kjg/cdist-contrib
1
0
Fork 0
forked from ungleich-public/cdist-contrib
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: kjg:master
Branches Tags
kjg:master
kjg:synapse-upstream-apt-repository
kjg:haproxy-dualstack
kjg:synapse-upstream-repository
kjg:root-mail-dma
ungleich-public:master
ungleich-public:opendkim-debian
ungleich-public:kjg_passwordconfig
ungleich-public:synapse-upstream-apt-repository
ungleich-public:haproxy-dualstack
ungleich-public:synapse-upstream-repository
ungleich-public:root-mail-dma
..
compare: kjg:haproxy-dualstack
Branches Tags
kjg:master
kjg:synapse-upstream-apt-repository
kjg:haproxy-dualstack
kjg:synapse-upstream-repository
kjg:root-mail-dma
ungleich-public:master
ungleich-public:opendkim-debian
ungleich-public:kjg_passwordconfig
ungleich-public:synapse-upstream-apt-repository
ungleich-public:haproxy-dualstack
ungleich-public:synapse-upstream-repository
ungleich-public:root-mail-dma

2 commits
master ... haproxy-du

Author SHA1 Message Date
Evilham
f9515def92 [__haproxy_dualstack] Improve manpage 2021-10-30 12:49:00 +02:00
Evilham
1d867f4778 [__haproxy_dualstack] New type with PROXY protocol support 
This is backwards compatible with what is already used internally @ungleich, but
adds on top of that the ability to customise ports and, most importantly, it
adds PROXY protocol support.
 2021-10-30 12:34:14 +02:00
48 changed files with 661 additions and 1376 deletions
Download patch file Download diff file Expand all files Collapse all files

13
type/__bird_ospf/man.rst
View file

@ -24,6 +24,12 @@ import
export export
The keyword or filter to decide what to export in the above channel. The keyword or filter to decide what to export in the above channel.
REQUIRED MULTIPLE PARAMETERS
----------------------------
interface
An interface to include in OSPF area 0.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
description description
@ -33,19 +39,12 @@ instance-id
An OSPF instance ID, allowing several OSPF instances to run on the same An OSPF instance ID, allowing several OSPF instances to run on the same
links. links.
extra-area-configuration
Configuration string added to the `area` section of the OSPF configuration.
OPTIONAL MULTIPLE PARAMETERS OPTIONAL MULTIPLE PARAMETERS
---------------------------- ----------------------------
stubnet stubnet
Add an optionless stubnet definition to the configuration. Add an optionless stubnet definition to the configuration.
interface
An interface to include in OSPF area 0. Is required unless
extra-area-configuration is set.
SEE ALSO SEE ALSO
-------- --------
cdist-type__bird_core(7) cdist-type__bird_core(7)

17
type/__bird_ospf/manifest
View file

@ -44,21 +44,6 @@ then
instance_id="$(cat "${__object:?}/parameter/instance-id")" instance_id="$(cat "${__object:?}/parameter/instance-id")"
fi fi
extra_area_configuration=
if [ -f "${__object:?}/parameter/extra-area-configuration" ];
then
extra_area_configuration="$(cat "${__object:?}/parameter/extra-area-configuration")"
if [ "$extra_area_configuration" = "-" ]; then
extra_area_configuration=$(cat "$__object/stdin")
fi
fi
if [ ! -f "${__object:?}/parameter/interface" ] && [ -z "$extra_area_configuration" ]; then
echo "Either --interface or --extra-area-configuration must be set." >&2
exit 1
fi
__file "${confdir:?}/ospf-${__object_id:?}.conf" \ __file "${confdir:?}/ospf-${__object_id:?}.conf" \
--mode 0640 --owner root --group bird \ --mode 0640 --owner root --group bird \
--source - << EOF --source - << EOF
@ -74,8 +59,6 @@ $([ -n "${instance_id?}" ] && printf "\tinstance id %s;\n" "${instance_id?}")
area 0 { area 0 {
$(sed -e 's/^/\t\tinterface "/' -e 's/$/";/' "${__object:?}/parameter/interface") $(sed -e 's/^/\t\tinterface "/' -e 's/$/";/' "${__object:?}/parameter/interface")
$(sed -e 's/^/\t\tsubnet /' -e 's/$/;/' "${__object:?}/parameter/subnet") $(sed -e 's/^/\t\tsubnet /' -e 's/$/;/' "${__object:?}/parameter/subnet")
$extra_area_configuration
}; };
} }
EOF EOF

1
type/__bird_ospf/parameter/optional
View file

@ -1,3 +1,2 @@
description description
instance-id instance-id
extra-area-configuration

1
type/__bird_ospf/parameter/optional_multiple
View file

@ -1,2 +1 @@
stubnet stubnet
interface

1
type/__bird_ospf/parameter/required_multiple Normal file
View file

@ -0,0 +1 @@
interface

3
type/__borg_repo/manifest
View file

@ -3,7 +3,7 @@
os="$(cat "${__global:?}"/explorer/os)" os="$(cat "${__global:?}"/explorer/os)"
case "$os" in case "$os" in
"alpine"|"ubuntu") "alpine")
borg_package=borgbackup borg_package=borgbackup
;; ;;
*) *)
@ -17,4 +17,3 @@ if [ -f "${__object:?}/parameter/owner" ];
then then
__package sudo __package sudo
fi fi

8
type/__haproxy_dualstack/files/http Normal file
View file

@ -0,0 +1,8 @@
frontend http
bind BIND@:80
mode http
option httplog
default_backend http
backend http
mode http

10
type/__haproxy_dualstack/files/https Normal file
View file

@ -0,0 +1,10 @@
frontend https
bind BIND@:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend https
backend https
mode tcp

12
type/__haproxy_dualstack/files/imaps Normal file
View file

@ -0,0 +1,12 @@
frontend imaps
bind BIND@:143
bind BIND@:993
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend imaps
backend imaps
mode tcp

12
type/__haproxy_dualstack/files/smtps Normal file
View file

@ -0,0 +1,12 @@
frontend smtps
bind BIND@:25
bind BIND@:465
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend smtps
backend smtps
mode tcp

121
type/__haproxy_dualstack/man.rst Normal file
View file

@ -0,0 +1,121 @@
cdist-type__haproxy_dualstack(7)
================================
NAME
----
cdist-type__haproxy_dualstack - Proxy services from a dual-stack server
DESCRIPTION
-----------
This (singleton) type installs and configures haproxy to act as a dual-stack
proxy for single-stack services.
This can be useful to add IPv4 support to IPv6-only services while only using
one IPv4 for many such services.
By default this type uses the plain TCP proxy mode, which means that there is no
need for TLS termination on this host when SNI is supported.
This also means that proxied services will not receive the client's IP address,
but will see the proxy's IP address instead (that of `$__target_host`).
This can be solved by using the PROXY protocol, but do take into account that,
e.g. nginx cannot serve both regular HTTP(S) and PROXY protocols on the same
port, so you will need to use other ports for that.
As a recommendation in this type: use TCP ports 8080 and 591 respectively to
serve HTTP and HTTPS using the PROXY protocol.
See the EXAMPLES for more details.
OPTIONAL PARAMETERS
-------------------
v4proxy
Proxy incoming IPv4 connections to the equivalent IPv6 endpoint.
In its simplest use, it must be a NAME with an `AAAA` DNS entry, which is
the IP address actually providing the proxied services.
The full format of this argument is:
`[proxy:]NAME[[:PROTOCOL_1=PORT_1]...[:PROTOCOL_N=PORT_N]]`
Where starting with `proxy:` determines that the PROXY protocol must be
used and each `:PROTOCOL=PORT` (e.g. `:http=8080` or `:https=591`) is a PORT
override for the given PROTOCOL (see `--protocol`), if not present the
PROTOCOL's default port will be used.
v6proxy
Proxy incoming IPv6 connections to the equivalent IPv4 endpoint.
In its simplest use, it must be a NAME with an `A` DNS entry, which is
the IP address actually providing the proxied services.
See `--v4proxy` for more options and details.
protocol
Can be passed multiple times or as a space-separated list of protocols.
Currently supported protocols are: `http`, `https`, `imaps`, `smtps`.
This defaults to: `http https imaps smtps`.
EXAMPLES
--------
.. code-block:: sh
# Proxy the IPv6-only services so IPv4-only clients can access them
# This uses HAProxy's TCP mode for http, https, imaps and smtps
__haproxy_dualstack \
--v4proxy ipv6.chat \
--v4proxy matrix.ungleich.ch
# Proxy the IPv6-only HTTP(S) services so IPv4-only clients can access them
# Note this means that the backend IPv6-only server will only see
# the IPv6 address of the haproxy host managed by cdist, which can be
# troublesome if this information is relevant for analytics/security/...
# See the PROXY example below
__haproxy_dualstack \
--protocol http --protocol https \
--v4proxy ipv6.chat \
--v4proxy matrix.ungleich.ch
# Use the PROXY protocol to proxy the IPv6-only HTTP(S) services enabling
# IPv4-only clients to access them while maintaining the client's IP address
__haproxy_dualstack \
--protocol http --protocol https \
--v4proxy proxy:ipv6.chat:http=8080:https=591 \
--v4proxy proxy:matrix.ungleich.ch:http=8080:https=591
# Note however that the PROXY protocol is not compatible with regular
# HTTP(S) protocols, so your nginx will have to listen on different ports
# with the PROXY settings.
# Note that you will need to restrict access to the 8080 port to prevent
# Client IP spoofing.
# This can be something like:
# server {
# # listen for regular HTTP connections
# listen [::]:80 default_server;
# listen 80 default_server;
# # listen for PROXY HTTP connections
# listen [::]:8080 proxy_protocol;
# # Accept the Client's IP from the PROXY protocol
# real_ip_header proxy_protocol;
# }
SEE ALSO
--------
- https://www.haproxy.com/blog/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/
- https://www.haproxy.com/blog/haproxy/proxy-protocol/
- https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
AUTHORS
-------
ungleich <foss--@--ungleich.ch>
Evilham <cvs--@--evilham.com>
COPYING
-------
Copyright \(C) 2021 ungleich glarus ag. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

155
type/__haproxy_dualstack/manifest Normal file
View file

@ -0,0 +1,155 @@
#!/bin/sh -eu
__package haproxy
require="__package/haproxy" __start_on_boot haproxy
tmpdir="$__object/files"
mkdir "$tmpdir"
configtmp="$__object/files/haproxy.cfg"
os=$(cat "$__global/explorer/os")
case $os in
freebsd)
CONFIG_FILE="/usr/local/etc/haproxy.conf"
cat <<EOF > "$configtmp"
global
maxconn 4000
user nobody
group nogroup
daemon
EOF
;;
*)
CONFIG_FILE="/etc/haproxy/haproxy.cfg"
cat <<EOF > "$configtmp"
global
log [::1] local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
EOF
;;
esac
cat <<EOF >> "$configtmp"
defaults
retries 3
log global
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
EOF
dig_cmd="$(command -v dig || true)"
get_ip() {
# Usage: get_ip (ipv4|ipv6) NAME
# uses "dig" if available, else fallback to "host"
case $1 in
ipv4)
if [ -n "${dig_cmd}" ]; then
${dig_cmd} +short A "$2"
else
host -t A "$2" | cut -d ' ' -f 4 | grep -v 'found:'
fi
;;
ipv6)
if [ -n "${dig_cmd}" ]; then
${dig_cmd} +short AAAA "$2"
else
host -t AAAA "$2" | cut -d ' ' -f 5 | grep -v 'NXDOMAIN'
fi
;;
esac
}
PROTOCOLS="$(cat "$__object/parameter/protocol")"
for proxy in v4proxy v6proxy; do
param=$__object/parameter/$proxy
# no backend? skip generating code
if [ ! -f "$param" ]; then
continue
fi
# turn backend name into bind parameter: v4backend -> ipv4@
bind=$(echo $proxy | sed -e 's/^/ip/' -e 's/proxy//')
case $bind in
ipv4)
backendproto=ipv6
;;
ipv6)
backendproto=ipv4
;;
esac
for proto in ${PROTOCOLS}; do
# Add protocol "header"
printf "\n# %s %s \n" "${bind}" "${proto}" >> "$configtmp"
sed -e "s/BIND/$bind/" \
-e "s/\(frontend[[:space:]].*\)/\1$bind/" \
-e "s/\(backend[[:space:]].*\)/\\1$bind/" \
"$__type/files/$proto" >> "$configtmp"
while read -r hostdefinition; do
if echo "$hostdefinition" | grep -qE '^proxy:'; then
# Proxy protocol was requested
host="$(echo "$hostdefinition" | sed -E 's/^proxy:([^:]+).*$/\1/')"
send_proxy=" send-proxy"
else
# Just use tcp proxy mode
host="$hostdefinition"
send_proxy=""
fi
if echo "$hostdefinition" | grep -qE ":${proto}="; then
# Use custom port definition if requested
port="$(echo "$hostdefinition" | sed -E "s/^(.*:)?${proto}=([0-9]+).*$/:\2/")"
else
# Else use the default
port=""
fi
servername=$host
res=$(get_ip "$bind" "$servername")
if [ -z "$res" ]; then
echo "$servername does not resolve - aborting config" >&2
exit 1
fi
# Treat protocols without TLS+SNI specially
if [ "$proto" = http ]; then
echo " use-server $servername if { hdr(host) -i $host }" >> "$configtmp"
else
echo " use-server $servername if { req_ssl_sni -i $host }" >> "$configtmp"
fi
# Create the "server" itself.
# Note that port and send_proxy will be empty unless
# they were requested by the type user
echo " server $servername ${backendproto}@${host}${port}${send_proxy}" >> "$configtmp"
done < "$param"
done
done
# Create config file
require="__package/haproxy" __file ${CONFIG_FILE} --source "$configtmp" --mode 0644
require="__file${CONFIG_FILE}" __check_messages "haproxy_reload" \
--pattern "^__file${CONFIG_FILE}" \
--execute "service haproxy reload || service haproxy restart"

1
type/__haproxy_dualstack/parameter/default/protocol Normal file
View file

@ -0,0 +1 @@
http https imaps smtps

3
type/__haproxy_dualstack/parameter/optional_multiple Normal file
View file

@ -0,0 +1,3 @@
protocol
v4proxy
v6proxy

0
type/__matrix_element/parameter/default/identity_server → type/__haproxy_dualstack/singleton
View file

5
type/__jitsi_meet/manifest
View file

@ -125,10 +125,7 @@ require="__directory${NGINX_ETC}/sites-available" __file "${NGINX_ETC}/sites-ava
server_names_hash_bucket_size 64; server_names_hash_bucket_size 64;
types { # nginx server configuration for:
# nginx's default mime.types doesn't include a mapping for wasm
application/wasm wasm;
}
server { server {

30
type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh
View file

@ -1,30 +0,0 @@
#!/bin/sh -eu
# This is a helper to update the '.sh.orig' files for jitsi's
# configuration files.
# Then the changes must be propagated to their corresponding .sh
# files by the type maintainer or a contributor
# We could automate this, but are using it as an indicator for the
# latest branch with which we conciliated changes.
BRANCH="jitsi-meet_6726"
REPO="https://github.com/jitsi/jitsi-meet"
get_url() {
file="${1}"
printf "%s/raw/stable/%s/%s" "${REPO}" "${BRANCH}" "${file}"
}
download_file() {
file="${1}"
destination="${2:-${file}.sh.orig}"
url="$(get_url "${file}")"
echo "Downloading ${destination}"
curl -L "${url}" > "${destination}"
echo
}
download_file config.js
download_file interface_config.js
download_file doc/debian/jitsi-meet/jitsi-meet.example nginx.sh.orig

441
type/__jitsi_meet_domain/files/config.js.sh
View file

@ -39,6 +39,9 @@ fi
// Websocket URL // Websocket URL
// websocket: 'wss://${JITSI_HOST}/xmpp-websocket', // websocket: 'wss://${JITSI_HOST}/xmpp-websocket',
// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',
// The real JID of focus participant - can be overridden here // The real JID of focus participant - can be overridden here
// Do not change username - FIXME: Make focus username configurable // Do not change username - FIXME: Make focus username configurable
// https://github.com/jitsi/jitsi-meet/issues/7376 // https://github.com/jitsi/jitsi-meet/issues/7376
@ -53,16 +56,9 @@ fi
// issues related to insertable streams. // issues related to insertable streams.
// disableE2EE: false, // disableE2EE: false,
// Enables/disables thumbnail reordering in the filmstrip. It is enabled by default unless explicitly
// disabled by the below option.
// enableThumbnailReordering: true,
// Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users.
// mobileXmppWsThreshold: 10 // enable XMPP WebSockets on mobile for 10% of the users
// P2P test mode disables automatic switching to P2P when there are 2 // P2P test mode disables automatic switching to P2P when there are 2
// participants in the conference. // participants in the conference.
// p2pTestMode: false, p2pTestMode: false
// Enables the test specific features consumed by jitsi-meet-torture // Enables the test specific features consumed by jitsi-meet-torture
// testMode: false // testMode: false
@ -75,10 +71,8 @@ fi
// simulcast is turned off for the desktop share. If presenter is turned // simulcast is turned off for the desktop share. If presenter is turned
// on while screensharing is in progress, the max bitrate is automatically // on while screensharing is in progress, the max bitrate is automatically
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
// the probability for this to be enabled. This setting has been deprecated. // the probability for this to be enabled.
// desktopSharingFrameRate.max now determines whether simulcast will be enabled // capScreenshareBitrate: 1 // 0 to disable
// or disabled for the screenshare.
// capScreenshareBitrate: 1 // 0 to disable - deprecated.
// Enable callstats only for a percentage of users. // Enable callstats only for a percentage of users.
// This takes a value between 0 and 100 which determines the probability for // This takes a value between 0 and 100 which determines the probability for
@ -86,18 +80,6 @@ fi
// callStatsThreshold: 5 // enable callstats for 5% of the users. // callStatsThreshold: 5 // enable callstats for 5% of the users.
}, },
// Disables moderator indicators.
// disableModeratorIndicator: false,
// Disables the reactions feature.
// disableReactions: true,
// Disables polls feature.
// disablePolls: false,
// Disables self-view tile. (hides it from tile view and from filmstrip)
// disableSelfView: false,
// Disables ICE/UDP by filtering out local and remote UDP candidates in // Disables ICE/UDP by filtering out local and remote UDP candidates in
// signalling. // signalling.
// webrtcIceUdpDisable: false, // webrtcIceUdpDisable: false,
@ -110,9 +92,6 @@ fi
// Media // Media
// //
// Enable unified plan implementation support on Chromium based browsers.
// enableUnifiedOnChrome: false,
// Audio // Audio
// Disable measuring of audio levels. // Disable measuring of audio levels.
@ -129,10 +108,6 @@ fi
// about the call. // about the call.
// enableSaveLogs: false, // enableSaveLogs: false,
// Enabling this will hide the "Show More" link in the GSM popover that can be
// used to display more statistics about the connection (IP, Port, protocol, etc).
// disableShowMoreStats: true,
// Enabling this will run the lib-jitsi-meet noise detection module which will // Enabling this will run the lib-jitsi-meet noise detection module which will
// notify the user if there is noise, other than voice, coming from the current // notify the user if there is noise, other than voice, coming from the current
// selected microphone. The purpose it to let the user know that the input could // selected microphone. The purpose it to let the user know that the input could
@ -154,34 +129,19 @@ fi
// participants and to enable it back a reload is needed. // participants and to enable it back a reload is needed.
// startSilent: false // startSilent: false
// Sets the preferred target bitrate for the Opus audio codec by setting its
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
// Valid values are in the range 6000 to 510000
// opusMaxAverageBitrate: 20000,
// Enables support for opus-red (redundancy for Opus). // Enables support for opus-red (redundancy for Opus).
// enableOpusRed: false, // enableOpusRed: false,
// Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio.
// Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC.
// audioQuality: {
// stereo: false,
// opusMaxAverageBitrate: null // Value to fit the 6000 to 510000 range.
// },
// Video // Video
// Sets the preferred resolution (height) for local video. Defaults to 720. // Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720, // resolution: 720,
// Specifies whether the raised hand will hide when someone becomes a dominant speaker or not
// disableRemoveRaisedHandOnFocus: false,
// Specifies whether there will be a search field in speaker stats or not
// disableSpeakerStatsSearch: false,
// Specifies whether participants in speaker stats should be ordered or not, and with what priority
// speakerStatsOrder: [
// 'role', <- Moderators on top
// 'name', <- Alphabetically by name
// 'hasLeft', <- The ones that have left in the bottom
// ] <- the order of the array elements determines priority
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
// Use -1 to disable. // Use -1 to disable.
// maxFullResolutionParticipants: 2, // maxFullResolutionParticipants: 2,
@ -205,10 +165,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Enable / disable simulcast support. // Enable / disable simulcast support.
// disableSimulcast: false, // disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended // Enable / disable layer suspension. If enabled, endpoints whose HD
// (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen // layers are not in use will be suspended (no longer sent) until they
// sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent // are requested again.
// by the client.
// enableLayerSuspension: false, // enableLayerSuspension: false,
// Every participant after the Nth will start video muted. // Every participant after the Nth will start video muted.
@ -270,18 +229,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// subtitles and buttons can be configured) // subtitles and buttons can be configured)
// transcribingEnabled: false, // transcribingEnabled: false,
// If true transcriber will use the application language.
// The application language is either explicitly set by participants in their settings or automatically
// detected based on the environment, e.g. if the app is opened in a chrome instance which is using french as its
// default language then transcriptions for that participant will be in french.
// Defaults to true.
// transcribeWithAppLanguage: true,
// Transcriber language. This settings will only work if "transcribeWithAppLanguage" is explicitly set to false.
// Available languages can be found in
// ./src/react/features/transcribing/transcriber-langs.json.
// preferredTranscribeLanguage: 'en-US',
// Enables automatic turning on captions when recording is started // Enables automatic turning on captions when recording is started
// autoCaptionOnRecord: false, // autoCaptionOnRecord: false,
@ -290,20 +237,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Default value for the channel "last N" attribute. -1 for unlimited. // Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: ${CHANNEL_LAST_N}, channelLastN: ${CHANNEL_LAST_N},
// Connection indicators
// connectionIndicators: {
// autoHide: true,
// autoHideTimeout: 5000,
// disabled: false,
// disableDetails: false,
// inactiveDisabled: false
// },
// Provides a way for the lastN value to be controlled through the UI.
// When startLastN is present, conference starts with a last-n value of startLastN and channelLastN
// value will be used when the quality level is selected using "Manage Video Quality" slider.
// startLastN: 1,
// Provides a way to use different "last N" values based on the number of participants in the conference. // Provides a way to use different "last N" values based on the number of participants in the conference.
// The keys in an Object represent number of participants and the values are "last N" to be used when number of // The keys in an Object represent number of participants and the values are "last N" to be used when number of
// participants gets to or above the number. // participants gets to or above the number.
@ -341,24 +274,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// // to take effect. // // to take effect.
// preferredCodec: 'VP8', // preferredCodec: 'VP8',
// //
// // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints
// // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet.
// // This will result in Safari not being able to decode video from endpoints sending VP9 video.
// // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the
// // preferred codec and goes back to the preferred codec when that endpoint leaves.
// // enforcePreferredCodec: false,
//
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here. // // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
// // This is currently not implemented on app based clients on mobile. // // This is currently not implemented on app based clients on mobile.
// maxBitratesVideo: { // maxBitratesVideo: {
// H264: {
// low: 200000,
// standard: 500000,
// high: 1500000
// },
// VP8 : { // VP8 : {
// low: 200000, // low: 200000,
// standard: 500000, // standard: 500000,
@ -391,13 +312,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// resizeDesktopForPresenter: false // resizeDesktopForPresenter: false
// }, // },
// Notification timeouts
// notificationTimeouts: {
// short: 2500,
// medium: 5000,
// long: 10000
// },
// // Options for the recording limit notification. // // Options for the recording limit notification.
// recordingLimit: { // recordingLimit: {
// //
@ -416,9 +330,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Disables or enables RTX (RFC 4588) (defaults to false). // Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false, // disableRtx: false,
// Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event.
// disableBeforeUnloadHandlers: true,
// Disables or enables TCC support in this client (default: enabled). // Disables or enables TCC support in this client (default: enabled).
// enableTcc: true, // enableTcc: true,
@ -434,7 +345,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// enableIceRestart: false, // enableIceRestart: false,
// Enables forced reload of the client when the call is migrated as a result of // Enables forced reload of the client when the call is migrated as a result of
// the bridge going down. // the bridge going down. Currently enabled by default as call migration through
// session-terminate is causing siganling issues when Octo is enabled.
// enableForcedReload: true, // enableForcedReload: true,
// Use TURN/UDP servers for the jitsi-videobridge connection (by default // Use TURN/UDP servers for the jitsi-videobridge connection (by default
@ -442,11 +354,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// bridge itself is reachable via UDP) // bridge itself is reachable via UDP)
// useTurnUdp: false // useTurnUdp: false
// Enable support for encoded transform in supported browsers. This allows
// E2EE to work in Safari if the corresponding flag is enabled in the browser.
// Experimental.
// enableEncodedTransformSupport: false,
// UI // UI
// //
@ -456,12 +363,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Hides lobby button // Hides lobby button
// hideLobbyButton: false, // hideLobbyButton: false,
// If Lobby is enabled starts knocking automatically.
// autoKnockLobby: false,
// Hides add breakout room button
// hideAddRoomButton: false,
// Require users to always specify a display name. // Require users to always specify a display name.
// requireDisplayName: true, // requireDisplayName: true,
@ -481,15 +382,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// enableClosePage: false, // enableClosePage: false,
// Disable hiding of remote thumbnails when in a 1-on-1 conference call. // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// Setting this to null, will also disable showing the remote videos // disable1On1Mode: false,
// when the toolbar is shown on mouse movements
// disable1On1Mode: null | false | true,
// Default local name to be displayed
// defaultLocalDisplayName: 'me',
// Default remote name to be displayed
// defaultRemoteDisplayName: 'Fellow Jitster',
// Default language for the user interface. // Default language for the user interface.
defaultLanguage: '${DEFAULT_LANGUAGE}', defaultLanguage: '${DEFAULT_LANGUAGE}',
@ -512,18 +405,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// and microsoftApiApplicationClientID // and microsoftApiApplicationClientID
// enableCalendarIntegration: false, // enableCalendarIntegration: false,
// Configs for prejoin page. // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// prejoinConfig: { // prejoinPageEnabled: false,
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// // This replaces \`prejoinPageEnabled\`.
// enabled: true,
// // List of buttons to hide from the extra join options dropdown.
// hideExtraJoinButtons: ['no-audio', 'by-phone']
// },
// When 'true', the user cannot edit the display name.
// (Mainly useful when used in conjuction with the JWT so the JWT name becomes read only.)
// readOnlyName: false,
// If etherpad integration is enabled, setting this to true will // If etherpad integration is enabled, setting this to true will
// automatically open the etherpad when a participant joins. This // automatically open the etherpad when a participant joins. This
@ -544,10 +427,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Base URL for a Gravatar-compatible service. Defaults to libravatar. // Base URL for a Gravatar-compatible service. Defaults to libravatar.
// gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/',
// App name to be displayed in the invitation email subject, as an alternative to
// interfaceConfig.APP_NAME.
// inviteAppName: null,
// Moved from interfaceConfig(TOOLBAR_BUTTONS). // Moved from interfaceConfig(TOOLBAR_BUTTONS).
// The name of the toolbar buttons to display in the toolbar, including the // The name of the toolbar buttons to display in the toolbar, including the
// "More actions" menu. If present, the button will display. Exceptions are // "More actions" menu. If present, the button will display. Exceptions are
@ -560,94 +439,13 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// - 'desktop' controls the "Share your screen" button // - 'desktop' controls the "Share your screen" button
// - if \`toolbarButtons\` is undefined, we fallback to enabling all buttons on the UI // - if \`toolbarButtons\` is undefined, we fallback to enabling all buttons on the UI
// toolbarButtons: [ // toolbarButtons: [
// 'camera', // 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen',
// 'chat', // 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording',
// 'closedcaptions', // 'livestreaming', 'etherpad', 'sharedvideo', 'shareaudio', 'settings', 'raisehand',
// 'desktop', // 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
// 'download', // 'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'
// 'embedmeeting',
// 'etherpad',
// 'feedback',
// 'filmstrip',
// 'fullscreen',
// 'hangup',
// 'help',
// 'invite',
// 'livestreaming',
// 'microphone',
// 'mute-everyone',
// 'mute-video-everyone',
// 'participants-pane',
// 'profile',
// 'raisehand',
// 'recording',
// 'security',
// 'select-background',
// 'settings',
// 'shareaudio',
// 'sharedvideo',
// 'shortcuts',
// 'stats',
// 'tileview',
// 'toggle-camera',
// 'videoquality',
// '__end'
// ], // ],
// Holds values related to toolbar visibility control.
// toolbarConfig: {
// // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT
// // The initial numer of miliseconds for the toolbar buttons to be visible on screen.
// initialTimeout: 20000,
// // Moved from interfaceConfig.TOOLBAR_TIMEOUT
// // Number of miliseconds for the toolbar buttons to be visible on screen.
// timeout: 4000,
// // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
// // Whether toolbar should be always visible or should hide after x miliseconds.
// alwaysVisible: false
// },
// Toolbar buttons which have their click event exposed through the API on
// \`toolbarButtonClicked\` event instead of executing the normal click routine.
// buttonsWithNotifyClick: [
// 'camera',
// 'chat',
// 'closedcaptions',
// 'desktop',
// 'download',
// 'embedmeeting',
// 'etherpad',
// 'feedback',
// 'filmstrip',
// 'fullscreen',
// 'hangup',
// 'help',
// 'invite',
// 'livestreaming',
// 'microphone',
// 'mute-everyone',
// 'mute-video-everyone',
// 'participants-pane',
// 'profile',
// 'raisehand',
// 'recording',
// 'security',
// 'select-background',
// 'settings',
// 'shareaudio',
// 'sharedvideo',
// 'shortcuts',
// 'stats',
// 'tileview',
// 'toggle-camera',
// 'videoquality',
// '__end'
// ],
// List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons:
// 'microphone', 'camera', 'select-background', 'invite', 'settings'
// hiddenPremeetingButtons: [],
// Stats // Stats
// //
@ -665,37 +463,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// callStatsID: '', // callStatsID: '',
// callStatsSecret: '', // callStatsSecret: '',
// The callstats initialize config params as described in the API:
// https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret
// callStatsConfigParams: {
// disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter.
// applicationVersion: "app_version", // Application version specified by the developer.
// disablePrecalltest: true, // disables the pre-call test, it is enabled by default.
// siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made.
// additionalIDs: { // additionalIDs object, contains application related IDs.
// customerID: "Customer Identifier. Example, walmart.",
// tenantID: "Tenant Identifier. Example, monster.",
// productName: "Product Name. Example, Jitsi.",
// meetingsName: "Meeting Name. Example, Jitsi loves callstats.",
// serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.",
// pbxID: "PBX Identifier. Example, walmart.",
// pbxExtensionID: "PBX Extension Identifier. Example, 5625.",
// fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.",
// sessionID: "Session Identifier. Example, session-12-34"
// },
// collectLegacyStats: true, //enables the collection of legacy stats in chrome browser
// collectIP: true //enables the collection localIP address
// },
// Enables sending participants' display names to callstats // Enables sending participants' display names to callstats
// enableDisplayNameInStats: false, // enableDisplayNameInStats: false,
// Enables sending participants' emails (if available) to callstats and other analytics // Enables sending participants' emails (if available) to callstats and other analytics
// enableEmailInStats: false, // enableEmailInStats: false,
// Enables detecting faces of participants and get their expression and send it to other participants
// enableFacialRecognition: true,
// Controls the percentage of automatic feedback shown to participants when callstats is enabled. // Controls the percentage of automatic feedback shown to participants when callstats is enabled.
// The default value is 100%. If set to 0, no automatic feedback will be requested // The default value is 100%. If set to 0, no automatic feedback will be requested
// feedbackPercentage: 100, // feedbackPercentage: 100,
@ -721,8 +494,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// connection. // connection.
enabled: true, enabled: true,
// Enable unified plan implementation support on Chromium for p2p connection. // The STUN servers that will be used in the peer to peer connections
// enableUnifiedOnChrome: false, stunServers: [
{ urls: 'stun:${TURN_SERVER}:443' }
]
// Sets the ICE transport policy for the p2p connection. At the time // Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay', // of this writing the list of possible values are 'all' and 'relay',
@ -749,20 +525,10 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// How long we're going to wait, before going back to P2P after the 3rd // How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload). // participant has left the conference (to filter out page reload).
// backToP2PDelay: 5, // backToP2PDelay: 5
// The STUN servers that will be used in the peer to peer connections
stunServers: [
// { urls: 'stun:jitsi-meet.example.com:3478' },
{ urls: 'stun:${TURN_SERVER}:443' }
]
}, },
analytics: { analytics: {
// True if the analytics should be disabled
// disabled: false,
// The Google Analytics Tracking ID: // The Google Analytics Tracking ID:
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
@ -778,7 +544,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// module connects to the provided rtcstatsEndpoint and sends statistics regarding // module connects to the provided rtcstatsEndpoint and sends statistics regarding
// PeerConnection states along with getStats metrics polled at the specified // PeerConnection states along with getStats metrics polled at the specified
// interval. // interval.
// rtcstatsEnabled: false, // rtcstatsEnabled: true,
// In order to enable rtcstats one needs to provide a endpoint url. // In order to enable rtcstats one needs to provide a endpoint url.
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
@ -806,43 +572,13 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// userRegion: "asia" // userRegion: "asia"
}, },
// Array<string> of disabled sounds.
// Possible values:
// - 'ASKED_TO_UNMUTE_SOUND'
// - 'E2EE_OFF_SOUND'
// - 'E2EE_ON_SOUND'
// - 'INCOMING_MSG_SOUND'
// - 'KNOCKING_PARTICIPANT_SOUND'
// - 'LIVE_STREAMING_OFF_SOUND'
// - 'LIVE_STREAMING_ON_SOUND'
// - 'NO_AUDIO_SIGNAL_SOUND'
// - 'NOISY_AUDIO_INPUT_SOUND'
// - 'OUTGOING_CALL_EXPIRED_SOUND'
// - 'OUTGOING_CALL_REJECTED_SOUND'
// - 'OUTGOING_CALL_RINGING_SOUND'
// - 'OUTGOING_CALL_START_SOUND'
// - 'PARTICIPANT_JOINED_SOUND'
// - 'PARTICIPANT_LEFT_SOUND'
// - 'RAISE_HAND_SOUND'
// - 'REACTION_SOUND'
// - 'RECORDING_OFF_SOUND'
// - 'RECORDING_ON_SOUND'
// - 'TALK_WHILE_MUTED_SOUND'
// disabledSounds: [],
// DEPRECATED! Use \`disabledSounds\` instead.
// Decides whether the start/stop recording audio notifications should play on record. // Decides whether the start/stop recording audio notifications should play on record.
// disableRecordAudioNotification: false, // disableRecordAudioNotification: false,
// DEPRECATED! Use \`disabledSounds\` instead.
// Disables the sounds that play when other participants join or leave the // Disables the sounds that play when other participants join or leave the
// conference (if set to true, these sounds will not be played). // conference (if set to true, these sounds will not be played).
// disableJoinLeaveSounds: false, // disableJoinLeaveSounds: false,
// DEPRECATED! Use \`disabledSounds\` instead.
// Disables the sounds that play when a chat message is received.
// disableIncomingMessageSound: false,
// Information for the chrome extension banner // Information for the chrome extension banner
// chromeExtensionBanner: { // chromeExtensionBanner: {
// // The chrome extension to be installed address // // The chrome extension to be installed address
@ -863,8 +599,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// localRecording: { // localRecording: {
// Enables local recording. // Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to // Additionally, 'localrecording' (all lowercase) needs to be added to
// the \`toolbarButtons\`-array for the Local Recording button to show up // TOOLBAR_BUTTONS in interface_config.js for the Local Recording
// on the toolbar. // button to show up on the toolbar.
// //
// enabled: true, // enabled: true,
// //
@ -873,10 +609,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// format: 'flac' // format: 'flac'
// //
// },
// e2ee: {
// labels,
// externallyManagedKey: false
// }, // },
// Options related to end-to-end (participant to participant) ping. // Options related to end-to-end (participant to participant) ping.
@ -931,9 +663,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Options related to the remote participant menu. // Options related to the remote participant menu.
// remoteVideoMenu: { // remoteVideoMenu: {
// // If set to true the 'Kick out' button will be disabled. // // If set to true the 'Kick out' button will be disabled.
// disableKick: true, // disableKick: true
// // If set to true the 'Grant moderator' button will be disabled.
// disableGrantModerator: true
// }, // },
// If set to true all muting operations of remote participants will be disabled. // If set to true all muting operations of remote participants will be disabled.
@ -945,11 +675,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
/** /**
External API url used to receive branding specific information. External API url used to receive branding specific information.
If there is no url set or there are missing fields, the defaults are applied. If there is no url set or there are missing fields, the defaults are applied.
The config file should be in JSON.
None of the fields are mandatory and the response must have the shape: None of the fields are mandatory and the response must have the shape:
{ {
// The domain url to apply (will replace the domain in the sharing conference link/embed section)
inviteDomain: 'example-company.org,
// The hex value for the colour used as background // The hex value for the colour used as background
backgroundColor: '#fff', backgroundColor: '#fff',
// The url for the image used as background // The url for the image used as background
@ -957,55 +684,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// The anchor url used when clicking the logo image // The anchor url used when clicking the logo image
logoClickUrl: 'https://example-company.org', logoClickUrl: 'https://example-company.org',
// The url used for the image used as logo // The url used for the image used as logo
logoImageUrl: 'https://example.com/logo-img.png', logoImageUrl: 'https://example.com/logo-img.png'
// Overwrite for pool of background images for avatars
avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'],
// The lobby/prejoin screen background
premeetingBackground: 'url(https://example.com/premeeting-background.png)',
// A list of images that can be used as video backgrounds.
// When this field is present, the default images will be replaced with those provided.
virtualBackgrounds: ['https://example.com/img.jpg'],
// Object containing a theme's properties. It also supports partial overwrites of the main theme.
// For a list of all possible theme tokens and their current defaults, please check:
// https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json
// For a short explanations on each of the tokens, please check:
// https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.js
// IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code
// or they are partially applied.
customTheme: {
palette: {
ui01: "orange !important",
ui02: "maroon",
surface02: 'darkgreen',
ui03: "violet",
ui04: "magenta",
ui05: "blueviolet",
field02Hover: 'red',
action01: 'green',
action01Hover: 'lightgreen',
action02Disabled: 'beige',
success02: 'cadetblue',
action02Hover: 'aliceblue'
},
typography: {
labelRegular: {
fontSize: 25,
lineHeight: 30,
fontWeight: 500
}
}
}
} }
*/ */
dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}", dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}",
// When true the user cannot add more images to be used as virtual background.
// Only the default ones from will be available.
// disableAddingBackgroundImages: false,
// Disables using screensharing as virtual background.
// disableScreensharingVirtualBackground: false,
// Sets the background transparency level. '0' is fully transparent, '1' is opaque. // Sets the background transparency level. '0' is fully transparent, '1' is opaque.
// backgroundAlpha: 1, // backgroundAlpha: 1,
@ -1017,35 +700,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// If true, tile view will not be enabled automatically when the participants count threshold is reached. // If true, tile view will not be enabled automatically when the participants count threshold is reached.
// disableTileView: true, // disableTileView: true,
// If true, the tiles will be displayed contained within the available space rather than enlarged to cover it.
// disableTileEnlargement: true,
// Controls the visibility and behavior of the top header conference info labels.
// If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
// conferenceInfo: {
// // those labels will not be hidden in tandem with the toolbox.
// alwaysVisible: ['recording', 'local-recording'],
// // those labels will be auto-hidden in tandem with the toolbox buttons.
// autoHide: [
// 'subject',
// 'conference-timer',
// 'participants-count',
// 'e2ee',
// 'transcribing',
// 'video-quality',
// 'insecure-room'
// ]
// },
// Hides the conference subject // Hides the conference subject
// hideConferenceSubject: true, // hideConferenceSubject: true,
// Hides the conference timer. // Hides the conference timer.
// hideConferenceTimer: true, // hideConferenceTimer: true,
// Hides the recording label
// hideRecordingLabel: false,
// Hides the participants stats // Hides the participants stats
// hideParticipantsStats: true, // hideParticipantsStats: true,
@ -1057,13 +717,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// is not persisting the local storage inside the iframe. // is not persisting the local storage inside the iframe.
// useHostPageLocalStorage: true, // useHostPageLocalStorage: true,
// etherpad ("shared document") integration.
//
// If set, add a "Open shared document" link to the bottom right menu that
// will open an etherpad document.
// etherpad_base: 'https://your-etherpad-installati.on/p/',
// List of undocumented settings used in jitsi-meet // List of undocumented settings used in jitsi-meet
/** /**
_immediateReloadThreshold _immediateReloadThreshold
@ -1076,8 +729,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
dialOutCodesUrl dialOutCodesUrl
disableRemoteControl disableRemoteControl
displayJids displayJids
etherpad_base
externalConnectUrl externalConnectUrl
e2eeLabels
firefox_fake_device firefox_fake_device
googleApiApplicationClientID googleApiApplicationClientID
iAmRecorder iAmRecorder
@ -1119,11 +772,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
websocketKeepAliveUrl websocketKeepAliveUrl
*/ */
/**
* Default interval (milliseconds) for triggering mouseMoved iframe API event
*/
mouseMoveCallbackInterval: 1000,
/** /**
Use this array to configure which notifications will be shown to the user Use this array to configure which notifications will be shown to the user
The items correspond to the title or description key of that notification The items correspond to the title or description key of that notification
@ -1157,19 +805,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
// 'localRecording.localRecording', // shown when a local recording is started // 'localRecording.localRecording', // shown when a local recording is started
// 'notify.disconnected', // shown when a participant has left // 'notify.disconnected', // shown when a participant has left
// 'notify.connectedOneMember', // show when a participant joined
// 'notify.connectedTwoMembers', // show when two participants joined simultaneously
// 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously
// 'notify.grantedTo', // shown when moderator rights were granted to a participant // 'notify.grantedTo', // shown when moderator rights were granted to a participant
// 'notify.invitedOneMember', // shown when 1 participant has been invited // 'notify.invitedOneMember', // shown when 1 participant has been invited
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited
// 'notify.kickParticipant', // shown when a participant is kicked // 'notify.kickParticipant', // shown when a participant is kicked
// 'notify.moderationStartedTitle', // shown when AV moderation is activated
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
// 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation
// 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation
// 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party // 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party
// 'notify.mutedTitle', // shown when user has been muted upon joining, // 'notify.mutedTitle', // shown when user has been muted upon joining,
// 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device // 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device
@ -1178,7 +818,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'notify.passwordSetRemotely', // shown when a password has been set remotely // 'notify.passwordSetRemotely', // shown when a password has been set remotely
// 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.raisedHand', // shown when a partcipant used raise hand,
// 'notify.startSilentTitle', // shown when user joined with no audio // 'notify.startSilentTitle', // shown when user joined with no audio
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation
// 'prejoin.errorDialOut', // 'prejoin.errorDialOut',
// 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutDisconnected',
// 'prejoin.errorDialOutFailed', // 'prejoin.errorDialOutFailed',
@ -1192,13 +831,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone // 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone
// 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted // 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted
// 'transcribing.failedToStart' // shown when transcribing fails to start // 'transcribing.failedToStart' // shown when transcribing fails to start
// ], // ]
// Prevent the filmstrip from autohiding when screen width is under a certain threshold
// disableFilmstripAutohiding: false,
// Specifies whether the chat emoticons are disabled or not
// disableChatSmileys: false,
// Allow all above example options to include a trailing comma and // Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value. // prevent fear when commenting out the last value.

442
type/__jitsi_meet_domain/files/config.js.sh.orig
View file

@ -27,6 +27,9 @@ var config = {
// Websocket URL // Websocket URL
// websocket: 'wss://jitsi-meet.example.com/xmpp-websocket', // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket',
// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',
// The real JID of focus participant - can be overridden here // The real JID of focus participant - can be overridden here
// Do not change username - FIXME: Make focus username configurable // Do not change username - FIXME: Make focus username configurable
// https://github.com/jitsi/jitsi-meet/issues/7376 // https://github.com/jitsi/jitsi-meet/issues/7376
@ -41,16 +44,9 @@ var config = {
// issues related to insertable streams. // issues related to insertable streams.
// disableE2EE: false, // disableE2EE: false,
// Enables/disables thumbnail reordering in the filmstrip. It is enabled by default unless explicitly
// disabled by the below option.
// enableThumbnailReordering: true,
// Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users.
// mobileXmppWsThreshold: 10 // enable XMPP WebSockets on mobile for 10% of the users
// P2P test mode disables automatic switching to P2P when there are 2 // P2P test mode disables automatic switching to P2P when there are 2
// participants in the conference. // participants in the conference.
// p2pTestMode: false, p2pTestMode: false
// Enables the test specific features consumed by jitsi-meet-torture // Enables the test specific features consumed by jitsi-meet-torture
// testMode: false // testMode: false
@ -63,10 +59,8 @@ var config = {
// simulcast is turned off for the desktop share. If presenter is turned // simulcast is turned off for the desktop share. If presenter is turned
// on while screensharing is in progress, the max bitrate is automatically // on while screensharing is in progress, the max bitrate is automatically
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
// the probability for this to be enabled. This setting has been deprecated. // the probability for this to be enabled.
// desktopSharingFrameRate.max now determines whether simulcast will be enabled // capScreenshareBitrate: 1 // 0 to disable
// or disabled for the screenshare.
// capScreenshareBitrate: 1 // 0 to disable - deprecated.
// Enable callstats only for a percentage of users. // Enable callstats only for a percentage of users.
// This takes a value between 0 and 100 which determines the probability for // This takes a value between 0 and 100 which determines the probability for
@ -74,18 +68,6 @@ var config = {
// callStatsThreshold: 5 // enable callstats for 5% of the users. // callStatsThreshold: 5 // enable callstats for 5% of the users.
}, },
// Disables moderator indicators.
// disableModeratorIndicator: false,
// Disables the reactions feature.
// disableReactions: true,
// Disables polls feature.
// disablePolls: false,
// Disables self-view tile. (hides it from tile view and from filmstrip)
// disableSelfView: false,
// Disables ICE/UDP by filtering out local and remote UDP candidates in // Disables ICE/UDP by filtering out local and remote UDP candidates in
// signalling. // signalling.
// webrtcIceUdpDisable: false, // webrtcIceUdpDisable: false,
@ -98,9 +80,6 @@ var config = {
// Media // Media
// //
// Enable unified plan implementation support on Chromium based browsers.
// enableUnifiedOnChrome: false,
// Audio // Audio
// Disable measuring of audio levels. // Disable measuring of audio levels.
@ -117,10 +96,6 @@ var config = {
// about the call. // about the call.
// enableSaveLogs: false, // enableSaveLogs: false,
// Enabling this will hide the "Show More" link in the GSM popover that can be
// used to display more statistics about the connection (IP, Port, protocol, etc).
// disableShowMoreStats: true,
// Enabling this will run the lib-jitsi-meet noise detection module which will // Enabling this will run the lib-jitsi-meet noise detection module which will
// notify the user if there is noise, other than voice, coming from the current // notify the user if there is noise, other than voice, coming from the current
// selected microphone. The purpose it to let the user know that the input could // selected microphone. The purpose it to let the user know that the input could
@ -142,34 +117,19 @@ var config = {
// participants and to enable it back a reload is needed. // participants and to enable it back a reload is needed.
// startSilent: false // startSilent: false
// Sets the preferred target bitrate for the Opus audio codec by setting its
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
// Valid values are in the range 6000 to 510000
// opusMaxAverageBitrate: 20000,
// Enables support for opus-red (redundancy for Opus). // Enables support for opus-red (redundancy for Opus).
// enableOpusRed: false, // enableOpusRed: false,
// Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio.
// Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC.
// audioQuality: {
// stereo: false,
// opusMaxAverageBitrate: null // Value to fit the 6000 to 510000 range.
// },
// Video // Video
// Sets the preferred resolution (height) for local video. Defaults to 720. // Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720, // resolution: 720,
// Specifies whether the raised hand will hide when someone becomes a dominant speaker or not
// disableRemoveRaisedHandOnFocus: false,
// Specifies whether there will be a search field in speaker stats or not
// disableSpeakerStatsSearch: false,
// Specifies whether participants in speaker stats should be ordered or not, and with what priority
// speakerStatsOrder: [
// 'role', <- Moderators on top
// 'name', <- Alphabetically by name
// 'hasLeft', <- The ones that have left in the bottom
// ] <- the order of the array elements determines priority
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
// Use -1 to disable. // Use -1 to disable.
// maxFullResolutionParticipants: 2, // maxFullResolutionParticipants: 2,
@ -192,10 +152,9 @@ var config = {
// Enable / disable simulcast support. // Enable / disable simulcast support.
// disableSimulcast: false, // disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended // Enable / disable layer suspension. If enabled, endpoints whose HD
// (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen // layers are not in use will be suspended (no longer sent) until they
// sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent // are requested again.
// by the client.
// enableLayerSuspension: false, // enableLayerSuspension: false,
// Every participant after the Nth will start video muted. // Every participant after the Nth will start video muted.
@ -257,18 +216,6 @@ var config = {
// subtitles and buttons can be configured) // subtitles and buttons can be configured)
// transcribingEnabled: false, // transcribingEnabled: false,
// If true transcriber will use the application language.
// The application language is either explicitly set by participants in their settings or automatically
// detected based on the environment, e.g. if the app is opened in a chrome instance which is using french as its
// default language then transcriptions for that participant will be in french.
// Defaults to true.
// transcribeWithAppLanguage: true,
// Transcriber language. This settings will only work if "transcribeWithAppLanguage" is explicitly set to false.
// Available languages can be found in
// ./src/react/features/transcribing/transcriber-langs.json.
// preferredTranscribeLanguage: 'en-US',
// Enables automatic turning on captions when recording is started // Enables automatic turning on captions when recording is started
// autoCaptionOnRecord: false, // autoCaptionOnRecord: false,
@ -277,20 +224,6 @@ var config = {
// Default value for the channel "last N" attribute. -1 for unlimited. // Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: -1, channelLastN: -1,
// Connection indicators
// connectionIndicators: {
// autoHide: true,
// autoHideTimeout: 5000,
// disabled: false,
// disableDetails: false,
// inactiveDisabled: false
// },
// Provides a way for the lastN value to be controlled through the UI.
// When startLastN is present, conference starts with a last-n value of startLastN and channelLastN
// value will be used when the quality level is selected using "Manage Video Quality" slider.
// startLastN: 1,
// Provides a way to use different "last N" values based on the number of participants in the conference. // Provides a way to use different "last N" values based on the number of participants in the conference.
// The keys in an Object represent number of participants and the values are "last N" to be used when number of // The keys in an Object represent number of participants and the values are "last N" to be used when number of
// participants gets to or above the number. // participants gets to or above the number.
@ -328,24 +261,12 @@ var config = {
// // to take effect. // // to take effect.
// preferredCodec: 'VP8', // preferredCodec: 'VP8',
// //
// // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints
// // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet.
// // This will result in Safari not being able to decode video from endpoints sending VP9 video.
// // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the
// // preferred codec and goes back to the preferred codec when that endpoint leaves.
// // enforcePreferredCodec: false,
//
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here. // // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
// // This is currently not implemented on app based clients on mobile. // // This is currently not implemented on app based clients on mobile.
// maxBitratesVideo: { // maxBitratesVideo: {
// H264: {
// low: 200000,
// standard: 500000,
// high: 1500000
// },
// VP8 : { // VP8 : {
// low: 200000, // low: 200000,
// standard: 500000, // standard: 500000,
@ -378,13 +299,6 @@ var config = {
// resizeDesktopForPresenter: false // resizeDesktopForPresenter: false
// }, // },
// Notification timeouts
// notificationTimeouts: {
// short: 2500,
// medium: 5000,
// long: 10000
// },
// // Options for the recording limit notification. // // Options for the recording limit notification.
// recordingLimit: { // recordingLimit: {
// //
@ -403,9 +317,6 @@ var config = {
// Disables or enables RTX (RFC 4588) (defaults to false). // Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false, // disableRtx: false,
// Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event.
// disableBeforeUnloadHandlers: true,
// Disables or enables TCC support in this client (default: enabled). // Disables or enables TCC support in this client (default: enabled).
// enableTcc: true, // enableTcc: true,
@ -421,7 +332,8 @@ var config = {
// enableIceRestart: false, // enableIceRestart: false,
// Enables forced reload of the client when the call is migrated as a result of // Enables forced reload of the client when the call is migrated as a result of
// the bridge going down. // the bridge going down. Currently enabled by default as call migration through
// session-terminate is causing siganling issues when Octo is enabled.
// enableForcedReload: true, // enableForcedReload: true,
// Use TURN/UDP servers for the jitsi-videobridge connection (by default // Use TURN/UDP servers for the jitsi-videobridge connection (by default
@ -429,11 +341,6 @@ var config = {
// bridge itself is reachable via UDP) // bridge itself is reachable via UDP)
// useTurnUdp: false // useTurnUdp: false
// Enable support for encoded transform in supported browsers. This allows
// E2EE to work in Safari if the corresponding flag is enabled in the browser.
// Experimental.
// enableEncodedTransformSupport: false,
// UI // UI
// //
@ -443,12 +350,6 @@ var config = {
// Hides lobby button // Hides lobby button
// hideLobbyButton: false, // hideLobbyButton: false,
// If Lobby is enabled starts knocking automatically.
// autoKnockLobby: false,
// Hides add breakout room button
// hideAddRoomButton: false,
// Require users to always specify a display name. // Require users to always specify a display name.
// requireDisplayName: true, // requireDisplayName: true,
@ -468,15 +369,7 @@ var config = {
// enableClosePage: false, // enableClosePage: false,
// Disable hiding of remote thumbnails when in a 1-on-1 conference call. // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// Setting this to null, will also disable showing the remote videos // disable1On1Mode: false,
// when the toolbar is shown on mouse movements
// disable1On1Mode: null | false | true,
// Default local name to be displayed
// defaultLocalDisplayName: 'me',
// Default remote name to be displayed
// defaultRemoteDisplayName: 'Fellow Jitster',
// Default language for the user interface. // Default language for the user interface.
// defaultLanguage: 'en', // defaultLanguage: 'en',
@ -499,18 +392,8 @@ var config = {
// and microsoftApiApplicationClientID // and microsoftApiApplicationClientID
// enableCalendarIntegration: false, // enableCalendarIntegration: false,
// Configs for prejoin page. // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// prejoinConfig: { // prejoinPageEnabled: false,
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// // This replaces `prejoinPageEnabled`.
// enabled: true,
// // List of buttons to hide from the extra join options dropdown.
// hideExtraJoinButtons: ['no-audio', 'by-phone']
// },
// When 'true', the user cannot edit the display name.
// (Mainly useful when used in conjuction with the JWT so the JWT name becomes read only.)
// readOnlyName: false,
// If etherpad integration is enabled, setting this to true will // If etherpad integration is enabled, setting this to true will
// automatically open the etherpad when a participant joins. This // automatically open the etherpad when a participant joins. This
@ -531,10 +414,6 @@ var config = {
// Base URL for a Gravatar-compatible service. Defaults to libravatar. // Base URL for a Gravatar-compatible service. Defaults to libravatar.
// gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/',
// App name to be displayed in the invitation email subject, as an alternative to
// interfaceConfig.APP_NAME.
// inviteAppName: null,
// Moved from interfaceConfig(TOOLBAR_BUTTONS). // Moved from interfaceConfig(TOOLBAR_BUTTONS).
// The name of the toolbar buttons to display in the toolbar, including the // The name of the toolbar buttons to display in the toolbar, including the
// "More actions" menu. If present, the button will display. Exceptions are // "More actions" menu. If present, the button will display. Exceptions are
@ -547,94 +426,13 @@ var config = {
// - 'desktop' controls the "Share your screen" button // - 'desktop' controls the "Share your screen" button
// - if `toolbarButtons` is undefined, we fallback to enabling all buttons on the UI // - if `toolbarButtons` is undefined, we fallback to enabling all buttons on the UI
// toolbarButtons: [ // toolbarButtons: [
// 'camera', // 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen',
// 'chat', // 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording',
// 'closedcaptions', // 'livestreaming', 'etherpad', 'sharedvideo', 'shareaudio', 'settings', 'raisehand',
// 'desktop', // 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
// 'download', // 'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'
// 'embedmeeting',
// 'etherpad',
// 'feedback',
// 'filmstrip',
// 'fullscreen',
// 'hangup',
// 'help',
// 'invite',
// 'livestreaming',
// 'microphone',
// 'mute-everyone',
// 'mute-video-everyone',
// 'participants-pane',
// 'profile',
// 'raisehand',
// 'recording',
// 'security',
// 'select-background',
// 'settings',
// 'shareaudio',
// 'sharedvideo',
// 'shortcuts',
// 'stats',
// 'tileview',
// 'toggle-camera',
// 'videoquality',
// '__end'
// ], // ],
// Holds values related to toolbar visibility control.
// toolbarConfig: {
// // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT
// // The initial numer of miliseconds for the toolbar buttons to be visible on screen.
// initialTimeout: 20000,
// // Moved from interfaceConfig.TOOLBAR_TIMEOUT
// // Number of miliseconds for the toolbar buttons to be visible on screen.
// timeout: 4000,
// // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
// // Whether toolbar should be always visible or should hide after x miliseconds.
// alwaysVisible: false
// },
// Toolbar buttons which have their click event exposed through the API on
// `toolbarButtonClicked` event instead of executing the normal click routine.
// buttonsWithNotifyClick: [
// 'camera',
// 'chat',
// 'closedcaptions',
// 'desktop',
// 'download',
// 'embedmeeting',
// 'etherpad',
// 'feedback',
// 'filmstrip',
// 'fullscreen',
// 'hangup',
// 'help',
// 'invite',
// 'livestreaming',
// 'microphone',
// 'mute-everyone',
// 'mute-video-everyone',
// 'participants-pane',
// 'profile',
// 'raisehand',
// 'recording',
// 'security',
// 'select-background',
// 'settings',
// 'shareaudio',
// 'sharedvideo',
// 'shortcuts',
// 'stats',
// 'tileview',
// 'toggle-camera',
// 'videoquality',
// '__end'
// ],
// List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons:
// 'microphone', 'camera', 'select-background', 'invite', 'settings'
// hiddenPremeetingButtons: [],
// Stats // Stats
// //
@ -652,37 +450,12 @@ var config = {
// callStatsID: '', // callStatsID: '',
// callStatsSecret: '', // callStatsSecret: '',
// The callstats initialize config params as described in the API:
// https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret
// callStatsConfigParams: {
// disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter.
// applicationVersion: "app_version", // Application version specified by the developer.
// disablePrecalltest: true, // disables the pre-call test, it is enabled by default.
// siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made.
// additionalIDs: { // additionalIDs object, contains application related IDs.
// customerID: "Customer Identifier. Example, walmart.",
// tenantID: "Tenant Identifier. Example, monster.",
// productName: "Product Name. Example, Jitsi.",
// meetingsName: "Meeting Name. Example, Jitsi loves callstats.",
// serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.",
// pbxID: "PBX Identifier. Example, walmart.",
// pbxExtensionID: "PBX Extension Identifier. Example, 5625.",
// fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.",
// sessionID: "Session Identifier. Example, session-12-34"
// },
// collectLegacyStats: true, //enables the collection of legacy stats in chrome browser
// collectIP: true //enables the collection localIP address
// },
// Enables sending participants' display names to callstats // Enables sending participants' display names to callstats
// enableDisplayNameInStats: false, // enableDisplayNameInStats: false,
// Enables sending participants' emails (if available) to callstats and other analytics // Enables sending participants' emails (if available) to callstats and other analytics
// enableEmailInStats: false, // enableEmailInStats: false,
// Enables detecting faces of participants and get their expression and send it to other participants
// enableFacialRecognition: true,
// Controls the percentage of automatic feedback shown to participants when callstats is enabled. // Controls the percentage of automatic feedback shown to participants when callstats is enabled.
// The default value is 100%. If set to 0, no automatic feedback will be requested // The default value is 100%. If set to 0, no automatic feedback will be requested
// feedbackPercentage: 100, // feedbackPercentage: 100,
@ -708,8 +481,12 @@ var config = {
// connection. // connection.
enabled: true, enabled: true,
// Enable unified plan implementation support on Chromium for p2p connection. // The STUN servers that will be used in the peer to peer connections
// enableUnifiedOnChrome: false, stunServers: [
// { urls: 'stun:jitsi-meet.example.com:3478' },
{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
]
// Sets the ICE transport policy for the p2p connection. At the time // Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay', // of this writing the list of possible values are 'all' and 'relay',
@ -736,20 +513,10 @@ var config = {
// How long we're going to wait, before going back to P2P after the 3rd // How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload). // participant has left the conference (to filter out page reload).
// backToP2PDelay: 5, // backToP2PDelay: 5
// The STUN servers that will be used in the peer to peer connections
stunServers: [
// { urls: 'stun:jitsi-meet.example.com:3478' },
{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
]
}, },
analytics: { analytics: {
// True if the analytics should be disabled
// disabled: false,
// The Google Analytics Tracking ID: // The Google Analytics Tracking ID:
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
@ -765,7 +532,7 @@ var config = {
// module connects to the provided rtcstatsEndpoint and sends statistics regarding // module connects to the provided rtcstatsEndpoint and sends statistics regarding
// PeerConnection states along with getStats metrics polled at the specified // PeerConnection states along with getStats metrics polled at the specified
// interval. // interval.
// rtcstatsEnabled: false, // rtcstatsEnabled: true,
// In order to enable rtcstats one needs to provide a endpoint url. // In order to enable rtcstats one needs to provide a endpoint url.
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
@ -793,43 +560,13 @@ var config = {
// userRegion: "asia" // userRegion: "asia"
}, },
// Array<string> of disabled sounds.
// Possible values:
// - 'ASKED_TO_UNMUTE_SOUND'
// - 'E2EE_OFF_SOUND'
// - 'E2EE_ON_SOUND'
// - 'INCOMING_MSG_SOUND'
// - 'KNOCKING_PARTICIPANT_SOUND'
// - 'LIVE_STREAMING_OFF_SOUND'
// - 'LIVE_STREAMING_ON_SOUND'
// - 'NO_AUDIO_SIGNAL_SOUND'
// - 'NOISY_AUDIO_INPUT_SOUND'
// - 'OUTGOING_CALL_EXPIRED_SOUND'
// - 'OUTGOING_CALL_REJECTED_SOUND'
// - 'OUTGOING_CALL_RINGING_SOUND'
// - 'OUTGOING_CALL_START_SOUND'
// - 'PARTICIPANT_JOINED_SOUND'
// - 'PARTICIPANT_LEFT_SOUND'
// - 'RAISE_HAND_SOUND'
// - 'REACTION_SOUND'
// - 'RECORDING_OFF_SOUND'
// - 'RECORDING_ON_SOUND'
// - 'TALK_WHILE_MUTED_SOUND'
// disabledSounds: [],
// DEPRECATED! Use `disabledSounds` instead.
// Decides whether the start/stop recording audio notifications should play on record. // Decides whether the start/stop recording audio notifications should play on record.
// disableRecordAudioNotification: false, // disableRecordAudioNotification: false,
// DEPRECATED! Use `disabledSounds` instead.
// Disables the sounds that play when other participants join or leave the // Disables the sounds that play when other participants join or leave the
// conference (if set to true, these sounds will not be played). // conference (if set to true, these sounds will not be played).
// disableJoinLeaveSounds: false, // disableJoinLeaveSounds: false,
// DEPRECATED! Use `disabledSounds` instead.
// Disables the sounds that play when a chat message is received.
// disableIncomingMessageSound: false,
// Information for the chrome extension banner // Information for the chrome extension banner
// chromeExtensionBanner: { // chromeExtensionBanner: {
// // The chrome extension to be installed address // // The chrome extension to be installed address
@ -850,8 +587,8 @@ var config = {
// localRecording: { // localRecording: {
// Enables local recording. // Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to // Additionally, 'localrecording' (all lowercase) needs to be added to
// the `toolbarButtons`-array for the Local Recording button to show up // TOOLBAR_BUTTONS in interface_config.js for the Local Recording
// on the toolbar. // button to show up on the toolbar.
// //
// enabled: true, // enabled: true,
// //
@ -860,10 +597,6 @@ var config = {
// format: 'flac' // format: 'flac'
// //
// },
// e2ee: {
// labels,
// externallyManagedKey: false
// }, // },
// Options related to end-to-end (participant to participant) ping. // Options related to end-to-end (participant to participant) ping.
@ -918,9 +651,7 @@ var config = {
// Options related to the remote participant menu. // Options related to the remote participant menu.
// remoteVideoMenu: { // remoteVideoMenu: {
// // If set to true the 'Kick out' button will be disabled. // // If set to true the 'Kick out' button will be disabled.
// disableKick: true, // disableKick: true
// // If set to true the 'Grant moderator' button will be disabled.
// disableGrantModerator: true
// }, // },
// If set to true all muting operations of remote participants will be disabled. // If set to true all muting operations of remote participants will be disabled.
@ -932,11 +663,8 @@ var config = {
/** /**
External API url used to receive branding specific information. External API url used to receive branding specific information.
If there is no url set or there are missing fields, the defaults are applied. If there is no url set or there are missing fields, the defaults are applied.
The config file should be in JSON.
None of the fields are mandatory and the response must have the shape: None of the fields are mandatory and the response must have the shape:
{ {
// The domain url to apply (will replace the domain in the sharing conference link/embed section)
inviteDomain: 'example-company.org,
// The hex value for the colour used as background // The hex value for the colour used as background
backgroundColor: '#fff', backgroundColor: '#fff',
// The url for the image used as background // The url for the image used as background
@ -944,55 +672,11 @@ var config = {
// The anchor url used when clicking the logo image // The anchor url used when clicking the logo image
logoClickUrl: 'https://example-company.org', logoClickUrl: 'https://example-company.org',
// The url used for the image used as logo // The url used for the image used as logo
logoImageUrl: 'https://example.com/logo-img.png', logoImageUrl: 'https://example.com/logo-img.png'
// Overwrite for pool of background images for avatars
avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'],
// The lobby/prejoin screen background
premeetingBackground: 'url(https://example.com/premeeting-background.png)',
// A list of images that can be used as video backgrounds.
// When this field is present, the default images will be replaced with those provided.
virtualBackgrounds: ['https://example.com/img.jpg'],
// Object containing a theme's properties. It also supports partial overwrites of the main theme.
// For a list of all possible theme tokens and their current defaults, please check:
// https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json
// For a short explanations on each of the tokens, please check:
// https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.js
// IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code
// or they are partially applied.
customTheme: {
palette: {
ui01: "orange !important",
ui02: "maroon",
surface02: 'darkgreen',
ui03: "violet",
ui04: "magenta",
ui05: "blueviolet",
field02Hover: 'red',
action01: 'green',
action01Hover: 'lightgreen',
action02Disabled: 'beige',
success02: 'cadetblue',
action02Hover: 'aliceblue'
},
typography: {
labelRegular: {
fontSize: 25,
lineHeight: 30,
fontWeight: 500
}
}
}
} }
*/ */
// dynamicBrandingUrl: '', // dynamicBrandingUrl: '',
// When true the user cannot add more images to be used as virtual background.
// Only the default ones from will be available.
// disableAddingBackgroundImages: false,
// Disables using screensharing as virtual background.
// disableScreensharingVirtualBackground: false,
// Sets the background transparency level. '0' is fully transparent, '1' is opaque. // Sets the background transparency level. '0' is fully transparent, '1' is opaque.
// backgroundAlpha: 1, // backgroundAlpha: 1,
@ -1004,35 +688,12 @@ var config = {
// If true, tile view will not be enabled automatically when the participants count threshold is reached. // If true, tile view will not be enabled automatically when the participants count threshold is reached.
// disableTileView: true, // disableTileView: true,
// If true, the tiles will be displayed contained within the available space rather than enlarged to cover it.
// disableTileEnlargement: true,
// Controls the visibility and behavior of the top header conference info labels.
// If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
// conferenceInfo: {
// // those labels will not be hidden in tandem with the toolbox.
// alwaysVisible: ['recording', 'local-recording'],
// // those labels will be auto-hidden in tandem with the toolbox buttons.
// autoHide: [
// 'subject',
// 'conference-timer',
// 'participants-count',
// 'e2ee',
// 'transcribing',
// 'video-quality',
// 'insecure-room'
// ]
// },
// Hides the conference subject // Hides the conference subject
// hideConferenceSubject: true, // hideConferenceSubject: true,
// Hides the conference timer. // Hides the conference timer.
// hideConferenceTimer: true, // hideConferenceTimer: true,
// Hides the recording label
// hideRecordingLabel: false,
// Hides the participants stats // Hides the participants stats
// hideParticipantsStats: true, // hideParticipantsStats: true,
@ -1044,13 +705,6 @@ var config = {
// is not persisting the local storage inside the iframe. // is not persisting the local storage inside the iframe.
// useHostPageLocalStorage: true, // useHostPageLocalStorage: true,
// etherpad ("shared document") integration.
//
// If set, add a "Open shared document" link to the bottom right menu that
// will open an etherpad document.
// etherpad_base: 'https://your-etherpad-installati.on/p/',
// List of undocumented settings used in jitsi-meet // List of undocumented settings used in jitsi-meet
/** /**
_immediateReloadThreshold _immediateReloadThreshold
@ -1063,8 +717,8 @@ var config = {
dialOutCodesUrl dialOutCodesUrl
disableRemoteControl disableRemoteControl
displayJids displayJids
etherpad_base
externalConnectUrl externalConnectUrl
e2eeLabels
firefox_fake_device firefox_fake_device
googleApiApplicationClientID googleApiApplicationClientID
iAmRecorder iAmRecorder
@ -1106,11 +760,6 @@ var config = {
websocketKeepAliveUrl websocketKeepAliveUrl
*/ */
/**
* Default interval (milliseconds) for triggering mouseMoved iframe API event
*/
mouseMoveCallbackInterval: 1000,
/** /**
Use this array to configure which notifications will be shown to the user Use this array to configure which notifications will be shown to the user
The items correspond to the title or description key of that notification The items correspond to the title or description key of that notification
@ -1144,19 +793,11 @@ var config = {
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
// 'localRecording.localRecording', // shown when a local recording is started // 'localRecording.localRecording', // shown when a local recording is started
// 'notify.disconnected', // shown when a participant has left // 'notify.disconnected', // shown when a participant has left
// 'notify.connectedOneMember', // show when a participant joined
// 'notify.connectedTwoMembers', // show when two participants joined simultaneously
// 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously
// 'notify.grantedTo', // shown when moderator rights were granted to a participant // 'notify.grantedTo', // shown when moderator rights were granted to a participant
// 'notify.invitedOneMember', // shown when 1 participant has been invited // 'notify.invitedOneMember', // shown when 1 participant has been invited
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited
// 'notify.kickParticipant', // shown when a participant is kicked // 'notify.kickParticipant', // shown when a participant is kicked
// 'notify.moderationStartedTitle', // shown when AV moderation is activated
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
// 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation
// 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation
// 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party // 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party
// 'notify.mutedTitle', // shown when user has been muted upon joining, // 'notify.mutedTitle', // shown when user has been muted upon joining,
// 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device // 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device
@ -1165,7 +806,6 @@ var config = {
// 'notify.passwordSetRemotely', // shown when a password has been set remotely // 'notify.passwordSetRemotely', // shown when a password has been set remotely
// 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.raisedHand', // shown when a partcipant used raise hand,
// 'notify.startSilentTitle', // shown when user joined with no audio // 'notify.startSilentTitle', // shown when user joined with no audio
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation
// 'prejoin.errorDialOut', // 'prejoin.errorDialOut',
// 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutDisconnected',
// 'prejoin.errorDialOutFailed', // 'prejoin.errorDialOutFailed',
@ -1179,13 +819,7 @@ var config = {
// 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone // 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone
// 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted // 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted
// 'transcribing.failedToStart' // shown when transcribing fails to start // 'transcribing.failedToStart' // shown when transcribing fails to start
// ], // ]
// Prevent the filmstrip from autohiding when screen width is under a certain threshold
// disableFilmstripAutohiding: false,
// Specifies whether the chat emoticons are disabled or not
// disableChatSmileys: false,
// Allow all above example options to include a trailing comma and // Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value. // prevent fear when commenting out the last value.

75
type/__jitsi_meet_domain/files/interface_config.js.sh
View file

@ -36,13 +36,42 @@ var interfaceConfig = {
BRAND_WATERMARK_LINK: '', BRAND_WATERMARK_LINK: '',
CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
/**
* Whether the connection indicator icon should hide itself based on
* connection strength. If true, the connection indicator will remain
* displayed while the participant has a weak connection and will hide
* itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is
* strong.
*
* @type {boolean}
*/
CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true,
/**
* How long the connection indicator should remain displayed before hiding.
* Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED.
*
* @type {number}
*/
CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000,
/**
* If true, hides the connection indicators completely.
*
* @type {boolean}
*/
CONNECTION_INDICATOR_DISABLED: false,
DEFAULT_BACKGROUND: '#474747', DEFAULT_BACKGROUND: '#474747',
DEFAULT_LOCAL_DISPLAY_NAME: 'me',
DEFAULT_LOGO_URL: '${BRANDING_WATERMARK_PATH}', DEFAULT_LOGO_URL: '${BRANDING_WATERMARK_PATH}',
DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
DEFAULT_WELCOME_PAGE_LOGO_URL: '${BRANDING_WATERMARK_PATH}', DEFAULT_WELCOME_PAGE_LOGO_URL: '${BRANDING_WATERMARK_PATH}',
DISABLE_DOMINANT_SPEAKER_INDICATOR: false, DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
DISABLE_FOCUS_INDICATOR: false,
/** /**
* If true, notifications regarding joining/leaving are no longer displayed. * If true, notifications regarding joining/leaving are no longer displayed.
*/ */
@ -98,6 +127,7 @@ var interfaceConfig = {
*/ */
HIDE_INVITE_MORE_HEADER: false, HIDE_INVITE_MORE_HEADER: false,
INITIAL_TOOLBAR_TIMEOUT: 20000,
JITSI_WATERMARK_LINK: 'https://jitsi.org', JITSI_WATERMARK_LINK: 'https://jitsi.org',
LANG_DETECTION: true, // Allow i18n to detect the system language LANG_DETECTION: true, // Allow i18n to detect the system language
@ -183,6 +213,16 @@ var interfaceConfig = {
*/ */
SUPPORT_URL: 'https://community.jitsi.org/', SUPPORT_URL: 'https://community.jitsi.org/',
TOOLBAR_ALWAYS_VISIBLE: false,
/**
* DEPRECATED!
* This config was moved to config.js as \`toolbarButtons\`.
*/
// TOOLBAR_BUTTONS: [],
TOOLBAR_TIMEOUT: 4000,
// Browsers, in addition to those which do not fully support WebRTC, that // Browsers, in addition to those which do not fully support WebRTC, that
// are not supported and should show the unsupported browser page. // are not supported and should show the unsupported browser page.
UNSUPPORTED_BROWSERS: [], UNSUPPORTED_BROWSERS: [],
@ -234,40 +274,19 @@ var interfaceConfig = {
*/ */
// ANDROID_APP_PACKAGE: 'org.jitsi.meet', // ANDROID_APP_PACKAGE: 'org.jitsi.meet',
/**
* Override the behavior of some notifications to remain displayed until
* explicitly dismissed through a user action. The value is how long, in
* milliseconds, those notifications should remain displayed.
*/
// ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000,
// List of undocumented settings // List of undocumented settings
/** /**
INDICATOR_FONT_SIZES INDICATOR_FONT_SIZES
PHONE_NUMBER_REGEX PHONE_NUMBER_REGEX
*/ */
// -----------------DEPRECATED CONFIGS BELOW THIS LINE-----------------------------
// Connection indicators (
// CONNECTION_INDICATOR_AUTO_HIDE_ENABLED,
// CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT,
// CONNECTION_INDICATOR_DISABLED) got moved to config.js.
// Please use disableModeratorIndicator from config.js
// DISABLE_FOCUS_INDICATOR: false,
// Please use defaultLocalDisplayName from config.js
// DEFAULT_LOCAL_DISPLAY_NAME: 'me',
// Please use defaultRemoteDisplayName from config.js
// DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
// Moved to config.js as \`toolbarConfig.initialTimeout\`.
// INITIAL_TOOLBAR_TIMEOUT: 20000,
// Moved to config.js as \`toolbarConfig.alwaysVisible\`.
// TOOLBAR_ALWAYS_VISIBLE: false,
// This config was moved to config.js as \`toolbarButtons\`.
// TOOLBAR_BUTTONS: [],
// Moved to config.js as \`toolbarConfig.timeout\`.
// TOOLBAR_TIMEOUT: 4000,
// Allow all above example options to include a trailing comma and // Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value. // prevent fear when commenting out the last value.
// eslint-disable-next-line sort-keys // eslint-disable-next-line sort-keys

75
type/__jitsi_meet_domain/files/interface_config.js.sh.orig
View file

@ -25,13 +25,42 @@ var interfaceConfig = {
BRAND_WATERMARK_LINK: '', BRAND_WATERMARK_LINK: '',
CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
/**
* Whether the connection indicator icon should hide itself based on
* connection strength. If true, the connection indicator will remain
* displayed while the participant has a weak connection and will hide
* itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is
* strong.
*
* @type {boolean}
*/
CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true,
/**
* How long the connection indicator should remain displayed before hiding.
* Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED.
*
* @type {number}
*/
CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000,
/**
* If true, hides the connection indicators completely.
*
* @type {boolean}
*/
CONNECTION_INDICATOR_DISABLED: false,
DEFAULT_BACKGROUND: '#474747', DEFAULT_BACKGROUND: '#474747',
DEFAULT_LOCAL_DISPLAY_NAME: 'me',
DEFAULT_LOGO_URL: 'images/watermark.svg', DEFAULT_LOGO_URL: 'images/watermark.svg',
DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg', DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg',
DISABLE_DOMINANT_SPEAKER_INDICATOR: false, DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
DISABLE_FOCUS_INDICATOR: false,
/** /**
* If true, notifications regarding joining/leaving are no longer displayed. * If true, notifications regarding joining/leaving are no longer displayed.
*/ */
@ -87,6 +116,7 @@ var interfaceConfig = {
*/ */
HIDE_INVITE_MORE_HEADER: false, HIDE_INVITE_MORE_HEADER: false,
INITIAL_TOOLBAR_TIMEOUT: 20000,
JITSI_WATERMARK_LINK: 'https://jitsi.org', JITSI_WATERMARK_LINK: 'https://jitsi.org',
LANG_DETECTION: true, // Allow i18n to detect the system language LANG_DETECTION: true, // Allow i18n to detect the system language
@ -172,6 +202,16 @@ var interfaceConfig = {
*/ */
SUPPORT_URL: 'https://community.jitsi.org/', SUPPORT_URL: 'https://community.jitsi.org/',
TOOLBAR_ALWAYS_VISIBLE: false,
/**
* DEPRECATED!
* This config was moved to config.js as `toolbarButtons`.
*/
// TOOLBAR_BUTTONS: [],
TOOLBAR_TIMEOUT: 4000,
// Browsers, in addition to those which do not fully support WebRTC, that // Browsers, in addition to those which do not fully support WebRTC, that
// are not supported and should show the unsupported browser page. // are not supported and should show the unsupported browser page.
UNSUPPORTED_BROWSERS: [], UNSUPPORTED_BROWSERS: [],
@ -223,40 +263,19 @@ var interfaceConfig = {
*/ */
// ANDROID_APP_PACKAGE: 'org.jitsi.meet', // ANDROID_APP_PACKAGE: 'org.jitsi.meet',
/**
* Override the behavior of some notifications to remain displayed until
* explicitly dismissed through a user action. The value is how long, in
* milliseconds, those notifications should remain displayed.
*/
// ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000,
// List of undocumented settings // List of undocumented settings
/** /**
INDICATOR_FONT_SIZES INDICATOR_FONT_SIZES
PHONE_NUMBER_REGEX PHONE_NUMBER_REGEX
*/ */
// -----------------DEPRECATED CONFIGS BELOW THIS LINE-----------------------------
// Connection indicators (
// CONNECTION_INDICATOR_AUTO_HIDE_ENABLED,
// CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT,
// CONNECTION_INDICATOR_DISABLED) got moved to config.js.
// Please use disableModeratorIndicator from config.js
// DISABLE_FOCUS_INDICATOR: false,
// Please use defaultLocalDisplayName from config.js
// DEFAULT_LOCAL_DISPLAY_NAME: 'me',
// Please use defaultRemoteDisplayName from config.js
// DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
// Moved to config.js as `toolbarConfig.initialTimeout`.
// INITIAL_TOOLBAR_TIMEOUT: 20000,
// Moved to config.js as `toolbarConfig.alwaysVisible`.
// TOOLBAR_ALWAYS_VISIBLE: false,
// This config was moved to config.js as `toolbarButtons`.
// TOOLBAR_BUTTONS: [],
// Moved to config.js as `toolbarConfig.timeout`.
// TOOLBAR_TIMEOUT: 4000,
// Allow all above example options to include a trailing comma and // Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value. // prevent fear when commenting out the last value.
// eslint-disable-next-line sort-keys // eslint-disable-next-line sort-keys

36
type/__jitsi_meet_domain/files/nginx.sh
View file

@ -2,14 +2,6 @@
# shellcheck disable=SC2034 # This is intended to be included # shellcheck disable=SC2034 # This is intended to be included
JITSI_NGINX_CONFIG="$(cat <<EOF JITSI_NGINX_CONFIG="$(cat <<EOF
# Jitsi uses following lines by default, in our cdist types they must be commented
# out as we already set it with __jitsi_meet in the default server config.
#server_names_hash_bucket_size 64;
#
#types {
## nginx's default mime.types doesn't include a mapping for wasm
# application/wasm wasm;
#}
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
@ -38,7 +30,6 @@ server {
ssl_session_tickets off; ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000" always; add_header Strict-Transport-Security "max-age=63072000" always;
set \$prefix "";
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
@ -94,9 +85,7 @@ server {
# BOSH # BOSH
location = /http-bind { location = /http-bind {
# We are using 127.0.0.1, because we are not specifying a resolver proxy_pass http://localhost:5280/http-bind;
# otherwise nginx will fail to resolve 'localhost'
proxy_pass http://127.0.0.1:5280/http-bind?prefix=\$prefix&\$args;
proxy_set_header X-Forwarded-For \$remote_addr; proxy_set_header X-Forwarded-For \$remote_addr;
# Prevision for 'multi-domain' jitsi instances # Prevision for 'multi-domain' jitsi instances
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391 # https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
@ -124,15 +113,6 @@ server {
tcp_nodelay on; tcp_nodelay on;
} }
# load test minimal client, uncomment when used
#location ~ ^/_load-test/([^/?&:'"]+)\$ {
# rewrite ^/_load-test/(.*)\$ /load-test/index.html break;
#}
#location ~ ^/_load-test/libs/(.*)\$ {
# add_header 'Access-Control-Allow-Origin' '*';
# alias /usr/share/jitsi-meet/load-test/libs/\$1;
#}
location ~ ^/([^/?&:'"]+)\$ { location ~ ^/([^/?&:'"]+)\$ {
try_files \$uri @root_path; try_files \$uri @root_path;
} }
@ -149,6 +129,13 @@ server {
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js; alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
} }
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)\$ {
set \$subdomain "\$1.";
set \$subdir "\$1/";
rewrite ^/([^/?&:'"]+)/(.*)\$ /\$2;
}
# BOSH for subdomains # BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind { location ~ ^/([^/?&:'"]+)/http-bind {
set \$subdomain "\$1."; set \$subdomain "\$1.";
@ -166,13 +153,6 @@ server {
rewrite ^/(.*)\$ /xmpp-websocket; rewrite ^/(.*)\$ /xmpp-websocket;
} }
# Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)\$ {
set \$subdomain "\$1.";
set \$subdir "\$1/";
rewrite ^/([^/?&:'"]+)/(.*)\$ /\$2;
}
} }
EOF EOF
)" )"

30
type/__jitsi_meet_domain/files/nginx.sh.orig
View file

@ -1,9 +1,5 @@
server_names_hash_bucket_size 64; server_names_hash_bucket_size 64;
types {
# nginx's default mime.types doesn't include a mapping for wasm
application/wasm wasm;
}
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
@ -35,7 +31,6 @@ server {
ssl_session_tickets off; ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000" always; add_header Strict-Transport-Security "max-age=63072000" always;
set $prefix "";
ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt; ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt;
ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key; ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key;
@ -77,7 +72,7 @@ server {
# BOSH # BOSH
location = /http-bind { location = /http-bind {
proxy_pass http://127.0.0.1:5280/http-bind?prefix=$prefix&$args; proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
} }
@ -101,15 +96,6 @@ server {
tcp_nodelay on; tcp_nodelay on;
} }
# load test minimal client, uncomment when used
#location ~ ^/_load-test/([^/?&:'"]+)$ {
# rewrite ^/_load-test/(.*)$ /load-test/index.html break;
#}
#location ~ ^/_load-test/libs/(.*)$ {
# add_header 'Access-Control-Allow-Origin' '*';
# alias /usr/share/jitsi-meet/load-test/libs/$1;
#}
location ~ ^/([^/?&:'"]+)$ { location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path; try_files $uri @root_path;
} }
@ -126,6 +112,13 @@ server {
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js; alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
} }
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}
# BOSH for subdomains # BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind { location ~ ^/([^/?&:'"]+)/http-bind {
set $subdomain "$1."; set $subdomain "$1.";
@ -143,11 +136,4 @@ server {
rewrite ^/(.*)$ /xmpp-websocket; rewrite ^/(.*)$ /xmpp-websocket;
} }
# Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}
} }

12
type/__matrix_element/files/config.json.sh
View file

@ -34,12 +34,12 @@ EOF
if [ "$BRANDING_AUTH_FOOTER_LINKS" != "" ]; then if [ "$BRANDING_AUTH_FOOTER_LINKS" != "" ]; then
cat << EOF cat << EOF
"authFooterLinks": $BRANDING_AUTH_FOOTER_LINKS, "authFooterLinks": "$BRANDING_AUTH_FOOTER_LINKS",
EOF EOF
fi fi
cat << EOF cat << EOF
"welcomeBackgroundUrl": "$BRANDING_WELCOME_BACKGROUND_URL" "welcomeBackgroundUrl": "themes/element/img/backgrounds/lake.jpg"
EOF EOF
echo '},' echo '},'
} }
@ -52,7 +52,7 @@ cat << EOF
"server_name": "$DEFAULT_SERVER_NAME" "server_name": "$DEFAULT_SERVER_NAME"
}, },
"m.identity_server": { "m.identity_server": {
"base_url": "$IDENTITY_SERVER_URL" "base_url": "https://vector.im"
} }
}, },
"brand": "$BRAND", "brand": "$BRAND",
@ -85,10 +85,6 @@ cat << EOF
"url": "$COOKIE_POLICY_URL", "url": "$COOKIE_POLICY_URL",
"text": "Cookie Policy" "text": "Cookie Policy"
} }
], ]
"embeddedPages": {
"welcomeUrl": "$WELCOME_PAGE_URL",
"homeUrl": "$HOME_PAGE_URL"
}
} }
EOF EOF

16
type/__matrix_element/man.rst
View file

@ -27,28 +27,12 @@ default_server_name
default_server_url default_server_url
URL of matrix homeserver to connect to, defaults to 'https://matrix-client.matrix.org'. URL of matrix homeserver to connect to, defaults to 'https://matrix-client.matrix.org'.
identity_server_url
URL of matrix identity server to connect to, defaults to 'https://vector.im'.
See element documentation
`<https://github.com/vector-im/element-web/blob/develop/docs/config.md#identity-servers>_`
for details.
owner owner
Owner of the deployed files, passed to `chown`. Defaults to 'root'. Owner of the deployed files, passed to `chown`. Defaults to 'root'.
brand brand
Web UI branding, defaults to 'Element'. Web UI branding, defaults to 'Element'.
branding_auth_header_logo_url
A logo image that is shown in the header during authentication flows.
branding_welcome_background_url
An image to use as a wallpaper outside the app during authentication flows. If an array is passed, an image is chosen randomly for each visit.
branding_auth_footer_links
a list of links to show in the authentication page footer: `[{"text": "Link
text", "url": "https://link.target"}, {"text": "Other link", ...}]`
default_country_code default_country_code
ISO 3166 alpha2 country code to use when showing country selectors, such as ISO 3166 alpha2 country code to use when showing country selectors, such as
phone number inputs. Defaults to GB. phone number inputs. Defaults to GB.

20
type/__matrix_element/manifest
View file

@ -25,13 +25,11 @@ INSTALL_DIR=$(cat "$__object/parameter/install_dir")
export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name") export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name")
export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url") export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url")
export IDENTITY_SERVER_URL=$(cat "$__object/parameter/identity_server_url")
export BRAND=$(cat "$__object/parameter/brand") export BRAND=$(cat "$__object/parameter/brand")
export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code") export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code")
export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers") export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers")
export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url") export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url")
export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url") export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url")
export BRANDING_WELCOME_BACKGROUND_URL=$(cat "$__object/parameter/branding_welcome_background_url")
if [ -f "$__object/parameter/jitsi_domain" ]; then if [ -f "$__object/parameter/jitsi_domain" ]; then
export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain") export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain")
@ -46,24 +44,14 @@ if [ -f "$__object/parameter/branding_auth_footer_links" ]; then
fi fi
if [ -f "$__object/parameter/homepage" ]; then if [ -f "$__object/parameter/homepage" ]; then
export EMBED_HOMEPAGE=1
homepage=$(cat "$__object/parameter/homepage") homepage=$(cat "$__object/parameter/homepage")
if [ -f "$homepage" ]; then
upload_homepage=1
else
export HOME_PAGE_URL=$homepage
fi
fi fi
WELCOME_PAGE_URL="welcome.html"
if [ -f "$__object/parameter/welcomepage" ]; then if [ -f "$__object/parameter/welcomepage" ]; then
export EMBED_WELCOMEPAGE=1
welcomepage=$(cat "$__object/parameter/welcomepage") welcomepage=$(cat "$__object/parameter/welcomepage")
if [ -f welcomepage ]; then
export UPLOAD_WELCOMEPAGE=1
else
WELCOME_PAGE_URL=$welcomepage
fi fi
fi
export WELCOME_PAGE_URL
if [ -f "$__object/parameter/custom_asset" ]; then if [ -f "$__object/parameter/custom_asset" ]; then
"$__object/parameter/custom_asset" | while IFS= read -r file; do "$__object/parameter/custom_asset" | while IFS= read -r file; do
@ -103,14 +91,14 @@ require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json"
--mode 0664 \ --mode 0664 \
--state present --state present
if [ $upload_homepage ]; then if [ $EMBED_HOMEPAGE ]; then
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \ require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \
--source "$homepage" \ --source "$homepage" \
--mode 0664 \ --mode 0664 \
--state present --state present
fi fi
if [ $upload_welcomepage ]; then if [ $EMBED_WELCOMEPAGE ]; then
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \ require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \
--source "$welcomepage" \ --source "$welcomepage" \
--mode 0664 \ --mode 0664 \

1
type/__matrix_element/parameter/default/branding_welcome_background_url
View file

@ -1 +0,0 @@
themes/element/img/backgrounds/lake.jpg

2
type/__matrix_element/parameter/optional
View file

@ -1,6 +1,5 @@
default_server_url default_server_url
default_server_name default_server_name
identity_server_url
brand brand
default_country_code default_country_code
privacy_policy_url privacy_policy_url
@ -12,4 +11,3 @@ welcomepage
jitsi_domain jitsi_domain
branding_auth_header_logo_url branding_auth_header_logo_url
branding_auth_footer_links branding_auth_footer_links
branding_welcome_background_url

71
type/__matrix_synapse/files/homeserver.yaml.sh
View file

@ -448,7 +448,7 @@ retention:
# matter much because Synapse doesn't take it into account yet. # matter much because Synapse doesn't take it into account yet.
# #
default_policy: default_policy:
min_lifetime: ${MESSAGE_RETENTION_POLICY_MIN_LIFETIME:?} min_lifetime: 1d
max_lifetime: ${MESSAGE_RETENTION_POLICY_MAX_LIFETIME:?} max_lifetime: ${MESSAGE_RETENTION_POLICY_MAX_LIFETIME:?}
# Retention policy limits. If set, and the state of a room contains a # Retention policy limits. If set, and the state of a room contains a
@ -1175,26 +1175,14 @@ fi
cat << EOF cat << EOF
# The shared secret used to compute passwords for the TURN server # The shared secret used to compute passwords for the TURN server
# #
EOF turn_shared_secret: "$TURN_SHARED_SECRET"
if [ -n "$TURN_SHARED_SECRET" ]; then
echo "turn_shared_secret: \"$TURN_SHARED_SECRET\""
fi
cat << EOF
# The Username and password if the TURN server needs them and # The Username and password if the TURN server needs them and
# does not use a token # does not use a token
# #
EOF #turn_username: "TURNSERVER_USERNAME"
#turn_password: "TURNSERVER_PASSWORD"
if [ -n "$TURN_USERNAME" ] || [ "$TURN_PASSWORD" ]; then
cat <<- EOF
turn_username: "$TURN_USERNAME"
turn_password: "$TURN_PASSWORD"
EOF
fi
cat << EOF
# How long generated TURN credentials last # How long generated TURN credentials last
# #
turn_user_lifetime: ${TURN_USER_LIFETIME:?} turn_user_lifetime: ${TURN_USER_LIFETIME:?}
@ -1334,7 +1322,7 @@ fi
cat << EOF cat << EOF
# Enable 3PIDs lookup requests to identity servers from this server. # Enable 3PIDs lookup requests to identity servers from this server.
# #
enable_3pid_lookup: ${ENABLE_3PID_LOOKUPS:?} #enable_3pid_lookup: true
# If set, allows registration of standard or admin accounts by anyone who # If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled. # has the shared secret, even if registration is otherwise disabled.
@ -1342,12 +1330,9 @@ EOF
if [ -n "$REGISTRATION_SHARED_SECRET" ]; then if [ -n "$REGISTRATION_SHARED_SECRET" ]; then
echo "registration_shared_secret: '$REGISTRATION_SHARED_SECRET'" echo "registration_shared_secret: '$REGISTRATION_SHARED_SECRET'"
else
echo "# registration_shared_secret: 'secret'"
fi fi
cat << EOF cat << EOF
# Set the number of bcrypt rounds used to generate password hash. # Set the number of bcrypt rounds used to generate password hash.
# Larger numbers increase the work factor needed to generate the hash. # Larger numbers increase the work factor needed to generate the hash.
# The default number is 12 (which equates to 2^12 rounds). # The default number is 12 (which equates to 2^12 rounds).
@ -1368,13 +1353,7 @@ allow_guest_access: ${ALLOW_GUEST_ACCESS:?}
# (By default, no suggestion is made, so it is left up to the client.) # (By default, no suggestion is made, so it is left up to the client.)
# #
#default_identity_server: https://matrix.org #default_identity_server: https://matrix.org
EOF
if [ -n "$DEFAULT_IDENTITY_SERVER" ]; then
echo "default_identity_server: \"$DEFAULT_IDENTITY_SERVER\""
fi
cat << EOF
# Handle threepid (email/phone etc) registration and password resets through a set of # Handle threepid (email/phone etc) registration and password resets through a set of
# *trusted* identity servers. Note that this allows the configured identity server to # *trusted* identity servers. Note that this allows the configured identity server to
# reset passwords for accounts! # reset passwords for accounts!
@ -1717,24 +1696,7 @@ saml2_config:
# local: ["saml2/idp.xml"] # local: ["saml2/idp.xml"]
# remote: # remote:
# - url: https://our_idp/metadata.xml # - url: https://our_idp/metadata.xml
EOF
if [ -n "$SAML2_IDP_METADATA_URL" ]; then
cat << EOF
metadata:
remote:
- url: "$SAML2_IDP_METADATA_URL"
EOF
fi
if [ -n "$SAML2_SP_CERT" ] || [ -n "$SAML2_SP_KEY" ]; then
cat << EOF
key_file: "$SAML2_SP_KEY"
cert_file: "$SAML2_SP_CERT"
EOF
fi
cat << EOF
# Allowed clock difference in seconds between the homeserver and IdP. # Allowed clock difference in seconds between the homeserver and IdP.
# #
# Uncomment the below to increase the accepted time difference from 0 to 3 seconds. # Uncomment the below to increase the accepted time difference from 0 to 3 seconds.
@ -1808,15 +1770,7 @@ cat << EOF
# The custom module's class. Uncomment to use a custom module. # The custom module's class. Uncomment to use a custom module.
# #
#module: mapping_provider.SamlMappingProvider #module: mapping_provider.SamlMappingProvider
EOF
if [ -n "$SAML2_MAPPING_PROVIDER_MODULE" ]; then
cat << EOF
module: "$SAML2_MAPPING_PROVIDER_MODULE"
EOF
fi
cat << EOF
# Custom configuration values for the module. Below options are # Custom configuration values for the module. Below options are
# intended for the built-in provider, they should be changed if # intended for the built-in provider, they should be changed if
# using a custom module. This section will be passed as a Python # using a custom module. This section will be passed as a Python
@ -1846,17 +1800,6 @@ cat << EOF
# value will be used instead. # value will be used instead.
# #
#mxid_mapping: dotreplace #mxid_mapping: dotreplace
EOF
if [ -n "$SAML2_MAPPING_PROVIDER_EXTRA_CONFIG" ]; then
echo "$SAML2_MAPPING_PROVIDER_EXTRA_CONFIG" | while IFS= read -r entry; do
cat << EOF
$entry
EOF
done
fi
cat << EOF
# In previous versions of synapse, the mapping from SAML attribute to # In previous versions of synapse, the mapping from SAML attribute to
# MXID was always calculated dynamically rather than stored in a # MXID was always calculated dynamically rather than stored in a
@ -2191,7 +2134,7 @@ sso:
# You can see the default templates at: # You can see the default templates at:
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
# #
template_dir: "${SSO_TEMPLATE_DIR:?}" #template_dir: "res/templates"
# JSON web token integration. The following settings can be used to make # JSON web token integration. The following settings can be used to make
@ -2254,8 +2197,6 @@ password_config:
# Uncomment to disable password login # Uncomment to disable password login
# #
#enabled: false #enabled: false
enableed: ${ENABLE_PASSWORDCONFIG:?}
# Uncomment to disable authentication against the local password # Uncomment to disable authentication against the local password
# database. This is ignored if \`enabled\` is false, and is only useful # database. This is ignored if \`enabled\` is false, and is only useful

2
type/__matrix_synapse/gencode-remote
View file

@ -8,7 +8,7 @@ case "$os" in
synapse_conf_dir=/etc/synapse synapse_conf_dir=/etc/synapse
synapse_service=synapse synapse_service=synapse
;; ;;
debian|ubuntu) debian)
synapse_conf_dir=/etc/matrix-synapse synapse_conf_dir=/etc/matrix-synapse
synapse_service=matrix-synapse synapse_service=matrix-synapse
;; ;;

35
type/__matrix_synapse/man.rst
View file

@ -133,14 +133,6 @@ turn-uri
turn-shared-secret turn-shared-secret
Shared secret used to access the TURN REST API. Shared secret used to access the TURN REST API.
turn-username
Username used to authenticate against the TURN server if needed / a shared
secret token is not used.
turn-password
Password used to authenticate against the TURN server if needed / a shared
secret token is not used.
turn-user-lifetime turn-user-lifetime
Lifetime of TURN credentials. Defaults to 1h. Lifetime of TURN credentials. Defaults to 1h.
@ -189,25 +181,6 @@ bind-address
Address used to bind the synapse listeners. Can be specified multiple times. Address used to bind the synapse listeners. Can be specified multiple times.
Defaults to '::1' and '127.0.0.1'. Defaults to '::1' and '127.0.0.1'.
saml2-idp-metadata-url
HTTP(S) url to SAML2 Identity Provider (IdP), used for Single Sign On (SSO) logic.
saml2-sp-key
Path to PEM-formatted key file for use by PySAML2.
saml2-sp-cert
Path to PEM-formatted cert file for use by PySAML2.
saml2-mapping-provider-module
Name of custom Python module used to map SAML2 attributes to synapse internals.
saml2-mapping-provider-extra-settings
Extra YAML-formatted key/pair values provided as configuration to the SAML2
mapping provider module (e.g. 'key: value'). Can be specified multiple times.
sso-template-dir
Directory used to source SSO-related HTML templates.
extra-setting extra-setting
Arbitrary string to be added to the configuration file. Can be specified multiple times. Arbitrary string to be added to the configuration file. Can be specified multiple times.
@ -249,9 +222,6 @@ allow-public-rooms-without-auth
enable-server-notices enable-server-notices
Enable the server notices room. Enable the server notices room.
enable-3pid-lookups
Enable 3PIDs lookup requests to identity servers from this server.
allow-guest-access allow-guest-access
Allows users to register as guests without a password/email/etc, and Allows users to register as guests without a password/email/etc, and
participate in rooms hosted on this server which have been made accessible participate in rooms hosted on this server which have been made accessible
@ -286,11 +256,6 @@ worker-mode
processes are called 'workers'. Please read the WORKER MODE section of this processes are called 'workers'. Please read the WORKER MODE section of this
manpage before enabling, as extra work and considerations are required. manpage before enabling, as extra work and considerations are required.
enable-passwordconfig
For removing user/password tab on login screen.
when it set saml2-login, it remove user/password tab on login-screen.
default is true.
PERFORMANCE PERFORMANCE
----------- -----------

125
type/__matrix_synapse/manifest
View file

@ -20,23 +20,40 @@
# OS-specific configuration. # OS-specific configuration.
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
distribution=$(cat "$__global/explorer/lsb_codename")
case "$os" in case "$os" in
debian|ubuntu) debian)
synapse_user=matrix-synapse synapse_user=matrix-synapse
synapse_pkg=matrix-synapse-py3 synapse_pkg=matrix-synapse
synapse_service=matrix-synapse synapse_service=matrix-synapse
ldap_auth_provider_pkg=matrix-synapse-ldap3 ldap_auth_provider_pkg=matrix-synapse-ldap3
synapse_conf_dir='/etc/matrix-synapse' synapse_conf_dir='/etc/matrix-synapse'
synapse_data_dir='/var/lib/matrix-synapse' synapse_data_dir='/var/lib/matrix-synapse'
__apt_key matrix-org \ # See https://packages.debian.org/bullseye/matrix-synapse for state of
--uri https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg # synapse packaging in debian.
case "$distribution" in
require="__apt_key/matrix-org" __apt_source matrix-org \ stretch)
--uri https://packages.matrix.org/debian/ \ echo "The matrix-synapse package in debian stretch is outdated and unusable." >&2
--component main exit 1
package_req="__apt_source/matrix-org" ;;
buster)
# Enable debian-backports for debian Buster, as the 'stable'
# matrix-synapse package is ways too old (< 1.0).
apt_target_release=buster-backports
__apt_backports
;;
bullseye|sid)
# As of writting (2021-02), the default matrix-synapse of those
# release is perfectly usable.
:
;;
*)
echo "Unknown debian release '$distribution'. Exiting" >&2
exit 1
;;
esac
;; ;;
alpine) alpine)
synapse_user=synapse synapse_user=synapse
@ -169,11 +186,10 @@ fi
# Registrations and users. # Registrations and users.
ALLOW_GUEST_ACCESS=$(get_boolean_for 'allow-guest-access') ALLOW_GUEST_ACCESS=$(get_boolean_for 'allow-guest-access')
ENABLE_REGISTRATIONS=$(get_boolean_for 'enable-registrations') ENABLE_REGISTRATIONS=$(get_boolean_for 'enable-registrations')
ENABLE_PASSWORDCONFIG=$(get_boolean_for 'enable-passwordconfig')
USER_DIRECTORY_SEARCH_ALL_USERS=$(get_boolean_for 'user-directory-search-all-users') USER_DIRECTORY_SEARCH_ALL_USERS=$(get_boolean_for 'user-directory-search-all-users')
export ALLOW_GUEST_ACCESS ENABLE_REGISTRATIONS USER_DIRECTORY_SEARCH_ALL_USERS export ALLOW_GUEST_ACCESS ENABLE_REGISTRATIONS USER_DIRECTORY_SEARCH_ALL_USERS
if [ -f "$__object/parameter/registration-shared-secret" ]; then if [ -f "$__object/parameter/registration-shared-token" ]; then
REGISTRATION_SHARED_SECRET=$(cat "$__object/parameter/registration-shared-secret") REGISTRATION_SHARED_SECRET=$(cat "$__object/parameter/registration-shared-secret")
export REGISTRATION_SHARED_SECRET export REGISTRATION_SHARED_SECRET
fi fi
@ -192,57 +208,6 @@ if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then
export RESGISTRATION_ALLOWS_EMAIL_PATTERN export RESGISTRATION_ALLOWS_EMAIL_PATTERN
fi fi
if [ -f "$__object/parameter/saml2-idp-metadata-url" ]; then
# Synapse fails to start while trying to parse IDP metadata if this package
# is not installed.
__package xmlsec1
SAML2_IDP_METADATA_URL=$(cat "$__object/parameter/saml2-idp-metadata-url")
export SAML2_IDP_METADATA_URL
fi
if [ -f "$__object/parameter/saml2-sp-key" ]; then
SAML2_SP_KEY=$(cat "$__object/parameter/saml2-sp-key")
export SAML2_SP_KEY
fi
if [ -f "$__object/parameter/saml2-sp-cert" ]; then
SAML2_SP_CERT=$(cat "$__object/parameter/saml2-sp-cert")
export SAML2_SP_CERT
fi
if [ -f "$__object/parameter/saml2-mapping-provider-module" ]; then
SAML2_MAPPING_PROVIDER_MODULE=$(cat "$__object/parameter/saml2-mapping-provider-module")
export SAML2_MAPPING_PROVIDER_MODULE
fi
if [ -f "$__object/parameter/saml2-mapping-provider-extra-config" ]; then
SAML2_MAPPING_PROVIDER_EXTRA_CONFIG=$(cat "$__object/parameter/saml2-mapping-provider-extra-config")
export SAML2_MAPPING_PROVIDER_EXTRA_CONFIG
fi
SSO_TEMPLATE_DIR=$(cat "$__object/parameter/sso-template-dir")
export SSO_TEMPLATE_DIR
if [ -n "$SAML2_SP_KEY" ] && [ -z "$SAML2_SP_CERT" ]; then
echo "--saml2-sp-cert must be set if --saml2-sp-key is provided." >&2
exit 1
elif [ -n "$SAML2_SP_CERT" ] && [ -z "$SAML2_SP_KEY" ]; then
echo "--saml2-sp-key must be set if --saml2-sp-cert is provided." >&2
exit 1
fi
if [ -f "$__object/parameter/default-identity-server" ]; then
DEFAULT_IDENTITY_SERVER=$(cat "$__object/parameter/default-identity-server")
export DEFAULT_IDENTITY_SERVER
fi
ENABLE_3PID_LOOKUPS='false'
if [ -f "$__object/parameter/enable-3pid-lookups" ]; then
ENABLE_3PID_LOOKUPS='true'
fi
export ENABLE_3PID_LOOKUPS
# Federation. # Federation.
ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation') ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation')
ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth') ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth')
@ -258,8 +223,7 @@ fi
# Message retention. # Message retention.
ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-policy') ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-policy')
MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime") MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime")
MESSAGE_RETENTION_POLICY_MIN_LIFETIME=$MESSAGE_RETENTION_POLICY_MAX_LIFETIME export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME
export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME MESSAGE_RETENTION_POLICY_MIN_LIFETIME
# Previews. # Previews.
ENABLE_URL_PREVIEW=$(get_boolean_for 'enable-url-preview') ENABLE_URL_PREVIEW=$(get_boolean_for 'enable-url-preview')
@ -299,16 +263,6 @@ if [ -f "$__object/parameter/turn-uri" ]; then
export TURN_URIS export TURN_URIS
fi fi
if [ -f "$__object/parameter/turn-username" ]; then
TURN_USERNAME=$(cat "$__object/parameter/turn-username")
export TURN_USERNAME
fi
if [ -f "$__object/parameter/turn-password" ]; then
TURN_PASSWORD=$(cat "$__object/parameter/turn-password")
export TURN_PASSWORD
fi
# Worker-mode configuration. # Worker-mode configuration.
export MAIN_LISTENER_PORT=8008 export MAIN_LISTENER_PORT=8008
export ENABLE_MEDIA_REPO='true' export ENABLE_MEDIA_REPO='true'
@ -355,12 +309,25 @@ case "$DATABASE_ENGINE" in
esac esac
# Install OS packages. # Install OS packages. We have a bit of boilerplate to handle the debian
require="$package_req" __package "$synapse_pkg" # backports situation.
synapse_req=
if [ -n "$apt_target_release" ]; then
require="__apt_backports" __package_apt "$synapse_pkg" \
--target-release "$apt_target_release"
synapse_req="__package_apt/$synapse_pkg"
else
__package "$synapse_pkg"
synapse_req="__package/$synapse_pkg" synapse_req="__package/$synapse_pkg"
fi
if [ -n "$ENABLE_LDAP_AUTH" ]; then if [ -n "$ENABLE_LDAP_AUTH" ]; then
require="$package_req" __package "$ldap_auth_provider_pkg" if [ -n "$apt_target_release" ]; then
require="__package_apt/$synapse_pkg" __package_apt "$ldap_auth_provider_pkg" \
--target-release "$apt_target_release"
else
__package "$ldap_auth_provider_pkg"
fi
fi fi
# Generate and deploy configuration files. # Generate and deploy configuration files.
@ -383,8 +350,8 @@ for directory in $DATA_DIR $LOG_DIR; do
--owner $synapse_user --owner $synapse_user
done done
# Make dpkg-reconfigure happy on debian-based systems. # Make dpkg-reconfigure happy on debian systems.
if [ "$os" = "debian" ] || [ "$os" = "ubuntu" ]; then if [ "$os" = "debian" ]; then
require="$synapse_req" __file "$synapse_conf_dir/conf.d/server_name.yaml" \ require="$synapse_req" __file "$synapse_conf_dir/conf.d/server_name.yaml" \
--owner $synapse_user \ --owner $synapse_user \
--source - <<- EOF --source - <<- EOF

2
type/__matrix_synapse/parameter/boolean
View file

@ -17,5 +17,3 @@ user-directory-search-all-users
enable-message-retention-policy enable-message-retention-policy
worker-mode worker-mode
enable-url-preview enable-url-preview
enable-3pid-lookups
enable-passwordconfig

1
type/__matrix_synapse/parameter/default/enable-passwordconfig
View file

@ -1 +0,0 @@
true

1
type/__matrix_synapse/parameter/default/sso-template-dir
View file

@ -1 +0,0 @@
res/template

8
type/__matrix_synapse/parameter/optional
View file

@ -13,8 +13,6 @@ ldap-bind-password
ldap-filter ldap-filter
turn-shared-secret turn-shared-secret
turn-user-lifetime turn-user-lifetime
turn-username
turn-password
max-upload-size max-upload-size
smtp-host smtp-host
smtp-port smtp-port
@ -36,9 +34,3 @@ background-tasks-worker
tls-cert tls-cert
tls-private-key tls-private-key
registration-shared-secret registration-shared-secret
saml2-idp-metadata-url
saml2-sp-key
saml2-sp-cert
default-identity-server
saml2-mapping-provider-module
sso-template-dir

1
type/__matrix_synapse/parameter/optional_multiple
View file

@ -5,4 +5,3 @@ app-service-config-file
extra-setting extra-setting
bind-address bind-address
outbound-federation-worker outbound-federation-worker
saml2-mapping-provider-extra-config

2
type/__matrix_synapse_worker/files/matrix-synapse-worker@.service
View file

@ -15,7 +15,7 @@ NotifyAccess=main
User=matrix-synapse User=matrix-synapse
WorkingDirectory=/var/lib/matrix-synapse WorkingDirectory=/var/lib/matrix-synapse
EnvironmentFile=/etc/default/matrix-synapse EnvironmentFile=/etc/default/matrix-synapse
ExecStart=/opt/venvs/matrix-synapse/bin/python -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml ExecStart=/usr/bin/python3 -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure Restart=on-failure
RestartSec=3 RestartSec=3

20
type/__matterbridge/manifest
View file

@ -20,7 +20,7 @@
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
debian|ubuntu) debian)
# This type assume systemd for service installation. # This type assume systemd for service installation.
;; ;;
*) *)
@ -31,13 +31,11 @@ case "$os" in
esac esac
# Required parameters. # Required parameters.
version=$(cat "$__object/parameter/version") VERSION=$(cat "$__object/parameter/version")
if [ -f "$__object/parameter/config" ]; then if [ -f "$__object/parameter/config" ]; then
config="$(cat "$__object/parameter/config")" CONFIG="$(cat "$__object/parameter/config")"
if [ "$config" = "-" ]; then if [ "$CONFIG" = "-" ]; then
mkdir -p "$__object/files" CONFIG=$(cat "$__object/stdin")
config="$__object/files/matterbridge.toml"
cat "$__object/stdin" > "$config"
fi fi
fi fi
@ -48,11 +46,11 @@ export USER=matterbridge
export GROUP=$USER export GROUP=$USER
# Internal variables. # Internal variables.
artefact="matterbridge-$version-linux-64bit" artefact="matterbridge-$VERSION-linux-64bit"
checksum_file="checksums.txt" checksum_file="checksums.txt"
release_download_url=https://github.com/42wim/matterbridge/releases/download release_download_url=https://github.com/42wim/matterbridge/releases/download
binary_url="$release_download_url/v$version/$artefact" binary_url="$release_download_url/v$VERSION/$artefact"
checksum_file_url="$release_download_url/v$version/$checksum_file" checksum_file_url="$release_download_url/v$VERSION/$checksum_file"
config_dir=$(dirname $CONFIG_PATH) config_dir=$(dirname $CONFIG_PATH)
systemd_unit_path='/etc/systemd/system/matterbridge.service' systemd_unit_path='/etc/systemd/system/matterbridge.service'
@ -90,7 +88,7 @@ require="__user/$USER" __directory "$config_dir" \
require="__directory/$config_dir" __file "$CONFIG_PATH" \ require="__directory/$config_dir" __file "$CONFIG_PATH" \
--owner "$USER" \ --owner "$USER" \
--mode 0640 \ --mode 0640 \
--source "$config" --source "$CONFIG"
__file "$systemd_unit_path" \ __file "$systemd_unit_path" \
--source "$__object/files/matterbridge.service" --source "$__object/files/matterbridge.service"

10
type/__nginx/man.rst
View file

@ -28,16 +28,6 @@ uacme-hookscript
Custom hook passed to the __uacme_obtain type: useful to integrate the Custom hook passed to the __uacme_obtain type: useful to integrate the
dns-01 challenge with third-party DNS providers. dns-01 challenge with third-party DNS providers.
acme-url
ACMEv2 server directory object URL. Lets'Encrypt is used by default.
acme-eab-credentials
Specify RFC8555 External Account Binding credentials according to
https://tools.ietf.org/html/rfc8555#section-7.3.4, in order to associate a new
ACME account with an existing account in a non-ACME system such as a CA
customer database. KEYID must be an ASCII string. KEY must be
base64url-encoded.
EXAMPLES EXAMPLES
-------- --------

22
type/__nginx/manifest
View file

@ -36,20 +36,6 @@ then
set_custom_uacme_hookscript="--hookscript $uacme_hookscript" set_custom_uacme_hookscript="--hookscript $uacme_hookscript"
fi fi
set_custom_acme_url=
if [ -f "${__object:?}/parameter/acme-url" ];
then
custom_acme_url=$(cat "${__object:?}/parameter/acme-url")
set_custom_acme_url="--acme-url $custom_acme_url"
fi
set_acme_eab_credentials=
if [ -f "${__object:?}/parameter/acme-eab-credentials" ];
then
acme_eab_credentials=$(cat "${__object:?}/parameter/acme-eab-credentials")
set_acme_eab_credentials="--eab-credentials $acme_eab_credentials"
fi
# Deploy simple HTTP vhost, allowing to serve ACME challenges. # Deploy simple HTTP vhost, allowing to serve ACME challenges.
__nginx_vhost "301-to-https-$domain" \ __nginx_vhost "301-to-https-$domain" \
--domain "$domain" --altdomains "$altdomains" --to-https --domain "$domain" --altdomains "$altdomains" --to-https
@ -60,18 +46,12 @@ if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then
cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to") cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to")
fi fi
# shellcheck disable=SC2086 __uacme_account
__uacme_account \
$set_custom_acme_url \
$set_acme_eab_credentials \
# shellcheck disable=SC2086 # shellcheck disable=SC2086
require="__nginx_vhost/301-to-https-$domain __uacme_account" \ require="__nginx_vhost/301-to-https-$domain __uacme_account" \
__uacme_obtain "$domain" \ __uacme_obtain "$domain" \
--altdomains "$altdomains" \ --altdomains "$altdomains" \
$set_custom_uacme_hookscript \ $set_custom_uacme_hookscript \
$set_custom_acme_url \
$set_acme_eab_credentials \
--owner "$cert_ownership" \ --owner "$cert_ownership" \
--install-key-to "$nginx_certdir/$domain/privkey.pem" \ --install-key-to "$nginx_certdir/$domain/privkey.pem" \
--install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \ --install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \

2
type/__nginx/parameter/optional
View file

@ -2,6 +2,4 @@ config
domain domain
altdomains altdomains
uacme-hookscript uacme-hookscript
acme-url
acme-eab-credentials
force-cert-ownership-to force-cert-ownership-to

17
type/__uacme_account/gencode-remote
View file

@ -18,21 +18,6 @@ then
admin_mail="$(cat "${__object:?}/parameter/admin-mail")"; admin_mail="$(cat "${__object:?}/parameter/admin-mail")";
fi fi
# Autoaccept ACME server terms (if any) upon new account creation.
uacme_opts="--yes"
# Non-default ACMEv2 server directory object URL.
if [ -f "${__object:?}/parameter/acme-url" ]; then
custom_acme_url=$(cat "${__object:?}/parameter/acme-url")
uacme_opts="$uacme_opts --acme-url $custom_acme_url"
fi
# Specify RFC8555 External Account Binding credentials.
if [ -f "${__object:?}/parameter/eab-credentials" ]; then
eab_credentials=$(cat "${__object:?}/parameter/eab-credentials")
uacme_opts="$uacme_opts --eab $eab_credentials"
fi
confdir="${default_confdir:?}" confdir="${default_confdir:?}"
if [ -f "${__object:?}/parameter/confdir" ]; if [ -f "${__object:?}/parameter/confdir" ];
then then
@ -42,6 +27,6 @@ fi
cat << EOF cat << EOF
if ! [ -f "${confdir}/private/key.pem" ]; if ! [ -f "${confdir}/private/key.pem" ];
then then
uacme $uacme_opts new ${admin_mail} uacme -y new ${admin_mail}
fi fi
EOF EOF

11
type/__uacme_account/man.rst
View file

@ -23,16 +23,6 @@ confdir
admin-mail admin-mail
Administrative contact email to register the account with. Administrative contact email to register the account with.
acme-url
ACMEv2 server directory object URL. Lets'Encrypt is used by default.
eab-credentials
Specify RFC8555 External Account Binding credentials according to
https://tools.ietf.org/html/rfc8555#section-7.3.4, in order to associate a new
ACME account with an existing account in a non-ACME system such as a CA
customer database. KEYID must be an ASCII string. KEY must be
base64url-encoded. This is parameter is not supported by uacme < 1.6.
EXAMPLES EXAMPLES
-------- --------
@ -53,7 +43,6 @@ SEE ALSO
AUTHORS AUTHORS
------- -------
Joachim Desroches <joachim.desroches@epfl.ch> Joachim Desroches <joachim.desroches@epfl.ch>
Timothée Floure <timothee.floure@posteo.net>
COPYING COPYING
------- -------

2
type/__uacme_account/parameter/optional
View file

@ -1,4 +1,2 @@
confdir confdir
admin-mail admin-mail
acme-url
eab-credentials

4
type/__uacme_obtain/files/renew.sh.sh
View file

@ -7,8 +7,8 @@ UACME_CHALLENGE_PATH=${CHALLENGEDIR:?}
export UACME_CHALLENGE_PATH export UACME_CHALLENGE_PATH
# Issue certificate. # Issue certificate.
uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${ACME_URL?} \\ uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${MUST_STAPLE?} ${KEYTYPE?} \\
${EAB_CREDENTIALS?} ${MUST_STAPLE?} ${KEYTYPE?} issue -- ${DOMAIN:?} issue -- ${DOMAIN:?}
# Note: exit code 0 means that certificate was issued. # Note: exit code 0 means that certificate was issued.
# Note: exit code 1 means that certificate was still valid, hence not renewed. # Note: exit code 1 means that certificate was still valid, hence not renewed.

16
type/__uacme_obtain/manifest
View file

@ -69,22 +69,6 @@ then
fi fi
export MUST_STAPLE export MUST_STAPLE
# Non-default ACMEv2 server directory object URL.
ACME_URL=
if [ -f "${__object:?}/parameter/acme-url" ]; then
custom_acme_url=$(cat "${__object:?}/parameter/acme-url")
ACME_URL="--acme-url $custom_acme_url"
fi
export ACME_URL
# Specify RFC8555 External Account Binding credentials.
EAB_CREDENTIALS=
if [ -f "${__object:?}/parameter/eab-credentials" ]; then
eab_credentials_param=$(cat "${__object:?}/parameter/eab-credentials")
EAB_CREDENTIALS="--eab $eab_credentials_param"
fi
export EAB_CREDENTIALS
OWNER=root OWNER=root
if [ -f "${__object:?}/parameter/owner" ]; if [ -f "${__object:?}/parameter/owner" ];
then then

2
type/__uacme_obtain/parameter/optional
View file

@ -5,5 +5,3 @@ owner
install-cert-to install-cert-to
install-key-to install-key-to
renew-hook renew-hook
acme-url
eab-credentials