diff --git a/.gitignore b/.gitignore index e3f61b55..32ab139f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ /inventory/* !/inventory/.gitkeep !/inventory/host_vars/.gitkeep +!/inventory/scripts /roles/*/files/scratchpad diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index c2834244..017cb4eb 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -25,6 +25,17 @@ Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: matrix_jitsi_enabled: true ``` +## Securing your Jitsi instance with strong passwords + +Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance. +Execute the following commands in your terminal from the root of this repo: +```bash +cd inventory/scripts +bash generate-jitsi-passwords.sh +``` + +The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration. + ## (Optional) configure internal Jitsi authentication and guests mode By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration. diff --git a/inventory/scripts/generate-jitsi-passwords.sh b/inventory/scripts/generate-jitsi-passwords.sh new file mode 100755 index 00000000..ae6d471a --- /dev/null +++ b/inventory/scripts/generate-jitsi-passwords.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +# This is a bash script for generating strong passwords for the Jitsi role in this ansible project: +# https://github.com/spantaleev/matrix-docker-ansible-deploy + +# This script assumes that you followed the documentation at https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook.md and created a folder in the source code's directory like this: 'mkdir inventory/host_vars/matrix.' +# it will put the generated passwords for Jitsi at the end of the vars.yml file in that directory + +function generatePassword() { + openssl rand -hex 16 +} + +# helper function to get the matrix domain in the host_vars directory +function get_domain_dir() { + counter=0 + + for f in *; do + counter=$(( counter + 1 )) + if [ ! -d "$f" ]; then + echo "Error: could not find directory 'matrix.your.domain'" + echo "Did you create it already? Please first setup your matrix homeserver before running this script." + echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md" + exit 1 + elif [[ "$counter" -gt 1 ]]; then + echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected." + echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook." + echo "Cannot continue script, exiting." + exit 1 + fi + + # Will not set domain if zero or multiple directories are detected + domain=$f + done +} + +cd ../host_vars +get_domain_dir + +JICOFO_COMPONENT_SECRET=$(generatePassword) +JICOFO_AUTH_PASSWORD=$(generatePassword) +JVB_AUTH_PASSWORD=$(generatePassword) +JIBRI_RECORDER_PASSWORD=$(generatePassword) +JIBRI_XMPP_PASSWORD=$(generatePassword) + +echo "" >> ../host_vars/${domain}/vars.yml +echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jicofo_component_secret: $JICOFO_COMPONENT_SECRET" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" >> ../host_vars/${domain}/vars.yml diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 1fed1744..55f82677 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -28,7 +28,7 @@ matrix_jitsi_jibri_recorder_user: recorder matrix_jitsi_jibri_recorder_password: recorder-password -matrix_jitsi_web_docker_image: "jitsi/web:4101" +matrix_jitsi_web_docker_image: "jitsi/web:4384" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" @@ -73,7 +73,7 @@ matrix_jitsi_web_interface_config_show_powered_by: false matrix_jitsi_web_interface_config_disable_transcription_subtitles: false matrix_jisti_web_interface_config_show_deep_linking_image: false -matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101" +matrix_jitsi_prosody_docker_image: "jitsi/prosody:4384" matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" @@ -86,7 +86,7 @@ matrix_jitsi_prosody_container_extra_arguments: [] matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] -matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101" +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4384" matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" @@ -103,7 +103,7 @@ matrix_jitsi_jicofo_auth_user: focus matrix_jitsi_jicofo_auth_password: passw0rd -matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101" +matrix_jitsi_jvb_docker_image: "jitsi/jvb:4384" matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"