diff --git a/type/__bird_ospf/man.rst b/type/__bird_ospf/man.rst index 66c2e4a..9b9a20f 100644 --- a/type/__bird_ospf/man.rst +++ b/type/__bird_ospf/man.rst @@ -24,6 +24,12 @@ import export The keyword or filter to decide what to export in the above channel. + +REQUIRED MULTIPLE PARAMETERS +---------------------------- +interface + An interface to include in OSPF area 0. + OPTIONAL PARAMETERS ------------------- description @@ -33,19 +39,6 @@ instance-id An OSPF instance ID, allowing several OSPF instances to run on the same links. -extra-area-configuration - Configuration string added to the `area` section of the OSPF configuration. - -OPTIONAL MULTIPLE PARAMETERS ----------------------------- - -stubnet - Add an optionless stubnet definition to the configuration. - -interface - An interface to include in OSPF area 0. Is required unless - extra-area-configuration is set. - SEE ALSO -------- cdist-type__bird_core(7) diff --git a/type/__bird_ospf/manifest b/type/__bird_ospf/manifest index 68d9c16..0e219ae 100755 --- a/type/__bird_ospf/manifest +++ b/type/__bird_ospf/manifest @@ -44,21 +44,6 @@ then instance_id="$(cat "${__object:?}/parameter/instance-id")" fi -extra_area_configuration= -if [ -f "${__object:?}/parameter/extra-area-configuration" ]; -then - extra_area_configuration="$(cat "${__object:?}/parameter/extra-area-configuration")" - - if [ "$extra_area_configuration" = "-" ]; then - extra_area_configuration=$(cat "$__object/stdin") - fi -fi - -if [ ! -f "${__object:?}/parameter/interface" ] && [ -z "$extra_area_configuration" ]; then - echo "Either --interface or --extra-area-configuration must be set." >&2 - exit 1 -fi - __file "${confdir:?}/ospf-${__object_id:?}.conf" \ --mode 0640 --owner root --group bird \ --source - << EOF @@ -73,9 +58,6 @@ $([ -n "${instance_id?}" ] && printf "\tinstance id %s;\n" "${instance_id?}") area 0 { $(sed -e 's/^/\t\tinterface "/' -e 's/$/";/' "${__object:?}/parameter/interface") -$(sed -e 's/^/\t\tsubnet /' -e 's/$/;/' "${__object:?}/parameter/subnet") - - $extra_area_configuration }; } EOF diff --git a/type/__bird_ospf/parameter/optional b/type/__bird_ospf/parameter/optional index 880f228..cf6dd53 100644 --- a/type/__bird_ospf/parameter/optional +++ b/type/__bird_ospf/parameter/optional @@ -1,3 +1,2 @@ description instance-id -extra-area-configuration diff --git a/type/__bird_ospf/parameter/optional_multiple b/type/__bird_ospf/parameter/required_multiple similarity index 55% rename from type/__bird_ospf/parameter/optional_multiple rename to type/__bird_ospf/parameter/required_multiple index 8e5902d..b529896 100644 --- a/type/__bird_ospf/parameter/optional_multiple +++ b/type/__bird_ospf/parameter/required_multiple @@ -1,2 +1 @@ -stubnet interface diff --git a/type/__borg_repo/manifest b/type/__borg_repo/manifest index 4e4d35e..968066d 100644 --- a/type/__borg_repo/manifest +++ b/type/__borg_repo/manifest @@ -3,7 +3,7 @@ os="$(cat "${__global:?}"/explorer/os)" case "$os" in - "alpine"|"ubuntu") + "alpine") borg_package=borgbackup ;; *) @@ -17,4 +17,3 @@ if [ -f "${__object:?}/parameter/owner" ]; then __package sudo fi - diff --git a/type/__jitsi_meet/manifest b/type/__jitsi_meet/manifest index 0364db6..26d7528 100755 --- a/type/__jitsi_meet/manifest +++ b/type/__jitsi_meet/manifest @@ -13,8 +13,7 @@ esac JITSI_HOST="${__target_host}" -# Currently unused, see below -# JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")" +JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")" TURN_SERVER="$(cat "${__object}/parameter/turn-server")" TURN_SECRET="$(cat "${__object}/parameter/turn-secret")" @@ -57,11 +56,7 @@ EOF export require="${require} __debconf_set_selections/jitsi_meet" # Install and upgrade packages as needed -__package_apt jitsi-meet -# We are not doing version pinning anymore because it breaks when -# the version is not the latest. -# This happens because dependencies cannot be properly resolved. -# --version "${JITSI_VERSION}" +__package_apt jitsi-meet --version "${JITSI_VERSION}" # Proceed only after installation/upgrade has finished export require="__package_apt/jitsi-meet" @@ -125,10 +120,7 @@ require="__directory${NGINX_ETC}/sites-available" __file "${NGINX_ETC}/sites-ava server_names_hash_bucket_size 64; -types { -# nginx's default mime.types doesn't include a mapping for wasm - application/wasm wasm; -} +# nginx server configuration for: server { @@ -171,18 +163,11 @@ VirtualHost "guest.${JITSI_HOST}" c2s_require_encryption = false EOF -__block jitsi_jicofo_secured_domains \ - --prefix "// begin cdist: jicofo_secured_domains" \ - --suffix "// end cdist: jicofo_secured_domains" \ - --file /etc/jitsi/jicofo/jicofo.conf \ - --state "${SECURED_DOMAINS_STATE_JICOFO}" \ - --text '-' < "${destination}" - echo -} - -download_file config.js -download_file interface_config.js -download_file doc/debian/jitsi-meet/jitsi-meet.example nginx.sh.orig diff --git a/type/__jitsi_meet_domain/files/config.js.sh b/type/__jitsi_meet_domain/files/config.js.sh index 4532ba6..f825761 100644 --- a/type/__jitsi_meet_domain/files/config.js.sh +++ b/type/__jitsi_meet_domain/files/config.js.sh @@ -39,6 +39,9 @@ fi // Websocket URL // websocket: 'wss://${JITSI_HOST}/xmpp-websocket', + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + // The real JID of focus participant - can be overridden here // Do not change username - FIXME: Make focus username configurable // https://github.com/jitsi/jitsi-meet/issues/7376 @@ -53,16 +56,9 @@ fi // issues related to insertable streams. // disableE2EE: false, - // Enables/disables thumbnail reordering in the filmstrip. It is enabled by default unless explicitly - // disabled by the below option. - // enableThumbnailReordering: true, - - // Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users. - // mobileXmppWsThreshold: 10 // enable XMPP WebSockets on mobile for 10% of the users - // P2P test mode disables automatic switching to P2P when there are 2 // participants in the conference. - // p2pTestMode: false, + p2pTestMode: false // Enables the test specific features consumed by jitsi-meet-torture // testMode: false @@ -75,10 +71,8 @@ fi // simulcast is turned off for the desktop share. If presenter is turned // on while screensharing is in progress, the max bitrate is automatically // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines - // the probability for this to be enabled. This setting has been deprecated. - // desktopSharingFrameRate.max now determines whether simulcast will be enabled - // or disabled for the screenshare. - // capScreenshareBitrate: 1 // 0 to disable - deprecated. + // the probability for this to be enabled. + // capScreenshareBitrate: 1 // 0 to disable // Enable callstats only for a percentage of users. // This takes a value between 0 and 100 which determines the probability for @@ -86,18 +80,6 @@ fi // callStatsThreshold: 5 // enable callstats for 5% of the users. }, - // Disables moderator indicators. - // disableModeratorIndicator: false, - - // Disables the reactions feature. - // disableReactions: true, - - // Disables polls feature. - // disablePolls: false, - - // Disables self-view tile. (hides it from tile view and from filmstrip) - // disableSelfView: false, - // Disables ICE/UDP by filtering out local and remote UDP candidates in // signalling. // webrtcIceUdpDisable: false, @@ -110,9 +92,6 @@ fi // Media // - // Enable unified plan implementation support on Chromium based browsers. - // enableUnifiedOnChrome: false, - // Audio // Disable measuring of audio levels. @@ -129,10 +108,6 @@ fi // about the call. // enableSaveLogs: false, - // Enabling this will hide the "Show More" link in the GSM popover that can be - // used to display more statistics about the connection (IP, Port, protocol, etc). - // disableShowMoreStats: true, - // Enabling this will run the lib-jitsi-meet noise detection module which will // notify the user if there is noise, other than voice, coming from the current // selected microphone. The purpose it to let the user know that the input could @@ -154,34 +129,19 @@ fi // participants and to enable it back a reload is needed. // startSilent: false + // Sets the preferred target bitrate for the Opus audio codec by setting its + // 'maxaveragebitrate' parameter. Currently not available in p2p mode. + // Valid values are in the range 6000 to 510000 + // opusMaxAverageBitrate: 20000, + // Enables support for opus-red (redundancy for Opus). // enableOpusRed: false, - // Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio. - // Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC. - // audioQuality: { - // stereo: false, - // opusMaxAverageBitrate: null // Value to fit the 6000 to 510000 range. - // }, - // Video // Sets the preferred resolution (height) for local video. Defaults to 720. // resolution: 720, - // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not - // disableRemoveRaisedHandOnFocus: false, - - // Specifies whether there will be a search field in speaker stats or not - // disableSpeakerStatsSearch: false, - - // Specifies whether participants in speaker stats should be ordered or not, and with what priority - // speakerStatsOrder: [ - // 'role', <- Moderators on top - // 'name', <- Alphabetically by name - // 'hasLeft', <- The ones that have left in the bottom - // ] <- the order of the array elements determines priority - // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. // Use -1 to disable. // maxFullResolutionParticipants: 2, @@ -205,10 +165,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Enable / disable simulcast support. // disableSimulcast: false, - // Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended - // (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen - // sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent - // by the client. + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. // enableLayerSuspension: false, // Every participant after the Nth will start video muted. @@ -270,18 +229,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // subtitles and buttons can be configured) // transcribingEnabled: false, - // If true transcriber will use the application language. - // The application language is either explicitly set by participants in their settings or automatically - // detected based on the environment, e.g. if the app is opened in a chrome instance which is using french as its - // default language then transcriptions for that participant will be in french. - // Defaults to true. - // transcribeWithAppLanguage: true, - - // Transcriber language. This settings will only work if "transcribeWithAppLanguage" is explicitly set to false. - // Available languages can be found in - // ./src/react/features/transcribing/transcriber-langs.json. - // preferredTranscribeLanguage: 'en-US', - // Enables automatic turning on captions when recording is started // autoCaptionOnRecord: false, @@ -290,20 +237,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Default value for the channel "last N" attribute. -1 for unlimited. channelLastN: ${CHANNEL_LAST_N}, - // Connection indicators - // connectionIndicators: { - // autoHide: true, - // autoHideTimeout: 5000, - // disabled: false, - // disableDetails: false, - // inactiveDisabled: false - // }, - - // Provides a way for the lastN value to be controlled through the UI. - // When startLastN is present, conference starts with a last-n value of startLastN and channelLastN - // value will be used when the quality level is selected using "Manage Video Quality" slider. - // startLastN: 1, - // Provides a way to use different "last N" values based on the number of participants in the conference. // The keys in an Object represent number of participants and the values are "last N" to be used when number of // participants gets to or above the number. @@ -341,24 +274,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // // to take effect. // preferredCodec: 'VP8', // - // // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints - // // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet. - // // This will result in Safari not being able to decode video from endpoints sending VP9 video. - // // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the - // // preferred codec and goes back to the preferred codec when that endpoint leaves. - // // enforcePreferredCodec: false, - // // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on // // the available bandwidth calculated by the browser, but it will be capped by the values specified here. // // This is currently not implemented on app based clients on mobile. // maxBitratesVideo: { - // H264: { - // low: 200000, - // standard: 500000, - // high: 1500000 - // }, // VP8 : { // low: 200000, // standard: 500000, @@ -367,7 +288,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // VP9: { // low: 100000, // standard: 300000, - // high: 1200000 + // high: 1200000 // } // }, // @@ -391,13 +312,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // resizeDesktopForPresenter: false // }, - // Notification timeouts - // notificationTimeouts: { - // short: 2500, - // medium: 5000, - // long: 10000 - // }, - // // Options for the recording limit notification. // recordingLimit: { // @@ -416,9 +330,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Disables or enables RTX (RFC 4588) (defaults to false). // disableRtx: false, - // Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event. - // disableBeforeUnloadHandlers: true, - // Disables or enables TCC support in this client (default: enabled). // enableTcc: true, @@ -434,7 +345,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // enableIceRestart: false, // Enables forced reload of the client when the call is migrated as a result of - // the bridge going down. + // the bridge going down. Currently enabled by default as call migration through + // session-terminate is causing siganling issues when Octo is enabled. // enableForcedReload: true, // Use TURN/UDP servers for the jitsi-videobridge connection (by default @@ -442,11 +354,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // bridge itself is reachable via UDP) // useTurnUdp: false - // Enable support for encoded transform in supported browsers. This allows - // E2EE to work in Safari if the corresponding flag is enabled in the browser. - // Experimental. - // enableEncodedTransformSupport: false, - // UI // @@ -456,12 +363,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Hides lobby button // hideLobbyButton: false, - // If Lobby is enabled starts knocking automatically. - // autoKnockLobby: false, - - // Hides add breakout room button - // hideAddRoomButton: false, - // Require users to always specify a display name. // requireDisplayName: true, @@ -481,15 +382,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // enableClosePage: false, // Disable hiding of remote thumbnails when in a 1-on-1 conference call. - // Setting this to null, will also disable showing the remote videos - // when the toolbar is shown on mouse movements - // disable1On1Mode: null | false | true, - - // Default local name to be displayed - // defaultLocalDisplayName: 'me', - - // Default remote name to be displayed - // defaultRemoteDisplayName: 'Fellow Jitster', + // disable1On1Mode: false, // Default language for the user interface. defaultLanguage: '${DEFAULT_LANGUAGE}', @@ -512,18 +405,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // and microsoftApiApplicationClientID // enableCalendarIntegration: false, - // Configs for prejoin page. - // prejoinConfig: { - // // When 'true', it shows an intermediate page before joining, where the user can configure their devices. - // // This replaces \`prejoinPageEnabled\`. - // enabled: true, - // // List of buttons to hide from the extra join options dropdown. - // hideExtraJoinButtons: ['no-audio', 'by-phone'] - // }, - - // When 'true', the user cannot edit the display name. - // (Mainly useful when used in conjuction with the JWT so the JWT name becomes read only.) - // readOnlyName: false, + // When 'true', it shows an intermediate page before joining, where the user can configure their devices. + // prejoinPageEnabled: false, // If etherpad integration is enabled, setting this to true will // automatically open the etherpad when a participant joins. This @@ -544,10 +427,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Base URL for a Gravatar-compatible service. Defaults to libravatar. // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', - // App name to be displayed in the invitation email subject, as an alternative to - // interfaceConfig.APP_NAME. - // inviteAppName: null, - // Moved from interfaceConfig(TOOLBAR_BUTTONS). // The name of the toolbar buttons to display in the toolbar, including the // "More actions" menu. If present, the button will display. Exceptions are @@ -560,94 +439,13 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // - 'desktop' controls the "Share your screen" button // - if \`toolbarButtons\` is undefined, we fallback to enabling all buttons on the UI // toolbarButtons: [ - // 'camera', - // 'chat', - // 'closedcaptions', - // 'desktop', - // 'download', - // 'embedmeeting', - // 'etherpad', - // 'feedback', - // 'filmstrip', - // 'fullscreen', - // 'hangup', - // 'help', - // 'invite', - // 'livestreaming', - // 'microphone', - // 'mute-everyone', - // 'mute-video-everyone', - // 'participants-pane', - // 'profile', - // 'raisehand', - // 'recording', - // 'security', - // 'select-background', - // 'settings', - // 'shareaudio', - // 'sharedvideo', - // 'shortcuts', - // 'stats', - // 'tileview', - // 'toggle-camera', - // 'videoquality', - // '__end' + // 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen', + // 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording', + // 'livestreaming', 'etherpad', 'sharedvideo', 'shareaudio', 'settings', 'raisehand', + // 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', + // 'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security' // ], - // Holds values related to toolbar visibility control. - // toolbarConfig: { - // // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT - // // The initial numer of miliseconds for the toolbar buttons to be visible on screen. - // initialTimeout: 20000, - // // Moved from interfaceConfig.TOOLBAR_TIMEOUT - // // Number of miliseconds for the toolbar buttons to be visible on screen. - // timeout: 4000, - // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE - // // Whether toolbar should be always visible or should hide after x miliseconds. - // alwaysVisible: false - // }, - - // Toolbar buttons which have their click event exposed through the API on - // \`toolbarButtonClicked\` event instead of executing the normal click routine. - // buttonsWithNotifyClick: [ - // 'camera', - // 'chat', - // 'closedcaptions', - // 'desktop', - // 'download', - // 'embedmeeting', - // 'etherpad', - // 'feedback', - // 'filmstrip', - // 'fullscreen', - // 'hangup', - // 'help', - // 'invite', - // 'livestreaming', - // 'microphone', - // 'mute-everyone', - // 'mute-video-everyone', - // 'participants-pane', - // 'profile', - // 'raisehand', - // 'recording', - // 'security', - // 'select-background', - // 'settings', - // 'shareaudio', - // 'sharedvideo', - // 'shortcuts', - // 'stats', - // 'tileview', - // 'toggle-camera', - // 'videoquality', - // '__end' - // ], - - // List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons: - // 'microphone', 'camera', 'select-background', 'invite', 'settings' - // hiddenPremeetingButtons: [], - // Stats // @@ -665,37 +463,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // callStatsID: '', // callStatsSecret: '', - // The callstats initialize config params as described in the API: - // https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret - // callStatsConfigParams: { - // disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter. - // applicationVersion: "app_version", // Application version specified by the developer. - // disablePrecalltest: true, // disables the pre-call test, it is enabled by default. - // siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made. - // additionalIDs: { // additionalIDs object, contains application related IDs. - // customerID: "Customer Identifier. Example, walmart.", - // tenantID: "Tenant Identifier. Example, monster.", - // productName: "Product Name. Example, Jitsi.", - // meetingsName: "Meeting Name. Example, Jitsi loves callstats.", - // serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.", - // pbxID: "PBX Identifier. Example, walmart.", - // pbxExtensionID: "PBX Extension Identifier. Example, 5625.", - // fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.", - // sessionID: "Session Identifier. Example, session-12-34" - // }, - // collectLegacyStats: true, //enables the collection of legacy stats in chrome browser - // collectIP: true //enables the collection localIP address - // }, - // Enables sending participants' display names to callstats // enableDisplayNameInStats: false, // Enables sending participants' emails (if available) to callstats and other analytics // enableEmailInStats: false, - // Enables detecting faces of participants and get their expression and send it to other participants - // enableFacialRecognition: true, - // Controls the percentage of automatic feedback shown to participants when callstats is enabled. // The default value is 100%. If set to 0, no automatic feedback will be requested // feedbackPercentage: 100, @@ -721,8 +494,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // connection. enabled: true, - // Enable unified plan implementation support on Chromium for p2p connection. - // enableUnifiedOnChrome: false, + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + { urls: 'stun:${TURN_SERVER}:443' } + ] // Sets the ICE transport policy for the p2p connection. At the time // of this writing the list of possible values are 'all' and 'relay', @@ -749,20 +525,10 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // How long we're going to wait, before going back to P2P after the 3rd // participant has left the conference (to filter out page reload). - // backToP2PDelay: 5, - - // The STUN servers that will be used in the peer to peer connections - stunServers: [ - - // { urls: 'stun:jitsi-meet.example.com:3478' }, - { urls: 'stun:${TURN_SERVER}:443' } - ] + // backToP2PDelay: 5 }, analytics: { - // True if the analytics should be disabled - // disabled: false, - // The Google Analytics Tracking ID: // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' @@ -778,7 +544,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // module connects to the provided rtcstatsEndpoint and sends statistics regarding // PeerConnection states along with getStats metrics polled at the specified // interval. - // rtcstatsEnabled: false, + // rtcstatsEnabled: true, // In order to enable rtcstats one needs to provide a endpoint url. // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, @@ -806,43 +572,13 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // userRegion: "asia" }, - // Array of disabled sounds. - // Possible values: - // - 'ASKED_TO_UNMUTE_SOUND' - // - 'E2EE_OFF_SOUND' - // - 'E2EE_ON_SOUND' - // - 'INCOMING_MSG_SOUND' - // - 'KNOCKING_PARTICIPANT_SOUND' - // - 'LIVE_STREAMING_OFF_SOUND' - // - 'LIVE_STREAMING_ON_SOUND' - // - 'NO_AUDIO_SIGNAL_SOUND' - // - 'NOISY_AUDIO_INPUT_SOUND' - // - 'OUTGOING_CALL_EXPIRED_SOUND' - // - 'OUTGOING_CALL_REJECTED_SOUND' - // - 'OUTGOING_CALL_RINGING_SOUND' - // - 'OUTGOING_CALL_START_SOUND' - // - 'PARTICIPANT_JOINED_SOUND' - // - 'PARTICIPANT_LEFT_SOUND' - // - 'RAISE_HAND_SOUND' - // - 'REACTION_SOUND' - // - 'RECORDING_OFF_SOUND' - // - 'RECORDING_ON_SOUND' - // - 'TALK_WHILE_MUTED_SOUND' - // disabledSounds: [], - - // DEPRECATED! Use \`disabledSounds\` instead. // Decides whether the start/stop recording audio notifications should play on record. // disableRecordAudioNotification: false, - // DEPRECATED! Use \`disabledSounds\` instead. // Disables the sounds that play when other participants join or leave the // conference (if set to true, these sounds will not be played). // disableJoinLeaveSounds: false, - // DEPRECATED! Use \`disabledSounds\` instead. - // Disables the sounds that play when a chat message is received. - // disableIncomingMessageSound: false, - // Information for the chrome extension banner // chromeExtensionBanner: { // // The chrome extension to be installed address @@ -863,8 +599,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // localRecording: { // Enables local recording. // Additionally, 'localrecording' (all lowercase) needs to be added to - // the \`toolbarButtons\`-array for the Local Recording button to show up - // on the toolbar. + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. // // enabled: true, // @@ -873,10 +609,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // format: 'flac' // - // }, - // e2ee: { - // labels, - // externallyManagedKey: false // }, // Options related to end-to-end (participant to participant) ping. @@ -931,9 +663,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Options related to the remote participant menu. // remoteVideoMenu: { // // If set to true the 'Kick out' button will be disabled. - // disableKick: true, - // // If set to true the 'Grant moderator' button will be disabled. - // disableGrantModerator: true + // disableKick: true // }, // If set to true all muting operations of remote participants will be disabled. @@ -945,67 +675,20 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) /** External API url used to receive branding specific information. If there is no url set or there are missing fields, the defaults are applied. - The config file should be in JSON. None of the fields are mandatory and the response must have the shape: - { - // The domain url to apply (will replace the domain in the sharing conference link/embed section) - inviteDomain: 'example-company.org, - // The hex value for the colour used as background - backgroundColor: '#fff', - // The url for the image used as background - backgroundImageUrl: 'https://example.com/background-img.png', - // The anchor url used when clicking the logo image - logoClickUrl: 'https://example-company.org', - // The url used for the image used as logo - logoImageUrl: 'https://example.com/logo-img.png', - // Overwrite for pool of background images for avatars - avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'], - // The lobby/prejoin screen background - premeetingBackground: 'url(https://example.com/premeeting-background.png)', - // A list of images that can be used as video backgrounds. - // When this field is present, the default images will be replaced with those provided. - virtualBackgrounds: ['https://example.com/img.jpg'], - // Object containing a theme's properties. It also supports partial overwrites of the main theme. - // For a list of all possible theme tokens and their current defaults, please check: - // https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json - // For a short explanations on each of the tokens, please check: - // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.js - // IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code - // or they are partially applied. - customTheme: { - palette: { - ui01: "orange !important", - ui02: "maroon", - surface02: 'darkgreen', - ui03: "violet", - ui04: "magenta", - ui05: "blueviolet", - field02Hover: 'red', - action01: 'green', - action01Hover: 'lightgreen', - action02Disabled: 'beige', - success02: 'cadetblue', - action02Hover: 'aliceblue' - }, - typography: { - labelRegular: { - fontSize: 25, - lineHeight: 30, - fontWeight: 500 - } - } - } - } + { + // The hex value for the colour used as background + backgroundColor: '#fff', + // The url for the image used as background + backgroundImageUrl: 'https://example.com/background-img.png', + // The anchor url used when clicking the logo image + logoClickUrl: 'https://example-company.org', + // The url used for the image used as logo + logoImageUrl: 'https://example.com/logo-img.png' + } */ dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}", - // When true the user cannot add more images to be used as virtual background. - // Only the default ones from will be available. - // disableAddingBackgroundImages: false, - - // Disables using screensharing as virtual background. - // disableScreensharingVirtualBackground: false, - // Sets the background transparency level. '0' is fully transparent, '1' is opaque. // backgroundAlpha: 1, @@ -1017,35 +700,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // If true, tile view will not be enabled automatically when the participants count threshold is reached. // disableTileView: true, - // If true, the tiles will be displayed contained within the available space rather than enlarged to cover it. - // disableTileEnlargement: true, - - // Controls the visibility and behavior of the top header conference info labels. - // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. - // conferenceInfo: { - // // those labels will not be hidden in tandem with the toolbox. - // alwaysVisible: ['recording', 'local-recording'], - // // those labels will be auto-hidden in tandem with the toolbox buttons. - // autoHide: [ - // 'subject', - // 'conference-timer', - // 'participants-count', - // 'e2ee', - // 'transcribing', - // 'video-quality', - // 'insecure-room' - // ] - // }, - // Hides the conference subject // hideConferenceSubject: true, // Hides the conference timer. // hideConferenceTimer: true, - // Hides the recording label - // hideRecordingLabel: false, - // Hides the participants stats // hideParticipantsStats: true, @@ -1057,13 +717,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // is not persisting the local storage inside the iframe. // useHostPageLocalStorage: true, - // etherpad ("shared document") integration. - // - - // If set, add a "Open shared document" link to the bottom right menu that - // will open an etherpad document. - // etherpad_base: 'https://your-etherpad-installati.on/p/', - // List of undocumented settings used in jitsi-meet /** _immediateReloadThreshold @@ -1076,8 +729,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) dialOutCodesUrl disableRemoteControl displayJids + etherpad_base externalConnectUrl - e2eeLabels firefox_fake_device googleApiApplicationClientID iAmRecorder @@ -1119,11 +772,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) websocketKeepAliveUrl */ - /** - * Default interval (milliseconds) for triggering mouseMoved iframe API event - */ - mouseMoveCallbackInterval: 1000, - /** Use this array to configure which notifications will be shown to the user The items correspond to the title or description key of that notification @@ -1157,19 +805,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied // 'localRecording.localRecording', // shown when a local recording is started // 'notify.disconnected', // shown when a participant has left - // 'notify.connectedOneMember', // show when a participant joined - // 'notify.connectedTwoMembers', // show when two participants joined simultaneously - // 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously // 'notify.grantedTo', // shown when moderator rights were granted to a participant // 'notify.invitedOneMember', // shown when 1 participant has been invited // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.kickParticipant', // shown when a participant is kicked - // 'notify.moderationStartedTitle', // shown when AV moderation is activated - // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated - // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation - // 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation - // 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation // 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party // 'notify.mutedTitle', // shown when user has been muted upon joining, // 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device @@ -1178,7 +818,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'notify.passwordSetRemotely', // shown when a password has been set remotely // 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.startSilentTitle', // shown when user joined with no audio - // 'notify.unmute', // shown to moderator when user raises hand during AV moderation // 'prejoin.errorDialOut', // 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutFailed', @@ -1192,13 +831,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone // 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted // 'transcribing.failedToStart' // shown when transcribing fails to start - // ], - - // Prevent the filmstrip from autohiding when screen width is under a certain threshold - // disableFilmstripAutohiding: false, - - // Specifies whether the chat emoticons are disabled or not - // disableChatSmileys: false, + // ] // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. diff --git a/type/__jitsi_meet_domain/files/config.js.sh.orig b/type/__jitsi_meet_domain/files/config.js.sh.orig index eb30636..9d49d52 100644 --- a/type/__jitsi_meet_domain/files/config.js.sh.orig +++ b/type/__jitsi_meet_domain/files/config.js.sh.orig @@ -27,6 +27,9 @@ var config = { // Websocket URL // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket', + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + // The real JID of focus participant - can be overridden here // Do not change username - FIXME: Make focus username configurable // https://github.com/jitsi/jitsi-meet/issues/7376 @@ -41,16 +44,9 @@ var config = { // issues related to insertable streams. // disableE2EE: false, - // Enables/disables thumbnail reordering in the filmstrip. It is enabled by default unless explicitly - // disabled by the below option. - // enableThumbnailReordering: true, - - // Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users. - // mobileXmppWsThreshold: 10 // enable XMPP WebSockets on mobile for 10% of the users - // P2P test mode disables automatic switching to P2P when there are 2 // participants in the conference. - // p2pTestMode: false, + p2pTestMode: false // Enables the test specific features consumed by jitsi-meet-torture // testMode: false @@ -63,10 +59,8 @@ var config = { // simulcast is turned off for the desktop share. If presenter is turned // on while screensharing is in progress, the max bitrate is automatically // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines - // the probability for this to be enabled. This setting has been deprecated. - // desktopSharingFrameRate.max now determines whether simulcast will be enabled - // or disabled for the screenshare. - // capScreenshareBitrate: 1 // 0 to disable - deprecated. + // the probability for this to be enabled. + // capScreenshareBitrate: 1 // 0 to disable // Enable callstats only for a percentage of users. // This takes a value between 0 and 100 which determines the probability for @@ -74,18 +68,6 @@ var config = { // callStatsThreshold: 5 // enable callstats for 5% of the users. }, - // Disables moderator indicators. - // disableModeratorIndicator: false, - - // Disables the reactions feature. - // disableReactions: true, - - // Disables polls feature. - // disablePolls: false, - - // Disables self-view tile. (hides it from tile view and from filmstrip) - // disableSelfView: false, - // Disables ICE/UDP by filtering out local and remote UDP candidates in // signalling. // webrtcIceUdpDisable: false, @@ -98,9 +80,6 @@ var config = { // Media // - // Enable unified plan implementation support on Chromium based browsers. - // enableUnifiedOnChrome: false, - // Audio // Disable measuring of audio levels. @@ -117,10 +96,6 @@ var config = { // about the call. // enableSaveLogs: false, - // Enabling this will hide the "Show More" link in the GSM popover that can be - // used to display more statistics about the connection (IP, Port, protocol, etc). - // disableShowMoreStats: true, - // Enabling this will run the lib-jitsi-meet noise detection module which will // notify the user if there is noise, other than voice, coming from the current // selected microphone. The purpose it to let the user know that the input could @@ -142,34 +117,19 @@ var config = { // participants and to enable it back a reload is needed. // startSilent: false + // Sets the preferred target bitrate for the Opus audio codec by setting its + // 'maxaveragebitrate' parameter. Currently not available in p2p mode. + // Valid values are in the range 6000 to 510000 + // opusMaxAverageBitrate: 20000, + // Enables support for opus-red (redundancy for Opus). // enableOpusRed: false, - // Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio. - // Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC. - // audioQuality: { - // stereo: false, - // opusMaxAverageBitrate: null // Value to fit the 6000 to 510000 range. - // }, - // Video // Sets the preferred resolution (height) for local video. Defaults to 720. // resolution: 720, - // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not - // disableRemoveRaisedHandOnFocus: false, - - // Specifies whether there will be a search field in speaker stats or not - // disableSpeakerStatsSearch: false, - - // Specifies whether participants in speaker stats should be ordered or not, and with what priority - // speakerStatsOrder: [ - // 'role', <- Moderators on top - // 'name', <- Alphabetically by name - // 'hasLeft', <- The ones that have left in the bottom - // ] <- the order of the array elements determines priority - // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. // Use -1 to disable. // maxFullResolutionParticipants: 2, @@ -192,10 +152,9 @@ var config = { // Enable / disable simulcast support. // disableSimulcast: false, - // Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended - // (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen - // sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent - // by the client. + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. // enableLayerSuspension: false, // Every participant after the Nth will start video muted. @@ -257,18 +216,6 @@ var config = { // subtitles and buttons can be configured) // transcribingEnabled: false, - // If true transcriber will use the application language. - // The application language is either explicitly set by participants in their settings or automatically - // detected based on the environment, e.g. if the app is opened in a chrome instance which is using french as its - // default language then transcriptions for that participant will be in french. - // Defaults to true. - // transcribeWithAppLanguage: true, - - // Transcriber language. This settings will only work if "transcribeWithAppLanguage" is explicitly set to false. - // Available languages can be found in - // ./src/react/features/transcribing/transcriber-langs.json. - // preferredTranscribeLanguage: 'en-US', - // Enables automatic turning on captions when recording is started // autoCaptionOnRecord: false, @@ -277,20 +224,6 @@ var config = { // Default value for the channel "last N" attribute. -1 for unlimited. channelLastN: -1, - // Connection indicators - // connectionIndicators: { - // autoHide: true, - // autoHideTimeout: 5000, - // disabled: false, - // disableDetails: false, - // inactiveDisabled: false - // }, - - // Provides a way for the lastN value to be controlled through the UI. - // When startLastN is present, conference starts with a last-n value of startLastN and channelLastN - // value will be used when the quality level is selected using "Manage Video Quality" slider. - // startLastN: 1, - // Provides a way to use different "last N" values based on the number of participants in the conference. // The keys in an Object represent number of participants and the values are "last N" to be used when number of // participants gets to or above the number. @@ -328,24 +261,12 @@ var config = { // // to take effect. // preferredCodec: 'VP8', // - // // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints - // // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet. - // // This will result in Safari not being able to decode video from endpoints sending VP9 video. - // // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the - // // preferred codec and goes back to the preferred codec when that endpoint leaves. - // // enforcePreferredCodec: false, - // // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on // // the available bandwidth calculated by the browser, but it will be capped by the values specified here. // // This is currently not implemented on app based clients on mobile. // maxBitratesVideo: { - // H264: { - // low: 200000, - // standard: 500000, - // high: 1500000 - // }, // VP8 : { // low: 200000, // standard: 500000, @@ -354,7 +275,7 @@ var config = { // VP9: { // low: 100000, // standard: 300000, - // high: 1200000 + // high: 1200000 // } // }, // @@ -378,13 +299,6 @@ var config = { // resizeDesktopForPresenter: false // }, - // Notification timeouts - // notificationTimeouts: { - // short: 2500, - // medium: 5000, - // long: 10000 - // }, - // // Options for the recording limit notification. // recordingLimit: { // @@ -403,9 +317,6 @@ var config = { // Disables or enables RTX (RFC 4588) (defaults to false). // disableRtx: false, - // Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event. - // disableBeforeUnloadHandlers: true, - // Disables or enables TCC support in this client (default: enabled). // enableTcc: true, @@ -421,7 +332,8 @@ var config = { // enableIceRestart: false, // Enables forced reload of the client when the call is migrated as a result of - // the bridge going down. + // the bridge going down. Currently enabled by default as call migration through + // session-terminate is causing siganling issues when Octo is enabled. // enableForcedReload: true, // Use TURN/UDP servers for the jitsi-videobridge connection (by default @@ -429,11 +341,6 @@ var config = { // bridge itself is reachable via UDP) // useTurnUdp: false - // Enable support for encoded transform in supported browsers. This allows - // E2EE to work in Safari if the corresponding flag is enabled in the browser. - // Experimental. - // enableEncodedTransformSupport: false, - // UI // @@ -443,12 +350,6 @@ var config = { // Hides lobby button // hideLobbyButton: false, - // If Lobby is enabled starts knocking automatically. - // autoKnockLobby: false, - - // Hides add breakout room button - // hideAddRoomButton: false, - // Require users to always specify a display name. // requireDisplayName: true, @@ -468,15 +369,7 @@ var config = { // enableClosePage: false, // Disable hiding of remote thumbnails when in a 1-on-1 conference call. - // Setting this to null, will also disable showing the remote videos - // when the toolbar is shown on mouse movements - // disable1On1Mode: null | false | true, - - // Default local name to be displayed - // defaultLocalDisplayName: 'me', - - // Default remote name to be displayed - // defaultRemoteDisplayName: 'Fellow Jitster', + // disable1On1Mode: false, // Default language for the user interface. // defaultLanguage: 'en', @@ -499,18 +392,8 @@ var config = { // and microsoftApiApplicationClientID // enableCalendarIntegration: false, - // Configs for prejoin page. - // prejoinConfig: { - // // When 'true', it shows an intermediate page before joining, where the user can configure their devices. - // // This replaces `prejoinPageEnabled`. - // enabled: true, - // // List of buttons to hide from the extra join options dropdown. - // hideExtraJoinButtons: ['no-audio', 'by-phone'] - // }, - - // When 'true', the user cannot edit the display name. - // (Mainly useful when used in conjuction with the JWT so the JWT name becomes read only.) - // readOnlyName: false, + // When 'true', it shows an intermediate page before joining, where the user can configure their devices. + // prejoinPageEnabled: false, // If etherpad integration is enabled, setting this to true will // automatically open the etherpad when a participant joins. This @@ -531,10 +414,6 @@ var config = { // Base URL for a Gravatar-compatible service. Defaults to libravatar. // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', - // App name to be displayed in the invitation email subject, as an alternative to - // interfaceConfig.APP_NAME. - // inviteAppName: null, - // Moved from interfaceConfig(TOOLBAR_BUTTONS). // The name of the toolbar buttons to display in the toolbar, including the // "More actions" menu. If present, the button will display. Exceptions are @@ -547,94 +426,13 @@ var config = { // - 'desktop' controls the "Share your screen" button // - if `toolbarButtons` is undefined, we fallback to enabling all buttons on the UI // toolbarButtons: [ - // 'camera', - // 'chat', - // 'closedcaptions', - // 'desktop', - // 'download', - // 'embedmeeting', - // 'etherpad', - // 'feedback', - // 'filmstrip', - // 'fullscreen', - // 'hangup', - // 'help', - // 'invite', - // 'livestreaming', - // 'microphone', - // 'mute-everyone', - // 'mute-video-everyone', - // 'participants-pane', - // 'profile', - // 'raisehand', - // 'recording', - // 'security', - // 'select-background', - // 'settings', - // 'shareaudio', - // 'sharedvideo', - // 'shortcuts', - // 'stats', - // 'tileview', - // 'toggle-camera', - // 'videoquality', - // '__end' + // 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen', + // 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording', + // 'livestreaming', 'etherpad', 'sharedvideo', 'shareaudio', 'settings', 'raisehand', + // 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', + // 'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security' // ], - // Holds values related to toolbar visibility control. - // toolbarConfig: { - // // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT - // // The initial numer of miliseconds for the toolbar buttons to be visible on screen. - // initialTimeout: 20000, - // // Moved from interfaceConfig.TOOLBAR_TIMEOUT - // // Number of miliseconds for the toolbar buttons to be visible on screen. - // timeout: 4000, - // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE - // // Whether toolbar should be always visible or should hide after x miliseconds. - // alwaysVisible: false - // }, - - // Toolbar buttons which have their click event exposed through the API on - // `toolbarButtonClicked` event instead of executing the normal click routine. - // buttonsWithNotifyClick: [ - // 'camera', - // 'chat', - // 'closedcaptions', - // 'desktop', - // 'download', - // 'embedmeeting', - // 'etherpad', - // 'feedback', - // 'filmstrip', - // 'fullscreen', - // 'hangup', - // 'help', - // 'invite', - // 'livestreaming', - // 'microphone', - // 'mute-everyone', - // 'mute-video-everyone', - // 'participants-pane', - // 'profile', - // 'raisehand', - // 'recording', - // 'security', - // 'select-background', - // 'settings', - // 'shareaudio', - // 'sharedvideo', - // 'shortcuts', - // 'stats', - // 'tileview', - // 'toggle-camera', - // 'videoquality', - // '__end' - // ], - - // List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons: - // 'microphone', 'camera', 'select-background', 'invite', 'settings' - // hiddenPremeetingButtons: [], - // Stats // @@ -652,37 +450,12 @@ var config = { // callStatsID: '', // callStatsSecret: '', - // The callstats initialize config params as described in the API: - // https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret - // callStatsConfigParams: { - // disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter. - // applicationVersion: "app_version", // Application version specified by the developer. - // disablePrecalltest: true, // disables the pre-call test, it is enabled by default. - // siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made. - // additionalIDs: { // additionalIDs object, contains application related IDs. - // customerID: "Customer Identifier. Example, walmart.", - // tenantID: "Tenant Identifier. Example, monster.", - // productName: "Product Name. Example, Jitsi.", - // meetingsName: "Meeting Name. Example, Jitsi loves callstats.", - // serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.", - // pbxID: "PBX Identifier. Example, walmart.", - // pbxExtensionID: "PBX Extension Identifier. Example, 5625.", - // fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.", - // sessionID: "Session Identifier. Example, session-12-34" - // }, - // collectLegacyStats: true, //enables the collection of legacy stats in chrome browser - // collectIP: true //enables the collection localIP address - // }, - // Enables sending participants' display names to callstats // enableDisplayNameInStats: false, // Enables sending participants' emails (if available) to callstats and other analytics // enableEmailInStats: false, - // Enables detecting faces of participants and get their expression and send it to other participants - // enableFacialRecognition: true, - // Controls the percentage of automatic feedback shown to participants when callstats is enabled. // The default value is 100%. If set to 0, no automatic feedback will be requested // feedbackPercentage: 100, @@ -708,8 +481,12 @@ var config = { // connection. enabled: true, - // Enable unified plan implementation support on Chromium for p2p connection. - // enableUnifiedOnChrome: false, + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + // { urls: 'stun:jitsi-meet.example.com:3478' }, + { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } + ] // Sets the ICE transport policy for the p2p connection. At the time // of this writing the list of possible values are 'all' and 'relay', @@ -736,20 +513,10 @@ var config = { // How long we're going to wait, before going back to P2P after the 3rd // participant has left the conference (to filter out page reload). - // backToP2PDelay: 5, - - // The STUN servers that will be used in the peer to peer connections - stunServers: [ - - // { urls: 'stun:jitsi-meet.example.com:3478' }, - { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } - ] + // backToP2PDelay: 5 }, analytics: { - // True if the analytics should be disabled - // disabled: false, - // The Google Analytics Tracking ID: // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' @@ -765,7 +532,7 @@ var config = { // module connects to the provided rtcstatsEndpoint and sends statistics regarding // PeerConnection states along with getStats metrics polled at the specified // interval. - // rtcstatsEnabled: false, + // rtcstatsEnabled: true, // In order to enable rtcstats one needs to provide a endpoint url. // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, @@ -793,43 +560,13 @@ var config = { // userRegion: "asia" }, - // Array of disabled sounds. - // Possible values: - // - 'ASKED_TO_UNMUTE_SOUND' - // - 'E2EE_OFF_SOUND' - // - 'E2EE_ON_SOUND' - // - 'INCOMING_MSG_SOUND' - // - 'KNOCKING_PARTICIPANT_SOUND' - // - 'LIVE_STREAMING_OFF_SOUND' - // - 'LIVE_STREAMING_ON_SOUND' - // - 'NO_AUDIO_SIGNAL_SOUND' - // - 'NOISY_AUDIO_INPUT_SOUND' - // - 'OUTGOING_CALL_EXPIRED_SOUND' - // - 'OUTGOING_CALL_REJECTED_SOUND' - // - 'OUTGOING_CALL_RINGING_SOUND' - // - 'OUTGOING_CALL_START_SOUND' - // - 'PARTICIPANT_JOINED_SOUND' - // - 'PARTICIPANT_LEFT_SOUND' - // - 'RAISE_HAND_SOUND' - // - 'REACTION_SOUND' - // - 'RECORDING_OFF_SOUND' - // - 'RECORDING_ON_SOUND' - // - 'TALK_WHILE_MUTED_SOUND' - // disabledSounds: [], - - // DEPRECATED! Use `disabledSounds` instead. // Decides whether the start/stop recording audio notifications should play on record. // disableRecordAudioNotification: false, - // DEPRECATED! Use `disabledSounds` instead. // Disables the sounds that play when other participants join or leave the // conference (if set to true, these sounds will not be played). // disableJoinLeaveSounds: false, - // DEPRECATED! Use `disabledSounds` instead. - // Disables the sounds that play when a chat message is received. - // disableIncomingMessageSound: false, - // Information for the chrome extension banner // chromeExtensionBanner: { // // The chrome extension to be installed address @@ -850,8 +587,8 @@ var config = { // localRecording: { // Enables local recording. // Additionally, 'localrecording' (all lowercase) needs to be added to - // the `toolbarButtons`-array for the Local Recording button to show up - // on the toolbar. + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. // // enabled: true, // @@ -860,10 +597,6 @@ var config = { // format: 'flac' // - // }, - // e2ee: { - // labels, - // externallyManagedKey: false // }, // Options related to end-to-end (participant to participant) ping. @@ -918,9 +651,7 @@ var config = { // Options related to the remote participant menu. // remoteVideoMenu: { // // If set to true the 'Kick out' button will be disabled. - // disableKick: true, - // // If set to true the 'Grant moderator' button will be disabled. - // disableGrantModerator: true + // disableKick: true // }, // If set to true all muting operations of remote participants will be disabled. @@ -932,67 +663,20 @@ var config = { /** External API url used to receive branding specific information. If there is no url set or there are missing fields, the defaults are applied. - The config file should be in JSON. None of the fields are mandatory and the response must have the shape: - { - // The domain url to apply (will replace the domain in the sharing conference link/embed section) - inviteDomain: 'example-company.org, - // The hex value for the colour used as background - backgroundColor: '#fff', - // The url for the image used as background - backgroundImageUrl: 'https://example.com/background-img.png', - // The anchor url used when clicking the logo image - logoClickUrl: 'https://example-company.org', - // The url used for the image used as logo - logoImageUrl: 'https://example.com/logo-img.png', - // Overwrite for pool of background images for avatars - avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'], - // The lobby/prejoin screen background - premeetingBackground: 'url(https://example.com/premeeting-background.png)', - // A list of images that can be used as video backgrounds. - // When this field is present, the default images will be replaced with those provided. - virtualBackgrounds: ['https://example.com/img.jpg'], - // Object containing a theme's properties. It also supports partial overwrites of the main theme. - // For a list of all possible theme tokens and their current defaults, please check: - // https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json - // For a short explanations on each of the tokens, please check: - // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.js - // IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code - // or they are partially applied. - customTheme: { - palette: { - ui01: "orange !important", - ui02: "maroon", - surface02: 'darkgreen', - ui03: "violet", - ui04: "magenta", - ui05: "blueviolet", - field02Hover: 'red', - action01: 'green', - action01Hover: 'lightgreen', - action02Disabled: 'beige', - success02: 'cadetblue', - action02Hover: 'aliceblue' - }, - typography: { - labelRegular: { - fontSize: 25, - lineHeight: 30, - fontWeight: 500 - } - } - } - } + { + // The hex value for the colour used as background + backgroundColor: '#fff', + // The url for the image used as background + backgroundImageUrl: 'https://example.com/background-img.png', + // The anchor url used when clicking the logo image + logoClickUrl: 'https://example-company.org', + // The url used for the image used as logo + logoImageUrl: 'https://example.com/logo-img.png' + } */ // dynamicBrandingUrl: '', - // When true the user cannot add more images to be used as virtual background. - // Only the default ones from will be available. - // disableAddingBackgroundImages: false, - - // Disables using screensharing as virtual background. - // disableScreensharingVirtualBackground: false, - // Sets the background transparency level. '0' is fully transparent, '1' is opaque. // backgroundAlpha: 1, @@ -1004,35 +688,12 @@ var config = { // If true, tile view will not be enabled automatically when the participants count threshold is reached. // disableTileView: true, - // If true, the tiles will be displayed contained within the available space rather than enlarged to cover it. - // disableTileEnlargement: true, - - // Controls the visibility and behavior of the top header conference info labels. - // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. - // conferenceInfo: { - // // those labels will not be hidden in tandem with the toolbox. - // alwaysVisible: ['recording', 'local-recording'], - // // those labels will be auto-hidden in tandem with the toolbox buttons. - // autoHide: [ - // 'subject', - // 'conference-timer', - // 'participants-count', - // 'e2ee', - // 'transcribing', - // 'video-quality', - // 'insecure-room' - // ] - // }, - // Hides the conference subject // hideConferenceSubject: true, // Hides the conference timer. // hideConferenceTimer: true, - // Hides the recording label - // hideRecordingLabel: false, - // Hides the participants stats // hideParticipantsStats: true, @@ -1044,13 +705,6 @@ var config = { // is not persisting the local storage inside the iframe. // useHostPageLocalStorage: true, - // etherpad ("shared document") integration. - // - - // If set, add a "Open shared document" link to the bottom right menu that - // will open an etherpad document. - // etherpad_base: 'https://your-etherpad-installati.on/p/', - // List of undocumented settings used in jitsi-meet /** _immediateReloadThreshold @@ -1063,8 +717,8 @@ var config = { dialOutCodesUrl disableRemoteControl displayJids + etherpad_base externalConnectUrl - e2eeLabels firefox_fake_device googleApiApplicationClientID iAmRecorder @@ -1106,11 +760,6 @@ var config = { websocketKeepAliveUrl */ - /** - * Default interval (milliseconds) for triggering mouseMoved iframe API event - */ - mouseMoveCallbackInterval: 1000, - /** Use this array to configure which notifications will be shown to the user The items correspond to the title or description key of that notification @@ -1144,19 +793,11 @@ var config = { // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied // 'localRecording.localRecording', // shown when a local recording is started // 'notify.disconnected', // shown when a participant has left - // 'notify.connectedOneMember', // show when a participant joined - // 'notify.connectedTwoMembers', // show when two participants joined simultaneously - // 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously // 'notify.grantedTo', // shown when moderator rights were granted to a participant // 'notify.invitedOneMember', // shown when 1 participant has been invited // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.kickParticipant', // shown when a participant is kicked - // 'notify.moderationStartedTitle', // shown when AV moderation is activated - // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated - // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation - // 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation - // 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation // 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party // 'notify.mutedTitle', // shown when user has been muted upon joining, // 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device @@ -1165,7 +806,6 @@ var config = { // 'notify.passwordSetRemotely', // shown when a password has been set remotely // 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.startSilentTitle', // shown when user joined with no audio - // 'notify.unmute', // shown to moderator when user raises hand during AV moderation // 'prejoin.errorDialOut', // 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutFailed', @@ -1179,13 +819,7 @@ var config = { // 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone // 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted // 'transcribing.failedToStart' // shown when transcribing fails to start - // ], - - // Prevent the filmstrip from autohiding when screen width is under a certain threshold - // disableFilmstripAutohiding: false, - - // Specifies whether the chat emoticons are disabled or not - // disableChatSmileys: false, + // ] // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. diff --git a/type/__jitsi_meet_domain/files/interface_config.js.sh b/type/__jitsi_meet_domain/files/interface_config.js.sh index abcf68b..deede48 100644 --- a/type/__jitsi_meet_domain/files/interface_config.js.sh +++ b/type/__jitsi_meet_domain/files/interface_config.js.sh @@ -36,13 +36,42 @@ var interfaceConfig = { BRAND_WATERMARK_LINK: '', CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it + /** + * Whether the connection indicator icon should hide itself based on + * connection strength. If true, the connection indicator will remain + * displayed while the participant has a weak connection and will hide + * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is + * strong. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true, + + /** + * How long the connection indicator should remain displayed before hiding. + * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED. + * + * @type {number} + */ + CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000, + + /** + * If true, hides the connection indicators completely. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_DISABLED: false, DEFAULT_BACKGROUND: '#474747', + DEFAULT_LOCAL_DISPLAY_NAME: 'me', DEFAULT_LOGO_URL: '${BRANDING_WATERMARK_PATH}', + DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', DEFAULT_WELCOME_PAGE_LOGO_URL: '${BRANDING_WATERMARK_PATH}', DISABLE_DOMINANT_SPEAKER_INDICATOR: false, + DISABLE_FOCUS_INDICATOR: false, + /** * If true, notifications regarding joining/leaving are no longer displayed. */ @@ -98,6 +127,7 @@ var interfaceConfig = { */ HIDE_INVITE_MORE_HEADER: false, + INITIAL_TOOLBAR_TIMEOUT: 20000, JITSI_WATERMARK_LINK: 'https://jitsi.org', LANG_DETECTION: true, // Allow i18n to detect the system language @@ -155,7 +185,7 @@ var interfaceConfig = { RECENT_LIST_ENABLED: true, REMOTE_THUMBNAIL_RATIO: 1, // 1:1 - SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds' ], + SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ], /** * Specify which sharing features should be displayed. If the value is not set @@ -166,10 +196,10 @@ var interfaceConfig = { SHOW_BRAND_WATERMARK: false, /** - * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. - * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) - * being already installed is done before rendering. - */ + * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. + * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) + * being already installed is done before rendering. + */ SHOW_CHROME_EXTENSION_BANNER: false, SHOW_DEEP_LINKING_IMAGE: false, @@ -183,6 +213,22 @@ var interfaceConfig = { */ SUPPORT_URL: 'https://community.jitsi.org/', + TOOLBAR_ALWAYS_VISIBLE: false, + + /** + * DEPRECATED! + * This config was moved to config.js as \`toolbarButtons\`. + */ + // TOOLBAR_BUTTONS: [ + // 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen', + // 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording', + // 'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand', + // 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', + // 'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security' + // ], + + TOOLBAR_TIMEOUT: 4000, + // Browsers, in addition to those which do not fully support WebRTC, that // are not supported and should show the unsupported browser page. UNSUPPORTED_BROWSERS: [], @@ -195,8 +241,7 @@ var interfaceConfig = { // Determines how the video would fit the screen. 'both' would fit the whole // screen, 'height' would fit the original video height to the height of the // screen, 'width' would fit the original video width to the width of the - // screen respecting ratio, 'nocrop' would make the video as large as - // possible and preserve aspect ratio without cropping. + // screen respecting ratio. VIDEO_LAYOUT_FIT: 'both', /** @@ -234,40 +279,19 @@ var interfaceConfig = { */ // ANDROID_APP_PACKAGE: 'org.jitsi.meet', + /** + * Override the behavior of some notifications to remain displayed until + * explicitly dismissed through a user action. The value is how long, in + * milliseconds, those notifications should remain displayed. + */ + // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000, + // List of undocumented settings /** INDICATOR_FONT_SIZES PHONE_NUMBER_REGEX */ - // -----------------DEPRECATED CONFIGS BELOW THIS LINE----------------------------- - - // Connection indicators ( - // CONNECTION_INDICATOR_AUTO_HIDE_ENABLED, - // CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT, - // CONNECTION_INDICATOR_DISABLED) got moved to config.js. - - // Please use disableModeratorIndicator from config.js - // DISABLE_FOCUS_INDICATOR: false, - - // Please use defaultLocalDisplayName from config.js - // DEFAULT_LOCAL_DISPLAY_NAME: 'me', - - // Please use defaultRemoteDisplayName from config.js - // DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', - - // Moved to config.js as \`toolbarConfig.initialTimeout\`. - // INITIAL_TOOLBAR_TIMEOUT: 20000, - - // Moved to config.js as \`toolbarConfig.alwaysVisible\`. - // TOOLBAR_ALWAYS_VISIBLE: false, - - // This config was moved to config.js as \`toolbarButtons\`. - // TOOLBAR_BUTTONS: [], - - // Moved to config.js as \`toolbarConfig.timeout\`. - // TOOLBAR_TIMEOUT: 4000, - // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. // eslint-disable-next-line sort-keys diff --git a/type/__jitsi_meet_domain/files/interface_config.js.sh.orig b/type/__jitsi_meet_domain/files/interface_config.js.sh.orig index c3a76af..425b784 100644 --- a/type/__jitsi_meet_domain/files/interface_config.js.sh.orig +++ b/type/__jitsi_meet_domain/files/interface_config.js.sh.orig @@ -25,13 +25,42 @@ var interfaceConfig = { BRAND_WATERMARK_LINK: '', CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it + /** + * Whether the connection indicator icon should hide itself based on + * connection strength. If true, the connection indicator will remain + * displayed while the participant has a weak connection and will hide + * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is + * strong. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true, + + /** + * How long the connection indicator should remain displayed before hiding. + * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED. + * + * @type {number} + */ + CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000, + + /** + * If true, hides the connection indicators completely. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_DISABLED: false, DEFAULT_BACKGROUND: '#474747', + DEFAULT_LOCAL_DISPLAY_NAME: 'me', DEFAULT_LOGO_URL: 'images/watermark.svg', + DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg', DISABLE_DOMINANT_SPEAKER_INDICATOR: false, + DISABLE_FOCUS_INDICATOR: false, + /** * If true, notifications regarding joining/leaving are no longer displayed. */ @@ -87,6 +116,7 @@ var interfaceConfig = { */ HIDE_INVITE_MORE_HEADER: false, + INITIAL_TOOLBAR_TIMEOUT: 20000, JITSI_WATERMARK_LINK: 'https://jitsi.org', LANG_DETECTION: true, // Allow i18n to detect the system language @@ -144,7 +174,7 @@ var interfaceConfig = { RECENT_LIST_ENABLED: true, REMOTE_THUMBNAIL_RATIO: 1, // 1:1 - SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds' ], + SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ], /** * Specify which sharing features should be displayed. If the value is not set @@ -155,10 +185,10 @@ var interfaceConfig = { SHOW_BRAND_WATERMARK: false, /** - * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. - * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) - * being already installed is done before rendering. - */ + * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. + * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) + * being already installed is done before rendering. + */ SHOW_CHROME_EXTENSION_BANNER: false, SHOW_DEEP_LINKING_IMAGE: false, @@ -172,6 +202,22 @@ var interfaceConfig = { */ SUPPORT_URL: 'https://community.jitsi.org/', + TOOLBAR_ALWAYS_VISIBLE: false, + + /** + * DEPRECATED! + * This config was moved to config.js as `toolbarButtons`. + */ + // TOOLBAR_BUTTONS: [ + // 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen', + // 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording', + // 'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand', + // 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', + // 'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security' + // ], + + TOOLBAR_TIMEOUT: 4000, + // Browsers, in addition to those which do not fully support WebRTC, that // are not supported and should show the unsupported browser page. UNSUPPORTED_BROWSERS: [], @@ -184,8 +230,7 @@ var interfaceConfig = { // Determines how the video would fit the screen. 'both' would fit the whole // screen, 'height' would fit the original video height to the height of the // screen, 'width' would fit the original video width to the width of the - // screen respecting ratio, 'nocrop' would make the video as large as - // possible and preserve aspect ratio without cropping. + // screen respecting ratio. VIDEO_LAYOUT_FIT: 'both', /** @@ -223,40 +268,19 @@ var interfaceConfig = { */ // ANDROID_APP_PACKAGE: 'org.jitsi.meet', + /** + * Override the behavior of some notifications to remain displayed until + * explicitly dismissed through a user action. The value is how long, in + * milliseconds, those notifications should remain displayed. + */ + // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000, + // List of undocumented settings /** INDICATOR_FONT_SIZES PHONE_NUMBER_REGEX */ - // -----------------DEPRECATED CONFIGS BELOW THIS LINE----------------------------- - - // Connection indicators ( - // CONNECTION_INDICATOR_AUTO_HIDE_ENABLED, - // CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT, - // CONNECTION_INDICATOR_DISABLED) got moved to config.js. - - // Please use disableModeratorIndicator from config.js - // DISABLE_FOCUS_INDICATOR: false, - - // Please use defaultLocalDisplayName from config.js - // DEFAULT_LOCAL_DISPLAY_NAME: 'me', - - // Please use defaultRemoteDisplayName from config.js - // DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', - - // Moved to config.js as `toolbarConfig.initialTimeout`. - // INITIAL_TOOLBAR_TIMEOUT: 20000, - - // Moved to config.js as `toolbarConfig.alwaysVisible`. - // TOOLBAR_ALWAYS_VISIBLE: false, - - // This config was moved to config.js as `toolbarButtons`. - // TOOLBAR_BUTTONS: [], - - // Moved to config.js as `toolbarConfig.timeout`. - // TOOLBAR_TIMEOUT: 4000, - // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. // eslint-disable-next-line sort-keys diff --git a/type/__jitsi_meet_domain/files/nginx.sh b/type/__jitsi_meet_domain/files/nginx.sh index 6e874c1..8b124e2 100644 --- a/type/__jitsi_meet_domain/files/nginx.sh +++ b/type/__jitsi_meet_domain/files/nginx.sh @@ -2,14 +2,6 @@ # shellcheck disable=SC2034 # This is intended to be included JITSI_NGINX_CONFIG="$(cat <_` - for details. - owner Owner of the deployed files, passed to `chown`. Defaults to 'root'. brand Web UI branding, defaults to 'Element'. -branding_auth_header_logo_url - A logo image that is shown in the header during authentication flows. - -branding_welcome_background_url - An image to use as a wallpaper outside the app during authentication flows. If an array is passed, an image is chosen randomly for each visit. - -branding_auth_footer_links - a list of links to show in the authentication page footer: `[{"text": "Link - text", "url": "https://link.target"}, {"text": "Other link", ...}]` - default_country_code ISO 3166 alpha2 country code to use when showing country selectors, such as phone number inputs. Defaults to GB. diff --git a/type/__matrix_element/manifest b/type/__matrix_element/manifest index fe937c5..544bd96 100755 --- a/type/__matrix_element/manifest +++ b/type/__matrix_element/manifest @@ -25,13 +25,11 @@ INSTALL_DIR=$(cat "$__object/parameter/install_dir") export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name") export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url") -export IDENTITY_SERVER_URL=$(cat "$__object/parameter/identity_server_url") export BRAND=$(cat "$__object/parameter/brand") export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code") export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers") export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url") export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url") -export BRANDING_WELCOME_BACKGROUND_URL=$(cat "$__object/parameter/branding_welcome_background_url") if [ -f "$__object/parameter/jitsi_domain" ]; then export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain") @@ -46,24 +44,14 @@ if [ -f "$__object/parameter/branding_auth_footer_links" ]; then fi if [ -f "$__object/parameter/homepage" ]; then + export EMBED_HOMEPAGE=1 homepage=$(cat "$__object/parameter/homepage") - if [ -f "$homepage" ]; then - upload_homepage=1 - else - export HOME_PAGE_URL=$homepage - fi fi -WELCOME_PAGE_URL="welcome.html" if [ -f "$__object/parameter/welcomepage" ]; then + export EMBED_WELCOMEPAGE=1 welcomepage=$(cat "$__object/parameter/welcomepage") - if [ -f welcomepage ]; then - export UPLOAD_WELCOMEPAGE=1 - else - WELCOME_PAGE_URL=$welcomepage - fi fi -export WELCOME_PAGE_URL if [ -f "$__object/parameter/custom_asset" ]; then "$__object/parameter/custom_asset" | while IFS= read -r file; do @@ -103,14 +91,14 @@ require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json" --mode 0664 \ --state present -if [ $upload_homepage ]; then +if [ $EMBED_HOMEPAGE ]; then require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \ --source "$homepage" \ --mode 0664 \ --state present fi -if [ $upload_welcomepage ]; then +if [ $EMBED_WELCOMEPAGE ]; then require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \ --source "$welcomepage" \ --mode 0664 \ diff --git a/type/__matrix_element/parameter/default/branding_welcome_background_url b/type/__matrix_element/parameter/default/branding_welcome_background_url deleted file mode 100644 index 5f5acef..0000000 --- a/type/__matrix_element/parameter/default/branding_welcome_background_url +++ /dev/null @@ -1 +0,0 @@ -themes/element/img/backgrounds/lake.jpg diff --git a/type/__matrix_element/parameter/default/identity_server b/type/__matrix_element/parameter/default/identity_server deleted file mode 100644 index e69de29..0000000 diff --git a/type/__matrix_element/parameter/optional b/type/__matrix_element/parameter/optional index 2830f81..21a2faf 100644 --- a/type/__matrix_element/parameter/optional +++ b/type/__matrix_element/parameter/optional @@ -1,6 +1,5 @@ default_server_url default_server_name -identity_server_url brand default_country_code privacy_policy_url @@ -12,4 +11,3 @@ welcomepage jitsi_domain branding_auth_header_logo_url branding_auth_footer_links -branding_welcome_background_url diff --git a/type/__matrix_synapse/files/homeserver.yaml.sh b/type/__matrix_synapse/files/homeserver.yaml.sh index 74ac69c..bc94391 100755 --- a/type/__matrix_synapse/files/homeserver.yaml.sh +++ b/type/__matrix_synapse/files/homeserver.yaml.sh @@ -448,7 +448,7 @@ retention: # matter much because Synapse doesn't take it into account yet. # default_policy: - min_lifetime: ${MESSAGE_RETENTION_POLICY_MIN_LIFETIME:?} + min_lifetime: 1d max_lifetime: ${MESSAGE_RETENTION_POLICY_MAX_LIFETIME:?} # Retention policy limits. If set, and the state of a room contains a @@ -1175,26 +1175,14 @@ fi cat << EOF # The shared secret used to compute passwords for the TURN server # -EOF +turn_shared_secret: "$TURN_SHARED_SECRET" -if [ -n "$TURN_SHARED_SECRET" ]; then - echo "turn_shared_secret: \"$TURN_SHARED_SECRET\"" -fi - -cat << EOF # The Username and password if the TURN server needs them and # does not use a token # -EOF +#turn_username: "TURNSERVER_USERNAME" +#turn_password: "TURNSERVER_PASSWORD" -if [ -n "$TURN_USERNAME" ] || [ "$TURN_PASSWORD" ]; then - cat <<- EOF - turn_username: "$TURN_USERNAME" - turn_password: "$TURN_PASSWORD" - EOF -fi - -cat << EOF # How long generated TURN credentials last # turn_user_lifetime: ${TURN_USER_LIFETIME:?} @@ -1334,7 +1322,7 @@ fi cat << EOF # Enable 3PIDs lookup requests to identity servers from this server. # -enable_3pid_lookup: ${ENABLE_3PID_LOOKUPS:?} +#enable_3pid_lookup: true # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. @@ -1342,12 +1330,9 @@ EOF if [ -n "$REGISTRATION_SHARED_SECRET" ]; then echo "registration_shared_secret: '$REGISTRATION_SHARED_SECRET'" -else - echo "# registration_shared_secret: 'secret'" fi cat << EOF - # Set the number of bcrypt rounds used to generate password hash. # Larger numbers increase the work factor needed to generate the hash. # The default number is 12 (which equates to 2^12 rounds). @@ -1368,13 +1353,7 @@ allow_guest_access: ${ALLOW_GUEST_ACCESS:?} # (By default, no suggestion is made, so it is left up to the client.) # #default_identity_server: https://matrix.org -EOF -if [ -n "$DEFAULT_IDENTITY_SERVER" ]; then - echo "default_identity_server: \"$DEFAULT_IDENTITY_SERVER\"" -fi - -cat << EOF # Handle threepid (email/phone etc) registration and password resets through a set of # *trusted* identity servers. Note that this allows the configured identity server to # reset passwords for accounts! @@ -1717,24 +1696,7 @@ saml2_config: # local: ["saml2/idp.xml"] # remote: # - url: https://our_idp/metadata.xml -EOF -if [ -n "$SAML2_IDP_METADATA_URL" ]; then - cat << EOF - metadata: - remote: - - url: "$SAML2_IDP_METADATA_URL" -EOF -fi - -if [ -n "$SAML2_SP_CERT" ] || [ -n "$SAML2_SP_KEY" ]; then - cat << EOF - key_file: "$SAML2_SP_KEY" - cert_file: "$SAML2_SP_CERT" -EOF -fi - -cat << EOF # Allowed clock difference in seconds between the homeserver and IdP. # # Uncomment the below to increase the accepted time difference from 0 to 3 seconds. @@ -1808,15 +1770,7 @@ cat << EOF # The custom module's class. Uncomment to use a custom module. # #module: mapping_provider.SamlMappingProvider -EOF -if [ -n "$SAML2_MAPPING_PROVIDER_MODULE" ]; then - cat << EOF - module: "$SAML2_MAPPING_PROVIDER_MODULE" -EOF -fi - -cat << EOF # Custom configuration values for the module. Below options are # intended for the built-in provider, they should be changed if # using a custom module. This section will be passed as a Python @@ -1846,17 +1800,6 @@ cat << EOF # value will be used instead. # #mxid_mapping: dotreplace -EOF - -if [ -n "$SAML2_MAPPING_PROVIDER_EXTRA_CONFIG" ]; then - echo "$SAML2_MAPPING_PROVIDER_EXTRA_CONFIG" | while IFS= read -r entry; do - cat << EOF - $entry -EOF - done -fi - -cat << EOF # In previous versions of synapse, the mapping from SAML attribute to # MXID was always calculated dynamically rather than stored in a @@ -2191,7 +2134,7 @@ sso: # You can see the default templates at: # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates # - template_dir: "${SSO_TEMPLATE_DIR:?}" + #template_dir: "res/templates" # JSON web token integration. The following settings can be used to make @@ -2254,8 +2197,6 @@ password_config: # Uncomment to disable password login # #enabled: false - enableed: ${ENABLE_PASSWORDCONFIG:?} - # Uncomment to disable authentication against the local password # database. This is ignored if \`enabled\` is false, and is only useful diff --git a/type/__matrix_synapse/gencode-remote b/type/__matrix_synapse/gencode-remote index 30770ed..cf7c648 100755 --- a/type/__matrix_synapse/gencode-remote +++ b/type/__matrix_synapse/gencode-remote @@ -8,7 +8,7 @@ case "$os" in synapse_conf_dir=/etc/synapse synapse_service=synapse ;; - debian|ubuntu) + debian) synapse_conf_dir=/etc/matrix-synapse synapse_service=matrix-synapse ;; diff --git a/type/__matrix_synapse/man.rst b/type/__matrix_synapse/man.rst index d7b5a32..4eb23bb 100644 --- a/type/__matrix_synapse/man.rst +++ b/type/__matrix_synapse/man.rst @@ -133,14 +133,6 @@ turn-uri turn-shared-secret Shared secret used to access the TURN REST API. -turn-username - Username used to authenticate against the TURN server if needed / a shared - secret token is not used. - -turn-password - Password used to authenticate against the TURN server if needed / a shared - secret token is not used. - turn-user-lifetime Lifetime of TURN credentials. Defaults to 1h. @@ -189,25 +181,6 @@ bind-address Address used to bind the synapse listeners. Can be specified multiple times. Defaults to '::1' and '127.0.0.1'. -saml2-idp-metadata-url - HTTP(S) url to SAML2 Identity Provider (IdP), used for Single Sign On (SSO) logic. - -saml2-sp-key - Path to PEM-formatted key file for use by PySAML2. - -saml2-sp-cert - Path to PEM-formatted cert file for use by PySAML2. - -saml2-mapping-provider-module - Name of custom Python module used to map SAML2 attributes to synapse internals. - -saml2-mapping-provider-extra-settings - Extra YAML-formatted key/pair values provided as configuration to the SAML2 - mapping provider module (e.g. 'key: value'). Can be specified multiple times. - -sso-template-dir - Directory used to source SSO-related HTML templates. - extra-setting Arbitrary string to be added to the configuration file. Can be specified multiple times. @@ -249,9 +222,6 @@ allow-public-rooms-without-auth enable-server-notices Enable the server notices room. -enable-3pid-lookups - Enable 3PIDs lookup requests to identity servers from this server. - allow-guest-access Allows users to register as guests without a password/email/etc, and participate in rooms hosted on this server which have been made accessible @@ -286,11 +256,6 @@ worker-mode processes are called 'workers'. Please read the WORKER MODE section of this manpage before enabling, as extra work and considerations are required. -enable-passwordconfig - For removing user/password tab on login screen. - when it set saml2-login, it remove user/password tab on login-screen. - default is true. - PERFORMANCE ----------- diff --git a/type/__matrix_synapse/manifest b/type/__matrix_synapse/manifest index 42ced0d..64c7c85 100755 --- a/type/__matrix_synapse/manifest +++ b/type/__matrix_synapse/manifest @@ -19,10 +19,10 @@ # # OS-specific configuration. -os=$(cat "$__global/explorer/os") +os=$(cat "${__global:?}/explorer/os") case "$os" in - debian|ubuntu) + debian) synapse_user=matrix-synapse synapse_pkg=matrix-synapse-py3 synapse_service=matrix-synapse @@ -30,14 +30,13 @@ case "$os" in synapse_conf_dir='/etc/matrix-synapse' synapse_data_dir='/var/lib/matrix-synapse' - __apt_key matrix-org \ - --uri https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg - + # We directly use upstream's APT repository. + # See https://code.ungleich.ch/ungleich-public/cdist-contrib/-/issues/11 for details. + __apt_key matrix-org --uri https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg require="__apt_key/matrix-org" __apt_source matrix-org \ --uri https://packages.matrix.org/debian/ \ --component main - package_req="__apt_source/matrix-org" - ;; + ;; alpine) synapse_user=synapse synapse_pkg=synapse @@ -57,7 +56,7 @@ esac # Small helper used to get boolean values which can be used as-is in the # configuration template. get_boolean_for () { - if [ -f "$__object/parameter/${1:?}" ]; then + if [ -f "${__object:?}/parameter/${1:?}" ]; then echo 'true' else echo 'false' @@ -96,7 +95,7 @@ export SERVER_NAME BASE_URL REPORT_STATS MAX_UPLOAD_SIZE EXPOSE_METRICS \ WEB_CLIENT_URL ROOM_ENCRYPTION_POLICY BIND_ADDRESSES if [ -f "$__object/parameter/enable-server-notices" ]; then - export ENABLE_SERVER_NOTICES=1 + export ENABLE_SERVER_NOTICES=1 fi # TLS. @@ -169,80 +168,28 @@ fi # Registrations and users. ALLOW_GUEST_ACCESS=$(get_boolean_for 'allow-guest-access') ENABLE_REGISTRATIONS=$(get_boolean_for 'enable-registrations') -ENABLE_PASSWORDCONFIG=$(get_boolean_for 'enable-passwordconfig') USER_DIRECTORY_SEARCH_ALL_USERS=$(get_boolean_for 'user-directory-search-all-users') export ALLOW_GUEST_ACCESS ENABLE_REGISTRATIONS USER_DIRECTORY_SEARCH_ALL_USERS -if [ -f "$__object/parameter/registration-shared-secret" ]; then +if [ -f "$__object/parameter/registration-shared-token" ]; then REGISTRATION_SHARED_SECRET=$(cat "$__object/parameter/registration-shared-secret") export REGISTRATION_SHARED_SECRET fi if [ -f "$__object/parameter/registration-requires-email" ]; then - export REGISTRATION_REQUIRES_EMAIL=1 + export REGISTRATION_REQUIRES_EMAIL=1 fi if [ -f "$__object/parameter/auto-join-room" ]; then - AUTO_JOIN_ROOMS="$(cat "$__object/parameter/auto-join-room")" - export AUTO_JOIN_ROOMS + AUTO_JOIN_ROOMS="$(cat "$__object/parameter/auto-join-room")" + export AUTO_JOIN_ROOMS fi if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then - RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern") - export RESGISTRATION_ALLOWS_EMAIL_PATTERN + RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern") + export RESGISTRATION_ALLOWS_EMAIL_PATTERN fi -if [ -f "$__object/parameter/saml2-idp-metadata-url" ]; then - # Synapse fails to start while trying to parse IDP metadata if this package - # is not installed. - __package xmlsec1 - - SAML2_IDP_METADATA_URL=$(cat "$__object/parameter/saml2-idp-metadata-url") - export SAML2_IDP_METADATA_URL -fi - -if [ -f "$__object/parameter/saml2-sp-key" ]; then - SAML2_SP_KEY=$(cat "$__object/parameter/saml2-sp-key") - export SAML2_SP_KEY -fi - -if [ -f "$__object/parameter/saml2-sp-cert" ]; then - SAML2_SP_CERT=$(cat "$__object/parameter/saml2-sp-cert") - export SAML2_SP_CERT -fi - -if [ -f "$__object/parameter/saml2-mapping-provider-module" ]; then - SAML2_MAPPING_PROVIDER_MODULE=$(cat "$__object/parameter/saml2-mapping-provider-module") - export SAML2_MAPPING_PROVIDER_MODULE -fi - -if [ -f "$__object/parameter/saml2-mapping-provider-extra-config" ]; then - SAML2_MAPPING_PROVIDER_EXTRA_CONFIG=$(cat "$__object/parameter/saml2-mapping-provider-extra-config") - export SAML2_MAPPING_PROVIDER_EXTRA_CONFIG -fi - -SSO_TEMPLATE_DIR=$(cat "$__object/parameter/sso-template-dir") -export SSO_TEMPLATE_DIR - -if [ -n "$SAML2_SP_KEY" ] && [ -z "$SAML2_SP_CERT" ]; then - echo "--saml2-sp-cert must be set if --saml2-sp-key is provided." >&2 - exit 1 -elif [ -n "$SAML2_SP_CERT" ] && [ -z "$SAML2_SP_KEY" ]; then - echo "--saml2-sp-key must be set if --saml2-sp-cert is provided." >&2 - exit 1 -fi - -if [ -f "$__object/parameter/default-identity-server" ]; then - DEFAULT_IDENTITY_SERVER=$(cat "$__object/parameter/default-identity-server") - export DEFAULT_IDENTITY_SERVER -fi - -ENABLE_3PID_LOOKUPS='false' -if [ -f "$__object/parameter/enable-3pid-lookups" ]; then - ENABLE_3PID_LOOKUPS='true' -fi -export ENABLE_3PID_LOOKUPS - # Federation. ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation') ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth') @@ -258,8 +205,7 @@ fi # Message retention. ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-policy') MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime") -MESSAGE_RETENTION_POLICY_MIN_LIFETIME=$MESSAGE_RETENTION_POLICY_MAX_LIFETIME -export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME MESSAGE_RETENTION_POLICY_MIN_LIFETIME +export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME # Previews. ENABLE_URL_PREVIEW=$(get_boolean_for 'enable-url-preview') @@ -299,16 +245,6 @@ if [ -f "$__object/parameter/turn-uri" ]; then export TURN_URIS fi -if [ -f "$__object/parameter/turn-username" ]; then - TURN_USERNAME=$(cat "$__object/parameter/turn-username") - export TURN_USERNAME -fi - -if [ -f "$__object/parameter/turn-password" ]; then - TURN_PASSWORD=$(cat "$__object/parameter/turn-password") - export TURN_PASSWORD -fi - # Worker-mode configuration. export MAIN_LISTENER_PORT=8008 export ENABLE_MEDIA_REPO='true' @@ -342,25 +278,36 @@ export ENABLE_REPLICATION ENABLE_REDIS_SUPPORT WORKER_REPLICATION_SECRET \ case "$DATABASE_ENGINE" in sqlite3) : - ;; + ;; psycopg2) when='database engine is psycopg2' is_required_when "$DATABASE_HOST" '--database-host' "$when" is_required_when "$DATABASE_USER" '--database-user' "$when" - ;; + ;; *) echo "Invalid database engine: $DATABASE_ENGINE." >&2 exit 1 - ;; + ;; esac -# Install OS packages. -require="$package_req" __package "$synapse_pkg" -synapse_req="__package/$synapse_pkg" +# Install OS packages. We have a bit of boilerplate to handle the debian case. +synapse_req= +if [ "$os" = "debian" ]; then + require="__apt_source/matrix-org" __package_apt "$synapse_pkg" + synapse_req="__package_apt/$synapse_pkg" +else + __package "$synapse_pkg" + synapse_req="__package/$synapse_pkg" +fi if [ -n "$ENABLE_LDAP_AUTH" ]; then - require="$package_req" __package "$ldap_auth_provider_pkg" + if [ "$os" = "debian" ]; then + require="__apt_source/matrix-org" __package_apt "$ldap_auth_provider_pkg" + else + __package "$ldap_auth_provider_pkg" + fi + synapse_req="$synapse_req __package_apt/$ldap_auth_provider_pkg" fi # Generate and deploy configuration files. @@ -369,13 +316,13 @@ mkdir -p "$__object/files" "$__type/files/log.config.sh" > "$__object/files/log.config" require="$synapse_req" __file "$synapse_conf_dir/homeserver.yaml" \ - --owner $synapse_user \ - --mode 600 \ - --source "$__object/files/homeserver.yaml" + --owner $synapse_user \ + --mode 600 \ + --source "$__object/files/homeserver.yaml" require="$synapse_req" __file "$LOG_CONFIG_PATH" \ - --owner $synapse_user \ - --mode 600 \ - --source "$__object/files/log.config" + --owner $synapse_user \ + --mode 600 \ + --source "$__object/files/log.config" for directory in $DATA_DIR $LOG_DIR; do require="$synapse_req" __directory $directory \ @@ -383,8 +330,8 @@ for directory in $DATA_DIR $LOG_DIR; do --owner $synapse_user done -# Make dpkg-reconfigure happy on debian-based systems. -if [ "$os" = "debian" ] || [ "$os" = "ubuntu" ]; then +# Make dpkg-reconfigure happy on debian systems. +if [ "$os" = "debian" ]; then require="$synapse_req" __file "$synapse_conf_dir/conf.d/server_name.yaml" \ --owner $synapse_user \ --source - <<- EOF diff --git a/type/__matrix_synapse/parameter/boolean b/type/__matrix_synapse/parameter/boolean index 1bd2dc7..7ff48de 100644 --- a/type/__matrix_synapse/parameter/boolean +++ b/type/__matrix_synapse/parameter/boolean @@ -17,5 +17,3 @@ user-directory-search-all-users enable-message-retention-policy worker-mode enable-url-preview -enable-3pid-lookups -enable-passwordconfig diff --git a/type/__matrix_synapse/parameter/default/enable-passwordconfig b/type/__matrix_synapse/parameter/default/enable-passwordconfig deleted file mode 100644 index 27ba77d..0000000 --- a/type/__matrix_synapse/parameter/default/enable-passwordconfig +++ /dev/null @@ -1 +0,0 @@ -true diff --git a/type/__matrix_synapse/parameter/default/sso-template-dir b/type/__matrix_synapse/parameter/default/sso-template-dir deleted file mode 100644 index b51bcdc..0000000 --- a/type/__matrix_synapse/parameter/default/sso-template-dir +++ /dev/null @@ -1 +0,0 @@ -res/template diff --git a/type/__matrix_synapse/parameter/optional b/type/__matrix_synapse/parameter/optional index 1786dd1..1378365 100644 --- a/type/__matrix_synapse/parameter/optional +++ b/type/__matrix_synapse/parameter/optional @@ -13,8 +13,6 @@ ldap-bind-password ldap-filter turn-shared-secret turn-user-lifetime -turn-username -turn-password max-upload-size smtp-host smtp-port @@ -36,9 +34,3 @@ background-tasks-worker tls-cert tls-private-key registration-shared-secret -saml2-idp-metadata-url -saml2-sp-key -saml2-sp-cert -default-identity-server -saml2-mapping-provider-module -sso-template-dir diff --git a/type/__matrix_synapse/parameter/optional_multiple b/type/__matrix_synapse/parameter/optional_multiple index dfd69cb..8871dd6 100644 --- a/type/__matrix_synapse/parameter/optional_multiple +++ b/type/__matrix_synapse/parameter/optional_multiple @@ -5,4 +5,3 @@ app-service-config-file extra-setting bind-address outbound-federation-worker -saml2-mapping-provider-extra-config diff --git a/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service b/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service index 6f89cd8..6352b00 100644 --- a/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service +++ b/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service @@ -15,7 +15,7 @@ NotifyAccess=main User=matrix-synapse WorkingDirectory=/var/lib/matrix-synapse EnvironmentFile=/etc/default/matrix-synapse -ExecStart=/opt/venvs/matrix-synapse/bin/python -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml +ExecStart=/usr/bin/python3 -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure RestartSec=3 diff --git a/type/__matterbridge/manifest b/type/__matterbridge/manifest index 2b5738b..ef02112 100755 --- a/type/__matterbridge/manifest +++ b/type/__matterbridge/manifest @@ -20,7 +20,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - debian|ubuntu) + debian) # This type assume systemd for service installation. ;; *) @@ -31,13 +31,11 @@ case "$os" in esac # Required parameters. -version=$(cat "$__object/parameter/version") +VERSION=$(cat "$__object/parameter/version") if [ -f "$__object/parameter/config" ]; then - config="$(cat "$__object/parameter/config")" - if [ "$config" = "-" ]; then - mkdir -p "$__object/files" - config="$__object/files/matterbridge.toml" - cat "$__object/stdin" > "$config" + CONFIG="$(cat "$__object/parameter/config")" + if [ "$CONFIG" = "-" ]; then + CONFIG=$(cat "$__object/stdin") fi fi @@ -48,11 +46,11 @@ export USER=matterbridge export GROUP=$USER # Internal variables. -artefact="matterbridge-$version-linux-64bit" +artefact="matterbridge-$VERSION-linux-64bit" checksum_file="checksums.txt" release_download_url=https://github.com/42wim/matterbridge/releases/download -binary_url="$release_download_url/v$version/$artefact" -checksum_file_url="$release_download_url/v$version/$checksum_file" +binary_url="$release_download_url/v$VERSION/$artefact" +checksum_file_url="$release_download_url/v$VERSION/$checksum_file" config_dir=$(dirname $CONFIG_PATH) systemd_unit_path='/etc/systemd/system/matterbridge.service' @@ -90,7 +88,7 @@ require="__user/$USER" __directory "$config_dir" \ require="__directory/$config_dir" __file "$CONFIG_PATH" \ --owner "$USER" \ --mode 0640 \ - --source "$config" + --source "$CONFIG" __file "$systemd_unit_path" \ --source "$__object/files/matterbridge.service" diff --git a/type/__networktime/man.rst b/type/__networktime/man.rst deleted file mode 100644 index 41beeb6..0000000 --- a/type/__networktime/man.rst +++ /dev/null @@ -1,50 +0,0 @@ -cdist-type__networktime(7) -========================== - -NAME ----- -cdist-type__networktime - Generic time synchronization type - - -DESCRIPTION ------------ - -This type is intended to be a simple abstraction over the various backends and -programs available for network time synchronization. This type only takes a -list of peers to synchronize to as argument, and then chooses an appropriate -backend depending on the operating system, configures, starts and enables it to -start on boot. - -Currently, the following OSes are supported with the following backends: - -- Alpine Linux: builtin busybox NTPd -- Debian/Ubuntu: systemd-timesyncd - - -REQUIRED MULTIPLE PARAMETERS -------------------- -peer: - The name or IP address of a peer to synchronize to. - - -EXAMPLES --------- - -.. code-block:: sh - - # 2.XXX.ntp.org are IPv6-enabled pools - __networktime --peer 2.ch.pool.ntp.org \ - --peer 2.europe.pool.ntp.org - - -AUTHORS -------- -Joachim Desroches - - -COPYING -------- -Copyright \(C) 2021 Joachim Desroches. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__networktime/manifest b/type/__networktime/manifest deleted file mode 100755 index 1febf66..0000000 --- a/type/__networktime/manifest +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/sh -e -# -# 2021 Joachim Desroches (joachim.desroches@epfl.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -os=$(cat "${__global:?}/explorer/os") - -case "$os" in -'alpine') - backend=busybox-openrc - ;; -'debian' | 'ubuntu') - backend=systemd-timesyncd - ;; -*) - printf "__networktime is not yet implemented for %s.\n" "$os" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; -esac - -case "$backend" in -'busybox-openrc') - argstring="-N" - while read -r peer; - do - argstring="$argstring -p $peer" - done < "${__object:?}/parameter/peer" - - __start_on_boot ntpd - - __file /etc/conf.d/ntpd \ - --mode 0644 --onchange "service ntpd restart"\ - --source - <<- EOF - # NTPd OpenRC configuration file. Managed by cdist. - NTPD_OPTS="$argstring" - EOF - ;; - -'systemd-timesyncd') - peers="$(tr '\n' ' ' < "${__object:?}/parameter/peer")" - - __package ntp --state absent - require="__package/ntp" __systemd_unit systemd-timesyncd \ - --enablement-state enabled --restart - - __file /etc/systemd/timesyncd.conf \ - --mode 0644 --onchange "systemctl restart systemd-timesyncd" \ - --source - <<- EOF - # timesyncd(8) configuration file. Managed by cdist. - [Time] - NTP=$peers - EOF - ;; -*) - printf "Unkown backend in __networktime. This is a bug.\n" >&2 - exit 1 - ;; -esac diff --git a/type/__networktime/parameter/required_multiple b/type/__networktime/parameter/required_multiple deleted file mode 100644 index c9f6d41..0000000 --- a/type/__networktime/parameter/required_multiple +++ /dev/null @@ -1 +0,0 @@ -peer diff --git a/type/__networktime/singleton b/type/__networktime/singleton deleted file mode 100644 index e69de29..0000000 diff --git a/type/__nginx/man.rst b/type/__nginx/man.rst deleted file mode 100644 index c1827c0..0000000 --- a/type/__nginx/man.rst +++ /dev/null @@ -1,67 +0,0 @@ -cdist-type__nginx(7) -=================================== - -NAME ----- -cdist-type__nginx - Serve web content with NGINX - - -DESCRIPTION ------------ -Leverages `__nginx_vhost` to serve web content. - -REQUIRED PARAMETERS -------------------- -domain - Domain name to be served. - -OPTIONAL PARAMETERS -------------------- -config - Custom NGINX logic, templated within a standard `server` section with - `server_name` and TLS parameters set. Defaults to simple static hosting. - -altdomains - Alternative domain names for this vhost and related TLS certificate. - -uacme-hookscript - Custom hook passed to the __uacme_obtain type: useful to integrate the - dns-01 challenge with third-party DNS providers. - -acme-url - ACMEv2 server directory object URL. Lets'Encrypt is used by default. - -acme-eab-credentials - Specify RFC8555 External Account Binding credentials according to - https://tools.ietf.org/html/rfc8555#section-7.3.4, in order to associate a new - ACME account with an existing account in a non-ACME system such as a CA - customer database. KEYID must be an ASCII string. KEY must be - base64url-encoded. - -EXAMPLES --------- - -.. code-block:: sh - - # TLS-enabled vhost serving static files in $WEBROOT/domain.tld (OS-specific, - # usually `/var/www` on GNU/Linux systemd). - __nginx domain.tld - - # TLS-enabled vhost with custom configuration. - __nginx files.domain.tld \ - --config - <<- EOF - root /var/www/files.domain.tld/; - autoindex on; - EOF - -AUTHORS -------- -Timothée Floure -Joachim Desroches - -COPYING -------- -Copyright \(C) 2020 Joachim Desroches. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__nginx/manifest b/type/__nginx/manifest deleted file mode 100644 index cdd483a..0000000 --- a/type/__nginx/manifest +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/sh - -os="$(cat "${__global:?}"/explorer/os)" -case "$os" in - alpine) - nginx_user=nginx - nginx_certdir=/etc/nginx/ssl - ;; - debian|ubuntu) - nginx_user=www-data - nginx_certdir=/etc/nginx/ssl - ;; - *) - echo "This type does not support $os yet. Aborting." >&2; - exit 1; - ;; -esac - -if [ -f "${__object:?}/parameter/domain" ]; -then - domain="$(cat "${__object:?}/parameter/domain")" -else - domain="${__object_id:?}" -fi - -altdomains= -if [ -f "${__object:?}/parameter/altdomains" ]; -then - altdomains="$(cat "${__object:?}/parameter/altdomains")" -fi - -set_custom_uacme_hookscript= -if [ -f "${__object:?}/parameter/uacme-hookscript" ]; -then - uacme_hookscript="$(cat "${__object:?}/parameter/uacme-hookscript")" - set_custom_uacme_hookscript="--hookscript $uacme_hookscript" -fi - -set_custom_acme_url= -if [ -f "${__object:?}/parameter/acme-url" ]; -then - custom_acme_url=$(cat "${__object:?}/parameter/acme-url") - set_custom_acme_url="--acme-url $custom_acme_url" -fi - -set_acme_eab_credentials= -if [ -f "${__object:?}/parameter/acme-eab-credentials" ]; -then - acme_eab_credentials=$(cat "${__object:?}/parameter/acme-eab-credentials") - set_acme_eab_credentials="--eab-credentials $acme_eab_credentials" -fi - -# Deploy simple HTTP vhost, allowing to serve ACME challenges. -__nginx_vhost "301-to-https-$domain" \ - --domain "$domain" --altdomains "$altdomains" --to-https - -# Obtaining TLS cert. -cert_ownership=$nginx_user -if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then - cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to") -fi - -# shellcheck disable=SC2086 -__uacme_account \ - $set_custom_acme_url \ - $set_acme_eab_credentials \ - -# shellcheck disable=SC2086 -require="__nginx_vhost/301-to-https-$domain __uacme_account" \ - __uacme_obtain "$domain" \ - --altdomains "$altdomains" \ - $set_custom_uacme_hookscript \ - $set_custom_acme_url \ - $set_acme_eab_credentials \ - --owner "$cert_ownership" \ - --install-key-to "$nginx_certdir/$domain/privkey.pem" \ - --install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \ - --renew-hook "service nginx reload" - -# Deploy HTTPS nginx vhost. -if [ -f "${__object:?}/parameter/config" ]; then - if [ "$(cat "${__object:?}/parameter/config")" = "-" ]; then - nginx_logic="${__object:?}/stdin" - else - nginx_logic="${__object:?}/parameter/config" - fi - - mkdir -p "${__object:?}/files" - cat "$nginx_logic" > "${__object:?}/files/config" - - require="__uacme_obtain/$domain" __nginx_vhost "$domain" \ - --altdomains "$altdomains" --config "${__object:?}/files/config" -else - require="__uacme_obtain/$domain" __nginx_vhost "$domain" \ - --altdomains "$altdomains" -fi diff --git a/type/__nginx/parameter/default/http-port b/type/__nginx/parameter/default/http-port deleted file mode 100644 index d15a2cc..0000000 --- a/type/__nginx/parameter/default/http-port +++ /dev/null @@ -1 +0,0 @@ -80 diff --git a/type/__nginx/parameter/default/https-port b/type/__nginx/parameter/default/https-port deleted file mode 100644 index 6a13cf6..0000000 --- a/type/__nginx/parameter/default/https-port +++ /dev/null @@ -1 +0,0 @@ -443 diff --git a/type/__nginx/parameter/optional b/type/__nginx/parameter/optional deleted file mode 100644 index 8d6fae6..0000000 --- a/type/__nginx/parameter/optional +++ /dev/null @@ -1,7 +0,0 @@ -config -domain -altdomains -uacme-hookscript -acme-url -acme-eab-credentials -force-cert-ownership-to diff --git a/type/__nginx_vhost/files/301-to-https b/type/__nginx_vhost/files/301-to-https deleted file mode 100644 index 2675732..0000000 --- a/type/__nginx_vhost/files/301-to-https +++ /dev/null @@ -1,4 +0,0 @@ -# Redirect request to this page in HTTPS. -location / { - return 301 https://$host$request_uri; -} diff --git a/type/__nginx_vhost/files/generic.conf.sh b/type/__nginx_vhost/files/generic.conf.sh deleted file mode 100755 index 13e36aa..0000000 --- a/type/__nginx_vhost/files/generic.conf.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh -# Template for static NGINX hosting. - -echo 'server {' - -# Listen -cat <<- EOF - listen ${LPORT:?} $TLS; - listen [::]:${LPORT:?} $TLS; -EOF - -# Name -echo "server_name ${DOMAIN:?} $ALTDOMAINS;" - -# ACME challenges. -cat << EOF -location /.well-known/acme-challenge/ { - alias ${ACME_CHALLENGE_DIR:?}; -} -EOF - -if [ -n "$TLS" ]; -then - if [ -n "$HSTS" ]; - then - echo 'include snippets/hsts;' - fi - - cat <<- EOF - ssl_certificate ${NGINX_CERTDIR:?}/${DOMAIN:?}/fullchain.pem; - ssl_certificate_key ${NGINX_CERTDIR:?}/${DOMAIN:?}/privkey.pem; - EOF -fi - -echo "${NGINX_LOGIC:?}" - -echo '}' diff --git a/type/__nginx_vhost/files/hsts b/type/__nginx_vhost/files/hsts deleted file mode 100644 index 7e4a854..0000000 --- a/type/__nginx_vhost/files/hsts +++ /dev/null @@ -1 +0,0 @@ -add_header Strict-Transport-Security "max-age=31536000" always; diff --git a/type/__nginx_vhost/files/index.html b/type/__nginx_vhost/files/index.html deleted file mode 100644 index bcadf4d..0000000 --- a/type/__nginx_vhost/files/index.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - cdist configured! - - - You have successfully configured a vhost with - cdist. You can now upload content! - - diff --git a/type/__nginx_vhost/files/static.conf.sh b/type/__nginx_vhost/files/static.conf.sh deleted file mode 100755 index 363f228..0000000 --- a/type/__nginx_vhost/files/static.conf.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# Template for static NGINX hosting. - -NGINX_LOGIC="$(cat << EOF - location / { - root ${NGINX_WEBROOT:?}/${DOMAIN:?}; - index index.html; - } -EOF -)" -export NGINX_LOGIC - -"${__type:?}/files/generic.conf.sh" diff --git a/type/__nginx_vhost/files/to-https.conf.sh b/type/__nginx_vhost/files/to-https.conf.sh deleted file mode 100755 index 77dd45b..0000000 --- a/type/__nginx_vhost/files/to-https.conf.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -# Template for HTTPS redirection. - -echo 'server {' - -# Listen -cat <<- EOF - listen ${LPORT:?}; - listen [::]:${LPORT:?}; -EOF - -# Name -echo "server_name ${DOMAIN:?} $ALTDOMAINS;" - -# ACME challenges. -cat << EOF -location /.well-known/acme-challenge/ { - alias ${ACME_CHALLENGE_DIR:?}; -} -EOF - -# HTTPS redirection. -echo 'include snippets/301-to-https;' - -echo '}' diff --git a/type/__nginx_vhost/gencode-remote b/type/__nginx_vhost/gencode-remote deleted file mode 100644 index dd6539d..0000000 --- a/type/__nginx_vhost/gencode-remote +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh - -os="$(cat "${__global:?}"/explorer/os)" -init=$(cat "$__global/explorer/init") -nginx_confdir="/etc/nginx" - -# The nginx service is not automatically started on alpine. -if [ "$os" = "alpine" ]; then - echo "service nginx --ifstopped start" -fi - -if grep -qE "^__file$nginx_confdir" "${__messages_in:?}"; then - case "$init" in - systemd) - reload_hook="systemctl reload-or-restart nginx" - ;; - busybox-init+openrc) - reload_hook="service nginx reload" - ;; - *) - echo "Unknown init $init." >&2 - exit 1 - ;; - esac - - cat <<- EOF - if nginx -t; then - $reload_hook - else - echo "NGINX configuration is invalid. Exiting." >2& - nginx -t >2& - exit 1 - fi - EOF -fi diff --git a/type/__nginx_vhost/man.rst b/type/__nginx_vhost/man.rst deleted file mode 100644 index c078b10..0000000 --- a/type/__nginx_vhost/man.rst +++ /dev/null @@ -1,82 +0,0 @@ -cdist-type__nginx_vhost(7) -=================================== - -NAME ----- -cdist-type__nginx_vhost - Have nginx serve content for a virtual host - - -DESCRIPTION ------------ -This type setups up nginx with reasonable defaults and creates a vhost to be -served, optionally with TLS certificates obtained from the Let's Encrypt CA -through the ACME HTTP-01 challenge-response mechanism. - -By default, if no rules are specified, then the vhost will serve as-is the -contents of the `WEBROOT/foo.com` directory, where WEBROOT is -determined depending on the OS, adhering as close to `hier(7)` as possible. - -NGINX expects files in the vhost to be served to be at least readable by the -`USER` group, that it creates if it does not exist. It is recommended to have -the user owning the files to be someone else, and the files beeing -group-readable but not writeable. - -Finally, if TLS is not disabled, then this type makes nginx expect the -fullchain certificate and the private key in -`CERTDIR/domain/{fullchain,privkey}.pem`. - -+------------------+---------+-------------------+-----------------------------+ -| Operating System | USER | WEBROOT | CERTDIR | -+==================+=========+===================+=============================+ -| Alpine Linux | `nginx` | `/srv/www/` | `/etc/nginx/ssl/` | -+------------------+---------+-------------------+-----------------------------+ -| Arch Linux | `www` | `/srv/www/` | `/etc/nginx/ssl/` | -+------------------+---------+-------------------+-----------------------------+ - -OPTIONAL PARAMETERS -------------------- - -config - A custom configuration file for the vhost, inserted in a server section - populated with `server_name` and TLS parameters unless `--standalone-config` - is specified. Can be specified either as a file path, or if the value of this - flag is '-', then the configuration is read from stdin. - -domain - The domain this server will respond to. If this is omitted, then the - `__object_id` is used. - -lport - The port to which we listen. If this is omitted, the defaults of `80` for - HTTP and `443` for HTTPS are used. - -altdomains - Alternative domain names for this vhost. - -BOOLEAN PARAMETERS ------------------- - -no-hsts - Do not use HSTS pinning. - -no-tls - Do not serve over HTTPS. - -to-https - Ignore --config flag and redirect to HTTPS. Implies --no-tls. - -standalone-config - Use as-in the vhost configuration (= do not wrap in generic server section) - the content of the `config` parameter. - -AUTHORS -------- -Joachim Desroches -Timothée Floure - -COPYING -------- -Copyright \(C) 2020 Joachim Desroches. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__nginx_vhost/manifest b/type/__nginx_vhost/manifest deleted file mode 100644 index f9ad84d..0000000 --- a/type/__nginx_vhost/manifest +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/sh -# -# 2020 Joachim Desroches -# 2021 Timothée Floure -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Create NGINX vhosts - -os="$(cat "${__global:?}"/explorer/os)" -mkdir -p "${__object:?}/files" - -case "$os" in - alpine) - __package nginx - - nginx_confdir="/etc/nginx" - install_reqs="__package/nginx" - - require="$install_reqs" __start_on_boot nginx - - export NGINX_SITEDIR="$nginx_confdir/conf.d" - export NGINX_CERTDIR="$nginx_confdir/ssl" - export NGINX_SNIPPETSDIR="$nginx_confdir/snippets" - export NGINX_WEBROOT="/var/www" - export ACME_CHALLENGE_DIR="$NGINX_WEBROOT/.well-known/acme-challenge/" - ;; - debian|ubuntu) - __package nginx - - nginx_confdir="/etc/nginx" - install_reqs="__package/nginx" - - export NGINX_SITEDIR="$nginx_confdir/sites-enabled" - export NGINX_CERTDIR="$nginx_confdir/ssl" - export NGINX_SNIPPETSDIR="$nginx_confdir/snippets" - export NGINX_WEBROOT="/var/www" - export ACME_CHALLENGE_DIR="$NGINX_WEBROOT/.well-known/acme-challenge/" - ;; - *) - echo "This type does not support $os yet. Aborting." >&2; - exit 1; -esac - -# Domain -if [ -f "${__object:?}/parameter/domain" ]; -then - DOMAIN="$(cat "${__object:?}/parameter/domain")" -else - DOMAIN="${__object_id:?}" -fi -export DOMAIN - -ALTDOMAINS= -if [ -f "${__object:?}/parameter/altdomains" ]; -then - ALTDOMAINS="$(cat "${__object:?}/parameter/altdomains")" -fi -export ALTDOMAINS - -# Use TLS ? -if [ -f "${__object:?}/parameter/no-tls" ]; -then - TLS= - echo "WARNING: you have disabled TLS for vhost $DOMAIN" >&2 -else - TLS=ssl -fi -export TLS - -# Use HSTS ? -if [ -f "${__object:?}/parameter/no-hsts" ]; -then - HSTS= -else - HSTS=true -fi -export HSTS - -# Redirect to HTTPS ? -if [ -f "${__object:?}/parameter/to-https" ]; -then - TO_HTTPS=true -else - TO_HTTPS= -fi -export HSTS - -# Port to listen on -if [ -f "${__object:?}/parameter/lport" ]; -then - LPORT="$(cat "${__object:?}/parameter/lport")" -else - if [ -n "$TLS" ] && [ -z "$TO_HTTPS" ]; - then - LPORT=443 - else - LPORT=80 - fi -fi -export LPORT - -# Server definition -if [ -n "$TO_HTTPS" ]; -then - # Ignore configuration, simply serve ACME challenge and redirect to HTTPS. - "${__type:?}/files/to-https.conf.sh" > "${__object:?}/files/vhost.conf" - vhost_conf="${__object:?}/files/vhost.conf" -elif [ -f "${__object:?}/parameter/config" ]; -then - # Extract nginx config from type parameter. - if [ "$(cat "${__object:?}/parameter/config")" = "-" ]; - then - vhost_partial="${__object:?}/stdin" - else - vhost_partial=$(cat "${__object:?}/parameter/config") - fi - - # Either use config as-in or template it in generic vhost structure. - if [ -f "${__object:?}/parameter/standalone-config" ]; then - vhost_conf=$vhost_partial - else - NGINX_LOGIC=$(cat "$vhost_partial") "${__type:?}/files/generic.conf.sh" \ - > "${__object:?}/files/vhost.conf" - - vhost_conf="${__object:?}/files/vhost.conf" - fi -else - # Default to simple static configuration. - "${__type:?}/files/static.conf.sh" > "${__object:?}/files/vhost.conf" - vhost_conf="${__object:?}/files/vhost.conf" - - require="$install_reqs" __directory "$NGINX_WEBROOT/$DOMAIN" - require="__directory$NGINX_WEBROOT/$DOMAIN" \ - __file "$NGINX_WEBROOT/$DOMAIN/index.html" --state exists \ - --source "${__type:?}/files/index.html" \ - --mode 0644 -fi - -# Install snippets. -require="$install_reqs" __directory "$NGINX_SNIPPETSDIR" -for snippet in hsts 301-to-https; do - require="__directory/$NGINX_SNIPPETSDIR" __file \ - "$NGINX_SNIPPETSDIR/$snippet" --source "${__type:?}/files/$snippet" -done - -# Install vhost. -require="$install_reqs" __file "$NGINX_SITEDIR/$__object_id.conf" \ - --source "$vhost_conf" \ - --mode 0644 diff --git a/type/__nginx_vhost/parameter/boolean b/type/__nginx_vhost/parameter/boolean deleted file mode 100644 index aa06036..0000000 --- a/type/__nginx_vhost/parameter/boolean +++ /dev/null @@ -1,4 +0,0 @@ -no-tls -no-hsts -to-https -standalone-config diff --git a/type/__nginx_vhost/parameter/default/index b/type/__nginx_vhost/parameter/default/index deleted file mode 100644 index d5b7a40..0000000 --- a/type/__nginx_vhost/parameter/default/index +++ /dev/null @@ -1 +0,0 @@ -index.html index.htm diff --git a/type/__nginx_vhost/parameter/optional b/type/__nginx_vhost/parameter/optional deleted file mode 100644 index 9c47616..0000000 --- a/type/__nginx_vhost/parameter/optional +++ /dev/null @@ -1,4 +0,0 @@ -domain -config -altdomains -lport diff --git a/type/__runit/gencode-remote b/type/__runit/gencode-remote index d4e4fe8..fd2a3e0 100755 --- a/type/__runit/gencode-remote +++ b/type/__runit/gencode-remote @@ -1,12 +1,5 @@ #!/bin/sh -e - -os="$(cat "${__global}/explorer/os")" -if [ "${os}" != "freebsd" ]; then - exit -fi - -# FreeBSD-specific svdir="/var/service" svdir_exists="$(cat "${__object}/explorer/svdir-exists")" runit_etc="$(cat "${__object}/explorer/runit-etc")" diff --git a/type/__runit/manifest b/type/__runit/manifest index 6ba174c..195a70e 100755 --- a/type/__runit/manifest +++ b/type/__runit/manifest @@ -2,22 +2,9 @@ __package "runit" -os="$(cat "${__global}/explorer/os")" -case "${os}" in - debian|devuan) - # zero-config sysvinit and systemd compatibility - __package runit-run - ;; - freebsd) - __key_value \ - --file "/etc/rc.conf" \ - --key "runsvdir_enable" \ - --delimiter "=" \ - --value "yes" \ - "runsvdir_enable" - ;; - *) - echo "Your OS '${os}' is currently not supported." >&2 - exit 1 - ;; -esac +__key_value \ + --file "/etc/rc.conf" \ + --key "runsvdir_enable" \ + --delimiter "=" \ + --value "yes" \ + "runsvdir_enable" diff --git a/type/__runit_service/man.rst b/type/__runit_service/man.rst index edd19e3..7b1db84 100644 --- a/type/__runit_service/man.rst +++ b/type/__runit_service/man.rst @@ -27,11 +27,6 @@ BOOLEAN PARAMETERS log Setup logging with `svlogd -tt ./main`. -OPTIONAL PARAMETERS -------------------- -state - Whether this service is to be 'present' (default) or 'absent'. - EXAMPLES -------- diff --git a/type/__runit_service/manifest b/type/__runit_service/manifest index 83114fd..29f3312 100755 --- a/type/__runit_service/manifest +++ b/type/__runit_service/manifest @@ -1,21 +1,8 @@ #!/bin/sh -e -os="$(cat "${__global}/explorer/os")" -case "${os}" in - debian|devuan) - svdir="/etc/service" - ;; - *bsd) - svdir="/var/service" - ;; - *) - echo "Your OS '${OS}' is currently not supported." >&2 - exit 1 - ;; -esac - +svdir="/var/service" sv="${__object_id}" -state="$(cat "${__object}/parameter/state")" +state="present" run_file="${svdir}/${sv}/run" source="$(cat "$__object/parameter/source")" @@ -28,10 +15,6 @@ __directory --state "${state}" "${svdir}/${sv}" export require="__directory${svdir}/${sv}" -if [ "${state}" != "present" ]; then - # We are done here, the service gets removed - exit -fi if [ -f "${__object}/parameter/log" ]; then # Setup logger if requested diff --git a/type/__runit_service/parameter/default/state b/type/__runit_service/parameter/default/state deleted file mode 100644 index 568612b..0000000 --- a/type/__runit_service/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present \ No newline at end of file diff --git a/type/__runit_service/parameter/optional b/type/__runit_service/parameter/optional deleted file mode 100644 index ff72b5c..0000000 --- a/type/__runit_service/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/type/__uacme_account/gencode-remote b/type/__uacme_account/gencode-remote index b75d2d7..e1d9551 100644 --- a/type/__uacme_account/gencode-remote +++ b/type/__uacme_account/gencode-remote @@ -18,21 +18,6 @@ then admin_mail="$(cat "${__object:?}/parameter/admin-mail")"; fi -# Autoaccept ACME server terms (if any) upon new account creation. -uacme_opts="--yes" - -# Non-default ACMEv2 server directory object URL. -if [ -f "${__object:?}/parameter/acme-url" ]; then - custom_acme_url=$(cat "${__object:?}/parameter/acme-url") - uacme_opts="$uacme_opts --acme-url $custom_acme_url" -fi - -# Specify RFC8555 External Account Binding credentials. -if [ -f "${__object:?}/parameter/eab-credentials" ]; then - eab_credentials=$(cat "${__object:?}/parameter/eab-credentials") - uacme_opts="$uacme_opts --eab $eab_credentials" -fi - confdir="${default_confdir:?}" if [ -f "${__object:?}/parameter/confdir" ]; then @@ -42,6 +27,6 @@ fi cat << EOF if ! [ -f "${confdir}/private/key.pem" ]; then - uacme $uacme_opts new ${admin_mail} + uacme -y new ${admin_mail} fi EOF diff --git a/type/__uacme_account/man.rst b/type/__uacme_account/man.rst index c18bb40..be5efc6 100644 --- a/type/__uacme_account/man.rst +++ b/type/__uacme_account/man.rst @@ -23,16 +23,6 @@ confdir admin-mail Administrative contact email to register the account with. -acme-url - ACMEv2 server directory object URL. Lets'Encrypt is used by default. - -eab-credentials - Specify RFC8555 External Account Binding credentials according to - https://tools.ietf.org/html/rfc8555#section-7.3.4, in order to associate a new - ACME account with an existing account in a non-ACME system such as a CA - customer database. KEYID must be an ASCII string. KEY must be - base64url-encoded. This is parameter is not supported by uacme < 1.6. - EXAMPLES -------- @@ -53,7 +43,6 @@ SEE ALSO AUTHORS ------- Joachim Desroches -Timothée Floure COPYING ------- diff --git a/type/__uacme_account/parameter/optional b/type/__uacme_account/parameter/optional index dff247c..0eaba67 100644 --- a/type/__uacme_account/parameter/optional +++ b/type/__uacme_account/parameter/optional @@ -1,4 +1,2 @@ confdir admin-mail -acme-url -eab-credentials diff --git a/type/__uacme_obtain/files/renew.sh.sh b/type/__uacme_obtain/files/renew.sh.sh index dc82fd9..18bf061 100755 --- a/type/__uacme_obtain/files/renew.sh.sh +++ b/type/__uacme_obtain/files/renew.sh.sh @@ -7,8 +7,8 @@ UACME_CHALLENGE_PATH=${CHALLENGEDIR:?} export UACME_CHALLENGE_PATH # Issue certificate. -uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${ACME_URL?} \\ - ${EAB_CREDENTIALS?} ${MUST_STAPLE?} ${KEYTYPE?} issue -- ${DOMAIN:?} +uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${MUST_STAPLE?} ${KEYTYPE?} \\ + issue -- ${DOMAIN:?} # Note: exit code 0 means that certificate was issued. # Note: exit code 1 means that certificate was still valid, hence not renewed. diff --git a/type/__uacme_obtain/manifest b/type/__uacme_obtain/manifest index b41ddde..f41e881 100644 --- a/type/__uacme_obtain/manifest +++ b/type/__uacme_obtain/manifest @@ -69,22 +69,6 @@ then fi export MUST_STAPLE -# Non-default ACMEv2 server directory object URL. -ACME_URL= -if [ -f "${__object:?}/parameter/acme-url" ]; then - custom_acme_url=$(cat "${__object:?}/parameter/acme-url") - ACME_URL="--acme-url $custom_acme_url" -fi -export ACME_URL - -# Specify RFC8555 External Account Binding credentials. -EAB_CREDENTIALS= -if [ -f "${__object:?}/parameter/eab-credentials" ]; then - eab_credentials_param=$(cat "${__object:?}/parameter/eab-credentials") - EAB_CREDENTIALS="--eab $eab_credentials_param" -fi -export EAB_CREDENTIALS - OWNER=root if [ -f "${__object:?}/parameter/owner" ]; then diff --git a/type/__uacme_obtain/parameter/optional b/type/__uacme_obtain/parameter/optional index 9fa9846..fd721af 100644 --- a/type/__uacme_obtain/parameter/optional +++ b/type/__uacme_obtain/parameter/optional @@ -5,5 +5,3 @@ owner install-cert-to install-key-to renew-hook -acme-url -eab-credentials