Make generate-jitsi-passwords.sh less magical

This commit is contained in:
Slavi Pantaleev 2020-04-08 10:05:10 +03:00
parent e36fe54974
commit 1b27e0f812
2 changed files with 18 additions and 44 deletions

View file

@ -23,18 +23,16 @@ Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
```yaml ```yaml
matrix_jitsi_enabled: true matrix_jitsi_enabled: true
# Run `bash inventory/scripts/generate-jitsi-passwords.sh` to generate these passwords,
# or define your own strong passwords manually.
matrix_jitsi_jicofo_component_secret: ""
matrix_jitsi_jicofo_auth_password: ""
matrix_jitsi_jvb_auth_password: ""
matrix_jitsi_jibri_recorder_password: ""
matrix_jitsi_jibri_xmpp_password: ""
``` ```
## Securing your Jitsi instance with strong passwords
Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance.
Execute the following commands in your terminal from the root of this repo:
```bash
cd inventory/scripts
bash generate-jitsi-passwords.sh
```
The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration.
## (Optional) configure internal Jitsi authentication and guests mode ## (Optional) configure internal Jitsi authentication and guests mode

View file

@ -2,38 +2,14 @@
# This is a bash script for generating strong passwords for the Jitsi role in this ansible project: # This is a bash script for generating strong passwords for the Jitsi role in this ansible project:
# https://github.com/spantaleev/matrix-docker-ansible-deploy # https://github.com/spantaleev/matrix-docker-ansible-deploy
# This script assumes that you followed the documentation at https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook.md and created a folder in the source code's directory like this: 'mkdir inventory/host_vars/matrix.<your-domain>'
# it will put the generated passwords for Jitsi at the end of the vars.yml file in that directory
function generatePassword() { function generatePassword() {
openssl rand -hex 16 openssl rand -hex 16
} }
# helper function to get the matrix domain in the host_vars directory echo "# If this script fails, it's likely because you don't have the openssl tool installed."
function get_domain_dir() { echo "# Install it before using this script, or simply create your own passwords manually."
counter=0
for f in *; do echo ""
counter=$(( counter + 1 ))
if [ ! -d "$f" ]; then
echo "Error: could not find directory 'matrix.your.domain'"
echo "Did you create it already? Please first setup your matrix homeserver before running this script."
echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md"
exit 1
elif [[ "$counter" -gt 1 ]]; then
echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected."
echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook."
echo "Cannot continue script, exiting."
exit 1
fi
# Will not set domain if zero or multiple directories are detected
domain=$f
done
}
cd ../host_vars
get_domain_dir
JICOFO_COMPONENT_SECRET=$(generatePassword) JICOFO_COMPONENT_SECRET=$(generatePassword)
JICOFO_AUTH_PASSWORD=$(generatePassword) JICOFO_AUTH_PASSWORD=$(generatePassword)
@ -41,10 +17,10 @@ JVB_AUTH_PASSWORD=$(generatePassword)
JIBRI_RECORDER_PASSWORD=$(generatePassword) JIBRI_RECORDER_PASSWORD=$(generatePassword)
JIBRI_XMPP_PASSWORD=$(generatePassword) JIBRI_XMPP_PASSWORD=$(generatePassword)
echo "" >> ../host_vars/${domain}/vars.yml echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:"
echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml echo ""
echo "matrix_jitsi_jicofo_component_secret: $JICOFO_COMPONENT_SECRET" >> ../host_vars/${domain}/vars.yml echo "matrix_jitsi_jicofo_component_secret: "$JICOFO_COMPONENT_SECRET
echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml echo "matrix_jitsi_jicofo_auth_password: "$JICOFO_AUTH_PASSWORD
echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml echo "matrix_jitsi_jvb_auth_password: "$JVB_AUTH_PASSWORD
echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" >> ../host_vars/${domain}/vars.yml echo "matrix_jitsi_jibri_recorder_password: "$JIBRI_RECORDER_PASSWORD
echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" >> ../host_vars/${domain}/vars.yml echo "matrix_jitsi_jibri_xmpp_password: "$JIBRI_XMPP_PASSWORD