mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2024-11-06 02:37:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add support for Jitsi internal authentication user creation

Browse Source
This commit is contained in:
ppacheco28 2021-12-08 19:52:05 -03:00
parent c58c5b3610
commit f2cd37685c
3 changed files with 76 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
roles/matrix-jitsi/defaults/main.yml
View File

@ -12,6 +12,9 @@ matrix_jitsi_enable_av_moderation: true
# Authentication type, must be one of internal, jwt or ldap. Currently only # Authentication type, must be one of internal, jwt or ldap. Currently only
# internal and ldap are supported by this playbook. # internal and ldap are supported by this playbook.
matrix_jitsi_auth_type: internal matrix_jitsi_auth_type: internal
matrix_jitsi_prosody_auth_internal_accounts:
- username: "jitsti-moderator"
password: ""
# Configuration options for LDAP authentication. For details see upstream: # Configuration options for LDAP authentication. For details see upstream:
# https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap. # https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap.
@ -41,16 +44,17 @@ matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi
matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi
matrix_jitsi_xmpp_modules: '' matrix_jitsi_xmpp_modules: ''
matrix_jitsi_xmpp_muc_modules: ''
matrix_jitsi_xmpp_muc_modules_internal: ''
matrix_jitsi_recorder_domain: recorder.meet.jitsi matrix_jitsi_recorder_domain: recorder.meet.jitsi
matrix_jitsi_jibri_recorder_user: recorder
matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_jibri_brewery_muc: jibribrewery matrix_jitsi_jibri_brewery_muc: jibribrewery
matrix_jitsi_jibri_pending_timeout: 90 matrix_jitsi_jibri_pending_timeout: 90
matrix_jitsi_jibri_xmpp_user: jibri matrix_jitsi_jibri_xmpp_user: jibri
matrix_jitsi_jibri_xmpp_password: '' matrix_jitsi_jibri_xmpp_password: ''
matrix_jitsi_jibri_recorder_user: recorder
matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false matrix_jitsi_enable_lobby: false
@ -205,7 +209,6 @@ matrix_jitsi_jicofo_component_secret: ''
matrix_jitsi_jicofo_auth_user: focus matrix_jitsi_jicofo_auth_user: focus
matrix_jitsi_jicofo_auth_password: '' matrix_jitsi_jicofo_auth_password: ''
matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
@ -229,6 +232,30 @@ matrix_jitsi_jvb_brewery_muc: jvbbrewery
matrix_jitsi_jvb_rtp_udp_port: 10000 matrix_jitsi_jvb_rtp_udp_port: 10000
matrix_jitsi_jvb_rtp_tcp_port: 4443 matrix_jitsi_jvb_rtp_tcp_port: 4443
# JWT Auth
matrix_jitsi_auth_jwt_id: jitsi
matrix_jitsi_auth_jwt_secret: ''
matrix_jitsi_auth_jwt_accepted_issuers: ''
matrix_jitsi_authjwt_allow_empty: false
# Jigasi SIP Gateway Configuration - Not Fully Implemented
matrix_jitsi_jigasi_auth_user: ''
matrix_jitsi_jigasi_auth_password: ''
#JIGASI_SIP_URI: '' # SIP URI for incoming / outgoing calls test@sip2sip.info
#JIGASI_SIP_PASSWORD: '' # Password for the specified SIP account passw0rd
#JIGASI_SIP_SERVER SIP: '' # server (use the SIP account domain if in doubt) sip2sip.info
#JIGASI_SIP_PORT SIP: '5060' # server port 5060
#JIGASI_SIP_TRANSPORT: 'UDP' # SIP transport UDP
#DIALIN_NUMBERS_URL: 'https://jitsi.chs.chat/dial-in.json' # URL to the JSON with all Dial-In numbers. Example: https://meet.example.com/dialin.json
#CONFCODE_URL: '' # URL to the API for checking/generating Dial-In codes. Example: https://jitsi-api.jitsi.net/conferenceMapper
#GC_PROJECT_ID: # project_id from Google Cloud Credentials
#GC_PRIVATE_KEY_ID: # private_key_id from Google Cloud Credentials
#GC_PRIVATE_KEY: # private_key from Google Cloud Credentials
#GC_CLIENT_EMAIL: # client_email from Google Cloud Credentials
#GC_CLIENT_ID: # client_id from Google Cloud Credentials
#GC_CLIENT_CERT_URL: # client_x509_cert_url from Google Cloud Credentials
# Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB. # Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB.
# This configuration gets appended to the final configuration that Jitsi JVB uses. # This configuration gets appended to the final configuration that Jitsi JVB uses.
# #

21
roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml
View File

@ -25,14 +25,14 @@
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
when: matrix_jitsi_enabled|bool when: matrix_jitsi_enabled|bool
- name: Ensure jitsi-prosody environment variables file created - name: Ensure jitsi-prosody environment variables file is created
template: template:
src: "{{ role_path }}/templates/prosody/env.j2" src: "{{ role_path }}/templates/prosody/env.j2"
dest: "{{ matrix_jitsi_prosody_base_path }}/env" dest: "{{ matrix_jitsi_prosody_base_path }}/env"
mode: 0640 mode: 0640
when: matrix_jitsi_enabled|bool when: matrix_jitsi_enabled|bool
- name: Ensure matrix-jitsi-prosody.service installed - name: Ensure matrix-jitsi-prosody.service is installed
template: template:
src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
@ -40,16 +40,25 @@
register: matrix_jitsi_prosody_systemd_service_result register: matrix_jitsi_prosody_systemd_service_result
when: matrix_jitsi_enabled|bool when: matrix_jitsi_enabled|bool
- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation - name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation
service: service:
daemon_reload: yes daemon_reload: yes
when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed"
- name: Ensure authentication is properly configured
include_tasks:
file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml"
when:
- matrix_jitsi_enabled|bool
- matrix_jitsi_enable_auth|bool
# #
# Tasks related to getting rid of jitsi-prosody (if it was previously enabled) # Tasks related to getting rid of jitsi-prosody (if it was previously enabled)
# #
- name: Check existence of matrix-jitsi-prosody service - name: Ensure matrix-jitsi-prosody service file exists
stat: stat:
path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
register: matrix_jitsi_prosody_service_stat register: matrix_jitsi_prosody_service_stat
@ -64,13 +73,13 @@
register: stopping_result register: stopping_result
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
- name: Ensure matrix-jitsi-prosody.service doesn't exist - name: Ensure matrix-jitsi-prosody service file doesn't exist
file: file:
path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
state: absent state: absent
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal - name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal
service: service:
daemon_reload: yes daemon_reload: yes
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"

30
roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml Normal file
View File

@ -0,0 +1,30 @@
---
#
# Tasks related to setting up Jitsi authentication mechanisms
#
- name: Ensure matrix-jitsi-prosody container is running
systemd:
state: started
name: matrix-jitsi-prosody
- name: Ensire Jitsi internal authentication users are created
shell: "docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}"
with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}"
when:
- matrix_jitsi_auth_type == "internal"
#
# Configure other authentication mechanisms below
#
#
# End
#
- name: Ensure matrix-jitsi-prosody container is stopped
systemd:
state: stopped
name: matrix-jitsi-prosody