From 1b27e0f812c652eb91504c3d8af24264b10039ce Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Apr 2020 10:05:10 +0300 Subject: [PATCH] Make generate-jitsi-passwords.sh less magical --- docs/configuring-playbook-jitsi.md | 16 +++---- inventory/scripts/generate-jitsi-passwords.sh | 44 +++++-------------- 2 files changed, 17 insertions(+), 43 deletions(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index c7245e92..1a3f10c7 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -23,18 +23,16 @@ Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: ```yaml matrix_jitsi_enabled: true -``` - -## Securing your Jitsi instance with strong passwords -Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance. -Execute the following commands in your terminal from the root of this repo: -```bash -cd inventory/scripts -bash generate-jitsi-passwords.sh +# Run `bash inventory/scripts/generate-jitsi-passwords.sh` to generate these passwords, +# or define your own strong passwords manually. +matrix_jitsi_jicofo_component_secret: "" +matrix_jitsi_jicofo_auth_password: "" +matrix_jitsi_jvb_auth_password: "" +matrix_jitsi_jibri_recorder_password: "" +matrix_jitsi_jibri_xmpp_password: "" ``` -The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration. ## (Optional) configure internal Jitsi authentication and guests mode diff --git a/inventory/scripts/generate-jitsi-passwords.sh b/inventory/scripts/generate-jitsi-passwords.sh index ae6d471a..eacfa7d8 100755 --- a/inventory/scripts/generate-jitsi-passwords.sh +++ b/inventory/scripts/generate-jitsi-passwords.sh @@ -2,38 +2,14 @@ # This is a bash script for generating strong passwords for the Jitsi role in this ansible project: # https://github.com/spantaleev/matrix-docker-ansible-deploy -# This script assumes that you followed the documentation at https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook.md and created a folder in the source code's directory like this: 'mkdir inventory/host_vars/matrix.' -# it will put the generated passwords for Jitsi at the end of the vars.yml file in that directory - function generatePassword() { openssl rand -hex 16 } -# helper function to get the matrix domain in the host_vars directory -function get_domain_dir() { - counter=0 - - for f in *; do - counter=$(( counter + 1 )) - if [ ! -d "$f" ]; then - echo "Error: could not find directory 'matrix.your.domain'" - echo "Did you create it already? Please first setup your matrix homeserver before running this script." - echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md" - exit 1 - elif [[ "$counter" -gt 1 ]]; then - echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected." - echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook." - echo "Cannot continue script, exiting." - exit 1 - fi - - # Will not set domain if zero or multiple directories are detected - domain=$f - done -} +echo "# If this script fails, it's likely because you don't have the openssl tool installed." +echo "# Install it before using this script, or simply create your own passwords manually." -cd ../host_vars -get_domain_dir +echo "" JICOFO_COMPONENT_SECRET=$(generatePassword) JICOFO_AUTH_PASSWORD=$(generatePassword) @@ -41,10 +17,10 @@ JVB_AUTH_PASSWORD=$(generatePassword) JIBRI_RECORDER_PASSWORD=$(generatePassword) JIBRI_XMPP_PASSWORD=$(generatePassword) -echo "" >> ../host_vars/${domain}/vars.yml -echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml -echo "matrix_jitsi_jicofo_component_secret: $JICOFO_COMPONENT_SECRET" >> ../host_vars/${domain}/vars.yml -echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml -echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml -echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" >> ../host_vars/${domain}/vars.yml -echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:" +echo "" +echo "matrix_jitsi_jicofo_component_secret: "$JICOFO_COMPONENT_SECRET +echo "matrix_jitsi_jicofo_auth_password: "$JICOFO_AUTH_PASSWORD +echo "matrix_jitsi_jvb_auth_password: "$JVB_AUTH_PASSWORD +echo "matrix_jitsi_jibri_recorder_password: "$JIBRI_RECORDER_PASSWORD +echo "matrix_jitsi_jibri_xmpp_password: "$JIBRI_XMPP_PASSWORD