jitsi-quick/repo/env.j2

# shellcheck disable=SC2034

################################################################################
################################################################################
# Welcome to the Jitsi Meet Docker setup!
#
# This sample .env file contains some basic options to get you started.
# The full options reference can be found here:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
################################################################################
################################################################################


#
# Basic configuration options
#

# Directory where all configuration will be stored
CONFIG=~/.jitsi-meet-cfg

# Exposed HTTP port
HTTP_PORT={{ jitsi_http_port }}

# Exposed HTTPS port
HTTPS_PORT={{ jitsi_https_port }}

# System me zone
TZ=Europe/Rome

# Public URL for the web service (required)
PUBLIC_URL=https://{{ jitsi_http_domain }}

# IP address of the Docker host
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
DOCKER_HOST_ADDRESS={{ ansible_default_ipv4.address }}


#
# JaaS Components (beta)
# https://jaas.8x8.vc
#

# Enable JaaS Components (hosted Jigasi)
#ENABLE_JAAS_COMPONENTS=0

#
# Let's Encrypt configuration
#

# Enable Let's Encrypt certificate generation
ENABLE_LETSENCRYPT=1

# Domain for which to generate the certificate
LETSENCRYPT_DOMAIN={{ jitsi_http_domain }}

# E-Mail for receiving important account notifications (mandatory)
LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }}

# Use the staging server (for avoiding rate limits while testing)
LETSENCRYPT_USE_STAGING=0

# Show a prejoin page before entering a conference
ENABLE_PREJOIN_PAGE=0
# Enable the welcome page
ENABLE_WELCOME_PAGE=0


#
# Etherpad integration (for document sharing)
#

# Set etherpad-lite URL in docker local network (uncomment to enable)
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001

# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/

# Name your etherpad instance!
ETHERPAD_TITLE=Video Chat

# The default text of a pad
ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"

# Name of the skin for etherpad
ETHERPAD_SKIN_NAME=colibris

# Skin variants for etherpad
ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"


#
# Basic Jigasi configuration options (needed for SIP gateway support)
#

# SIP URI for incoming / outgoing calls
#JIGASI_SIP_URI=test@sip2sip.info

# Password for the specified SIP account as a clear text
#JIGASI_SIP_PASSWORD=passw0rd

# SIP server (use the SIP account domain if in doubt)
#JIGASI_SIP_SERVER=sip2sip.info

# SIP server port
#JIGASI_SIP_PORT=5060

# SIP server transport
#JIGASI_SIP_TRANSPORT=UDP


#
# Authentication configuration (see handbook for details)
#

# Enable authentication
ENABLE_AUTH=0

# Enable guest access
ENABLE_GUESTS=1

# Select authentication type: internal, jwt, ldap or matrix
AUTH_TYPE=jwt

# JWT authentication
#

# Application identifier
#JWT_APP_ID={{ jitsi_jwt_app_id }}

# Application secret known only to your token generator
#JWT_APP_SECRET={{ jitsi_jwt_app_secret }}

# (Optional) Set asap_accepted_issuers as a comma separated list
#JWT_ACCEPTED_ISSUERS={{ jitsi_jwt_accepted_audiences }}

# (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2

# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
#

# LDAP url for connection
#LDAP_URL=ldaps://ldap.domain.com/

# LDAP base DN. Can be empty
#LDAP_BASE=DC=example,DC=domain,DC=com

# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com

# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd

# LDAP filter. Tokens example:
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
# %s - %s is replaced by the complete service string
# %r - %r is replaced by the complete realm string
#LDAP_FILTER=(sAMAccountName=%u)

# LDAP authentication method
#LDAP_AUTH_METHOD=bind

# LDAP version
#LDAP_VERSION=3

# LDAP TLS using
#LDAP_USE_TLS=1

# List of SSL/TLS ciphers to allow
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC

# Require and verify server certificate
#LDAP_TLS_CHECK_PEER=1

# Path to CA cert file. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt

# Path to CA certs directory. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs

# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
# LDAP_START_TLS=1


#
# Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
#

# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=

# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=

# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD=

# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD=

# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD=

## Per aggiunta plugin moderazione:
#XMPP_MUC_MODULES=token_moderation

#
# Docker Compose options
#

# Container restart policy
RESTART_POLICY=unless-stopped

# Jitsi image version (useful for local development)
#JITSI_IMAGE_VERSION=latest

ENABLE_HTTP_REDIRECT=1
ENABLE_IPV6=0
COLIBRI_REST_ENABLED=true

#Per modifica toolbar:
#TOOLBAR_BUTTONS=camera,closedcaptions,desktop,download,feedback,filmstrip,fullscreen,hangup,help,invite,microphone,mute-everyone,mute-video-everyone,participants-pane,profile,raisehand,security,settings,shareaudio,shortcuts,stats,tileview,toggle-camera,videoquality
updated 2022-11-04 00:12:37 +01:00			`# shellcheck disable=SC2034`

			`################################################################################`
			`################################################################################`
			`# Welcome to the Jitsi Meet Docker setup!`
			`#`
			`# This sample .env file contains some basic options to get you started.`
			`# The full options reference can be found here:`
			`# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker`
			`################################################################################`
			`################################################################################`


			`#`
			`# Basic configuration options`
			`#`

			`# Directory where all configuration will be stored`
			`CONFIG=~/.jitsi-meet-cfg`

			`# Exposed HTTP port`
			`HTTP_PORT={{ jitsi_http_port }}`

			`# Exposed HTTPS port`
			`HTTPS_PORT={{ jitsi_https_port }}`

			`# System me zone`
			`TZ=Europe/Rome`

			`# Public URL for the web service (required)`
			`PUBLIC_URL=https://{{ jitsi_http_domain }}`

			`# IP address of the Docker host`
			`# See the "Running behind NAT or on a LAN environment" section in the Handbook:`
			`# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment`
			`DOCKER_HOST_ADDRESS={{ ansible_default_ipv4.address }}`


			`#`
			`# JaaS Components (beta)`
			`# https://jaas.8x8.vc`
			`#`

			`# Enable JaaS Components (hosted Jigasi)`
			`#ENABLE_JAAS_COMPONENTS=0`

			`#`
			`# Let's Encrypt configuration`
			`#`

			`# Enable Let's Encrypt certificate generation`
			`ENABLE_LETSENCRYPT=1`

			`# Domain for which to generate the certificate`
			`LETSENCRYPT_DOMAIN={{ jitsi_http_domain }}`

			`# E-Mail for receiving important account notifications (mandatory)`
			`LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }}`

			`# Use the staging server (for avoiding rate limits while testing)`
			`LETSENCRYPT_USE_STAGING=0`

			`# Show a prejoin page before entering a conference`
			`ENABLE_PREJOIN_PAGE=0`
			`# Enable the welcome page`
			`ENABLE_WELCOME_PAGE=0`


			`#`
			`# Etherpad integration (for document sharing)`
			`#`

			`# Set etherpad-lite URL in docker local network (uncomment to enable)`
			`#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001`

			`# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)`
			`#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/`

			`# Name your etherpad instance!`
			`ETHERPAD_TITLE=Video Chat`

			`# The default text of a pad`
			`ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"`

			`# Name of the skin for etherpad`
			`ETHERPAD_SKIN_NAME=colibris`

			`# Skin variants for etherpad`
			`ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"`


			`#`
			`# Basic Jigasi configuration options (needed for SIP gateway support)`
			`#`

			`# SIP URI for incoming / outgoing calls`
			`#JIGASI_SIP_URI=test@sip2sip.info`

			`# Password for the specified SIP account as a clear text`
			`#JIGASI_SIP_PASSWORD=passw0rd`

			`# SIP server (use the SIP account domain if in doubt)`
			`#JIGASI_SIP_SERVER=sip2sip.info`

			`# SIP server port`
			`#JIGASI_SIP_PORT=5060`

			`# SIP server transport`
			`#JIGASI_SIP_TRANSPORT=UDP`


			`#`
			`# Authentication configuration (see handbook for details)`
			`#`

			`# Enable authentication`
			`ENABLE_AUTH=0`

			`# Enable guest access`
			`ENABLE_GUESTS=1`

			`# Select authentication type: internal, jwt, ldap or matrix`
			`AUTH_TYPE=jwt`

			`# JWT authentication`
			`#`

			`# Application identifier`
			`#JWT_APP_ID={{ jitsi_jwt_app_id }}`

			`# Application secret known only to your token generator`
			`#JWT_APP_SECRET={{ jitsi_jwt_app_secret }}`

			`# (Optional) Set asap_accepted_issuers as a comma separated list`
			`#JWT_ACCEPTED_ISSUERS={{ jitsi_jwt_accepted_audiences }}`

			`# (Optional) Set asap_accepted_audiences as a comma separated list`
			`#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2`

			`# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)`
			`#`

			`# LDAP url for connection`
			`#LDAP_URL=ldaps://ldap.domain.com/`

			`# LDAP base DN. Can be empty`
			`#LDAP_BASE=DC=example,DC=domain,DC=com`

			`# LDAP user DN. Do not specify this parameter for the anonymous bind`
			`#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com`

			`# LDAP user password. Do not specify this parameter for the anonymous bind`
			`#LDAP_BINDPW=LdapUserPassw0rd`

			`# LDAP filter. Tokens example:`
			`# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail`
			`# %s - %s is replaced by the complete service string`
			`# %r - %r is replaced by the complete realm string`
			`#LDAP_FILTER=(sAMAccountName=%u)`

			`# LDAP authentication method`
			`#LDAP_AUTH_METHOD=bind`

			`# LDAP version`
			`#LDAP_VERSION=3`

			`# LDAP TLS using`
			`#LDAP_USE_TLS=1`

			`# List of SSL/TLS ciphers to allow`
			`#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC`

			`# Require and verify server certificate`
			`#LDAP_TLS_CHECK_PEER=1`

			`# Path to CA cert file. Used when server certificate verify is enabled`
			`#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt`

			`# Path to CA certs directory. Used when server certificate verify is enabled`
			`#LDAP_TLS_CACERT_DIR=/etc/ssl/certs`

			`# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://`
			`# LDAP_START_TLS=1`


			`#`
			`# Security`
			`#`
			`# Set these to strong passwords to avoid intruders from impersonating a service account`
			`# The service(s) won't start unless these are specified`
			`# Running ./gen-passwords.sh will update .env with strong passwords`
			`# You may skip the Jigasi and Jibri passwords if you are not using those`
			`# DO NOT reuse passwords`
			`#`

			`# XMPP password for Jicofo client connections`
			`JICOFO_AUTH_PASSWORD=`

			`# XMPP password for JVB client connections`
			`JVB_AUTH_PASSWORD=`

			`# XMPP password for Jigasi MUC client connections`
			`JIGASI_XMPP_PASSWORD=`

			`# XMPP recorder password for Jibri client connections`
			`JIBRI_RECORDER_PASSWORD=`

			`# XMPP password for Jibri client connections`
			`JIBRI_XMPP_PASSWORD=`

			`## Per aggiunta plugin moderazione:`
			`#XMPP_MUC_MODULES=token_moderation`

			`#`
			`# Docker Compose options`
			`#`

			`# Container restart policy`
			`RESTART_POLICY=unless-stopped`

			`# Jitsi image version (useful for local development)`
			`#JITSI_IMAGE_VERSION=latest`

			`ENABLE_HTTP_REDIRECT=1`
			`ENABLE_IPV6=0`
			`COLIBRI_REST_ENABLED=true`

			`#Per modifica toolbar:`
			`#TOOLBAR_BUTTONS=camera,closedcaptions,desktop,download,feedback,filmstrip,fullscreen,hangup,help,invite,microphone,mute-everyone,mute-video-everyone,participants-pane,profile,raisehand,security,settings,shareaudio,shortcuts,stats,tileview,toggle-camera,videoquality`