[__jitsi_meet*] Improve documentation
Also improve __jitsi_meet_user's support for removing users in that a password is not required to remove them.
This commit is contained in:
parent
a90c8b18e5
commit
fbdcd8d6fc
6 changed files with 55 additions and 27 deletions
|
@ -1,5 +1,5 @@
|
|||
cdist-type__jitsi_meet(7)
|
||||
=================================
|
||||
=========================
|
||||
|
||||
|
||||
NAME
|
||||
|
@ -57,6 +57,13 @@ disable-prometheus-exporter
|
|||
The explorer is based on:
|
||||
https://github.com/systemli/prometheus-jitsi-meet-exporter
|
||||
|
||||
secured-domains
|
||||
If this flag is present, all domains that use this Jitsi instance will
|
||||
require that an authenticated user starts a meeting.
|
||||
For information on how this is achieved, see
|
||||
https://jitsi.github.io/handbook/docs/devops-guide/secure-domain .
|
||||
You will need to create the users with `__jitsi_meet_user(7)`.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
@ -74,8 +81,8 @@ EXAMPLES
|
|||
|
||||
SEE ALSO
|
||||
--------
|
||||
- `__jitsi_meet_domain`
|
||||
|
||||
- `__jitsi_meet_domain(7)`
|
||||
- `__jitsi_meet_user(7)`
|
||||
|
||||
|
||||
AUTHORS
|
||||
|
@ -85,4 +92,4 @@ Evilham <contact@evilham.com>
|
|||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Evilham.
|
||||
Copyright \(C) 2021 Evilham.
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
cdist-type__jitsi_meet_domain(7)
|
||||
========================================
|
||||
================================
|
||||
|
||||
|
||||
NAME
|
||||
|
@ -107,6 +107,10 @@ enable-third-party-requests
|
|||
them, restoring Jitsi-Meet's defaults.
|
||||
This affects things like avatars, callstats, ...
|
||||
|
||||
secured-domains
|
||||
Whether or not an authetnicated user will be required to start a meeting.
|
||||
You will need to create the users with `__jitsi_meet_user(7)`.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
@ -120,7 +124,7 @@ EXAMPLES
|
|||
--notice-message "Hola!" \
|
||||
--disable-audio-levels \
|
||||
--turn-secret "WeNeedGoodSecurity" \
|
||||
--video-constraints "$(cat <<EOF
|
||||
--video-constraints "$(cat <<-EOF
|
||||
constraints: {
|
||||
video: {
|
||||
height: {
|
||||
|
@ -137,8 +141,8 @@ EXAMPLES
|
|||
|
||||
SEE ALSO
|
||||
--------
|
||||
- `__jitsi_meet`
|
||||
|
||||
- `__jitsi_meet(7)`
|
||||
- `__jitsi_meet_user(7)`
|
||||
|
||||
|
||||
AUTHORS
|
||||
|
@ -148,4 +152,4 @@ Evilham <contact@evilham.com>
|
|||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Evilham.
|
||||
Copyright \(C) 2021 Evilham.
|
||||
|
|
|
@ -1,30 +1,35 @@
|
|||
cdist-type__jitsi_meet_user(7)
|
||||
=================================
|
||||
==============================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__jitsi_meet_user - Setup users when using jitsi_meet instance with secure domain configuration
|
||||
cdist-type__jitsi_meet_user - Manage users in a Jitsi-Meet with secured-domains
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This type just places a file with a user and a password (plaintext) that will be used in a jitsi-meet instance with `secure domain configuration https://jitsi.github.io/handbook/docs/devops-guide/secure-domain`. There is a different from the official approach: to have an `internal_plain` authentication method to facilitate the auth management. That user will be able to create and join rooms on that instance as a moderator.
|
||||
This type manages a user identified by `$__object_id` that is allowed to start
|
||||
meetings in a Jitsi Meet instance managed by `__jitsi_meet(7)` and
|
||||
`__jitsi_meet_domain(7)`.
|
||||
|
||||
You will also need to setup first the `__jitsi_meet_domain` and `__jitsi_meet` types.
|
||||
It does so by taking advantage of Prosody's plaintext authentication and
|
||||
managing a file per user with the credentials.
|
||||
If a different authentication mechanism is needed, `__jitsi_meet(7)` should be
|
||||
patched accordingly.
|
||||
|
||||
This type only works on De{bi,vu}an systems.
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
object id
|
||||
The user that will be able to authenticate against a Jitsi-Meet instance with secure domain configuration
|
||||
|
||||
passwd
|
||||
The user's password in plaintext (beware that it is also stored as plaintext in the server)
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
password
|
||||
The user's password in plaintext.
|
||||
Beware that since Prosody's plaintext authentication is used, this password
|
||||
will also be stored as plaintext in the server.
|
||||
Unless `--state` is `absent`, this parameter is required.
|
||||
|
||||
state
|
||||
If user should be (default) present or absent
|
||||
Whether the user should be `present` (default) or `absent`.
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
@ -34,10 +39,16 @@ EXAMPLES
|
|||
# Setup a Jitsi user for secure domain configuration
|
||||
__jitsi_meet_user "user_1" --password "WeNeedGoodSecurity"
|
||||
|
||||
# Remove such Jitsi user so it is not allowed to start meetings
|
||||
__jitsi_meet_user "user_1" --state absent
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- `__jitsi_meet`
|
||||
- `__jitsi_meet_domain`
|
||||
- Prosody authentication https://modules.prosody.im/type_auth.html
|
||||
- Jitsi Meet secure domain configuration https://jitsi.github.io/handbook/docs/devops-guide/secure-domain
|
||||
- `__jitsi_meet(7)`
|
||||
- `__jitsi_meet_domain(7)`
|
||||
|
||||
|
||||
AUTHORS
|
||||
|
@ -45,10 +56,10 @@ AUTHORS
|
|||
Pedro <pedrodocs2021@cas.cat>
|
||||
Evilham <contact@evilham.com>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2021 Pedro. You can redistribute it
|
||||
Copyright \(C) 2021 Pedro and Evilham. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
Copyright \(C) 2021 Evilham
|
||||
|
|
|
@ -1,8 +1,14 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
PASSWD="$(cat "${__object}/parameter/password")"
|
||||
PASSWD="$(cat "${__object}/parameter/password" 2>/dev/null || true)"
|
||||
STATE="$(cat "${__object}/parameter/state")"
|
||||
|
||||
if [ -z "${PASSWD}" ] && [ "${STATE}" != "absent" ]; then
|
||||
cat >> dev/stderr <<-EOF
|
||||
A password is required unless you are removing the user '$__object_id'.
|
||||
EOF
|
||||
fi
|
||||
|
||||
USER="${__object_id}"
|
||||
FQDN="$(echo "${__target_host}" | sed 's/\./%2e/g' | sed 's/-/%2d/g')"
|
||||
FILENAME="/var/lib/prosody/${FQDN}/accounts/${USER}.dat"
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
password
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
password
|
Loading…
Reference in a new issue