Update to 2024-07-22 10:00

roles/jitsi/defaults/main.yml

@@ -14,7 +14,7 @@ jitsi_jigasi_git_url: https://github.com/jitsi/jigasi.git
 jitsi_meet_git_url: https://github.com/jitsi/jitsi-meet.git
 
 # Should ansible handle upgrades, or only initial install ?
-jitsi_manage_upgrade: True
+jitsi_manage_upgrade: true
 
 # XMPP server to connect to. Default is the same machine
 jitsi_xmpp_server: "{{ inventory_hostname }}"
@@ -33,14 +33,26 @@ jitsi_stun_servers: []
 jitsi_turn_secret: "{{ turnserver_auth_secret | default('p@ssw0rd') }}"
 
 # Authentication. Can be set to
-#  * False : no authentication at all (can also be None)
+#  * false : no authentication at all (can also be None)
 #  * sso : In this case, you have to protect /login with your SSO system (through a reverse proxy)
 #    And once authenticated, send the HTTP headers mail and displayName with the appropriate values
 #    Note that jitsi Android client does not support sso authentication, so mobile users will be able
 #    to join an existing conf, but not create one easily
+#  * token : to use JWT Tokens
 #  * ldap : Will use an LDAP server for authentication. Works on mobile, but is a bit less convinient
 #    than sso for desktop users. See all the jitsi_ldap_xxxx settings
-jitsi_auth: False
+jitsi_auth: false
+
+# If using token
+jitsi_token_app_id: jitsi
+
+# Either jitsi_token_app_secret or jitsi_token_asap_key_server must be set
+# jitsi_token_app_secret: XXXX
+# jitsi_token_asap_key_server: https://sso.example.org/jitsi/asap
+
+jitsi_token_iss: https://sso.example.org
+jitsi_token_aud: "{{ jitsi_token_app_id }}"
+jitsi_token_auth_url: https://sso.example.org/jitsi/login?room={room}
 
 jitsi_jicofo_xmpp_user: focus
 jitsi_jicofo_xmpp_domain: "{{ jitsi_auth_domain }}"
@@ -52,7 +64,7 @@ jitsi_auth_domain: auth.{{ jitsi_domain }}
 
 # Can be either true, in which case a cert will be automatically obtained using letsencrypt
 # or can be a name, in which case you have to configure letsencrypt to obtain the cert yourself
-# jitsi_letsencrypt_cert: True
+# jitsi_letsencrypt_cert: true
 # or
 # jitsi_letsencrypt_cert: jitsi.example.com
 #
@@ -71,33 +83,32 @@ jitsi_meet_conf_base:
   websocket: wss://{{ jitsi_domain }}/xmpp-websocket
   clientNode: http://jitsi.org/jitsimeet
   focusUserJid: "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}"
-  enableNoAudioDetection: True
-  enableNoisyMicDetection: True
+  enableNoAudioDetection: true
+  enableNoisyMicDetection: true
   startAudioMuted: 10
   startVideoMuted: 10
-  enableOpusRed: True
-  desktopSharingFrameRate:
-    min: 5
-    max: 30
-  channelLastN: 25
-  enableLayerSuspension: True
-  enableUnifiedOnChrome: True
-  requireDisplayName: False
+  enableOpusRed: true
+  #desktopSharingFrameRate:
+  #  min: 5
+  #  max: 30
+  requireDisplayName: true
   prejoinConfig:
-    enabled: True
-  enableInsecureRoomNameWarning: False
-  disableThirdPartyRequests: True
+    enabled: true
+  enableInsecureRoomNameWarning: false
+  disableThirdPartyRequests: true
   welcomePage:
-    disabled: False
+    disabled: false
+  lobby:
+    enableChat: true
   localRecording:
-    notifyAllParticipants: True
+    notifyAllParticipants: true
   recordingService:
-    enabled: "{{ (jitsi_jibri_recordings_base_url is defined) | ternary(True, False) }}"
+    enabled: "{{ (jitsi_jibri_recordings_base_url is defined) | ternary(true, false) }}"
   p2p:
-    enabled: False
-    enableUnifiedOnChrome: True
+    enabled: false
+    enableUnifiedOnChrome: true
   analytics:
-    disabled: True
+    disabled: true
   toolbarButtons:
     - camera
     - chat
@@ -129,18 +140,22 @@ jitsi_meet_conf_base:
   dialInNumbersUrl: https://{{ jitsi_domain }}/phoneNumberList
   dialInConfCodeUrl: https://{{ jitsi_domain }}/conferenceMapper
   screenshotCapture:
-    enabled: True
+    enabled: true
   transcription:
-    enabled: False
-  useTurnUdp: True
+    enabled: false
+  useTurnUdp: true
   defaultLanguage: fr
   gravatar:
-    disabled: True
+    disabled: true
   giphy:
-    enabled: True
+    enabled: true
+  breakoutRooms:
+    hideAddRoomButton: false
+    hideAutoAssignButton: true
+    hideJoinRoomButton: false
 
 jitsi_meet_conf_extra: {}
-jitsi_meet_conf: "{{ jitsi_meet_conf_base | combine(jitsi_meet_conf_extra, recursive=True) }}"
+jitsi_meet_conf: "{{ jitsi_meet_conf_base | combine(jitsi_meet_conf_extra, recursive=true) }}"
 
 # Meet interface configuration. Will be converted to JSON
 # See https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js for available settings and their meaning
@@ -150,29 +165,29 @@ jitsi_meet_interface_conf_base:
   AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)'
   AUTO_PIN_LATEST_SCREEN_SHARE: remote-only
   BRAND_WATERMARK_LINK: https://www.ehtrace.com
-  CLOSE_PAGE_GUEST_HINT: False
+  CLOSE_PAGE_GUEST_HINT: false
   DEFAULT_BACKGROUND: '#040404'
   DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg'
-  DISABLE_DOMINANT_SPEAKER_INDICATOR: False
-  DISABLE_JOIN_LEAVE_NOTIFICATIONS: False
-  DISABLE_PRESENCE_STATUS: False
-  DISABLE_RINGING: False
-  DISABLE_TRANSCRIPTION_SUBTITLES: True
-  DISABLE_VIDEO_BACKGROUND: False
-  DISPLAY_WELCOME_FOOTER: True
-  DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: False
-  DISPLAY_WELCOME_PAGE_CONTENT: False
-  DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: False
-  ENABLE_DIAL_OUT: "{{ (jitsi_jigasi_sip_server is defined) | ternary(True, False) }}"
-  ENABLE_FEEDBACK_ANIMATION: False
+  DISABLE_DOMINANT_SPEAKER_INDICATOR: false
+  DISABLE_JOIN_LEAVE_NOTIFICATIONS: false
+  DISABLE_PRESENCE_STATUS: false
+  DISABLE_RINGING: false
+  DISABLE_TRANSCRIPTION_SUBTITLES: true
+  DISABLE_VIDEO_BACKGROUND: false
+  DISPLAY_WELCOME_FOOTER: true
+  DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false
+  DISPLAY_WELCOME_PAGE_CONTENT: false
+  DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false
+  ENABLE_DIAL_OUT: "{{ (jitsi_jigasi_sip_server is defined) | ternary(true, false) }}"
+  ENABLE_FEEDBACK_ANIMATION: false
   FILM_STRIP_MAX_HEIGHT: 120
-  GENERATE_ROOMNAMES_ON_WELCOME_PAGE: True
-  HIDE_INVITE_MORE_HEADER: False
+  GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true
+  HIDE_INVITE_MORE_HEADER: false
   JITSI_WATERMARK_LINK: https://www.ehtrace.com
-  LANG_DETECTION: True
+  LANG_DETECTION: true
   LOCAL_THUMBNAIL_RATIO: 16 / 9
   MAXIMUM_ZOOMING_COEFFICIENT: 1.3
-  MOBILE_APP_PROMO: True
+  MOBILE_APP_PROMO: true
   OPTIMAL_BROWSERS:
     - chrome
     - chromium
@@ -182,7 +197,7 @@ jitsi_meet_interface_conf_base:
     - safari
   POLICY_LOGO: null
   PROVIDER_NAME: Ehtrace
-  RECENT_LIST_ENABLED: True
+  RECENT_LIST_ENABLED: true
   REMOTE_THUMBNAIL_RATIO: 1
   SETTINGS_SECTIONS:
     - devices
@@ -191,19 +206,19 @@ jitsi_meet_interface_conf_base:
     - profile
     - sounds
     - more
-  SHOW_BRAND_WATERMARK: False
-  SHOW_CHROME_EXTENSION_BANNER: False
-  SHOW_JITSI_WATERMARK: False
-  SHOW_POWERED_BY: False
-  SHOW_PROMOTIONAL_CLOSE_PAGE: False
+  SHOW_BRAND_WATERMARK: false
+  SHOW_CHROME_EXTENSION_BANNER: false
+  SHOW_JITSI_WATERMARK: false
+  SHOW_POWERED_BY: false
+  SHOW_PROMOTIONAL_CLOSE_PAGE: false
   SUPPORT_URL: 'mailto:support@ehtrace.com'
   UNSUPPORTED_BROWSERS: []
-  VERTICAL_FILMSTRIP: True
+  VERTICAL_FILMSTRIP: true
   VIDEO_LAYOUT_FIT: both
-  VIDEO_QUALITY_LABEL_DISABLED: False
+  VIDEO_QUALITY_LABEL_DISABLED: false
 
 jitsi_meet_interface_conf_extra: {}
-jitsi_meet_interface_conf: "{{ jitsi_meet_interface_conf_base | combine(jitsi_meet_interface_conf_extra, recursive=True) }}"
+jitsi_meet_interface_conf: "{{ jitsi_meet_interface_conf_base | combine(jitsi_meet_interface_conf_extra, recursive=true) }}"
 
 # You can customize strings here (lang/main-XX.json)
 jitsi_meet_custom_lang: {}
@@ -221,12 +236,12 @@ jitsi_meet_custom_lang: {}
 
 # If jitsi_auth is ldap
 # We inherit values from prosody if available, or we try to get values from ad_auth or ldap_auth
-jitsi_ldap_base: "{{ prosody_ldap_base | default(ad_auth | default(False) | ternary((ad_ldap_user_search_base is defined) | ternary(ad_ldap_user_search_base,'DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC=')), ldap_user_base | default('ou=Users') + ',' + ldap_base | default(ansible_domain | regex_replace('\\.','dc=')))) }}"
-jitsi_ldap_servers: "{{ prosody_ldap_server | default(ad_ldap_servers | default([ad_auth | default(False) | ternary(ad_realm | default(samba_realm) | default(ansible_domain) | lower, ldap_uri | default('ldap://' + ansible_domain) | urlsplit('hostname'))]))}}"
+jitsi_ldap_base: "{{ prosody_ldap_base | default(ad_auth | default(false) | ternary((ad_ldap_user_search_base is defined) | ternary(ad_ldap_user_search_base,'DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC=')), ldap_user_base | default('ou=Users') + ',' + ldap_base | default(ansible_domain | regex_replace('\\.','dc=')))) }}"
+jitsi_ldap_servers: "{{ prosody_ldap_server | default(ad_ldap_servers | default([ad_auth | default(false) | ternary(ad_realm | default(samba_realm) | default(ansible_domain) | lower, ldap_uri | default('ldap://' + ansible_domain) | urlsplit('hostname'))]))}}"
 jitsi_ldap_bind_dn: "{{ prosody_ldap_bind_dn | default(None) }}"
 jitsi_ldap_bind_pass: "{{ prosody_ldap_bind_pass | default(None) }}"
-jitsi_ldap_filter: "{{ prosody_ldap_filter | default(ad_auth | default(False) | ternary('(&(objectClass=user)(sAMAccountName=%s))','(&(objectClass=inetOrgPerson)(uid=%s))')) }}"
-jitsi_ldap_starttls: "{{ prosody_ldap_starttls | default(True) }}"
+jitsi_ldap_filter: "{{ prosody_ldap_filter | default(ad_auth | default(false) | ternary('(&(objectClass=user)(sAMAccountName=%s))','(&(objectClass=inetOrgPerson)(uid=%s))')) }}"
+jitsi_ldap_starttls: "{{ prosody_ldap_starttls | default(true) }}"
 
 # Jigasi settings
 
@@ -267,7 +282,7 @@ jitsi_jigasi_sip_extra_conf: {}
 #  ENCRYPTION_PROTOCOL_STATUS.ZRTP: 'false'
 #  IS_PRESENCE_ENABLED: 'true'
 #  SDES_CIPHER_SUITES: AES_CM_128_HMAC_SHA1_80,AES_CM_128_HMAC_SHA1_32
-jitsi_jigasi_sip_conf: "{{ jitsi_jigasi_sip_base_conf | combine(jitsi_jigasi_sip_extra_conf, recursive=True) }}"
+jitsi_jigasi_sip_conf: "{{ jitsi_jigasi_sip_base_conf | combine(jitsi_jigasi_sip_extra_conf, recursive=true) }}"
 
 jitsi_jigasi_xmpp_user: jigasi
 jitsi_jigasi_xmpp_domain: "{{ jitsi_auth_domain }}"
@@ -291,7 +306,7 @@ jitsi_confmapper_conf_base:
   id_max_length: 4
   db_file: "{{ jitsi_root_dir }}/data/confmapper/confmapper.sqlite"
 jitsi_confmapper_conf_extra: {}
-jitsi_confmapper_conf: "{{ jitsi_confmapper_conf_base | combine(jitsi_confmapper_conf_extra, recursive=True) }}"
+jitsi_confmapper_conf: "{{ jitsi_confmapper_conf_base | combine(jitsi_confmapper_conf_extra, recursive=true) }}"
 
 # This is for Jibri integration
 jitsi_jibri_xmpp_user: jibri

roles/jitsi/tasks/facts.yml

@@ -73,10 +73,19 @@
     - set_fact:
         jitsi_anonymousdomain:
           hosts:
-           anonymousdomain: guest.{{ jitsi_domain }}
-    - set_fact: jitsi_meet_conf={{ jitsi_anonymousdomain | combine(jitsi_meet_conf, recursive=True) }}
-  when: jitsi_auth == 'ldap'
-  tags: jisti
+            anonymousdomain: guest.{{ jitsi_domain }}
+    - set_fact: jitsi_meet_conf={{ jitsi_meet_conf | combine(jitsi_anonymousdomain, recursive=True) }}
+  when: jitsi_auth == 'ldap' or jitsi_auth == 'token'
+  tags: jitsi
+
+- name: Set authentication url for jitsi meet
+  block:
+    - set_fact:
+        jitsi_authurl:
+          tokenAuthUrl: '{{ jitsi_token_auth_url }}'
+    - set_fact: jitsi_meet_conf={{ jitsi_meet_conf | combine(jitsi_authurl, recursive=True) }}
+  when: jitsi_auth == 'token'
+  tags: jitsi
 
 - name: Check if cert file exist
   stat: path={{ jitsi_cert_path }}

roles/jitsi/templates/jicofo/jicofo.conf.j2

@@ -2,8 +2,17 @@
 jicofo {
 
   authentication {
-    enabled = {{ (jitsi_auth == 'sso' or jitsi_auth == 'ldap') | ternary('true', 'false') }}
-    type = {{ (jitsi_auth == 'ldap') | ternary('XMPP', 'SHIBBOLETH') }}
+{% if jitsi_auth == 'sso' %}
+    enabled = true
+    type = SHIBBOLETH
+{% elif jitsi_auth == 'ldap' %}
+    enabled = true
+    type = XMPP
+{% elif jitsi_auth == 'token' %}
+    enabled = true
+    type = JWT
+    login-url = {{ jitsi_domain }}
+{% endif %}
   }
 
   bridge {
@@ -28,5 +37,6 @@ jicofo {
       password = "{{ jitsi_jicofo_xmpp_pass }}"
       client-proxy = focus.{{ jitsi_domain }}
     }
+    trusted-domains = ["{{ jitsi_jibri_xmpp_domain | default('recorder.' ~ jitsi_jibri_domain) }}"]
   }
 }

roles/jitsi/templates/prosody.cfg.lua.j2

@@ -11,7 +11,10 @@ external_services = {
 {% for stun in jitsi_stun_servers %}
   {
     type = "{{ stun | urlsplit('scheme') }}",
-    host = "{{ stun | regex_replace('(turns?|stun):([^:]+)(:\d+)?.*', '\\2') }}{% if stun | regex_replace('(turns?|stun):.+:(\d+)?.*', '\\2') | int > 0 and stun | regex_replace('(turns?|stun):.+:(\d+)?.*', '\\2') | int < 65535 %}:{{ stun | regex_replace('(turns?|stun):.+:(\d+)?.*', '\\2') }}{% endif %}",
+    host = "{{ stun | regex_replace('(turns?|stun):([^:]+)(:\d+)?.*', '\\2') }}",
+{% if stun | regex_replace('(turns?|stun):.+:(\d+)?.*', '\\2') | int > 0 and stun | regex_replace('(turns?|stun):.+:(\d+)?.*', '\\2') | int < 65535 %}
+    port = {{ stun | regex_replace('(turns?|stun):.+:(\d+)?.*', '\\2') }},
+{% endif %}
 {% if stun | urlsplit('query') is search('transport=') %}
     transport = "{{ stun | urlsplit('query') | regex_replace('.*transport=(udp|tcp).*', '\\1') }}",
 {% endif %}
@@ -24,13 +27,13 @@ external_services = {
 {% endfor %}
 };
 
-cross_domain_bosh = false;
+-- cross_domain_bosh = false;
 cross_domain_websocket = true;
 consider_bosh_secure = true;
 
 unlimited_jids = {
-    "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}",
-    "{{ jitsi_videobridge_xmpp_user }}@{{ jitsi_videobridge_xmpp_domain }}"
+  "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}",
+  "{{ jitsi_videobridge_xmpp_user }}@{{ jitsi_videobridge_xmpp_domain }}"
 }
 
 VirtualHost "{{ jitsi_domain }}"
@@ -45,40 +48,59 @@ VirtualHost "{{ jitsi_domain }}"
   ldap_filter = "{{ jitsi_ldap_filter }}"
   ldap_scope = "subtree"
   ldap_tls = {{ jitsi_ldap_starttls | ternary('true','false') }}
+{% elif jitsi_auth == 'token' %}
+  authentication = "token"
+  app_id = "{{ jitsi_token_app_id }}";
+  asap_accepted_issuers = "{{ jitsi_token_iss }}";
+  asap_accepted_audiences = "{{ jitsi_token_aud }}";
+{% if jitsi_token_app_secret is defined %}
+  app_secret = "{{ jitsi_token_app_secret }}";
+{% elif jitsi_token_asap_key_server is defined %}
+  asap_key_server = "{{ jitsi_token_asap_key_server }}";
+{% endif %}
+  allow_empty_token = false;
 {% else %}
-  authentication = "anonymous"
+  authentication = "jitsi-anonymous"
 {% endif %}
   ssl = {
     key = "{{ jitsi_key_path }}";
     certificate = "{{ jitsi_cert_path }}";
   }
 
+  c2s_require_encryption = false
+  allow_unencrypted_plain_auth = true
+  av_moderation_component = "avmoderation.{{ jitsi_domain }}"
+  speakerstats_component = "speakerstats.{{ jitsi_domain }}"
+  end_conference_component = "endconference.{{ jitsi_domain }}"
+
   modules_enabled = {
     "bosh";
     "pubsub";
-    "ping";
     "websocket";
-    "external_services";
+    "ping";
     "speakerstats";
+    "external_services";
     "conference_duration";
+    "end_conference";
     "muc_lobby_rooms";
-    "participant_metadata";
     "muc_breakout_rooms";
     "av_moderation";
+    "room_metadata";
+    "participant_metadata";
+    "presence_identity";
   }
-  c2s_require_encryption = false
-  allow_unencrypted_plain_auth = true
-  speakerstats_component = "speakerstats.{{ jitsi_domain }}"
+
   conference_duration_component = "conferenceduration.{{ jitsi_domain }}"
   lobby_muc = "lobby.{{ jitsi_domain }}"
   breakout_rooms_muc = "breakout.{{ jitsi_domain }}"
+  room_metadata_component = "metadata.{{ jitsi_domain }}"
   main_muc = "conference.{{ jitsi_domain }}"
   muc_lobby_whitelist = { "recorder.{{ jitsi_domain }}" }
 
-{% if jitsi_auth == 'ldap' %}
+{% if jitsi_auth == 'ldap' or jitsi_auth == 'token' %}
 -- Guest virtual domain
 VirtualHost "guest.{{ jitsi_domain }}"
-  authentication = "anonymous"
+  authentication = "jitsi-anonymous"
   c2s_require_encryption = false
   modules_enabled = {
     "participant_metadata";
@@ -101,10 +123,12 @@ VirtualHost "recorder.{{ jitsi_domain }}"
   c2s_require_encryption = false
 
 Component "conference.{{ jitsi_domain }}" "muc"
+  restrict_room_creation = true
   storage = "memory"
   modules_enabled = {
     "ping";
     "jibri_bypass_pwd";
+    "muc_hide_all";
     "muc_meeting_id";
     "muc_domain_mapper";
     "polls";
@@ -113,11 +137,19 @@ Component "conference.{{ jitsi_domain }}" "muc"
   admins = { "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}" }
   muc_room_locking = false
   muc_room_default_public_jids = true
+  muc_password_whitelist = {
+    "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}"
+  }
 
 Component "internal.{{ jitsi_auth_domain }}" "muc"
   storage = "memory"
-  modules_enabled = { "ping"; }
-  muc_room_cache_size = 1000
+  modules_enabled = {
+    "muc_hide_all";
+    "ping";
+  }
+  admins = { "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}" }
+  muc_room_locking = false
+  muc_room_default_public_jids = true
 
 Component "focus.{{ jitsi_domain }}" "client_proxy"
   target_address = "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}"
@@ -128,6 +160,9 @@ Component "speakerstats.{{ jitsi_domain }}" "speakerstats_component"
 Component "conferenceduration.{{ jitsi_domain }}" "conference_duration_component"
   muc_component = "conference.{{ jitsi_domain }}"
 
+Component "endconference.{{ jitsi_domain }}" "end_conference"
+  muc_component = "conference.{{ jitsi_domain }}"
+
 Component "avmoderation.{{ jitsi_domain }}" "av_moderation_component"
   muc_component = "conference.{{ jitsi_domain }}"
 
@@ -137,16 +172,24 @@ Component "lobby.{{ jitsi_domain }}" "muc"
   muc_room_locking = false
   muc_room_default_public_jids = true
   modules_enabled = {
+    "muc_hide_all";
     "muc_rate_limit";
+    "polls";
   }
 
+Component "metadata.{{ jitsi_domain }}" "room_metadata_component"
+  muc_component = "conference.{{ jitsi_domain }}"
+  breakout_rooms_component = "breakout.{{ jitsi_domain }}"
+
 Component "breakout.{{ jitsi_domain }}" "muc"
   restrict_room_creation = true
   storage = "memory"
   modules_enabled = {
+    "muc_hide_all";
     "muc_meeting_id";
     "muc_domain_mapper";
     "muc_rate_limit";
+    "polls";
   }
   admins = { "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}" }
   muc_room_locking = false