summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2021-07-11 15:02:12 +0200
committerChristian Pointner <equinox@spreadspace.org>2021-07-11 15:02:12 +0200
commit0b409eb0fa1743e21fb44a62011145453a6cc3bc (patch)
tree9dcbcb248752532e2fdafff0bf79c3054117d029 /roles
parentjitsi: update meed on sk-cloudio (diff)
jitsi/meet: add support for authentication
Diffstat (limited to 'roles')
-rw-r--r--roles/apps/jitsi/meet/defaults/main.yml5
-rw-r--r--roles/apps/jitsi/meet/tasks/main.yml10
-rw-r--r--roles/apps/jitsi/meet/templates/pod-spec.yml.j232
3 files changed, 46 insertions, 1 deletions
diff --git a/roles/apps/jitsi/meet/defaults/main.yml b/roles/apps/jitsi/meet/defaults/main.yml
index c27726f0..9f249f0e 100644
--- a/roles/apps/jitsi/meet/defaults/main.yml
+++ b/roles/apps/jitsi/meet/defaults/main.yml
@@ -17,3 +17,8 @@ jitsi_meet_timezone: Europe/Vienna
# jicofo_component_secret: "" ### only needed for versions older than stable-5765-1
# jicofo_auth_password: ""
# jvb_auth_password: ""
+
+# jitsi_meet_auth:
+# enable_guests: true
+# users:
+# foo: secret
diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml
index 0efbf726..b433a900 100644
--- a/roles/apps/jitsi/meet/tasks/main.yml
+++ b/roles/apps/jitsi/meet/tasks/main.yml
@@ -14,8 +14,16 @@
content: |
#!/usr/bin/with-contenv bash
sed -e 's#^\(component_interface\s*=\)#-- \1#g' -i /config/prosody.cfg.lua
+ {% if jitsi_meet_auth is defined %}
+
+ echo "authentication enabled:"
+ {% for username, password in jitsi_meet_auth.users.items() %}
+ echo " * registering user: {{ username }}"
+ prosodyctl --config "/config/prosody.cfg.lua" register "{{ username }}" $XMPP_DOMAIN "{{ password }}"
+ {% endfor %}
+ {% endif %}
dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
- mode: 0755
+ mode: 0750
- name: install pod manifest
vars:
diff --git a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
index 9de6659d..0d6905a0 100644
--- a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
+++ b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
@@ -22,6 +22,13 @@ containers:
subPath: jicofo
mountPath: /config
env:
+{% if jitsi_meet_auth is defined %}
+ - name: ENABLE_AUTH
+ value: "1"
+ - name: AUTH_TYPE
+ value: "internal"
+
+{% endif %}
- name: XMPP_SERVER
value: 127.0.0.1
- name: XMPP_DOMAIN
@@ -59,6 +66,7 @@ containers:
- name: scripts
subPath: prosody/cont-init.sh
mountPath: /etc/cont-init.d/99-k8s
+ readOnly: yes
- name: config
subPath: prosody
mountPath: /config
@@ -68,10 +76,23 @@ containers:
- name: ENABLE_LOBBY
value: "1"
+{% if jitsi_meet_auth is defined %}
+ - name: ENABLE_AUTH
+ value: "1"
+ - name: AUTH_TYPE
+ value: "internal"
+ - name: ENABLE_GUESTS
+ value: "{{ (jitsi_meet_auth.enable_guests | default(false)) | ternary('1', '0') }}"
+
+{% endif %}
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
+{% if jitsi_meet_auth is defined and (jitsi_meet_auth.enable_guests | default(false)) %}
+ - name: XMPP_GUEST_DOMAIN
+ value: guest.meet.jitsi
+{% endif %}
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
@@ -121,10 +142,21 @@ containers:
- name: ENABLE_P2P
value: "{{ jitsi_meet_p2p_enable | ternary('true', 'false') }}"
+{% if jitsi_meet_auth is defined %}
+ - name: ENABLE_AUTH
+ value: "1"
+ - name: ENABLE_GUESTS
+ value: "{{ (jitsi_meet_auth.enable_guests | default(false)) | ternary('1', '0') }}"
+
+{% endif %}
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
+{% if jitsi_meet_auth is defined and (jitsi_meet_auth.enable_guests | default(false)) %}
+ - name: XMPP_GUEST_DOMAIN
+ value: guest.meet.jitsi
+{% endif %}
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_BOSH_URL_BASE