ], + {% endif %} + + // Sets the ICE transport policy for the p2p connection. At the time + // of this writing the list of possible values are 'all' and 'relay', + // but that is subject to change in the future. The enum is defined in + // the WebRTC standard: + // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum. + // If not set, the effective value is 'all'. + // iceTransportPolicy: 'all', + + // If set to true, it will prefer to use H.264 for P2P calls (if H.264 + // is supported). + preferH264: true + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // How long we're going to wait, before going back to P2P after the 3rd + // participant has left the conference (to filter out page reload). + // backToP2PDelay: 5 + }, + + analytics: { + // The Google Analytics Tracking ID: + // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' + + // The Amplitude APP Key: + // amplitudeAPPKey: '' + + // Array of script URLs to load as lib-jitsi-meet "analytics handlers". + // scriptURLs: [ + // "libs/analytics-ga.min.js", // google-analytics + // "https://example.com/my-custom-analytics.js" + // ], + }, + + // Information about the jitsi-meet instance we are connecting to, including + // the user region as seen by the server. + deploymentInfo: { + // shard: "shard1", + // region: "europe", + // userRegion: "asia" + } + + // Local Recording + // + + // localRecording: { + // Enables local recording. + // Additionally, 'localrecording' (all lowercase) needs to be added to + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. + // + // enabled: true, + // + + // The recording format, can be one of 'ogg', 'flac' or 'wav'. + // format: 'flac' + // + + // } + + // Options related to end-to-end (participant to participant) ping. + // e2eping: { + // // The interval in milliseconds at which pings will be sent. + // // Defaults to 10000, set to <= 0 to disable. + // pingInterval: 10000, + // + // // The interval in milliseconds at which analytics events + // // with the measured RTT will be sent. Defaults to 60000, set + // // to <= 0 to disable. + // analyticsInterval: 60000, + // } + + // If set, will attempt to use the provided video input device label when + // triggering a screenshare, instead of proceeding through the normal flow + // for obtaining a desktop stream. + // NOTE: This option is experimental and is currently intended for internal + // use only. + // _desktopSharingSourceDevice: 'sample-id-or-label' + + // If true, any checks to handoff to another application will be prevented + // and instead the app will continue to display in the current browser. + // disableDeepLinking: false + + // A property to disable the right click context menu for localVideo + // the menu has option to flip the locally seen video for local presentations + // disableLocalVideoFlip: false + + // List of undocumented settings used in jitsi-meet + /** + _immediateReloadThreshold + autoRecord + autoRecordToken + debug + debugAudioLevels + deploymentInfo + dialInConfCodeUrl + dialInNumbersUrl + dialOutAuthUrl + dialOutCodesUrl + disableRemoteControl + displayJids + etherpad_base + externalConnectUrl + firefox_fake_device + googleApiApplicationClientID + iAmRecorder + iAmSipGateway + microsoftApiApplicationClientID + peopleSearchQueryTypes + peopleSearchUrl + requireDisplayName + tokenAuthUrl + */ + + // List of undocumented settings used in lib-jitsi-meet + /** + _peerConnStatusOutOfLastNTimeout + _peerConnStatusRtcMuteTimeout + abTesting + avgRtpStatsN + callStatsConfIDNamespace + callStatsCustomScriptUrl + desktopSharingSources + disableAEC + disableAGC + disableAP + disableHPF + disableNS + enableLipSync + enableTalkWhileMuted + forceJVB121Ratio + hiddenDomain + ignoreStartMuted + nick + startBitrate + */ + +}; + +/* eslint-enable no-unused-vars, no-var */ diff --git a/roles/matrix-jitsi/templates/web/env.j2 b/roles/matrix-jitsi/templates/web/env.j2 new file mode 100644 index 000000000..b85e9af54 --- /dev/null +++ b/roles/matrix-jitsi/templates/web/env.j2 @@ -0,0 +1,28 @@ +ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} +ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} + +ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }} + +DISABLE_HTTPS=1 + +JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} + +PUBLIC_URL={{ matrix_jitsi_web_public_url }} + +XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }} +XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} +XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} +XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} + +TZ={{ matrix_jitsi_timezone }} + +JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }} +JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }} +JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }} +JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }} +JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }} +JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }} + +ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }} diff --git a/roles/matrix-jitsi/templates/web/interface_config.js.j2 b/roles/matrix-jitsi/templates/web/interface_config.js.j2 new file mode 100644 index 000000000..dd5abc59d --- /dev/null +++ b/roles/matrix-jitsi/templates/web/interface_config.js.j2 @@ -0,0 +1,230 @@ +/* eslint-disable no-unused-vars, no-var, max-len */ + +var interfaceConfig = { + // TO FIX: this needs to be handled from SASS variables. There are some + // methods allowing to use variables both in css and js. + DEFAULT_BACKGROUND: '#474747', + + /** + * Whether or not the blurred video background for large video should be + * displayed on browsers that can support it. + */ + DISABLE_VIDEO_BACKGROUND: false, + + INITIAL_TOOLBAR_TIMEOUT: 20000, + TOOLBAR_TIMEOUT: 4000, + TOOLBAR_ALWAYS_VISIBLE: false, + DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', + DEFAULT_LOCAL_DISPLAY_NAME: 'me', + SHOW_JITSI_WATERMARK: true, + JITSI_WATERMARK_LINK: 'https://jitsi.org', + + // if watermark is disabled by default, it can be shown only for guests + SHOW_WATERMARK_FOR_GUESTS: true, + SHOW_BRAND_WATERMARK: false, + BRAND_WATERMARK_LINK: '', + SHOW_POWERED_BY: false, + SHOW_DEEP_LINKING_IMAGE: false, + GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true, + DISPLAY_WELCOME_PAGE_CONTENT: true, + APP_NAME: 'Jitsi Meet', + NATIVE_APP_NAME: 'Jitsi Meet', + PROVIDER_NAME: 'Jitsi', + LANG_DETECTION: false, // Allow i18n to detect the system language + INVITATION_POWERED_BY: true, + + /** + * If we should show authentication block in profile + */ + AUTHENTICATION_ENABLE: true, + + /** + * The name of the toolbar buttons to display in the toolbar. If present, + * the button will display. Exceptions are "livestreaming" and "recording" + * which also require being a moderator and some values in config.js to be + * enabled. Also, the "profile" button will not display for user's with a + * jwt. + */ + TOOLBAR_BUTTONS: [ + {% if matrix_jitsi_enable_transcriptions %} + 'closedcaptions', + {% endif %} + + 'microphone', 'camera', 'desktop', 'fullscreen', + 'fodeviceselection', 'hangup', 'profile', 'info', 'chat', 'recording', + 'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand', + 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', + 'tileview', 'videobackgroundblur' + ], + + SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ], + + // Determines how the video would fit the screen. 'both' would fit the whole + // screen, 'height' would fit the original video height to the height of the + // screen, 'width' would fit the original video width to the width of the + // screen respecting ratio. + VIDEO_LAYOUT_FIT: 'both', + + /** + * Whether to only show the filmstrip (and hide the toolbar). + */ + filmStripOnly: false, + + /** + * Whether to show thumbnails in filmstrip as a column instead of as a row. + */ + VERTICAL_FILMSTRIP: true, + + // A html text to be shown to guests on the close page, false disables it + CLOSE_PAGE_GUEST_HINT: false, + RANDOM_AVATAR_URL_PREFIX: false, + RANDOM_AVATAR_URL_SUFFIX: false, + FILM_STRIP_MAX_HEIGHT: 120, + + // Enables feedback star animation. + ENABLE_FEEDBACK_ANIMATION: false, + DISABLE_FOCUS_INDICATOR: false, + DISABLE_DOMINANT_SPEAKER_INDICATOR: false, + + /** + * Whether the speech to text transcription subtitles panel is disabled. + * If {@code undefined}, defaults to {@code false}. + * + * @type {boolean} + */ + DISABLE_TRANSCRIPTION_SUBTITLES: false, + + /** + * Whether the ringing sound in the call/ring overlay is disabled. If + * {@code undefined}, defaults to {@code false}. + * + * @type {boolean} + */ + DISABLE_RINGING: false, + AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)', + AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)', + POLICY_LOGO: null, + LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9 + REMOTE_THUMBNAIL_RATIO: 1, // 1:1 + // Documentation reference for the live streaming feature. + LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', + + /** + * Whether the mobile app Jitsi Meet is to be promoted to participants + * attempting to join a conference in a mobile Web browser. If + * {@code undefined}, defaults to {@code true}. + * + * @type {boolean} + */ + MOBILE_APP_PROMO: true, + + /** + * Maximum coeficient of the ratio of the large video to the visible area + * after the large video is scaled to fit the window. + * + * @type {number} + */ + MAXIMUM_ZOOMING_COEFFICIENT: 1.3, + + /* + * If indicated some of the error dialogs may point to the support URL for + * help. + */ + SUPPORT_URL: 'https://github.com/jitsi/jitsi-meet/issues/new', + + /** + * Whether the connection indicator icon should hide itself based on + * connection strength. If true, the connection indicator will remain + * displayed while the participant has a weak connection and will hide + * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is + * strong. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true, + + /** + * How long the connection indicator should remain displayed before hiding. + * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED. + * + * @type {number} + */ + CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000, + + /** + * If true, hides the connection indicators completely. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_DISABLED: false, + + /** + * If true, hides the video quality label indicating the resolution status + * of the current large video. + * + * @type {boolean} + */ + VIDEO_QUALITY_LABEL_DISABLED: false, + + /** + * If true, will display recent list + * + * @type {boolean} + */ + RECENT_LIST_ENABLED: true, + + // Names of browsers which should show a warning stating the current browser + // has a suboptimal experience. Browsers which are not listed as optimal or + // unsupported are considered suboptimal. Valid values are: + // chrome, chromium, edge, electron, firefox, nwjs, opera, safari + OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron' ], + + // Browsers, in addition to those which do not fully support WebRTC, that + // are not supported and should show the unsupported browser page. + UNSUPPORTED_BROWSERS: [], + + /** + * A UX mode where the last screen share participant is automatically + * pinned. Valid values are the string "remote-only" so remote participants + * get pinned but not local, otherwise any truthy value for all participants, + * and any falsy value to disable the feature. + * + * Note: this mode is experimental and subject to breakage. + */ + AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only' + + /** + * How many columns the tile view can expand to. The respected range is + * between 1 and 5. + */ + // TILE_VIEW_MAX_COLUMNS: 5, + + /** + * Specify custom URL for downloading android mobile app. + */ + // MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet', + + /** + * Specify URL for downloading ios mobile app. + */ + // MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905', + + /** + * Specify mobile app scheme for opening the app from the mobile browser. + */ + // APP_SCHEME: 'org.jitsi.meet', + + /** + * Specify the Android app package name. + */ + // ANDROID_APP_PACKAGE: 'org.jitsi.meet', + + /** + * Override the behavior of some notifications to remain displayed until + * explicitly dismissed through a user action. The value is how long, in + * milliseconds, those notifications should remain displayed. + */ + // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000, +}; + +/* eslint-enable no-unused-vars, no-var, max-len */ diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 new file mode 100644 index 000000000..deed5025c --- /dev/null +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -0,0 +1,35 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-web server +{% for service in matrix_jitsi_web_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_web_base_path }}/env \ + {% if matrix_jitsi_web_container_http_host_bind_port %} + -p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \ + {% endif %} + -v {{ matrix_jitsi_web_config_path }}:/config \ + -v {{ matrix_jitsi_web_transcripts_path }}:/usr/share/jitsi-meet/transcripts \ + {% for arg in matrix_jitsi_web_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_web_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-web +ExecStop=-/usr/bin/docker rm matrix-jitsi-web +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-web + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index c357ead3d..e216915fa 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -31,7 +31,7 @@ - name: Ensure matrix-mailer.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mailer.service.j2" - dest: "/etc/systemd/system/matrix-mailer.service" + dest: "{{ matrix_systemd_path }}/matrix-mailer.service" mode: 0644 register: matrix_mailer_systemd_service_result when: matrix_mailer_enabled|bool @@ -47,7 +47,7 @@ - name: Check existence of matrix-mailer service stat: - path: "/etc/systemd/system/matrix-mailer.service" + path: "{{ matrix_systemd_path }}/matrix-mailer.service" register: matrix_mailer_service_stat when: "not matrix_mailer_enabled|bool" @@ -61,7 +61,7 @@ - name: Ensure matrix-mailer.service doesn't exist file: - path: "/etc/systemd/system/matrix-mailer.service" + path: "{{ matrix_systemd_path }}/matrix-mailer.service" state: absent when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" diff --git a/roles/matrix-mxisd/tasks/setup_mxisd.yml b/roles/matrix-mxisd/tasks/setup_mxisd.yml index aa7801198..cc7712bbf 100644 --- a/roles/matrix-mxisd/tasks/setup_mxisd.yml +++ b/roles/matrix-mxisd/tasks/setup_mxisd.yml @@ -78,7 +78,7 @@ - name: Ensure matrix-mxisd.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mxisd.service.j2" - dest: "/etc/systemd/system/matrix-mxisd.service" + dest: "{{ matrix_systemd_path }}/matrix-mxisd.service" mode: 0644 register: matrix_mxisd_systemd_service_result when: matrix_mxisd_enabled|bool @@ -94,7 +94,7 @@ - name: Check existence of matrix-mxisd service stat: - path: "/etc/systemd/system/matrix-mxisd.service" + path: "{{ matrix_systemd_path }}/matrix-mxisd.service" register: matrix_mxisd_service_stat - name: Ensure matrix-mxisd is stopped @@ -107,7 +107,7 @@ - name: Ensure matrix-mxisd.service doesn't exist file: - path: "/etc/systemd/system/matrix-mxisd.service" + path: "{{ matrix_systemd_path }}/matrix-mxisd.service" state: absent when: "not matrix_mxisd_enabled|bool and matrix_mxisd_service_stat.stat.exists" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index aeede0e2c..5bf0fc0c8 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -105,6 +105,10 @@ matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" matrix_nginx_proxy_proxy_dimension_enabled: false matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}" +# Controls whether proxying the jitsi domain should be done. +matrix_nginx_proxy_proxy_jitsi_enabled: false +matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}" + # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -164,6 +168,9 @@ matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration. matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to the jitsi's server configuration. +matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to the matrix domain server configuration. matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index a4e3a5386..6db5d9785 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -66,6 +66,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_dimension_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for jitsi domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_jitsi_enabled|bool + - name: Ensure Matrix nginx-proxy data directory for base domain exists file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain" @@ -105,7 +112,7 @@ - name: Ensure matrix-nginx-proxy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2" - dest: "/etc/systemd/system/matrix-nginx-proxy.service" + dest: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" mode: 0644 register: matrix_nginx_proxy_systemd_service_result when: matrix_nginx_proxy_enabled|bool @@ -122,7 +129,7 @@ - name: Check existence of matrix-nginx-proxy service stat: - path: "/etc/systemd/system/matrix-nginx-proxy.service" + path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" register: matrix_nginx_proxy_service_stat when: "not matrix_nginx_proxy_enabled|bool" @@ -136,7 +143,7 @@ - name: Ensure matrix-nginx-proxy.service doesn't exist file: - path: "/etc/systemd/system/matrix-nginx-proxy.service" + path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" state: absent when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" @@ -163,6 +170,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_jitsi_enabled|bool" + - name: Ensure Matrix nginx-proxy homepage for base domain deleted file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 88bdb977e..e6542545f 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -7,9 +7,9 @@ path: "{{ item }}" state: absent with_items: - - /usr/local/bin/matrix-ssl-certificates-renew - - /etc/cron.d/matrix-ssl-certificate-renewal - - /etc/cron.d/matrix-nginx-proxy-periodic-restarter + - "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew" + - "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal" + - "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter" # @@ -51,7 +51,7 @@ - name: Ensure Let's Encrypt SSL renewal script installed template: src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2" - dest: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew + dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" mode: 0750 when: "matrix_ssl_retrieval_method == 'lets-encrypt'" @@ -73,7 +73,7 @@ hour: "4" minute: "15" day: "*" - job: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew + job: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" - name: Ensure periodic reloading of matrix-nginx-proxy is configured for SSL renewal (matrix-nginx-proxy-reload) cron: @@ -113,6 +113,6 @@ - name: Ensure Let's Encrypt SSL renewal script removed file: - path: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew + path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" state: absent when: "matrix_ssl_retrieval_method != 'lets-encrypt'" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 new file mode 100644 index 000000000..c66891726 --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -0,0 +1,72 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; +{% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-jitsi-web:80"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:12080; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/privkey.pem; + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index 22d584a99..599d45b5f 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -62,7 +62,7 @@ - name: Ensure outdated matrix-postgres.service doesn't exist file: - path: "/etc/systemd/system/matrix-postgres.service" + path: "{{ matrix_systemd_path }}/matrix-postgres.service" state: absent when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 16c276770..355898b60 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -69,34 +69,34 @@ - name: Ensure matrix-postgres-cli script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli.j2" - dest: "/usr/local/bin/matrix-postgres-cli" + dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli" mode: 0750 when: matrix_postgres_enabled|bool - name: Ensure matrix-change-user-admin-status script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2" - dest: "/usr/local/bin/matrix-change-user-admin-status" + dest: "{{ matrix_local_bin_path }}/matrix-change-user-admin-status" mode: 0750 when: matrix_postgres_enabled|bool - name: (Migration) Ensure old matrix-make-user-admin script deleted file: - path: "/usr/local/bin/matrix-make-user-admin" + path: "{{ matrix_local_bin_path }}/matrix-make-user-admin" state: absent when: matrix_postgres_enabled|bool - name: Ensure matrix-postgres-update-user-password-hash script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2" - dest: "/usr/local/bin/matrix-postgres-update-user-password-hash" + dest: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash" mode: 0750 when: matrix_postgres_enabled|bool - name: Ensure matrix-postgres.service installed template: src: "{{ role_path }}/templates/systemd/matrix-postgres.service.j2" - dest: "/etc/systemd/system/matrix-postgres.service" + dest: "{{ matrix_systemd_path }}/matrix-postgres.service" mode: 0644 register: matrix_postgres_systemd_service_result when: matrix_postgres_enabled|bool @@ -112,7 +112,7 @@ - name: Check existence of matrix-postgres service stat: - path: "/etc/systemd/system/matrix-postgres.service" + path: "{{ matrix_systemd_path }}/matrix-postgres.service" register: matrix_postgres_service_stat when: "not matrix_postgres_enabled|bool" @@ -125,7 +125,7 @@ - name: Ensure matrix-postgres.service doesn't exist file: - path: "/etc/systemd/system/matrix-postgres.service" + path: "{{ matrix_systemd_path }}/matrix-postgres.service" state: absent when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" @@ -148,7 +148,7 @@ - name: Remove Postgres scripts file: - path: "/usr/local/bin/{{ item }}" + path: "{{ matrix_local_bin_path }}/{{ item }}" state: absent with_items: - matrix-postgres-cli diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index e0002326d..808d4ffdb 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -58,6 +58,8 @@ matrix_riot_web_branding_welcomeBackgroundUrl: ~ # point this to a `home.html` template file on your local filesystem. matrix_riot_web_embedded_pages_home_path: ~ +matrix_riot_web_jitsi_preferredDomain: '' + # Controls whether the self-check feature should validate SSL certificates. matrix_riot_web_self_check_validate_certificates: true diff --git a/roles/matrix-riot-web/tasks/setup_riot_web.yml b/roles/matrix-riot-web/tasks/setup_riot_web.yml index e78da3502..a1d25fc60 100644 --- a/roles/matrix-riot-web/tasks/setup_riot_web.yml +++ b/roles/matrix-riot-web/tasks/setup_riot_web.yml @@ -75,7 +75,7 @@ - name: Ensure matrix-riot-web.service installed template: src: "{{ role_path }}/templates/systemd/matrix-riot-web.service.j2" - dest: "/etc/systemd/system/matrix-riot-web.service" + dest: "{{ matrix_systemd_path }}/matrix-riot-web.service" mode: 0644 register: matrix_riot_web_systemd_service_result when: matrix_riot_web_enabled|bool @@ -91,7 +91,7 @@ - name: Check existence of matrix-riot-web service stat: - path: "/etc/systemd/system/matrix-riot-web.service" + path: "{{ matrix_systemd_path }}/matrix-riot-web.service" register: matrix_riot_web_service_stat when: "not matrix_riot_web_enabled|bool" @@ -105,7 +105,7 @@ - name: Ensure matrix-riot-web.service doesn't exist file: - path: "/etc/systemd/system/matrix-riot-web.service" + path: "{{ matrix_systemd_path }}/matrix-riot-web.service" state: absent when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists" diff --git a/roles/matrix-riot-web/templates/config.json.j2 b/roles/matrix-riot-web/templates/config.json.j2 index b82d53e07..41cbee7cf 100644 --- a/roles/matrix-riot-web/templates/config.json.j2 +++ b/roles/matrix-riot-web/templates/config.json.j2 @@ -30,6 +30,12 @@ "embeddedPages": { "homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }} }, + {% if matrix_riot_web_jitsi_preferredDomain is not none %} + "jitsi": { + "preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }}, + "externalApiUrl": "https://{{ matrix_riot_web_jitsi_preferredDomain }}/libs/external_api.min.js" + }, + {% endif %} "branding": { "authFooterLinks": {{ matrix_riot_web_branding_authFooterLinks|to_json }}, "authHeaderLogoUrl": {{ matrix_riot_web_branding_authHeaderLogoUrl|to_json }}, diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index fe9f5545f..f896f2324 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.11.1" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 9a4b9a7e5..efd9d46cf 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -31,7 +31,7 @@ - name: Ensure matrix-goofys.service installed template: src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" - dest: "/etc/systemd/system/matrix-goofys.service" + dest: "{{ matrix_systemd_path }}/matrix-goofys.service" mode: 0644 register: matrix_goofys_systemd_service_result diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml index 076f9a375..91d434569 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -1,6 +1,6 @@ - name: Check existence of matrix-goofys service stat: - path: "/etc/systemd/system/matrix-goofys.service" + path: "{{ matrix_systemd_path }}/matrix-goofys.service" register: matrix_goofys_service_stat - name: Ensure matrix-goofys is stopped @@ -13,7 +13,7 @@ - name: Ensure matrix-goofys.service doesn't exist file: - path: "/etc/systemd/system/matrix-goofys.service" + path: "{{ matrix_systemd_path }}/matrix-goofys.service" state: absent when: "matrix_goofys_service_stat.stat.exists" diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index 5f0cd9fff..da0e28c3e 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -28,4 +28,4 @@ when: "start_result.changed" - name: Register user - shell: "/usr/local/bin/matrix-synapse-register-user {{ username }} {{ password }} {{ '1' if admin == 'yes' else '0' }}" + shell: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username }} {{ password }} {{ '1' if admin == 'yes' else '0' }}" diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index cf24cefb5..f10614e74 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -90,7 +90,7 @@ - name: Ensure matrix-synapse.service installed template: src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2" - dest: "/etc/systemd/system/matrix-synapse.service" + dest: "{{ matrix_systemd_path }}/matrix-synapse.service" mode: 0644 register: matrix_synapse_systemd_service_result @@ -102,5 +102,5 @@ - name: Ensure matrix-synapse-register-user script created template: src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2" - dest: "/usr/local/bin/matrix-synapse-register-user" + dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user" mode: 0750 diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 241c69379..f1cdf1670 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -1,6 +1,6 @@ - name: Check existence of matrix-synapse service stat: - path: "/etc/systemd/system/matrix-synapse.service" + path: "{{ matrix_systemd_path }}/matrix-synapse.service" register: matrix_synapse_service_stat - name: Ensure matrix-synapse is stopped @@ -13,7 +13,7 @@ - name: Ensure matrix-synapse.service doesn't exist file: - path: "/etc/systemd/system/matrix-synapse.service" + path: "{{ matrix_systemd_path }}/matrix-synapse.service" state: absent when: "matrix_synapse_service_stat.stat.exists" diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index e3bc97b7d..5d63f8cba 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -45,4 +45,4 @@ register: password_hash - name: Update user password hash - shell: "/usr/local/bin/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'" + shell: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 49a9a9063..b3adcac9d 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1358,6 +1358,25 @@ saml2_config: # #grandfathered_mxid_source_attribute: upn + # Directory in which Synapse will try to find the template files below. + # If not set, default templates from within the Synapse package will be used. + # + # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates. + # If you *do* uncomment it, you will need to make sure that all the templates + # below are in the directory. + # + # Synapse will look for the following templates in this directory: + # + # * HTML page to display to users if something goes wrong during the + # authentication process: 'saml_error.html'. + # + # This template doesn't currently need any variable to render. + # + # You can see the default templates at: + # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates + # + #template_dir: "res/templates" + # Enable CAS for registration and login. @@ -1508,10 +1527,6 @@ email: # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates # #template_dir: "res/templates" - notif_template_html: notif_mail.html - notif_template_text: notif_mail.txt - expiry_template_html: notice_expiry.html - expiry_template_text: notice_expiry.txt {% endif %} diff --git a/setup.yml b/setup.yml index 429a6c4f3..61d448f31 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-mautrix-whatsapp - matrix-synapse - matrix-riot-web + - matrix-jitsi - matrix-mxisd - matrix-dimension - matrix-email2matrix