diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-07-11 15:02:12 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-07-11 15:02:12 +0200 |
commit | 0b409eb0fa1743e21fb44a62011145453a6cc3bc (patch) | |
tree | 9dcbcb248752532e2fdafff0bf79c3054117d029 /roles/apps/jitsi | |
parent | jitsi: update meed on sk-cloudio (diff) |
jitsi/meet: add support for authentication
Diffstat (limited to 'roles/apps/jitsi')
-rw-r--r-- | roles/apps/jitsi/meet/defaults/main.yml | 5 | ||||
-rw-r--r-- | roles/apps/jitsi/meet/tasks/main.yml | 10 | ||||
-rw-r--r-- | roles/apps/jitsi/meet/templates/pod-spec.yml.j2 | 32 |
3 files changed, 46 insertions, 1 deletions
diff --git a/roles/apps/jitsi/meet/defaults/main.yml b/roles/apps/jitsi/meet/defaults/main.yml index c27726f0..9f249f0e 100644 --- a/roles/apps/jitsi/meet/defaults/main.yml +++ b/roles/apps/jitsi/meet/defaults/main.yml @@ -17,3 +17,8 @@ jitsi_meet_timezone: Europe/Vienna # jicofo_component_secret: "" ### only needed for versions older than stable-5765-1 # jicofo_auth_password: "" # jvb_auth_password: "" + +# jitsi_meet_auth: +# enable_guests: true +# users: +# foo: secret diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml index 0efbf726..b433a900 100644 --- a/roles/apps/jitsi/meet/tasks/main.yml +++ b/roles/apps/jitsi/meet/tasks/main.yml @@ -14,8 +14,16 @@ content: | #!/usr/bin/with-contenv bash sed -e 's#^\(component_interface\s*=\)#-- \1#g' -i /config/prosody.cfg.lua + {% if jitsi_meet_auth is defined %} + + echo "authentication enabled:" + {% for username, password in jitsi_meet_auth.users.items() %} + echo " * registering user: {{ username }}" + prosodyctl --config "/config/prosody.cfg.lua" register "{{ username }}" $XMPP_DOMAIN "{{ password }}" + {% endfor %} + {% endif %} dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh" - mode: 0755 + mode: 0750 - name: install pod manifest vars: diff --git a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 index 9de6659d..0d6905a0 100644 --- a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 +++ b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 @@ -22,6 +22,13 @@ containers: subPath: jicofo mountPath: /config env: +{% if jitsi_meet_auth is defined %} + - name: ENABLE_AUTH + value: "1" + - name: AUTH_TYPE + value: "internal" + +{% endif %} - name: XMPP_SERVER value: 127.0.0.1 - name: XMPP_DOMAIN @@ -59,6 +66,7 @@ containers: - name: scripts subPath: prosody/cont-init.sh mountPath: /etc/cont-init.d/99-k8s + readOnly: yes - name: config subPath: prosody mountPath: /config @@ -68,10 +76,23 @@ containers: - name: ENABLE_LOBBY value: "1" +{% if jitsi_meet_auth is defined %} + - name: ENABLE_AUTH + value: "1" + - name: AUTH_TYPE + value: "internal" + - name: ENABLE_GUESTS + value: "{{ (jitsi_meet_auth.enable_guests | default(false)) | ternary('1', '0') }}" + +{% endif %} - name: XMPP_DOMAIN value: meet.jitsi - name: XMPP_AUTH_DOMAIN value: auth.meet.jitsi +{% if jitsi_meet_auth is defined and (jitsi_meet_auth.enable_guests | default(false)) %} + - name: XMPP_GUEST_DOMAIN + value: guest.meet.jitsi +{% endif %} - name: XMPP_MUC_DOMAIN value: muc.meet.jitsi - name: XMPP_INTERNAL_MUC_DOMAIN @@ -121,10 +142,21 @@ containers: - name: ENABLE_P2P value: "{{ jitsi_meet_p2p_enable | ternary('true', 'false') }}" +{% if jitsi_meet_auth is defined %} + - name: ENABLE_AUTH + value: "1" + - name: ENABLE_GUESTS + value: "{{ (jitsi_meet_auth.enable_guests | default(false)) | ternary('1', '0') }}" + +{% endif %} - name: XMPP_DOMAIN value: meet.jitsi - name: XMPP_AUTH_DOMAIN value: auth.meet.jitsi +{% if jitsi_meet_auth is defined and (jitsi_meet_auth.enable_guests | default(false)) %} + - name: XMPP_GUEST_DOMAIN + value: guest.meet.jitsi +{% endif %} - name: XMPP_MUC_DOMAIN value: muc.meet.jitsi - name: XMPP_BOSH_URL_BASE |