update Jitsi, add generate-jitsi-passwords script

5 년 전 · f9d39f1c0c
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 /inventory/*
 !/inventory/.gitkeep
 !/inventory/host_vars/.gitkeep
 !/inventory/scripts
 /roles/*/files/scratchpad
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@@ -25,6 +25,17 @@ Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
 matrix_jitsi_enabled: true
 ```

 ## Securing your Jitsi instance with strong passwords

 Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance.
 Execute the following commands in your terminal from the root of this repo:
 ```bash
 cd inventory/scripts
 bash generate-jitsi-passwords.sh
 ```

 The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration.

 ## (Optional) configure internal Jitsi authentication and guests mode

 By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration.
--- a/inventory/scripts/generate-jitsi-passwords.sh
+++ b/inventory/scripts/generate-jitsi-passwords.sh
@@ -0,0 +1,50 @@
 #!/usr/bin/env bash
 # This is a bash script for generating strong passwords for the Jitsi role in this ansible project:
 # https://github.com/spantaleev/matrix-docker-ansible-deploy

 # This script assumes that you followed the documentation at https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook.md and created a folder in the source code's directory like this: 'mkdir inventory/host_vars/matrix.<your-domain>'
 # it will put the generated passwords for Jitsi at the end of the vars.yml file in that directory

 function generatePassword() {
    openssl rand -hex 16
 }

 # helper function to get the matrix domain in the host_vars directory
 function get_domain_dir() {
 	counter=0
 	
 	for f in *; do
 	    counter=$(( counter + 1 ))
 	    if [ ! -d "$f" ]; then
    		echo "Error: could not find directory 'matrix.your.domain'"
    		echo "Did you create it already? Please first setup your matrix homeserver before running this script."                   
    		echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md"
    		exit 1
 	    elif [[ "$counter" -gt 1 ]]; then
    		echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected."
 		echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook."
 		echo "Cannot continue script, exiting."
    		exit 1
 	    fi
 	    
 	    # Will not set domain if zero or multiple directories are detected
 	    domain=$f
 	done
 }

 cd ../host_vars
 get_domain_dir

 JICOFO_COMPONENT_SECRET=`generatePassword`
 JICOFO_AUTH_PASSWORD=`generatePassword`
 JVB_AUTH_PASSWORD=`generatePassword`
 JIBRI_RECORDER_PASSWORD=`generatePassword`
 JIBRI_XMPP_PASSWORD=`generatePassword`

 echo "" >> ../host_vars/${domain}/vars.yml
 echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml
 echo "matrix_jitsi_jicofo_component_secret: $JICOFO_COMPONENT_SECRET" >> ../host_vars/${domain}/vars.yml
 echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml
 echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml
 echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" >> ../host_vars/${domain}/vars.yml
 echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" >> ../host_vars/${domain}/vars.yml
--- a/roles/matrix-jitsi/defaults/main.yml
+++ b/roles/matrix-jitsi/defaults/main.yml
@@ -28,7 +28,7 @@ matrix_jitsi_jibri_recorder_user: recorder
 matrix_jitsi_jibri_recorder_password: recorder-password


 matrix_jitsi_web_docker_image: "jitsi/web:4101"
 matrix_jitsi_web_docker_image: "jitsi/web:4384"
 matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"

 matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
@@ -73,7 +73,7 @@ matrix_jitsi_web_interface_config_show_powered_by: false
 matrix_jitsi_web_interface_config_disable_transcription_subtitles: false
 matrix_jisti_web_interface_config_show_deep_linking_image: false

 matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101"
 matrix_jitsi_prosody_docker_image: "jitsi/prosody:4384"
 matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"

 matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
@@ -86,7 +86,7 @@ matrix_jitsi_prosody_container_extra_arguments: []
 matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']


 matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101"
 matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4384"
 matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"

 matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
@@ -103,7 +103,7 @@ matrix_jitsi_jicofo_auth_user: focus
 matrix_jitsi_jicofo_auth_password: passw0rd


 matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101"
 matrix_jitsi_jvb_docker_image: "jitsi/jvb:4384"
 matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"

 matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"