From 949b5d7a46963f75b425ca619404e8db8289193c Mon Sep 17 00:00:00 2001 From: tctovsli Date: Mon, 23 Mar 2020 15:03:40 +0100 Subject: [PATCH 01/16] Release synapse v.1.12.0 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index fe9f5545f..f896f2324 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.11.1" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From 9032151486042230262469b403e73c7edaf2758d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Mar 2020 16:15:03 +0200 Subject: [PATCH 02/16] Update Synapse configuration for v1.12.0 Some options are no longer required and have sensible default values. --- .../templates/synapse/homeserver.yaml.j2 | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 49a9a9063..b3adcac9d 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1358,6 +1358,25 @@ saml2_config: # #grandfathered_mxid_source_attribute: upn + # Directory in which Synapse will try to find the template files below. + # If not set, default templates from within the Synapse package will be used. + # + # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates. + # If you *do* uncomment it, you will need to make sure that all the templates + # below are in the directory. + # + # Synapse will look for the following templates in this directory: + # + # * HTML page to display to users if something goes wrong during the + # authentication process: 'saml_error.html'. + # + # This template doesn't currently need any variable to render. + # + # You can see the default templates at: + # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates + # + #template_dir: "res/templates" + # Enable CAS for registration and login. @@ -1508,10 +1527,6 @@ email: # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates # #template_dir: "res/templates" - notif_template_html: notif_mail.html - notif_template_text: notif_mail.txt - expiry_template_html: notice_expiry.html - expiry_template_text: notice_expiry.txt {% endif %} From 2c2b55a669cba657ac0537c6f0914f9229776326 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Mar 2020 17:13:58 +0200 Subject: [PATCH 03/16] Mark dimension DNS record as optional --- docs/configuring-dns.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 678c1679e..aefaabf92 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -18,12 +18,15 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR ## General outline of DNS settings you need to do -| Type | Host | Priority | Weight | Port | Target | -| ----- | ----------------------- | -------- | ------ | ---- | ---------------------- | -| A | `matrix` | - | - | - | `matrix-server-IP` | -| CNAME | `riot` | - | - | - | `matrix.` | -| CNAME | `dimension` | - | - | - | `matrix.` | -| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | +| Type | Host | Priority | Weight | Port | Target | +| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- | +| A | `matrix` | - | - | - | `matrix-server-IP` | +| CNAME | `riot` | - | - | - | `matrix.` | +| CNAME | `dimension` (*) | - | - | - | `matrix.` | +| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | + + +DNS records marked with `(*)` above are optional. They refer to services that will not be installed by default (see the section below). If you won't be installing these services, feel free to skip creating these DNS records. ## Subdomains setup From cdd9ee1962a88ce57dbf958fec655647fb163d1f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Mar 2020 17:19:15 +0200 Subject: [PATCH 04/16] Add Jitsi support --- docs/configuring-dns.md | 3 + docs/configuring-playbook-jitsi.md | 39 +++++++ group_vars/matrix_servers | 45 ++++++++ roles/matrix-base/defaults/main.yml | 5 +- roles/matrix-jitsi/defaults/main.yml | 109 ++++++++++++++++++ roles/matrix-jitsi/tasks/init.yml | 3 + roles/matrix-jitsi/tasks/main.yml | 33 ++++++ roles/matrix-jitsi/tasks/setup_jitsi_base.yml | 20 ++++ .../matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 86 ++++++++++++++ roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 86 ++++++++++++++ .../tasks/setup_jitsi_prosody.yml | 86 ++++++++++++++ roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 87 ++++++++++++++ roles/matrix-jitsi/templates/jicofo/env.j2 | 17 +++ .../jicofo/matrix-jitsi-jicofo.service.j2 | 31 +++++ roles/matrix-jitsi/templates/jvb/env.j2 | 14 +++ .../templates/jvb/matrix-jitsi-jvb.service.j2 | 37 ++++++ roles/matrix-jitsi/templates/prosody/env.j2 | 31 +++++ .../prosody/matrix-jitsi-prosody.service.j2 | 31 +++++ roles/matrix-jitsi/templates/web/env.j2 | 28 +++++ .../templates/web/matrix-jitsi-web.service.j2 | 35 ++++++ roles/matrix-nginx-proxy/defaults/main.yml | 7 ++ .../tasks/setup_nginx_proxy.yml | 13 +++ .../nginx/conf.d/matrix-jitsi.conf.j2 | 72 ++++++++++++ roles/matrix-riot-web/defaults/main.yml | 2 + .../matrix-riot-web/templates/config.json.j2 | 6 + setup.yml | 1 + 26 files changed, 926 insertions(+), 1 deletion(-) create mode 100644 docs/configuring-playbook-jitsi.md create mode 100644 roles/matrix-jitsi/defaults/main.yml create mode 100644 roles/matrix-jitsi/tasks/init.yml create mode 100644 roles/matrix-jitsi/tasks/main.yml create mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_base.yml create mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml create mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml create mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml create mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_web.yml create mode 100644 roles/matrix-jitsi/templates/jicofo/env.j2 create mode 100644 roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 create mode 100644 roles/matrix-jitsi/templates/jvb/env.j2 create mode 100644 roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 create mode 100644 roles/matrix-jitsi/templates/prosody/env.j2 create mode 100644 roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 create mode 100644 roles/matrix-jitsi/templates/web/env.j2 create mode 100644 roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 create mode 100644 roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index aefaabf92..735b348fb 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -23,6 +23,7 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR | A | `matrix` | - | - | - | `matrix-server-IP` | | CNAME | `riot` | - | - | - | `matrix.` | | CNAME | `dimension` (*) | - | - | - | `matrix.` | +| CNAME | `jitsi` (*) | - | - | - | `matrix.` | | SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | @@ -38,6 +39,8 @@ If you'd rather instruct the playbook not to install Riot (`matrix_riot_web_enab The `dimension.` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.` DNS record. +The `jitsi.` subdomain may be necessary, because this playbook could install the [Jitsi video-conferencing platform](https://jitsi.org/) for you. Jitsi installation is disabled by default, because it may be heavy and is not a core required component. To learn how to install it, see our [Jitsi](configuring-playbook-jitsi.md) guide. If you do not wish to set up Jitsi, feel free to skip the `jitsi.` DNS record. + ## `_matrix-identity._tcp` SRV record setup diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md new file mode 100644 index 000000000..b2afac466 --- /dev/null +++ b/docs/configuring-playbook-jitsi.md @@ -0,0 +1,39 @@ +# Jitsi + +The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md). + +Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services. + +The setup done by the playbook is very similar to [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet). + + +## Prerequisites + +Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. See [Configuring DNS](configuring-dns.md). + +You may also need to open the following ports to your server: + +- `udp/10000` - RTP media over UDP +- `tcp/4443` - RTP media fallback over TCP + + +## Installation + +Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_enabled: true + +# We only need this temporarily - until Jitsi integration in riot-web is finalized. +# Remove this line in the future, to switch back to a stable riot-web version. +matrix_riot_web_docker_image: "vectorim/riot-web:develop" +``` + +Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +.. and fully reload your riot-web page (at `riot.DOMAIN`). + +Starting a video-conference in a room with more than 2 members should then create a Jitsi widget which utilizes your self-hosted Jitsi server. + + +**NOTE**: the playbook currently configures the Jitsi JVB component to use Google's STUN servers even in cases where our own [Coturn TURN server](configuring-playbook-turn.md) is enabled (it is by default). This is because JVB fails to discover its own external IP correctly when pointed to our own Coturn server. The failure happens because JVB reaches Coturn via the localnetwork and discovers a local Docker IP address instead of the public one, leading to a non-working service. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f722e2659..8e3c7ed62 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -392,6 +392,46 @@ matrix_email2matrix_enabled: false +###################################################################### +# +# matrix-jitsi +# +###################################################################### + +matrix_jitsi_enabled: false + +# Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# the Jitsi HTTP port to the local host. +matrix_jitsi_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12080' }}" + +matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}" +matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}" +matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}" + +# TODO. Using our own STUN server fails, so we're using Google's STUN servers (the default for the matrix-jitsi role). +# +# When using our STUN server, JVB tries to discover its own IP by contacting it and gets a local Docker IP address instead of the external one. +# > matrix-jitsi-jvb[30965]: JVB 2020-03-23 14:52:59.253 INFO: [21] org.ice4j.ice.harvest.StunMappingCandidateHarvester.discover() Discovered public address 172.19.0.1:60385/udp from STUN server x.x.x.x:5349/udp using local address 172.18.0.10:0/udp +# +# matrix_jitsi_jvb_stun_servers: | +# {{ +# [ +# matrix_server_fqn_matrix + ':5349', +# matrix_server_fqn_matrix + ':3478', +# ] +# if matrix_coturn_enabled +# else [ 'stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] +# }} + +###################################################################### +# +# /matrix-jitsi +# +###################################################################### + + + ###################################################################### # # matrix-mailer @@ -482,6 +522,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_s matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_riot_enabled: "{{ matrix_riot_web_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" +matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -525,6 +566,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + + ([matrix_server_fqn_jitsi]) + + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) }} @@ -596,6 +639,8 @@ matrix_riot_web_enable_presence_by_hs_url: | matrix_riot_web_welcome_user_id: ~ +matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}" + ###################################################################### # # /matrix-riot-web diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index c2a81c294..0be463d13 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -18,6 +18,9 @@ matrix_server_fqn_riot: "riot.{{ matrix_domain }}" # This is where you access the Dimension. matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" +# This is where you access Jitsi. +matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}" + matrix_user_username: "matrix" matrix_user_uid: 991 matrix_user_gid: 991 @@ -69,4 +72,4 @@ run_stop: true # Building every docker image from source on the target host # Controlling docker image build is possible on a per unit base -matrix_container_images_self_build: false \ No newline at end of file +matrix_container_images_self_build: false diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml new file mode 100644 index 000000000..284e6f61e --- /dev/null +++ b/roles/matrix-jitsi/defaults/main.yml @@ -0,0 +1,109 @@ +matrix_jitsi_enabled: true + +matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi" + +matrix_jitsi_enable_auth: false +matrix_jitsi_enable_guests: false +matrix_jitsi_enable_recording: true +matrix_jitsi_enable_transcriptions: true + +matrix_jitsi_timezone: UTC + +matrix_jitsi_xmpp_domain: matrix-jitsi-web +matrix_jitsi_xmpp_server: matrix-jitsi-prosody +matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi +matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280 +matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi +matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi +matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi + +matrix_jitsi_recorder_domain: recorder.meet.jitsi + + +matrix_jitsi_jibri_brewery_muc: jibribrewery +matrix_jitsi_jibri_pending_timeout: 90 +matrix_jitsi_jibri_xmpp_user: jibri +matrix_jitsi_jibri_xmpp_password: jibri-password +matrix_jitsi_jibri_recorder_user: recorder +matrix_jitsi_jibri_recorder_password: recorder-password + + +matrix_jitsi_web_docker_image: "jitsi/web:4101" +matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" + +matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" +matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config" +matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts" + +matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}" + +# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:12080"), or empty string to not expose. +matrix_jitsi_web_container_http_host_bind_port: '' + +# A list of extra arguments to pass to the container +matrix_jitsi_web_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-web.service depends on +matrix_jitsi_web_systemd_required_services_list: ['docker.service'] + + +matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101" +matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" + +matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" +matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_jitsi_prosody_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-prosody.service depends on +matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] + + +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101" +matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" + +matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" +matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_jitsi_jicofo_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-jicofo.service depends on +matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] + +matrix_jitsi_jicofo_component_secret: s3cr37 +matrix_jitsi_jicofo_auth_user: focus +matrix_jitsi_jicofo_auth_password: passw0rd + + +matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101" +matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" + +matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" +matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_jitsi_jvb_container_extra_arguments: [] + +# List of systemd services that matrix-jitsi-jvb.service depends on +matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] + +matrix_jitsi_jvb_auth_user: jvb +matrix_jitsi_jvb_auth_password: passw0rd +matrix_jitsi_jvb_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] +matrix_jitsi_jvb_brewery_muc: jvbbrewery +matrix_jitsi_jvb_rtp_udp_port: 10000 +matrix_jitsi_jvb_rtp_tcp_port: 4443 + +# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:10000"), or empty string to not expose. +matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}" + +# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:4443"), or empty string to not expose. +matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml new file mode 100644 index 000000000..328a3a25a --- /dev/null +++ b/roles/matrix-jitsi/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web', 'matrix-jitsi-prosody', 'matrix-jitsi-jicofo', 'matrix-jitsi-jvb'] }}" + when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/matrix-jitsi/tasks/main.yml new file mode 100644 index 000000000..2bc4a57ff --- /dev/null +++ b/roles/matrix-jitsi/tasks/main.yml @@ -0,0 +1,33 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi + +- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml" + when: run_setup|bool + tags: + - setup-all + - setup-jitsi diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml new file mode 100644 index 000000000..fcfbb8f65 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -0,0 +1,20 @@ +--- + +# +# Tasks related to setting up jitsi +# + +- name: Ensure Matrix jitsi base path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_base_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +# +# Tasks related to getting rid of jitsi (if it was previously enabled) +# diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml new file mode 100644 index 000000000..7d1bc8154 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -0,0 +1,86 @@ +--- + +# +# Tasks related to setting up jitsi-jicofo +# + +- name: Ensure Matrix jitsi-jicofo path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true } + - { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-jicofo Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_jicofo_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-jicofo environment variables file created + template: + src: "{{ role_path }}/templates/jicofo/env.j2" + dest: "{{ matrix_jitsi_jicofo_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-jicofo.service installed + template: + src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2" + dest: "/etc/systemd/system/matrix-jitsi-jicofo.service" + mode: 0644 + register: matrix_jitsi_jicofo_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-jicofo (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-jicofo service + stat: + path: "/etc/systemd/system/matrix-jitsi-jicofo.service" + register: matrix_jitsi_jicofo_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-jicofo is stopped + service: + name: matrix-jitsi-jicofo + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-jicofo.service doesn't exist + file: + path: "/etc/systemd/system/matrix-jitsi-jicofo.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-jicofo paths doesn't exist + file: + path: "{{ matrix_jitsi_jicofo_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-jicofo Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_jicofo_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml new file mode 100644 index 000000000..bd6e97d89 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -0,0 +1,86 @@ +--- + +# +# Tasks related to setting up jitsi-jvb +# + +- name: Ensure Matrix jitsi-jvb path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_jvb_base_path }}", when: true } + - { path: "{{ matrix_jitsi_jvb_config_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-jvb Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_jvb_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-jvb environment variables file created + template: + src: "{{ role_path }}/templates/jvb/env.j2" + dest: "{{ matrix_jitsi_jvb_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-jvb.service installed + template: + src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2" + dest: "/etc/systemd/system/matrix-jitsi-jvb.service" + mode: 0644 + register: matrix_jitsi_jvb_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-jvb (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-jvb service + stat: + path: "/etc/systemd/system/matrix-jitsi-jvb.service" + register: matrix_jitsi_jvb_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-jvb is stopped + service: + name: matrix-jitsi-jvb + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-jvb.service doesn't exist + file: + path: "/etc/systemd/system/matrix-jitsi-jvb.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-jvb paths doesn't exist + file: + path: "{{ matrix_jitsi_jvb_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-jvb Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_jvb_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml new file mode 100644 index 000000000..6ea702487 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -0,0 +1,86 @@ +--- + +# +# Tasks related to setting up jitsi-prosody +# + +- name: Ensure Matrix jitsi-prosody path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true } + - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-prosody Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_prosody_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-prosody environment variables file created + template: + src: "{{ role_path }}/templates/prosody/env.j2" + dest: "{{ matrix_jitsi_prosody_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-prosody.service installed + template: + src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" + dest: "/etc/systemd/system/matrix-jitsi-prosody.service" + mode: 0644 + register: matrix_jitsi_prosody_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-prosody (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-prosody service + stat: + path: "/etc/systemd/system/matrix-jitsi-prosody.service" + register: matrix_jitsi_prosody_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-prosody is stopped + service: + name: matrix-jitsi-prosody + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-prosody.service doesn't exist + file: + path: "/etc/systemd/system/matrix-jitsi-prosody.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-prosody paths doesn't exist + file: + path: "{{ matrix_jitsi_prosody_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-prosody Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_prosody_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml new file mode 100644 index 000000000..7d3635432 --- /dev/null +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -0,0 +1,87 @@ +--- + +# +# Tasks related to setting up jitsi-web +# + +- name: Ensure Matrix jitsi-web path exists + file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_jitsi_web_base_path }}", when: true } + - { path: "{{ matrix_jitsi_web_config_path }}", when: true } + - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true } + when: matrix_jitsi_enabled|bool and item.when + +- name: Ensure jitsi-web Docker image is pulled + docker_image: + name: "{{ matrix_jitsi_web_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" + when: matrix_jitsi_enabled|bool + +- name: Ensure jitsi-web environment variables file created + template: + src: "{{ role_path }}/templates/web/env.j2" + dest: "{{ matrix_jitsi_web_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + +- name: Ensure matrix-jitsi-web.service installed + template: + src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2" + dest: "/etc/systemd/system/matrix-jitsi-web.service" + mode: 0644 + register: matrix_jitsi_web_systemd_service_result + when: matrix_jitsi_enabled|bool + +- name: Ensure systemd reloaded after matrix-jitsi-web.service installation + service: + daemon_reload: yes + when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed" + +# +# Tasks related to getting rid of jitsi-web (if it was previously enabled) +# + +- name: Check existence of matrix-jitsi-web service + stat: + path: "/etc/systemd/system/matrix-jitsi-web.service" + register: matrix_jitsi_web_service_stat + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure matrix-jitsi-web is stopped + service: + name: matrix-jitsi-web + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + +- name: Ensure matrix-jitsi-web.service doesn't exist + file: + path: "/etc/systemd/system/matrix-jitsi-web.service" + state: absent + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-jitsi-web.service removal + service: + daemon_reload: yes + when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" + +- name: Ensure Matrix jitsi-web paths doesn't exist + file: + path: "{{ matrix_jitsi_web_base_path }}" + state: absent + when: "not matrix_jitsi_enabled|bool" + +- name: Ensure jitsi-web Docker image doesn't exist + docker_image: + name: "{{ matrix_jitsi_web_docker_image }}" + state: absent + when: "not matrix_jitsi_enabled|bool" diff --git a/roles/matrix-jitsi/templates/jicofo/env.j2 b/roles/matrix-jitsi/templates/jicofo/env.j2 new file mode 100644 index 000000000..a402d2d75 --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/env.j2 @@ -0,0 +1,17 @@ +ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} + +XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} +XMPP_SERVER={{ matrix_jitsi_xmpp_server }} + +JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }} +JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} +JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} + +JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} + +JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }} +JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }} + +TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 new file mode 100644 index 000000000..53f086885 --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -0,0 +1,31 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-jicofo server +{% for service in matrix_jitsi_jicofo_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_jicofo_base_path }}/env \ + -v {{ matrix_jitsi_jicofo_config_path }}:/config \ + {% for arg in matrix_jitsi_jicofo_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_jicofo_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo +ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-jicofo + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/jvb/env.j2 b/roles/matrix-jitsi/templates/jvb/env.j2 new file mode 100644 index 000000000..0b88f8ccd --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/env.j2 @@ -0,0 +1,14 @@ +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} +XMPP_SERVER={{ matrix_jitsi_xmpp_server }} + +JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} +JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} +JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} +JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }} +JVB_TCP_HARVESTER_DISABLED=false +JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }} + +JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }} + +TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 new file mode 100644 index 000000000..5df5807a7 --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -0,0 +1,37 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-jvb server +{% for service in matrix_jitsi_jvb_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_jvb_base_path }}/env \ + {% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %} + -p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \ + {% endif %} + {% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %} + -p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \ + {% endif %} + -v {{ matrix_jitsi_jvb_config_path }}:/config \ + {% for arg in matrix_jitsi_jvb_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_jvb_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb +ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-jvb + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/matrix-jitsi/templates/prosody/env.j2 new file mode 100644 index 000000000..caa792134 --- /dev/null +++ b/roles/matrix-jitsi/templates/prosody/env.j2 @@ -0,0 +1,31 @@ +AUTH_TYPE=internal + +ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} +ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} + +XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} +XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} +XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} + +XMPP_MODULES= +XMPP_MUC_MODULES= +XMPP_INTERNAL_MUC_MODULES= + +XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} + +JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }} +JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} +JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} + +JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} +JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} + +JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }} +JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }} + +JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }} +JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }} + +TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 new file mode 100644 index 000000000..bf43021de --- /dev/null +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -0,0 +1,31 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-prosody server +{% for service in matrix_jitsi_prosody_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_prosody_base_path }}/env \ + -v {{ matrix_jitsi_prosody_config_path }}:/config \ + {% for arg in matrix_jitsi_prosody_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_prosody_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody +ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-prosody + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/web/env.j2 b/roles/matrix-jitsi/templates/web/env.j2 new file mode 100644 index 000000000..b85e9af54 --- /dev/null +++ b/roles/matrix-jitsi/templates/web/env.j2 @@ -0,0 +1,28 @@ +ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} +ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} + +ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }} + +DISABLE_HTTPS=1 + +JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} + +PUBLIC_URL={{ matrix_jitsi_web_public_url }} + +XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }} +XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} +XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} +XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} + +TZ={{ matrix_jitsi_timezone }} + +JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }} +JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }} +JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }} +JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }} +JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }} +JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }} + +ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }} diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 new file mode 100644 index 000000000..deed5025c --- /dev/null +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -0,0 +1,35 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-web server +{% for service in matrix_jitsi_web_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web +ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web + +ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_web_base_path }}/env \ + {% if matrix_jitsi_web_container_http_host_bind_port %} + -p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \ + {% endif %} + -v {{ matrix_jitsi_web_config_path }}:/config \ + -v {{ matrix_jitsi_web_transcripts_path }}:/usr/share/jitsi-meet/transcripts \ + {% for arg in matrix_jitsi_web_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_web_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-jitsi-web +ExecStop=-/usr/bin/docker rm matrix-jitsi-web +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-web + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index aeede0e2c..5bf0fc0c8 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -105,6 +105,10 @@ matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" matrix_nginx_proxy_proxy_dimension_enabled: false matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}" +# Controls whether proxying the jitsi domain should be done. +matrix_nginx_proxy_proxy_jitsi_enabled: false +matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}" + # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -164,6 +168,9 @@ matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration. matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to the jitsi's server configuration. +matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to the matrix domain server configuration. matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index a4e3a5386..b5d7ad6bf 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -66,6 +66,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_dimension_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for jitsi domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_jitsi_enabled|bool + - name: Ensure Matrix nginx-proxy data directory for base domain exists file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain" @@ -163,6 +170,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_jitsi_enabled|bool" + - name: Ensure Matrix nginx-proxy homepage for base domain deleted file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 new file mode 100644 index 000000000..7488d611f --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -0,0 +1,72 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; +{% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-jitsi-web:80"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:12080; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/privkey.pem; + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index e0002326d..808d4ffdb 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -58,6 +58,8 @@ matrix_riot_web_branding_welcomeBackgroundUrl: ~ # point this to a `home.html` template file on your local filesystem. matrix_riot_web_embedded_pages_home_path: ~ +matrix_riot_web_jitsi_preferredDomain: '' + # Controls whether the self-check feature should validate SSL certificates. matrix_riot_web_self_check_validate_certificates: true diff --git a/roles/matrix-riot-web/templates/config.json.j2 b/roles/matrix-riot-web/templates/config.json.j2 index b82d53e07..41cbee7cf 100644 --- a/roles/matrix-riot-web/templates/config.json.j2 +++ b/roles/matrix-riot-web/templates/config.json.j2 @@ -30,6 +30,12 @@ "embeddedPages": { "homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }} }, + {% if matrix_riot_web_jitsi_preferredDomain is not none %} + "jitsi": { + "preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }}, + "externalApiUrl": "https://{{ matrix_riot_web_jitsi_preferredDomain }}/libs/external_api.min.js" + }, + {% endif %} "branding": { "authFooterLinks": {{ matrix_riot_web_branding_authFooterLinks|to_json }}, "authHeaderLogoUrl": {{ matrix_riot_web_branding_authHeaderLogoUrl|to_json }}, diff --git a/setup.yml b/setup.yml index 429a6c4f3..61d448f31 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-mautrix-whatsapp - matrix-synapse - matrix-riot-web + - matrix-jitsi - matrix-mxisd - matrix-dimension - matrix-email2matrix From ecd35a8ddb7b81ede4d5ce844f5b536c6ca4067f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Mar 2020 21:03:04 +0200 Subject: [PATCH 05/16] Clarify webserver group membership requirement Discussed in #412 (Github Issue). --- docs/configuring-playbook-own-webserver.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index d686c9470..4adcd934b 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -22,7 +22,7 @@ For an alternative, make sure to check Method #2 as well. No matter which external webserver you decide to go with, you'll need to: -1) Make sure your web server user (something like `http`, `apache`, `www-data`, `nginx`) is part of the `matrix` group. You should run something like this: `usermod -a -G matrix nginx` +1) Make sure your web server user (something like `http`, `apache`, `www-data`, `nginx`) is part of the `matrix` group. You should run something like this: `usermod -a -G matrix nginx`. This allows your webserver user to access files owned by the `matrix` group. When using an external nginx webserver, this allows it to read configuration files from `/matrix/nginx-proxy/conf.d`. When using another server, it would make other files, such as `/matrix/static-files/.well-known`, accessible to it. 2) Edit your configuration file (`inventory/host_vars/matrix./vars.yml`) to disable the integrated nginx server: From d605b219a24435923103bf37b0fd58b26c4280fe Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Mar 2020 09:35:21 +0200 Subject: [PATCH 06/16] Manage Jitsi configuration by ourselves for most components We do this for 2 reasons: - so we can control things which are not controllable using environment variables (for example `stunServers` in jitsi/web, since we don't wish to use the hardcoded Google STUN servers if our own Coturn is enabled) - so playbook variable changes will properly rebuild the configuration. When using Jitsi environment variables, the configuration is only built once (the first time) and never rebuilt again. This is not the consistent with the rest of the playbook and with how Ansible operates. We're not perfect at it (yet), because we still let the Jitsi containers generate some files on their own, but we are closer and it should be good enough for most things. Related to #415 (Github Pull Request). --- docs/configuring-playbook-jitsi.md | 3 - group_vars/matrix_servers | 23 +- roles/matrix-jitsi/defaults/main.yml | 7 + .../matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 10 + roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 11 +- roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 10 + .../templates/jicofo/logging.properties.j2 | 20 + .../jicofo/sip-communicator.properties.j2 | 5 + roles/matrix-jitsi/templates/jvb/env.j2 | 14 - .../templates/jvb/logging.properties.j2 | 13 + .../templates/jvb/matrix-jitsi-jvb.service.j2 | 1 - .../jvb/sip-communicator.properties.j2 | 19 + roles/matrix-jitsi/templates/web/config.js.j2 | 486 ++++++++++++++++++ .../templates/web/interface_config.js.j2 | 230 +++++++++ 14 files changed, 816 insertions(+), 36 deletions(-) create mode 100644 roles/matrix-jitsi/templates/jicofo/logging.properties.j2 create mode 100644 roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 delete mode 100644 roles/matrix-jitsi/templates/jvb/env.j2 create mode 100644 roles/matrix-jitsi/templates/jvb/logging.properties.j2 create mode 100644 roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 create mode 100644 roles/matrix-jitsi/templates/web/config.js.j2 create mode 100644 roles/matrix-jitsi/templates/web/interface_config.js.j2 diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index b2afac466..7239758ba 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -34,6 +34,3 @@ Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags= .. and fully reload your riot-web page (at `riot.DOMAIN`). Starting a video-conference in a room with more than 2 members should then create a Jitsi widget which utilizes your self-hosted Jitsi server. - - -**NOTE**: the playbook currently configures the Jitsi JVB component to use Google's STUN servers even in cases where our own [Coturn TURN server](configuring-playbook-turn.md) is enabled (it is by default). This is because JVB fails to discover its own external IP correctly when pointed to our own Coturn server. The failure happens because JVB reaches Coturn via the localnetwork and discovers a local Docker IP address instead of the public one, leading to a non-working service. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8e3c7ed62..84d24aa9e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -409,20 +409,15 @@ matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | passw matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}" matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}" -# TODO. Using our own STUN server fails, so we're using Google's STUN servers (the default for the matrix-jitsi role). -# -# When using our STUN server, JVB tries to discover its own IP by contacting it and gets a local Docker IP address instead of the external one. -# > matrix-jitsi-jvb[30965]: JVB 2020-03-23 14:52:59.253 INFO: [21] org.ice4j.ice.harvest.StunMappingCandidateHarvester.discover() Discovered public address 172.19.0.1:60385/udp from STUN server x.x.x.x:5349/udp using local address 172.18.0.10:0/udp -# -# matrix_jitsi_jvb_stun_servers: | -# {{ -# [ -# matrix_server_fqn_matrix + ':5349', -# matrix_server_fqn_matrix + ':3478', -# ] -# if matrix_coturn_enabled -# else [ 'stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] -# }} +matrix_jitsi_web_stun_servers: | + {{ + [ + matrix_server_fqn_matrix + ':5349', + matrix_server_fqn_matrix + ':3478', + ] + if matrix_coturn_enabled + else [ 'stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] + }} ###################################################################### # diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 284e6f61e..ae5dcb8f9 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -37,6 +37,9 @@ matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}" +# STUN servers used in the web UI. Feel free to point them to your own STUN server. +matrix_jitsi_web_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] + # Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:12080"), or empty string to not expose. @@ -93,7 +96,11 @@ matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jits matrix_jitsi_jvb_auth_user: jvb matrix_jitsi_jvb_auth_password: passw0rd + +# STUN servers used by JVB on the server-side, so it can discover its own external IP address. +# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery. matrix_jitsi_jvb_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302'] + matrix_jitsi_jvb_brewery_muc: jvbbrewery matrix_jitsi_jvb_rtp_udp_port: 10000 matrix_jitsi_jvb_rtp_tcp_port: 4443 diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 7d1bc8154..98ebfb251 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -31,6 +31,16 @@ mode: 0640 when: matrix_jitsi_enabled|bool +- name: Ensure jitsi-jicofo configuration files created + template: + src: "{{ role_path }}/templates/jicofo/{{ item }}.j2" + dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}" + mode: 0644 + with_items: + - sip-communicator.properties + - logging.properties + when: matrix_jitsi_enabled|bool + - name: Ensure matrix-jitsi-jicofo.service installed template: src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index bd6e97d89..86067c23e 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -24,11 +24,14 @@ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool -- name: Ensure jitsi-jvb environment variables file created +- name: Ensure jitsi-jvb configuration files created template: - src: "{{ role_path }}/templates/jvb/env.j2" - dest: "{{ matrix_jitsi_jvb_base_path }}/env" - mode: 0640 + src: "{{ role_path }}/templates/jvb/{{ item }}.j2" + dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}" + mode: 0644 + with_items: + - sip-communicator.properties + - logging.properties when: matrix_jitsi_enabled|bool - name: Ensure matrix-jitsi-jvb.service installed diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 7d3635432..93d690233 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -32,6 +32,16 @@ mode: 0640 when: matrix_jitsi_enabled|bool +- name: Ensure jitsi-web configuration files created + template: + src: "{{ role_path }}/templates/web/{{ item }}.j2" + dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}" + mode: 0644 + with_items: + - config.js + - interface_config.js + when: matrix_jitsi_enabled|bool + - name: Ensure matrix-jitsi-web.service installed template: src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2" diff --git a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 new file mode 100644 index 000000000..7eba95af6 --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 @@ -0,0 +1,20 @@ +handlers= java.util.logging.ConsoleHandler + +java.util.logging.ConsoleHandler.level = ALL +java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter + +net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo + +.level=INFO +net.sf.level=SEVERE +net.java.sip.communicator.plugin.reconnectplugin.level=FINE +org.ice4j.level=SEVERE +org.jitsi.impl.neomedia.level=SEVERE + +# Do not worry about missing strings +net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE + +#net.java.sip.communicator.service.protocol.level=ALL + +# Enable debug packets logging +#org.jitsi.impl.protocol.xmpp.level=FINE diff --git a/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 b/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 new file mode 100644 index 000000000..6736becc3 --- /dev/null +++ b/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 @@ -0,0 +1,5 @@ +org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true +org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} + +org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} +org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90 diff --git a/roles/matrix-jitsi/templates/jvb/env.j2 b/roles/matrix-jitsi/templates/jvb/env.j2 deleted file mode 100644 index 0b88f8ccd..000000000 --- a/roles/matrix-jitsi/templates/jvb/env.j2 +++ /dev/null @@ -1,14 +0,0 @@ -XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} -XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} -XMPP_SERVER={{ matrix_jitsi_xmpp_server }} - -JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} -JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} -JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} -JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }} -JVB_TCP_HARVESTER_DISABLED=false -JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }} - -JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }} - -TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 new file mode 100644 index 000000000..48c1e9fa5 --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 @@ -0,0 +1,13 @@ +handlers= java.util.logging.ConsoleHandler + +java.util.logging.ConsoleHandler.level = ALL +java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter + +net.java.sip.communicator.util.ScLogFormatter.programname=JVB + +.level=INFO + +org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE + +# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge. +org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index 5df5807a7..03aef079e 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -14,7 +14,6 @@ ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \ --log-driver=none \ --network={{ matrix_docker_network }} \ - --env-file={{ matrix_jitsi_jvb_base_path }}/env \ {% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %} -p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \ {% endif %} diff --git a/roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 b/roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 new file mode 100644 index 000000000..173af0b65 --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2 @@ -0,0 +1,19 @@ +org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_udp_port }} +org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false +org.jitsi.videobridge.TCP_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }} + +{% if matrix_jitsi_jvb_stun_servers|length > 0 %} +org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ matrix_jitsi_jvb_stun_servers|join(',') }} +{% endif %} + +org.jitsi.videobridge.xmpp.user.shard.HOSTNAME={{ matrix_jitsi_xmpp_server }} +org.jitsi.videobridge.xmpp.user.shard.DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +org.jitsi.videobridge.xmpp.user.shard.USERNAME={{ matrix_jitsi_jvb_auth_user }} +org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ matrix_jitsi_jvb_auth_password }} +org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} +org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=matrix-jitsi-jvb +org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true + +org.jitsi.videobridge.ENABLE_STATISTICS=true +org.jitsi.videobridge.STATISTICS_TRANSPORT=muc +org.jitsi.videobridge.STATISTICS_INTERVAL=5000 diff --git a/roles/matrix-jitsi/templates/web/config.js.j2 b/roles/matrix-jitsi/templates/web/config.js.j2 new file mode 100644 index 000000000..f18471e1c --- /dev/null +++ b/roles/matrix-jitsi/templates/web/config.js.j2 @@ -0,0 +1,486 @@ +/* eslint-disable no-unused-vars, no-var */ + +var config = { + // Configuration + // + + // Alternative location for the configuration. + // configLocation: './config.json', + + // Custom function which given the URL path should return a room name. + // getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; }, + + + // Connection + // + + hosts: { + // XMPP domain. + domain: '{{ matrix_jitsi_xmpp_domain }}', + + {% if matrix_jitsi_enable_guests %} + // When using authentication, domain for guest users. + anonymousdomain: 'guest.example.com', + + // Domain for authenticated users. Defaults to . + authdomain: '{{ matrix_jitsi_xmpp_domain }}', + {% endif %} + + // Jirecon recording component domain. + // jirecon: 'jirecon.{{ matrix_jitsi_xmpp_domain }}', + + // Call control component (Jigasi). + // call_control: 'callcontrol.{{ matrix_jitsi_xmpp_domain }}', + + // Focus component domain. Defaults to focus.. + // focus: 'focus.{{ matrix_jitsi_xmpp_domain }}', + + // XMPP MUC domain. FIXME: use XEP-0030 to discover it. + muc: {{ matrix_jitsi_xmpp_muc_domain|to_json }}, + }, + + // BOSH URL. FIXME: use XEP-0156 to discover it. + bosh: '/http-bind', + + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + + // The real JID of focus participant - can be overridden here + focusUserJid: {{ matrix_jitsi_jicofo_auth_user|to_json }} + '@' + {{ matrix_jitsi_xmpp_auth_domain|to_json }}, + + + // Testing / experimental features. + // + + testing: { + // Enables experimental simulcast support on Firefox. + enableFirefoxSimulcast: false, + + // P2P test mode disables automatic switching to P2P when there are 2 + // participants in the conference. + p2pTestMode: false + + // Enables the test specific features consumed by jitsi-meet-torture + // testMode: false + }, + + // Disables ICE/UDP by filtering out local and remote UDP candidates in + // signalling. + // webrtcIceUdpDisable: false, + + // Disables ICE/TCP by filtering out local and remote TCP candidates in + // signalling. + // webrtcIceTcpDisable: false, + + + // Media + // + + // Audio + + // Disable measuring of audio levels. + // disableAudioLevels: false, + + // Start the conference in audio only mode (no video is being received nor + // sent). + // startAudioOnly: false, + + // Every participant after the Nth will start audio muted. + // startAudioMuted: 10, + + // Start calls with audio muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithAudioMuted: false, + + // Enabling it (with #params) will disable local audio output of remote + // participants and to enable it back a reload is needed. + // startSilent: false + + // Video + + // Sets the preferred resolution (height) for local video. Defaults to 720. + // resolution: 720, + + // w3c spec-compliant video constraints to use for video capture. Currently + // used by browsers that return true from lib-jitsi-meet's + // util#browser#usesNewGumFlow. The constraints are independency from + // this config's resolution value. Defaults to requesting an ideal aspect + // ratio of 16:9 with an ideal resolution of 720. + // constraints: { + // video: { + // aspectRatio: 16 / 9, + // height: { + // ideal: 720, + // max: 720, + // min: 240 + // } + // } + // }, + + // Enable / disable simulcast support. + // disableSimulcast: false, + + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. + // enableLayerSuspension: false, + + // Suspend sending video if bandwidth estimation is too low. This may cause + // problems with audio playback. Disabled until these are fixed. + disableSuspendVideo: true, + + // Every participant after the Nth will start video muted. + // startVideoMuted: 10, + + // Start calls with video muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithVideoMuted: false, + + // If set to true, prefer to use the H.264 video codec (if supported). + // Note that it's not recommended to do this because simulcast is not + // supported when using H.264. For 1-to-1 calls this setting is enabled by + // default and can be toggled in the p2p section. + // preferH264: true, + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // Desktop sharing + + // The ID of the jidesha extension for Chrome. + desktopSharingChromeExtId: null, + + // Whether desktop sharing should be disabled on Chrome. + // desktopSharingChromeDisabled: false, + + // The media sources to use when using screen sharing with the Chrome + // extension. + desktopSharingChromeSources: [ 'screen', 'window', 'tab' ], + + // Required version of Chrome extension + desktopSharingChromeMinExtVersion: '0.1', + + // Whether desktop sharing should be disabled on Firefox. + // desktopSharingFirefoxDisabled: false, + + // Optional desktop sharing frame rate options. Default value: min:5, max:5. + // desktopSharingFrameRate: { + // min: 5, + // max: 5 + // }, + + // Try to start calls with screen-sharing instead of camera video. + // startScreenSharing: false, + + // Recording +hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }}, + + // Whether to enable file recording or not. + fileRecordingsEnabled: {{ matrix_jitsi_enable_recording|to_json }}, + // Enable the dropbox integration. + // dropbox: { + // appKey: '' // Specify your app key here. + // // A URL to redirect the user to, after authenticating + // // by default uses: + // // 'https://{{ matrix_jitsi_xmpp_domain }}/static/oauth.html' + // redirectURI: + // 'https://{{ matrix_jitsi_xmpp_domain }}/subfolder/static/oauth.html' + // }, + // When integrations like dropbox are enabled only that will be shown, + // by enabling fileRecordingsServiceEnabled, we show both the integrations + // and the generic recording service (its configuration and storage type + // depends on jibri configuration) + // fileRecordingsServiceEnabled: false, + // Whether to show the possibility to share file recording with other people + // (e.g. meeting participants), based on the actual implementation + // on the backend. + // fileRecordingsServiceSharingEnabled: false, + + // Whether to enable live streaming or not. + liveStreamingEnabled: {{ matrix_jitsi_enable_recording|to_json }}, + + // Transcription (in interface_config, + // subtitles and buttons can be configured) + transcribingEnabled: {{ matrix_jitsi_enable_transcriptions|to_json }}, + + // Misc + + // Default value for the channel "last N" attribute. -1 for unlimited. + channelLastN: -1, + + // Disables or enables RTX (RFC 4588) (defaults to false). + // disableRtx: false, + + // Disables or enables TCC (the default is in Jicofo and set to true) + // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting + // affects congestion control, it practically enables send-side bandwidth + // estimations. + // enableTcc: true, + + // Disables or enables REMB (the default is in Jicofo and set to false) + // (draft-alvestrand-rmcat-remb-03). This setting affects congestion + // control, it practically enables recv-side bandwidth estimations. When + // both TCC and REMB are enabled, TCC takes precedence. When both are + // disabled, then bandwidth estimations are disabled. + // enableRemb: false, + + // Defines the minimum number of participants to start a call (the default + // is set in Jicofo and set to 2). + // minParticipants: 2, + + // Use XEP-0215 to fetch STUN and TURN servers. + // useStunTurn: true, + + // Enable IPv6 support. + // useIPv6: true, + + // Enables / disables a data communication channel with the Videobridge. + // Values can be 'datachannel', 'websocket', true (treat it as + // 'datachannel'), undefined (treat it as 'datachannel') and false (don't + // open any channel). + // openBridgeChannel: true, + + + // UI + // + + // Use display name as XMPP nickname. + // useNicks: false, + + // Require users to always specify a display name. + // requireDisplayName: true, + + // Whether to use a welcome page or not. In case it's false a random room + // will be joined when no room is specified. + enableWelcomePage: true, + + // Enabling the close page will ignore the welcome page redirection when + // a call is hangup. + // enableClosePage: false, + + // Disable hiding of remote thumbnails when in a 1-on-1 conference call. + // disable1On1Mode: false, + + // Default language for the user interface. + // defaultLanguage: 'en', + + // If true all users without a token will be considered guests and all users + // with token will be considered non-guests. Only guests will be allowed to + // edit their profile. + enableUserRolesBasedOnToken: false, + + // Whether or not some features are checked based on token. + // enableFeaturesBasedOnToken: false, + + // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests. + // lockRoomGuestEnabled: false, + + // When enabled the password used for locking a room is restricted to up to the number of digits specified + // roomPasswordNumberOfDigits: 10, + // default: roomPasswordNumberOfDigits: false, + + // Message to show the users. Example: 'The service will be down for + // maintenance at 01:00 AM GMT, + // noticeMessage: '', + + // Enables calendar integration, depends on googleApiApplicationClientID + // and microsoftApiApplicationClientID + // enableCalendarIntegration: false, + + // Stats + // + + // Whether to enable stats collection or not in the TraceablePeerConnection. + // This can be useful for debugging purposes (post-processing/analysis of + // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth + // estimation tests. + // gatherStats: false, + + // To enable sending statistics to callstats.io you must provide the + // Application ID and Secret. + // callStatsID: '', + // callStatsSecret: '', + + // enables callstatsUsername to be reported as statsId and used + // by callstats as repoted remote id + // enableStatsID: false + + // enables sending participants display name to callstats + // enableDisplayNameInStats: false + + + // Privacy + // + + // If third party requests are disabled, no other server will be contacted. + // This means avatars will be locally generated and callstats integration + // will not function. + // disableThirdPartyRequests: false, + + + // Peer-To-Peer mode: used (if enabled) when there are just 2 participants. + // + + p2p: { + // Enables peer to peer mode. When enabled the system will try to + // establish a direct connection when there are exactly 2 participants + // in the room. If that succeeds the conference will stop sending data + // through the JVB and use the peer to peer connection instead. When a + // 3rd participant joins the conference will be moved back to the JVB + // connection. + enabled: true, + + // Use XEP-0215 to fetch STUN and TURN servers. + // useStunTurn: true, + + // The STUN servers that will be used in the peer to peer connections + {% if matrix_jitsi_web_stun_servers|length > 0 %} + stunServers: [ + {% for url in matrix_jitsi_web_stun_servers %} + { urls: {{ url|to_json }} }{% if not loop.last %},{% endif %} + {% endfor %} + ], + {% endif %} + + // Sets the ICE transport policy for the p2p connection. At the time + // of this writing the list of possible values are 'all' and 'relay', + // but that is subject to change in the future. The enum is defined in + // the WebRTC standard: + // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum. + // If not set, the effective value is 'all'. + // iceTransportPolicy: 'all', + + // If set to true, it will prefer to use H.264 for P2P calls (if H.264 + // is supported). + preferH264: true + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // How long we're going to wait, before going back to P2P after the 3rd + // participant has left the conference (to filter out page reload). + // backToP2PDelay: 5 + }, + + analytics: { + // The Google Analytics Tracking ID: + // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' + + // The Amplitude APP Key: + // amplitudeAPPKey: '' + + // Array of script URLs to load as lib-jitsi-meet "analytics handlers". + // scriptURLs: [ + // "libs/analytics-ga.min.js", // google-analytics + // "https://example.com/my-custom-analytics.js" + // ], + }, + + // Information about the jitsi-meet instance we are connecting to, including + // the user region as seen by the server. + deploymentInfo: { + // shard: "shard1", + // region: "europe", + // userRegion: "asia" + } + + // Local Recording + // + + // localRecording: { + // Enables local recording. + // Additionally, 'localrecording' (all lowercase) needs to be added to + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. + // + // enabled: true, + // + + // The recording format, can be one of 'ogg', 'flac' or 'wav'. + // format: 'flac' + // + + // } + + // Options related to end-to-end (participant to participant) ping. + // e2eping: { + // // The interval in milliseconds at which pings will be sent. + // // Defaults to 10000, set to <= 0 to disable. + // pingInterval: 10000, + // + // // The interval in milliseconds at which analytics events + // // with the measured RTT will be sent. Defaults to 60000, set + // // to <= 0 to disable. + // analyticsInterval: 60000, + // } + + // If set, will attempt to use the provided video input device label when + // triggering a screenshare, instead of proceeding through the normal flow + // for obtaining a desktop stream. + // NOTE: This option is experimental and is currently intended for internal + // use only. + // _desktopSharingSourceDevice: 'sample-id-or-label' + + // If true, any checks to handoff to another application will be prevented + // and instead the app will continue to display in the current browser. + // disableDeepLinking: false + + // A property to disable the right click context menu for localVideo + // the menu has option to flip the locally seen video for local presentations + // disableLocalVideoFlip: false + + // List of undocumented settings used in jitsi-meet + /** + _immediateReloadThreshold + autoRecord + autoRecordToken + debug + debugAudioLevels + deploymentInfo + dialInConfCodeUrl + dialInNumbersUrl + dialOutAuthUrl + dialOutCodesUrl + disableRemoteControl + displayJids + etherpad_base + externalConnectUrl + firefox_fake_device + googleApiApplicationClientID + iAmRecorder + iAmSipGateway + microsoftApiApplicationClientID + peopleSearchQueryTypes + peopleSearchUrl + requireDisplayName + tokenAuthUrl + */ + + // List of undocumented settings used in lib-jitsi-meet + /** + _peerConnStatusOutOfLastNTimeout + _peerConnStatusRtcMuteTimeout + abTesting + avgRtpStatsN + callStatsConfIDNamespace + callStatsCustomScriptUrl + desktopSharingSources + disableAEC + disableAGC + disableAP + disableHPF + disableNS + enableLipSync + enableTalkWhileMuted + forceJVB121Ratio + hiddenDomain + ignoreStartMuted + nick + startBitrate + */ + +}; + +/* eslint-enable no-unused-vars, no-var */ diff --git a/roles/matrix-jitsi/templates/web/interface_config.js.j2 b/roles/matrix-jitsi/templates/web/interface_config.js.j2 new file mode 100644 index 000000000..dd5abc59d --- /dev/null +++ b/roles/matrix-jitsi/templates/web/interface_config.js.j2 @@ -0,0 +1,230 @@ +/* eslint-disable no-unused-vars, no-var, max-len */ + +var interfaceConfig = { + // TO FIX: this needs to be handled from SASS variables. There are some + // methods allowing to use variables both in css and js. + DEFAULT_BACKGROUND: '#474747', + + /** + * Whether or not the blurred video background for large video should be + * displayed on browsers that can support it. + */ + DISABLE_VIDEO_BACKGROUND: false, + + INITIAL_TOOLBAR_TIMEOUT: 20000, + TOOLBAR_TIMEOUT: 4000, + TOOLBAR_ALWAYS_VISIBLE: false, + DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', + DEFAULT_LOCAL_DISPLAY_NAME: 'me', + SHOW_JITSI_WATERMARK: true, + JITSI_WATERMARK_LINK: 'https://jitsi.org', + + // if watermark is disabled by default, it can be shown only for guests + SHOW_WATERMARK_FOR_GUESTS: true, + SHOW_BRAND_WATERMARK: false, + BRAND_WATERMARK_LINK: '', + SHOW_POWERED_BY: false, + SHOW_DEEP_LINKING_IMAGE: false, + GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true, + DISPLAY_WELCOME_PAGE_CONTENT: true, + APP_NAME: 'Jitsi Meet', + NATIVE_APP_NAME: 'Jitsi Meet', + PROVIDER_NAME: 'Jitsi', + LANG_DETECTION: false, // Allow i18n to detect the system language + INVITATION_POWERED_BY: true, + + /** + * If we should show authentication block in profile + */ + AUTHENTICATION_ENABLE: true, + + /** + * The name of the toolbar buttons to display in the toolbar. If present, + * the button will display. Exceptions are "livestreaming" and "recording" + * which also require being a moderator and some values in config.js to be + * enabled. Also, the "profile" button will not display for user's with a + * jwt. + */ + TOOLBAR_BUTTONS: [ + {% if matrix_jitsi_enable_transcriptions %} + 'closedcaptions', + {% endif %} + + 'microphone', 'camera', 'desktop', 'fullscreen', + 'fodeviceselection', 'hangup', 'profile', 'info', 'chat', 'recording', + 'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand', + 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', + 'tileview', 'videobackgroundblur' + ], + + SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ], + + // Determines how the video would fit the screen. 'both' would fit the whole + // screen, 'height' would fit the original video height to the height of the + // screen, 'width' would fit the original video width to the width of the + // screen respecting ratio. + VIDEO_LAYOUT_FIT: 'both', + + /** + * Whether to only show the filmstrip (and hide the toolbar). + */ + filmStripOnly: false, + + /** + * Whether to show thumbnails in filmstrip as a column instead of as a row. + */ + VERTICAL_FILMSTRIP: true, + + // A html text to be shown to guests on the close page, false disables it + CLOSE_PAGE_GUEST_HINT: false, + RANDOM_AVATAR_URL_PREFIX: false, + RANDOM_AVATAR_URL_SUFFIX: false, + FILM_STRIP_MAX_HEIGHT: 120, + + // Enables feedback star animation. + ENABLE_FEEDBACK_ANIMATION: false, + DISABLE_FOCUS_INDICATOR: false, + DISABLE_DOMINANT_SPEAKER_INDICATOR: false, + + /** + * Whether the speech to text transcription subtitles panel is disabled. + * If {@code undefined}, defaults to {@code false}. + * + * @type {boolean} + */ + DISABLE_TRANSCRIPTION_SUBTITLES: false, + + /** + * Whether the ringing sound in the call/ring overlay is disabled. If + * {@code undefined}, defaults to {@code false}. + * + * @type {boolean} + */ + DISABLE_RINGING: false, + AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)', + AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)', + POLICY_LOGO: null, + LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9 + REMOTE_THUMBNAIL_RATIO: 1, // 1:1 + // Documentation reference for the live streaming feature. + LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', + + /** + * Whether the mobile app Jitsi Meet is to be promoted to participants + * attempting to join a conference in a mobile Web browser. If + * {@code undefined}, defaults to {@code true}. + * + * @type {boolean} + */ + MOBILE_APP_PROMO: true, + + /** + * Maximum coeficient of the ratio of the large video to the visible area + * after the large video is scaled to fit the window. + * + * @type {number} + */ + MAXIMUM_ZOOMING_COEFFICIENT: 1.3, + + /* + * If indicated some of the error dialogs may point to the support URL for + * help. + */ + SUPPORT_URL: 'https://github.com/jitsi/jitsi-meet/issues/new', + + /** + * Whether the connection indicator icon should hide itself based on + * connection strength. If true, the connection indicator will remain + * displayed while the participant has a weak connection and will hide + * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is + * strong. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true, + + /** + * How long the connection indicator should remain displayed before hiding. + * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED. + * + * @type {number} + */ + CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000, + + /** + * If true, hides the connection indicators completely. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_DISABLED: false, + + /** + * If true, hides the video quality label indicating the resolution status + * of the current large video. + * + * @type {boolean} + */ + VIDEO_QUALITY_LABEL_DISABLED: false, + + /** + * If true, will display recent list + * + * @type {boolean} + */ + RECENT_LIST_ENABLED: true, + + // Names of browsers which should show a warning stating the current browser + // has a suboptimal experience. Browsers which are not listed as optimal or + // unsupported are considered suboptimal. Valid values are: + // chrome, chromium, edge, electron, firefox, nwjs, opera, safari + OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron' ], + + // Browsers, in addition to those which do not fully support WebRTC, that + // are not supported and should show the unsupported browser page. + UNSUPPORTED_BROWSERS: [], + + /** + * A UX mode where the last screen share participant is automatically + * pinned. Valid values are the string "remote-only" so remote participants + * get pinned but not local, otherwise any truthy value for all participants, + * and any falsy value to disable the feature. + * + * Note: this mode is experimental and subject to breakage. + */ + AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only' + + /** + * How many columns the tile view can expand to. The respected range is + * between 1 and 5. + */ + // TILE_VIEW_MAX_COLUMNS: 5, + + /** + * Specify custom URL for downloading android mobile app. + */ + // MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet', + + /** + * Specify URL for downloading ios mobile app. + */ + // MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905', + + /** + * Specify mobile app scheme for opening the app from the mobile browser. + */ + // APP_SCHEME: 'org.jitsi.meet', + + /** + * Specify the Android app package name. + */ + // ANDROID_APP_PACKAGE: 'org.jitsi.meet', + + /** + * Override the behavior of some notifications to remain displayed until + * explicitly dismissed through a user action. The value is how long, in + * milliseconds, those notifications should remain displayed. + */ + // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000, +}; + +/* eslint-enable no-unused-vars, no-var, max-len */ From 8ff55bcd14160a2dafa06caeb5cefe71e6d0bc8a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Mar 2020 15:30:14 +0200 Subject: [PATCH 07/16] Update documentation and changelog --- CHANGELOG.md | 9 +++++++++ README.md | 10 ++++++++++ docs/configuring-playbook-jitsi.md | 7 +++++-- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 31771186b..24a6af083 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2020-03-24 + +## Jitsi support + +The playbook can now (optionally) install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](docs/configuring-playbook-riot-web.md). + +See our [Jitsi documentation page](docs/configuring-playbook-jitsi.md) to get started. + + # 2020-03-15 ## Raspberry Pi support diff --git a/README.md b/README.md index bf6398cd4..a991e533e 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients +- (optional) [Jitsi](https://jitsi.org/), an open source video-conferencing platform + Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. @@ -144,6 +146,14 @@ This playbook sets up your server using the following Docker images: - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional) +- [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional) + +- [jitsi/jicofo](https://hub.docker.com/r/jitsi/jicofo) - the [Jitsi](https://jitsi.org/) Focus component (optional) + +- [jitsi/prosody](https://hub.docker.com/r/jitsi/prosody) - the [Jitsi](https://jitsi.org/) Prosody XMPP server component (optional) + +- [jitsi/jvb](https://hub.docker.com/r/jitsi/jvb) - the [Jitsi](https://jitsi.org/) Video Bridge component (optional) + ## Deficiencies diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 7239758ba..0d030d4e0 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -31,6 +31,9 @@ matrix_riot_web_docker_image: "vectorim/riot-web:develop" Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` -.. and fully reload your riot-web page (at `riot.DOMAIN`). -Starting a video-conference in a room with more than 2 members should then create a Jitsi widget which utilizes your self-hosted Jitsi server. +## Usage + +You can use the self-hosted Jitsi server through Riot, through an Integration Manager like [Dimension](docs/configuring-playbook-dimension.md) or directly at `https://jitsi.DOMAIN`. + +To use it via riot-web, make sure you've installed the `develop` version and fully reloaded your riot-web page (at `riot.DOMAIN`). Starting a video-conference in a room containing more than 2 members should then create a Jitsi widget which utilizes your self-hosted Jitsi server. From fcb4f2579d9f21336595091aead80468cc3c2764 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Mar 2020 16:15:52 +0200 Subject: [PATCH 08/16] Upgrade matrix-corporal (1.7.1 -> 1.7.2) --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 81d2c16cb..9b0c9188b 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.7.1" +matrix_corporal_docker_image: "devture/matrix-corporal:1.7.2" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" From e06ac41db1653583419c6818d8ffc999bb52a2a3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Mar 2020 16:21:26 +0200 Subject: [PATCH 09/16] Do not try to obtain jitsi.DOMAIN certificate if Jitsi is disabled --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 84d24aa9e..c2dd57866 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -561,7 +561,7 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + - ([matrix_server_fqn_jitsi]) + ([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else []) + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) }} From 0e69a5103606a564e154b2ccad8d650840de8edf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Mar 2020 16:41:24 +0200 Subject: [PATCH 10/16] Upgrade matrix-corporal (1.7.2 -> 1.8.0) --- roles/matrix-corporal/defaults/main.yml | 5 ++++- roles/matrix-corporal/templates/config.json.j2 | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 9b0c9188b..9430f0532 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.7.2" +matrix_corporal_docker_image: "devture/matrix-corporal:1.8.0" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" @@ -46,8 +46,11 @@ matrix_corporal_matrix_timeout_milliseconds: 45000 matrix_corporal_reconciliation_retry_interval_milliseconds: 30000 matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal" +matrix_corporal_http_gateway_timeout_milliseconds: 60000 + matrix_corporal_http_api_enabled: false matrix_corporal_http_api_auth_token: "" +matrix_corporal_http_api_timeout_milliseconds: 15000 # Matrix Corporal policy provider configuration (goes directly into the configuration's `PolicyProvider` value) matrix_corporal_policy_provider_config: "" diff --git a/roles/matrix-corporal/templates/config.json.j2 b/roles/matrix-corporal/templates/config.json.j2 index 378b2c19b..dff738301 100644 --- a/roles/matrix-corporal/templates/config.json.j2 +++ b/roles/matrix-corporal/templates/config.json.j2 @@ -13,13 +13,15 @@ }, "HttpGateway": { - "ListenAddress": "0.0.0.0:41080" + "ListenAddress": "0.0.0.0:41080", + "TimeoutMilliseconds": {{ matrix_corporal_http_gateway_timeout_milliseconds }} }, "HttpApi": { "Enabled": {{ matrix_corporal_http_api_enabled|to_json }}, "ListenAddress": "0.0.0.0:41081", - "AuthorizationBearerToken": "{{ matrix_corporal_http_api_auth_token }}" + "AuthorizationBearerToken": "{{ matrix_corporal_http_api_auth_token }}", + "TimeoutMilliseconds": {{ matrix_corporal_http_api_timeout_milliseconds }} }, "PolicyProvider": {{ matrix_corporal_policy_provider_config }}, From 0f39cb99877a335a97a37677a067c59f9d5dd372 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Mar 2020 17:57:33 +0200 Subject: [PATCH 11/16] Fix incorrect server_name for Jitsi Fixes #417 (Github Issue) --- .../templates/nginx/conf.d/matrix-jitsi.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index 7488d611f..c66891726 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -56,7 +56,7 @@ server { listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; - server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }}; + server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }}; server_tokens off; root /dev/null; From e5849801c624a2e1787a397fcf15556ed5f03593 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Mar 2020 18:26:52 +0200 Subject: [PATCH 12/16] Add Jitsi reference to Configuring Playbook docs page --- docs/configuring-playbook.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 4d84fac33..051abf166 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -31,6 +31,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional, but recommended; after [installing](installing.md)) +- [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional) + ### Core service adjustments From eebc6e13f804fc757ab6d5b3d5512dc3a7866f11 Mon Sep 17 00:00:00 2001 From: mooomooo Date: Tue, 24 Mar 2020 11:27:58 -0700 Subject: [PATCH 13/16] Made directory variables for /etc/systemd/system , /etc/cron.d , /usr/local/bin --- roles/matrix-base/defaults/main.yml | 3 +++ roles/matrix-base/tasks/setup_matrix_base.yml | 2 +- .../templates/usr-local-bin/matrix-remove-all.j2 | 6 +++--- .../tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 4 ++-- .../tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 4 ++-- .../tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 4 ++-- .../tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 4 ++-- .../tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 4 ++-- .../tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 4 ++-- .../tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 4 ++-- .../tasks/setup_install.yml | 2 +- .../tasks/setup_uninstall.yml | 4 ++-- roles/matrix-corporal/tasks/setup_corporal.yml | 8 ++++---- roles/matrix-coturn/tasks/setup_coturn.yml | 6 +++--- roles/matrix-dimension/tasks/setup_dimension.yml | 6 +++--- .../tasks/setup_email2matrix.yml | 6 +++--- roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 6 +++--- roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 6 +++--- roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 6 +++--- roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 6 +++--- roles/matrix-mailer/tasks/setup_mailer.yml | 6 +++--- roles/matrix-mxisd/tasks/setup_mxisd.yml | 6 +++--- .../tasks/setup_nginx_proxy.yml | 6 +++--- .../tasks/ssl/setup_ssl_lets_encrypt.yml | 12 ++++++------ .../tasks/migrate_postgres_data_directory.yml | 2 +- roles/matrix-postgres/tasks/setup_postgres.yml | 16 ++++++++-------- roles/matrix-riot-web/tasks/setup_riot_web.yml | 6 +++--- .../tasks/goofys/setup_install.yml | 2 +- .../tasks/goofys/setup_uninstall.yml | 4 ++-- roles/matrix-synapse/tasks/register_user.yml | 2 +- .../tasks/synapse/setup_install.yml | 4 ++-- .../tasks/synapse/setup_uninstall.yml | 4 ++-- .../tasks/update_user_password.yml | 2 +- 40 files changed, 92 insertions(+), 89 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 0be463d13..6800df869 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -29,6 +29,9 @@ matrix_base_data_path: "/matrix" matrix_base_data_path_mode: "750" matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" +matrix_systemd_path: "/etc/systemd/system" +matrix_cron_path: "/etc/cron.d" +matrix_local_bin_path: "/usr/local/bin" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" diff --git a/roles/matrix-base/tasks/setup_matrix_base.yml b/roles/matrix-base/tasks/setup_matrix_base.yml index b4aa92b9a..24217883d 100644 --- a/roles/matrix-base/tasks/setup_matrix_base.yml +++ b/roles/matrix-base/tasks/setup_matrix_base.yml @@ -52,6 +52,6 @@ - name: Ensure matrix-remove-all script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-remove-all.j2" - dest: "/usr/local/bin/matrix-remove-all" + dest: "{{ matrix_local_bin_path }}/matrix-remove-all" mode: 0750 diff --git a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 index ac810595f..972919e31 100644 --- a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 +++ b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 @@ -15,15 +15,15 @@ if [ "$sure" != "Yes, I really want to remove everything!" ]; then exit 0 else echo "Stop and remove matrix services" - for s in $(find /etc/systemd/system/ -name "matrix-*" -printf "%f\n"); do + for s in $(find {{ matrix_systemd_path }}/ -name "matrix-*" -printf "%f\n"); do systemctl stop $s - rm -f /etc/systemd/system/$s + rm -f {{ matrix_systemd_path }}/$s done systemctl daemon-reload echo "Remove matrix cronjobs" find /etc/cron.d/ -name "matrix-*" -delete echo "Remove matrix scripts" - find /usr/local/bin/ -name "matrix-*" -delete + find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete echo "Remove every docker images" docker rmi $(docker images -aq) echo "Remove docker matrix network" diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 6f4f5979d..e2144f6ae 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -72,7 +72,7 @@ - name: Ensure matrix-appservice-discord.service installed template: src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2" - dest: "/etc/systemd/system/matrix-appservice-discord.service" + dest: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" mode: 0644 register: matrix_appservice_discord_systemd_service_result diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index 6790f2035..4e8c1fdc3 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-discord service stat: - path: "/etc/systemd/system/matrix-appservice-discord.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" register: matrix_appservice_discord_service_stat - name: Ensure matrix-appservice-discord is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-appservice-discord.service doesn't exist file: - path: "/etc/systemd/system/matrix-appservice-discord.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" state: absent when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index e2c2c2b65..1c69b2a82 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -139,7 +139,7 @@ - name: Ensure matrix-appservice-irc.service installed template: src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2" - dest: "/etc/systemd/system/matrix-appservice-irc.service" + dest: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" mode: 0644 register: matrix_appservice_irc_systemd_service_result diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index ce65d0e6c..2b5e5dfd3 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-irc service stat: - path: "/etc/systemd/system/matrix-appservice-irc.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" register: matrix_appservice_irc_service_stat - name: Ensure matrix-appservice-irc is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-appservice-irc.service doesn't exist file: - path: "/etc/systemd/system/matrix-appservice-irc.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" state: absent when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 1e8bc9cdb..b4132e966 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -38,7 +38,7 @@ - name: Ensure matrix-appservice-slack.service installed template: src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2" - dest: "/etc/systemd/system/matrix-appservice-slack.service" + dest: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" mode: 0644 register: matrix_appservice_slack_systemd_service_result diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index 92bee3e6d..0b83d02e8 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-slack service stat: - path: "/etc/systemd/system/matrix-appservice-slack.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" register: matrix_appservice_slack_service_stat - name: Ensure matrix-appservice-slack is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-appservice-slack.service doesn't exist file: - path: "/etc/systemd/system/matrix-appservice-slack.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" state: absent when: "matrix_appservice_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 94b4ef0ce..5d167dc0b 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -54,7 +54,7 @@ - name: Ensure matrix-appservice-webhooks.service installed template: src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2" - dest: "/etc/systemd/system/matrix-appservice-webhooks.service" + dest: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" mode: 0644 register: matrix_appservice_webhooks_systemd_service_result diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index 605b2525e..d8e973ce5 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-webhooks service stat: - path: "/etc/systemd/system/matrix-appservice-webhooks.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" register: matrix_appservice_webhooks_service_stat - name: Ensure matrix-appservice-webhooks is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-appservice-webhooks.service doesn't exist file: - path: "/etc/systemd/system/matrix-appservice-webhooks.service" + path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" state: absent when: "matrix_appservice_webhooks_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 2656c5ae0..77f3346f8 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -84,7 +84,7 @@ - name: Ensure matrix-mautrix-facebook.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2" - dest: "/etc/systemd/system/matrix-mautrix-facebook.service" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" mode: 0644 register: matrix_mautrix_facebook_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index 06c9b4992..efc8aa748 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-facebook service stat: - path: "/etc/systemd/system/matrix-mautrix-facebook.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" register: matrix_mautrix_facebook_service_stat - name: Ensure matrix-mautrix-facebook is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-facebook.service doesn't exist file: - path: "/etc/systemd/system/matrix-mautrix-facebook.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" state: absent when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index a30367f3d..db1dc884b 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -83,7 +83,7 @@ - name: Ensure matrix-mautrix-hangouts.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2" - dest: "/etc/systemd/system/matrix-mautrix-hangouts.service" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" mode: 0644 register: matrix_mautrix_hangouts_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index ef33e238d..14413e946 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-hangouts service stat: - path: "/etc/systemd/system/matrix-mautrix-hangouts.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" register: matrix_mautrix_hangouts_service_stat - name: Ensure matrix-mautrix-hangouts is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-hangouts.service doesn't exist file: - path: "/etc/systemd/system/matrix-mautrix-hangouts.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" state: absent when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index a5f6983a8..1c8b063d8 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -63,7 +63,7 @@ - name: Ensure matrix-mautrix-telegram.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2" - dest: "/etc/systemd/system/matrix-mautrix-telegram.service" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" mode: 0644 register: matrix_mautrix_telegram_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index 190c18401..b14bd737e 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-telegram service stat: - path: "/etc/systemd/system/matrix-mautrix-telegram.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" register: matrix_mautrix_telegram_service_stat - name: Ensure matrix-mautrix-telegram is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-telegram.service doesn't exist file: - path: "/etc/systemd/system/matrix-mautrix-telegram.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" state: absent when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 0806e5599..a818afb18 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -72,7 +72,7 @@ - name: Ensure matrix-mautrix-whatsapp.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2" - dest: "/etc/systemd/system/matrix-mautrix-whatsapp.service" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" mode: 0644 register: matrix_mautrix_whatsapp_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index 7f5e65594..93f5c4c8d 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-whatsapp service stat: - path: "/etc/systemd/system/matrix-mautrix-whatsapp.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" register: matrix_mautrix_whatsapp_service_stat - name: Ensure matrix-mautrix-whatsapp is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-whatsapp.service doesn't exist file: - path: "/etc/systemd/system/matrix-mautrix-whatsapp.service" + path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" state: absent when: "matrix_mautrix_whatsapp_service_stat.stat.exists" diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index d3e4f9073..2e09f013b 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -37,7 +37,7 @@ - name: Ensure matrix-corporal.service installed template: src: "{{ role_path }}/templates/systemd/matrix-corporal.service.j2" - dest: "/etc/systemd/system/matrix-corporal.service" + dest: "{{ matrix_systemd_path }}/matrix-corporal.service" mode: 0644 register: matrix_corporal_systemd_service_result when: matrix_corporal_enabled|bool @@ -54,7 +54,7 @@ - name: Check existence of matrix-corporal service stat: - path: "/etc/systemd/system/matrix-corporal.service" + path: "{{ matrix_systemd_path }}/matrix-corporal.service" register: matrix_corporal_service_stat when: "not matrix_corporal_enabled|bool" @@ -68,7 +68,7 @@ - name: Ensure matrix-corporal.service doesn't exist file: - path: "/etc/systemd/system/matrix-corporal.service" + path: "{{ matrix_systemd_path }}/matrix-corporal.service" state: absent when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" @@ -82,7 +82,7 @@ path: "{{ item }}" state: absent with_items: - - /etc/systemd/system/matrix-corporal.service + - "{{ matrix_systemd_path }}/matrix-corporal.service" - "{{ matrix_corporal_config_dir_path }}/config.json" when: "not matrix_corporal_enabled|bool" diff --git a/roles/matrix-coturn/tasks/setup_coturn.yml b/roles/matrix-coturn/tasks/setup_coturn.yml index 479e60449..8a2ad3bdd 100644 --- a/roles/matrix-coturn/tasks/setup_coturn.yml +++ b/roles/matrix-coturn/tasks/setup_coturn.yml @@ -77,7 +77,7 @@ - name: Ensure matrix-coturn.service installed template: src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2" - dest: "/etc/systemd/system/matrix-coturn.service" + dest: "{{ matrix_systemd_path }}/matrix-coturn.service" mode: 0644 register: matrix_coturn_systemd_service_result when: matrix_coturn_enabled|bool @@ -116,7 +116,7 @@ - name: Check existence of matrix-coturn service stat: - path: "/etc/systemd/system/matrix-coturn.service" + path: "{{ matrix_systemd_path }}/matrix-coturn.service" register: matrix_coturn_service_stat when: "not matrix_coturn_enabled|bool" @@ -130,7 +130,7 @@ - name: Ensure matrix-coturn.service doesn't exist file: - path: "/etc/systemd/system/matrix-coturn.service" + path: "{{ matrix_systemd_path }}/matrix-coturn.service" state: absent when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists" diff --git a/roles/matrix-dimension/tasks/setup_dimension.yml b/roles/matrix-dimension/tasks/setup_dimension.yml index 0b52c5a2f..2437a5472 100644 --- a/roles/matrix-dimension/tasks/setup_dimension.yml +++ b/roles/matrix-dimension/tasks/setup_dimension.yml @@ -33,7 +33,7 @@ - name: Ensure matrix-dimension.service installed template: src: "{{ role_path }}/templates/systemd/matrix-dimension.service.j2" - dest: "/etc/systemd/system/matrix-dimension.service" + dest: "{{ matrix_systemd_path }}/matrix-dimension.service" mode: 0644 register: matrix_dimension_systemd_service_result when: matrix_dimension_enabled|bool @@ -49,7 +49,7 @@ - name: Check existence of matrix-dimension service stat: - path: "/etc/systemd/system/matrix-dimension.service" + path: "{{ matrix_systemd_path }}/matrix-dimension.service" register: matrix_dimension_service_stat when: "not matrix_dimension_enabled|bool" @@ -63,7 +63,7 @@ - name: Ensure matrix-dimension.service doesn't exist file: - path: "/etc/systemd/system/matrix-dimension.service" + path: "{{ matrix_systemd_path }}/matrix-dimension.service" state: absent when: "not matrix_dimension_enabled|bool and matrix_dimension_service_stat.stat.exists" diff --git a/roles/matrix-email2matrix/tasks/setup_email2matrix.yml b/roles/matrix-email2matrix/tasks/setup_email2matrix.yml index 9d9109e3d..1e64627af 100644 --- a/roles/matrix-email2matrix/tasks/setup_email2matrix.yml +++ b/roles/matrix-email2matrix/tasks/setup_email2matrix.yml @@ -36,7 +36,7 @@ - name: Ensure matrix-email2matrix.service installed template: src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2" - dest: "/etc/systemd/system/matrix-email2matrix.service" + dest: "{{ matrix_systemd_path }}/matrix-email2matrix.service" mode: 0644 register: matrix_email2matrix_systemd_service_result when: matrix_email2matrix_enabled|bool @@ -52,7 +52,7 @@ - name: Check existence of matrix-email2matrix service stat: - path: "/etc/systemd/system/matrix-email2matrix.service" + path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" register: matrix_email2matrix_service_stat when: "not matrix_email2matrix_enabled|bool" @@ -66,7 +66,7 @@ - name: Ensure matrix-email2matrix.service doesn't exist file: - path: "/etc/systemd/system/matrix-email2matrix.service" + path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" state: absent when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 98ebfb251..b7ff409a0 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -44,7 +44,7 @@ - name: Ensure matrix-jitsi-jicofo.service installed template: src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2" - dest: "/etc/systemd/system/matrix-jitsi-jicofo.service" + dest: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" mode: 0644 register: matrix_jitsi_jicofo_systemd_service_result when: matrix_jitsi_enabled|bool @@ -60,7 +60,7 @@ - name: Check existence of matrix-jitsi-jicofo service stat: - path: "/etc/systemd/system/matrix-jitsi-jicofo.service" + path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" register: matrix_jitsi_jicofo_service_stat when: "not matrix_jitsi_enabled|bool" @@ -74,7 +74,7 @@ - name: Ensure matrix-jitsi-jicofo.service doesn't exist file: - path: "/etc/systemd/system/matrix-jitsi-jicofo.service" + path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" state: absent when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 86067c23e..e4d652eda 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -37,7 +37,7 @@ - name: Ensure matrix-jitsi-jvb.service installed template: src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2" - dest: "/etc/systemd/system/matrix-jitsi-jvb.service" + dest: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" mode: 0644 register: matrix_jitsi_jvb_systemd_service_result when: matrix_jitsi_enabled|bool @@ -53,7 +53,7 @@ - name: Check existence of matrix-jitsi-jvb service stat: - path: "/etc/systemd/system/matrix-jitsi-jvb.service" + path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" register: matrix_jitsi_jvb_service_stat when: "not matrix_jitsi_enabled|bool" @@ -67,7 +67,7 @@ - name: Ensure matrix-jitsi-jvb.service doesn't exist file: - path: "/etc/systemd/system/matrix-jitsi-jvb.service" + path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" state: absent when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 6ea702487..e783aad90 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -34,7 +34,7 @@ - name: Ensure matrix-jitsi-prosody.service installed template: src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" - dest: "/etc/systemd/system/matrix-jitsi-prosody.service" + dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" mode: 0644 register: matrix_jitsi_prosody_systemd_service_result when: matrix_jitsi_enabled|bool @@ -50,7 +50,7 @@ - name: Check existence of matrix-jitsi-prosody service stat: - path: "/etc/systemd/system/matrix-jitsi-prosody.service" + path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" register: matrix_jitsi_prosody_service_stat when: "not matrix_jitsi_enabled|bool" @@ -64,7 +64,7 @@ - name: Ensure matrix-jitsi-prosody.service doesn't exist file: - path: "/etc/systemd/system/matrix-jitsi-prosody.service" + path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" state: absent when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 93d690233..3610a084d 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -45,7 +45,7 @@ - name: Ensure matrix-jitsi-web.service installed template: src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2" - dest: "/etc/systemd/system/matrix-jitsi-web.service" + dest: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" mode: 0644 register: matrix_jitsi_web_systemd_service_result when: matrix_jitsi_enabled|bool @@ -61,7 +61,7 @@ - name: Check existence of matrix-jitsi-web service stat: - path: "/etc/systemd/system/matrix-jitsi-web.service" + path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" register: matrix_jitsi_web_service_stat when: "not matrix_jitsi_enabled|bool" @@ -75,7 +75,7 @@ - name: Ensure matrix-jitsi-web.service doesn't exist file: - path: "/etc/systemd/system/matrix-jitsi-web.service" + path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" state: absent when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index c357ead3d..e216915fa 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -31,7 +31,7 @@ - name: Ensure matrix-mailer.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mailer.service.j2" - dest: "/etc/systemd/system/matrix-mailer.service" + dest: "{{ matrix_systemd_path }}/matrix-mailer.service" mode: 0644 register: matrix_mailer_systemd_service_result when: matrix_mailer_enabled|bool @@ -47,7 +47,7 @@ - name: Check existence of matrix-mailer service stat: - path: "/etc/systemd/system/matrix-mailer.service" + path: "{{ matrix_systemd_path }}/matrix-mailer.service" register: matrix_mailer_service_stat when: "not matrix_mailer_enabled|bool" @@ -61,7 +61,7 @@ - name: Ensure matrix-mailer.service doesn't exist file: - path: "/etc/systemd/system/matrix-mailer.service" + path: "{{ matrix_systemd_path }}/matrix-mailer.service" state: absent when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" diff --git a/roles/matrix-mxisd/tasks/setup_mxisd.yml b/roles/matrix-mxisd/tasks/setup_mxisd.yml index aa7801198..cc7712bbf 100644 --- a/roles/matrix-mxisd/tasks/setup_mxisd.yml +++ b/roles/matrix-mxisd/tasks/setup_mxisd.yml @@ -78,7 +78,7 @@ - name: Ensure matrix-mxisd.service installed template: src: "{{ role_path }}/templates/systemd/matrix-mxisd.service.j2" - dest: "/etc/systemd/system/matrix-mxisd.service" + dest: "{{ matrix_systemd_path }}/matrix-mxisd.service" mode: 0644 register: matrix_mxisd_systemd_service_result when: matrix_mxisd_enabled|bool @@ -94,7 +94,7 @@ - name: Check existence of matrix-mxisd service stat: - path: "/etc/systemd/system/matrix-mxisd.service" + path: "{{ matrix_systemd_path }}/matrix-mxisd.service" register: matrix_mxisd_service_stat - name: Ensure matrix-mxisd is stopped @@ -107,7 +107,7 @@ - name: Ensure matrix-mxisd.service doesn't exist file: - path: "/etc/systemd/system/matrix-mxisd.service" + path: "{{ matrix_systemd_path }}/matrix-mxisd.service" state: absent when: "not matrix_mxisd_enabled|bool and matrix_mxisd_service_stat.stat.exists" diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index b5d7ad6bf..6db5d9785 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -112,7 +112,7 @@ - name: Ensure matrix-nginx-proxy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2" - dest: "/etc/systemd/system/matrix-nginx-proxy.service" + dest: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" mode: 0644 register: matrix_nginx_proxy_systemd_service_result when: matrix_nginx_proxy_enabled|bool @@ -129,7 +129,7 @@ - name: Check existence of matrix-nginx-proxy service stat: - path: "/etc/systemd/system/matrix-nginx-proxy.service" + path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" register: matrix_nginx_proxy_service_stat when: "not matrix_nginx_proxy_enabled|bool" @@ -143,7 +143,7 @@ - name: Ensure matrix-nginx-proxy.service doesn't exist file: - path: "/etc/systemd/system/matrix-nginx-proxy.service" + path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" state: absent when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 88bdb977e..e6542545f 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -7,9 +7,9 @@ path: "{{ item }}" state: absent with_items: - - /usr/local/bin/matrix-ssl-certificates-renew - - /etc/cron.d/matrix-ssl-certificate-renewal - - /etc/cron.d/matrix-nginx-proxy-periodic-restarter + - "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew" + - "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal" + - "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter" # @@ -51,7 +51,7 @@ - name: Ensure Let's Encrypt SSL renewal script installed template: src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2" - dest: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew + dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" mode: 0750 when: "matrix_ssl_retrieval_method == 'lets-encrypt'" @@ -73,7 +73,7 @@ hour: "4" minute: "15" day: "*" - job: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew + job: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" - name: Ensure periodic reloading of matrix-nginx-proxy is configured for SSL renewal (matrix-nginx-proxy-reload) cron: @@ -113,6 +113,6 @@ - name: Ensure Let's Encrypt SSL renewal script removed file: - path: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew + path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" state: absent when: "matrix_ssl_retrieval_method != 'lets-encrypt'" diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index 22d584a99..599d45b5f 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -62,7 +62,7 @@ - name: Ensure outdated matrix-postgres.service doesn't exist file: - path: "/etc/systemd/system/matrix-postgres.service" + path: "{{ matrix_systemd_path }}/matrix-postgres.service" state: absent when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 16c276770..355898b60 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -69,34 +69,34 @@ - name: Ensure matrix-postgres-cli script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli.j2" - dest: "/usr/local/bin/matrix-postgres-cli" + dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli" mode: 0750 when: matrix_postgres_enabled|bool - name: Ensure matrix-change-user-admin-status script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2" - dest: "/usr/local/bin/matrix-change-user-admin-status" + dest: "{{ matrix_local_bin_path }}/matrix-change-user-admin-status" mode: 0750 when: matrix_postgres_enabled|bool - name: (Migration) Ensure old matrix-make-user-admin script deleted file: - path: "/usr/local/bin/matrix-make-user-admin" + path: "{{ matrix_local_bin_path }}/matrix-make-user-admin" state: absent when: matrix_postgres_enabled|bool - name: Ensure matrix-postgres-update-user-password-hash script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2" - dest: "/usr/local/bin/matrix-postgres-update-user-password-hash" + dest: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash" mode: 0750 when: matrix_postgres_enabled|bool - name: Ensure matrix-postgres.service installed template: src: "{{ role_path }}/templates/systemd/matrix-postgres.service.j2" - dest: "/etc/systemd/system/matrix-postgres.service" + dest: "{{ matrix_systemd_path }}/matrix-postgres.service" mode: 0644 register: matrix_postgres_systemd_service_result when: matrix_postgres_enabled|bool @@ -112,7 +112,7 @@ - name: Check existence of matrix-postgres service stat: - path: "/etc/systemd/system/matrix-postgres.service" + path: "{{ matrix_systemd_path }}/matrix-postgres.service" register: matrix_postgres_service_stat when: "not matrix_postgres_enabled|bool" @@ -125,7 +125,7 @@ - name: Ensure matrix-postgres.service doesn't exist file: - path: "/etc/systemd/system/matrix-postgres.service" + path: "{{ matrix_systemd_path }}/matrix-postgres.service" state: absent when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" @@ -148,7 +148,7 @@ - name: Remove Postgres scripts file: - path: "/usr/local/bin/{{ item }}" + path: "{{ matrix_local_bin_path }}/{{ item }}" state: absent with_items: - matrix-postgres-cli diff --git a/roles/matrix-riot-web/tasks/setup_riot_web.yml b/roles/matrix-riot-web/tasks/setup_riot_web.yml index e78da3502..a1d25fc60 100644 --- a/roles/matrix-riot-web/tasks/setup_riot_web.yml +++ b/roles/matrix-riot-web/tasks/setup_riot_web.yml @@ -75,7 +75,7 @@ - name: Ensure matrix-riot-web.service installed template: src: "{{ role_path }}/templates/systemd/matrix-riot-web.service.j2" - dest: "/etc/systemd/system/matrix-riot-web.service" + dest: "{{ matrix_systemd_path }}/matrix-riot-web.service" mode: 0644 register: matrix_riot_web_systemd_service_result when: matrix_riot_web_enabled|bool @@ -91,7 +91,7 @@ - name: Check existence of matrix-riot-web service stat: - path: "/etc/systemd/system/matrix-riot-web.service" + path: "{{ matrix_systemd_path }}/matrix-riot-web.service" register: matrix_riot_web_service_stat when: "not matrix_riot_web_enabled|bool" @@ -105,7 +105,7 @@ - name: Ensure matrix-riot-web.service doesn't exist file: - path: "/etc/systemd/system/matrix-riot-web.service" + path: "{{ matrix_systemd_path }}/matrix-riot-web.service" state: absent when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists" diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 9a4b9a7e5..efd9d46cf 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -31,7 +31,7 @@ - name: Ensure matrix-goofys.service installed template: src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" - dest: "/etc/systemd/system/matrix-goofys.service" + dest: "{{ matrix_systemd_path }}/matrix-goofys.service" mode: 0644 register: matrix_goofys_systemd_service_result diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml index 076f9a375..91d434569 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -1,6 +1,6 @@ - name: Check existence of matrix-goofys service stat: - path: "/etc/systemd/system/matrix-goofys.service" + path: "{{ matrix_systemd_path }}/matrix-goofys.service" register: matrix_goofys_service_stat - name: Ensure matrix-goofys is stopped @@ -13,7 +13,7 @@ - name: Ensure matrix-goofys.service doesn't exist file: - path: "/etc/systemd/system/matrix-goofys.service" + path: "{{ matrix_systemd_path }}/matrix-goofys.service" state: absent when: "matrix_goofys_service_stat.stat.exists" diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index 5f0cd9fff..da0e28c3e 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -28,4 +28,4 @@ when: "start_result.changed" - name: Register user - shell: "/usr/local/bin/matrix-synapse-register-user {{ username }} {{ password }} {{ '1' if admin == 'yes' else '0' }}" + shell: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username }} {{ password }} {{ '1' if admin == 'yes' else '0' }}" diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index cf24cefb5..f10614e74 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -90,7 +90,7 @@ - name: Ensure matrix-synapse.service installed template: src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2" - dest: "/etc/systemd/system/matrix-synapse.service" + dest: "{{ matrix_systemd_path }}/matrix-synapse.service" mode: 0644 register: matrix_synapse_systemd_service_result @@ -102,5 +102,5 @@ - name: Ensure matrix-synapse-register-user script created template: src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2" - dest: "/usr/local/bin/matrix-synapse-register-user" + dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user" mode: 0750 diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index 241c69379..f1cdf1670 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -1,6 +1,6 @@ - name: Check existence of matrix-synapse service stat: - path: "/etc/systemd/system/matrix-synapse.service" + path: "{{ matrix_systemd_path }}/matrix-synapse.service" register: matrix_synapse_service_stat - name: Ensure matrix-synapse is stopped @@ -13,7 +13,7 @@ - name: Ensure matrix-synapse.service doesn't exist file: - path: "/etc/systemd/system/matrix-synapse.service" + path: "{{ matrix_systemd_path }}/matrix-synapse.service" state: absent when: "matrix_synapse_service_stat.stat.exists" diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index e3bc97b7d..5d63f8cba 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -45,4 +45,4 @@ register: password_hash - name: Update user password hash - shell: "/usr/local/bin/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'" + shell: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'" From 3860709e19d6943d620dfa1c9a8dd5442a51b3a1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 25 Mar 2020 18:03:45 +0200 Subject: [PATCH 14/16] Ensure matrix-mautrix-hangouts-db container is killed/removed --- .../templates/systemd/matrix-mautrix-hangouts.service.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index e241db3d6..c110ed79a 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -11,8 +11,8 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts -ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts +ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db +ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ From 9b6289b08cfc8ac94caef81ae1c55301e952d048 Mon Sep 17 00:00:00 2001 From: PlanetSmasher Date: Fri, 27 Mar 2020 07:37:37 +0100 Subject: [PATCH 15/16] clarify the config path (#420) * clarify the config path added path to the correct vars.yaml in matrix-synapse * Fix configuration path Co-authored-by: Slavi Pantaleev --- docs/configuring-playbook-shared-secret-auth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-shared-secret-auth.md b/docs/configuring-playbook-shared-secret-auth.md index 0ec60d2ea..87b151a4a 100644 --- a/docs/configuring-playbook-shared-secret-auth.md +++ b/docs/configuring-playbook-shared-secret-auth.md @@ -4,7 +4,7 @@ The playbook can install and configure [matrix-synapse-shared-secret-auth](https See that project's documentation to learn what it does and why it might be useful to you. -If you decide that you'd like to let this playbook install it for you, you need some configuration like this: +If you decide that you'd like to let this playbook install it for you, you need some configuration (`inventory/host_vars/matrix./vars.yml`) like this: ```yaml matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true From 695d2c3ea53fcf9570942a1da0e99b1fb0fa081e Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 27 Mar 2020 23:33:38 -0500 Subject: [PATCH 16/16] Flip around Jitsi port format to match other ports This matches the way the ports are written in prerequisites.md and is the format that UFW likes. --- docs/configuring-playbook-jitsi.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 0d030d4e0..67d2830ce 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -13,8 +13,8 @@ Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. You may also need to open the following ports to your server: -- `udp/10000` - RTP media over UDP -- `tcp/4443` - RTP media fallback over TCP +- `10000/udp` - RTP media over UDP +- `4443/tcp` - RTP media fallback over TCP ## Installation