-
Notifications
You must be signed in to change notification settings - Fork 18
/
main.yml
146 lines (118 loc) · 6.58 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
---
jitsi_meet_dependencies:
- apt-utils
- lua5.2
- lua-unbound
jitsi_meet_packages:
- jitsi-meet
jitsi_meet_server_name: "meet.example.com"
jitsi_meet_videobridge_port: 5347
jitsi_meet_jicofo_user: focus
jitsi_meet_turn_tls_listening_port: 4446
jitsi_meet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
jitsi_meet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
# jitsi_meet_cert_choice: "I want to use my own certificate"
jitsi_meet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
jitsi_meet_config_default_language: en
jitsi_meet_config_disable_third_party_requests: "true"
jitsi_meet_config_last_n: "-1"
jitsi_meet_config_p2p_enabled: "true"
jitsi_meet_config_layer_suspension: "true"
jitsi_meet_config_prejoin_page_enabled: "false"
jitsi_meet_config_insecure_room_name_warning: "true"
jitsi_meet_config_require_display_name: "false"
jitsi_meet_config_resolution: 720
jitsi_meet_config_constraints:
video:
height:
ideal: "{{ jitsi_meet_config_resolution }}"
max: 720
min: 240
jitsi_meet_config_start_audio_only: "false"
jitsi_meet_config_stun_servers:
- meet-jit-si-turnrelay.jitsi.net:443
jitsi_meet_config_analytics_disabled: "true"
# Jitsi Meet global variables
jitsi_meet_title: Jitsi Meet
jitsi_meet_description: Join a WebRTC video conference powered by the Jitsi Videobridge
# Jitsi Meet variables for interface_config.js
jitsi_meet_interface_app_name: "{{ jitsi_meet_title }}"
jitsi_meet_interface_brand_watermark_link: ""
jitsi_meet_interface_default_background: "#474747"
jitsi_meet_interface_default_local_display_name: me
jitsi_meet_interface_default_logo_url: images/watermark.svg
jitsi_meet_interface_default_remote_display_name: Fellow Jitster
jitsi_meet_interface_default_welcome_page_logo_url: images/watermark.svg
jitsi_meet_interface_provider_name: Jitsi
jitsi_meet_interface_display_welcome_footer: "true"
jitsi_meet_interface_jitsi_watermark_link: https://jitsi.org
jitsi_meet_interface_mobile_app_promo: "true"
jitsi_meet_interface_mobile_download_link_android: https://play.google.com/store/apps/details?id=org.jitsi.meet
jitsi_meet_interface_mobile_download_link_f_droid: https://f-droid.org/en/packages/org.jitsi.meet/
jitsi_meet_interface_mobile_download_link_ios: https://itunes.apple.com/us/app/jitsi-meet/id1165103905
jitsi_meet_interface_native_app_name: Jitsi Meet
# Jitsi Meet variables for title.html
jitsi_meet_title_image: images/jitsilogo.png?v=1
jitsi_meet_title_favicon: images/favicon.ico?v=1
jitsi_meet_debsums_ignore_custom_assets: false
## Logging
jitsi_meet_logrotate_retained_days: 7
jitsi_meet_loglevel: "WARNING"
jitsi_meet_videobridge_loglevel: "{{ jitsi_meet_loglevel }}"
jitsi_meet_jicofo_loglevel: "{{ jitsi_meet_loglevel }}"
jitsi_meet_jicofo_logging_properties: |
handlers= java.util.logging.ConsoleHandler
# Handlers with XMPP debug enabled:
#handlers= java.util.logging.ConsoleHandler, org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler
# Handlers with syslog enabled:
#handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
#handlers= java.util.logging.ConsoleHandler, io.sentry.jul.SentryHandler
java.util.logging.ConsoleHandler.level = {{ jitsi_meet_jicofo_loglevel }}
java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
java.util.logging.ConsoleHandler.filter = org.jitsi.impl.protocol.xmpp.log.ExcludeXmppPackets
org.jitsi.utils.logging2.JitsiLogFormatter.programname=Jicofo
.level=INFO
# To enable XMPP packets logging add XmppPacketsFileHandler to the handlers property
org.jitsi.impl.protocol.xmpp.log.PacketDebugger.level=ALL
org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.pattern=/var/log/jitsi/jicofo-xmpp.log
org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.append=true
org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.limit=200000000
org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.count=3
# Syslog (uncomment handler to use)
com.agafua.syslog.SyslogHandler.transport = udp
com.agafua.syslog.SyslogHandler.facility = local0
com.agafua.syslog.SyslogHandler.port = 514
com.agafua.syslog.SyslogHandler.hostname = localhost
com.agafua.syslog.SyslogHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
com.agafua.syslog.SyslogHandler.escapeNewlines = false
com.agafua.syslog.SyslogHandler.filter = org.jitsi.impl.protocol.xmpp.log.ExcludeXmppPackets
# Sentry (uncomment handler to use)
io.sentry.jul.SentryHandler.level=WARNING
# uncomment to see how Jicofo talks to the JVB
#org.jitsi.impl.protocol.xmpp.colibri.level=ALL
# Disable nginx access log per default
jitsi_meet_nginx_access_log: "off"
jitsi_meet_nginx_error_log: /var/log/nginx/error.log
jitsi_meet_nginx_ssl_preset: "intermediate"
jitsi_meet_nginx_ssl_presets:
modern:
protocols: TLSv1.3
ciphers: ""
prefer_server_ciphers: "off"
intermediate:
protocols: TLSv1.2 TLSv1.3
ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
prefer_server_ciphers: "off"
old:
protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
prefer_server_ciphers: "on"
jitsi_meet_nginx_ssl_protocols: "{{ jitsi_meet_nginx_ssl_presets[jitsi_meet_nginx_ssl_preset]['protocols'] }}"
jitsi_meet_nginx_ssl_prefer_server_ciphers: "{{ jitsi_meet_nginx_ssl_presets[jitsi_meet_nginx_ssl_preset]['prefer_server_ciphers'] }}"
jitsi_meet_nginx_ssl_ciphers: "{{ jitsi_meet_nginx_ssl_presets[jitsi_meet_nginx_ssl_preset]['ciphers'] }}"
jitsi_meet_nginx_ssl_dhparam: "/etc/nginx/dhparam"
# If you are behind a proxy that does SSL termination set this to false
jitsi_meet_nginx_listen_https_enabled: true
# You need to set both jitsi_meet_nat_local_ip and jitsi_meet_nat_public_ip if you enable NAT
jitsi_meet_behind_nat_enabled: false
jitsi_meet_nat_local_ip: "{{ ansible_default_ipv4.address | default(ansible_all_ipv4_addresses[0]) }}"