plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "{{ jitsi_domain }}";

external_service_secret = "6XhEs5NEtN735NXh";
external_services = {
     { type = "stun", host = "{{ jitsi_domain }}", port = 3478 },
     { type = "turn", host = "{{ jitsi_domain }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
     { type = "turns", host = "{{ jitsi_domain }}", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
    protocol = "tlsv1_2+";
    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

{% if jitsi_enable_ldap == true %}
-- https://modules.prosody.im/mod_lib_ldap.html
-- https://modules.prosody.im/mod_auth_ldap2.html
authentication = 'ldap2'

ldap = {
    hostname = 'localhost',
    bind_dn = 'cn=admin,{{ ldap_domain_string }}',
    bind_password = '{{ slapd_admin_password }}',
    use_tls = false,
    user = {
        usernamefield = 'uid',
        basedn = 'ou=people,{{ ldap_domain_string }}',
        filter = '(objectClass=*)',
        -- admin?
        --namefield = 'cn',
    },
}
{% endif %}

VirtualHost "{{ jitsi_domain }}"
    -- enabled = false -- Remove this line to enable this host
    -- authentication = "anonymous"
{% if jitsi_enable_ldap == true %}
    authentication = "ldap2"
{% else %}
    authentication = "internal_hashed"
{% endif %}
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"
    --app_id="example_app_id"
    --app_secret="example_app_secret"
    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
        key = "/etc/prosody/certs/{{ jitsi_domain }}.key";
        certificate = "/etc/prosody/certs/{{ jitsi_domain }}.crt";
    }
    speakerstats_component = "speakerstats.{{ jitsi_domain }}"
    conference_duration_component = "conferenceduration.{{ jitsi_domain }}"
    -- we need bosh
    modules_enabled = {
        "bosh";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        "external_services";
        "conference_duration";
        "muc_lobby_rooms";
    }
    c2s_require_encryption = false
    lobby_muc = "lobby.{{ jitsi_domain }}"
    main_muc = "conference.{{ jitsi_domain }}"
    -- muc_lobby_whitelist = { "recorder.{{ jitsi_domain }}" } -- Here we can whitelist jibri to enter lobby enabled rooms

VirtualHost "guest.{{ jitsi_domain }}"
    authentication = "anonymous"
    c2s_require_encryption = false

Component "conference.{{ jitsi_domain }}" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        --"token_verification";
    }
    admins = { "focus@auth.{{ jitsi_domain }}" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.{{ jitsi_domain }}" "muc"
    storage = "memory"
    modules_enabled = {
        "ping";
    }
    admins = { "focus@auth.{{ jitsi_domain }}", "jvb@auth.{{ jitsi_domain }}" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.{{ jitsi_domain }}"
    ssl = {
        key = "/etc/prosody/certs/auth.{{ jitsi_domain }}.key";
        certificate = "/etc/prosody/certs/auth.{{ jitsi_domain }}.crt";
    }
    authentication = "internal_hashed"

-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
Component "focus.{{ jitsi_domain }}" "client_proxy"
    target_address = "focus@auth.{{ jitsi_domain }}"

Component "speakerstats.{{ jitsi_domain }}" "speakerstats_component"
    muc_component = "conference.{{ jitsi_domain }}"

Component "conferenceduration.{{ jitsi_domain }}" "conference_duration_component"
    muc_component = "conference.{{ jitsi_domain }}"

Component "lobby.{{ jitsi_domain }}" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true