mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-18 18:29:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Matrix Authentication Support for Jitsi

Browse Source 
This extends the collection with support for seamless authentication at the Jitsi server using Matrix OpenID.

1. New role for installing the [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)
2. Changes to Jitsi role: Installing Jitsi Prosody Mods and configuring Jitsi Auth
3. Changes to Jitsi and nginx-proxy roles: Serving .well-known/element/jitsi from jitsi.DOMAIN
4. We updated the Jitsi documentation on authentication and added documentation for the user verification service.
This commit is contained in:
jakicoll
2023-01-04 13:45:37 +01:00
parent f400093865
commit 42e4e50f5b
25 changed files with 747 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
roles/custom/matrix-jitsi/tasks/self_check_matrix_auth.yml Normal file
View File

@@ -0,0 +1,62 @@
---
- ansible.builtin.set_fact:
matrix_jitsi_prosody_self_check_uvs_health_url: "{{ matrix_jitsi_prosody_auth_matrix_uvs_location }}/health"
matrix_jitsi_element_jitsi_well_known_url: "{{ matrix_jitsi_web_public_url }}/.well-known/element/jitsi"
- name: Check if jitsi serves the .well-known/element/jitsi
ansible.builtin.uri:
url: "{{ matrix_jitsi_element_jitsi_well_known_url }}"
follow_redirects: none
return_content: true
validate_certs: "{{ matrix_jitsi_self_check_validate_certificates }}"
headers:
Origin: example.com
check_mode: false
register: result_well_known_jitsi_element_jitsi
ignore_errors: true
- name: Fail if .well-known not working
ansible.builtin.fail:
msg: |
Failed checking that the Jitsi well-known file for Element auth is configured at `{{ matrix_jitsi_element_jitsi_well_known_url }}`
Full error: {{ result_well_known_jitsi_element_jitsi }}
when: "result_well_known_jitsi_element_jitsi.failed"
- name: Parse JSON for well-known payload at the matrix hostname
ansible.builtin.set_fact:
well_known_matrix_payload: "{{ result_well_known_jitsi_element_jitsi.content | from_json }}"
- name: Fail if .well-known not CORS-aware
ansible.builtin.fail:
msg: "The well-known file on `{{ matrix_jitsi_element_jitsi_well_known_url }}` is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
when: "'access_control_allow_origin' not in result_well_known_jitsi_element_jitsi"
- name: Report working .well-known
ansible.builtin.debug:
msg: "well-known is configured correctly at `{{ matrix_jitsi_element_jitsi_well_known_url }}`"
- name: Check if we can reach the user verification service and if it's healthy
ansible.builtin.command:
argv:
- "docker"
- "exec"
- "matrix-jitsi-prosody"
- "wget"
- "-O"
- "-"
- "--quiet"
- "{{ matrix_jitsi_prosody_self_check_uvs_health_url | quote }}"
register: matrix_jitsi_prosody_self_check_uvs_result
ignore_errors: true
- name: Fail if user verification service is not (reachable and healthy)
ansible.builtin.fail:
msg: |
Failed checking user verification service is up (checked endpoint: `{{ matrix_jitsi_prosody_self_check_uvs_health_url }}`).
Full error: {{ matrix_jitsi_prosody_self_check_uvs_result }}
when: "matrix_jitsi_prosody_self_check_uvs_result.failed"
- name: Report healthy user verification service
ansible.builtin.debug:
msg: "User verification service is working (checked endpoint: `{{ matrix_jitsi_prosody_self_check_uvs_health_url }}`)"