jicofo {
  // Authentication with external services
  authentication {
    enabled = false
    // The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default).
    type = SHIBBOLETH

    // The pattern of authentication URL. See ShibbolethAuthAuthority for more information.
    # login-url =

    # logout-url =

    authentication-lifetime = 24 hours
    enable-auto-login = true
  }
  // Configuration related to jitsi-videobridge
  bridge {
    // The maximum number of participants in a single conference to put on one bridge (use -1 for no maximum).
    max-bridge-participants = -1
    // The assumed maximum packet rate that a bridge can handle.
    max-bridge-packet-rate = 50000
    // The assumed average packet rate per participant.
    average-participant-packet-rate-pps = 500
    // The assumed average stress per participant.
    average-participant-stress = 0.01
    // The assumed time that an endpoint takes to start contributing fully to the load on a bridge. To avoid allocating
    // a burst of endpoints to the same bridge, the bridge stress is adjusted by adding the number of new endpoints
    // in the last [participant-rampup-time] multiplied by [average-participant-stress].
    participant-rampup-interval = 20 seconds
    // The stress level above which a bridge is considered overstressed.
    stress-threshold = 0.8
    // The amount of to wait before retrying using a failed bridge.
    failure-reset-threshold = 1 minute
    // The bridge selection strategy. The built-in strategies are:
    // SingleBridgeSelectionStrategy: Use the least loaded bridge, do not split a conference between bridges (Octo).
    // SplitBridgeSelectionStrategy: Use a separate bridge for each participant (for testing).
    // RegionBasedBridgeSelectionStrategy: Attempt to put each participant in a bridge in their local region (i.e. use
    //    Octo for geo-location).
    // IntraRegionBridgeSelectionStrategy: Use additional bridges when a bridge becomes overloaded (i.e. use Octo for
    //    load balancing).
    //
    // Additionally, you can use the fully qualified class name for custom BridgeSelectionStrategy implementations.
    selection-strategy = SingleBridgeSelectionStrategy
    health-checks {
      // Whether jicofo should perform periodic health checks to the connected bridges.
      enabled = true
      // The interval at which to perform health checks.
      interval = 10 seconds
      // When a health checks times out, jicofo will retry and only consider it fail after the retry fails. This
      // configures the delay between the original health check timing out and the second health check being sent.
      // It is a duration and defaults to half the [interval].
      # retry-delay = 5 seconds
    }

    // The JID of the MUC to be used as a brewery for bridge instances.
    brewery-jid = "jvbbrewery@internal.auth.jitsi"
  }
  // Configure the codecs and RTP extensions to be used in the offer sent to clients.
  codec {
    video {
      vp8 {
        enabled = true
        pt = 100
        // Payload type for the associated RTX stream. Set to -1 to disable RTX.
        rtx-pt = 96
      }
      vp9 {
        enabled = true
        pt = 101
        // Payload type for the associated RTX stream. Set to -1 to disable RTX.
        rtx-pt = 97
      }
      h264 {
        enabled = true
        pt = 107
        // Payload type for the associated RTX stream. Set to -1 to disable RTX.
        rtx-pt = 99
      }
    }

    audio {
      isac-16000 {
        enabled = true
        pt = 103
      }
      isac-32000 {
        enabled = true
        pt = 104
      }
      opus {
        enabled = true
        pt = 111
        minptime = 10
        use-inband-fec = true
        red {
          enabled = false
          pt = 112
        }
      }
      telephone-event {
        enabled = true
        pt = 126
      }
    }

    // RTP header extensions
    rtp-extensions {
      audio-level {
        enabled = true
        id = 1
      }
      tof {
        // TOF is currently disabled, because we don't support it in the bridge
        // (and currently clients seem to not use it when abs-send-time is
        // available).
        enabled = false
        id = 2
      }
      abs-send-time {
        enabled = true
        id = 3
      }
      rid {
        enabled = false
        id = 4
      }
      tcc {
        enabled = true
        id = 5
      }
      video-content-type {
        enabled = false
        id = 7
      }
      framemarking {
        enabled = false
        id = 9
      }
    }
  }

  conference {
    // Whether to automatically grant the 'owner' role to the first participant in the conference (and subsequently to
    // the next in line when the current owner leaves).
    enable-auto-owner = true

    // How long to wait for the initial participant in a conference.
    initial-timeout = 15 seconds

    // Whether jicofo should inject a random SSRC for endpoints which don't advertise any SSRCs. This is a temporary
    // workaround for an issue with signaling endpoints for Octo.
    inject-ssrc-for-recv-only-endpoints = false

    max-ssrcs-per-user = 20

    // How long a participant's media session will be kept alive once it remains the only participant in the room.
    single-participant-timeout = 20 seconds

    // The minimum number of participants required for the conference to be started.
    min-participants = 2

    // Experimental.
    enable-lip-sync = false

    shared-document {
      // If `true` the shared document uses a random name. Otherwise, it uses the conference name.
      use-random-name = false
    }
  }

  // Configuration for the internal health checks performed by jicofo.
  health {
    // Whether to perform health checks.
    enabled = false

    // The interval between health checks. If set to 0, periodic health checks will not be performed.
    interval = 10 seconds

    # The timeout for a health check
    timeout = 30 seconds

    # If performing a health check takes longer than this, it is considered unsuccessful.
    max-check-duration = 20 seconds

    # The prefix to use when creating MUC rooms for the purpose of health checks.
    room-name-prefix = "__jicofo-health-check"
  }

  jibri {
    // The JID of the MUC to be used as a brewery for jibri instances for streaming.
    # brewery-jid = "jibribrewery@example.com"

    // How many times to retry a given Jibri request before giving up. Set to -1 to allow infinite retries.
    num-retries = 5

    // How long to wait for Jibri to start recording from the time it accepts a START request.
    pending-timeout = 90 seconds
  }

  jibri-sip {
    // The JID of the MUC to be used as a brewery for jibri instances for SIP.
    # brewery-jid = "jibrisipbrewery@example.com"
  }

  jigasi {
    // The JID of the MUC to be used as a brewery for jigasi instances.
    # brewery-jid = "jigasibrewery@example.com"
  }

  // The region in which the machine is running.
  #local-region="us-east-1"

  octo {
    // Whether or not to use Octo. Note that when enabled, its use will be determined by
    // $jicofo.bridge.selection-strategy.
    enabled = false

    // An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of
    // Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured.
    id = 1
  }

  rest {
    port = 8888
    tls-port = 8843
  }

  sctp {
    // Whether to allocate SCTP channels on the bridge (only when the client advertises support, and SCTP is
    // enabled in the per-conference configuration).
    enabled = true
  }

  task-pools {
    shared-pool-max-threads = 1500
  }

  xmpp {
    // The separate XMPP connection used for communication with clients (endpoints).
    client {
      enabled = true
      hostname = "{{ env "NOMAD_IP_xmpp_port" }}"
      port = {{ env "NOMAD_PORT_xmpp_port" }}
      domain = "auth.jitsi"
      username = "focus"
      password = "{{ key "secrets/jitsi/jicofo_pass" | trimSpace }}"

      // How long to wait for a response to a stanza before giving up.
      reply-timeout = 15 seconds

      // The JID/domain of the MUC service used for conferencing.
      conference-muc-jid = conference.jitsi

      // A flag to suppress the TLS certificate verification.
      disable-certificate-verification = false
    }
    // The separate XMPP connection used for internal services (currently only jitsi-videobridge).
    service {
      enabled = false
      hostname = "jitsi-xmpp"
      port = 5222
      domain = "auth.jitsi"
      username = "focus"
      password = "jicofopass"

      // How long to wait for a response to a stanza before giving up.
      reply-timeout = 15 seconds

      // A flag to suppress the TLS certificate verification.
      disable-certificate-verification = false
    }
  }
}