From 1658e701dd8dfc27876e1a01007c47af05be4682 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 25 Jul 2021 23:08:12 +0200
Subject: jitis/meet-stream-ui: enable http auth and support new config

---
 roles/apps/jitsi/meet/defaults/main.yml         |  3 +++
 roles/apps/jitsi/meet/tasks/main.yml            | 29 +++++++++++++++++++++----
 roles/apps/jitsi/meet/templates/pod-spec.yml.j2 | 13 +++++++++++
 3 files changed, 41 insertions(+), 4 deletions(-)

(limited to 'roles')

diff --git a/roles/apps/jitsi/meet/defaults/main.yml b/roles/apps/jitsi/meet/defaults/main.yml
index 2580fe15..02f4a2b2 100644
--- a/roles/apps/jitsi/meet/defaults/main.yml
+++ b/roles/apps/jitsi/meet/defaults/main.yml
@@ -26,4 +26,7 @@ jitsi_meet_timezone: Europe/Vienna
 
 # jitsi_meet_streamui:
 #   http_port: "{{ jitsi_meet_http_port + 1 }}"
+#   http_auth:
+#     user: password
 #   image_tag: latest
+#   default_control_room: gieThoh3
diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml
index e83c789e..b9dcbeb0 100644
--- a/roles/apps/jitsi/meet/tasks/main.yml
+++ b/roles/apps/jitsi/meet/tasks/main.yml
@@ -97,10 +97,31 @@
 
 - name: configure stream-ui http proxy locations
   when: jitsi_meet_streamui is defined
-  set_fact:
-    nginx_vhost_locations_streamui:
-      '/stream-ui/':
-        proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
+  block:
+  - name: generate basic auth password file for stream-ui
+    when: "'http_auth' in jitsi_meet_streamui"
+    vars:
+      nginx_auth_basic_filename: "jitsi-meet-{{ jitsi_meet_inst_name }}-streamui"
+      nginx_auth_basic_users: "{{ jitsi_meet_streamui.http_auth }}"
+    include_role:
+      name: nginx/auth/basic
+
+  - name: set stream-ui vhost config with authentication
+    when: "'http_auth' in jitsi_meet_streamui"
+    set_fact:
+      nginx_vhost_locations_streamui:
+        '/stream-ui/':
+          proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
+          extra_directives: |-
+            auth_basic "Jitsi Stream-UI";
+            auth_basic_user_file /etc/nginx/auth/jitsi-meet-{{ jitsi_meet_inst_name }}-streamui.htpasswd;
+
+  - name: set stream-ui vhost config without authentication
+    when: "'http_auth' not in jitsi_meet_streamui"
+    set_fact:
+      nginx_vhost_locations_streamui:
+        '/stream-ui/':
+          proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/"
 
 - name: configure nginx vhost
   vars:
diff --git a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
index 95f49982..b822c708 100644
--- a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
+++ b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2
@@ -212,6 +212,8 @@ containers:
   - name: JVB_BREWERY_MUC
     value: jvbbrewery
 
+  - name: PUBLIC_URL
+    value: "https://{{ jitsi_meet_hostname }}"
   - name: JVB_PORT
     value: "{{ jitsi_meet_jvb_port }}"
   - name: JVB_TCP_HARVESTER_DISABLED
@@ -235,6 +237,17 @@ containers:
     containerPort: 3000
     hostPort: {{ jitsi_meet_streamui.http_port }}
     hostIP: 127.0.0.1
+  env:
+  - name: HTTP_PATH
+    value: "/stream-ui"
+  - name: JITSI_XMPP_ID
+    value: "display@stream-ui.meet.jitsi"
+  - name: JITSI_XMPP_PASSWORD
+    value: "{{ jitsi_meet_secrets.streamuidisplay_auth_password }}"
+{% if 'default_control_room' in jitsi_meet_streamui %}
+  - name: DEFAULT_CONTROL_ROOM
+    value: "{{ jitsi_meet_streamui.default_control_room }}"
+{% endif %}
 
 {% endif %}
 volumes:
-- 
cgit v1.2.3