Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
muCCC
jitsi-setup
Commits
02848216
Commit
02848216
authored
Mar 17, 2020
by
markus
Browse files
Initial commit
parents
Changes
8
Hide whitespace changes
Inline
Side-by-side
.gitmodules
0 → 100644
View file @
02848216
[submodule "roles/ansible-letsencrypt"]
path = roles/ansible-letsencrypt
url = https://github.com/thefinn93/ansible-letsencrypt
inventory
0 → 100644
View file @
02848216
88.99.191.193 jitsi_meet_server_name=meet.fnord.group
playbook.yml
0 → 100644
View file @
02848216
-
hosts
:
all
tasks
:
# General
-
name
:
auto-upgrades
apt
:
name
:
unattended-upgrades
-
name
:
Install packages
apt
:
name
:
"
{{
packages
}}"
vars
:
packages
:
-
unattended-upgrades
-
htop
-
screen
-
tmux
-
nftables
-
name
:
Remove useless packages from the cache
apt
:
autoclean
:
yes
-
name
:
Remove dependencies that are no longer required
apt
:
autoremove
:
yes
# Users
-
name
:
Add users
user
:
name
:
"
{{
item.name
}}"
groups
:
"
{{
item.groups
}}"
password
:
"
{{
item.password
}}"
update_password
:
"
on_create"
shell
:
"
/bin/bash"
with_items
:
-
name
:
markus
groups
:
"
sudo"
password
:
"
$6$ukExBdf1pxl30$j8PzbiSXFOEynLfWJnd7yXJjQ5FGvbl9mP0ysw6rUHjM2qOQd3sR.6l5ezYFAzboHeJNmIiXsgGmrXn/2n72J/"
-
name
:
neunr
groups
:
"
sudo"
password
:
"
$6$3Ppvwt/4vrHp55xb$a/DqR2DlJJ5LzUWTvSHw3.Wo.94dZuLawaN.2rK0gvliBxe4yTEyia3XwNrXQqkRVydQRnv3nJNzRft1X809G0"
# SSH
-
name
:
Set up authorized keys for markus
authorized_key
:
user
:
markus
key
:
"
ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAILUiwpETwMRVueebO8aC6fBv0uYvuByJPPnpczP8kAIP
markus"
-
name
:
Set up authorized keys for neunr
authorized_key
:
user
:
neunr
key
:
"
ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIDyWcvk8smOkAtTBI0WDw+VmiGw4jOxvCt1LsCXJMrO+
9R"
-
name
:
Disable Password Authentication
lineinfile
:
dest=/etc/ssh/sshd_config
regexp='^#PasswordAuthentication'
line="PasswordAuthentication no"
state=present
notify
:
-
restart ssh
-
name
:
Disable Root Login
lineinfile
:
dest=/etc/ssh/sshd_config
regexp='^#PermitRootLogin'
line="PermitRootLogin no"
state=present
notify
:
-
restart ssh
# Networking
-
name
:
Create nftables config
template
:
src
:
templates/nftables.conf.j2
dest
:
/etc/nftables.conf
notify
:
-
reload nftables
-
name
:
enable nftables service
systemd
:
name
:
nftables
enabled
:
yes
# Jitsi
-
name
:
Configure signing key for Jitsi repository.
apt_key
:
id
:
"
66A9CD0595D6AFA247290D3BEF8B479E2DC1389C"
url
:
"
https://download.jitsi.org/jitsi-key.gpg.key"
state
:
present
-
name
:
Install Jitsi apt repo.
apt_repository
:
repo
:
"
deb
https://download.jitsi.org/
stable/"
state
:
"
present"
# Ansible will automatically add the ".list" suffix.
filename
:
/etc/apt/sources.list.d/jitsi_meet
-
name
:
Set debconf options for jitsi-meet.
debconf
:
name
:
"
{{
item.name
}}"
question
:
"
{{
item.question
}}"
value
:
"
{{
item.value
}}"
vtype
:
"
{{
item.vtype
}}"
with_items
:
# Test if these three work as intended
-
name
:
jitsi-meet
question
:
jitsi-meet/cert-choice
value
:
"
I
want
to
use
my
own
certificate"
vtype
:
string
-
name
:
jitsi-meet
question
:
jitsi-meet/cert-path-crt
value
:
"
/etc/letsencrypt/live/{{
jitsi_meet_server_name
}}/fullchain.pem"
vtype
:
string
-
name
:
jitsi-meet
question
:
jitsi-meet/cert-path-key
value
:
"
/etc/letsencrypt/live/{{
jitsi_meet_server_name
}}/privkey.pem"
vtype
:
string
-
name
:
jitsi-videobridge
question
:
jitsi-videobridge/jvb-hostname
value
:
"
{{
jitsi_meet_server_name
}}"
vtype
:
string
-
name
:
jicofo
question
:
jitsi-videobridge/jvb-hostname
value
:
"
{{
jitsi_meet_server_name
}}"
vtype
:
string
-
name
:
jitsi-meet-prosody
question
:
jitsi-videobridge/jvb-hostname
value
:
"
{{
jitsi_meet_server_name
}}"
vtype
:
string
-
name
:
jitsi-meet-prosody
question
:
jitsi-meet-prosody/jvb-hostname
value
:
"
{{
jitsi_meet_server_name
}}"
vtype
:
string
-
name
:
jitsi-meet-web-config
question
:
jitsi-videobridge/jvb-hostname
value
:
"
{{
jitsi_meet_server_name
}}"
vtype
:
string
-
name
:
jitsi-meet-web-config
question
:
jitsi-meet/cert-choice
value
:
"
I
want
to
use
my
own
certificate"
vtype
:
string
# The following two do not seem to work as intended
-
name
:
jitsi-meet-web-config
question
:
jitsi-meet/cert-path-crt
value
:
"
/etc/letsencrypt/live/{{
jitsi_meet_server_name
}}/fullchain.pem"
vtype
:
string
-
name
:
jitsi-meet-web-config
question
:
jitsi-meet/cert-path-key
value
:
"
/etc/letsencrypt/live/{{
jitsi_meet_server_name
}}/privkey.pem"
vtype
:
string
-
name
:
Install Jitsi Meet
apt
:
name
:
jitsi-meet
state
:
latest
update_cache
:
yes
cache_valid_time
:
3600
# Configuration
-
name
:
Overwrite Nginx Site Config
template
:
src
:
templates/nginx_site_config.j2
dest
:
"
/etc/nginx/sites-available/{{
jitsi_meet_server_name
}}.conf"
notify
:
-
restart nginx
-
name
:
Overwrite Nginx Config
template
:
src
:
templates/nginx.conf.j2
dest
:
"
/etc/nginx/nginx.conf"
notify
:
-
restart nginx
-
name
:
Overwrite Jitsi Web Config
template
:
src
:
templates/jitsi-config.js.j2
dest
:
"
/etc/jitsi/meet/{{
jitsi_meet_server_name
}}-config.js"
roles
:
-
role
:
ansible-letsencrypt
letsencrypt_email
:
"
fnord@{{
jitsi_meet_server_name
}}"
letsencrypt_cert_domains
:
-
"
{{
jitsi_meet_server_name
}}"
tags
:
letsencrypt
handlers
:
-
name
:
restart ssh
service
:
name=sshd
state=restarted
-
name
:
reload nftables
service
:
name=nftables
state=reloaded
-
name
:
restart nginx
service
:
name=nginx
state=restarted
ansible-letsencrypt
@
f4b56870
Subproject commit f4b5687073a20e2a744115e97fa87ef278e4b2bf
templates/jitsi-config.js.j2
0 → 100644
View file @
02848216
/* eslint-disable no-unused-vars, no-var */
var config = {
// Connection
//
hosts: {
// XMPP domain.
domain: '{{ jitsi_meet_server_name }}',
// When using authentication, domain for guest users.
// anonymousdomain: 'guest.example.com',
// Domain for authenticated users. Defaults to <domain>.
// authdomain: '{{ jitsi_meet_server_name }}',
// Jirecon recording component domain.
// jirecon: 'jirecon.{{ jitsi_meet_server_name }}',
// Call control component (Jigasi).
// call_control: 'callcontrol.{{ jitsi_meet_server_name }}',
// Focus component domain. Defaults to focus.<domain>.
// focus: 'focus.{{ jitsi_meet_server_name }}',
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
muc: 'conference.{{ jitsi_meet_server_name }}'
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '//{{ jitsi_meet_server_name }}/http-bind',
// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',
// The real JID of focus participant - can be overridden here
// focusUserJid: 'focus@auth.{{ jitsi_meet_server_name }}',
// Testing / experimental features.
//
testing: {
// Enables experimental simulcast support on Firefox.
enableFirefoxSimulcast: false,
// P2P test mode disables automatic switching to P2P when there are 2
// participants in the conference.
p2pTestMode: false
// Enables the test specific features consumed by jitsi-meet-torture
// testMode: false
// Disables the auto-play behavior of *all* newly created video element.
// This is useful when the client runs on a host with limited resources.
// noAutoPlayVideo: false
},
// Disables ICE/UDP by filtering out local and remote UDP candidates in
// signalling.
// webrtcIceUdpDisable: false,
// Disables ICE/TCP by filtering out local and remote TCP candidates in
// signalling.
// webrtcIceTcpDisable: false,
// Media
//
// Audio
// Disable measuring of audio levels.
// disableAudioLevels: false,
// Start the conference in audio only mode (no video is being received nor
// sent).
startAudioOnly: true,
// Every participant after the Nth will start audio muted.
// startAudioMuted: 10,
// Start calls with audio muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithAudioMuted: false,
// Enabling it (with #params) will disable local audio output of remote
// participants and to enable it back a reload is needed.
// startSilent: false
// Video
// Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720,
// w3c spec-compliant video constraints to use for video capture. Currently
// used by browsers that return true from lib-jitsi-meet's
// util#browser#usesNewGumFlow. The constraints are independency from
// this config's resolution value. Defaults to requesting an ideal aspect
// ratio of 16:9 with an ideal resolution of 720.
// constraints: {
// video: {
// aspectRatio: 16 / 9,
// height: {
// ideal: 720,
// max: 720,
// min: 240
// }
// }
// },
// Enable / disable simulcast support.
// disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD
// layers are not in use will be suspended (no longer sent) until they
// are requested again.
// enableLayerSuspension: false,
// Every participant after the Nth will start video muted.
// startVideoMuted: 10,
// Start calls with video muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithVideoMuted: false,
// If set to true, prefer to use the H.264 video codec (if supported).
// Note that it's not recommended to do this because simulcast is not
// supported when using H.264. For 1-to-1 calls this setting is enabled by
// default and can be toggled in the p2p section.
// preferH264: true,
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// Desktop sharing
// The ID of the jidesha extension for Chrome.
desktopSharingChromeExtId: null,
// Whether desktop sharing should be disabled on Chrome.
// desktopSharingChromeDisabled: false,
// The media sources to use when using screen sharing with the Chrome
// extension.
desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
// Required version of Chrome extension
desktopSharingChromeMinExtVersion: '0.1',
// Whether desktop sharing should be disabled on Firefox.
// desktopSharingFirefoxDisabled: false,
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
// desktopSharingFrameRate: {
// min: 5,
// max: 5
// },
// Try to start calls with screen-sharing instead of camera video.
// startScreenSharing: false,
// Recording
// Whether to enable file recording or not.
// fileRecordingsEnabled: false,
// Enable the dropbox integration.
// dropbox: {
// appKey: '<APP_KEY>' // Specify your app key here.
// // A URL to redirect the user to, after authenticating
// // by default uses:
// // 'https://{{ jitsi_meet_server_name }}/static/oauth.html'
// redirectURI:
// 'https://{{ jitsi_meet_server_name }}/subfolder/static/oauth.html'
// },
// When integrations like dropbox are enabled only that will be shown,
// by enabling fileRecordingsServiceEnabled, we show both the integrations
// and the generic recording service (its configuration and storage type
// depends on jibri configuration)
// fileRecordingsServiceEnabled: false,
// Whether to show the possibility to share file recording with other people
// (e.g. meeting participants), based on the actual implementation
// on the backend.
// fileRecordingsServiceSharingEnabled: false,
// Whether to enable live streaming or not.
// liveStreamingEnabled: false,
// Transcription (in interface_config,
// subtitles and buttons can be configured)
// transcribingEnabled: false,
// Enables automatic turning on captions when recording is started
// autoCaptionOnRecord: false,
// Misc
// Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: -1,
// Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false,
// Disables or enables TCC (the default is in Jicofo and set to true)
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
// affects congestion control, it practically enables send-side bandwidth
// estimations.
// enableTcc: true,
// Disables or enables REMB (the default is in Jicofo and set to false)
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
// control, it practically enables recv-side bandwidth estimations. When
// both TCC and REMB are enabled, TCC takes precedence. When both are
// disabled, then bandwidth estimations are disabled.
// enableRemb: false,
// Defines the minimum number of participants to start a call (the default
// is set in Jicofo and set to 2).
// minParticipants: 2,
// Use XEP-0215 to fetch STUN and TURN servers.
// useStunTurn: true,
// Enable IPv6 support.
// useIPv6: true,
// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel).
// openBridgeChannel: true,
// UI
//
// Use display name as XMPP nickname.
// useNicks: false,
// Require users to always specify a display name.
// requireDisplayName: true,
// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
enableWelcomePage: true,
// Enabling the close page will ignore the welcome page redirection when
// a call is hangup.
// enableClosePage: false,
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// disable1On1Mode: false,
// Default language for the user interface.
// defaultLanguage: 'en',
// If true all users without a token will be considered guests and all users
// with token will be considered non-guests. Only guests will be allowed to
// edit their profile.
enableUserRolesBasedOnToken: false,
// Whether or not some features are checked based on token.
// enableFeaturesBasedOnToken: false,
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
// lockRoomGuestEnabled: false,
// When enabled the password used for locking a room is restricted to up to the number of digits specified
// roomPasswordNumberOfDigits: 10,
// default: roomPasswordNumberOfDigits: false,
// Message to show the users. Example: 'The service will be down for
// maintenance at 01:00 AM GMT,
// noticeMessage: '',
// Enables calendar integration, depends on googleApiApplicationClientID
// and microsoftApiApplicationClientID
// enableCalendarIntegration: false,
// Stats
//
// Whether to enable stats collection or not in the TraceablePeerConnection.
// This can be useful for debugging purposes (post-processing/analysis of
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
// estimation tests.
// gatherStats: false,
// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',
// enables sending participants display name to callstats
// enableDisplayNameInStats: false
// enables sending participants email if available to callstats and other analytics
// enableEmailInStats: false
// Privacy
//
// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// will not function.
disableThirdPartyRequests: true,
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
//
p2p: {
// Enables peer to peer mode. When enabled the system will try to
// establish a direct connection when there are exactly 2 participants
// in the room. If that succeeds the conference will stop sending data
// through the JVB and use the peer to peer connection instead. When a
// 3rd participant joins the conference will be moved back to the JVB
// connection.
enabled: false,
// Use XEP-0215 to fetch STUN and TURN servers.
// useStunTurn: true,
// The STUN servers that will be used in the peer to peer connections
stunServers: [
{ urls: 'stun:stun.l.google.com:19302' },
{ urls: 'stun:stun1.l.google.com:19302' },
{ urls: 'stun:stun2.l.google.com:19302' }
],
// Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay',
// but that is subject to change in the future. The enum is defined in
// the WebRTC standard:
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
// If not set, the effective value is 'all'.
// iceTransportPolicy: 'all',
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
// is supported).
preferH264: true
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload).
// backToP2PDelay: 5
},
analytics: {
// The Google Analytics Tracking ID:
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
// The Amplitude APP Key:
// amplitudeAPPKey: '<APP_KEY>'
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
// scriptURLs: [
// "libs/analytics-ga.min.js", // google-analytics
// "https://example.com/my-custom-analytics.js"
// ],
},
// Information about the jitsi-meet instance we are connecting to, including
// the user region as seen by the server.
deploymentInfo: {
// shard: "shard1",
// region: "europe",
// userRegion: "asia"
}
// Local Recording
//
// localRecording: {
// Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
// button to show up on the toolbar.
//
// enabled: true,
//
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
// format: 'flac'
//
// }
// Options related to end-to-end (participant to participant) ping.
// e2eping: {
// // The interval in milliseconds at which pings will be sent.
// // Defaults to 10000, set to <= 0 to disable.
// pingInterval: 10000,
//
// // The interval in milliseconds at which analytics events
// // with the measured RTT will be sent. Defaults to 60000, set
// // to <= 0 to disable.
// analyticsInterval: 60000,
// }
// If set, will attempt to use the provided video input device label when
// triggering a screenshare, instead of proceeding through the normal flow
// for obtaining a desktop stream.
// NOTE: This option is experimental and is currently intended for internal
// use only.
// _desktopSharingSourceDevice: 'sample-id-or-label'
// If true, any checks to handoff to another application will be prevented
// and instead the app will continue to display in the current browser.
// disableDeepLinking: false
// A property to disable the right click context menu for localVideo
// the menu has option to flip the locally seen video for local presentations
// disableLocalVideoFlip: false
// Deployment specific URLs.
// deploymentUrls: {
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
// // user documentation.
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
// // to the specified URL for an app download page.
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
// }
// List of undocumented settings used in jitsi-meet
/**
_immediateReloadThreshold
autoRecord
autoRecordToken
debug
debugAudioLevels
deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl
dialOutCodesUrl
disableRemoteControl
displayJids
etherpad_base
externalConnectUrl
firefox_fake_device