[__jitsi_meet*] Improve documentation

Also improve __jitsi_meet_user's support for removing users in that a password
is not required to remove them.

type/__jitsi_meet/man.rst

@@ -1,5 +1,5 @@
 cdist-type__jitsi_meet(7)
-=================================
+=========================
 
 
 NAME
@@ -57,6 +57,13 @@ disable-prometheus-exporter
     The explorer is based on:
     https://github.com/systemli/prometheus-jitsi-meet-exporter
 
+secured-domains
+    If this flag is present, all domains that use this Jitsi instance will
+    require that an authenticated user starts a meeting.
+    For information on how this is achieved, see
+    https://jitsi.github.io/handbook/docs/devops-guide/secure-domain .
+    You will need to create the users with `__jitsi_meet_user(7)`.
+
 
 EXAMPLES
 --------
@@ -74,8 +81,8 @@ EXAMPLES
 
 SEE ALSO
 --------
-- `__jitsi_meet_domain`
-
+- `__jitsi_meet_domain(7)`
+- `__jitsi_meet_user(7)`
 
 
 AUTHORS
@@ -85,4 +92,4 @@ Evilham <contact@evilham.com>
 
 COPYING
 -------
-Copyright \(C) 2020 Evilham.
+Copyright \(C) 2021 Evilham.

type/__jitsi_meet_domain/man.rst

@@ -1,5 +1,5 @@
 cdist-type__jitsi_meet_domain(7)
-========================================
+================================
 
 
 NAME
@@ -107,6 +107,10 @@ enable-third-party-requests
     them, restoring Jitsi-Meet's defaults.
     This affects things like avatars, callstats, ...
 
+secured-domains
+    Whether or not an authetnicated user will be required to start a meeting.
+    You will need to create the users with `__jitsi_meet_user(7)`.
+
 
 EXAMPLES
 --------
@@ -120,7 +124,7 @@ EXAMPLES
       --notice-message "Hola!" \
       --disable-audio-levels \
       --turn-secret "WeNeedGoodSecurity" \
-      --video-constraints "$(cat <<EOF
+      --video-constraints "$(cat <<-EOF
         constraints: {
              video: {
                  height: {
@@ -137,8 +141,8 @@ EXAMPLES
 
 SEE ALSO
 --------
-- `__jitsi_meet`
-
+- `__jitsi_meet(7)`
+- `__jitsi_meet_user(7)`
 
 
 AUTHORS
@@ -148,4 +152,4 @@ Evilham <contact@evilham.com>
 
 COPYING
 -------
-Copyright \(C) 2020 Evilham.
+Copyright \(C) 2021 Evilham.

type/__jitsi_meet_user/man.rst

@@ -1,30 +1,35 @@
 cdist-type__jitsi_meet_user(7)
-=================================
+==============================
 
 NAME
 ----
-cdist-type__jitsi_meet_user - Setup users when using jitsi_meet instance with secure domain configuration
+cdist-type__jitsi_meet_user - Manage users in a Jitsi-Meet with secured-domains
+
 
 DESCRIPTION
 -----------
-This type just places a file with a user and a password (plaintext) that will be used in a jitsi-meet instance with `secure domain configuration https://jitsi.github.io/handbook/docs/devops-guide/secure-domain`. There is a different from the official approach: to have an `internal_plain` authentication method to facilitate the auth management. That user will be able to create and join rooms on that instance as a moderator.
+This type manages a user identified by `$__object_id` that is allowed to start
+meetings in a Jitsi Meet instance managed by `__jitsi_meet(7)` and
+`__jitsi_meet_domain(7)`.
 
-You will also need to setup first the `__jitsi_meet_domain` and `__jitsi_meet` types.
+It does so by taking advantage of Prosody's plaintext authentication and
+managing a file per user with the credentials.
+If a different authentication mechanism is needed, `__jitsi_meet(7)` should be
+patched accordingly.
 
 This type only works on De{bi,vu}an systems.
 
-REQUIRED PARAMETERS
--------------------
-object id
-    The user that will be able to authenticate against a Jitsi-Meet instance with secure domain configuration
-
-passwd
-    The user's password in plaintext (beware that it is also stored as plaintext in the server)
 
 OPTIONAL PARAMETERS
 -------------------
+password
+    The user's password in plaintext.
+    Beware that since Prosody's plaintext authentication is used, this password
+    will also be stored as plaintext in the server.
+    Unless `--state` is `absent`, this parameter is required.
+
 state
-    If user should be (default) present or absent
+    Whether the user should be `present` (default) or `absent`.
 
 EXAMPLES
 --------
@@ -34,10 +39,16 @@ EXAMPLES
     # Setup a Jitsi user for secure domain configuration
     __jitsi_meet_user "user_1" --password "WeNeedGoodSecurity"
 
+    # Remove such Jitsi user so it is not allowed to start meetings
+    __jitsi_meet_user "user_1" --state absent
+
+
 SEE ALSO
 --------
-- `__jitsi_meet`
-- `__jitsi_meet_domain`
+- Prosody authentication https://modules.prosody.im/type_auth.html
+- Jitsi Meet secure domain configuration https://jitsi.github.io/handbook/docs/devops-guide/secure-domain
+- `__jitsi_meet(7)`
+- `__jitsi_meet_domain(7)`
 
 
 AUTHORS
@@ -45,10 +56,10 @@ AUTHORS
 Pedro <pedrodocs2021@cas.cat>
 Evilham <contact@evilham.com>
 
+
 COPYING
 -------
-Copyright \(C) 2021 Pedro. You can redistribute it
+Copyright \(C) 2021 Pedro and Evilham. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.
-Copyright \(C) 2021 Evilham

type/__jitsi_meet_user/manifest

@@ -1,8 +1,14 @@
 #!/bin/sh -e
 
-PASSWD="$(cat "${__object}/parameter/password")"
+PASSWD="$(cat "${__object}/parameter/password" 2>/dev/null || true)"
 STATE="$(cat "${__object}/parameter/state")"
 
+if [ -z "${PASSWD}" ] && [ "${STATE}" != "absent" ]; then
+	cat >> dev/stderr <<-EOF
+	A password is required unless you are removing the user '$__object_id'.
+	EOF
+fi
+
 USER="${__object_id}"
 FQDN="$(echo "${__target_host}" | sed 's/\./%2e/g' | sed 's/-/%2d/g')"
 FILENAME="/var/lib/prosody/${FQDN}/accounts/${USER}.dat"

type/__jitsi_meet_user/parameter/optional

@@ -1 +1,2 @@
+password
 state

type/__jitsi_meet_user/parameter/required

@@ -1 +0,0 @@
-password