From 1658e701dd8dfc27876e1a01007c47af05be4682 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 25 Jul 2021 23:08:12 +0200
Subject: jitis/meet-stream-ui: enable http auth and support new config

---
 dan/host_vars/ele-jitsi.yml                     | 43 +++++++++++++------------
 inventory/host_vars/ch-equinox-t450s.yml        |  1 +
 inventory/host_vars/ch-equinox-ws.yml           |  1 +
 inventory/host_vars/ele-jitsi.yml               |  3 ++
 roles/apps/jitsi/meet/defaults/main.yml         |  3 ++
 roles/apps/jitsi/meet/tasks/main.yml            | 29 ++++++++++++++---
 roles/apps/jitsi/meet/templates/pod-spec.yml.j2 | 13 ++++++++
 7 files changed, 68 insertions(+), 25 deletions(-)

diff --git a/dan/host_vars/ele-jitsi.yml b/dan/host_vars/ele-jitsi.yml
index a97ec42a..035bfdde 100644
--- a/dan/host_vars/ele-jitsi.yml
+++ b/dan/host_vars/ele-jitsi.yml
@@ -1,22 +1,23 @@
 $ANSIBLE_VAULT;1.2;AES256;dan
-65396235316532653335326234663533333566343234613963356665343735353438326336306661
-3232376265623734393135363137343565646366383766650a373063663439313266633066656361
-32646335633534643536316631353764393061366363353162613533643338393461633166346133
-3962313836326438340a343531356237396536346437383934393838353232303632303735353230
-33363361323833626366613666636262336363306664363861613434626163303862366234373739
-30333065316264396532306666353863653533313139663766393934346337656133393362343565
-33616637633832653639346431373634373830623266326339326364313136316639363335626361
-39633131653762316266326538616239663833303664333131363665366638313736343165616439
-64383336353032366331333233623939626463656261393834653563373464366165323664396463
-66376431633965643261656231346666613163306639636431616139616466643137313931613833
-66323862646362616433393862633634656330313766396564396461646530363062616333616231
-38643036663961316139376635613039306362303635306265376435633662353066393633643435
-37386136666130363363396438386166363161393832646439323137616236303861643231353433
-39386134626533383964623731383938636632616435663335346561303061633535313266313336
-62303637616631653663386236396664363164303032333133313330303164346464666135623065
-61313131616335663531343364306462633732633766333838666333646133653965393033636663
-39613462653262343461616233323939623432386136643633623162633462376630656265373032
-65626266356562393237303338646461393030386464393835613566356334393663323462303237
-61666331653838363233626165636230646361393662666337323932643032343434386139363664
-63356235646230343265613163353534316264303237373830393832333937616535313233666639
-34353034636562633532616231633463633132376463646631363939323830616133
+30326363623630653461323465633363363163333639653937393936643464656431343536633361
+3765306565306632346132333736623932356637313864650a393538643166336266363934333762
+31353131393939623339626333376266356436313433643639366539666133316261623466316233
+6236653561313432370a396331306536363466383763343564623832343531653761643236386236
+30613336326262356337376266323562383634356436303030326438653266653931356436386264
+63383430393535393265666638643831323764303134643965633966633064326436623965613064
+36373135626531316136333963396139656366303133353835353266343837653732666437343535
+31333934613436383863633265363632623962336238336331653037303038663663323564356662
+61623865393538373862353930353766363937396538636362663030366435323735376332393030
+65396534633364633664383963313539623466336236336261326237306664313232366264383731
+36376364313865336137303063383630653962633835363933316232373235613666363930356232
+66313363373135386562303665323863646635623765303361366233666565363863326264393733
+39363038356639346639653832366636656136326666336333393161346231303733336136333831
+63376266316634363330343631623062626336366662643562316661663032613361376134393731
+39353333643938643265383238323864393532396532656433343964643632626662383865383139
+33303238613036353365623739323435666531306466636238626336396566663132356131343530
+61663561313539363237663662386638666438383962303030373039626335616332646662656463
+62663763353035306335333931666631303237316666343339623066373230323165613930626561
+62346630396332333737623239353964313963613166336435313236333638303363356536346638
+62316261333565383531303730346465663065356333383935333332343633636266336439653538
+33366263316231303139643430636433666135313432393939646439373463613165653130643965
+6235393431663932613665343765383037333931323461636664
diff --git a/inventory/host_vars/ch-equinox-t450s.yml b/inventory/host_vars/ch-equinox-t450s.yml
index df7759e3..d94aa203 100644
--- a/inventory/host_vars/ch-equinox-t450s.yml
+++ b/inventory/host_vars/ch-equinox-t450s.yml
@@ -266,6 +266,7 @@ ws_base_extra_packages:
   - python3-httplib2
   - python3-jinja2
   - python3-netaddr
+  - python3-passlib
   # resolvelib is not packaged for current ubuntu releases - also ansible needs special versions -> leave it to pip
   # - python3-resolvelib
   - python3-yaml
diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml
index 8e97ab10..aee2482e 100644
--- a/inventory/host_vars/ch-equinox-ws.yml
+++ b/inventory/host_vars/ch-equinox-ws.yml
@@ -263,6 +263,7 @@ ws_base_extra_packages:
   - python3-httplib2
   - python3-jinja2
   - python3-netaddr
+  - python3-passlib
   # resolvelib is not packaged for current ubuntu releases - also ansible needs special versions -> leave it to pip
   # - python3-resolvelib
   - python3-yaml
diff --git a/inventory/host_vars/ele-jitsi.yml b/inventory/host_vars/ele-jitsi.yml
index 80032c54..0815fbd8 100644
--- a/inventory/host_vars/ele-jitsi.yml
+++ b/inventory/host_vars/ele-jitsi.yml
@@ -49,4 +49,7 @@ jitsi_meet_auth:
 
 jitsi_meet_streamui:
   http_port: "{{ jitsi_meet_http_port + 1 }}"
+#  http_auth:
+#    operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}"
   image_tag: latest
+  default_control_room: lashuu8O
diff --git a/roles/apps/jitsi/meet/defaults/main.yml b/roles/apps/jitsi/meet/defaults/main.yml
index 2580fe15..02f4a2b2 100644
--- a/roles/apps/jitsi/meet/defaults/main.yml
+++ b/roles/apps/jitsi/meet/defaults/main.yml
@@ -26,4 +26,7 @@ jitsi_meet_timezone: Europe/Vienna
 
 # jitsi_meet_streamui:
 #   http_port: "{{ jitsi_meet_http_port + 1 }}"
+#   http_auth:
+#     user: password
 #   image_tag: latest
+#   default_control_room: gieThoh3
diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml
index e83c789e..b9dcbeb0 100644
--- a/roles/apps/jitsi/meet/tasks/main.yml
+++ b/roles/apps/jitsi/meet/tasks/main.yml
@@ -97,10 +97,31 @@
 
 - name: configure stream-ui http proxy locations
   when: jitsi_meet_streamui is defined
-  set_fact:
-    nginx_vhost_locations_streamui:
-      '/stream-ui/':
-        proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
+  block:
+  - name: generate basic auth password file for stream-ui
+    when: "'http_auth' in jitsi_meet_streamui"
+    vars:
+      nginx_auth_basic_filename: "jitsi-meet-{{ jitsi_meet_inst_name }}-streamui"
+      nginx_auth_basic_users: "{{ jitsi_meet_streamui.http_auth }}"
+    include_role:
+      name: nginx/auth/basic
+
+  - name: set stream-ui vhost config with authentication
+    when: "'http_auth' in jitsi_meet_streamui"
+    set_fact:
+      nginx_vhost_locations_streamui:
+        '/stream-ui/':
+          proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
+          extra_directives: |-
+            auth_basic "Jitsi Stream-UI";
+            auth_basic_user_file /etc/nginx/auth/jitsi-meet-{{ jitsi_meet_inst_name }}-streamui.htpasswd;
+
+  - name: set stream-ui vhost config without authentication
+    when: "'http_auth' not in jitsi_meet_streamui"
+    set_fact:
+      nginx_vhost_locations_streamui:
+        '/stream-ui/':
+          proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
 
 - name: configure nginx vhost
   vars:
diff --git a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
index 95f49982..b822c708 100644
--- a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
+++ b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
@@ -212,6 +212,8 @@ containers:
   - name: JVB_BREWERY_MUC
     value: jvbbrewery
 
+  - name: PUBLIC_URL
+    value: "https://{{ jitsi_meet_hostname }}"
   - name: JVB_PORT
     value: "{{ jitsi_meet_jvb_port }}"
   - name: JVB_TCP_HARVESTER_DISABLED
@@ -235,6 +237,17 @@ containers:
     containerPort: 3000
     hostPort: {{ jitsi_meet_streamui.http_port }}
     hostIP: 127.0.0.1
+  env:
+  - name: HTTP_PATH
+    value: "/stream-ui"
+  - name: JITSI_XMPP_ID
+    value: "display@stream-ui.meet.jitsi"
+  - name: JITSI_XMPP_PASSWORD
+    value: "{{ jitsi_meet_secrets.streamuidisplay_auth_password }}"
+{% if 'default_control_room' in jitsi_meet_streamui %}
+  - name: DEFAULT_CONTROL_ROOM
+    value: "{{ jitsi_meet_streamui.default_control_room }}"
+{% endif %}
 
 {% endif %}
 volumes:
-- 
cgit v1.2.3