Undefine Jitsi secrets and require their (re-)definition

roles/matrix-jitsi/defaults/main.yml

@@ -23,9 +23,9 @@ matrix_jitsi_recorder_domain: recorder.meet.jitsi
 matrix_jitsi_jibri_brewery_muc: jibribrewery
 matrix_jitsi_jibri_pending_timeout: 90
 matrix_jitsi_jibri_xmpp_user: jibri
-matrix_jitsi_jibri_xmpp_password: jibri-password
+matrix_jitsi_jibri_xmpp_password: ''
 matrix_jitsi_jibri_recorder_user: recorder
-matrix_jitsi_jibri_recorder_password: recorder-password
+matrix_jitsi_jibri_recorder_password: ''
 
 
 matrix_jitsi_web_docker_image: "jitsi/web:4384"
@@ -98,9 +98,9 @@ matrix_jitsi_jicofo_container_extra_arguments: []
 # List of systemd services that matrix-jitsi-jicofo.service depends on
 matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
 
-matrix_jitsi_jicofo_component_secret: s3cr37
+matrix_jitsi_jicofo_component_secret: ''
 matrix_jitsi_jicofo_auth_user: focus
-matrix_jitsi_jicofo_auth_password: passw0rd
+matrix_jitsi_jicofo_auth_password: ''
 
 
 matrix_jitsi_jvb_docker_image: "jitsi/jvb:4384"
@@ -116,7 +116,7 @@ matrix_jitsi_jvb_container_extra_arguments: []
 matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
 
 matrix_jitsi_jvb_auth_user: jvb
-matrix_jitsi_jvb_auth_password: passw0rd
+matrix_jitsi_jvb_auth_password: ''
 
 # STUN servers used by JVB on the server-side, so it can discover its own external IP address.
 # Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.

roles/matrix-jitsi/tasks/main.yml

@@ -2,6 +2,12 @@
   tags:
     - always
 
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_jitsi_enabled|bool"
+  tags:
+    - setup-all
+    - setup-jitsi
+
 - import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
   when: run_setup|bool
   tags:

roles/matrix-jitsi/tasks/validate_config.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Fail if required Jitsi settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`) for using Jitsi.
+
+      If you're setting up Jitsi for the first time, you may have missed a step.
+      Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
+
+      If you had setup Jitsi successfully before and it's just now that you're observing this failure,
+      it means that your installation may be using some default passwords that the playbook used to define until now.
+      This is not secure and we urge you to rebuild your Jitsi setup.
+      Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_jitsi_jibri_xmpp_password"
+    - "matrix_jitsi_jibri_recorder_password"
+    - "matrix_jitsi_jicofo_component_secret"
+    - "matrix_jitsi_jicofo_auth_password"
+    - "matrix_jitsi_jvb_auth_password"