ppacheco28
4 年之前
共有 3 個檔案被更改,包括 76 行新增 和 10 行删除
分割檢視
Diff Options
-
+31 -4roles/matrix-jitsi/defaults/main.yml
-
+15 -6roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml
-
+30 -0roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml
+ 31
- 4
roles/matrix-jitsi/defaults/main.yml
查看文件
| @@ -12,6 +12,9 @@ matrix_jitsi_enable_av_moderation: true | |||
| # Authentication type, must be one of internal, jwt or ldap. Currently only | |||
| # internal and ldap are supported by this playbook. | |||
| matrix_jitsi_auth_type: internal | |||
| matrix_jitsi_prosody_auth_internal_accounts: | |||
| - username: "jitsti-moderator" | |||
| password: "" | |||
| # Configuration options for LDAP authentication. For details see upstream: | |||
| # https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap. | |||
| @@ -41,16 +44,17 @@ matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi | |||
| matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi | |||
| matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi | |||
| matrix_jitsi_xmpp_modules: '' | |||
| matrix_jitsi_xmpp_muc_modules: '' | |||
| matrix_jitsi_xmpp_muc_modules_internal: '' | |||
| matrix_jitsi_recorder_domain: recorder.meet.jitsi | |||
| matrix_jitsi_jibri_recorder_user: recorder | |||
| matrix_jitsi_jibri_recorder_password: '' | |||
| matrix_jitsi_jibri_brewery_muc: jibribrewery | |||
| matrix_jitsi_jibri_pending_timeout: 90 | |||
| matrix_jitsi_jibri_xmpp_user: jibri | |||
| matrix_jitsi_jibri_xmpp_password: '' | |||
| matrix_jitsi_jibri_recorder_user: recorder | |||
| matrix_jitsi_jibri_recorder_password: '' | |||
| matrix_jitsi_enable_lobby: false | |||
| @@ -205,7 +209,6 @@ matrix_jitsi_jicofo_component_secret: '' | |||
| matrix_jitsi_jicofo_auth_user: focus | |||
| matrix_jitsi_jicofo_auth_password: '' | |||
| matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}" | |||
| matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" | |||
| @@ -229,6 +232,30 @@ matrix_jitsi_jvb_brewery_muc: jvbbrewery | |||
| matrix_jitsi_jvb_rtp_udp_port: 10000 | |||
| matrix_jitsi_jvb_rtp_tcp_port: 4443 | |||
| # JWT Auth | |||
| matrix_jitsi_auth_jwt_id: jitsi | |||
| matrix_jitsi_auth_jwt_secret: '' | |||
| matrix_jitsi_auth_jwt_accepted_issuers: '' | |||
| matrix_jitsi_authjwt_allow_empty: false | |||
| # Jigasi SIP Gateway Configuration - Not Fully Implemented | |||
| matrix_jitsi_jigasi_auth_user: '' | |||
| matrix_jitsi_jigasi_auth_password: '' | |||
| #JIGASI_SIP_URI: '' # SIP URI for incoming / outgoing calls test@sip2sip.info | |||
| #JIGASI_SIP_PASSWORD: '' # Password for the specified SIP account passw0rd | |||
| #JIGASI_SIP_SERVER SIP: '' # server (use the SIP account domain if in doubt) sip2sip.info | |||
| #JIGASI_SIP_PORT SIP: '5060' # server port 5060 | |||
| #JIGASI_SIP_TRANSPORT: 'UDP' # SIP transport UDP | |||
| #DIALIN_NUMBERS_URL: 'https://jitsi.chs.chat/dial-in.json' # URL to the JSON with all Dial-In numbers. Example: https://meet.example.com/dialin.json | |||
| #CONFCODE_URL: '' # URL to the API for checking/generating Dial-In codes. Example: https://jitsi-api.jitsi.net/conferenceMapper | |||
| #GC_PROJECT_ID: # project_id from Google Cloud Credentials | |||
| #GC_PRIVATE_KEY_ID: # private_key_id from Google Cloud Credentials | |||
| #GC_PRIVATE_KEY: # private_key from Google Cloud Credentials | |||
| #GC_CLIENT_EMAIL: # client_email from Google Cloud Credentials | |||
| #GC_CLIENT_ID: # client_id from Google Cloud Credentials | |||
| #GC_CLIENT_CERT_URL: # client_x509_cert_url from Google Cloud Credentials | |||
| # Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB. | |||
| # This configuration gets appended to the final configuration that Jitsi JVB uses. | |||
| # | |||
+ 15
- 6
roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml
查看文件
| @@ -25,14 +25,14 @@ | |||
| force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" | |||
| when: matrix_jitsi_enabled|bool | |||
| - name: Ensure jitsi-prosody environment variables file created | |||
| - name: Ensure jitsi-prosody environment variables file is created | |||
| template: | |||
| src: "{{ role_path }}/templates/prosody/env.j2" | |||
| dest: "{{ matrix_jitsi_prosody_base_path }}/env" | |||
| mode: 0640 | |||
| when: matrix_jitsi_enabled|bool | |||
| - name: Ensure matrix-jitsi-prosody.service installed | |||
| - name: Ensure matrix-jitsi-prosody.service is installed | |||
| template: | |||
| src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" | |||
| dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" | |||
| @@ -40,16 +40,25 @@ | |||
| register: matrix_jitsi_prosody_systemd_service_result | |||
| when: matrix_jitsi_enabled|bool | |||
| - name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation | |||
| - name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation | |||
| service: | |||
| daemon_reload: yes | |||
| when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" | |||
| - name: Ensure authentication is properly configured | |||
| include_tasks: | |||
| file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml" | |||
| when: | |||
| - matrix_jitsi_enabled|bool | |||
| - matrix_jitsi_enable_auth|bool | |||
| # | |||
| # Tasks related to getting rid of jitsi-prosody (if it was previously enabled) | |||
| # | |||
| - name: Check existence of matrix-jitsi-prosody service | |||
| - name: Ensure matrix-jitsi-prosody service file exists | |||
| stat: | |||
| path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" | |||
| register: matrix_jitsi_prosody_service_stat | |||
| @@ -64,13 +73,13 @@ | |||
| register: stopping_result | |||
| when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" | |||
| - name: Ensure matrix-jitsi-prosody.service doesn't exist | |||
| - name: Ensure matrix-jitsi-prosody service file doesn't exist | |||
| file: | |||
| path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" | |||
| state: absent | |||
| when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" | |||
| - name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal | |||
| - name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal | |||
| service: | |||
| daemon_reload: yes | |||
| when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" | |||
+ 30
- 0
roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml
查看文件
| @@ -0,0 +1,30 @@ | |||
| --- | |||
| # | |||
| # Tasks related to setting up Jitsi authentication mechanisms | |||
| # | |||
| - name: Ensure matrix-jitsi-prosody container is running | |||
| systemd: | |||
| state: started | |||
| name: matrix-jitsi-prosody | |||
| - name: Ensire Jitsi internal authentication users are created | |||
| shell: "docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}" | |||
| with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}" | |||
| when: | |||
| - matrix_jitsi_auth_type == "internal" | |||
| # | |||
| # Configure other authentication mechanisms below | |||
| # | |||
| # | |||
| # End | |||
| # | |||
| - name: Ensure matrix-jitsi-prosody container is stopped | |||
| systemd: | |||
| state: stopped | |||
| name: matrix-jitsi-prosody | |||