WIP

@pedro is working on this and this change matched my workflow better :-)

type/__jitsi_meet/files/jibri.cfg.lua.sh

@@ -0,0 +1,14 @@
+#!/bin/sh -eu
+
+# Source:
+# https://github.com/jitsi/jibri#prosody
+
+# shellcheck disable=SC2034  # This is intended to be included
+JIBRI_CONFIG="$(cat <<END
+VirtualHost "recorder.${JITSI_DOMAIN:?}"
+  modules_enabled = {
+    "ping";
+  }
+  authentication = "internal_plain"
+END
+)"

type/__jitsi_meet/files/jibri.conf.sh

@@ -0,0 +1,134 @@
+#!/bin/sh -eu
+
+# Start
+cat <<EOF
+# Managed remotely, changes will be lost
+
+# thanks
+#   https://community.jitsi.org/t/jibri-service-fails/85272/4
+#   https://github.com/emrahcom/emrah-buster-templates/blob/master/machines/eb-jibri-template/etc/jitsi/jibri/jibri.conf
+
+jibri {
+  // A unique identifier for this Jibri
+  // TODO: eventually this will be required with no default
+  id = ""
+  // Whether or not Jibri should return to idle state after handling
+  // (successfully or unsuccessfully) a request.  A value of 'true'
+  // here means that a Jibri will NOT return back to the IDLE state
+  // and will need to be restarted in order to be used again.
+  single-use-mode = false
+  api {
+    http {
+      external-api-port = 2222
+      internal-api-port = 3333
+    }
+    xmpp {
+      // See example_xmpp_envs.conf for an example of what is expected here
+      environments = [{
+        name = "jibri-env"
+        xmpp-server-hosts = ["${JIBRI_HOST:?}"]
+        xmpp-domain = "${JIBRI_HOST:?}"
+
+        control-muc {
+          domain = "internal.auth.${JIBRI_HOST:?}"
+          room-name = "JibriBrewery"
+          nickname = "jibri-nickname"
+        }
+
+        control-login {
+          domain = "auth.${JIBRI_HOST:?}"
+          username = "jibri"
+          password = "${JIBRI_AUTH_PASS:?}"
+        }
+
+        call-login {
+          domain = "recorder.${JIBRI_HOST:?}"
+          username = "recorder"
+          password = "${JIBRI_RECORDER_PASS:?}"
+        }
+
+        strip-from-room-domain = "conference."
+        usage-timeout = 0
+        trust-all-xmpp-certs = true
+      }]
+    }
+  }
+  recording {
+    recordings-directory = "/tmp/recordings"
+    # TODO: make this an optional param and remove the default
+    finalize-script = "/opt/finalize_recording.sh"
+  }
+  streaming {
+    // A list of regex patterns for allowed RTMP URLs.  The RTMP URL used
+    // when starting a stream must match at least one of the patterns in
+    // this list.
+    rtmp-allow-list = [
+      // By default, all services are allowed
+      ".*"
+    ]
+  }
+  sip {
+    // The routing rule for the outbound scenario in VoxImplant is based on this prefix
+    outbound-prefix = "out_"
+  }
+  ffmpeg {
+    resolution = "1920x1080"
+    // The audio source that will be used to capture audio on Linux
+    audio-source = "alsa"
+    // The audio device that will be used to capture audio on Linux
+    audio-device = "plug:bsnoop"
+  }
+  chrome {
+    // The flags which will be passed to chromium when launching
+    flags = [
+      "--use-fake-ui-for-media-stream",
+      "--start-maximized",
+      "--kiosk",
+      "--enabled",
+      "--autoplay-policy=no-user-gesture-required"
+    ]
+  }
+  stats {
+    enable-stats-d = true
+  }
+  webhook {
+    // A list of subscribers interested in receiving webhook events
+    subscribers = []
+  }
+  jwt-info {
+    // The path to a .pem file which will be used to sign JWT tokens used in webhook
+    // requests.  If not set, no JWT will be added to webhook requests.
+    # signing-key-path = "/path/to/key.pem"
+
+    // The kid to use as part of the JWT
+    # kid = "key-id"
+
+    // The issuer of the JWT
+    # issuer = "issuer"
+
+    // The audience of the JWT
+    # audience = "audience"
+
+    // The TTL of each generated JWT.  Can't be less than 10 minutes.
+    # ttl = 1 hour
+  }
+  call-status-checks {
+    // If not all clients have their audio and video muted, but Jibri does not
+    // detect any data stream (audio or video) comming in, it will stop
+    // recording after NO_MEDIA_TIMEOUT expires.
+    no-media-timeout = 3 minutes
+
+    // If all clients have their audio and video muted, Jibri consideres this
+    // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
+    all-muted-timeout = 10 minutes
+
+    // When detecting if a call is empty, Jibri takes into consideration for how
+    // long the call has been empty already. If it has been empty for more than
+    // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
+    default-call-empty-timeout = 30 seconds
+
+    // If ICE hasn't completed, or stays in a state other than "connected" for this amount of time, Jibri will stop.
+    ice-connection-timeout = 30 seconds
+  }
+}
+EOF

type/__jitsi_meet/files/jicofo.conf.sh

@@ -28,6 +28,18 @@ cat <<EOF
     login-url: ${JITSI_HOST:?}
   }
 EOF
+
+# Jibri if needed
+if [ "${JIBRI_STATE:?}" = "present" ]; then
+cat <<EOF
+
+  jibri: {
+    // The JID of the MUC to be used as a brewery for jibri instances for streaming.
+    brewery-jid: "JibriBrewery@internal.auth.${JITSI_HOST:?}",
+    // How long to wait for Jibri to start recording from the time it accepts a START request.
+    pending-timeout: 90
+  }
+EOF
 fi
 
 # End

type/__jitsi_meet/gencode-remote

@@ -33,7 +33,7 @@ if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
 	echo "service nginx reload"
 fi
 
-if grep -qE "^(__line/jitsi_jicofo_secured_domains|(__file|__link)/etc/prosody/conf.d/|__file/etc/jitsi/jicofo/jicofo.conf)" "${__messages_in}"; then
+if grep -qE "^(__line/jitsi_jicofo_secured_domains|(__file|__link)/etc/prosody/conf.d/|__file/etc/jitsi/(jicofo/jicofo.conf|videobridge/jvb.conf))" "${__messages_in}"; then
 	RESTART_SERVICES="YES"
 fi
 

type/__jitsi_meet/manifest

@@ -179,6 +179,15 @@ else
   SECURED_DOMAINS_STATE='absent'
 fi
 
+if [ -f "${__object}/parameter/jibri" ]; then
+  JIBRI_STATE='present'
+else
+  JIBRI_STATE='absent'
+fi
+
+export JIBRI_STATE
+. manifest_jibri
+
 # This is the main host config
 PROSODY_MAIN_CONFIG="YES"
 # Prosody settings for common components (jvb, focus, ...)
@@ -200,6 +209,36 @@ export JITSI_HOST
 "${__type}/files/jicofo.conf.sh" | \
 	__file /etc/jitsi/jicofo/jicofo.conf --mode 0444 --source '-'
 
+# Enable the private colibri REST API end point for better stats
+__file "/etc/jitsi/videobridge/jvb.conf" --mode 0444 --source '-' <<EOFJVB
+videobridge {
+    http-servers {
+        public {
+            port = 9090
+        }
+        private {
+            port = 8080
+        }
+    }
+    websockets {
+        enabled = true
+        domain = "${JITSI_HOST}:443"
+        tls = true
+    }
+    apis {
+        rest {
+            enabled = true
+        }
+    }
+}
+EOFJVB
+
+# Enable simple per-domain body customisation
+__file "/usr/share/jitsi-meet/body.html" \
+	--mode 0644 \
+	--source '-' <<EOF
+<!--#include virtual="body-\${host}.html" -->
+EOF
 
 # These two should be changed on new release
 EXPORTER_VERSION="1.2.0"

type/__jitsi_meet/manifest_jibri

@@ -0,0 +1,19 @@
+#!/bin/sh -e
+
+# shellcheck source=type/__jitsi_meet/files/prosody.cfg.lua.sh
+. "${__type}/files/jibri.cfg.lua.sh"  # This defines JIBRI_CONFIG
+__file "/etc/prosody/conf.d/01_jibri.cfg.lua" \
+	--group prosody \
+	--mode 0440 \
+	--source - <<EOF
+${JIBRI_CONFIG}
+EOF
+
+# TODO/WARNING cleartext passwords
+JIBRI_AUTH_PASS='jibriauthpass'
+JIBRI_RECORDER_PASS='jibrirecorderpass'
+__jitsi_meet_user "jibri" --password "${JIBRI_AUTH_PASS}" --domain "auth.${JITSI_HOST}" --state "present"
+__jitsi_meet_user "recorder" --password "${JIBRI_RECORDER_PASS}" --domain "recorder.${JITSI_HOST}" --state "present"
+
+"${__type}/files/jibri.conf.sh" | \
+	__file /etc/jitsi/jibri/jibri.conf --mode 0444 --source '-'

type/__jitsi_meet/parameter/boolean

@@ -1,2 +1,3 @@
 disable-prometheus-exporter
 secured-domains
+jibri

type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh

@@ -32,4 +32,4 @@ download_file doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example prosody.
 
 # Change the version file, maintainers should check that it matches
 # the deb version
-printf "2.0.${BRANCH#*_}-1" > jitsi-version
+printf "2.0.%s-1" "${BRANCH#*_}" > jitsi-version

type/__jitsi_meet_domain/files/config.js.sh

@@ -1028,9 +1028,9 @@ ${ANALYTICS_SETTINGS}
     // Endpoint that enables support for salesforce integration with in-meeting resource linking
     // This is required for:
     // listing the most recent records - salesforceUrl/records/recents
-    // searching records - salesforceUrl/records?text=${text}
+    // searching records - salesforceUrl/records?text=\${text}
-    // retrieving record details - salesforceUrl/records/${id}?type=${type}
+    // retrieving record details - salesforceUrl/records/\${id}?type=\${type}
-    // and linking the meeting - salesforceUrl/sessions/${sessionId}/records/${id}
+    // and linking the meeting - salesforceUrl/sessions/\${sessionId}/records/\${id}
     //
     // salesforceUrl: 'https://api.example.com/',
 

type/__jitsi_meet_domain/files/interface_config.js.sh

@@ -20,7 +20,7 @@ JITSI_INTERFACE_CONFIG_JS="$(cat <<EOF
  */
 
 var interfaceConfig = {
-    APP_NAME: 'Jitsi Meet',
+    APP_NAME: '${BRANDING_APP_NAME}',
     AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
     AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
 

type/__jitsi_meet_domain/files/prosody.cfg.lua.sh

@@ -153,6 +153,8 @@ Component "internal.auth.${JITSI_DOMAIN:?}" "muc"
     admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}", "jvb@auth.${JITSI_HOST:?}" }
     muc_room_locking = false
     muc_room_default_public_jids = true
+    -- https://prosody.im/doc/modules/mod_muc
+    muc_room_cache_size = 1000
 ${PROSODY_DOMAIN_END}
 ${PROSODY_MAIN_START}
 -- This will be managed by __jitsi_meet

type/__jitsi_meet_domain/man.rst

@@ -93,6 +93,15 @@ video-constraints
     It must not have a trailing comma, see `constraints` in
     `__jitsi_meet_domain/files/config.js.sh`.
 
+branding-app-name
+    This will change `Jitsi Meet` in many places to the brand you desire.
+    Defaults to `Jitsi Meet`.
+
+branding-extra-body
+    This must be valid HTML, it will be included server-side and delivered to
+    clients alongside the default `index.html`.
+    This is useful if you would rather not replace the whole `index`, but
+    still want the chance to do some heavier branding / add instructions / etc.
 
 branding-json
     Path to a JSON file that will be served as the `dynamicBrandingUrl`.
@@ -100,14 +109,12 @@ branding-json
     `__jitsi_meet_domain/files/config.js.sh`.
     If not set, no branding will be set up.
 
-
 branding-index
     Path to an HTML file that will be served instead of Jitsi-Meet's default
     one.
     If not set, the default index file will be used.
     If set to `-`, the type's standard input will be used.
 
-
 branding-watermark
     Path to a png file that will be served instead of Jitsi-Meet's default
     one.

type/__jitsi_meet_domain/manifest

@@ -19,6 +19,7 @@ START_VIDEO_MUTED="$(cat "${__object}/parameter/start-video-muted")"
 TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
 VIDEO_CONSTRAINTS="$(cat "${__object}/parameter/video-constraints")"
 ANALYTICS_SETTINGS="$(cat "${__object}/parameter/analytics-settings")"
+BRANDING_APP_NAME="$(cat "${__object}/parameter/branding-app-name")"
 BRANDING_INDEX="$(cat "${__object}/parameter/branding-index")"
 BRANDING_JSON="$(cat "${__object}/parameter/branding-json")"
 BRANDING_WATERMARK="$(cat "${__object}/parameter/branding-watermark")"
@@ -131,6 +132,11 @@ __file "/usr/share/jitsi-meet/images/watermark-${DOMAIN}.png" \
 	--mode 0644 \
 	--state "$(_var_state "${BRANDING_WATERMARK}")" \
 	--source "${BRANDING_WATERMARK}"
+# Simple body customisation
+__file "/usr/share/jitsi-meet/body-${DOMAIN}.html" \
+	--mode 0644 \
+	--state "$(_var_state "${STATE}")" \
+	--source "${__object}/parameter/branding-extra-body"
 
 #
 # Take care of prosody settings for the domain

type/__jitsi_meet_domain/parameter/default/branding-app-name

@@ -0,0 +1 @@
+Jitsi Meet

type/__jitsi_meet_domain/parameter/optional

@@ -5,7 +5,9 @@ notice-message
 start-video-muted
 turn-server
 video-constraints
+branding-app-name
 branding-json
 branding-index
+branding-extra-body
 branding-watermark
 state

type/__jitsi_meet_user/manifest

@@ -5,6 +5,7 @@ basic_urlencode() {
 }
 
 PASSWD="$(cat "${__object}/parameter/password" 2>/dev/null || true)"
+DOMAIN="$(cat "${__object}/parameter/domain" 2>/dev/null || true)"
 STATE="$(cat "${__object}/parameter/state")"
 
 if [ -z "${PASSWD}" ] && [ "${STATE}" != "absent" ]; then
@@ -23,7 +24,10 @@ EOF
 fi
 
 JITSI_USER="$(basic_urlencode "${JITSI_USER_RAW}")"
-FQDN="$(basic_urlencode "${__target_host}")"
+if [ -z "${DOMAIN}" ]; then
+	DOMAIN="${__target_host}"
+fi
+FQDN="$(basic_urlencode "${DOMAIN}")"
 FQDN_PATH="/var/lib/prosody/${FQDN}/accounts"
 FILENAME="${FQDN_PATH}/${JITSI_USER}.dat"