[__jitsi_meet*] Improve documentation
Also improve __jitsi_meet_user's support for removing users in that a password is not required to remove them.
This commit is contained in:
parent
a90c8b18e5
commit
fbdcd8d6fc
6 changed files with 55 additions and 27 deletions
|
@ -1,5 +1,5 @@
|
||||||
cdist-type__jitsi_meet(7)
|
cdist-type__jitsi_meet(7)
|
||||||
=================================
|
=========================
|
||||||
|
|
||||||
|
|
||||||
NAME
|
NAME
|
||||||
|
@ -57,6 +57,13 @@ disable-prometheus-exporter
|
||||||
The explorer is based on:
|
The explorer is based on:
|
||||||
https://github.com/systemli/prometheus-jitsi-meet-exporter
|
https://github.com/systemli/prometheus-jitsi-meet-exporter
|
||||||
|
|
||||||
|
secured-domains
|
||||||
|
If this flag is present, all domains that use this Jitsi instance will
|
||||||
|
require that an authenticated user starts a meeting.
|
||||||
|
For information on how this is achieved, see
|
||||||
|
https://jitsi.github.io/handbook/docs/devops-guide/secure-domain .
|
||||||
|
You will need to create the users with `__jitsi_meet_user(7)`.
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
@ -74,8 +81,8 @@ EXAMPLES
|
||||||
|
|
||||||
SEE ALSO
|
SEE ALSO
|
||||||
--------
|
--------
|
||||||
- `__jitsi_meet_domain`
|
- `__jitsi_meet_domain(7)`
|
||||||
|
- `__jitsi_meet_user(7)`
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
|
@ -85,4 +92,4 @@ Evilham <contact@evilham.com>
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2020 Evilham.
|
Copyright \(C) 2021 Evilham.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
cdist-type__jitsi_meet_domain(7)
|
cdist-type__jitsi_meet_domain(7)
|
||||||
========================================
|
================================
|
||||||
|
|
||||||
|
|
||||||
NAME
|
NAME
|
||||||
|
@ -107,6 +107,10 @@ enable-third-party-requests
|
||||||
them, restoring Jitsi-Meet's defaults.
|
them, restoring Jitsi-Meet's defaults.
|
||||||
This affects things like avatars, callstats, ...
|
This affects things like avatars, callstats, ...
|
||||||
|
|
||||||
|
secured-domains
|
||||||
|
Whether or not an authetnicated user will be required to start a meeting.
|
||||||
|
You will need to create the users with `__jitsi_meet_user(7)`.
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
@ -120,7 +124,7 @@ EXAMPLES
|
||||||
--notice-message "Hola!" \
|
--notice-message "Hola!" \
|
||||||
--disable-audio-levels \
|
--disable-audio-levels \
|
||||||
--turn-secret "WeNeedGoodSecurity" \
|
--turn-secret "WeNeedGoodSecurity" \
|
||||||
--video-constraints "$(cat <<EOF
|
--video-constraints "$(cat <<-EOF
|
||||||
constraints: {
|
constraints: {
|
||||||
video: {
|
video: {
|
||||||
height: {
|
height: {
|
||||||
|
@ -137,8 +141,8 @@ EXAMPLES
|
||||||
|
|
||||||
SEE ALSO
|
SEE ALSO
|
||||||
--------
|
--------
|
||||||
- `__jitsi_meet`
|
- `__jitsi_meet(7)`
|
||||||
|
- `__jitsi_meet_user(7)`
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
|
@ -148,4 +152,4 @@ Evilham <contact@evilham.com>
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2020 Evilham.
|
Copyright \(C) 2021 Evilham.
|
||||||
|
|
|
@ -1,30 +1,35 @@
|
||||||
cdist-type__jitsi_meet_user(7)
|
cdist-type__jitsi_meet_user(7)
|
||||||
=================================
|
==============================
|
||||||
|
|
||||||
NAME
|
NAME
|
||||||
----
|
----
|
||||||
cdist-type__jitsi_meet_user - Setup users when using jitsi_meet instance with secure domain configuration
|
cdist-type__jitsi_meet_user - Manage users in a Jitsi-Meet with secured-domains
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
This type just places a file with a user and a password (plaintext) that will be used in a jitsi-meet instance with `secure domain configuration https://jitsi.github.io/handbook/docs/devops-guide/secure-domain`. There is a different from the official approach: to have an `internal_plain` authentication method to facilitate the auth management. That user will be able to create and join rooms on that instance as a moderator.
|
This type manages a user identified by `$__object_id` that is allowed to start
|
||||||
|
meetings in a Jitsi Meet instance managed by `__jitsi_meet(7)` and
|
||||||
|
`__jitsi_meet_domain(7)`.
|
||||||
|
|
||||||
You will also need to setup first the `__jitsi_meet_domain` and `__jitsi_meet` types.
|
It does so by taking advantage of Prosody's plaintext authentication and
|
||||||
|
managing a file per user with the credentials.
|
||||||
|
If a different authentication mechanism is needed, `__jitsi_meet(7)` should be
|
||||||
|
patched accordingly.
|
||||||
|
|
||||||
This type only works on De{bi,vu}an systems.
|
This type only works on De{bi,vu}an systems.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
object id
|
|
||||||
The user that will be able to authenticate against a Jitsi-Meet instance with secure domain configuration
|
|
||||||
|
|
||||||
passwd
|
|
||||||
The user's password in plaintext (beware that it is also stored as plaintext in the server)
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
password
|
||||||
|
The user's password in plaintext.
|
||||||
|
Beware that since Prosody's plaintext authentication is used, this password
|
||||||
|
will also be stored as plaintext in the server.
|
||||||
|
Unless `--state` is `absent`, this parameter is required.
|
||||||
|
|
||||||
state
|
state
|
||||||
If user should be (default) present or absent
|
Whether the user should be `present` (default) or `absent`.
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
@ -34,10 +39,16 @@ EXAMPLES
|
||||||
# Setup a Jitsi user for secure domain configuration
|
# Setup a Jitsi user for secure domain configuration
|
||||||
__jitsi_meet_user "user_1" --password "WeNeedGoodSecurity"
|
__jitsi_meet_user "user_1" --password "WeNeedGoodSecurity"
|
||||||
|
|
||||||
|
# Remove such Jitsi user so it is not allowed to start meetings
|
||||||
|
__jitsi_meet_user "user_1" --state absent
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
SEE ALSO
|
||||||
--------
|
--------
|
||||||
- `__jitsi_meet`
|
- Prosody authentication https://modules.prosody.im/type_auth.html
|
||||||
- `__jitsi_meet_domain`
|
- Jitsi Meet secure domain configuration https://jitsi.github.io/handbook/docs/devops-guide/secure-domain
|
||||||
|
- `__jitsi_meet(7)`
|
||||||
|
- `__jitsi_meet_domain(7)`
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
|
@ -45,10 +56,10 @@ AUTHORS
|
||||||
Pedro <pedrodocs2021@cas.cat>
|
Pedro <pedrodocs2021@cas.cat>
|
||||||
Evilham <contact@evilham.com>
|
Evilham <contact@evilham.com>
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2021 Pedro. You can redistribute it
|
Copyright \(C) 2021 Pedro and Evilham. You can redistribute it
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
published by the Free Software Foundation, either version 3 of the
|
published by the Free Software Foundation, either version 3 of the
|
||||||
License, or (at your option) any later version.
|
License, or (at your option) any later version.
|
||||||
Copyright \(C) 2021 Evilham
|
|
||||||
|
|
|
@ -1,8 +1,14 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
|
|
||||||
PASSWD="$(cat "${__object}/parameter/password")"
|
PASSWD="$(cat "${__object}/parameter/password" 2>/dev/null || true)"
|
||||||
STATE="$(cat "${__object}/parameter/state")"
|
STATE="$(cat "${__object}/parameter/state")"
|
||||||
|
|
||||||
|
if [ -z "${PASSWD}" ] && [ "${STATE}" != "absent" ]; then
|
||||||
|
cat >> dev/stderr <<-EOF
|
||||||
|
A password is required unless you are removing the user '$__object_id'.
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
USER="${__object_id}"
|
USER="${__object_id}"
|
||||||
FQDN="$(echo "${__target_host}" | sed 's/\./%2e/g' | sed 's/-/%2d/g')"
|
FQDN="$(echo "${__target_host}" | sed 's/\./%2e/g' | sed 's/-/%2d/g')"
|
||||||
FILENAME="/var/lib/prosody/${FQDN}/accounts/${USER}.dat"
|
FILENAME="/var/lib/prosody/${FQDN}/accounts/${USER}.dat"
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
|
password
|
||||||
state
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
password
|
|
Loading…
Reference in a new issue