diff --git a/type/__bird_ospf/man.rst b/type/__bird_ospf/man.rst index 66c2e4a..f3f4c9a 100644 --- a/type/__bird_ospf/man.rst +++ b/type/__bird_ospf/man.rst @@ -24,6 +24,12 @@ import export The keyword or filter to decide what to export in the above channel. + +REQUIRED MULTIPLE PARAMETERS +---------------------------- +interface + An interface to include in OSPF area 0. + OPTIONAL PARAMETERS ------------------- description @@ -33,19 +39,12 @@ instance-id An OSPF instance ID, allowing several OSPF instances to run on the same links. -extra-area-configuration - Configuration string added to the `area` section of the OSPF configuration. - OPTIONAL MULTIPLE PARAMETERS ---------------------------- stubnet Add an optionless stubnet definition to the configuration. -interface - An interface to include in OSPF area 0. Is required unless - extra-area-configuration is set. - SEE ALSO -------- cdist-type__bird_core(7) diff --git a/type/__bird_ospf/manifest b/type/__bird_ospf/manifest index 68d9c16..211e91d 100755 --- a/type/__bird_ospf/manifest +++ b/type/__bird_ospf/manifest @@ -44,21 +44,6 @@ then instance_id="$(cat "${__object:?}/parameter/instance-id")" fi -extra_area_configuration= -if [ -f "${__object:?}/parameter/extra-area-configuration" ]; -then - extra_area_configuration="$(cat "${__object:?}/parameter/extra-area-configuration")" - - if [ "$extra_area_configuration" = "-" ]; then - extra_area_configuration=$(cat "$__object/stdin") - fi -fi - -if [ ! -f "${__object:?}/parameter/interface" ] && [ -z "$extra_area_configuration" ]; then - echo "Either --interface or --extra-area-configuration must be set." >&2 - exit 1 -fi - __file "${confdir:?}/ospf-${__object_id:?}.conf" \ --mode 0640 --owner root --group bird \ --source - << EOF @@ -74,8 +59,6 @@ $([ -n "${instance_id?}" ] && printf "\tinstance id %s;\n" "${instance_id?}") area 0 { $(sed -e 's/^/\t\tinterface "/' -e 's/$/";/' "${__object:?}/parameter/interface") $(sed -e 's/^/\t\tsubnet /' -e 's/$/;/' "${__object:?}/parameter/subnet") - - $extra_area_configuration }; } EOF diff --git a/type/__bird_ospf/parameter/optional b/type/__bird_ospf/parameter/optional index 880f228..cf6dd53 100644 --- a/type/__bird_ospf/parameter/optional +++ b/type/__bird_ospf/parameter/optional @@ -1,3 +1,2 @@ description instance-id -extra-area-configuration diff --git a/type/__bird_ospf/parameter/optional_multiple b/type/__bird_ospf/parameter/optional_multiple index 8e5902d..ed3f25a 100644 --- a/type/__bird_ospf/parameter/optional_multiple +++ b/type/__bird_ospf/parameter/optional_multiple @@ -1,2 +1 @@ stubnet -interface diff --git a/type/__bird_ospf/parameter/required_multiple b/type/__bird_ospf/parameter/required_multiple new file mode 100644 index 0000000..b529896 --- /dev/null +++ b/type/__bird_ospf/parameter/required_multiple @@ -0,0 +1 @@ +interface diff --git a/type/__borg_repo/manifest b/type/__borg_repo/manifest index 4e4d35e..968066d 100644 --- a/type/__borg_repo/manifest +++ b/type/__borg_repo/manifest @@ -3,7 +3,7 @@ os="$(cat "${__global:?}"/explorer/os)" case "$os" in - "alpine"|"ubuntu") + "alpine") borg_package=borgbackup ;; *) @@ -17,4 +17,3 @@ if [ -f "${__object:?}/parameter/owner" ]; then __package sudo fi - diff --git a/type/__haproxy_dualstack/files/http b/type/__haproxy_dualstack/files/http new file mode 100644 index 0000000..0508a46 --- /dev/null +++ b/type/__haproxy_dualstack/files/http @@ -0,0 +1,8 @@ +frontend http + bind BIND@:80 + mode http + option httplog + default_backend http + +backend http + mode http diff --git a/type/__haproxy_dualstack/files/https b/type/__haproxy_dualstack/files/https new file mode 100644 index 0000000..73deac4 --- /dev/null +++ b/type/__haproxy_dualstack/files/https @@ -0,0 +1,10 @@ +frontend https + bind BIND@:443 + mode tcp + option tcplog + tcp-request inspect-delay 5s + tcp-request content accept if { req_ssl_hello_type 1 } + default_backend https + +backend https + mode tcp diff --git a/type/__haproxy_dualstack/files/imaps b/type/__haproxy_dualstack/files/imaps new file mode 100644 index 0000000..b1ec379 --- /dev/null +++ b/type/__haproxy_dualstack/files/imaps @@ -0,0 +1,12 @@ +frontend imaps + bind BIND@:143 + bind BIND@:993 + + mode tcp + option tcplog + tcp-request inspect-delay 5s + tcp-request content accept if { req_ssl_hello_type 1 } + default_backend imaps + +backend imaps + mode tcp diff --git a/type/__haproxy_dualstack/files/smtps b/type/__haproxy_dualstack/files/smtps new file mode 100644 index 0000000..dce6ed4 --- /dev/null +++ b/type/__haproxy_dualstack/files/smtps @@ -0,0 +1,12 @@ +frontend smtps + bind BIND@:25 + bind BIND@:465 + + mode tcp + option tcplog + tcp-request inspect-delay 5s + tcp-request content accept if { req_ssl_hello_type 1 } + default_backend smtps + +backend smtps + mode tcp diff --git a/type/__haproxy_dualstack/man.rst b/type/__haproxy_dualstack/man.rst new file mode 100644 index 0000000..6c131cb --- /dev/null +++ b/type/__haproxy_dualstack/man.rst @@ -0,0 +1,121 @@ +cdist-type__haproxy_dualstack(7) +================================ + + +NAME +---- +cdist-type__haproxy_dualstack - Proxy services from a dual-stack server + + +DESCRIPTION +----------- +This (singleton) type installs and configures haproxy to act as a dual-stack +proxy for single-stack services. + +This can be useful to add IPv4 support to IPv6-only services while only using +one IPv4 for many such services. + +By default this type uses the plain TCP proxy mode, which means that there is no +need for TLS termination on this host when SNI is supported. +This also means that proxied services will not receive the client's IP address, +but will see the proxy's IP address instead (that of `$__target_host`). + +This can be solved by using the PROXY protocol, but do take into account that, +e.g. nginx cannot serve both regular HTTP(S) and PROXY protocols on the same +port, so you will need to use other ports for that. + +As a recommendation in this type: use TCP ports 8080 and 591 respectively to +serve HTTP and HTTPS using the PROXY protocol. + +See the EXAMPLES for more details. + + +OPTIONAL PARAMETERS +------------------- +v4proxy + Proxy incoming IPv4 connections to the equivalent IPv6 endpoint. + In its simplest use, it must be a NAME with an `AAAA` DNS entry, which is + the IP address actually providing the proxied services. + The full format of this argument is: + `[proxy:]NAME[[:PROTOCOL_1=PORT_1]...[:PROTOCOL_N=PORT_N]]` + Where starting with `proxy:` determines that the PROXY protocol must be + used and each `:PROTOCOL=PORT` (e.g. `:http=8080` or `:https=591`) is a PORT + override for the given PROTOCOL (see `--protocol`), if not present the + PROTOCOL's default port will be used. + + +v6proxy + Proxy incoming IPv6 connections to the equivalent IPv4 endpoint. + In its simplest use, it must be a NAME with an `A` DNS entry, which is + the IP address actually providing the proxied services. + See `--v4proxy` for more options and details. + +protocol + Can be passed multiple times or as a space-separated list of protocols. + Currently supported protocols are: `http`, `https`, `imaps`, `smtps`. + This defaults to: `http https imaps smtps`. + + +EXAMPLES +-------- + +.. code-block:: sh + + # Proxy the IPv6-only services so IPv4-only clients can access them + # This uses HAProxy's TCP mode for http, https, imaps and smtps + __haproxy_dualstack \ + --v4proxy ipv6.chat \ + --v4proxy matrix.ungleich.ch + + # Proxy the IPv6-only HTTP(S) services so IPv4-only clients can access them + # Note this means that the backend IPv6-only server will only see + # the IPv6 address of the haproxy host managed by cdist, which can be + # troublesome if this information is relevant for analytics/security/... + # See the PROXY example below + __haproxy_dualstack \ + --protocol http --protocol https \ + --v4proxy ipv6.chat \ + --v4proxy matrix.ungleich.ch + + # Use the PROXY protocol to proxy the IPv6-only HTTP(S) services enabling + # IPv4-only clients to access them while maintaining the client's IP address + __haproxy_dualstack \ + --protocol http --protocol https \ + --v4proxy proxy:ipv6.chat:http=8080:https=591 \ + --v4proxy proxy:matrix.ungleich.ch:http=8080:https=591 + # Note however that the PROXY protocol is not compatible with regular + # HTTP(S) protocols, so your nginx will have to listen on different ports + # with the PROXY settings. + # Note that you will need to restrict access to the 8080 port to prevent + # Client IP spoofing. + # This can be something like: + # server { + # # listen for regular HTTP connections + # listen [::]:80 default_server; + # listen 80 default_server; + # # listen for PROXY HTTP connections + # listen [::]:8080 proxy_protocol; + # # Accept the Client's IP from the PROXY protocol + # real_ip_header proxy_protocol; + # } + + +SEE ALSO +-------- +- https://www.haproxy.com/blog/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/ +- https://www.haproxy.com/blog/haproxy/proxy-protocol/ +- https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/ + + +AUTHORS +------- +ungleich +Evilham + + +COPYING +------- +Copyright \(C) 2021 ungleich glarus ag. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__haproxy_dualstack/manifest b/type/__haproxy_dualstack/manifest new file mode 100644 index 0000000..d110eea --- /dev/null +++ b/type/__haproxy_dualstack/manifest @@ -0,0 +1,155 @@ +#!/bin/sh -eu + +__package haproxy +require="__package/haproxy" __start_on_boot haproxy + +tmpdir="$__object/files" +mkdir "$tmpdir" +configtmp="$__object/files/haproxy.cfg" + +os=$(cat "$__global/explorer/os") +case $os in + freebsd) + CONFIG_FILE="/usr/local/etc/haproxy.conf" + cat < "$configtmp" +global + maxconn 4000 + user nobody + group nogroup + daemon + +EOF + + ;; + *) + CONFIG_FILE="/etc/haproxy/haproxy.cfg" + cat < "$configtmp" +global + log [::1] local2 + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user haproxy + group haproxy + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats + +EOF + ;; +esac + +cat <> "$configtmp" +defaults + retries 3 + log global + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s +EOF + +dig_cmd="$(command -v dig || true)" +get_ip() { + # Usage: get_ip (ipv4|ipv6) NAME + # uses "dig" if available, else fallback to "host" + case $1 in + ipv4) + if [ -n "${dig_cmd}" ]; then + ${dig_cmd} +short A "$2" + else + host -t A "$2" | cut -d ' ' -f 4 | grep -v 'found:' + fi + ;; + ipv6) + if [ -n "${dig_cmd}" ]; then + ${dig_cmd} +short AAAA "$2" + else + host -t AAAA "$2" | cut -d ' ' -f 5 | grep -v 'NXDOMAIN' + fi + ;; + esac +} + +PROTOCOLS="$(cat "$__object/parameter/protocol")" + +for proxy in v4proxy v6proxy; do + param=$__object/parameter/$proxy + # no backend? skip generating code + if [ ! -f "$param" ]; then + continue + fi + + # turn backend name into bind parameter: v4backend -> ipv4@ + bind=$(echo $proxy | sed -e 's/^/ip/' -e 's/proxy//') + + case $bind in + ipv4) + backendproto=ipv6 + ;; + ipv6) + backendproto=ipv4 + ;; + esac + + for proto in ${PROTOCOLS}; do + # Add protocol "header" + printf "\n# %s %s \n" "${bind}" "${proto}" >> "$configtmp" + + sed -e "s/BIND/$bind/" \ + -e "s/\(frontend[[:space:]].*\)/\1$bind/" \ + -e "s/\(backend[[:space:]].*\)/\\1$bind/" \ + "$__type/files/$proto" >> "$configtmp" + + while read -r hostdefinition; do + if echo "$hostdefinition" | grep -qE '^proxy:'; then + # Proxy protocol was requested + host="$(echo "$hostdefinition" | sed -E 's/^proxy:([^:]+).*$/\1/')" + send_proxy=" send-proxy" + else + # Just use tcp proxy mode + host="$hostdefinition" + send_proxy="" + fi + if echo "$hostdefinition" | grep -qE ":${proto}="; then + # Use custom port definition if requested + port="$(echo "$hostdefinition" | sed -E "s/^(.*:)?${proto}=([0-9]+).*$/:\2/")" + else + # Else use the default + port="" + fi + servername=$host + + res=$(get_ip "$bind" "$servername") + + if [ -z "$res" ]; then + echo "$servername does not resolve - aborting config" >&2 + exit 1 + fi + + # Treat protocols without TLS+SNI specially + if [ "$proto" = http ]; then + echo " use-server $servername if { hdr(host) -i $host }" >> "$configtmp" + else + echo " use-server $servername if { req_ssl_sni -i $host }" >> "$configtmp" + fi + + # Create the "server" itself. + # Note that port and send_proxy will be empty unless + # they were requested by the type user + echo " server $servername ${backendproto}@${host}${port}${send_proxy}" >> "$configtmp" + + done < "$param" + done +done + +# Create config file +require="__package/haproxy" __file ${CONFIG_FILE} --source "$configtmp" --mode 0644 + +require="__file${CONFIG_FILE}" __check_messages "haproxy_reload" \ + --pattern "^__file${CONFIG_FILE}" \ + --execute "service haproxy reload || service haproxy restart" diff --git a/type/__haproxy_dualstack/parameter/default/protocol b/type/__haproxy_dualstack/parameter/default/protocol new file mode 100644 index 0000000..dc8bb7b --- /dev/null +++ b/type/__haproxy_dualstack/parameter/default/protocol @@ -0,0 +1 @@ +http https imaps smtps diff --git a/type/__haproxy_dualstack/parameter/optional_multiple b/type/__haproxy_dualstack/parameter/optional_multiple new file mode 100644 index 0000000..8c482bd --- /dev/null +++ b/type/__haproxy_dualstack/parameter/optional_multiple @@ -0,0 +1,3 @@ +protocol +v4proxy +v6proxy diff --git a/type/__matrix_element/parameter/default/identity_server b/type/__haproxy_dualstack/singleton similarity index 100% rename from type/__matrix_element/parameter/default/identity_server rename to type/__haproxy_dualstack/singleton diff --git a/type/__jitsi_meet/manifest b/type/__jitsi_meet/manifest index 0364db6..1cae2be 100755 --- a/type/__jitsi_meet/manifest +++ b/type/__jitsi_meet/manifest @@ -125,10 +125,7 @@ require="__directory${NGINX_ETC}/sites-available" __file "${NGINX_ETC}/sites-ava server_names_hash_bucket_size 64; -types { -# nginx's default mime.types doesn't include a mapping for wasm - application/wasm wasm; -} +# nginx server configuration for: server { diff --git a/type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh b/type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh deleted file mode 100755 index 295bdf0..0000000 --- a/type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -eu - -# This is a helper to update the '.sh.orig' files for jitsi's -# configuration files. -# Then the changes must be propagated to their corresponding .sh -# files by the type maintainer or a contributor - -# We could automate this, but are using it as an indicator for the -# latest branch with which we conciliated changes. -BRANCH="jitsi-meet_6726" -REPO="https://github.com/jitsi/jitsi-meet" - -get_url() { - file="${1}" - printf "%s/raw/stable/%s/%s" "${REPO}" "${BRANCH}" "${file}" - -} - -download_file() { - file="${1}" - destination="${2:-${file}.sh.orig}" - url="$(get_url "${file}")" - echo "Downloading ${destination}" - curl -L "${url}" > "${destination}" - echo -} - -download_file config.js -download_file interface_config.js -download_file doc/debian/jitsi-meet/jitsi-meet.example nginx.sh.orig diff --git a/type/__jitsi_meet_domain/files/config.js.sh b/type/__jitsi_meet_domain/files/config.js.sh index 4532ba6..f825761 100644 --- a/type/__jitsi_meet_domain/files/config.js.sh +++ b/type/__jitsi_meet_domain/files/config.js.sh @@ -39,6 +39,9 @@ fi // Websocket URL // websocket: 'wss://${JITSI_HOST}/xmpp-websocket', + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + // The real JID of focus participant - can be overridden here // Do not change username - FIXME: Make focus username configurable // https://github.com/jitsi/jitsi-meet/issues/7376 @@ -53,16 +56,9 @@ fi // issues related to insertable streams. // disableE2EE: false, - // Enables/disables thumbnail reordering in the filmstrip. It is enabled by default unless explicitly - // disabled by the below option. - // enableThumbnailReordering: true, - - // Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users. - // mobileXmppWsThreshold: 10 // enable XMPP WebSockets on mobile for 10% of the users - // P2P test mode disables automatic switching to P2P when there are 2 // participants in the conference. - // p2pTestMode: false, + p2pTestMode: false // Enables the test specific features consumed by jitsi-meet-torture // testMode: false @@ -75,10 +71,8 @@ fi // simulcast is turned off for the desktop share. If presenter is turned // on while screensharing is in progress, the max bitrate is automatically // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines - // the probability for this to be enabled. This setting has been deprecated. - // desktopSharingFrameRate.max now determines whether simulcast will be enabled - // or disabled for the screenshare. - // capScreenshareBitrate: 1 // 0 to disable - deprecated. + // the probability for this to be enabled. + // capScreenshareBitrate: 1 // 0 to disable // Enable callstats only for a percentage of users. // This takes a value between 0 and 100 which determines the probability for @@ -86,18 +80,6 @@ fi // callStatsThreshold: 5 // enable callstats for 5% of the users. }, - // Disables moderator indicators. - // disableModeratorIndicator: false, - - // Disables the reactions feature. - // disableReactions: true, - - // Disables polls feature. - // disablePolls: false, - - // Disables self-view tile. (hides it from tile view and from filmstrip) - // disableSelfView: false, - // Disables ICE/UDP by filtering out local and remote UDP candidates in // signalling. // webrtcIceUdpDisable: false, @@ -110,9 +92,6 @@ fi // Media // - // Enable unified plan implementation support on Chromium based browsers. - // enableUnifiedOnChrome: false, - // Audio // Disable measuring of audio levels. @@ -129,10 +108,6 @@ fi // about the call. // enableSaveLogs: false, - // Enabling this will hide the "Show More" link in the GSM popover that can be - // used to display more statistics about the connection (IP, Port, protocol, etc). - // disableShowMoreStats: true, - // Enabling this will run the lib-jitsi-meet noise detection module which will // notify the user if there is noise, other than voice, coming from the current // selected microphone. The purpose it to let the user know that the input could @@ -154,34 +129,19 @@ fi // participants and to enable it back a reload is needed. // startSilent: false + // Sets the preferred target bitrate for the Opus audio codec by setting its + // 'maxaveragebitrate' parameter. Currently not available in p2p mode. + // Valid values are in the range 6000 to 510000 + // opusMaxAverageBitrate: 20000, + // Enables support for opus-red (redundancy for Opus). // enableOpusRed: false, - // Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio. - // Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC. - // audioQuality: { - // stereo: false, - // opusMaxAverageBitrate: null // Value to fit the 6000 to 510000 range. - // }, - // Video // Sets the preferred resolution (height) for local video. Defaults to 720. // resolution: 720, - // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not - // disableRemoveRaisedHandOnFocus: false, - - // Specifies whether there will be a search field in speaker stats or not - // disableSpeakerStatsSearch: false, - - // Specifies whether participants in speaker stats should be ordered or not, and with what priority - // speakerStatsOrder: [ - // 'role', <- Moderators on top - // 'name', <- Alphabetically by name - // 'hasLeft', <- The ones that have left in the bottom - // ] <- the order of the array elements determines priority - // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. // Use -1 to disable. // maxFullResolutionParticipants: 2, @@ -205,10 +165,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Enable / disable simulcast support. // disableSimulcast: false, - // Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended - // (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen - // sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent - // by the client. + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. // enableLayerSuspension: false, // Every participant after the Nth will start video muted. @@ -270,18 +229,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // subtitles and buttons can be configured) // transcribingEnabled: false, - // If true transcriber will use the application language. - // The application language is either explicitly set by participants in their settings or automatically - // detected based on the environment, e.g. if the app is opened in a chrome instance which is using french as its - // default language then transcriptions for that participant will be in french. - // Defaults to true. - // transcribeWithAppLanguage: true, - - // Transcriber language. This settings will only work if "transcribeWithAppLanguage" is explicitly set to false. - // Available languages can be found in - // ./src/react/features/transcribing/transcriber-langs.json. - // preferredTranscribeLanguage: 'en-US', - // Enables automatic turning on captions when recording is started // autoCaptionOnRecord: false, @@ -290,20 +237,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Default value for the channel "last N" attribute. -1 for unlimited. channelLastN: ${CHANNEL_LAST_N}, - // Connection indicators - // connectionIndicators: { - // autoHide: true, - // autoHideTimeout: 5000, - // disabled: false, - // disableDetails: false, - // inactiveDisabled: false - // }, - - // Provides a way for the lastN value to be controlled through the UI. - // When startLastN is present, conference starts with a last-n value of startLastN and channelLastN - // value will be used when the quality level is selected using "Manage Video Quality" slider. - // startLastN: 1, - // Provides a way to use different "last N" values based on the number of participants in the conference. // The keys in an Object represent number of participants and the values are "last N" to be used when number of // participants gets to or above the number. @@ -341,24 +274,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // // to take effect. // preferredCodec: 'VP8', // - // // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints - // // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet. - // // This will result in Safari not being able to decode video from endpoints sending VP9 video. - // // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the - // // preferred codec and goes back to the preferred codec when that endpoint leaves. - // // enforcePreferredCodec: false, - // // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on // // the available bandwidth calculated by the browser, but it will be capped by the values specified here. // // This is currently not implemented on app based clients on mobile. // maxBitratesVideo: { - // H264: { - // low: 200000, - // standard: 500000, - // high: 1500000 - // }, // VP8 : { // low: 200000, // standard: 500000, @@ -367,7 +288,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // VP9: { // low: 100000, // standard: 300000, - // high: 1200000 + // high: 1200000 // } // }, // @@ -391,13 +312,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // resizeDesktopForPresenter: false // }, - // Notification timeouts - // notificationTimeouts: { - // short: 2500, - // medium: 5000, - // long: 10000 - // }, - // // Options for the recording limit notification. // recordingLimit: { // @@ -416,9 +330,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Disables or enables RTX (RFC 4588) (defaults to false). // disableRtx: false, - // Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event. - // disableBeforeUnloadHandlers: true, - // Disables or enables TCC support in this client (default: enabled). // enableTcc: true, @@ -434,7 +345,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // enableIceRestart: false, // Enables forced reload of the client when the call is migrated as a result of - // the bridge going down. + // the bridge going down. Currently enabled by default as call migration through + // session-terminate is causing siganling issues when Octo is enabled. // enableForcedReload: true, // Use TURN/UDP servers for the jitsi-videobridge connection (by default @@ -442,11 +354,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // bridge itself is reachable via UDP) // useTurnUdp: false - // Enable support for encoded transform in supported browsers. This allows - // E2EE to work in Safari if the corresponding flag is enabled in the browser. - // Experimental. - // enableEncodedTransformSupport: false, - // UI // @@ -456,12 +363,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Hides lobby button // hideLobbyButton: false, - // If Lobby is enabled starts knocking automatically. - // autoKnockLobby: false, - - // Hides add breakout room button - // hideAddRoomButton: false, - // Require users to always specify a display name. // requireDisplayName: true, @@ -481,15 +382,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // enableClosePage: false, // Disable hiding of remote thumbnails when in a 1-on-1 conference call. - // Setting this to null, will also disable showing the remote videos - // when the toolbar is shown on mouse movements - // disable1On1Mode: null | false | true, - - // Default local name to be displayed - // defaultLocalDisplayName: 'me', - - // Default remote name to be displayed - // defaultRemoteDisplayName: 'Fellow Jitster', + // disable1On1Mode: false, // Default language for the user interface. defaultLanguage: '${DEFAULT_LANGUAGE}', @@ -512,18 +405,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // and microsoftApiApplicationClientID // enableCalendarIntegration: false, - // Configs for prejoin page. - // prejoinConfig: { - // // When 'true', it shows an intermediate page before joining, where the user can configure their devices. - // // This replaces \`prejoinPageEnabled\`. - // enabled: true, - // // List of buttons to hide from the extra join options dropdown. - // hideExtraJoinButtons: ['no-audio', 'by-phone'] - // }, - - // When 'true', the user cannot edit the display name. - // (Mainly useful when used in conjuction with the JWT so the JWT name becomes read only.) - // readOnlyName: false, + // When 'true', it shows an intermediate page before joining, where the user can configure their devices. + // prejoinPageEnabled: false, // If etherpad integration is enabled, setting this to true will // automatically open the etherpad when a participant joins. This @@ -544,10 +427,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Base URL for a Gravatar-compatible service. Defaults to libravatar. // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', - // App name to be displayed in the invitation email subject, as an alternative to - // interfaceConfig.APP_NAME. - // inviteAppName: null, - // Moved from interfaceConfig(TOOLBAR_BUTTONS). // The name of the toolbar buttons to display in the toolbar, including the // "More actions" menu. If present, the button will display. Exceptions are @@ -560,94 +439,13 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // - 'desktop' controls the "Share your screen" button // - if \`toolbarButtons\` is undefined, we fallback to enabling all buttons on the UI // toolbarButtons: [ - // 'camera', - // 'chat', - // 'closedcaptions', - // 'desktop', - // 'download', - // 'embedmeeting', - // 'etherpad', - // 'feedback', - // 'filmstrip', - // 'fullscreen', - // 'hangup', - // 'help', - // 'invite', - // 'livestreaming', - // 'microphone', - // 'mute-everyone', - // 'mute-video-everyone', - // 'participants-pane', - // 'profile', - // 'raisehand', - // 'recording', - // 'security', - // 'select-background', - // 'settings', - // 'shareaudio', - // 'sharedvideo', - // 'shortcuts', - // 'stats', - // 'tileview', - // 'toggle-camera', - // 'videoquality', - // '__end' + // 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen', + // 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording', + // 'livestreaming', 'etherpad', 'sharedvideo', 'shareaudio', 'settings', 'raisehand', + // 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', + // 'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security' // ], - // Holds values related to toolbar visibility control. - // toolbarConfig: { - // // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT - // // The initial numer of miliseconds for the toolbar buttons to be visible on screen. - // initialTimeout: 20000, - // // Moved from interfaceConfig.TOOLBAR_TIMEOUT - // // Number of miliseconds for the toolbar buttons to be visible on screen. - // timeout: 4000, - // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE - // // Whether toolbar should be always visible or should hide after x miliseconds. - // alwaysVisible: false - // }, - - // Toolbar buttons which have their click event exposed through the API on - // \`toolbarButtonClicked\` event instead of executing the normal click routine. - // buttonsWithNotifyClick: [ - // 'camera', - // 'chat', - // 'closedcaptions', - // 'desktop', - // 'download', - // 'embedmeeting', - // 'etherpad', - // 'feedback', - // 'filmstrip', - // 'fullscreen', - // 'hangup', - // 'help', - // 'invite', - // 'livestreaming', - // 'microphone', - // 'mute-everyone', - // 'mute-video-everyone', - // 'participants-pane', - // 'profile', - // 'raisehand', - // 'recording', - // 'security', - // 'select-background', - // 'settings', - // 'shareaudio', - // 'sharedvideo', - // 'shortcuts', - // 'stats', - // 'tileview', - // 'toggle-camera', - // 'videoquality', - // '__end' - // ], - - // List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons: - // 'microphone', 'camera', 'select-background', 'invite', 'settings' - // hiddenPremeetingButtons: [], - // Stats // @@ -665,37 +463,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // callStatsID: '', // callStatsSecret: '', - // The callstats initialize config params as described in the API: - // https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret - // callStatsConfigParams: { - // disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter. - // applicationVersion: "app_version", // Application version specified by the developer. - // disablePrecalltest: true, // disables the pre-call test, it is enabled by default. - // siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made. - // additionalIDs: { // additionalIDs object, contains application related IDs. - // customerID: "Customer Identifier. Example, walmart.", - // tenantID: "Tenant Identifier. Example, monster.", - // productName: "Product Name. Example, Jitsi.", - // meetingsName: "Meeting Name. Example, Jitsi loves callstats.", - // serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.", - // pbxID: "PBX Identifier. Example, walmart.", - // pbxExtensionID: "PBX Extension Identifier. Example, 5625.", - // fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.", - // sessionID: "Session Identifier. Example, session-12-34" - // }, - // collectLegacyStats: true, //enables the collection of legacy stats in chrome browser - // collectIP: true //enables the collection localIP address - // }, - // Enables sending participants' display names to callstats // enableDisplayNameInStats: false, // Enables sending participants' emails (if available) to callstats and other analytics // enableEmailInStats: false, - // Enables detecting faces of participants and get their expression and send it to other participants - // enableFacialRecognition: true, - // Controls the percentage of automatic feedback shown to participants when callstats is enabled. // The default value is 100%. If set to 0, no automatic feedback will be requested // feedbackPercentage: 100, @@ -721,8 +494,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // connection. enabled: true, - // Enable unified plan implementation support on Chromium for p2p connection. - // enableUnifiedOnChrome: false, + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + { urls: 'stun:${TURN_SERVER}:443' } + ] // Sets the ICE transport policy for the p2p connection. At the time // of this writing the list of possible values are 'all' and 'relay', @@ -749,20 +525,10 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // How long we're going to wait, before going back to P2P after the 3rd // participant has left the conference (to filter out page reload). - // backToP2PDelay: 5, - - // The STUN servers that will be used in the peer to peer connections - stunServers: [ - - // { urls: 'stun:jitsi-meet.example.com:3478' }, - { urls: 'stun:${TURN_SERVER}:443' } - ] + // backToP2PDelay: 5 }, analytics: { - // True if the analytics should be disabled - // disabled: false, - // The Google Analytics Tracking ID: // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' @@ -778,7 +544,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // module connects to the provided rtcstatsEndpoint and sends statistics regarding // PeerConnection states along with getStats metrics polled at the specified // interval. - // rtcstatsEnabled: false, + // rtcstatsEnabled: true, // In order to enable rtcstats one needs to provide a endpoint url. // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, @@ -806,43 +572,13 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // userRegion: "asia" }, - // Array of disabled sounds. - // Possible values: - // - 'ASKED_TO_UNMUTE_SOUND' - // - 'E2EE_OFF_SOUND' - // - 'E2EE_ON_SOUND' - // - 'INCOMING_MSG_SOUND' - // - 'KNOCKING_PARTICIPANT_SOUND' - // - 'LIVE_STREAMING_OFF_SOUND' - // - 'LIVE_STREAMING_ON_SOUND' - // - 'NO_AUDIO_SIGNAL_SOUND' - // - 'NOISY_AUDIO_INPUT_SOUND' - // - 'OUTGOING_CALL_EXPIRED_SOUND' - // - 'OUTGOING_CALL_REJECTED_SOUND' - // - 'OUTGOING_CALL_RINGING_SOUND' - // - 'OUTGOING_CALL_START_SOUND' - // - 'PARTICIPANT_JOINED_SOUND' - // - 'PARTICIPANT_LEFT_SOUND' - // - 'RAISE_HAND_SOUND' - // - 'REACTION_SOUND' - // - 'RECORDING_OFF_SOUND' - // - 'RECORDING_ON_SOUND' - // - 'TALK_WHILE_MUTED_SOUND' - // disabledSounds: [], - - // DEPRECATED! Use \`disabledSounds\` instead. // Decides whether the start/stop recording audio notifications should play on record. // disableRecordAudioNotification: false, - // DEPRECATED! Use \`disabledSounds\` instead. // Disables the sounds that play when other participants join or leave the // conference (if set to true, these sounds will not be played). // disableJoinLeaveSounds: false, - // DEPRECATED! Use \`disabledSounds\` instead. - // Disables the sounds that play when a chat message is received. - // disableIncomingMessageSound: false, - // Information for the chrome extension banner // chromeExtensionBanner: { // // The chrome extension to be installed address @@ -863,8 +599,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // localRecording: { // Enables local recording. // Additionally, 'localrecording' (all lowercase) needs to be added to - // the \`toolbarButtons\`-array for the Local Recording button to show up - // on the toolbar. + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. // // enabled: true, // @@ -873,10 +609,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // format: 'flac' // - // }, - // e2ee: { - // labels, - // externallyManagedKey: false // }, // Options related to end-to-end (participant to participant) ping. @@ -931,9 +663,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Options related to the remote participant menu. // remoteVideoMenu: { // // If set to true the 'Kick out' button will be disabled. - // disableKick: true, - // // If set to true the 'Grant moderator' button will be disabled. - // disableGrantModerator: true + // disableKick: true // }, // If set to true all muting operations of remote participants will be disabled. @@ -945,67 +675,20 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) /** External API url used to receive branding specific information. If there is no url set or there are missing fields, the defaults are applied. - The config file should be in JSON. None of the fields are mandatory and the response must have the shape: - { - // The domain url to apply (will replace the domain in the sharing conference link/embed section) - inviteDomain: 'example-company.org, - // The hex value for the colour used as background - backgroundColor: '#fff', - // The url for the image used as background - backgroundImageUrl: 'https://example.com/background-img.png', - // The anchor url used when clicking the logo image - logoClickUrl: 'https://example-company.org', - // The url used for the image used as logo - logoImageUrl: 'https://example.com/logo-img.png', - // Overwrite for pool of background images for avatars - avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'], - // The lobby/prejoin screen background - premeetingBackground: 'url(https://example.com/premeeting-background.png)', - // A list of images that can be used as video backgrounds. - // When this field is present, the default images will be replaced with those provided. - virtualBackgrounds: ['https://example.com/img.jpg'], - // Object containing a theme's properties. It also supports partial overwrites of the main theme. - // For a list of all possible theme tokens and their current defaults, please check: - // https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json - // For a short explanations on each of the tokens, please check: - // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.js - // IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code - // or they are partially applied. - customTheme: { - palette: { - ui01: "orange !important", - ui02: "maroon", - surface02: 'darkgreen', - ui03: "violet", - ui04: "magenta", - ui05: "blueviolet", - field02Hover: 'red', - action01: 'green', - action01Hover: 'lightgreen', - action02Disabled: 'beige', - success02: 'cadetblue', - action02Hover: 'aliceblue' - }, - typography: { - labelRegular: { - fontSize: 25, - lineHeight: 30, - fontWeight: 500 - } - } - } - } + { + // The hex value for the colour used as background + backgroundColor: '#fff', + // The url for the image used as background + backgroundImageUrl: 'https://example.com/background-img.png', + // The anchor url used when clicking the logo image + logoClickUrl: 'https://example-company.org', + // The url used for the image used as logo + logoImageUrl: 'https://example.com/logo-img.png' + } */ dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}", - // When true the user cannot add more images to be used as virtual background. - // Only the default ones from will be available. - // disableAddingBackgroundImages: false, - - // Disables using screensharing as virtual background. - // disableScreensharingVirtualBackground: false, - // Sets the background transparency level. '0' is fully transparent, '1' is opaque. // backgroundAlpha: 1, @@ -1017,35 +700,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // If true, tile view will not be enabled automatically when the participants count threshold is reached. // disableTileView: true, - // If true, the tiles will be displayed contained within the available space rather than enlarged to cover it. - // disableTileEnlargement: true, - - // Controls the visibility and behavior of the top header conference info labels. - // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. - // conferenceInfo: { - // // those labels will not be hidden in tandem with the toolbox. - // alwaysVisible: ['recording', 'local-recording'], - // // those labels will be auto-hidden in tandem with the toolbox buttons. - // autoHide: [ - // 'subject', - // 'conference-timer', - // 'participants-count', - // 'e2ee', - // 'transcribing', - // 'video-quality', - // 'insecure-room' - // ] - // }, - // Hides the conference subject // hideConferenceSubject: true, // Hides the conference timer. // hideConferenceTimer: true, - // Hides the recording label - // hideRecordingLabel: false, - // Hides the participants stats // hideParticipantsStats: true, @@ -1057,13 +717,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // is not persisting the local storage inside the iframe. // useHostPageLocalStorage: true, - // etherpad ("shared document") integration. - // - - // If set, add a "Open shared document" link to the bottom right menu that - // will open an etherpad document. - // etherpad_base: 'https://your-etherpad-installati.on/p/', - // List of undocumented settings used in jitsi-meet /** _immediateReloadThreshold @@ -1076,8 +729,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) dialOutCodesUrl disableRemoteControl displayJids + etherpad_base externalConnectUrl - e2eeLabels firefox_fake_device googleApiApplicationClientID iAmRecorder @@ -1119,11 +772,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) websocketKeepAliveUrl */ - /** - * Default interval (milliseconds) for triggering mouseMoved iframe API event - */ - mouseMoveCallbackInterval: 1000, - /** Use this array to configure which notifications will be shown to the user The items correspond to the title or description key of that notification @@ -1157,19 +805,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied // 'localRecording.localRecording', // shown when a local recording is started // 'notify.disconnected', // shown when a participant has left - // 'notify.connectedOneMember', // show when a participant joined - // 'notify.connectedTwoMembers', // show when two participants joined simultaneously - // 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously // 'notify.grantedTo', // shown when moderator rights were granted to a participant // 'notify.invitedOneMember', // shown when 1 participant has been invited // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.kickParticipant', // shown when a participant is kicked - // 'notify.moderationStartedTitle', // shown when AV moderation is activated - // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated - // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation - // 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation - // 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation // 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party // 'notify.mutedTitle', // shown when user has been muted upon joining, // 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device @@ -1178,7 +818,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'notify.passwordSetRemotely', // shown when a password has been set remotely // 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.startSilentTitle', // shown when user joined with no audio - // 'notify.unmute', // shown to moderator when user raises hand during AV moderation // 'prejoin.errorDialOut', // 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutFailed', @@ -1192,13 +831,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone // 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted // 'transcribing.failedToStart' // shown when transcribing fails to start - // ], - - // Prevent the filmstrip from autohiding when screen width is under a certain threshold - // disableFilmstripAutohiding: false, - - // Specifies whether the chat emoticons are disabled or not - // disableChatSmileys: false, + // ] // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. diff --git a/type/__jitsi_meet_domain/files/config.js.sh.orig b/type/__jitsi_meet_domain/files/config.js.sh.orig index eb30636..9d49d52 100644 --- a/type/__jitsi_meet_domain/files/config.js.sh.orig +++ b/type/__jitsi_meet_domain/files/config.js.sh.orig @@ -27,6 +27,9 @@ var config = { // Websocket URL // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket', + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + // The real JID of focus participant - can be overridden here // Do not change username - FIXME: Make focus username configurable // https://github.com/jitsi/jitsi-meet/issues/7376 @@ -41,16 +44,9 @@ var config = { // issues related to insertable streams. // disableE2EE: false, - // Enables/disables thumbnail reordering in the filmstrip. It is enabled by default unless explicitly - // disabled by the below option. - // enableThumbnailReordering: true, - - // Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users. - // mobileXmppWsThreshold: 10 // enable XMPP WebSockets on mobile for 10% of the users - // P2P test mode disables automatic switching to P2P when there are 2 // participants in the conference. - // p2pTestMode: false, + p2pTestMode: false // Enables the test specific features consumed by jitsi-meet-torture // testMode: false @@ -63,10 +59,8 @@ var config = { // simulcast is turned off for the desktop share. If presenter is turned // on while screensharing is in progress, the max bitrate is automatically // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines - // the probability for this to be enabled. This setting has been deprecated. - // desktopSharingFrameRate.max now determines whether simulcast will be enabled - // or disabled for the screenshare. - // capScreenshareBitrate: 1 // 0 to disable - deprecated. + // the probability for this to be enabled. + // capScreenshareBitrate: 1 // 0 to disable // Enable callstats only for a percentage of users. // This takes a value between 0 and 100 which determines the probability for @@ -74,18 +68,6 @@ var config = { // callStatsThreshold: 5 // enable callstats for 5% of the users. }, - // Disables moderator indicators. - // disableModeratorIndicator: false, - - // Disables the reactions feature. - // disableReactions: true, - - // Disables polls feature. - // disablePolls: false, - - // Disables self-view tile. (hides it from tile view and from filmstrip) - // disableSelfView: false, - // Disables ICE/UDP by filtering out local and remote UDP candidates in // signalling. // webrtcIceUdpDisable: false, @@ -98,9 +80,6 @@ var config = { // Media // - // Enable unified plan implementation support on Chromium based browsers. - // enableUnifiedOnChrome: false, - // Audio // Disable measuring of audio levels. @@ -117,10 +96,6 @@ var config = { // about the call. // enableSaveLogs: false, - // Enabling this will hide the "Show More" link in the GSM popover that can be - // used to display more statistics about the connection (IP, Port, protocol, etc). - // disableShowMoreStats: true, - // Enabling this will run the lib-jitsi-meet noise detection module which will // notify the user if there is noise, other than voice, coming from the current // selected microphone. The purpose it to let the user know that the input could @@ -142,34 +117,19 @@ var config = { // participants and to enable it back a reload is needed. // startSilent: false + // Sets the preferred target bitrate for the Opus audio codec by setting its + // 'maxaveragebitrate' parameter. Currently not available in p2p mode. + // Valid values are in the range 6000 to 510000 + // opusMaxAverageBitrate: 20000, + // Enables support for opus-red (redundancy for Opus). // enableOpusRed: false, - // Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio. - // Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC. - // audioQuality: { - // stereo: false, - // opusMaxAverageBitrate: null // Value to fit the 6000 to 510000 range. - // }, - // Video // Sets the preferred resolution (height) for local video. Defaults to 720. // resolution: 720, - // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not - // disableRemoveRaisedHandOnFocus: false, - - // Specifies whether there will be a search field in speaker stats or not - // disableSpeakerStatsSearch: false, - - // Specifies whether participants in speaker stats should be ordered or not, and with what priority - // speakerStatsOrder: [ - // 'role', <- Moderators on top - // 'name', <- Alphabetically by name - // 'hasLeft', <- The ones that have left in the bottom - // ] <- the order of the array elements determines priority - // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. // Use -1 to disable. // maxFullResolutionParticipants: 2, @@ -192,10 +152,9 @@ var config = { // Enable / disable simulcast support. // disableSimulcast: false, - // Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended - // (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen - // sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent - // by the client. + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. // enableLayerSuspension: false, // Every participant after the Nth will start video muted. @@ -257,18 +216,6 @@ var config = { // subtitles and buttons can be configured) // transcribingEnabled: false, - // If true transcriber will use the application language. - // The application language is either explicitly set by participants in their settings or automatically - // detected based on the environment, e.g. if the app is opened in a chrome instance which is using french as its - // default language then transcriptions for that participant will be in french. - // Defaults to true. - // transcribeWithAppLanguage: true, - - // Transcriber language. This settings will only work if "transcribeWithAppLanguage" is explicitly set to false. - // Available languages can be found in - // ./src/react/features/transcribing/transcriber-langs.json. - // preferredTranscribeLanguage: 'en-US', - // Enables automatic turning on captions when recording is started // autoCaptionOnRecord: false, @@ -277,20 +224,6 @@ var config = { // Default value for the channel "last N" attribute. -1 for unlimited. channelLastN: -1, - // Connection indicators - // connectionIndicators: { - // autoHide: true, - // autoHideTimeout: 5000, - // disabled: false, - // disableDetails: false, - // inactiveDisabled: false - // }, - - // Provides a way for the lastN value to be controlled through the UI. - // When startLastN is present, conference starts with a last-n value of startLastN and channelLastN - // value will be used when the quality level is selected using "Manage Video Quality" slider. - // startLastN: 1, - // Provides a way to use different "last N" values based on the number of participants in the conference. // The keys in an Object represent number of participants and the values are "last N" to be used when number of // participants gets to or above the number. @@ -328,24 +261,12 @@ var config = { // // to take effect. // preferredCodec: 'VP8', // - // // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints - // // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet. - // // This will result in Safari not being able to decode video from endpoints sending VP9 video. - // // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the - // // preferred codec and goes back to the preferred codec when that endpoint leaves. - // // enforcePreferredCodec: false, - // // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on // // the available bandwidth calculated by the browser, but it will be capped by the values specified here. // // This is currently not implemented on app based clients on mobile. // maxBitratesVideo: { - // H264: { - // low: 200000, - // standard: 500000, - // high: 1500000 - // }, // VP8 : { // low: 200000, // standard: 500000, @@ -354,7 +275,7 @@ var config = { // VP9: { // low: 100000, // standard: 300000, - // high: 1200000 + // high: 1200000 // } // }, // @@ -378,13 +299,6 @@ var config = { // resizeDesktopForPresenter: false // }, - // Notification timeouts - // notificationTimeouts: { - // short: 2500, - // medium: 5000, - // long: 10000 - // }, - // // Options for the recording limit notification. // recordingLimit: { // @@ -403,9 +317,6 @@ var config = { // Disables or enables RTX (RFC 4588) (defaults to false). // disableRtx: false, - // Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event. - // disableBeforeUnloadHandlers: true, - // Disables or enables TCC support in this client (default: enabled). // enableTcc: true, @@ -421,7 +332,8 @@ var config = { // enableIceRestart: false, // Enables forced reload of the client when the call is migrated as a result of - // the bridge going down. + // the bridge going down. Currently enabled by default as call migration through + // session-terminate is causing siganling issues when Octo is enabled. // enableForcedReload: true, // Use TURN/UDP servers for the jitsi-videobridge connection (by default @@ -429,11 +341,6 @@ var config = { // bridge itself is reachable via UDP) // useTurnUdp: false - // Enable support for encoded transform in supported browsers. This allows - // E2EE to work in Safari if the corresponding flag is enabled in the browser. - // Experimental. - // enableEncodedTransformSupport: false, - // UI // @@ -443,12 +350,6 @@ var config = { // Hides lobby button // hideLobbyButton: false, - // If Lobby is enabled starts knocking automatically. - // autoKnockLobby: false, - - // Hides add breakout room button - // hideAddRoomButton: false, - // Require users to always specify a display name. // requireDisplayName: true, @@ -468,15 +369,7 @@ var config = { // enableClosePage: false, // Disable hiding of remote thumbnails when in a 1-on-1 conference call. - // Setting this to null, will also disable showing the remote videos - // when the toolbar is shown on mouse movements - // disable1On1Mode: null | false | true, - - // Default local name to be displayed - // defaultLocalDisplayName: 'me', - - // Default remote name to be displayed - // defaultRemoteDisplayName: 'Fellow Jitster', + // disable1On1Mode: false, // Default language for the user interface. // defaultLanguage: 'en', @@ -499,18 +392,8 @@ var config = { // and microsoftApiApplicationClientID // enableCalendarIntegration: false, - // Configs for prejoin page. - // prejoinConfig: { - // // When 'true', it shows an intermediate page before joining, where the user can configure their devices. - // // This replaces `prejoinPageEnabled`. - // enabled: true, - // // List of buttons to hide from the extra join options dropdown. - // hideExtraJoinButtons: ['no-audio', 'by-phone'] - // }, - - // When 'true', the user cannot edit the display name. - // (Mainly useful when used in conjuction with the JWT so the JWT name becomes read only.) - // readOnlyName: false, + // When 'true', it shows an intermediate page before joining, where the user can configure their devices. + // prejoinPageEnabled: false, // If etherpad integration is enabled, setting this to true will // automatically open the etherpad when a participant joins. This @@ -531,10 +414,6 @@ var config = { // Base URL for a Gravatar-compatible service. Defaults to libravatar. // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', - // App name to be displayed in the invitation email subject, as an alternative to - // interfaceConfig.APP_NAME. - // inviteAppName: null, - // Moved from interfaceConfig(TOOLBAR_BUTTONS). // The name of the toolbar buttons to display in the toolbar, including the // "More actions" menu. If present, the button will display. Exceptions are @@ -547,94 +426,13 @@ var config = { // - 'desktop' controls the "Share your screen" button // - if `toolbarButtons` is undefined, we fallback to enabling all buttons on the UI // toolbarButtons: [ - // 'camera', - // 'chat', - // 'closedcaptions', - // 'desktop', - // 'download', - // 'embedmeeting', - // 'etherpad', - // 'feedback', - // 'filmstrip', - // 'fullscreen', - // 'hangup', - // 'help', - // 'invite', - // 'livestreaming', - // 'microphone', - // 'mute-everyone', - // 'mute-video-everyone', - // 'participants-pane', - // 'profile', - // 'raisehand', - // 'recording', - // 'security', - // 'select-background', - // 'settings', - // 'shareaudio', - // 'sharedvideo', - // 'shortcuts', - // 'stats', - // 'tileview', - // 'toggle-camera', - // 'videoquality', - // '__end' + // 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen', + // 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording', + // 'livestreaming', 'etherpad', 'sharedvideo', 'shareaudio', 'settings', 'raisehand', + // 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', + // 'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security' // ], - // Holds values related to toolbar visibility control. - // toolbarConfig: { - // // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT - // // The initial numer of miliseconds for the toolbar buttons to be visible on screen. - // initialTimeout: 20000, - // // Moved from interfaceConfig.TOOLBAR_TIMEOUT - // // Number of miliseconds for the toolbar buttons to be visible on screen. - // timeout: 4000, - // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE - // // Whether toolbar should be always visible or should hide after x miliseconds. - // alwaysVisible: false - // }, - - // Toolbar buttons which have their click event exposed through the API on - // `toolbarButtonClicked` event instead of executing the normal click routine. - // buttonsWithNotifyClick: [ - // 'camera', - // 'chat', - // 'closedcaptions', - // 'desktop', - // 'download', - // 'embedmeeting', - // 'etherpad', - // 'feedback', - // 'filmstrip', - // 'fullscreen', - // 'hangup', - // 'help', - // 'invite', - // 'livestreaming', - // 'microphone', - // 'mute-everyone', - // 'mute-video-everyone', - // 'participants-pane', - // 'profile', - // 'raisehand', - // 'recording', - // 'security', - // 'select-background', - // 'settings', - // 'shareaudio', - // 'sharedvideo', - // 'shortcuts', - // 'stats', - // 'tileview', - // 'toggle-camera', - // 'videoquality', - // '__end' - // ], - - // List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons: - // 'microphone', 'camera', 'select-background', 'invite', 'settings' - // hiddenPremeetingButtons: [], - // Stats // @@ -652,37 +450,12 @@ var config = { // callStatsID: '', // callStatsSecret: '', - // The callstats initialize config params as described in the API: - // https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret - // callStatsConfigParams: { - // disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter. - // applicationVersion: "app_version", // Application version specified by the developer. - // disablePrecalltest: true, // disables the pre-call test, it is enabled by default. - // siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made. - // additionalIDs: { // additionalIDs object, contains application related IDs. - // customerID: "Customer Identifier. Example, walmart.", - // tenantID: "Tenant Identifier. Example, monster.", - // productName: "Product Name. Example, Jitsi.", - // meetingsName: "Meeting Name. Example, Jitsi loves callstats.", - // serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.", - // pbxID: "PBX Identifier. Example, walmart.", - // pbxExtensionID: "PBX Extension Identifier. Example, 5625.", - // fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.", - // sessionID: "Session Identifier. Example, session-12-34" - // }, - // collectLegacyStats: true, //enables the collection of legacy stats in chrome browser - // collectIP: true //enables the collection localIP address - // }, - // Enables sending participants' display names to callstats // enableDisplayNameInStats: false, // Enables sending participants' emails (if available) to callstats and other analytics // enableEmailInStats: false, - // Enables detecting faces of participants and get their expression and send it to other participants - // enableFacialRecognition: true, - // Controls the percentage of automatic feedback shown to participants when callstats is enabled. // The default value is 100%. If set to 0, no automatic feedback will be requested // feedbackPercentage: 100, @@ -708,8 +481,12 @@ var config = { // connection. enabled: true, - // Enable unified plan implementation support on Chromium for p2p connection. - // enableUnifiedOnChrome: false, + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + // { urls: 'stun:jitsi-meet.example.com:3478' }, + { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } + ] // Sets the ICE transport policy for the p2p connection. At the time // of this writing the list of possible values are 'all' and 'relay', @@ -736,20 +513,10 @@ var config = { // How long we're going to wait, before going back to P2P after the 3rd // participant has left the conference (to filter out page reload). - // backToP2PDelay: 5, - - // The STUN servers that will be used in the peer to peer connections - stunServers: [ - - // { urls: 'stun:jitsi-meet.example.com:3478' }, - { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } - ] + // backToP2PDelay: 5 }, analytics: { - // True if the analytics should be disabled - // disabled: false, - // The Google Analytics Tracking ID: // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' @@ -765,7 +532,7 @@ var config = { // module connects to the provided rtcstatsEndpoint and sends statistics regarding // PeerConnection states along with getStats metrics polled at the specified // interval. - // rtcstatsEnabled: false, + // rtcstatsEnabled: true, // In order to enable rtcstats one needs to provide a endpoint url. // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, @@ -793,43 +560,13 @@ var config = { // userRegion: "asia" }, - // Array of disabled sounds. - // Possible values: - // - 'ASKED_TO_UNMUTE_SOUND' - // - 'E2EE_OFF_SOUND' - // - 'E2EE_ON_SOUND' - // - 'INCOMING_MSG_SOUND' - // - 'KNOCKING_PARTICIPANT_SOUND' - // - 'LIVE_STREAMING_OFF_SOUND' - // - 'LIVE_STREAMING_ON_SOUND' - // - 'NO_AUDIO_SIGNAL_SOUND' - // - 'NOISY_AUDIO_INPUT_SOUND' - // - 'OUTGOING_CALL_EXPIRED_SOUND' - // - 'OUTGOING_CALL_REJECTED_SOUND' - // - 'OUTGOING_CALL_RINGING_SOUND' - // - 'OUTGOING_CALL_START_SOUND' - // - 'PARTICIPANT_JOINED_SOUND' - // - 'PARTICIPANT_LEFT_SOUND' - // - 'RAISE_HAND_SOUND' - // - 'REACTION_SOUND' - // - 'RECORDING_OFF_SOUND' - // - 'RECORDING_ON_SOUND' - // - 'TALK_WHILE_MUTED_SOUND' - // disabledSounds: [], - - // DEPRECATED! Use `disabledSounds` instead. // Decides whether the start/stop recording audio notifications should play on record. // disableRecordAudioNotification: false, - // DEPRECATED! Use `disabledSounds` instead. // Disables the sounds that play when other participants join or leave the // conference (if set to true, these sounds will not be played). // disableJoinLeaveSounds: false, - // DEPRECATED! Use `disabledSounds` instead. - // Disables the sounds that play when a chat message is received. - // disableIncomingMessageSound: false, - // Information for the chrome extension banner // chromeExtensionBanner: { // // The chrome extension to be installed address @@ -850,8 +587,8 @@ var config = { // localRecording: { // Enables local recording. // Additionally, 'localrecording' (all lowercase) needs to be added to - // the `toolbarButtons`-array for the Local Recording button to show up - // on the toolbar. + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. // // enabled: true, // @@ -860,10 +597,6 @@ var config = { // format: 'flac' // - // }, - // e2ee: { - // labels, - // externallyManagedKey: false // }, // Options related to end-to-end (participant to participant) ping. @@ -918,9 +651,7 @@ var config = { // Options related to the remote participant menu. // remoteVideoMenu: { // // If set to true the 'Kick out' button will be disabled. - // disableKick: true, - // // If set to true the 'Grant moderator' button will be disabled. - // disableGrantModerator: true + // disableKick: true // }, // If set to true all muting operations of remote participants will be disabled. @@ -932,67 +663,20 @@ var config = { /** External API url used to receive branding specific information. If there is no url set or there are missing fields, the defaults are applied. - The config file should be in JSON. None of the fields are mandatory and the response must have the shape: - { - // The domain url to apply (will replace the domain in the sharing conference link/embed section) - inviteDomain: 'example-company.org, - // The hex value for the colour used as background - backgroundColor: '#fff', - // The url for the image used as background - backgroundImageUrl: 'https://example.com/background-img.png', - // The anchor url used when clicking the logo image - logoClickUrl: 'https://example-company.org', - // The url used for the image used as logo - logoImageUrl: 'https://example.com/logo-img.png', - // Overwrite for pool of background images for avatars - avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'], - // The lobby/prejoin screen background - premeetingBackground: 'url(https://example.com/premeeting-background.png)', - // A list of images that can be used as video backgrounds. - // When this field is present, the default images will be replaced with those provided. - virtualBackgrounds: ['https://example.com/img.jpg'], - // Object containing a theme's properties. It also supports partial overwrites of the main theme. - // For a list of all possible theme tokens and their current defaults, please check: - // https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json - // For a short explanations on each of the tokens, please check: - // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.js - // IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code - // or they are partially applied. - customTheme: { - palette: { - ui01: "orange !important", - ui02: "maroon", - surface02: 'darkgreen', - ui03: "violet", - ui04: "magenta", - ui05: "blueviolet", - field02Hover: 'red', - action01: 'green', - action01Hover: 'lightgreen', - action02Disabled: 'beige', - success02: 'cadetblue', - action02Hover: 'aliceblue' - }, - typography: { - labelRegular: { - fontSize: 25, - lineHeight: 30, - fontWeight: 500 - } - } - } - } + { + // The hex value for the colour used as background + backgroundColor: '#fff', + // The url for the image used as background + backgroundImageUrl: 'https://example.com/background-img.png', + // The anchor url used when clicking the logo image + logoClickUrl: 'https://example-company.org', + // The url used for the image used as logo + logoImageUrl: 'https://example.com/logo-img.png' + } */ // dynamicBrandingUrl: '', - // When true the user cannot add more images to be used as virtual background. - // Only the default ones from will be available. - // disableAddingBackgroundImages: false, - - // Disables using screensharing as virtual background. - // disableScreensharingVirtualBackground: false, - // Sets the background transparency level. '0' is fully transparent, '1' is opaque. // backgroundAlpha: 1, @@ -1004,35 +688,12 @@ var config = { // If true, tile view will not be enabled automatically when the participants count threshold is reached. // disableTileView: true, - // If true, the tiles will be displayed contained within the available space rather than enlarged to cover it. - // disableTileEnlargement: true, - - // Controls the visibility and behavior of the top header conference info labels. - // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. - // conferenceInfo: { - // // those labels will not be hidden in tandem with the toolbox. - // alwaysVisible: ['recording', 'local-recording'], - // // those labels will be auto-hidden in tandem with the toolbox buttons. - // autoHide: [ - // 'subject', - // 'conference-timer', - // 'participants-count', - // 'e2ee', - // 'transcribing', - // 'video-quality', - // 'insecure-room' - // ] - // }, - // Hides the conference subject // hideConferenceSubject: true, // Hides the conference timer. // hideConferenceTimer: true, - // Hides the recording label - // hideRecordingLabel: false, - // Hides the participants stats // hideParticipantsStats: true, @@ -1044,13 +705,6 @@ var config = { // is not persisting the local storage inside the iframe. // useHostPageLocalStorage: true, - // etherpad ("shared document") integration. - // - - // If set, add a "Open shared document" link to the bottom right menu that - // will open an etherpad document. - // etherpad_base: 'https://your-etherpad-installati.on/p/', - // List of undocumented settings used in jitsi-meet /** _immediateReloadThreshold @@ -1063,8 +717,8 @@ var config = { dialOutCodesUrl disableRemoteControl displayJids + etherpad_base externalConnectUrl - e2eeLabels firefox_fake_device googleApiApplicationClientID iAmRecorder @@ -1106,11 +760,6 @@ var config = { websocketKeepAliveUrl */ - /** - * Default interval (milliseconds) for triggering mouseMoved iframe API event - */ - mouseMoveCallbackInterval: 1000, - /** Use this array to configure which notifications will be shown to the user The items correspond to the title or description key of that notification @@ -1144,19 +793,11 @@ var config = { // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied // 'localRecording.localRecording', // shown when a local recording is started // 'notify.disconnected', // shown when a participant has left - // 'notify.connectedOneMember', // show when a participant joined - // 'notify.connectedTwoMembers', // show when two participants joined simultaneously - // 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously // 'notify.grantedTo', // shown when moderator rights were granted to a participant // 'notify.invitedOneMember', // shown when 1 participant has been invited // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.kickParticipant', // shown when a participant is kicked - // 'notify.moderationStartedTitle', // shown when AV moderation is activated - // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated - // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation - // 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation - // 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation // 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party // 'notify.mutedTitle', // shown when user has been muted upon joining, // 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device @@ -1165,7 +806,6 @@ var config = { // 'notify.passwordSetRemotely', // shown when a password has been set remotely // 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.startSilentTitle', // shown when user joined with no audio - // 'notify.unmute', // shown to moderator when user raises hand during AV moderation // 'prejoin.errorDialOut', // 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutFailed', @@ -1179,13 +819,7 @@ var config = { // 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone // 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted // 'transcribing.failedToStart' // shown when transcribing fails to start - // ], - - // Prevent the filmstrip from autohiding when screen width is under a certain threshold - // disableFilmstripAutohiding: false, - - // Specifies whether the chat emoticons are disabled or not - // disableChatSmileys: false, + // ] // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. diff --git a/type/__jitsi_meet_domain/files/interface_config.js.sh b/type/__jitsi_meet_domain/files/interface_config.js.sh index abcf68b..2a65bfc 100644 --- a/type/__jitsi_meet_domain/files/interface_config.js.sh +++ b/type/__jitsi_meet_domain/files/interface_config.js.sh @@ -36,13 +36,42 @@ var interfaceConfig = { BRAND_WATERMARK_LINK: '', CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it + /** + * Whether the connection indicator icon should hide itself based on + * connection strength. If true, the connection indicator will remain + * displayed while the participant has a weak connection and will hide + * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is + * strong. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true, + + /** + * How long the connection indicator should remain displayed before hiding. + * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED. + * + * @type {number} + */ + CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000, + + /** + * If true, hides the connection indicators completely. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_DISABLED: false, DEFAULT_BACKGROUND: '#474747', + DEFAULT_LOCAL_DISPLAY_NAME: 'me', DEFAULT_LOGO_URL: '${BRANDING_WATERMARK_PATH}', + DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', DEFAULT_WELCOME_PAGE_LOGO_URL: '${BRANDING_WATERMARK_PATH}', DISABLE_DOMINANT_SPEAKER_INDICATOR: false, + DISABLE_FOCUS_INDICATOR: false, + /** * If true, notifications regarding joining/leaving are no longer displayed. */ @@ -98,6 +127,7 @@ var interfaceConfig = { */ HIDE_INVITE_MORE_HEADER: false, + INITIAL_TOOLBAR_TIMEOUT: 20000, JITSI_WATERMARK_LINK: 'https://jitsi.org', LANG_DETECTION: true, // Allow i18n to detect the system language @@ -166,10 +196,10 @@ var interfaceConfig = { SHOW_BRAND_WATERMARK: false, /** - * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. - * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) - * being already installed is done before rendering. - */ + * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. + * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) + * being already installed is done before rendering. + */ SHOW_CHROME_EXTENSION_BANNER: false, SHOW_DEEP_LINKING_IMAGE: false, @@ -183,6 +213,16 @@ var interfaceConfig = { */ SUPPORT_URL: 'https://community.jitsi.org/', + TOOLBAR_ALWAYS_VISIBLE: false, + + /** + * DEPRECATED! + * This config was moved to config.js as \`toolbarButtons\`. + */ + // TOOLBAR_BUTTONS: [], + + TOOLBAR_TIMEOUT: 4000, + // Browsers, in addition to those which do not fully support WebRTC, that // are not supported and should show the unsupported browser page. UNSUPPORTED_BROWSERS: [], @@ -234,40 +274,19 @@ var interfaceConfig = { */ // ANDROID_APP_PACKAGE: 'org.jitsi.meet', + /** + * Override the behavior of some notifications to remain displayed until + * explicitly dismissed through a user action. The value is how long, in + * milliseconds, those notifications should remain displayed. + */ + // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000, + // List of undocumented settings /** INDICATOR_FONT_SIZES PHONE_NUMBER_REGEX */ - // -----------------DEPRECATED CONFIGS BELOW THIS LINE----------------------------- - - // Connection indicators ( - // CONNECTION_INDICATOR_AUTO_HIDE_ENABLED, - // CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT, - // CONNECTION_INDICATOR_DISABLED) got moved to config.js. - - // Please use disableModeratorIndicator from config.js - // DISABLE_FOCUS_INDICATOR: false, - - // Please use defaultLocalDisplayName from config.js - // DEFAULT_LOCAL_DISPLAY_NAME: 'me', - - // Please use defaultRemoteDisplayName from config.js - // DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', - - // Moved to config.js as \`toolbarConfig.initialTimeout\`. - // INITIAL_TOOLBAR_TIMEOUT: 20000, - - // Moved to config.js as \`toolbarConfig.alwaysVisible\`. - // TOOLBAR_ALWAYS_VISIBLE: false, - - // This config was moved to config.js as \`toolbarButtons\`. - // TOOLBAR_BUTTONS: [], - - // Moved to config.js as \`toolbarConfig.timeout\`. - // TOOLBAR_TIMEOUT: 4000, - // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. // eslint-disable-next-line sort-keys diff --git a/type/__jitsi_meet_domain/files/interface_config.js.sh.orig b/type/__jitsi_meet_domain/files/interface_config.js.sh.orig index c3a76af..fb8dd48 100644 --- a/type/__jitsi_meet_domain/files/interface_config.js.sh.orig +++ b/type/__jitsi_meet_domain/files/interface_config.js.sh.orig @@ -25,13 +25,42 @@ var interfaceConfig = { BRAND_WATERMARK_LINK: '', CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it + /** + * Whether the connection indicator icon should hide itself based on + * connection strength. If true, the connection indicator will remain + * displayed while the participant has a weak connection and will hide + * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is + * strong. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true, + + /** + * How long the connection indicator should remain displayed before hiding. + * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED. + * + * @type {number} + */ + CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000, + + /** + * If true, hides the connection indicators completely. + * + * @type {boolean} + */ + CONNECTION_INDICATOR_DISABLED: false, DEFAULT_BACKGROUND: '#474747', + DEFAULT_LOCAL_DISPLAY_NAME: 'me', DEFAULT_LOGO_URL: 'images/watermark.svg', + DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg', DISABLE_DOMINANT_SPEAKER_INDICATOR: false, + DISABLE_FOCUS_INDICATOR: false, + /** * If true, notifications regarding joining/leaving are no longer displayed. */ @@ -87,6 +116,7 @@ var interfaceConfig = { */ HIDE_INVITE_MORE_HEADER: false, + INITIAL_TOOLBAR_TIMEOUT: 20000, JITSI_WATERMARK_LINK: 'https://jitsi.org', LANG_DETECTION: true, // Allow i18n to detect the system language @@ -155,10 +185,10 @@ var interfaceConfig = { SHOW_BRAND_WATERMARK: false, /** - * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. - * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) - * being already installed is done before rendering. - */ + * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. + * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) + * being already installed is done before rendering. + */ SHOW_CHROME_EXTENSION_BANNER: false, SHOW_DEEP_LINKING_IMAGE: false, @@ -172,6 +202,16 @@ var interfaceConfig = { */ SUPPORT_URL: 'https://community.jitsi.org/', + TOOLBAR_ALWAYS_VISIBLE: false, + + /** + * DEPRECATED! + * This config was moved to config.js as `toolbarButtons`. + */ + // TOOLBAR_BUTTONS: [], + + TOOLBAR_TIMEOUT: 4000, + // Browsers, in addition to those which do not fully support WebRTC, that // are not supported and should show the unsupported browser page. UNSUPPORTED_BROWSERS: [], @@ -223,40 +263,19 @@ var interfaceConfig = { */ // ANDROID_APP_PACKAGE: 'org.jitsi.meet', + /** + * Override the behavior of some notifications to remain displayed until + * explicitly dismissed through a user action. The value is how long, in + * milliseconds, those notifications should remain displayed. + */ + // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000, + // List of undocumented settings /** INDICATOR_FONT_SIZES PHONE_NUMBER_REGEX */ - // -----------------DEPRECATED CONFIGS BELOW THIS LINE----------------------------- - - // Connection indicators ( - // CONNECTION_INDICATOR_AUTO_HIDE_ENABLED, - // CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT, - // CONNECTION_INDICATOR_DISABLED) got moved to config.js. - - // Please use disableModeratorIndicator from config.js - // DISABLE_FOCUS_INDICATOR: false, - - // Please use defaultLocalDisplayName from config.js - // DEFAULT_LOCAL_DISPLAY_NAME: 'me', - - // Please use defaultRemoteDisplayName from config.js - // DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', - - // Moved to config.js as `toolbarConfig.initialTimeout`. - // INITIAL_TOOLBAR_TIMEOUT: 20000, - - // Moved to config.js as `toolbarConfig.alwaysVisible`. - // TOOLBAR_ALWAYS_VISIBLE: false, - - // This config was moved to config.js as `toolbarButtons`. - // TOOLBAR_BUTTONS: [], - - // Moved to config.js as `toolbarConfig.timeout`. - // TOOLBAR_TIMEOUT: 4000, - // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. // eslint-disable-next-line sort-keys diff --git a/type/__jitsi_meet_domain/files/nginx.sh b/type/__jitsi_meet_domain/files/nginx.sh index 6e874c1..8b124e2 100644 --- a/type/__jitsi_meet_domain/files/nginx.sh +++ b/type/__jitsi_meet_domain/files/nginx.sh @@ -2,14 +2,6 @@ # shellcheck disable=SC2034 # This is intended to be included JITSI_NGINX_CONFIG="$(cat <_` - for details. - owner Owner of the deployed files, passed to `chown`. Defaults to 'root'. brand Web UI branding, defaults to 'Element'. -branding_auth_header_logo_url - A logo image that is shown in the header during authentication flows. - -branding_welcome_background_url - An image to use as a wallpaper outside the app during authentication flows. If an array is passed, an image is chosen randomly for each visit. - -branding_auth_footer_links - a list of links to show in the authentication page footer: `[{"text": "Link - text", "url": "https://link.target"}, {"text": "Other link", ...}]` - default_country_code ISO 3166 alpha2 country code to use when showing country selectors, such as phone number inputs. Defaults to GB. diff --git a/type/__matrix_element/manifest b/type/__matrix_element/manifest index fe937c5..544bd96 100755 --- a/type/__matrix_element/manifest +++ b/type/__matrix_element/manifest @@ -25,13 +25,11 @@ INSTALL_DIR=$(cat "$__object/parameter/install_dir") export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name") export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url") -export IDENTITY_SERVER_URL=$(cat "$__object/parameter/identity_server_url") export BRAND=$(cat "$__object/parameter/brand") export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code") export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers") export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url") export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url") -export BRANDING_WELCOME_BACKGROUND_URL=$(cat "$__object/parameter/branding_welcome_background_url") if [ -f "$__object/parameter/jitsi_domain" ]; then export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain") @@ -46,24 +44,14 @@ if [ -f "$__object/parameter/branding_auth_footer_links" ]; then fi if [ -f "$__object/parameter/homepage" ]; then + export EMBED_HOMEPAGE=1 homepage=$(cat "$__object/parameter/homepage") - if [ -f "$homepage" ]; then - upload_homepage=1 - else - export HOME_PAGE_URL=$homepage - fi fi -WELCOME_PAGE_URL="welcome.html" if [ -f "$__object/parameter/welcomepage" ]; then + export EMBED_WELCOMEPAGE=1 welcomepage=$(cat "$__object/parameter/welcomepage") - if [ -f welcomepage ]; then - export UPLOAD_WELCOMEPAGE=1 - else - WELCOME_PAGE_URL=$welcomepage - fi fi -export WELCOME_PAGE_URL if [ -f "$__object/parameter/custom_asset" ]; then "$__object/parameter/custom_asset" | while IFS= read -r file; do @@ -103,14 +91,14 @@ require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json" --mode 0664 \ --state present -if [ $upload_homepage ]; then +if [ $EMBED_HOMEPAGE ]; then require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \ --source "$homepage" \ --mode 0664 \ --state present fi -if [ $upload_welcomepage ]; then +if [ $EMBED_WELCOMEPAGE ]; then require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \ --source "$welcomepage" \ --mode 0664 \ diff --git a/type/__matrix_element/parameter/default/branding_welcome_background_url b/type/__matrix_element/parameter/default/branding_welcome_background_url deleted file mode 100644 index 5f5acef..0000000 --- a/type/__matrix_element/parameter/default/branding_welcome_background_url +++ /dev/null @@ -1 +0,0 @@ -themes/element/img/backgrounds/lake.jpg diff --git a/type/__matrix_element/parameter/optional b/type/__matrix_element/parameter/optional index 2830f81..21a2faf 100644 --- a/type/__matrix_element/parameter/optional +++ b/type/__matrix_element/parameter/optional @@ -1,6 +1,5 @@ default_server_url default_server_name -identity_server_url brand default_country_code privacy_policy_url @@ -12,4 +11,3 @@ welcomepage jitsi_domain branding_auth_header_logo_url branding_auth_footer_links -branding_welcome_background_url diff --git a/type/__matrix_synapse/files/homeserver.yaml.sh b/type/__matrix_synapse/files/homeserver.yaml.sh index 74ac69c..bc94391 100755 --- a/type/__matrix_synapse/files/homeserver.yaml.sh +++ b/type/__matrix_synapse/files/homeserver.yaml.sh @@ -448,7 +448,7 @@ retention: # matter much because Synapse doesn't take it into account yet. # default_policy: - min_lifetime: ${MESSAGE_RETENTION_POLICY_MIN_LIFETIME:?} + min_lifetime: 1d max_lifetime: ${MESSAGE_RETENTION_POLICY_MAX_LIFETIME:?} # Retention policy limits. If set, and the state of a room contains a @@ -1175,26 +1175,14 @@ fi cat << EOF # The shared secret used to compute passwords for the TURN server # -EOF +turn_shared_secret: "$TURN_SHARED_SECRET" -if [ -n "$TURN_SHARED_SECRET" ]; then - echo "turn_shared_secret: \"$TURN_SHARED_SECRET\"" -fi - -cat << EOF # The Username and password if the TURN server needs them and # does not use a token # -EOF +#turn_username: "TURNSERVER_USERNAME" +#turn_password: "TURNSERVER_PASSWORD" -if [ -n "$TURN_USERNAME" ] || [ "$TURN_PASSWORD" ]; then - cat <<- EOF - turn_username: "$TURN_USERNAME" - turn_password: "$TURN_PASSWORD" - EOF -fi - -cat << EOF # How long generated TURN credentials last # turn_user_lifetime: ${TURN_USER_LIFETIME:?} @@ -1334,7 +1322,7 @@ fi cat << EOF # Enable 3PIDs lookup requests to identity servers from this server. # -enable_3pid_lookup: ${ENABLE_3PID_LOOKUPS:?} +#enable_3pid_lookup: true # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. @@ -1342,12 +1330,9 @@ EOF if [ -n "$REGISTRATION_SHARED_SECRET" ]; then echo "registration_shared_secret: '$REGISTRATION_SHARED_SECRET'" -else - echo "# registration_shared_secret: 'secret'" fi cat << EOF - # Set the number of bcrypt rounds used to generate password hash. # Larger numbers increase the work factor needed to generate the hash. # The default number is 12 (which equates to 2^12 rounds). @@ -1368,13 +1353,7 @@ allow_guest_access: ${ALLOW_GUEST_ACCESS:?} # (By default, no suggestion is made, so it is left up to the client.) # #default_identity_server: https://matrix.org -EOF -if [ -n "$DEFAULT_IDENTITY_SERVER" ]; then - echo "default_identity_server: \"$DEFAULT_IDENTITY_SERVER\"" -fi - -cat << EOF # Handle threepid (email/phone etc) registration and password resets through a set of # *trusted* identity servers. Note that this allows the configured identity server to # reset passwords for accounts! @@ -1717,24 +1696,7 @@ saml2_config: # local: ["saml2/idp.xml"] # remote: # - url: https://our_idp/metadata.xml -EOF -if [ -n "$SAML2_IDP_METADATA_URL" ]; then - cat << EOF - metadata: - remote: - - url: "$SAML2_IDP_METADATA_URL" -EOF -fi - -if [ -n "$SAML2_SP_CERT" ] || [ -n "$SAML2_SP_KEY" ]; then - cat << EOF - key_file: "$SAML2_SP_KEY" - cert_file: "$SAML2_SP_CERT" -EOF -fi - -cat << EOF # Allowed clock difference in seconds between the homeserver and IdP. # # Uncomment the below to increase the accepted time difference from 0 to 3 seconds. @@ -1808,15 +1770,7 @@ cat << EOF # The custom module's class. Uncomment to use a custom module. # #module: mapping_provider.SamlMappingProvider -EOF -if [ -n "$SAML2_MAPPING_PROVIDER_MODULE" ]; then - cat << EOF - module: "$SAML2_MAPPING_PROVIDER_MODULE" -EOF -fi - -cat << EOF # Custom configuration values for the module. Below options are # intended for the built-in provider, they should be changed if # using a custom module. This section will be passed as a Python @@ -1846,17 +1800,6 @@ cat << EOF # value will be used instead. # #mxid_mapping: dotreplace -EOF - -if [ -n "$SAML2_MAPPING_PROVIDER_EXTRA_CONFIG" ]; then - echo "$SAML2_MAPPING_PROVIDER_EXTRA_CONFIG" | while IFS= read -r entry; do - cat << EOF - $entry -EOF - done -fi - -cat << EOF # In previous versions of synapse, the mapping from SAML attribute to # MXID was always calculated dynamically rather than stored in a @@ -2191,7 +2134,7 @@ sso: # You can see the default templates at: # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates # - template_dir: "${SSO_TEMPLATE_DIR:?}" + #template_dir: "res/templates" # JSON web token integration. The following settings can be used to make @@ -2254,8 +2197,6 @@ password_config: # Uncomment to disable password login # #enabled: false - enableed: ${ENABLE_PASSWORDCONFIG:?} - # Uncomment to disable authentication against the local password # database. This is ignored if \`enabled\` is false, and is only useful diff --git a/type/__matrix_synapse/gencode-remote b/type/__matrix_synapse/gencode-remote index 30770ed..cf7c648 100755 --- a/type/__matrix_synapse/gencode-remote +++ b/type/__matrix_synapse/gencode-remote @@ -8,7 +8,7 @@ case "$os" in synapse_conf_dir=/etc/synapse synapse_service=synapse ;; - debian|ubuntu) + debian) synapse_conf_dir=/etc/matrix-synapse synapse_service=matrix-synapse ;; diff --git a/type/__matrix_synapse/man.rst b/type/__matrix_synapse/man.rst index d7b5a32..4eb23bb 100644 --- a/type/__matrix_synapse/man.rst +++ b/type/__matrix_synapse/man.rst @@ -133,14 +133,6 @@ turn-uri turn-shared-secret Shared secret used to access the TURN REST API. -turn-username - Username used to authenticate against the TURN server if needed / a shared - secret token is not used. - -turn-password - Password used to authenticate against the TURN server if needed / a shared - secret token is not used. - turn-user-lifetime Lifetime of TURN credentials. Defaults to 1h. @@ -189,25 +181,6 @@ bind-address Address used to bind the synapse listeners. Can be specified multiple times. Defaults to '::1' and '127.0.0.1'. -saml2-idp-metadata-url - HTTP(S) url to SAML2 Identity Provider (IdP), used for Single Sign On (SSO) logic. - -saml2-sp-key - Path to PEM-formatted key file for use by PySAML2. - -saml2-sp-cert - Path to PEM-formatted cert file for use by PySAML2. - -saml2-mapping-provider-module - Name of custom Python module used to map SAML2 attributes to synapse internals. - -saml2-mapping-provider-extra-settings - Extra YAML-formatted key/pair values provided as configuration to the SAML2 - mapping provider module (e.g. 'key: value'). Can be specified multiple times. - -sso-template-dir - Directory used to source SSO-related HTML templates. - extra-setting Arbitrary string to be added to the configuration file. Can be specified multiple times. @@ -249,9 +222,6 @@ allow-public-rooms-without-auth enable-server-notices Enable the server notices room. -enable-3pid-lookups - Enable 3PIDs lookup requests to identity servers from this server. - allow-guest-access Allows users to register as guests without a password/email/etc, and participate in rooms hosted on this server which have been made accessible @@ -286,11 +256,6 @@ worker-mode processes are called 'workers'. Please read the WORKER MODE section of this manpage before enabling, as extra work and considerations are required. -enable-passwordconfig - For removing user/password tab on login screen. - when it set saml2-login, it remove user/password tab on login-screen. - default is true. - PERFORMANCE ----------- diff --git a/type/__matrix_synapse/manifest b/type/__matrix_synapse/manifest index 42ced0d..4650a17 100755 --- a/type/__matrix_synapse/manifest +++ b/type/__matrix_synapse/manifest @@ -20,24 +20,41 @@ # OS-specific configuration. os=$(cat "$__global/explorer/os") +distribution=$(cat "$__global/explorer/lsb_codename") case "$os" in - debian|ubuntu) + debian) synapse_user=matrix-synapse - synapse_pkg=matrix-synapse-py3 + synapse_pkg=matrix-synapse synapse_service=matrix-synapse ldap_auth_provider_pkg=matrix-synapse-ldap3 synapse_conf_dir='/etc/matrix-synapse' synapse_data_dir='/var/lib/matrix-synapse' - __apt_key matrix-org \ - --uri https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg - - require="__apt_key/matrix-org" __apt_source matrix-org \ - --uri https://packages.matrix.org/debian/ \ - --component main - package_req="__apt_source/matrix-org" - ;; + # See https://packages.debian.org/bullseye/matrix-synapse for state of + # synapse packaging in debian. + case "$distribution" in + stretch) + echo "The matrix-synapse package in debian stretch is outdated and unusable." >&2 + exit 1 + ;; + buster) + # Enable debian-backports for debian Buster, as the 'stable' + # matrix-synapse package is ways too old (< 1.0). + apt_target_release=buster-backports + __apt_backports + ;; + bullseye|sid) + # As of writting (2021-02), the default matrix-synapse of those + # release is perfectly usable. + : + ;; + *) + echo "Unknown debian release '$distribution'. Exiting" >&2 + exit 1 + ;; + esac + ;; alpine) synapse_user=synapse synapse_pkg=synapse @@ -96,7 +113,7 @@ export SERVER_NAME BASE_URL REPORT_STATS MAX_UPLOAD_SIZE EXPOSE_METRICS \ WEB_CLIENT_URL ROOM_ENCRYPTION_POLICY BIND_ADDRESSES if [ -f "$__object/parameter/enable-server-notices" ]; then - export ENABLE_SERVER_NOTICES=1 + export ENABLE_SERVER_NOTICES=1 fi # TLS. @@ -169,80 +186,28 @@ fi # Registrations and users. ALLOW_GUEST_ACCESS=$(get_boolean_for 'allow-guest-access') ENABLE_REGISTRATIONS=$(get_boolean_for 'enable-registrations') -ENABLE_PASSWORDCONFIG=$(get_boolean_for 'enable-passwordconfig') USER_DIRECTORY_SEARCH_ALL_USERS=$(get_boolean_for 'user-directory-search-all-users') export ALLOW_GUEST_ACCESS ENABLE_REGISTRATIONS USER_DIRECTORY_SEARCH_ALL_USERS -if [ -f "$__object/parameter/registration-shared-secret" ]; then +if [ -f "$__object/parameter/registration-shared-token" ]; then REGISTRATION_SHARED_SECRET=$(cat "$__object/parameter/registration-shared-secret") export REGISTRATION_SHARED_SECRET fi if [ -f "$__object/parameter/registration-requires-email" ]; then - export REGISTRATION_REQUIRES_EMAIL=1 + export REGISTRATION_REQUIRES_EMAIL=1 fi if [ -f "$__object/parameter/auto-join-room" ]; then - AUTO_JOIN_ROOMS="$(cat "$__object/parameter/auto-join-room")" - export AUTO_JOIN_ROOMS + AUTO_JOIN_ROOMS="$(cat "$__object/parameter/auto-join-room")" + export AUTO_JOIN_ROOMS fi if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then - RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern") - export RESGISTRATION_ALLOWS_EMAIL_PATTERN + RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern") + export RESGISTRATION_ALLOWS_EMAIL_PATTERN fi -if [ -f "$__object/parameter/saml2-idp-metadata-url" ]; then - # Synapse fails to start while trying to parse IDP metadata if this package - # is not installed. - __package xmlsec1 - - SAML2_IDP_METADATA_URL=$(cat "$__object/parameter/saml2-idp-metadata-url") - export SAML2_IDP_METADATA_URL -fi - -if [ -f "$__object/parameter/saml2-sp-key" ]; then - SAML2_SP_KEY=$(cat "$__object/parameter/saml2-sp-key") - export SAML2_SP_KEY -fi - -if [ -f "$__object/parameter/saml2-sp-cert" ]; then - SAML2_SP_CERT=$(cat "$__object/parameter/saml2-sp-cert") - export SAML2_SP_CERT -fi - -if [ -f "$__object/parameter/saml2-mapping-provider-module" ]; then - SAML2_MAPPING_PROVIDER_MODULE=$(cat "$__object/parameter/saml2-mapping-provider-module") - export SAML2_MAPPING_PROVIDER_MODULE -fi - -if [ -f "$__object/parameter/saml2-mapping-provider-extra-config" ]; then - SAML2_MAPPING_PROVIDER_EXTRA_CONFIG=$(cat "$__object/parameter/saml2-mapping-provider-extra-config") - export SAML2_MAPPING_PROVIDER_EXTRA_CONFIG -fi - -SSO_TEMPLATE_DIR=$(cat "$__object/parameter/sso-template-dir") -export SSO_TEMPLATE_DIR - -if [ -n "$SAML2_SP_KEY" ] && [ -z "$SAML2_SP_CERT" ]; then - echo "--saml2-sp-cert must be set if --saml2-sp-key is provided." >&2 - exit 1 -elif [ -n "$SAML2_SP_CERT" ] && [ -z "$SAML2_SP_KEY" ]; then - echo "--saml2-sp-key must be set if --saml2-sp-cert is provided." >&2 - exit 1 -fi - -if [ -f "$__object/parameter/default-identity-server" ]; then - DEFAULT_IDENTITY_SERVER=$(cat "$__object/parameter/default-identity-server") - export DEFAULT_IDENTITY_SERVER -fi - -ENABLE_3PID_LOOKUPS='false' -if [ -f "$__object/parameter/enable-3pid-lookups" ]; then - ENABLE_3PID_LOOKUPS='true' -fi -export ENABLE_3PID_LOOKUPS - # Federation. ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation') ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth') @@ -258,8 +223,7 @@ fi # Message retention. ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-policy') MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime") -MESSAGE_RETENTION_POLICY_MIN_LIFETIME=$MESSAGE_RETENTION_POLICY_MAX_LIFETIME -export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME MESSAGE_RETENTION_POLICY_MIN_LIFETIME +export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME # Previews. ENABLE_URL_PREVIEW=$(get_boolean_for 'enable-url-preview') @@ -299,16 +263,6 @@ if [ -f "$__object/parameter/turn-uri" ]; then export TURN_URIS fi -if [ -f "$__object/parameter/turn-username" ]; then - TURN_USERNAME=$(cat "$__object/parameter/turn-username") - export TURN_USERNAME -fi - -if [ -f "$__object/parameter/turn-password" ]; then - TURN_PASSWORD=$(cat "$__object/parameter/turn-password") - export TURN_PASSWORD -fi - # Worker-mode configuration. export MAIN_LISTENER_PORT=8008 export ENABLE_MEDIA_REPO='true' @@ -342,25 +296,38 @@ export ENABLE_REPLICATION ENABLE_REDIS_SUPPORT WORKER_REPLICATION_SECRET \ case "$DATABASE_ENGINE" in sqlite3) : - ;; + ;; psycopg2) when='database engine is psycopg2' is_required_when "$DATABASE_HOST" '--database-host' "$when" is_required_when "$DATABASE_USER" '--database-user' "$when" - ;; + ;; *) echo "Invalid database engine: $DATABASE_ENGINE." >&2 exit 1 - ;; + ;; esac -# Install OS packages. -require="$package_req" __package "$synapse_pkg" -synapse_req="__package/$synapse_pkg" +# Install OS packages. We have a bit of boilerplate to handle the debian +# backports situation. +synapse_req= +if [ -n "$apt_target_release" ]; then + require="__apt_backports" __package_apt "$synapse_pkg" \ + --target-release "$apt_target_release" + synapse_req="__package_apt/$synapse_pkg" +else + __package "$synapse_pkg" + synapse_req="__package/$synapse_pkg" +fi if [ -n "$ENABLE_LDAP_AUTH" ]; then - require="$package_req" __package "$ldap_auth_provider_pkg" + if [ -n "$apt_target_release" ]; then + require="__package_apt/$synapse_pkg" __package_apt "$ldap_auth_provider_pkg" \ + --target-release "$apt_target_release" + else + __package "$ldap_auth_provider_pkg" + fi fi # Generate and deploy configuration files. @@ -369,13 +336,13 @@ mkdir -p "$__object/files" "$__type/files/log.config.sh" > "$__object/files/log.config" require="$synapse_req" __file "$synapse_conf_dir/homeserver.yaml" \ - --owner $synapse_user \ - --mode 600 \ - --source "$__object/files/homeserver.yaml" + --owner $synapse_user \ + --mode 600 \ + --source "$__object/files/homeserver.yaml" require="$synapse_req" __file "$LOG_CONFIG_PATH" \ - --owner $synapse_user \ - --mode 600 \ - --source "$__object/files/log.config" + --owner $synapse_user \ + --mode 600 \ + --source "$__object/files/log.config" for directory in $DATA_DIR $LOG_DIR; do require="$synapse_req" __directory $directory \ @@ -383,8 +350,8 @@ for directory in $DATA_DIR $LOG_DIR; do --owner $synapse_user done -# Make dpkg-reconfigure happy on debian-based systems. -if [ "$os" = "debian" ] || [ "$os" = "ubuntu" ]; then +# Make dpkg-reconfigure happy on debian systems. +if [ "$os" = "debian" ]; then require="$synapse_req" __file "$synapse_conf_dir/conf.d/server_name.yaml" \ --owner $synapse_user \ --source - <<- EOF diff --git a/type/__matrix_synapse/parameter/boolean b/type/__matrix_synapse/parameter/boolean index 1bd2dc7..7ff48de 100644 --- a/type/__matrix_synapse/parameter/boolean +++ b/type/__matrix_synapse/parameter/boolean @@ -17,5 +17,3 @@ user-directory-search-all-users enable-message-retention-policy worker-mode enable-url-preview -enable-3pid-lookups -enable-passwordconfig diff --git a/type/__matrix_synapse/parameter/default/enable-passwordconfig b/type/__matrix_synapse/parameter/default/enable-passwordconfig deleted file mode 100644 index 27ba77d..0000000 --- a/type/__matrix_synapse/parameter/default/enable-passwordconfig +++ /dev/null @@ -1 +0,0 @@ -true diff --git a/type/__matrix_synapse/parameter/default/sso-template-dir b/type/__matrix_synapse/parameter/default/sso-template-dir deleted file mode 100644 index b51bcdc..0000000 --- a/type/__matrix_synapse/parameter/default/sso-template-dir +++ /dev/null @@ -1 +0,0 @@ -res/template diff --git a/type/__matrix_synapse/parameter/optional b/type/__matrix_synapse/parameter/optional index 1786dd1..1378365 100644 --- a/type/__matrix_synapse/parameter/optional +++ b/type/__matrix_synapse/parameter/optional @@ -13,8 +13,6 @@ ldap-bind-password ldap-filter turn-shared-secret turn-user-lifetime -turn-username -turn-password max-upload-size smtp-host smtp-port @@ -36,9 +34,3 @@ background-tasks-worker tls-cert tls-private-key registration-shared-secret -saml2-idp-metadata-url -saml2-sp-key -saml2-sp-cert -default-identity-server -saml2-mapping-provider-module -sso-template-dir diff --git a/type/__matrix_synapse/parameter/optional_multiple b/type/__matrix_synapse/parameter/optional_multiple index dfd69cb..8871dd6 100644 --- a/type/__matrix_synapse/parameter/optional_multiple +++ b/type/__matrix_synapse/parameter/optional_multiple @@ -5,4 +5,3 @@ app-service-config-file extra-setting bind-address outbound-federation-worker -saml2-mapping-provider-extra-config diff --git a/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service b/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service index 6f89cd8..6352b00 100644 --- a/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service +++ b/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service @@ -15,7 +15,7 @@ NotifyAccess=main User=matrix-synapse WorkingDirectory=/var/lib/matrix-synapse EnvironmentFile=/etc/default/matrix-synapse -ExecStart=/opt/venvs/matrix-synapse/bin/python -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml +ExecStart=/usr/bin/python3 -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure RestartSec=3 diff --git a/type/__matterbridge/manifest b/type/__matterbridge/manifest index 2b5738b..ef02112 100755 --- a/type/__matterbridge/manifest +++ b/type/__matterbridge/manifest @@ -20,7 +20,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - debian|ubuntu) + debian) # This type assume systemd for service installation. ;; *) @@ -31,13 +31,11 @@ case "$os" in esac # Required parameters. -version=$(cat "$__object/parameter/version") +VERSION=$(cat "$__object/parameter/version") if [ -f "$__object/parameter/config" ]; then - config="$(cat "$__object/parameter/config")" - if [ "$config" = "-" ]; then - mkdir -p "$__object/files" - config="$__object/files/matterbridge.toml" - cat "$__object/stdin" > "$config" + CONFIG="$(cat "$__object/parameter/config")" + if [ "$CONFIG" = "-" ]; then + CONFIG=$(cat "$__object/stdin") fi fi @@ -48,11 +46,11 @@ export USER=matterbridge export GROUP=$USER # Internal variables. -artefact="matterbridge-$version-linux-64bit" +artefact="matterbridge-$VERSION-linux-64bit" checksum_file="checksums.txt" release_download_url=https://github.com/42wim/matterbridge/releases/download -binary_url="$release_download_url/v$version/$artefact" -checksum_file_url="$release_download_url/v$version/$checksum_file" +binary_url="$release_download_url/v$VERSION/$artefact" +checksum_file_url="$release_download_url/v$VERSION/$checksum_file" config_dir=$(dirname $CONFIG_PATH) systemd_unit_path='/etc/systemd/system/matterbridge.service' @@ -90,7 +88,7 @@ require="__user/$USER" __directory "$config_dir" \ require="__directory/$config_dir" __file "$CONFIG_PATH" \ --owner "$USER" \ --mode 0640 \ - --source "$config" + --source "$CONFIG" __file "$systemd_unit_path" \ --source "$__object/files/matterbridge.service" diff --git a/type/__nginx/man.rst b/type/__nginx/man.rst index c1827c0..71d47e7 100644 --- a/type/__nginx/man.rst +++ b/type/__nginx/man.rst @@ -28,16 +28,6 @@ uacme-hookscript Custom hook passed to the __uacme_obtain type: useful to integrate the dns-01 challenge with third-party DNS providers. -acme-url - ACMEv2 server directory object URL. Lets'Encrypt is used by default. - -acme-eab-credentials - Specify RFC8555 External Account Binding credentials according to - https://tools.ietf.org/html/rfc8555#section-7.3.4, in order to associate a new - ACME account with an existing account in a non-ACME system such as a CA - customer database. KEYID must be an ASCII string. KEY must be - base64url-encoded. - EXAMPLES -------- diff --git a/type/__nginx/manifest b/type/__nginx/manifest index cdd483a..b552319 100644 --- a/type/__nginx/manifest +++ b/type/__nginx/manifest @@ -36,20 +36,6 @@ then set_custom_uacme_hookscript="--hookscript $uacme_hookscript" fi -set_custom_acme_url= -if [ -f "${__object:?}/parameter/acme-url" ]; -then - custom_acme_url=$(cat "${__object:?}/parameter/acme-url") - set_custom_acme_url="--acme-url $custom_acme_url" -fi - -set_acme_eab_credentials= -if [ -f "${__object:?}/parameter/acme-eab-credentials" ]; -then - acme_eab_credentials=$(cat "${__object:?}/parameter/acme-eab-credentials") - set_acme_eab_credentials="--eab-credentials $acme_eab_credentials" -fi - # Deploy simple HTTP vhost, allowing to serve ACME challenges. __nginx_vhost "301-to-https-$domain" \ --domain "$domain" --altdomains "$altdomains" --to-https @@ -60,18 +46,12 @@ if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to") fi -# shellcheck disable=SC2086 -__uacme_account \ - $set_custom_acme_url \ - $set_acme_eab_credentials \ - +__uacme_account # shellcheck disable=SC2086 require="__nginx_vhost/301-to-https-$domain __uacme_account" \ __uacme_obtain "$domain" \ --altdomains "$altdomains" \ $set_custom_uacme_hookscript \ - $set_custom_acme_url \ - $set_acme_eab_credentials \ --owner "$cert_ownership" \ --install-key-to "$nginx_certdir/$domain/privkey.pem" \ --install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \ diff --git a/type/__nginx/parameter/optional b/type/__nginx/parameter/optional index 8d6fae6..1a5fb95 100644 --- a/type/__nginx/parameter/optional +++ b/type/__nginx/parameter/optional @@ -2,6 +2,4 @@ config domain altdomains uacme-hookscript -acme-url -acme-eab-credentials force-cert-ownership-to diff --git a/type/__uacme_account/gencode-remote b/type/__uacme_account/gencode-remote index b75d2d7..e1d9551 100644 --- a/type/__uacme_account/gencode-remote +++ b/type/__uacme_account/gencode-remote @@ -18,21 +18,6 @@ then admin_mail="$(cat "${__object:?}/parameter/admin-mail")"; fi -# Autoaccept ACME server terms (if any) upon new account creation. -uacme_opts="--yes" - -# Non-default ACMEv2 server directory object URL. -if [ -f "${__object:?}/parameter/acme-url" ]; then - custom_acme_url=$(cat "${__object:?}/parameter/acme-url") - uacme_opts="$uacme_opts --acme-url $custom_acme_url" -fi - -# Specify RFC8555 External Account Binding credentials. -if [ -f "${__object:?}/parameter/eab-credentials" ]; then - eab_credentials=$(cat "${__object:?}/parameter/eab-credentials") - uacme_opts="$uacme_opts --eab $eab_credentials" -fi - confdir="${default_confdir:?}" if [ -f "${__object:?}/parameter/confdir" ]; then @@ -42,6 +27,6 @@ fi cat << EOF if ! [ -f "${confdir}/private/key.pem" ]; then - uacme $uacme_opts new ${admin_mail} + uacme -y new ${admin_mail} fi EOF diff --git a/type/__uacme_account/man.rst b/type/__uacme_account/man.rst index c18bb40..be5efc6 100644 --- a/type/__uacme_account/man.rst +++ b/type/__uacme_account/man.rst @@ -23,16 +23,6 @@ confdir admin-mail Administrative contact email to register the account with. -acme-url - ACMEv2 server directory object URL. Lets'Encrypt is used by default. - -eab-credentials - Specify RFC8555 External Account Binding credentials according to - https://tools.ietf.org/html/rfc8555#section-7.3.4, in order to associate a new - ACME account with an existing account in a non-ACME system such as a CA - customer database. KEYID must be an ASCII string. KEY must be - base64url-encoded. This is parameter is not supported by uacme < 1.6. - EXAMPLES -------- @@ -53,7 +43,6 @@ SEE ALSO AUTHORS ------- Joachim Desroches -Timothée Floure COPYING ------- diff --git a/type/__uacme_account/parameter/optional b/type/__uacme_account/parameter/optional index dff247c..0eaba67 100644 --- a/type/__uacme_account/parameter/optional +++ b/type/__uacme_account/parameter/optional @@ -1,4 +1,2 @@ confdir admin-mail -acme-url -eab-credentials diff --git a/type/__uacme_obtain/files/renew.sh.sh b/type/__uacme_obtain/files/renew.sh.sh index dc82fd9..18bf061 100755 --- a/type/__uacme_obtain/files/renew.sh.sh +++ b/type/__uacme_obtain/files/renew.sh.sh @@ -7,8 +7,8 @@ UACME_CHALLENGE_PATH=${CHALLENGEDIR:?} export UACME_CHALLENGE_PATH # Issue certificate. -uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${ACME_URL?} \\ - ${EAB_CREDENTIALS?} ${MUST_STAPLE?} ${KEYTYPE?} issue -- ${DOMAIN:?} +uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${MUST_STAPLE?} ${KEYTYPE?} \\ + issue -- ${DOMAIN:?} # Note: exit code 0 means that certificate was issued. # Note: exit code 1 means that certificate was still valid, hence not renewed. diff --git a/type/__uacme_obtain/manifest b/type/__uacme_obtain/manifest index b41ddde..f41e881 100644 --- a/type/__uacme_obtain/manifest +++ b/type/__uacme_obtain/manifest @@ -69,22 +69,6 @@ then fi export MUST_STAPLE -# Non-default ACMEv2 server directory object URL. -ACME_URL= -if [ -f "${__object:?}/parameter/acme-url" ]; then - custom_acme_url=$(cat "${__object:?}/parameter/acme-url") - ACME_URL="--acme-url $custom_acme_url" -fi -export ACME_URL - -# Specify RFC8555 External Account Binding credentials. -EAB_CREDENTIALS= -if [ -f "${__object:?}/parameter/eab-credentials" ]; then - eab_credentials_param=$(cat "${__object:?}/parameter/eab-credentials") - EAB_CREDENTIALS="--eab $eab_credentials_param" -fi -export EAB_CREDENTIALS - OWNER=root if [ -f "${__object:?}/parameter/owner" ]; then diff --git a/type/__uacme_obtain/parameter/optional b/type/__uacme_obtain/parameter/optional index 9fa9846..fd721af 100644 --- a/type/__uacme_obtain/parameter/optional +++ b/type/__uacme_obtain/parameter/optional @@ -5,5 +5,3 @@ owner install-cert-to install-key-to renew-hook -acme-url -eab-credentials