ansible/roles/jitsi/tasks/ldap_auth.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

---
- name: Enable LDAP auth
  ansible.builtin.lineinfile:
    path: /etc/prosody/conf.avail/jitsi.pydis.wtf.cfg.lua
    regexp: 'authentication = "jitsi-anonymous"'
    line: '    authentication = "cyrus"'
  tags:
    - role::jitsi

- name: Enable anonymous authentication for guests in prosody
  ansible.builtin.blockinfile:
    path: /etc/prosody/conf.avail/jitsi.pydis.wtf.cfg.lua
    insertbefore: 'Component "conference.jitsi.pydis.wtf" "muc"'
    marker: "-- {mark} ANSIBLE MANAGED BLOCK"
    block: |
      VirtualHost "guest.jitsi.pydis.wtf"
          authentication = "anonymous"
          c2s_require_encryption = false
  tags:
    - role::jitsi

- name: Enable anonymous authentication for guests in Jitsi meet
  ansible.builtin.blockinfile:
    path: /etc/jitsi/meet/jitsi.pydis.wtf-config.js
    insertafter: "domain: 'jitsi.pydis.wtf',"
    block: "        anonymousdomain: 'guest.jitsi.pydis.wtf',"
    marker: "// {mark} ANSIBLE MANAGED BLOCK"
  tags:
    - role::jitsi

- name: Enable authentication in Jicofo
  ansible.builtin.blockinfile:
    path: /etc/jitsi/jicofo/jicofo.conf
    insertafter: "jicofo {"
    block: |
      authentication: {
          enabled: true
          type: XMPP
          login-url: "jitsi.pydis.wtf"
       }
  tags:
    - role::jitsi

- name: Install necessary Cyrus packages
  ansible.builtin.apt:
    name: "{{ item }}"
    state: present
  loop:
    - sasl2-bin # Necessary for Cyrus' saslauthd
    - lua-cyrussasl # Necessary for Prosody to access Cyrusd
    - liblua5.2-dev # Necessary for Prosody to access Cyrus
  tags:
    - role::jitsi

- name: Install mod_auth_cyrus # noqa: no-changed-when
  ansible.builtin.command:
    # Neccessary because support for Cyrus SASL has been removed from mainline Prosody
    cmd: prosodyctl install --server=https://modules.prosody.im/rocks/ mod_auth_cyrus
  tags:
    - role::jitsi

- name: Create Cyrus SASL Configuration file
  copy:
    dest: /etc/sasl/prosody.conf
    mode: "u=rw,g=r,o=r"
    content: |
      pwcheck_method: saslauthd
      mech_list: PLAIN
      saslauthd_path: {{ sasl_mux_path }}/mux
  tags:
    - role::jitsi

- name: Give prosody perms to access the saslauthd socker
  ansible.builtin.user:
    name: prosody
    groups: sasl
    append: true

  notify:
    - Restart the Jitsi video bridge service
    - Restart the Jitsi prosody service
    - Restart the Jitsi jicofo service
  tags:
    - role::jitsi