Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

2025-08-29 23:08:06 +02:00 · 2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
--- a/roles/web-app-bigbluebutton/templates/env.j2
+++ b/roles/web-app-bigbluebutton/templates/env.j2
@@ -0,0 +1,295 @@
+ENABLE_COTURN=true
+COTURN_TLS_CERT_PATH={{ certbot_cert_path }}/{{ ssl_cert_folder }}/fullchain.pem
+COTURN_TLS_KEY_PATH={{ certbot_cert_path }}/{{ ssl_cert_folder }}/privkey.pem
+ENABLE_GREENLIGHT={{applications[application_id].enable_greenlight}}
+
+# Enable Webhooks
+# used by some integrations
+#ENABLE_WEBHOOKS=true
+
+# Prometheus Exporter
+# serves the bigbluebutton-exporter under following URL:
+# https://yourdomain/bbb-exporter
+#ENABLE_PROMETHEUS_EXPORTER=true
+#ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=true
+
+# Recording
+# IMPORTANT: this is currently a big privacy issues, because it will
+# record everything which happens in the conference, even when the button
+# suggets, that it does not.
+# https://github.com/bigbluebutton/bigbluebutton/issues/9202
+# make sure that you get peoples consent, before they join a room
+ENABLE_RECORDING=false
+REMOVE_OLD_RECORDING=true
+RECORDING_MAX_AGE_DAYS=365
+
+# ====================================
+# SECRETS
+# ====================================
+# important! change these to any random values
+SHARED_SECRET={{applications[application_id].credentials.shared_secret}}
+ETHERPAD_API_KEY={{applications[application_id].credentials.etherpad_api_key}}
+RAILS_SECRET={{applications[application_id].credentials.rails_secret}}
+POSTGRESQL_SECRET={{applications[application_id].credentials.postgresql_secret}}
+FSESL_PASSWORD={{applications[application_id].credentials.fsesl_password}}
+
+# ====================================
+# CONNECTION
+# ====================================
+
+DOMAIN={{domains | get_domain(application_id)}}
+
+EXTERNAL_IPv4={{networks.internet.ip4}}
+# The following line is not tested and could lead to bugs:
+EXTERNAL_IPv6={{networks.internet.ip6}}
+
+# STUN SERVER
+# stun.freeswitch.org
+STUN_IP={{networks.internet.ip4}}
+STUN_PORT={{ ports.public.stun[application_id] }}
+
+# TURN SERVER
+# uncomment and adjust following two lines to add an external TURN server
+TURN_SERVER=turns:{{domains | get_domain(application_id)}}:{{ ports.public.turn[application_id] }}?transport=tcp
+TURN_SECRET={{applications[application_id].credentials.turn_secret}}
+
+# Allowed SIP IPs
+# due to high traffic caused by bots, by default the SIP port is blocked.
+# but you can allow access by your providers IP or IP ranges (comma seperated)
+# Hint: if you want to allow requests from every IP, you can use 0.0.0.0/0
+SIP_IP_ALLOWLIST=
+
+
+# ====================================
+# CUSTOMIZATION
+# ====================================
+
+CLIENT_TITLE=BigBlueButton
+
+# use following lines to replace the default welcome message and footer
+WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the speaker button.  Use a headset to avoid causing background noise for others."
+WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/'' target='_blank'><u>BigBlueButton</u></a>."
+
+# use following line for an additional SIP dial-in message
+#WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/' target='_blank'><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br>  INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number."
+
+# for a different default presentation, place the pdf file in ./conf/ and
+# adjust the following path
+DEFAULT_PRESENTATION=./mod/nginx/default.pdf
+
+# language of sound announcements
+# options:
+# - en-ca-june - EN Canadian June
+# - en-us-allison - US English Allison
+# - en-us-callie - US English Callie
+# - de-de-daedalus3 - German by Daedalus3 (https://github.com/Daedalus3/freeswitch-german-soundfiles)
+# - es-ar-mario - Spanish/Argentina Mario
+# - fr-ca-june - FR Canadian June
+# - pt-br-karina - Brazilian Portuguese Karina
+# - ru-RU-elena - RU Russian Elena
+# - ru-RU-kirill - RU Russian Kirill
+# - ru-RU-vika - RU Russian Viktoriya
+# - sv-se-jakob - Swedish (Sweden) Jakob
+# - zh-cn-sinmei - Chinese/China Sinmei
+# - zh-hk-sinmei - Chinese/Hong Kong Sinmei
+SOUNDS_LANGUAGE=en-us-callie
+
+# set to false to disable listenOnlyMode
+LISTEN_ONLY_MODE=true
+
+# set to true to disable echo test
+DISABLE_ECHO_TEST=false
+
+# set to true to automatically share webcam
+AUTO_SHARE_WEBCAM=false
+
+# set to true to disable video preview for webcam sharing
+DISABLE_VIDEO_PREVIEW=false
+
+# set to false to disable chat
+CHAT_ENABLED=true
+
+# set to true to start chat closed
+CHAT_START_CLOSED=false
+
+# set to true to disable announcements "You are now (un-)muted"
+DISABLE_SOUND_MUTED=false
+
+# set to true to disable announcement "You are the only person in this conference"
+DISABLE_SOUND_ALONE=false
+
+# maximum count of breakout rooms per meeting
+# Warning: increasing the limit of breakout rooms per meeting
+# can generate excessive overhead to the server. We recommend
+# this value to be kept under 12.
+BREAKOUTROOM_LIMIT=8
+
+# set to false to disable the learning dashboard
+ENABLE_LEARNING_DASHBOARD=true
+
+# ====================================
+# Tuning
+# ====================================
+# Default = 2; Min = 1; Max = 4
+# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events
+NUMBER_OF_BACKEND_NODEJS_PROCESSES=2
+
+# Default = 2; Min = 1; Max = 8
+# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings
+# stretching the recommended number of users in BigBlueButton
+NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
+
+
+# ====================================
+# GREENLIGHT CONFIGURATION
+# ====================================
+
+# Microsoft Office365 Login Provider (optional)
+#
+# For in-depth steps on setting up a Office 365 Login Provider, see:
+#
+#   https://docs.bigbluebutton.org/greenlight/gl-config.html#office365-oauth2
+#
+OFFICE365_KEY=
+OFFICE365_SECRET=
+OFFICE365_HD=
+
+# OAUTH2_REDIRECT allows you to specify the redirect_url passed to oauth on sign in.
+# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
+OAUTH2_REDIRECT=
+
+{% if applications | is_feature_enabled('ldap',application_id) %}
+# LDAP Login Provider (optional)
+#
+# You can enable LDAP authentication by providing values for the variables below.
+# Configuring LDAP authentication will take precedence over all other providers.
+# For information about setting up LDAP, see:
+#
+#   https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth
+#
+#   LDAP_SERVER=ldap.example.com
+#   LDAP_PORT=389
+#   LDAP_METHOD=plain
+#   LDAP_UID={{ldap.user.attributes.id}}
+#   LDAP_BASE=dc=example,dc=com
+#   LDAP_AUTH=simple
+#   LDAP_BIND_DN=cn=admin,dc=example,dc=com
+#   LDAP_PASSWORD=password
+#   LDAP_ROLE_FIELD=ou
+#   LDAP_FILTER=(&(attr1=value1)(attr2=value2))
+LDAP_SERVER="{{ldap.server.domain}}"
+LDAP_PORT="{{ldap.server.port}}"
+LDAP_METHOD=
+LDAP_UID={{ldap.user.attributes.id}}
+LDAP_BASE="{{ldap.dn.root}}"
+LDAP_BIND_DN="{{ldap.dn.administrator.data}}"
+LDAP_AUTH=password
+LDAP_PASSWORD="{{ldap.bind_credential}}"
+LDAP_ROLE_FIELD=
+LDAP_FILTER=
+{% endif %}
+
+# ====================================
+# GREENLIGHT CONFIGURATION
+# ====================================
+# Set this to true if you want GreenLight to support user signup and login without
+# Omniauth. For more information, see:
+#
+#   https://docs.bigbluebutton.org/greenlight/gl-overview.html#accounts-and-profile
+#
+ALLOW_GREENLIGHT_ACCOUNTS=true
+
+### SMTP CONFIGURATION
+# Emails are required for the basic features of Greenlight to function.
+# Please refer to your SMTP provider to get the values for the variables below
+
+SMTP_SERVER={{system_email.host}}
+SMTP_DOMAIN={{system_email.domain}}
+SMTP_PORT={{system_email.port}}
+SMTP_USERNAME={{ users['no-reply'].email }}
+SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
+SMTP_AUTH=plain
+SMTP_OPENSSL_VERIFY_MODE=none
+SMTP_STARTTLS_AUTO={{system_email.start_tls | lower}}
+SMTP_STARTTLS={{system_email.start_tls | lower}}
+SMTP_TLS={{system_email.tls | lower}}
+SMTP_SSL_VERIFY=true
+SMTP_SENDER={{ users['no-reply'].email }}
+SMTP_SENDER_EMAIL={{ users['no-reply'].email }}
+
+# Prefix for the applications root URL.
+# Useful for deploying the application to a subdirectory, which is highly recommended
+# if deploying on a BigBlueButton server. Keep in mind that if you change this, you'll
+# have to update your authentication callback URL's to reflect this change.
+#
+#   The recommended prefix is "/b".
+#
+RELATIVE_URL_ROOT="/b"
+
+# Specify which settings you would like the users to configure on room creation
+# or edit after the room has been created
+# By default, all settings are turned OFF.
+#
+# Current settings available:
+#   mute-on-join: Automatically mute users by default when they join a room
+#   require-moderator-approval: Require moderators to approve new users before they can join the room
+#   anyone-can-start: Allows anyone with the join url to start the room in BigBlueButton
+#   all-join-moderator: All users join as moderators in BigBlueButton
+ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator
+
+# Specify the maximum number of records to be sent to the BigBlueButton API in one call
+# Default is set to 25 records
+PAGINATION_NUMBER=25
+
+# Specify the maximum number of rows that should be displayed per page for a paginated table
+# Default is set to 25 rows
+NUMBER_OF_ROWS=25
+
+# Specify if you want to display the Google Calendar button
+#   ENABLE_GOOGLE_CALENDAR_BUTTON=true|false
+ENABLE_GOOGLE_CALENDAR_BUTTON=
+
+# Set the application into Maintenance Mode
+#
+# Current options supported:
+# true: Renders an error page that does not allow users to access any of the features in the application
+# false: Application runs normally
+MAINTENANCE_MODE=false
+
+# Displays a flash that appears to inform the user of a scheduled maintenance window
+# This variable should contain ONLY the date and time of the scheduled maintenance
+#
+# Ex: MAINTENANCE_WINDOW=Friday August 18 6pm-10pm EST
+MAINTENANCE_WINDOW=
+
+# The link to the Report an Issue button that appears on the 500 page and in the Account Dropdown
+#
+# Defaults to the Github Issues Page for Greenlight
+# Button can be disabled by setting the value to blank
+#
+# REPORT_ISSUE_URL=https://github.com/bigbluebutton/greenlight/issues/new
+
+# The link to the Need help? button that appears on the Account Dropdown
+#
+# Defaults to the Greenlight documentation
+# Button can be disabled by setting the value to blank
+HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
+
+# Specify the default registration to be used by Greenlight until an administrator sets the
+# registration method
+# Allowed values are:
+#   open - For open registration
+#   invite - For invite only registration
+#   approval - For approve/decline registration
+DEFAULT_REGISTRATION=invite
+
+{% if applications | is_feature_enabled('oidc',application_id) %}
+### EXTERNAL AUTHENTICATION METHODS
+# @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
+#
+OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
+OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
+OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
+OPENID_CONNECT_REDIRECT={{ domains | get_url(application_id, web_protocol) }}
+# OPENID_CONNECT_UID_FIELD=sub default
+{% endif %}