[__jitsi_meet*] Improve documentation

Also improve __jitsi_meet_user's support for removing users in that a password
is not required to remove them.
This commit is contained in:
evilham 2021-05-10 17:04:44 +02:00
parent a90c8b18e5
commit fbdcd8d6fc
6 changed files with 55 additions and 27 deletions

View file

@ -1,5 +1,5 @@
cdist-type__jitsi_meet(7) cdist-type__jitsi_meet(7)
================================= =========================
NAME NAME
@ -57,6 +57,13 @@ disable-prometheus-exporter
The explorer is based on: The explorer is based on:
https://github.com/systemli/prometheus-jitsi-meet-exporter https://github.com/systemli/prometheus-jitsi-meet-exporter
secured-domains
If this flag is present, all domains that use this Jitsi instance will
require that an authenticated user starts a meeting.
For information on how this is achieved, see
https://jitsi.github.io/handbook/docs/devops-guide/secure-domain .
You will need to create the users with `__jitsi_meet_user(7)`.
EXAMPLES EXAMPLES
-------- --------
@ -74,8 +81,8 @@ EXAMPLES
SEE ALSO SEE ALSO
-------- --------
- `__jitsi_meet_domain` - `__jitsi_meet_domain(7)`
- `__jitsi_meet_user(7)`
AUTHORS AUTHORS
@ -85,4 +92,4 @@ Evilham <contact@evilham.com>
COPYING COPYING
------- -------
Copyright \(C) 2020 Evilham. Copyright \(C) 2021 Evilham.

View file

@ -1,5 +1,5 @@
cdist-type__jitsi_meet_domain(7) cdist-type__jitsi_meet_domain(7)
======================================== ================================
NAME NAME
@ -107,6 +107,10 @@ enable-third-party-requests
them, restoring Jitsi-Meet's defaults. them, restoring Jitsi-Meet's defaults.
This affects things like avatars, callstats, ... This affects things like avatars, callstats, ...
secured-domains
Whether or not an authetnicated user will be required to start a meeting.
You will need to create the users with `__jitsi_meet_user(7)`.
EXAMPLES EXAMPLES
-------- --------
@ -120,7 +124,7 @@ EXAMPLES
--notice-message "Hola!" \ --notice-message "Hola!" \
--disable-audio-levels \ --disable-audio-levels \
--turn-secret "WeNeedGoodSecurity" \ --turn-secret "WeNeedGoodSecurity" \
--video-constraints "$(cat <<EOF --video-constraints "$(cat <<-EOF
constraints: { constraints: {
video: { video: {
height: { height: {
@ -137,8 +141,8 @@ EXAMPLES
SEE ALSO SEE ALSO
-------- --------
- `__jitsi_meet` - `__jitsi_meet(7)`
- `__jitsi_meet_user(7)`
AUTHORS AUTHORS
@ -148,4 +152,4 @@ Evilham <contact@evilham.com>
COPYING COPYING
------- -------
Copyright \(C) 2020 Evilham. Copyright \(C) 2021 Evilham.

View file

@ -1,30 +1,35 @@
cdist-type__jitsi_meet_user(7) cdist-type__jitsi_meet_user(7)
================================= ==============================
NAME NAME
---- ----
cdist-type__jitsi_meet_user - Setup users when using jitsi_meet instance with secure domain configuration cdist-type__jitsi_meet_user - Manage users in a Jitsi-Meet with secured-domains
DESCRIPTION DESCRIPTION
----------- -----------
This type just places a file with a user and a password (plaintext) that will be used in a jitsi-meet instance with `secure domain configuration https://jitsi.github.io/handbook/docs/devops-guide/secure-domain`. There is a different from the official approach: to have an `internal_plain` authentication method to facilitate the auth management. That user will be able to create and join rooms on that instance as a moderator. This type manages a user identified by `$__object_id` that is allowed to start
meetings in a Jitsi Meet instance managed by `__jitsi_meet(7)` and
`__jitsi_meet_domain(7)`.
You will also need to setup first the `__jitsi_meet_domain` and `__jitsi_meet` types. It does so by taking advantage of Prosody's plaintext authentication and
managing a file per user with the credentials.
If a different authentication mechanism is needed, `__jitsi_meet(7)` should be
patched accordingly.
This type only works on De{bi,vu}an systems. This type only works on De{bi,vu}an systems.
REQUIRED PARAMETERS
-------------------
object id
The user that will be able to authenticate against a Jitsi-Meet instance with secure domain configuration
passwd
The user's password in plaintext (beware that it is also stored as plaintext in the server)
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
password
The user's password in plaintext.
Beware that since Prosody's plaintext authentication is used, this password
will also be stored as plaintext in the server.
Unless `--state` is `absent`, this parameter is required.
state state
If user should be (default) present or absent Whether the user should be `present` (default) or `absent`.
EXAMPLES EXAMPLES
-------- --------
@ -34,10 +39,16 @@ EXAMPLES
# Setup a Jitsi user for secure domain configuration # Setup a Jitsi user for secure domain configuration
__jitsi_meet_user "user_1" --password "WeNeedGoodSecurity" __jitsi_meet_user "user_1" --password "WeNeedGoodSecurity"
# Remove such Jitsi user so it is not allowed to start meetings
__jitsi_meet_user "user_1" --state absent
SEE ALSO SEE ALSO
-------- --------
- `__jitsi_meet` - Prosody authentication https://modules.prosody.im/type_auth.html
- `__jitsi_meet_domain` - Jitsi Meet secure domain configuration https://jitsi.github.io/handbook/docs/devops-guide/secure-domain
- `__jitsi_meet(7)`
- `__jitsi_meet_domain(7)`
AUTHORS AUTHORS
@ -45,10 +56,10 @@ AUTHORS
Pedro <pedrodocs2021@cas.cat> Pedro <pedrodocs2021@cas.cat>
Evilham <contact@evilham.com> Evilham <contact@evilham.com>
COPYING COPYING
------- -------
Copyright \(C) 2021 Pedro. You can redistribute it Copyright \(C) 2021 Pedro and Evilham. You can redistribute it
and/or modify it under the terms of the GNU General Public License as and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version. License, or (at your option) any later version.
Copyright \(C) 2021 Evilham

View file

@ -1,8 +1,14 @@
#!/bin/sh -e #!/bin/sh -e
PASSWD="$(cat "${__object}/parameter/password")" PASSWD="$(cat "${__object}/parameter/password" 2>/dev/null || true)"
STATE="$(cat "${__object}/parameter/state")" STATE="$(cat "${__object}/parameter/state")"
if [ -z "${PASSWD}" ] && [ "${STATE}" != "absent" ]; then
cat >> dev/stderr <<-EOF
A password is required unless you are removing the user '$__object_id'.
EOF
fi
USER="${__object_id}" USER="${__object_id}"
FQDN="$(echo "${__target_host}" | sed 's/\./%2e/g' | sed 's/-/%2d/g')" FQDN="$(echo "${__target_host}" | sed 's/\./%2e/g' | sed 's/-/%2d/g')"
FILENAME="/var/lib/prosody/${FQDN}/accounts/${USER}.dat" FILENAME="/var/lib/prosody/${FQDN}/accounts/${USER}.dat"

View file

@ -1 +1,2 @@
password
state state

View file

@ -1 +0,0 @@
password