Merge pull request #415 from spantaleev/jitsi

Add Jitsi support

docs/configuring-dns.md

@@ -23,6 +23,7 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR
 | A     | `matrix`                     | -        | -      | -    | `matrix-server-IP`     |
 | CNAME | `riot`                       | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `dimension` (*)              | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `jitsi` (*)                  | -        | -      | -    | `matrix.<your-domain>` |
 | SRV   | `_matrix-identity._tcp`      | 10       | 0      | 443  | `matrix.<your-domain>` |
 
 
@@ -38,6 +39,8 @@ If you'd rather instruct the playbook not to install Riot (`matrix_riot_web_enab
 
 The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
 
+The `jitsi.<your-domain>` subdomain may be necessary, because this playbook could install the [Jitsi video-conferencing platform](https://jitsi.org/) for you. Jitsi installation is disabled by default, because it may be heavy and is not a core required component. To learn how to install it, see our [Jitsi](configuring-playbook-jitsi.md) guide. If you do not wish to set up Jitsi, feel free to skip the `jitsi.<your-domain>` DNS record.
+
 
 ## `_matrix-identity._tcp` SRV record setup
 

docs/configuring-playbook-jitsi.md

@@ -0,0 +1,36 @@
+# Jitsi
+
+The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md).
+
+Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services.
+
+The setup done by the playbook is very similar to [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet).
+
+
+## Prerequisites
+
+Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. See [Configuring DNS](configuring-dns.md).
+
+You may also need to open the following ports to your server:
+
+- `udp/10000` - RTP media over UDP
+- `tcp/4443` - RTP media fallback over TCP
+
+
+## Installation
+
+Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+
+```yaml
+matrix_jitsi_enabled: true
+
+# We only need this temporarily - until Jitsi integration in riot-web is finalized.
+# Remove this line in the future, to switch back to a stable riot-web version.
+matrix_riot_web_docker_image: "vectorim/riot-web:develop"
+```
+
+Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
+
+.. and fully reload your riot-web page (at `riot.DOMAIN`).
+
+Starting a video-conference in a room with more than 2 members should then create a Jitsi widget which utilizes your self-hosted Jitsi server.

group_vars/matrix_servers

@@ -392,6 +392,41 @@ matrix_email2matrix_enabled: false
 
 
 
+######################################################################
+#
+# matrix-jitsi
+#
+######################################################################
+
+matrix_jitsi_enabled: false
+
+# Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network.
+# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
+# the Jitsi HTTP port to the local host.
+matrix_jitsi_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12080' }}"
+
+matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}"
+matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}"
+matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}"
+
+matrix_jitsi_web_stun_servers: |
+  {{
+    [
+      matrix_server_fqn_matrix + ':5349',
+      matrix_server_fqn_matrix + ':3478',
+    ]
+    if matrix_coturn_enabled
+    else [ 'stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302']
+  }}
+
+######################################################################
+#
+# /matrix-jitsi
+#
+######################################################################
+
+
+
 ######################################################################
 #
 # matrix-mailer
@@ -482,6 +517,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_s
 matrix_nginx_proxy_proxy_matrix_enabled: true
 matrix_nginx_proxy_proxy_riot_enabled: "{{ matrix_riot_web_enabled }}"
 matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
+matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
 
 matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
 matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@@ -525,6 +561,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
     +
     ([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
     +
+    ([matrix_server_fqn_jitsi])
+    +
     ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
   }}
 
@@ -596,6 +634,8 @@ matrix_riot_web_enable_presence_by_hs_url: |
 
 matrix_riot_web_welcome_user_id: ~
 
+matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
+
 ######################################################################
 #
 # /matrix-riot-web

roles/matrix-base/defaults/main.yml

@@ -18,6 +18,9 @@ matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
 # This is where you access the Dimension.
 matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
 
+# This is where you access Jitsi.
+matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
+
 matrix_user_username: "matrix"
 matrix_user_uid: 991
 matrix_user_gid: 991
@@ -69,4 +72,4 @@ run_stop: true
 
 # Building every docker image from source on the target host
 # Controlling docker image build is possible on a per unit base
-matrix_container_images_self_build: false
+matrix_container_images_self_build: false

roles/matrix-jitsi/defaults/main.yml

@@ -0,0 +1,116 @@
+matrix_jitsi_enabled: true
+
+matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
+
+matrix_jitsi_enable_auth: false
+matrix_jitsi_enable_guests: false
+matrix_jitsi_enable_recording: true
+matrix_jitsi_enable_transcriptions: true
+
+matrix_jitsi_timezone: UTC
+
+matrix_jitsi_xmpp_domain: matrix-jitsi-web
+matrix_jitsi_xmpp_server: matrix-jitsi-prosody
+matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi
+matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280
+matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
+matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi
+matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi
+
+matrix_jitsi_recorder_domain: recorder.meet.jitsi
+
+
+matrix_jitsi_jibri_brewery_muc: jibribrewery
+matrix_jitsi_jibri_pending_timeout: 90
+matrix_jitsi_jibri_xmpp_user: jibri
+matrix_jitsi_jibri_xmpp_password: jibri-password
+matrix_jitsi_jibri_recorder_user: recorder
+matrix_jitsi_jibri_recorder_password: recorder-password
+
+
+matrix_jitsi_web_docker_image: "jitsi/web:4101"
+matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
+matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config"
+matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts"
+
+matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"
+
+# STUN servers used in the web UI. Feel free to point them to your own STUN server.
+matrix_jitsi_web_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302']
+
+# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12080"), or empty string to not expose.
+matrix_jitsi_web_container_http_host_bind_port: ''
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_web_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-web.service depends on
+matrix_jitsi_web_systemd_required_services_list: ['docker.service']
+
+
+matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101"
+matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
+matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config"
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_prosody_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-prosody.service depends on
+matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
+
+
+matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101"
+matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
+matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config"
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_jicofo_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-jicofo.service depends on
+matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
+
+matrix_jitsi_jicofo_component_secret: s3cr37
+matrix_jitsi_jicofo_auth_user: focus
+matrix_jitsi_jicofo_auth_password: passw0rd
+
+
+matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101"
+matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
+
+matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"
+matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config"
+
+# A list of extra arguments to pass to the container
+matrix_jitsi_jvb_container_extra_arguments: []
+
+# List of systemd services that matrix-jitsi-jvb.service depends on
+matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
+
+matrix_jitsi_jvb_auth_user: jvb
+matrix_jitsi_jvb_auth_password: passw0rd
+
+# STUN servers used by JVB on the server-side, so it can discover its own external IP address.
+# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.
+matrix_jitsi_jvb_stun_servers: ['stun.l.google.com:19302', 'stun1.l.google.com:19302', 'stun2.l.google.com:19302']
+
+matrix_jitsi_jvb_brewery_muc: jvbbrewery
+matrix_jitsi_jvb_rtp_udp_port: 10000
+matrix_jitsi_jvb_rtp_tcp_port: 4443
+
+# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:10000"), or empty string to not expose.
+matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}"
+
+# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4443"), or empty string to not expose.
+matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}"

roles/matrix-jitsi/tasks/init.yml

@@ -0,0 +1,3 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web', 'matrix-jitsi-prosody', 'matrix-jitsi-jicofo', 'matrix-jitsi-jvb'] }}"
+  when: matrix_jitsi_enabled|bool

roles/matrix-jitsi/tasks/main.yml

@@ -0,0 +1,33 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-jitsi
+
+- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-jitsi

roles/matrix-jitsi/tasks/setup_jitsi_base.yml

@@ -0,0 +1,20 @@
+---
+
+#
+# Tasks related to setting up jitsi
+#
+
+- name: Ensure Matrix jitsi base path exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { path: "{{ matrix_jitsi_base_path }}", when: true }
+  when: matrix_jitsi_enabled|bool and item.when
+
+#
+# Tasks related to getting rid of jitsi (if it was previously enabled)
+#

roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml

@@ -0,0 +1,96 @@
+---
+
+#
+# Tasks related to setting up jitsi-jicofo
+#
+
+- name: Ensure Matrix jitsi-jicofo path exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true }
+    - { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true }
+  when: matrix_jitsi_enabled|bool and item.when
+
+- name: Ensure jitsi-jicofo Docker image is pulled
+  docker_image:
+    name: "{{ matrix_jitsi_jicofo_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-jicofo environment variables file created
+  template:
+    src: "{{ role_path }}/templates/jicofo/env.j2"
+    dest: "{{ matrix_jitsi_jicofo_base_path }}/env"
+    mode: 0640
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-jicofo configuration files created
+  template:
+    src: "{{ role_path }}/templates/jicofo/{{ item }}.j2"
+    dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}"
+    mode: 0644
+  with_items:
+    - sip-communicator.properties
+    - logging.properties
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure matrix-jitsi-jicofo.service installed
+  template:
+    src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2"
+    dest: "/etc/systemd/system/matrix-jitsi-jicofo.service"
+    mode: 0644
+  register: matrix_jitsi_jicofo_systemd_service_result
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-jicofo (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-jicofo service
+  stat:
+    path: "/etc/systemd/system/matrix-jitsi-jicofo.service"
+  register: matrix_jitsi_jicofo_service_stat
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure matrix-jitsi-jicofo is stopped
+  service:
+    name: matrix-jitsi-jicofo
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-jicofo.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-jitsi-jicofo.service"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-jicofo paths doesn't exist
+  file:
+    path: "{{ matrix_jitsi_jicofo_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure jitsi-jicofo Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_jitsi_jicofo_docker_image }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"

roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml

@@ -0,0 +1,89 @@
+---
+
+#
+# Tasks related to setting up jitsi-jvb
+#
+
+- name: Ensure Matrix jitsi-jvb path exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { path: "{{ matrix_jitsi_jvb_base_path }}", when: true }
+    - { path: "{{ matrix_jitsi_jvb_config_path }}", when: true }
+  when: matrix_jitsi_enabled|bool and item.when
+
+- name: Ensure jitsi-jvb Docker image is pulled
+  docker_image:
+    name: "{{ matrix_jitsi_jvb_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-jvb configuration files created
+  template:
+    src: "{{ role_path }}/templates/jvb/{{ item }}.j2"
+    dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
+    mode: 0644
+  with_items:
+    - sip-communicator.properties
+    - logging.properties
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure matrix-jitsi-jvb.service installed
+  template:
+    src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2"
+    dest: "/etc/systemd/system/matrix-jitsi-jvb.service"
+    mode: 0644
+  register: matrix_jitsi_jvb_systemd_service_result
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-jvb (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-jvb service
+  stat:
+    path: "/etc/systemd/system/matrix-jitsi-jvb.service"
+  register: matrix_jitsi_jvb_service_stat
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure matrix-jitsi-jvb is stopped
+  service:
+    name: matrix-jitsi-jvb
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-jvb.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-jitsi-jvb.service"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-jvb paths doesn't exist
+  file:
+    path: "{{ matrix_jitsi_jvb_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure jitsi-jvb Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_jitsi_jvb_docker_image }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"

roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml

@@ -0,0 +1,86 @@
+---
+
+#
+# Tasks related to setting up jitsi-prosody
+#
+
+- name: Ensure Matrix jitsi-prosody path exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true }
+    - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true }
+  when: matrix_jitsi_enabled|bool and item.when
+
+- name: Ensure jitsi-prosody Docker image is pulled
+  docker_image:
+    name: "{{ matrix_jitsi_prosody_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-prosody environment variables file created
+  template:
+    src: "{{ role_path }}/templates/prosody/env.j2"
+    dest: "{{ matrix_jitsi_prosody_base_path }}/env"
+    mode: 0640
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure matrix-jitsi-prosody.service installed
+  template:
+    src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
+    dest: "/etc/systemd/system/matrix-jitsi-prosody.service"
+    mode: 0644
+  register: matrix_jitsi_prosody_systemd_service_result
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-prosody (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-prosody service
+  stat:
+    path: "/etc/systemd/system/matrix-jitsi-prosody.service"
+  register: matrix_jitsi_prosody_service_stat
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure matrix-jitsi-prosody is stopped
+  service:
+    name: matrix-jitsi-prosody
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-prosody.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-jitsi-prosody.service"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-prosody paths doesn't exist
+  file:
+    path: "{{ matrix_jitsi_prosody_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure jitsi-prosody Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_jitsi_prosody_docker_image }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"

roles/matrix-jitsi/tasks/setup_jitsi_web.yml

@@ -0,0 +1,97 @@
+---
+
+#
+# Tasks related to setting up jitsi-web
+#
+
+- name: Ensure Matrix jitsi-web path exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0777
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { path: "{{ matrix_jitsi_web_base_path }}", when: true }
+    - { path: "{{ matrix_jitsi_web_config_path }}", when: true }
+    - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true }
+  when: matrix_jitsi_enabled|bool and item.when
+
+- name: Ensure jitsi-web Docker image is pulled
+  docker_image:
+    name: "{{ matrix_jitsi_web_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}"
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-web environment variables file created
+  template:
+    src: "{{ role_path }}/templates/web/env.j2"
+    dest: "{{ matrix_jitsi_web_base_path }}/env"
+    mode: 0640
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure jitsi-web configuration files created
+  template:
+    src: "{{ role_path }}/templates/web/{{ item }}.j2"
+    dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
+    mode: 0644
+  with_items:
+    - config.js
+    - interface_config.js
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure matrix-jitsi-web.service installed
+  template:
+    src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2"
+    dest: "/etc/systemd/system/matrix-jitsi-web.service"
+    mode: 0644
+  register: matrix_jitsi_web_systemd_service_result
+  when: matrix_jitsi_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-jitsi-web.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of jitsi-web (if it was previously enabled)
+#
+
+- name: Check existence of matrix-jitsi-web service
+  stat:
+    path: "/etc/systemd/system/matrix-jitsi-web.service"
+  register: matrix_jitsi_web_service_stat
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure matrix-jitsi-web is stopped
+  service:
+    name: matrix-jitsi-web
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"
+
+- name: Ensure matrix-jitsi-web.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-jitsi-web.service"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-jitsi-web.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"
+
+- name: Ensure Matrix jitsi-web paths doesn't exist
+  file:
+    path: "{{ matrix_jitsi_web_base_path }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"
+
+- name: Ensure jitsi-web Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_jitsi_web_docker_image }}"
+    state: absent
+  when: "not matrix_jitsi_enabled|bool"

roles/matrix-jitsi/templates/jicofo/env.j2

@@ -0,0 +1,17 @@
+ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+
+XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
+XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
+
+JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
+
+JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
+
+JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
+JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
+
+TZ={{ matrix_jitsi_timezone }}

roles/matrix-jitsi/templates/jicofo/logging.properties.j2

@@ -0,0 +1,20 @@
+handlers= java.util.logging.ConsoleHandler
+
+java.util.logging.ConsoleHandler.level = ALL
+java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
+
+net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo
+
+.level=INFO
+net.sf.level=SEVERE
+net.java.sip.communicator.plugin.reconnectplugin.level=FINE
+org.ice4j.level=SEVERE
+org.jitsi.impl.neomedia.level=SEVERE
+
+# Do not worry about missing strings
+net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE
+
+#net.java.sip.communicator.service.protocol.level=ALL
+
+# Enable debug packets logging
+#org.jitsi.impl.protocol.xmpp.level=FINE

roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2

@@ -0,0 +1,31 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-jicofo server
+{% for service in matrix_jitsi_jicofo_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo
+ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo
+
+ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
+			-v {{ matrix_jitsi_jicofo_config_path }}:/config \
+			{% for arg in matrix_jitsi_jicofo_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_jicofo_docker_image }}
+
+ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo
+ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-jicofo
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2

@@ -0,0 +1,5 @@
+org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
+org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
+
+org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
+org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90

roles/matrix-jitsi/templates/jvb/logging.properties.j2

@@ -0,0 +1,13 @@
+handlers= java.util.logging.ConsoleHandler
+
+java.util.logging.ConsoleHandler.level = ALL
+java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
+
+net.java.sip.communicator.util.ScLogFormatter.programname=JVB
+
+.level=INFO
+
+org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE
+
+# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge.
+org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING

roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2

@@ -0,0 +1,36 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-jvb server
+{% for service in matrix_jitsi_jvb_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb
+ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb
+
+ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			{% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %}
+			-p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \
+			{% endif %}
+			{% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %}
+			-p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \
+			{% endif %}
+			-v {{ matrix_jitsi_jvb_config_path }}:/config \
+			{% for arg in matrix_jitsi_jvb_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_jvb_docker_image }}
+
+ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb
+ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-jvb
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2

@@ -0,0 +1,19 @@
+org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
+org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
+org.jitsi.videobridge.TCP_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
+
+{% if matrix_jitsi_jvb_stun_servers|length > 0 %}
+org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ matrix_jitsi_jvb_stun_servers|join(',') }}
+{% endif %}
+
+org.jitsi.videobridge.xmpp.user.shard.HOSTNAME={{ matrix_jitsi_xmpp_server }}
+org.jitsi.videobridge.xmpp.user.shard.DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+org.jitsi.videobridge.xmpp.user.shard.USERNAME={{ matrix_jitsi_jvb_auth_user }}
+org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ matrix_jitsi_jvb_auth_password }}
+org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
+org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=matrix-jitsi-jvb
+org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
+
+org.jitsi.videobridge.ENABLE_STATISTICS=true
+org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
+org.jitsi.videobridge.STATISTICS_INTERVAL=5000

roles/matrix-jitsi/templates/prosody/env.j2

@@ -0,0 +1,31 @@
+AUTH_TYPE=internal
+
+ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
+
+XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
+XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
+XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
+
+XMPP_MODULES=
+XMPP_MUC_MODULES=
+XMPP_INTERNAL_MUC_MODULES=
+
+XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
+
+JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
+
+JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
+JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
+
+JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
+JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
+
+JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
+JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
+
+TZ={{ matrix_jitsi_timezone }}

roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2

@@ -0,0 +1,31 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-prosody server
+{% for service in matrix_jitsi_prosody_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody
+ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody
+
+ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			--env-file={{ matrix_jitsi_prosody_base_path }}/env \
+			-v {{ matrix_jitsi_prosody_config_path }}:/config \
+			{% for arg in matrix_jitsi_prosody_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_prosody_docker_image }}
+
+ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody
+ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-prosody
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-jitsi/templates/web/config.js.j2

@@ -0,0 +1,486 @@
+/* eslint-disable no-unused-vars, no-var */
+
+var config = {
+    // Configuration
+    //
+
+    // Alternative location for the configuration.
+    // configLocation: './config.json',
+
+    // Custom function which given the URL path should return a room name.
+    // getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; },
+
+
+    // Connection
+    //
+
+    hosts: {
+        // XMPP domain.
+        domain: '{{ matrix_jitsi_xmpp_domain }}',
+
+        {% if matrix_jitsi_enable_guests %}
+        // When using authentication, domain for guest users.
+		anonymousdomain: 'guest.example.com',
+
+        // Domain for authenticated users. Defaults to <domain>.
+        authdomain: '{{ matrix_jitsi_xmpp_domain }}',
+        {% endif %}
+
+        // Jirecon recording component domain.
+        // jirecon: 'jirecon.{{ matrix_jitsi_xmpp_domain }}',
+
+        // Call control component (Jigasi).
+        // call_control: 'callcontrol.{{ matrix_jitsi_xmpp_domain }}',
+
+        // Focus component domain. Defaults to focus.<domain>.
+        // focus: 'focus.{{ matrix_jitsi_xmpp_domain }}',
+
+        // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
+        muc: {{ matrix_jitsi_xmpp_muc_domain|to_json }},
+    },
+
+    // BOSH URL. FIXME: use XEP-0156 to discover it.
+    bosh: '/http-bind',
+
+    // The name of client node advertised in XEP-0115 'c' stanza
+    clientNode: 'http://jitsi.org/jitsimeet',
+
+    // The real JID of focus participant - can be overridden here
+    focusUserJid: {{ matrix_jitsi_jicofo_auth_user|to_json }} + '@' + {{ matrix_jitsi_xmpp_auth_domain|to_json }},
+
+
+    // Testing / experimental features.
+    //
+
+    testing: {
+        // Enables experimental simulcast support on Firefox.
+        enableFirefoxSimulcast: false,
+
+        // P2P test mode disables automatic switching to P2P when there are 2
+        // participants in the conference.
+        p2pTestMode: false
+
+        // Enables the test specific features consumed by jitsi-meet-torture
+        // testMode: false
+    },
+
+    // Disables ICE/UDP by filtering out local and remote UDP candidates in
+    // signalling.
+    // webrtcIceUdpDisable: false,
+
+    // Disables ICE/TCP by filtering out local and remote TCP candidates in
+    // signalling.
+    // webrtcIceTcpDisable: false,
+
+
+    // Media
+    //
+
+    // Audio
+
+    // Disable measuring of audio levels.
+    // disableAudioLevels: false,
+
+    // Start the conference in audio only mode (no video is being received nor
+    // sent).
+    // startAudioOnly: false,
+
+    // Every participant after the Nth will start audio muted.
+    // startAudioMuted: 10,
+
+    // Start calls with audio muted. Unlike the option above, this one is only
+    // applied locally. FIXME: having these 2 options is confusing.
+    // startWithAudioMuted: false,
+
+    // Enabling it (with #params) will disable local audio output of remote
+    // participants and to enable it back a reload is needed.
+    // startSilent: false
+
+    // Video
+
+    // Sets the preferred resolution (height) for local video. Defaults to 720.
+    // resolution: 720,
+
+    // w3c spec-compliant video constraints to use for video capture. Currently
+    // used by browsers that return true from lib-jitsi-meet's
+    // util#browser#usesNewGumFlow. The constraints are independency from
+    // this config's resolution value. Defaults to requesting an ideal aspect
+    // ratio of 16:9 with an ideal resolution of 720.
+    // constraints: {
+    //     video: {
+    //         aspectRatio: 16 / 9,
+    //         height: {
+    //             ideal: 720,
+    //             max: 720,
+    //             min: 240
+    //         }
+    //     }
+    // },
+
+    // Enable / disable simulcast support.
+    // disableSimulcast: false,
+
+    // Enable / disable layer suspension.  If enabled, endpoints whose HD
+    // layers are not in use will be suspended (no longer sent) until they
+    // are requested again.
+    // enableLayerSuspension: false,
+
+    // Suspend sending video if bandwidth estimation is too low. This may cause
+    // problems with audio playback. Disabled until these are fixed.
+    disableSuspendVideo: true,
+
+    // Every participant after the Nth will start video muted.
+    // startVideoMuted: 10,
+
+    // Start calls with video muted. Unlike the option above, this one is only
+    // applied locally. FIXME: having these 2 options is confusing.
+    // startWithVideoMuted: false,
+
+    // If set to true, prefer to use the H.264 video codec (if supported).
+    // Note that it's not recommended to do this because simulcast is not
+    // supported when  using H.264. For 1-to-1 calls this setting is enabled by
+    // default and can be toggled in the p2p section.
+    // preferH264: true,
+
+    // If set to true, disable H.264 video codec by stripping it out of the
+    // SDP.
+    // disableH264: false,
+
+    // Desktop sharing
+
+    // The ID of the jidesha extension for Chrome.
+    desktopSharingChromeExtId: null,
+
+    // Whether desktop sharing should be disabled on Chrome.
+    // desktopSharingChromeDisabled: false,
+
+    // The media sources to use when using screen sharing with the Chrome
+    // extension.
+    desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
+
+    // Required version of Chrome extension
+    desktopSharingChromeMinExtVersion: '0.1',
+
+    // Whether desktop sharing should be disabled on Firefox.
+    // desktopSharingFirefoxDisabled: false,
+
+    // Optional desktop sharing frame rate options. Default value: min:5, max:5.
+    // desktopSharingFrameRate: {
+    //     min: 5,
+    //     max: 5
+    // },
+
+    // Try to start calls with screen-sharing instead of camera video.
+    // startScreenSharing: false,
+
+    // Recording
+hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }},
+
+    // Whether to enable file recording or not.
+    fileRecordingsEnabled: {{ matrix_jitsi_enable_recording|to_json }},
+    // Enable the dropbox integration.
+    // dropbox: {
+    //     appKey: '<APP_KEY>' // Specify your app key here.
+    //     // A URL to redirect the user to, after authenticating
+    //     // by default uses:
+    //     // 'https://{{ matrix_jitsi_xmpp_domain }}/static/oauth.html'
+    //     redirectURI:
+    //          'https://{{ matrix_jitsi_xmpp_domain }}/subfolder/static/oauth.html'
+    // },
+    // When integrations like dropbox are enabled only that will be shown,
+    // by enabling fileRecordingsServiceEnabled, we show both the integrations
+    // and the generic recording service (its configuration and storage type
+    // depends on jibri configuration)
+    // fileRecordingsServiceEnabled: false,
+    // Whether to show the possibility to share file recording with other people
+    // (e.g. meeting participants), based on the actual implementation
+    // on the backend.
+    // fileRecordingsServiceSharingEnabled: false,
+
+    // Whether to enable live streaming or not.
+    liveStreamingEnabled: {{ matrix_jitsi_enable_recording|to_json }},
+
+    // Transcription (in interface_config,
+    // subtitles and buttons can be configured)
+    transcribingEnabled: {{ matrix_jitsi_enable_transcriptions|to_json }},
+
+    // Misc
+
+    // Default value for the channel "last N" attribute. -1 for unlimited.
+    channelLastN: -1,
+
+    // Disables or enables RTX (RFC 4588) (defaults to false).
+    // disableRtx: false,
+
+    // Disables or enables TCC (the default is in Jicofo and set to true)
+    // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
+    // affects congestion control, it practically enables send-side bandwidth
+    // estimations.
+    // enableTcc: true,
+
+    // Disables or enables REMB (the default is in Jicofo and set to false)
+    // (draft-alvestrand-rmcat-remb-03). This setting affects congestion
+    // control, it practically enables recv-side bandwidth estimations. When
+    // both TCC and REMB are enabled, TCC takes precedence. When both are
+    // disabled, then bandwidth estimations are disabled.
+    // enableRemb: false,
+
+    // Defines the minimum number of participants to start a call (the default
+    // is set in Jicofo and set to 2).
+    // minParticipants: 2,
+
+    // Use XEP-0215 to fetch STUN and TURN servers.
+    // useStunTurn: true,
+
+    // Enable IPv6 support.
+    // useIPv6: true,
+
+    // Enables / disables a data communication channel with the Videobridge.
+    // Values can be 'datachannel', 'websocket', true (treat it as
+    // 'datachannel'), undefined (treat it as 'datachannel') and false (don't
+    // open any channel).
+    // openBridgeChannel: true,
+
+
+    // UI
+    //
+
+    // Use display name as XMPP nickname.
+    // useNicks: false,
+
+    // Require users to always specify a display name.
+    // requireDisplayName: true,
+
+    // Whether to use a welcome page or not. In case it's false a random room
+    // will be joined when no room is specified.
+    enableWelcomePage: true,
+
+    // Enabling the close page will ignore the welcome page redirection when
+    // a call is hangup.
+    // enableClosePage: false,
+
+    // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
+    // disable1On1Mode: false,
+
+    // Default language for the user interface.
+    // defaultLanguage: 'en',
+
+    // If true all users without a token will be considered guests and all users
+    // with token will be considered non-guests. Only guests will be allowed to
+    // edit their profile.
+    enableUserRolesBasedOnToken: false,
+
+    // Whether or not some features are checked based on token.
+    // enableFeaturesBasedOnToken: false,
+
+    // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
+    // lockRoomGuestEnabled: false,
+
+    // When enabled the password used for locking a room is restricted to up to the number of digits specified
+    // roomPasswordNumberOfDigits: 10,
+    // default: roomPasswordNumberOfDigits: false,
+
+    // Message to show the users. Example: 'The service will be down for
+    // maintenance at 01:00 AM GMT,
+    // noticeMessage: '',
+
+    // Enables calendar integration, depends on googleApiApplicationClientID
+    // and microsoftApiApplicationClientID
+    // enableCalendarIntegration: false,
+
+    // Stats
+    //
+
+    // Whether to enable stats collection or not in the TraceablePeerConnection.
+    // This can be useful for debugging purposes (post-processing/analysis of
+    // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
+    // estimation tests.
+    // gatherStats: false,
+
+    // To enable sending statistics to callstats.io you must provide the
+    // Application ID and Secret.
+    // callStatsID: '',
+    // callStatsSecret: '',
+
+    // enables callstatsUsername to be reported as statsId and used
+    // by callstats as repoted remote id
+    // enableStatsID: false
+
+    // enables sending participants display name to callstats
+    // enableDisplayNameInStats: false
+
+
+    // Privacy
+    //
+
+    // If third party requests are disabled, no other server will be contacted.
+    // This means avatars will be locally generated and callstats integration
+    // will not function.
+    // disableThirdPartyRequests: false,
+
+
+    // Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
+    //
+
+    p2p: {
+        // Enables peer to peer mode. When enabled the system will try to
+        // establish a direct connection when there are exactly 2 participants
+        // in the room. If that succeeds the conference will stop sending data
+        // through the JVB and use the peer to peer connection instead. When a
+        // 3rd participant joins the conference will be moved back to the JVB
+        // connection.
+        enabled: true,
+
+        // Use XEP-0215 to fetch STUN and TURN servers.
+        // useStunTurn: true,
+
+        // The STUN servers that will be used in the peer to peer connections
+        {% if matrix_jitsi_web_stun_servers|length > 0 %}
+        stunServers: [
+            {% for url in matrix_jitsi_web_stun_servers %}
+                { urls: {{ url|to_json }} }{% if not loop.last %},{% endif %}
+            {% endfor %}
+        ],
+        {% endif %}
+
+        // Sets the ICE transport policy for the p2p connection. At the time
+        // of this writing the list of possible values are 'all' and 'relay',
+        // but that is subject to change in the future. The enum is defined in
+        // the WebRTC standard:
+        // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
+        // If not set, the effective value is 'all'.
+        // iceTransportPolicy: 'all',
+
+        // If set to true, it will prefer to use H.264 for P2P calls (if H.264
+        // is supported).
+        preferH264: true
+
+        // If set to true, disable H.264 video codec by stripping it out of the
+        // SDP.
+        // disableH264: false,
+
+        // How long we're going to wait, before going back to P2P after the 3rd
+        // participant has left the conference (to filter out page reload).
+        // backToP2PDelay: 5
+    },
+
+    analytics: {
+        // The Google Analytics Tracking ID:
+        // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
+
+        // The Amplitude APP Key:
+        // amplitudeAPPKey: '<APP_KEY>'
+
+        // Array of script URLs to load as lib-jitsi-meet "analytics handlers".
+        // scriptURLs: [
+        //      "libs/analytics-ga.min.js", // google-analytics
+        //      "https://example.com/my-custom-analytics.js"
+        // ],
+    },
+
+    // Information about the jitsi-meet instance we are connecting to, including
+    // the user region as seen by the server.
+    deploymentInfo: {
+        // shard: "shard1",
+        // region: "europe",
+        // userRegion: "asia"
+    }
+
+    // Local Recording
+    //
+
+    // localRecording: {
+    // Enables local recording.
+    // Additionally, 'localrecording' (all lowercase) needs to be added to
+    // TOOLBAR_BUTTONS in interface_config.js for the Local Recording
+    // button to show up on the toolbar.
+    //
+    //     enabled: true,
+    //
+
+    // The recording format, can be one of 'ogg', 'flac' or 'wav'.
+    //     format: 'flac'
+    //
+
+    // }
+
+    // Options related to end-to-end (participant to participant) ping.
+    // e2eping: {
+    //   // The interval in milliseconds at which pings will be sent.
+    //   // Defaults to 10000, set to <= 0 to disable.
+    //   pingInterval: 10000,
+    //
+    //   // The interval in milliseconds at which analytics events
+    //   // with the measured RTT will be sent. Defaults to 60000, set
+    //   // to <= 0 to disable.
+    //   analyticsInterval: 60000,
+    //   }
+
+    // If set, will attempt to use the provided video input device label when
+    // triggering a screenshare, instead of proceeding through the normal flow
+    // for obtaining a desktop stream.
+    // NOTE: This option is experimental and is currently intended for internal
+    // use only.
+    // _desktopSharingSourceDevice: 'sample-id-or-label'
+
+    // If true, any checks to handoff to another application will be prevented
+    // and instead the app will continue to display in the current browser.
+    // disableDeepLinking: false
+
+    // A property to disable the right click context menu for localVideo
+    // the menu has option to flip the locally seen video for local presentations
+    // disableLocalVideoFlip: false
+
+    // List of undocumented settings used in jitsi-meet
+    /**
+     _immediateReloadThreshold
+     autoRecord
+     autoRecordToken
+     debug
+     debugAudioLevels
+     deploymentInfo
+     dialInConfCodeUrl
+     dialInNumbersUrl
+     dialOutAuthUrl
+     dialOutCodesUrl
+     disableRemoteControl
+     displayJids
+     etherpad_base
+     externalConnectUrl
+     firefox_fake_device
+     googleApiApplicationClientID
+     iAmRecorder
+     iAmSipGateway
+     microsoftApiApplicationClientID
+     peopleSearchQueryTypes
+     peopleSearchUrl
+     requireDisplayName
+     tokenAuthUrl
+     */
+
+    // List of undocumented settings used in lib-jitsi-meet
+    /**
+     _peerConnStatusOutOfLastNTimeout
+     _peerConnStatusRtcMuteTimeout
+     abTesting
+     avgRtpStatsN
+     callStatsConfIDNamespace
+     callStatsCustomScriptUrl
+     desktopSharingSources
+     disableAEC
+     disableAGC
+     disableAP
+     disableHPF
+     disableNS
+     enableLipSync
+     enableTalkWhileMuted
+     forceJVB121Ratio
+     hiddenDomain
+     ignoreStartMuted
+     nick
+     startBitrate
+     */
+
+};
+
+/* eslint-enable no-unused-vars, no-var */

roles/matrix-jitsi/templates/web/env.j2

@@ -0,0 +1,28 @@
+ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
+
+ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
+
+DISABLE_HTTPS=1
+
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+
+PUBLIC_URL={{ matrix_jitsi_web_public_url }}
+
+XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
+XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
+XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
+XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
+
+TZ={{ matrix_jitsi_timezone }}
+
+JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
+JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
+JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
+JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
+JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
+JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
+
+ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }}

roles/matrix-jitsi/templates/web/interface_config.js.j2

@@ -0,0 +1,230 @@
+/* eslint-disable no-unused-vars, no-var, max-len */
+
+var interfaceConfig = {
+    // TO FIX: this needs to be handled from SASS variables. There are some
+    // methods allowing to use variables both in css and js.
+    DEFAULT_BACKGROUND: '#474747',
+
+    /**
+     * Whether or not the blurred video background for large video should be
+     * displayed on browsers that can support it.
+     */
+    DISABLE_VIDEO_BACKGROUND: false,
+
+    INITIAL_TOOLBAR_TIMEOUT: 20000,
+    TOOLBAR_TIMEOUT: 4000,
+    TOOLBAR_ALWAYS_VISIBLE: false,
+    DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
+    DEFAULT_LOCAL_DISPLAY_NAME: 'me',
+    SHOW_JITSI_WATERMARK: true,
+    JITSI_WATERMARK_LINK: 'https://jitsi.org',
+
+    // if watermark is disabled by default, it can be shown only for guests
+    SHOW_WATERMARK_FOR_GUESTS: true,
+    SHOW_BRAND_WATERMARK: false,
+    BRAND_WATERMARK_LINK: '',
+    SHOW_POWERED_BY: false,
+    SHOW_DEEP_LINKING_IMAGE: false,
+    GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
+    DISPLAY_WELCOME_PAGE_CONTENT: true,
+    APP_NAME: 'Jitsi Meet',
+    NATIVE_APP_NAME: 'Jitsi Meet',
+    PROVIDER_NAME: 'Jitsi',
+    LANG_DETECTION: false, // Allow i18n to detect the system language
+    INVITATION_POWERED_BY: true,
+
+    /**
+     * If we should show authentication block in profile
+     */
+    AUTHENTICATION_ENABLE: true,
+
+    /**
+     * The name of the toolbar buttons to display in the toolbar. If present,
+     * the button will display. Exceptions are "livestreaming" and "recording"
+     * which also require being a moderator and some values in config.js to be
+     * enabled. Also, the "profile" button will not display for user's with a
+     * jwt.
+     */
+    TOOLBAR_BUTTONS: [
+		{% if matrix_jitsi_enable_transcriptions %}
+            'closedcaptions',
+		{% endif %}
+
+        'microphone', 'camera', 'desktop', 'fullscreen',
+        'fodeviceselection', 'hangup', 'profile', 'info', 'chat', 'recording',
+        'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
+        'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
+        'tileview', 'videobackgroundblur'
+    ],
+
+    SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ],
+
+    // Determines how the video would fit the screen. 'both' would fit the whole
+    // screen, 'height' would fit the original video height to the height of the
+    // screen, 'width' would fit the original video width to the width of the
+    // screen respecting ratio.
+    VIDEO_LAYOUT_FIT: 'both',
+
+    /**
+     * Whether to only show the filmstrip (and hide the toolbar).
+     */
+    filmStripOnly: false,
+
+    /**
+     * Whether to show thumbnails in filmstrip as a column instead of as a row.
+     */
+    VERTICAL_FILMSTRIP: true,
+
+    // A html text to be shown to guests on the close page, false disables it
+    CLOSE_PAGE_GUEST_HINT: false,
+    RANDOM_AVATAR_URL_PREFIX: false,
+    RANDOM_AVATAR_URL_SUFFIX: false,
+    FILM_STRIP_MAX_HEIGHT: 120,
+
+    // Enables feedback star animation.
+    ENABLE_FEEDBACK_ANIMATION: false,
+    DISABLE_FOCUS_INDICATOR: false,
+    DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
+
+    /**
+     * Whether the speech to text transcription subtitles panel is disabled.
+     * If {@code undefined}, defaults to {@code false}.
+     *
+     * @type {boolean}
+     */
+    DISABLE_TRANSCRIPTION_SUBTITLES: false,
+
+    /**
+     * Whether the ringing sound in the call/ring overlay is disabled. If
+     * {@code undefined}, defaults to {@code false}.
+     *
+     * @type {boolean}
+     */
+    DISABLE_RINGING: false,
+    AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
+    AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
+    POLICY_LOGO: null,
+    LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
+    REMOTE_THUMBNAIL_RATIO: 1, // 1:1
+    // Documentation reference for the live streaming feature.
+    LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live',
+
+    /**
+     * Whether the mobile app Jitsi Meet is to be promoted to participants
+     * attempting to join a conference in a mobile Web browser. If
+     * {@code undefined}, defaults to {@code true}.
+     *
+     * @type {boolean}
+     */
+    MOBILE_APP_PROMO: true,
+
+    /**
+     * Maximum coeficient of the ratio of the large video to the visible area
+     * after the large video is scaled to fit the window.
+     *
+     * @type {number}
+     */
+    MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
+
+    /*
+     * If indicated some of the error dialogs may point to the support URL for
+     * help.
+     */
+    SUPPORT_URL: 'https://github.com/jitsi/jitsi-meet/issues/new',
+
+    /**
+     * Whether the connection indicator icon should hide itself based on
+     * connection strength. If true, the connection indicator will remain
+     * displayed while the participant has a weak connection and will hide
+     * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is
+     * strong.
+     *
+     * @type {boolean}
+     */
+    CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true,
+
+    /**
+     * How long the connection indicator should remain displayed before hiding.
+     * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED.
+     *
+     * @type {number}
+     */
+    CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000,
+
+    /**
+     * If true, hides the connection indicators completely.
+     *
+     * @type {boolean}
+     */
+    CONNECTION_INDICATOR_DISABLED: false,
+
+    /**
+     * If true, hides the video quality label indicating the resolution status
+     * of the current large video.
+     *
+     * @type {boolean}
+     */
+    VIDEO_QUALITY_LABEL_DISABLED: false,
+
+    /**
+     * If true, will display recent list
+     *
+     * @type {boolean}
+     */
+    RECENT_LIST_ENABLED: true,
+
+    // Names of browsers which should show a warning stating the current browser
+    // has a suboptimal experience. Browsers which are not listed as optimal or
+    // unsupported are considered suboptimal. Valid values are:
+    // chrome, chromium, edge, electron, firefox, nwjs, opera, safari
+    OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron' ],
+
+    // Browsers, in addition to those which do not fully support WebRTC, that
+    // are not supported and should show the unsupported browser page.
+    UNSUPPORTED_BROWSERS: [],
+
+    /**
+     * A UX mode where the last screen share participant is automatically
+     * pinned. Valid values are the string "remote-only" so remote participants
+     * get pinned but not local, otherwise any truthy value for all participants,
+     * and any falsy value to disable the feature.
+     *
+     * Note: this mode is experimental and subject to breakage.
+     */
+    AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only'
+
+    /**
+     * How many columns the tile view can expand to. The respected range is
+     * between 1 and 5.
+     */
+    // TILE_VIEW_MAX_COLUMNS: 5,
+
+    /**
+     * Specify custom URL for downloading android mobile app.
+     */
+    // MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
+
+    /**
+     * Specify URL for downloading ios mobile app.
+     */
+    // MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
+
+    /**
+     * Specify mobile app scheme for opening the app from the mobile browser.
+     */
+    // APP_SCHEME: 'org.jitsi.meet',
+
+    /**
+     * Specify the Android app package name.
+     */
+    // ANDROID_APP_PACKAGE: 'org.jitsi.meet',
+
+    /**
+     * Override the behavior of some notifications to remain displayed until
+     * explicitly dismissed through a user action. The value is how long, in
+     * milliseconds, those notifications should remain displayed.
+     */
+    // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000,
+};
+
+/* eslint-enable no-unused-vars, no-var, max-len */

roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2

@@ -0,0 +1,35 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix jitsi-web server
+{% for service in matrix_jitsi_web_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web
+ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web
+
+ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+			--env-file={{ matrix_jitsi_web_base_path }}/env \
+			{% if matrix_jitsi_web_container_http_host_bind_port %}
+			-p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \
+			{% endif %}
+			-v {{ matrix_jitsi_web_config_path }}:/config \
+			-v {{ matrix_jitsi_web_transcripts_path }}:/usr/share/jitsi-meet/transcripts \
+			{% for arg in matrix_jitsi_web_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_jitsi_web_docker_image }}
+
+ExecStop=-/usr/bin/docker kill matrix-jitsi-web
+ExecStop=-/usr/bin/docker rm matrix-jitsi-web
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-jitsi-web
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-nginx-proxy/defaults/main.yml

@@ -105,6 +105,10 @@ matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_nginx_proxy_proxy_dimension_enabled: false
 matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
 
+# Controls whether proxying the jitsi domain should be done.
+matrix_nginx_proxy_proxy_jitsi_enabled: false
+matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
+
 # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
 matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
 matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@@ -164,6 +168,9 @@ matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []
 # A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration.
 matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
 
+# A list of strings containing additional configuration blocks to add to the jitsi's server configuration.
+matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
+
 # A list of strings containing additional configuration blocks to add to the matrix domain server configuration.
 matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
 

roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml

@@ -66,6 +66,13 @@
     mode: 0644
   when: matrix_nginx_proxy_proxy_dimension_enabled|bool
 
+- name: Ensure Matrix nginx-proxy configuration for jitsi domain exists
+  template:
+    src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2"
+    dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
+    mode: 0644
+  when: matrix_nginx_proxy_proxy_jitsi_enabled|bool
+
 - name: Ensure Matrix nginx-proxy data directory for base domain exists
   file:
     path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain"
@@ -163,6 +170,12 @@
     state: absent
   when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool"
 
+- name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted
+  file:
+    path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
+    state: absent
+  when: "not matrix_nginx_proxy_proxy_jitsi_enabled|bool"
+
 - name: Ensure Matrix nginx-proxy homepage for base domain deleted
   file:
     path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2

@@ -0,0 +1,72 @@
+#jinja2: lstrip_blocks: "True"
+
+{% macro render_vhost_directives() %}
+	gzip on;
+	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
+{% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %}
+	{{- configuration_block }}
+{% endfor %}
+
+	location / {
+		{% if matrix_nginx_proxy_enabled %}
+			{# Use the embedded DNS resolver in Docker containers to discover the service #}
+			resolver 127.0.0.11 valid=5s;
+			set $backend "matrix-jitsi-web:80";
+			proxy_pass http://$backend;
+		{% else %}
+			{# Generic configuration for use outside of our container setup #}
+			proxy_pass http://127.0.0.1:12080;
+		{% endif %}
+
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+	}
+{% endmacro %}
+
+server {
+	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
+	server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }};
+
+	server_tokens off;
+	root /dev/null;
+
+	{% if matrix_nginx_proxy_https_enabled %}
+		location /.well-known/acme-challenge {
+			{% if matrix_nginx_proxy_enabled %}
+				{# Use the embedded DNS resolver in Docker containers to discover the service #}
+				resolver 127.0.0.11 valid=5s;
+				set $backend "matrix-certbot:8080";
+				proxy_pass http://$backend;
+			{% else %}
+				{# Generic configuration for use outside of our container setup #}
+				proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
+			{% endif %}
+		}
+
+		location / {
+			return 301 https://$http_host$request_uri;
+		}
+	{% else %}
+		{{ render_vhost_directives() }}
+	{% endif %}
+}
+
+{% if matrix_nginx_proxy_https_enabled %}
+server {
+	listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
+	listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
+
+	server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }};
+
+	server_tokens off;
+	root /dev/null;
+
+	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/fullchain.pem;
+	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/privkey.pem;
+	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+
+	{{ render_vhost_directives() }}
+}
+{% endif %}

roles/matrix-riot-web/defaults/main.yml

@@ -58,6 +58,8 @@ matrix_riot_web_branding_welcomeBackgroundUrl: ~
 # point this to a `home.html` template file on your local filesystem.
 matrix_riot_web_embedded_pages_home_path: ~
 
+matrix_riot_web_jitsi_preferredDomain: ''
+
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_riot_web_self_check_validate_certificates: true
 

roles/matrix-riot-web/templates/config.json.j2

@@ -30,6 +30,12 @@
 	"embeddedPages": {
 		"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }}
 	},
+	{% if matrix_riot_web_jitsi_preferredDomain is not none %}
+	"jitsi": {
+        "preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }},
+        "externalApiUrl": "https://{{ matrix_riot_web_jitsi_preferredDomain }}/libs/external_api.min.js"
+    },
+	{% endif %}
 	"branding": {
 		"authFooterLinks": {{ matrix_riot_web_branding_authFooterLinks|to_json }},
 		"authHeaderLogoUrl": {{ matrix_riot_web_branding_authHeaderLogoUrl|to_json }},

setup.yml

@@ -18,6 +18,7 @@
     - matrix-bridge-mautrix-whatsapp
     - matrix-synapse
     - matrix-riot-web
+    - matrix-jitsi
     - matrix-mxisd
     - matrix-dimension
     - matrix-email2matrix