Add support for Jitsi internal authentication user creation
This commit is contained in:
parent
c58c5b3610
commit
f2cd37685c
@ -12,6 +12,9 @@ matrix_jitsi_enable_av_moderation: true
|
||||
# Authentication type, must be one of internal, jwt or ldap. Currently only
|
||||
# internal and ldap are supported by this playbook.
|
||||
matrix_jitsi_auth_type: internal
|
||||
matrix_jitsi_prosody_auth_internal_accounts:
|
||||
- username: "jitsti-moderator"
|
||||
password: ""
|
||||
|
||||
# Configuration options for LDAP authentication. For details see upstream:
|
||||
# https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap.
|
||||
@ -41,16 +44,17 @@ matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
|
||||
matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi
|
||||
matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi
|
||||
matrix_jitsi_xmpp_modules: ''
|
||||
matrix_jitsi_xmpp_muc_modules: ''
|
||||
matrix_jitsi_xmpp_muc_modules_internal: ''
|
||||
|
||||
matrix_jitsi_recorder_domain: recorder.meet.jitsi
|
||||
|
||||
matrix_jitsi_jibri_recorder_user: recorder
|
||||
matrix_jitsi_jibri_recorder_password: ''
|
||||
|
||||
matrix_jitsi_jibri_brewery_muc: jibribrewery
|
||||
matrix_jitsi_jibri_pending_timeout: 90
|
||||
matrix_jitsi_jibri_xmpp_user: jibri
|
||||
matrix_jitsi_jibri_xmpp_password: ''
|
||||
matrix_jitsi_jibri_recorder_user: recorder
|
||||
matrix_jitsi_jibri_recorder_password: ''
|
||||
|
||||
matrix_jitsi_enable_lobby: false
|
||||
|
||||
@ -205,7 +209,6 @@ matrix_jitsi_jicofo_component_secret: ''
|
||||
matrix_jitsi_jicofo_auth_user: focus
|
||||
matrix_jitsi_jicofo_auth_password: ''
|
||||
|
||||
|
||||
matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
|
||||
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
|
||||
|
||||
@ -229,6 +232,30 @@ matrix_jitsi_jvb_brewery_muc: jvbbrewery
|
||||
matrix_jitsi_jvb_rtp_udp_port: 10000
|
||||
matrix_jitsi_jvb_rtp_tcp_port: 4443
|
||||
|
||||
# JWT Auth
|
||||
matrix_jitsi_auth_jwt_id: jitsi
|
||||
matrix_jitsi_auth_jwt_secret: ''
|
||||
matrix_jitsi_auth_jwt_accepted_issuers: ''
|
||||
matrix_jitsi_authjwt_allow_empty: false
|
||||
|
||||
# Jigasi SIP Gateway Configuration - Not Fully Implemented
|
||||
matrix_jitsi_jigasi_auth_user: ''
|
||||
matrix_jitsi_jigasi_auth_password: ''
|
||||
#JIGASI_SIP_URI: '' # SIP URI for incoming / outgoing calls test@sip2sip.info
|
||||
#JIGASI_SIP_PASSWORD: '' # Password for the specified SIP account passw0rd
|
||||
#JIGASI_SIP_SERVER SIP: '' # server (use the SIP account domain if in doubt) sip2sip.info
|
||||
#JIGASI_SIP_PORT SIP: '5060' # server port 5060
|
||||
#JIGASI_SIP_TRANSPORT: 'UDP' # SIP transport UDP
|
||||
#DIALIN_NUMBERS_URL: 'https://jitsi.chs.chat/dial-in.json' # URL to the JSON with all Dial-In numbers. Example: https://meet.example.com/dialin.json
|
||||
#CONFCODE_URL: '' # URL to the API for checking/generating Dial-In codes. Example: https://jitsi-api.jitsi.net/conferenceMapper
|
||||
#GC_PROJECT_ID: # project_id from Google Cloud Credentials
|
||||
#GC_PRIVATE_KEY_ID: # private_key_id from Google Cloud Credentials
|
||||
#GC_PRIVATE_KEY: # private_key from Google Cloud Credentials
|
||||
#GC_CLIENT_EMAIL: # client_email from Google Cloud Credentials
|
||||
#GC_CLIENT_ID: # client_id from Google Cloud Credentials
|
||||
#GC_CLIENT_CERT_URL: # client_x509_cert_url from Google Cloud Credentials
|
||||
|
||||
|
||||
# Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB.
|
||||
# This configuration gets appended to the final configuration that Jitsi JVB uses.
|
||||
#
|
||||
|
@ -25,14 +25,14 @@
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
|
||||
when: matrix_jitsi_enabled|bool
|
||||
|
||||
- name: Ensure jitsi-prosody environment variables file created
|
||||
- name: Ensure jitsi-prosody environment variables file is created
|
||||
template:
|
||||
src: "{{ role_path }}/templates/prosody/env.j2"
|
||||
dest: "{{ matrix_jitsi_prosody_base_path }}/env"
|
||||
mode: 0640
|
||||
when: matrix_jitsi_enabled|bool
|
||||
|
||||
- name: Ensure matrix-jitsi-prosody.service installed
|
||||
- name: Ensure matrix-jitsi-prosody.service is installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
|
||||
@ -40,16 +40,25 @@
|
||||
register: matrix_jitsi_prosody_systemd_service_result
|
||||
when: matrix_jitsi_enabled|bool
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation
|
||||
- name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed"
|
||||
|
||||
|
||||
- name: Ensure authentication is properly configured
|
||||
include_tasks:
|
||||
file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml"
|
||||
when:
|
||||
- matrix_jitsi_enabled|bool
|
||||
- matrix_jitsi_enable_auth|bool
|
||||
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of jitsi-prosody (if it was previously enabled)
|
||||
#
|
||||
|
||||
- name: Check existence of matrix-jitsi-prosody service
|
||||
- name: Ensure matrix-jitsi-prosody service file exists
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
|
||||
register: matrix_jitsi_prosody_service_stat
|
||||
@ -64,13 +73,13 @@
|
||||
register: stopping_result
|
||||
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-jitsi-prosody.service doesn't exist
|
||||
- name: Ensure matrix-jitsi-prosody service file doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
|
||||
state: absent
|
||||
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal
|
||||
- name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
|
||||
|
30
roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml
Normal file
30
roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
|
||||
#
|
||||
# Tasks related to setting up Jitsi authentication mechanisms
|
||||
#
|
||||
|
||||
- name: Ensure matrix-jitsi-prosody container is running
|
||||
systemd:
|
||||
state: started
|
||||
name: matrix-jitsi-prosody
|
||||
|
||||
- name: Ensire Jitsi internal authentication users are created
|
||||
shell: "docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}"
|
||||
with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}"
|
||||
when:
|
||||
- matrix_jitsi_auth_type == "internal"
|
||||
|
||||
|
||||
#
|
||||
# Configure other authentication mechanisms below
|
||||
#
|
||||
|
||||
|
||||
#
|
||||
# End
|
||||
#
|
||||
- name: Ensure matrix-jitsi-prosody container is stopped
|
||||
systemd:
|
||||
state: stopped
|
||||
name: matrix-jitsi-prosody
|
Loading…
Reference in New Issue
Block a user