From 4240aa7c01be26571033e1c56ebe3b27f46686aa Mon Sep 17 00:00:00 2001
From: Mathieu Gauthier-Pilote <mgauthier+git@evolix.ca>
Date: Fri, 19 May 2023 17:47:21 -0400
Subject: [PATCH] New variables for secrets and muc nickname

---
 webapps/jitsimeet/defaults/main.yml                       | 8 +++-----
 webapps/jitsimeet/tasks/main.yml                          | 6 ++++++
 .../templates/videobridge/sip-communicator.properties.j2  | 4 ++--
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/webapps/jitsimeet/defaults/main.yml b/webapps/jitsimeet/defaults/main.yml
index 6d736cfa..1544a8ba 100644
--- a/webapps/jitsimeet/defaults/main.yml
+++ b/webapps/jitsimeet/defaults/main.yml
@@ -8,8 +8,6 @@ domains: ['bullseye.domaine-fictif.org']
 jitsi_meet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
 jitsi_meet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
 jitsi_meet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
-jitsi_meet_turn_secret: "QZItKTo4iJ2vqrMWoZgN"
-
-version: "stable-8319" # 7 March 2023
-version_old: "stable-8252" # used by jitsimeet/tasks/upgrade.yml
-
+jitsi_meet_turn_secret: "YOU_ABSOLUTELY_MUST_CHANGE_ME"
+jitsi_meet_jvb_secret: "NOT_CHANGING_ME_IS_SUPER_UNCOOL"
+jitsi_meet_jvb_muc_nick: "1899aaf3-3991-4770-9c8c-113906dc0a2e"
diff --git a/webapps/jitsimeet/tasks/main.yml b/webapps/jitsimeet/tasks/main.yml
index 1f4e383d..c6bcdb04 100644
--- a/webapps/jitsimeet/tasks/main.yml
+++ b/webapps/jitsimeet/tasks/main.yml
@@ -91,6 +91,12 @@
     - { src: 'prosody/prosody.cfg.lua.j2', dest: "/etc/prosody/prosody.cfg.lua", owner: "root", group: "prosody", mode: "0640" }
     - { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" }
 
+- name: Unregister default jvb account in prosody
+  ansible.builtin.command: prosodyctl unregister jvb@auth.{{ domains | first }}
+
+- name: Register jvb account in prosody (with proper secret)
+  ansible.builtin.command: prosodyctl register jvb auth.{{ domains | first }} {{ jitsi_meet_jvb_secret }}
+
 #- name: Install Jitsi Meet
 #  ansible.builtin.apt:
 #    name: 
diff --git a/webapps/jitsimeet/templates/videobridge/sip-communicator.properties.j2 b/webapps/jitsimeet/templates/videobridge/sip-communicator.properties.j2
index c906e5bd..c788ba02 100644
--- a/webapps/jitsimeet/templates/videobridge/sip-communicator.properties.j2
+++ b/webapps/jitsimeet/templates/videobridge/sip-communicator.properties.j2
@@ -5,6 +5,6 @@ org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
 org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
 org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ domains | first }}
 org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
-org.jitsi.videobridge.xmpp.user.shard.PASSWORD=wqS4pQxK
+org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsi_meet_jvb_secret }}
 org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ domains | first }}
-org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=1899aaf3-3991-4770-9c8c-113906dc0a2e
+org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jitsi_meet_muc_nick }}