---

jitsi_root_dir: /opt/jitsi
jitsi_user: jitsi

# List of IP or CIDR for which web resources will be served
# It can be different from jitsi_videobridge_src_ip is web access is done through
# a reverse proxy
jitsi_web_src_ip:
  - 0.0.0.0/0

jitsi_version: 9584

jitsi_jicofo_archive_url: https://github.com/jitsi/jicofo/archive/refs/tags/stable/jitsi-meet_{{ jitsi_version }}.tar.gz
jitsi_jicofo_archive_sha256: 0be6e661a962e842704e8d2bdccfd28be21a97664883f458224e39a44679393f

# Jigasi has no release, nor tags, so use master
jitsi_jigasi_archive_url: https://github.com/jitsi/jigasi/archive/refs/heads/master.tar.gz

jitsi_meet_archive_url: https://github.com/jitsi/jitsi-meet/archive/refs/tags/stable/jitsi-meet_{{ jitsi_version }}.tar.gz
jitsi_meet_archive_sha256: fe52cd45159af7b9716043aae00a3f37e5874e31801261ec65d0ce9dc02c368f

jitsi_excalidraw_version: x21
jitsi_excalidraw_archive_url: https://github.com/jitsi/excalidraw-backend/archive/refs/tags/{{ jitsi_excalidraw_version }}.tar.gz
jitsi_excalidraw_archive_sha256: 7733c33667c7d9d022c1994c66819a57e44ca1c0dc71b3b71d9bcb10a09791f4

# XMPP server to connect to. Default is the same machine
jitsi_xmpp_server: "{{ inventory_hostname }}"
# Port on which to connect to the XMPP server to register as a component
jitsi_xmpp_component_port: 5347

# Account for videobridge
jitsi_jvb_xmpp_user: "{{ jitsi_videobridge_xmpp_user | default('jvb') }}"
jitsi_jvb_xmpp_domain: "{{ jitsi_videobridge_xmpp_domain | default(jitsi_auth_domain) }}"
# jitsi_jvb_xmpp_pass: 

jitsi_stun_servers: []
# jitsi_stun_servers:
#   - stun:meet-jit-si-turnrelay.jitsi.net:443

jitsi_turn_secret: "{{ turnserver_auth_secret | default('p@ssw0rd') }}"

# Authentication. Can be set to
#  * false : no authentication at all (can also be None)
#  * sso : In this case, you have to protect /login with your SSO system (through a reverse proxy)
#    And once authenticated, send the HTTP headers mail and displayName with the appropriate values
#    Note that jitsi Android client does not support sso authentication, so mobile users will be able
#    to join an existing conf, but not create one easily
#  * token : to use JWT Tokens
#  * ldap : Will use an LDAP server for authentication. Works on mobile, but is a bit less convinient
#    than sso for desktop users. See all the jitsi_ldap_xxxx settings
jitsi_auth: false

# If using token
jitsi_token_app_id: jitsi

# Either jitsi_token_app_secret or jitsi_token_asap_key_server must be set
# jitsi_token_app_secret: XXXX
# jitsi_token_asap_key_server: https://sso.example.org/jitsi/asap

jitsi_token_iss: https://sso.example.org
jitsi_token_aud: "{{ jitsi_token_app_id }}"
jitsi_token_auth_url: https://sso.example.org/jitsi/login?room={room}

jitsi_jicofo_xmpp_user: focus
jitsi_jicofo_xmpp_domain: "{{ jitsi_auth_domain }}"
# Password for the focus user on the auth domain
# jitsi_jicofo_xmpp_pass: p@ssw0rd

jitsi_domain: "{{ inventory_hostname }}"
jitsi_auth_domain: auth.{{ jitsi_domain }}

# Can be either true, in which case a cert will be automatically obtained using letsencrypt
# or can be a name, in which case you have to configure letsencrypt to obtain the cert yourself
# jitsi_letsencrypt_cert: true
# or
# jitsi_letsencrypt_cert: jitsi.example.com
#
# or, you can also set custom cert path
#
# jitsi_cert_path: /etc/jitsi/ssl/cert.pem
# jitsi_key_path: /etc/jitsi/ssl/key.pem

# Meet configuration. Will be converted to JSON
# See https://github.com/jitsi/jitsi-meet/blob/master/config.js for available settings and their meaning
jitsi_meet_conf_base:
  hosts:
    domain: "{{ jitsi_domain }}"
    muc: conference.{{ jitsi_domain }}
  bosh: '//{{ jitsi_domain }}/http-bind'
  websocket: wss://{{ jitsi_domain }}/xmpp-websocket
  clientNode: http://jitsi.org/jitsimeet
  focusUserJid: "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}"
  enableNoAudioDetection: true
  enableNoisyMicDetection: true
  startAudioMuted: 10
  startVideoMuted: 10
  enableOpusRed: true
  #desktopSharingFrameRate:
  #  min: 5
  #  max: 30
  requireDisplayName: true
  prejoinConfig:
    enabled: true
  enableInsecureRoomNameWarning: false
  disableThirdPartyRequests: true
  welcomePage:
    disabled: false
  lobby:
    enableChat: true
  localRecording:
    notifyAllParticipants: true
  recordingService:
    enabled: "{{ (jitsi_jibri_recordings_base_url is defined) | ternary(true, false) }}"
  p2p:
    enabled: false
    enableUnifiedOnChrome: true
  analytics:
    disabled: true
  toolbarButtons:
    - camera
    - chat
    - closedcaptions
    - desktop
    - download
    - embedmeeting
    - etherpad
    - fullscreen
    - hangup
    - highlight
    - invite
    - microphone
    - noisesuppression
    - participants-pane
    - profile
    - raisehand
    - recording
    - security
    - select-background
    - settings
    - sharedvideo
    - shortcuts
    - stats
    - tileview
    - toggle-camera
    - videoquality
    - whiteboard
  dialInNumbersUrl: https://{{ jitsi_domain }}/phoneNumberList
  dialInConfCodeUrl: https://{{ jitsi_domain }}/conferenceMapper
  screenshotCapture:
    enabled: true
  transcription:
    enabled: false
  useTurnUdp: true
  defaultLanguage: fr
  gravatar:
    disabled: true
  giphy:
    enabled: true
  whiteboard:
    enabled: true
    collabServerBaseUrl: 'https://{{ jitsi_domain }}/'

jitsi_meet_conf_extra: {}
jitsi_meet_conf: "{{ jitsi_meet_conf_base | combine(jitsi_meet_conf_extra, recursive=true) }}"

# Meet interface configuration. Will be converted to JSON
# See https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js for available settings and their meaning
jitsi_meet_interface_conf_base:
  APP_NAME: Jitsi Meet
  AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)'
  AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)'
  AUTO_PIN_LATEST_SCREEN_SHARE: remote-only
  BRAND_WATERMARK_LINK: https://www.ehtrace.com
  CLOSE_PAGE_GUEST_HINT: false
  DEFAULT_BACKGROUND: '#040404'
  DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg'
  DISABLE_DOMINANT_SPEAKER_INDICATOR: false
  DISABLE_JOIN_LEAVE_NOTIFICATIONS: false
  DISABLE_PRESENCE_STATUS: false
  DISABLE_RINGING: false
  DISABLE_TRANSCRIPTION_SUBTITLES: true
  DISABLE_VIDEO_BACKGROUND: false
  DISPLAY_WELCOME_FOOTER: true
  DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false
  DISPLAY_WELCOME_PAGE_CONTENT: false
  DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false
  ENABLE_DIAL_OUT: "{{ (jitsi_jigasi_sip_server is defined) | ternary(true, false) }}"
  ENABLE_FEEDBACK_ANIMATION: false
  FILM_STRIP_MAX_HEIGHT: 120
  GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true
  HIDE_INVITE_MORE_HEADER: false
  JITSI_WATERMARK_LINK: https://www.ehtrace.com
  LANG_DETECTION: true
  LOCAL_THUMBNAIL_RATIO: 16 / 9
  MAXIMUM_ZOOMING_COEFFICIENT: 1.3
  MOBILE_APP_PROMO: true
  OPTIMAL_BROWSERS:
    - chrome
    - chromium
    - firefox
    - nwjs
    - electron
    - safari
  POLICY_LOGO: null
  PROVIDER_NAME: Ehtrace
  RECENT_LIST_ENABLED: true
  REMOTE_THUMBNAIL_RATIO: 1
  SETTINGS_SECTIONS:
    - devices
    - language
    - moderator
    - profile
    - sounds
    - more
  SHOW_BRAND_WATERMARK: false
  SHOW_CHROME_EXTENSION_BANNER: false
  SHOW_JITSI_WATERMARK: false
  SHOW_POWERED_BY: false
  SHOW_PROMOTIONAL_CLOSE_PAGE: false
  SUPPORT_URL: 'mailto:support@ehtrace.com'
  UNSUPPORTED_BROWSERS: []
  VERTICAL_FILMSTRIP: true
  VIDEO_LAYOUT_FIT: both
  VIDEO_QUALITY_LABEL_DISABLED: false

jitsi_meet_interface_conf_extra: {}
jitsi_meet_interface_conf: "{{ jitsi_meet_interface_conf_base | combine(jitsi_meet_interface_conf_extra, recursive=true) }}"

# You can customize strings here (lang/main-XX.json)
jitsi_meet_custom_lang: {}
#  fr:
#    welcomepage:
#      headerSubtitle: >-
#        La vidéoconférence simple, sécurisée, libre
#      startMeeting: >-
#        C'est parti !
#      appDescription: >-
#        Choisissez un nom ou bien laisser le système en créer un pour vous,
#        partagez le lien avec qui vous voulez.
#        Jamais la vidéoconférence n'a été aussi simple


# If jitsi_auth is ldap
# We inherit values from prosody if available, or we try to get values from ad_auth or ldap_auth
jitsi_ldap_base: "{{ prosody_ldap_base | default(ad_auth | default(false) | ternary((ad_ldap_user_search_base is defined) | ternary(ad_ldap_user_search_base,'DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC=')), ldap_user_base | default('ou=Users') + ',' + ldap_base | default(ansible_domain | regex_replace('\\.','dc=')))) }}"
jitsi_ldap_servers: "{{ prosody_ldap_server | default(ad_ldap_servers | default([ad_auth | default(false) | ternary(ad_realm | default(samba_realm) | default(ansible_domain) | lower, ldap_uri | default('ldap://' + ansible_domain) | urlsplit('hostname'))]))}}"
jitsi_ldap_bind_dn: "{{ prosody_ldap_bind_dn | default(None) }}"
jitsi_ldap_bind_pass: "{{ prosody_ldap_bind_pass | default(None) }}"
jitsi_ldap_filter: "{{ prosody_ldap_filter | default(ad_auth | default(false) | ternary('(&(objectClass=user)(sAMAccountName=%s))','(&(objectClass=inetOrgPerson)(uid=%s))')) }}"
jitsi_ldap_starttls: "{{ prosody_ldap_starttls | default(true) }}"

# Jigasi settings

# Default room on which to connect inbound SIP calls
# if no Jitsi-Conference-Room SIP header is found
jitsi_jigasi_default_room: sip

# SIP settings
#jitsi_jigasi_sip_user:
#jitsi_jigasi_sip_secret:
#jitsi_jigasi_sip_server:
jitsi_jigasi_sip_port: 5060
jitsi_jigasi_sip_transport: UDP
jitsi_jigasi_sip_base_conf:
  ACCOUNT_UID: "SIP\\:{{ jitsi_jigasi_sip_user }}"
  PASSWORD: "{{ jitsi_jigasi_sip_secret | b64encode }}"
  PROTOCOL_NAME: SIP
  SERVER_ADDRESS: "{{ jitsi_jigasi_sip_server }}"
  USER_ID: "{{ jitsi_jigasi_sip_user }}"
  KEEP_ALIVE_INTERVAL: 25
  KEEP_ALIVE_METHOD: OPTIONS
  VOICEMAIL_ENABLED: 'false'
  OVERRIDE_ENCODINGS: 'false'
  DOMAIN_BASE: "{{ jitsi_domain }}"
  PROXY_ADDRESS: "{{ jitsi_jigasi_sip_server }}"
  PROXY_AUTO_CONFIG: 'false'
  PROXY_PORT: "{{ jitsi_jigasi_sip_port }}"
  PREFERRED_TRANSPORT: "{{ jitsi_jigasi_sip_transport }}"
jitsi_jigasi_sip_extra_conf: {}
# Can be used to configure advanced parameters, like media encryption
#jitsi_jigasi_sip_extra_conf:
#  SAVP_OPTION: 1
#  ENCRYPTION_PROTOCOL.DTLS-SRTP: 0
#  ENCRYPTION_PROTOCOL.SDES: 1
#  ENCRYPTION_PROTOCOL.ZRTP: 2
#  ENCRYPTION_PROTOCOL_STATUS.DTLS-SRTP: 'false'
#  ENCRYPTION_PROTOCOL_STATUS.SDES: 'true'
#  ENCRYPTION_PROTOCOL_STATUS.ZRTP: 'false'
#  IS_PRESENCE_ENABLED: 'true'
#  SDES_CIPHER_SUITES: AES_CM_128_HMAC_SHA1_80,AES_CM_128_HMAC_SHA1_32
jitsi_jigasi_sip_conf: "{{ jitsi_jigasi_sip_base_conf | combine(jitsi_jigasi_sip_extra_conf, recursive=true) }}"

jitsi_jigasi_xmpp_user: jigasi
jitsi_jigasi_xmpp_domain: "{{ jitsi_auth_domain }}"
# Password to auth as an XMPP user. A random one will be created if missing
#jitsi_jigasi_xmpp_pass:

# conferenceMapper is used for inbound SIP call
jitsi_confmapper_port: 8823
jitsi_confmapper_src_ip: []
jitsi_confmapper_conf_base:
  numbers: {}
  # numbers:
  #   FR:
  #     - +335 99 99 99 99
  #     - +339 88 88 88 88
  #   EN:
  #     - 555 555 555
  port: "{{ jitsi_confmapper_port }}"
  host: 0.0.0.0
  expire_seconds: 86400
  id_max_length: 4
  db_file: "{{ jitsi_root_dir }}/data/confmapper/confmapper.sqlite"
jitsi_confmapper_conf_extra: {}
jitsi_confmapper_conf: "{{ jitsi_confmapper_conf_base | combine(jitsi_confmapper_conf_extra, recursive=true) }}"

# This is for Jibri integration
jitsi_jibri_xmpp_user: jibri
# jitsi_jibri_xmpp_pass: s3cr3t.
jitsi_jibri_recorder_xmpp_user: recorder
# jitsi_jibri_recorder_xmpp_pass: p@ssw0rd