# Non-sensitive env shared across all jitsi components. Sensitive values
# (XMPP component passwords) live in the 20-secrets.yaml that is NOT
# committed to git — see scripts/generate-secrets.sh.
apiVersion: v1
kind: ConfigMap
metadata:
  name: jitsi-config
  namespace: jitsi
data:
  # === Public-facing config ===
  PUBLIC_URL: "https://meet.it.financeflow.de"
  TZ: "Europe/Berlin"

  # === XMPP topology (internal hostnames — do not change without
  # updating all 4 components in lockstep) ===
  XMPP_DOMAIN: "meet.jitsi"
  XMPP_AUTH_DOMAIN: "auth.meet.jitsi"
  XMPP_INTERNAL_MUC_DOMAIN: "internal-muc.meet.jitsi"
  XMPP_MUC_DOMAIN: "muc.meet.jitsi"
  XMPP_GUEST_DOMAIN: "guest.meet.jitsi"
  XMPP_RECORDER_DOMAIN: "recorder.meet.jitsi"
  XMPP_SERVER: "prosody.jitsi.svc.cluster.local"
  XMPP_BOSH_URL_BASE: "http://prosody.jitsi.svc.cluster.local:5280"

  # === Auth disabled — anyone with the URL can start a room. That's the
  # whole point of self-hosting (avoids the meet.jit.si Google/GitHub
  # moderator gate). ===
  ENABLE_AUTH: "0"
  ENABLE_GUESTS: "0"

  # === TLS handled by ingress cert-manager, not by the jitsi/web container ===
  ENABLE_LETSENCRYPT: "0"
  ENABLE_HTTP_REDIRECT: "0"
  DISABLE_HTTPS: "1"

  # === Videobridge brewery (where jicofo finds JVBs over XMPP) ===
  JVB_BREWERY_MUC: "jvbbrewery"

  # === STUN — default Jitsi-hosted STUN servers; ok for getting started ===
  JVB_STUN_SERVERS: "meet-jit-si-turnrelay.jitsi.net:443"

  # === Minor UX tweaks ===
  ENABLE_PREJOIN_PAGE: "1"
  ENABLE_WELCOME_PAGE: "1"
  ENABLE_TRANSCRIPTIONS: "0"
  ENABLE_RECORDING: "0"