matze/cdist-contrib
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: matze:master
Branches Tags
matze:master
matze:netbox
matze:__matrix_synapse
matze:root-mail-dma
..
compare: matze:dfaeab2cf5a0d64640e67cdbbc8b26e490a52f72
Branches Tags
matze:netbox
matze:master
matze:__matrix_synapse
matze:root-mail-dma

2 commits
master ... dfaeab2cf5

Author SHA1 Message Date
Matthias Stecher
dfaeab2cf5 __netbox: add manpage warning for "big version jumps" 
As getting myself into trouble while upgrading from 2.10 to 3.1 cause of
an migration break which allowing upgrades only from 2.11, I've add this
warning or notice to be a bit more aware of this.
 2022-03-07 15:36:13 +01:00
Matthias Stecher
8aee2ec76d __netbox: pass handling of requirements.txt to pip3 
Previous handling passed a list of pip packages from the
requirements.txt via xargs to the pip install directly.

This is error-prone, as shown with the major 3 Netbox release. This type
breaks cause of comments inside of it. This commit fixes it, while
keeping the compatibility to install gnuicorn separate.
 2022-03-07 15:27:26 +01:00
126 changed files with 77 additions and 5216 deletions
Show stats Expand all files Collapse all files

21
.gitlab-ci.yml
View file

@ -1,29 +1,14 @@
stages:
- test
- doc
image: code.ungleich.ch:5050/ungleich-public/cdist-contrib/ci-container:latest
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
shellcheck:
stage: test
script:
- make lint
- ./scripts/run-shellcheck.sh
manpages:
stage: test
script:
- make check-manpages
docs:
stage: doc
only:
- master
before_script:
- eval $(ssh-agent -s)
- echo "$CD_SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- echo "$CD_SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- make html
- sftp fnux@staticwebhosting.ungleich.ch:public_html/cdist-contrib <<< "put -r docs/dist/html/*"
- ./scripts/run-manpage-checks.sh

6
CHANGELOG.md Normal file
View file

@ -0,0 +1,6 @@
# cdist-contrib changes
* 2020-06-07: New type: __unbound_exporter (Timothée Floure)
* 2020-06-07: Extended type: wire remote control configuration for __unbond (Timothée Floure)
* 2020-06-03: New type: __unbound (Timothée Floure)
* 2020-04-28: New type: __find_exec (Ander Punnar)

70
Makefile
View file

@ -1,70 +0,0 @@
.PHONY: help
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo "man build only man user documentation"
@echo "html build only html user documentation"
@echo "docs build both man and html user documentation"
@echo "check-manpages check for manpage in types"
@echo "lint run shellcheck on types"
@echo "check run both type manpage checks and linting"
@echo "clean clean"
DOCS_SRC_DIR=./docs/src
TYPEDIR=./type
SPHINXM=make -C $(DOCS_SRC_DIR) man
SPHINXH=make -C $(DOCS_SRC_DIR) html
SPHINXC=make -C $(DOCS_SRC_DIR) clean
################################################################################
# Manpages
#
MAN7DSTDIR=$(DOCS_SRC_DIR)/man7
# Use shell / ls to get complete list - $(TYPEDIR)/*/man.rst does not work
# Using ls does not work if no file with given pattern exist, so use wildcard
MANTYPESRC=$(wildcard $(TYPEDIR)/*/man.rst)
MANTYPEPREFIX=$(subst $(TYPEDIR)/,$(MAN7DSTDIR)/cdist-type,$(MANTYPESRC))
MANTYPES=$(subst /man.rst,.rst,$(MANTYPEPREFIX))
# Link manpage: do not create man.html but correct named file
$(MAN7DSTDIR)/cdist-type%.rst: $(TYPEDIR)/%/man.rst
mkdir -p $(MAN7DSTDIR)
ln -sf "../../../$^" $@
DOCSINDEX=$(MAN7DSTDIR)/index.rst
DOCSINDEXH=$(DOCS_SRC_DIR)/index.rst.sh
$(DOCSINDEX): $(DOCSINDEXH)
$(DOCSINDEXH)
# Manpages: .cdist Types
DOT_CDIST_PATH=${HOME}/.cdist
DOTMAN7DSTDIR=$(MAN7DSTDIR)
DOTTYPEDIR=$(DOT_CDIST_PATH)/type
# Link manpage: do not create man.html but correct named file
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
ln -sf "$^" $@
man: $(MANTYPES) $(DOCSINDEX)
$(SPHINXM)
html: $(MANTYPES) $(DOCSINDEX)
$(SPHINXH)
docs: man html
check-manpages:
./scripts/run-manpage-checks.sh
lint:
./scripts/run-shellcheck.sh
check: check-manpages lint
clean:
$(SPHINXC)
rm -f docs/src/index.rst
rm -rf docs/src/man7/
rm -rf docs/src/__pycache__/

18
README.md
View file

@ -5,9 +5,8 @@ tool with community-maitained types which are either too specific to fit/be
maintained in cdist itself or were not accepted in code cdist but could still
be useful.
This project does not have releases and is continously updated: see git history
for change log. You will find HTML documentation at
[contrib.cdi.st](https://contrib.cdi.st).
This project does not have releases and is continously updated: see
`CHANGELOG.md` for details.
## Using cdist-contrib
@ -33,11 +32,14 @@ And you would run [cdist][cdist] from the same directory as follows:
## Participating in the [cdist][cdist] community
Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix!
Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix or on
[#cdist over mattermost][cdistmattermost].
[cdist]: https://www.cdi.st/
[cdistconfig]: https://www.cdi.st/manual/latest/cdist-configuration.html
[cdistmatrix]: https://matrix.to/#/#cdist:ungleich.ch
[cdistmattermost]: https://chat.ungleich.ch/ungleich/channels/cdist
## Contributing
@ -51,11 +53,3 @@ Every type in cdist-contrib must:
* Have a `man.rst` documentation page.
* Pass [shellcheck](http://shellcheck.net/) without errors.
## Other resources
Some people/organizations are known to keep some cdist types that might be of
interest to others:
* [cdist-evilham](https://git.sr.ht/~evilham/cdist-evilham): Evilham's cdist-types
* [cdist-recycledcloud](https://code.recycled.cloud/e-Durable/cdist-recycledcloud): e-Durable SA / Recycled Cloud public types

235
docs/src/Makefile
View file

@ -1,235 +0,0 @@
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS ?=
SPHINXBUILD ?= sphinx-build
PAPER ?=
BUILDDIR ?= ../dist
# for cache, etc.
_BUILDDIR = _build
# User-friendly check for sphinx-build
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don\'t have Sphinx installed, grab it from http://sphinx-doc.org/)
endif
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(_BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " singlehtml to make a single large HTML file"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " applehelp to make an Apple Help Book"
@echo " devhelp to make HTML files and a Devhelp project"
@echo " epub to make an epub"
@echo " epub3 to make an epub3"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " latexpdf to make LaTeX files and run them through pdflatex"
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
@echo " text to make text files"
@echo " man to make manual pages"
@echo " texinfo to make Texinfo files"
@echo " info to make Texinfo files and run them through makeinfo"
@echo " gettext to make PO message catalogs"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " xml to make Docutils-native XML files"
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
@echo " coverage to run coverage check of the documentation (if enabled)"
@echo " dummy to check syntax errors of document sources"
.PHONY: clean
clean:
rm -rf $(BUILDDIR)/*
rm -rf $(_BUILDDIR)/*
.PHONY: html
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
.PHONY: dirhtml
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
.PHONY: singlehtml
singlehtml:
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
.PHONY: pickle
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
.PHONY: json
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
.PHONY: htmlhelp
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
.PHONY: qthelp
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/cdist-docs.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/cdist-docs.qhc"
.PHONY: applehelp
applehelp:
$(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp
@echo
@echo "Build finished. The help book is in $(BUILDDIR)/applehelp."
@echo "N.B. You won't be able to view it unless you put it in" \
"~/Library/Documentation/Help or install it in your application" \
"bundle."
.PHONY: devhelp
devhelp:
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/cdist-docs"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/cdist-docs"
@echo "# devhelp"
.PHONY: epub
epub:
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
.PHONY: epub3
epub3:
$(SPHINXBUILD) -b epub3 $(ALLSPHINXOPTS) $(BUILDDIR)/epub3
@echo
@echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3."
.PHONY: latex
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
.PHONY: latexpdf
latexpdf:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
.PHONY: latexpdfja
latexpdfja:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through platex and dvipdfmx..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
.PHONY: text
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
.PHONY: man
man:
$(SPHINXBUILD) -b cman $(ALLSPHINXOPTS) $(BUILDDIR)/man
mkdir -p $(BUILDDIR)/man/man7
mv -f $(BUILDDIR)/man/*.7 $(BUILDDIR)/man/man7/
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
.PHONY: texinfo
texinfo:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
.PHONY: info
info:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
.PHONY: gettext
gettext:
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
.PHONY: changes
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
.PHONY: linkcheck
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
.PHONY: doctest
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
.PHONY: coverage
coverage:
$(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage
@echo "Testing of coverage in the sources finished, look at the " \
"results in $(BUILDDIR)/coverage/python.txt."
.PHONY: xml
xml:
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
@echo
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
.PHONY: pseudoxml
pseudoxml:
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
@echo
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
.PHONY: dummy
dummy:
$(SPHINXBUILD) -b dummy $(ALLSPHINXOPTS) $(BUILDDIR)/dummy
@echo
@echo "Build finished. Dummy builder generates no files."

101
docs/src/conf.py
View file

@ -1,101 +0,0 @@
#!/usr/bin/env python3
import sys
import os
import sphinx_rtd_theme
from datetime import date
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
# sys.path.insert(0, os.path.abspath('.'))
sys.path.insert(0, os.path.abspath(os.path.join(
os.path.dirname(os.path.realpath(__file__)), "..", "..")))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'docs.src.manpage',
'sphinx.ext.extlinks',
]
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
source_suffix = ['.rst']
# The encoding of source files.
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = 'cdist-contrib'
copyright = 'cdist-contrib contributors'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
version = str(date.today())
release = os.popen('git rev-parse HEAD').read()
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# If true, `todo` and `todoList` produce output, else they produce nothing.
todo_include_todos = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'sphinx_rtd_theme'
html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
# Output file base name for HTML help builder.
htmlhelp_basename = 'cdistcontribdoc'
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
root_mandir = os.path.dirname(os.path.realpath(__file__))
mandirs = []
for mansubdir in ('man7',):
mandirs.append((os.path.join(root_mandir, mansubdir), mansubdir[-1]))
man_pages = []
for mandir, section in mandirs:
for root, dirs, files in os.walk(mandir):
for fname in files:
froot, fext = os.path.splitext(fname)
if fext == '.rst':
man_page = (os.path.join('man' + str(section), froot),
froot, '', [], section)
man_pages.append(man_page)
# man_pages = [
# ('cdist-type', 'cdist-type', 'cdist-type documentation',
# [author], 1),
# ('man7/cdist-type__file', 'cdist-type__file',
# '', [], 1),
# ('cdist-type__directory', 'cdist-type__directory',
# 'cdist-type__directory documentation', [author], 1),
# ]
# If true, show URL addresses after external links.
# man_show_urls = False

40
docs/src/index.rst.sh
View file

@ -1,40 +0,0 @@
#!/bin/sh
__cdist_pwd="$(pwd -P)"
__cdist_mydir="${0%/*}";
__cdist_abs_mydir="$(cd "$__cdist_mydir" && pwd -P)"
__cdist_myname=${0##*/};
__cdist_abs_myname="$__cdist_abs_mydir/$__cdist_myname"
filename="${__cdist_myname%.sh}"
dest="$__cdist_abs_mydir/$filename"
if ! command -v pandoc > /dev/null; then
echo "Pandoc is required to generate HTML index from README." >&2
exit 1
fi
cd "$__cdist_abs_mydir"
exec > "$dest"
pandoc -f markdown -t rst ../../README.md
cat << EOF
.. toctree::
:hidden:
EOF
# If there is no such file then ls prints error to stderr,
# so redirect stderr to /dev/null.
for type in $(ls man7/cdist-type__*.rst 2>/dev/null | LC_ALL=C sort); do
no_dir="${type#man7/}";
no_type="${no_dir#cdist-type}";
name="${no_type%.rst}";
manref="${no_dir%.rst}"
man="${manref}(7)"
echo " $name" "<man7/${manref}>"
done

87
docs/src/manpage.py
View file

@ -1,87 +0,0 @@
import sphinx.builders.manpage
import sphinx.writers.manpage
from docutils.frontend import OptionParser
from sphinx.util.console import bold, darkgreen
from six import string_types
from docutils.io import FileOutput
from os import path
from sphinx.util.nodes import inline_all_toctrees
from sphinx import addnodes
from sphinx.util import logging
"""
Extension based on sphinx builtin manpage.
It does not write its own .SH NAME based on config,
but leaves everything to actual reStructuredText file content.
"""
logger = logging.getLogger(__name__)
class ManualPageTranslator(sphinx.writers.manpage.ManualPageTranslator):
def header(self):
tmpl = (".TH \"%(title_upper)s\" \"%(manual_section)s\""
" \"%(date)s\" \"%(version)s\" \"%(manual_group)s\"\n")
return tmpl % self._docinfo
class ManualPageWriter(sphinx.writers.manpage.ManualPageWriter):
def __init__(self, builder):
super().__init__(builder)
self.translator_class = (
self.builder.get_translator_class() or ManualPageTranslator)
class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder):
name = 'cman'
default_translator_class = ManualPageTranslator
def write(self, *ignored):
docwriter = ManualPageWriter(self)
docsettings = OptionParser(
defaults=self.env.settings,
components=(docwriter,),
read_config_files=True).get_default_values()
logger.info(bold('writing... '), nonl=True)
for info in self.config.man_pages:
docname, name, description, authors, section = info
if isinstance(authors, string_types):
if authors:
authors = [authors]
else:
authors = []
targetname = '%s.%s' % (name, section)
logger.info(darkgreen(targetname) + ' { ', nonl=True)
destination = FileOutput(
destination_path=path.join(self.outdir, targetname),
encoding='utf-8')
tree = self.env.get_doctree(docname)
docnames = set()
largetree = inline_all_toctrees(self, docnames, docname, tree,
darkgreen, [docname])
logger.info('} ', nonl=True)
self.env.resolve_references(largetree, docname, self)
# remove pending_xref nodes
for pendingnode in largetree.traverse(addnodes.pending_xref):
pendingnode.replace_self(pendingnode.children)
largetree.settings = docsettings
largetree.settings.title = name
largetree.settings.subtitle = description
largetree.settings.authors = authors
largetree.settings.section = section
docwriter.write(largetree, destination)
logger.info("")
def setup(app):
app.add_builder(ManualPageBuilder)

7
scripts/ci-container/Dockerfile
View file

@ -1,7 +0,0 @@
# This image is used in the cdist-contrib CI for linting and generating the
# documentation.
FROM fedora:latest
MAINTAINER Timothée Floure <fnux@ungleich.ch>
RUN dnf install -y git findutils make python3-sphinx python3-sphinx_rtd_theme \
ShellCheck openssh-clients pandoc

26
scripts/run-shellcheck.sh
View file

@ -1,29 +1,21 @@
#!/bin/sh -eu
#!/bin/sh
SHELLCHECKCMD='shellcheck -s sh -f gcc -x'
SHELLCHECKCMD="shellcheck -s sh -f gcc -x"
# Skip SC2154 for variables starting with __ since such variables are cdist
# environment variables.
SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]'
SHELLCHECKTMP='.shellcheck.tmp'
SHELLCHECKTMP=".shellcheck.tmp"
# Move to top-level cdist-contrib directory.
cd "$(dirname $0)"/..
cd $(dirname $0)/..
check() {
find type/ -type f "$@" -exec ${SHELLCHECKCMD} {} + \
| grep -v "${SHELLCHECK_SKIP}" >>"${SHELLCHECKTMP}" || true
check () {
find type/ -type f $1 $2 -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
}
rm -f "${SHELLCHECKTMP}"
check -path '*/explorer/*'
check -path '*/files/*' -name '*.sh'
check -path "*/explorer/*"
check -path "*/files/*.sh"
check -name manifest
check -name gencode-local
check -name gencode-remote
if test -s "${SHELLCHECKTMP}"
then
cat "${SHELLCHECKTMP}" >&2
exit 1
fi

36
type/__borg_repo/gencode-remote
View file

@ -1,36 +0,0 @@
#!/bin/sh
passphrase=
appendonly=
case "$(cat "${__object:?}/parameter/encryption")" in
none)
enc=none
;;
repokey)
enc=repokey
if [ -f "${__object:?}/parameter/passphrase" ];
then
passphrase="$(cat "${__object:?}/parameter/passphrase")"
else
echo "__borg_repo cannot use repokey encryption with no passphrase. Aborting." >&2;
exit 1;
fi
;;
*)
echo "$enc is not a known encryption mode for __borg_repo. Aborting." >&2
exit 1;
esac
if [ -f "${__object:?}/parameter/append-only" ];
then
appendonly='--append-only'
fi
cat <<- EOF
if ! borg check --repository-only 1>&2 2>/dev/null "/${__object_id:?}";
then
BORG_NEW_PASSPHRASE=$passphrase borg init -e ${enc:?} $appendonly /${__object_id:?}
fi
EOF

43
type/__borg_repo/man.rst
View file

@ -1,43 +0,0 @@
cdist-type__borg_repo(7)
========================
NAME
----
cdist-type__borg_repo - Configure a borg repository on host
DESCRIPTION
-----------
Initializes a borg repository at the location specified in the
`${__object_id}`. Nothing is done if the repository already exists.
Currently, only `none` and `repokey` are supported as encryption modes;
`repokey` requires the `passphrase` argument to be given. The default is
`none`.
REQUIRED PARAMETERS
-------------------
encryption
The encryption to use.
OPTIONAL PARAMETERS
-------------------
passphrase
The passphrase to encrypt the keyfile with.
BOOLEAN PARAMETERS
------------------
append-only
If the repository is append-only
AUTHORS
-------
Joachim Desroches <joachim.desroches@epfl.ch>
COPYING
-------
Copyright \(C) 2020 Joachim Desroches. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

14
type/__borg_repo/manifest
View file

@ -1,14 +0,0 @@
#!/bin/sh
os="$(cat "${__global:?}"/explorer/os)"
case "$os" in
"alpine")
borg_package=borgbackup
;;
*)
echo "__borg_repo is not yet implemented for os $os. Aborting." >&2;
exit 1;
esac
__package "$borg_package"

1
type/__borg_repo/parameter/boolean
View file

@ -1 +0,0 @@
append-only

1
type/__borg_repo/parameter/default/encryption
View file

@ -1 +0,0 @@
none

1
type/__borg_repo/parameter/optional
View file

@ -1 +0,0 @@
passphrase

1
type/__borg_repo/parameter/required
View file

@ -1 +0,0 @@
encryption

49
type/__dma/explorer/auth_conf
View file

@ -1,49 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer determines the path of dma's auth.conf file
# No dma.conf -> use default
test -f /etc/dma/dma.conf || {
echo /etc/dma/auth.conf
exit 0
}
test -r /etc/dma/dma.conf || {
echo 'Cannot read /etc/dma/dma.conf' >&2
exit 1
}
# Get AUTHPATH from dma.conf
awk -F'[ \t]' '
{
sub(/#.*$/, "", $0) # remove comments
if (!$0) next # ignore empty lines
}
$1 == "AUTHPATH" {
# Store authpath. In dma conf parsing last wins.
if ($2) authpath = substr($0, index($0, " ") + 1)
}
END {
if (authpath) {
print authpath
exit 0
} else exit 1
}
' /etc/dma/dma.conf \
|| echo /etc/dma/auth.conf # default

34
type/__dma/explorer/conf
View file

@ -1,34 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer returns a sorted list of "active" (= non-commented) lines
# in the dma.conf file.
# "Trailing" line comments are stripped off.
#
# NOTE: This explorer assumes that the sort(1) utility supports the non-POXIX
# -s (stable sort) option.
CONF_PATH=/etc/dma # set in Makefile
dma_conf="${CONF_PATH:?}/dma.conf"
test -f "${dma_conf}" || exit 0
grep -v -e '^[ \t]*#\|^$' "${dma_conf}" \
| sed -e 's/[ \t]*#.*$//' \
| sort -s -k 1,1

178
type/__dma/files/update_dma_conf.awk
View file

@ -1,178 +0,0 @@
#!/usr/bin/awk -f
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
function comment_line(line) {
# returns the position in line at which the comment's text starts
# (0 if the line is not a comment)
match(line, /^[ \t]*\#+[ \t]*/)
return RSTART ? (RLENGTH + 1) : 0
}
function empty_line(line) { return line ~ /^[ \t]*$/ }
function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word"
function first(line, sep_re) {
# returns the part of the line until sep is found
# (or the whole line if sep is not found)
if (!sep_re) sep_re = "[" SUBSEP "]"
match(line, sep_re)
return RSTART ? substr(line, 1, RSTART - 1) : line
}
function rest(line, sep_re) {
# returns the part of the line after the first occurrence of sep is found.
# (or nothing if sep is not found)
if (!sep_re) sep_re = "[" SUBSEP "]"
if (match(line, sep_re))
return substr(line, RSTART + RLENGTH)
}
function conf_pop(word, value) {
# returns the next value for the config `word` and delete it from the list.
# if value is set, this function will only return value if it is the first
# option in the list, otherwise it returns 0.
if (!(word in conf)) return 0
if (!value) {
if (index(conf[word], SUBSEP)) # more than one element?
value = substr(conf[word], 1, index(conf[word], SUBSEP) - 1)
else
value = conf[word]
}
if (index(conf[word], SUBSEP)) {
if (index(conf[word], value SUBSEP) != 1) return 0
conf[word] = substr(conf[word], length(value) + 2)
} else {
if (conf[word] != value) return 0
delete conf[word]
}
return value
}
function print_conf(word, value) {
# print a config line with the given parameters
printf "%s", word
if (value) printf " %s", value
printf "\n"
}
function print_confs(word, value) {
# print config lines for all values stored in conf[word].
if (!(word in conf)) return
if (conf[word]) {
while (value = conf_pop(word))
print_conf(word, value)
} else {
print_conf(word)
delete conf[word]
}
}
BEGIN {
FS = "\n"
EQS = "[ \t]" # copied from dma/conf.c
if (ARGV[2]) exit (e=1)
# Loop over file twice!
ARGV[2] = ARGV[1]
ARGC++
# read the "should" state into the `conf` array.
while (getline < "/dev/stdin") {
word = first($0, EQS)
if ((word in conf))
conf[word] = conf[word] SUBSEP rest($0, EQS)
else
conf[word] = rest($0, EQS)
}
}
# first pass, gather information about where which information is stored in the
# current config file. This information will be used in the second pass.
NR == FNR {
if (comment_line($0)) {
# comment line
word = first(substr($0, comment_line($0)), " ")
if (is_word(word)) last_occ["#" word] = FNR
} else {
word = first($0, EQS)
if (is_word(word)) last_occ[word] = FNR
}
}
# before second pass prepare hashes containing location information to be used
# in the second pass.
NR > FNR && FNR == 1 {
# First we drop the locations of commented-out options if a non-commented
# option is available. If a non-commented option is available, we will
# append new config options there to have them all at one place.
for (k in last_occ)
if (k ~ /^\#/ && (substr(k, 2) in last_occ))
delete last_occ[k]
# Reverse the option => line mapping. The line_map allows for easier lookups
# in the second pass.
for (k in last_occ) line_map[last_occ[k]] = k
}
# second pass, generate and output new config
NR > FNR {
if (comment_line($0) || empty_line($0)) {
# comment or empty line
print
if ((FNR in line_map)) {
if (line_map[FNR] ~ /^\#/) {
# This line contains a commented config option. If the conf hash
# contains options to be set, we output them here because this
# option is not used in the current config.
k = substr(line_map[FNR], 2)
if ((k in conf)) print_confs(k)
}
if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) {
# INSECURE goes where SECURE comment is.
print_confs("INSECURE")
}
}
} else {
word = first($0, EQS)
value = rest($0, EQS)
sub(/[ \t]*\#.*$/, "", value) # ignore comments in value
if ((word in conf) && value == first(conf[word])) {
# keep config options we want
conf_pop(word)
print
}
if ((FNR in line_map) && line_map[FNR] == word) {
# rest of config options should be here
print_confs(word)
}
}
}
END {
if (e) exit
# print rest of config options (
for (word in conf) print_confs(word)
}

177
type/__dma/gencode-remote
View file

@ -1,177 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
CONF_PATH=/etc/dma # set in Makefile
# Determine mailname
if test -f "${__object:?}/parameter/mailname"
then
mailname=$(cat "${__object:?}/parameter/mailname")
else
case $(cat "${__global:?}/explorer/os")
in
(debian|devuan|ubuntu)
# On Debian-like systems use /etc/mailname unless --mailname is used
mailname='/etc/mailname'
;;
(*)
mailname=${__target_fqdn:?}
;;
esac
fi
# Generate "should" values for config
conf_should=$(
if test -s "${__object:?}/parameter/smarthost"
then
printf 'SMARTHOST %s\n' "$(cat "${__object:?}/parameter/smarthost")"
fi
printf 'MAILNAME %s\n' "${mailname}"
if test -s "${__object:?}/explorer/auth_conf"
then
printf "AUTHPATH %s\n" "$(cat "${__object:?}/explorer/auth_conf")"
fi
case $(cat "${__object:?}/parameter/security")
in
(ssl|tls)
default_smtp_port=465
echo 'SECURETRANSFER'
;;
(starttls)
default_smtp_port=587
echo 'SECURETRANSFER'
echo 'STARTTLS'
;;
(opportunistic)
default_smtp_port=25
echo 'SECURETRANSFER'
echo 'STARTTLS'
echo 'OPPORTUNISTIC_TLS'
;;
(insecure)
default_smtp_port=25
echo 'INSECURE'
;;
esac
if test -s "${__object:?}/parameter/port"
then
printf 'PORT %u\n' "$(cat "${__object:?}/parameter/port")"
elif test "${default_smtp_port}" -ne 25 # DMA uses port 25 by default
then
printf 'PORT %u\n' "${default_smtp_port}"
fi
if test -f "${__object:?}/parameter/masquerade"
then
while read -r line
do
printf 'MASQUERADE %s\n' "${line}"
done <"${__object:?}/parameter/masquerade"
fi
if test -f "${__object:?}/parameter/defer"
then
echo 'DEFER'
fi
if test -f "${__object:?}/parameter/fullbounce"
then
echo 'FULLBOUNCE'
fi
if test -f "${__object:?}/parameter/nullclient"
then
test -s "${__object:?}/parameter/smarthost" || {
echo '--nullclient requires a --smarthost to be defined' >&2
exit 1
}
echo 'NULLCLIENT'
fi
)
# Sort conf_should to compare against "conf_is"
conf_should=$(echo "${conf_should}" | sort -s -k 1,1)
config_updated=false
if ! echo "${conf_should}" | cmp -s "${__object:?}/explorer/conf" -
then
# config needs to be updated
dma_conf="${CONF_PATH:?}/dma.conf"
# The following AWK script will output the new config file to be stored on
# disk. To do so it reads the current dma.conf file and the config options
# that should be set (from stdin).
# Note that the path to the current dma.conf is passed to AWK twice, because
# the new file cannot be generated in one pass.
# The logic tries to place options at a sensible location, that is:
# a) if the option is already used in the config file:
# group all similar options (e.g. MASQUERADE) at one place in the order
# they are listed in stdin.
# b) if it is a new option and a "default comment" (e.g. "#PORT 25") exists:
# place options grouped directly after the comment (the comment is left
# alone)
# c) otherwise:
# options are grouped by word (the first word in the line) and appended
# at the end of the file.
cat <<-CODE
awk $(drop_awk_comments "${__type:?}/files/update_dma_conf.awk") $(quote "${dma_conf}") <<'EOF' >$(quote "${dma_conf}.tmp") \
&& cat $(quote "${dma_conf}.tmp") >$(quote "${dma_conf}")
${conf_should}
EOF
rm $(quote "${dma_conf}.tmp")
CODE
config_updated=true
echo 'config updated' >>"${__messages_out:?}"
fi
# Send a test email if enabled and necessary (=configuration changed)
if test -f "${__object:?}/parameter/send-test-mail"
then
if grep -q '^__mail_alias/root:' "${__messages_in:?}" \
|| grep -q '^__dma_auth/' "${__messages_in:?}" \
|| ${config_updated}
then
cat <<-CODE
sendmail root <<'EOF'
Subject: [cdist] Test mail from '${__target_fqdn:?}'
Hi,
you can ignore this message.
Its sole purpose is to notify you that root mail on ${__target_fqdn:?}
will be redirected to you.
Enjoy!
EOF
CODE
fi
fi

112
type/__dma/man.rst
View file

@ -1,112 +0,0 @@
cdist-type__dma(7)
============================
NAME
----
cdist-type__dma - Setup the DragonFly Mail Agent as the MTA.
DESCRIPTION
-----------
This (singleton) type uses DMA, a small Mail Transport Agent (MTA), to accept
mails from locally installed Mail User Agents (MUA) and either deliver the mails
to a remote smart host for delivery or communicate with remote SMTP servers
directly.
REQUIRED PARAMETERS
-------------------
None.
BOOLEAN PARAMETERS
------------------
defer
If enabled, mail will not be sent immediately, but stored in a queue.
To flush the queue and send the mails, ```dma -q`` has to be run
periodically (e.g. using a cron job.)
This type does not manage such a cron job, but some operating systems ship
such a cron job with the package.
fullbounce
Enable if bounce messages should include the complete original message,
not just the headers.
nullclient
Enable to bypass aliases and local delivery, and instead forward all mails
to the defined ``--smarthost``.
send-test-mail
If set, this type will send a test email to root after setup, to check if
the configured settings work.
OPTIONAL PARAMETERS
-------------------
mailname
If present, this will be the hostname used to identify this host and the
remote part of the sender addresses.
If not defined, it defaults to ``/etc/mailname`` on Debian derivatives and
to ``__target_fqdn`` otherwise.
See `dma(8)` for more information.
Note: on Debian derivatives the ``/etc/mailname`` file should be updated
instead of using this parameter.
masquerade
Masquerade the envelope-from addresses with this address/hostname.
Use this setting if mails are not accepted by destination mail servers
because your sender domain is invalid.
This option can be used multiple times.
For more information see the `dma(8)` man page.
port
The port on which to deliver email.
If not provided, a sensible default port will be used based on the
``--security`` argument.
security
Configures whether and how DMA should use secure connections.
ssl/tls
Enable TLS/SSL secured transfer.
starttls
Use STARTTLS to establish a secure connection.
opportunistic (default)
Will try to establish a secure connection using STARTTLS, but allow
unencrypted transfer if STARTTLS fails.
Most useful when dma is used without a smarthost, delivering remote
messages directly to the outside mail exchangers.
insecure
allow plain text SMTP login over an insecure connection.
Should really *not* be used anymore!
smarthost
The mail server used to send email.
It must be configured to act as a relay for the host being configured by
this type so that mail can be sent to users non-local to the smarthost.
EXAMPLES
--------
.. code-block:: sh
# Install DMA and use the smarthost mx1.domain.tld to send mail.
__dma --smarthost mx1.domain.tld --send-test-mail
# Install DMA in a default configuration.
__dma
SEE ALSO
--------
- `DragonFly Mail Agent <https://github.com/corecode/dma>`_
- `DragonFly Handbook MTA <https://www.dragonflybsd.org/handbook/mta/>`_
AUTHORS
-------
Evilham <contact@evilham.com>
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Evilham and Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

66
type/__dma/manifest
View file

@ -1,66 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "${__global:?}/explorer/os")
# Install DMA
case ${os}
in
(alpine)
__package dma --state present
export require='__package/dma'
;;
(debian|devuan|ubuntu)
__package dma --state present
export require='__package/dma'
;;
(freebsd)
# Stop sendmail if necessary
__process 'sendmail' --name 'sendmail.*' --state absent \
--stop '/etc/rc.d/sendmail onestop'
# ... and disable it
__key_value 'rcconf-sendmail-enable' --file '/etc/rc.conf' \
--key 'sendmail_enable' --delimiter '=' --value '"NONE"' \
--exact_delimiter
# Setup mailwrapper accordingly
__file '/etc/mail/mailer.conf' --mode 0644 --source - <<-'EOF'
#
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
#
sendmail /usr/libexec/dma
send-mail /usr/libexec/dma
mailq /usr/libexec/dma
newaliases /usr/libexec/dma
rmail /usr/libexec/dma
EOF
;;
(*)
cat <<EOF >&2
Your OS (${os}) is not supported yet.
Maybe adding support is as simple as adapting the packages or allowing it,
we highly encourage you to open a PR with the necessary changes.
See: https://code.ungleich.ch/ungleich-public/cdist-contrib/
EOF
exit 1
;;
esac

4
type/__dma/parameter/boolean
View file

@ -1,4 +0,0 @@
defer
fullbounce
nullclient
send-test-mail

1
type/__dma/parameter/default/security
View file

@ -1 +0,0 @@
opportunistic

4
type/__dma/parameter/optional
View file

@ -1,4 +0,0 @@
mailname
port
security
smarthost

1
type/__dma/parameter/optional_multiple
View file

@ -1 +0,0 @@
masquerade

0
type/__dma/singleton
View file

1
type/__dma_auth/explorer/auth_conf
View file

@ -1 +0,0 @@
../../__dma/explorer/auth_conf

91
type/__dma_auth/explorer/state
View file

@ -1,91 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer looks for a line matching the server parameter
# in dma's auth.conf and reports:
# present: a line matching login + host + password exists
# absent: no line matching login + host exists
# different_login: a line exists but with a different login user
# different_password: a line exists but with a different password
# multiple: multiple lines matching host exist (should not happen)
auth_conf=$("${__type_explorer:?}/auth_conf")
test -r "${auth_conf}" || exit 0
awk -F'\n' '
function getvalue(path) {
# Reads the first line of the file located at path and returns it.
getline < path
close(path)
return $0
}
BEGIN {
DP = "[: \t]" # copied from dma/conf.c
parameter_dir = ENVIRON["__object"] "/parameter/"
# Read the parameters of this object
host_param = ENVIRON["__object_id"]
login_param = getvalue(parameter_dir "login")
passwd_param = getvalue(parameter_dir "password")
state = "absent"
}
/^#/ || /^$/ {
# skip comments and empty lines
next
}
{
# parse line
login = substr($0, 1, index($0, "|") - 1)
if (!login) { login = $0 } # if no "|" found
host = substr($0, length(login) + 2)
if (match(host, DP)) {
passwd = substr(host, RSTART + 1)
host = substr(host, 1, RSTART - 1)
} else {
passwd = ""
}
}
host == host_param {
# a match…
if (state == "absent") {
if (login != login_param)
state = "different_login"
else if (passwd != passwd_param)
state = "different_password"
else
state = "present"
} else {
# report "multiple" to that the type can remove the duplicates.
state = "multiple"
}
}
END {
print state
}
' "${auth_conf}"

93
type/__dma_auth/files/update_dma_auth.awk
View file

@ -1,93 +0,0 @@
#!/usr/bin/awk -f
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
function getvalue(path) {
# Reads the first line of the file located at path and returns it.
getline < path
close(path)
return $0
}
function print_should() {
printf "%s|%s:%s\n", login_param, host_param, passwd_param
}
BEGIN {
FS = "\n"
DP = "[: \t]" # copied from dma/conf.c
parameter_dir = ENVIRON["__object"] "/parameter/"
mode = (getvalue(parameter_dir "state") != "absent")
host_param = ENVIRON["__object_id"]
login_param = getvalue(parameter_dir "login")
passwd_param = getvalue(parameter_dir "password")
}
# skip comments and empty lines
/^#/ || /^$/ {
print
next
}
{
# parse line (like dma/conf.c would)
login = substr($0, 1, index($0, "|") - 1)
if (!login) { login = $0 } # if no "|" found
host = substr($0, length(login) + 2)
if (match(host, DP)) {
passwd = substr(host, RSTART + 1)
host = substr(host, 1, RSTART - 1)
} else {
passwd = ""
}
}
host == host_param {
if (mode) {
# state_should == present
if (!written) {
# replace first line if host matches (but only if no line has
# been written already -> no duplicates)
print_should()
written = 1
}
next
} else {
# state_should == absent
next
}
}
# leave other lines alone
{
print
}
END {
if (mode && !written) {
# append line if no match to replace was found
print_should()
}
}

72
type/__dma_auth/gencode-remote
View file

@ -1,72 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
state_is=$(cat "${__object:?}/explorer/state")
state_should=$(cat "${__object:?}/parameter/state")
server=${__object_id:?}
login=$(cat "${__object:?}/parameter/login")
auth_conf=$(cat "${__object:?}/explorer/auth_conf")
test -n "${auth_conf}" || {
echo 'Cannot determine path of dma auth.conf' >&2
exit 1
}
if test "${state_is}" = "${state_should}"
then
# state is as it should
exit 0
fi
case ${state_should}
in
(present)
test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; }
if test "${state_is}" = 'absent'
then
printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
else
printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
fi
;;
(absent)
printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
;;
(*)
printf 'Invalid --state: %s.\n' "${state_should}" >&2
printf 'Acceptable values are: present, absent.\n' >&2
exit 1
;;
esac
cat <<EOF
test -f $(quote "${auth_conf}") || touch $(quote "${auth_conf}")
awk $(drop_awk_comments "${__type:?}/files/update_dma_auth.awk") <$(quote "${auth_conf}") >$(quote "${auth_conf}.tmp") \
&& cat $(quote "${auth_conf}.tmp") >$(quote "${auth_conf}")
rm -f $(quote "${auth_conf}.tmp")
EOF

66
type/__dma_auth/man.rst
View file

@ -1,66 +0,0 @@
cdist-type__dma_auth(7)
=======================
NAME
----
cdist-type__dma_auth - Configure SMTP logins for the DragonFly Mail Agent MTA.
DESCRIPTION
-----------
This cdist type allows you to set up credentials to log in to remote SMTP
servers.
NB: dma currently (v0.13) does not differentiate between users on a host.
It will use whatever user it finds in the ``auth.conf`` first.
Thus, this type will use the ``__object_id`` as the host specifier.
REQUIRED PARAMETERS
-------------------
login
The user's LOGIN name on the SMTP server.
password
The user's password (in plain text.)
OPTIONAL PARAMETERS
-------------------
state
Either ``present`` or ``absent``. Defaults to ``present``.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Set the password for smarthost
__dma_auth smarthost.example.com --login joe --password hunter2
# Set credentials for user at an external provider
__dma_auth mail.provider.com --login paul@example.com --password letmein
# Delete credentials for example.com (for all users)
__dma_auth example.com --login '' --password '' --state absent
SEE ALSO
--------
:strong:`cdist-type__dma`\ (7), :strong:`dma`\ (8)
AUTHORS
-------
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

0
type/__dma_auth/nonparallel
View file

1
type/__dma_auth/parameter/default/state
View file

@ -1 +0,0 @@
present

1
type/__dma_auth/parameter/optional
View file

@ -1 +0,0 @@
state

2
type/__dma_auth/parameter/required
View file

@ -1,2 +0,0 @@
login
password

7
type/__jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version
View file

@ -1,7 +0,0 @@
#!/bin/sh -e
EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
if [ -f "${EXPORTER_VERSION_FILE}" ]; then
cat "${EXPORTER_VERSION_FILE}"
fi

56
type/__jitsi_meet/files/debconf_settings.sh
View file

@ -1,56 +0,0 @@
#!/bin/sh -e
# This can be obtained with debconf-get-selections on a host with jitsi
# (and also analysing the deb-src)
if false; then
# We are currently not using these, just here as documentation
DEBCONF_SETTINGS="$(cat <<EOF
# Jicofo user password:
jicofo jicofo/jicofo-authpassword password STH
jitsi-meet-prosody jicofo/jicofo-authpassword password STH
# The secret used to connect to xmpp server as component
jitsi-meet-prosody jitsi-videobridge/jvbsecret password STH
jitsi-videobridge jitsi-videobridge/jvbsecret password STH
jitsi-videobridge2 jitsi-videobridge/jvbsecret password STH
# Jicofo Component secret:
jicofo jicofo/jicofosecret password STH
jitsi-meet-prosody jicofo/jicofosecret password STH
# Jicofo username:
jicofo jicofo/jicofo-authuser string focus
jitsi-meet-prosody jicofo/jicofo-authuser string focus
# The hostname of the current installation:
jitsi-meet-turnserver jitsi-meet-turnserver/jvb-hostname string ${JITSI_HOST}
# Full local server path to the SSL certificate file:
jitsi-meet-web-config jitsi-meet/cert-path-crt string
# Full local server path to the SSL key file:
jitsi-meet-web-config jitsi-meet/cert-path-key string
EOF
)"
fi
DEBCONF_SETTINGS="$(cat <<EOF
# The hostname of the current installation:
jitsi-meet-web-config jitsi-meet/jvb-hostname string ${JITSI_HOST}
# Hostname:
jicofo jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
jitsi-meet-prosody jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
jitsi-meet-turnserver jitsi-videobridge/jvb-hostname string ${TURN_SERVER}
jitsi-meet-web-config jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
jitsi-videobridge jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
jitsi-videobridge2 jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
# The hostname of the current installation:
jitsi-meet-prosody jitsi-meet-prosody/jvb-hostname string ${JITSI_HOST}
# SSL certificate for the Jitsi Meet instance
# Choices: Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate), I want to use my own certificate
jitsi-meet-web-config jitsi-meet/cert-choice select Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)
EOF
)"
if [ -n "${TURN_SECRET}" ]; then
DEBCONF_SETTINGS="$(cat <<EOF
${DEBCONF_SETTINGS}
# The turn server secret
jitsi-meet-prosody jitsi-meet-prosody/turn-secret string ${TURN_SECRET}
EOF
)"
fi

10
type/__jitsi_meet/files/ufw
View file

@ -1,10 +0,0 @@
#!/bin/sh -e
# Setup firewall
__ufw
# Allow jitsi ports
require="__ufw" __ufw_rule http --rule 'allow 80/tcp'
require="__ufw" __ufw_rule https --rule 'allow 443/tcp'
require="__ufw" __ufw_rule jitsi_prom --rule 'allow 9888/tcp'
require="__ufw" __ufw_rule avfallback --rule 'allow 4443/tcp'
require="__ufw" __ufw_rule avdefault --rule 'allow 10000/udp'

5
type/__jitsi_meet/gencode-remote
View file

@ -1,5 +0,0 @@
#!/bin/sh -e
if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
echo "service nginx reload"
fi

84
type/__jitsi_meet/man.rst
View file

@ -1,84 +0,0 @@
cdist-type__jitsi_meet(7)
=================================
NAME
----
cdist-type__jitsi_meet - Setup the server-side of Jitsi-Meet.
DESCRIPTION
-----------
This (singleton) type installs and configures jitsi-meet automatically.
It does so by following loosely the official quick-install instructions and
eXO's notes for installing and managing Jitsi Meet instances.
This type also sets up nginx in a way that is compatible with
`__letsencrypt_cert` and assumes that it will only serve Jitsi instances.
You will also need the `__jitsi_meet_domain` type in order to finish setting up
the web frontend (including TLS certificates) and its settings.
You may want to use the `files/ufw` example manifest for a `__ufw`-based
firewall compatible with this type.
This file does not include rules for TCP port 9888, which exposes the
prometheus exporter if not disabled.
You should apply your own rules here.
This type only works on De{bi,vu}an systems.
NOTE: This type currently does not deal with setting up coturn.
For that, you might want to check `__coturn` in
https://code.ungleich.ch/ungleich-public/cdist-contrib
In that case, this type should run *after* `__coturn`.
OPTIONAL PARAMETERS
-------------------
turn-secret
The shared secret for the TURN server.
turn-server
The hostname of the TURN server.
This will assume that it is listening with TLS on port 443.
BOOLEAN PARAMETERS
------------------
disable-prometheus-exporter
This type enables a prometheus exporter for jitsi by default, if you would
rather not have that, pass this parameter.
The explorer is based on:
https://github.com/systemli/prometheus-jitsi-meet-exporter
EXAMPLES
--------
.. code-block:: sh
# Setup the firewall
. "${__global}/type/__jitsi_meet/files/ufw"
export require="__ufw"
# Setup Jitsi on this host
__jitsi_meet \
--turn-server "turn.exo.cat" \
--turn-secret "WeNeedGoodSecurity"
SEE ALSO
--------
- `__jitsi_meet_domain`
AUTHORS
-------
Evilham <contact@evilham.com>
COPYING
-------
Copyright \(C) 2020 Evilham.

197
type/__jitsi_meet/manifest
View file

@ -1,197 +0,0 @@
#!/bin/sh -e
os="$(cat "${__global}/explorer/os")"
init="$(cat "${__global}/explorer/init")"
case "${os}" in
devuan|debian)
;;
*)
echo "Your OS '${os}' is currently not supported." > /dev/stderr
exit 1
;;
esac
JITSI_HOST="${__target_host}"
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
if [ -z "${TURN_SERVER}" ]; then
TURN_SERVER="${JITSI_HOST}"
fi
PROMETHEUS_JITSI_EXPORTER_IS_VERSION="$(cat "${__object}/explorer/prometheus-jitsi-meet-explorer-version")"
# The rest is loosely based on Jitsi's documentation
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
# Setup repositories
## First the signing keys
__package gnupg2
require="__package/gnupg2" __apt_key_uri jitsi_meet \
--name 'Jitsi <dev@jitsi.org>' \
--uri https://download.jitsi.org/jitsi-key.gpg.key \
--state present
## Now the repositories (they are a tad weird, so distribution is 'stable/')
require="__apt_key_uri/jitsi_meet" __apt_source jitsi_meet \
--uri 'https://download.jitsi.org' \
--distribution 'stable/' \
--state present
## Ensure apt cache is up-to-date
require="__apt_source/jitsi_meet" __apt_update_index
export require="${require} __apt_source/jitsi_meet __apt_update_index"
# Pre-feed debconf settings, so Jitsi's installation has a good config
# shellcheck source=type/__jitsi_meet/files/debconf_settings.sh
. "${__type}/files/debconf_settings.sh" # This defines DEBCONF_SETTINGS
__debconf_set_selections jitsi_meet --file - <<EOF
${DEBCONF_SETTINGS}
EOF
export require="${require} __debconf_set_selections/jitsi_meet"
# Install and upgrade packages as needed
__package jitsi-meet
# Proceed only after installation/upgrade has finished
export require="__package/jitsi-meet"
# TODO: generalise and move out
# Prep nginx for acme settings
NGINX_ETC="/etc/nginx"
#
# Setup the acme-challenge snippet
#
__directory "${NGINX_ETC}/snippets" --state present
require="__directory${NGINX_ETC}/snippets" __file "${NGINX_ETC}/snippets/acme-challenge.conf" \
--mode 644 \
--source - << EOF
# This file is managed remotely, all changes will be lost
# This was heavily inspired by debops.org.
# Automatic Certificate Management Environment (ACME) support.
# https://tools.ietf.org/html/draft-ietf-acme-acme-01
# https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment
# Return the ACME challenge present in the server public root.
# If not found, switch to global web server root.
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
try_files \$uri @well-known-acme-challenge;
}
# Return the ACME challenge present in the global server public root.
# If not present, redirect request to a specified domain.
location @well-known-acme-challenge {
root /usr/share/jitsi-meet;
default_type "text/plain";
try_files \$uri @redirect-acme-challenge;
}
# Redirect the ACME challenge to a different host. If a redirect loop is
# detected, return 404.
location @redirect-acme-challenge {
if (\$arg_redirect) {
return 404;
}
return 307 \$scheme://${ACME_DOMAIN}\$request_uri?redirect=yes;
}
# Return 404 if ACME challenge well known path is accessed directly.
location = /.well-known/acme-challenge/ {
return 404;
}
EOF
__directory "${NGINX_ETC}/sites-available" --state present
require="__directory${NGINX_ETC}/sites-available" __file "${NGINX_ETC}/sites-available/default" \
--mode 644 \
--source - << EOF
# This file is managed remotely, all changes will be lost
# nginx server configuration for:
server {
# Listen on IPv4
listen 80;
# Note: there is an ipv6only=off flag, but it is Linux-only
# incidentally, that defaults to "on", which is what causes
# not having the double listen to listen on IPv6-only
listen [::]:80;
server_name welcome;
root /srv/www/sites/welcome/public;
include snippets/acme-challenge.conf;
location / {
return 301 https://\$host\$request_uri;
}
}
EOF
# These two should be changed on new release
PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.2"
PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:c64852b1cf63efd1632ec07ac9fcead09baccc1bd8c7b21ca830a0d82d00fb3d"
PROMETHEUS_JITSI_EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${PROMETHEUS_JITSI_EXPORTER_VERSION}/prometheus-jitsi-meet-exporter-linux-amd64"
PROMETHEUS_JITSI_EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then
case "${init}" in
init|sysvinit)
__runit
require="__runit" __runit_service \
prometheus-jitsi-meet-exporter --log --source - <<EOF
#!/bin/sh -e
cd /tmp
exec chpst -u "nobody:nogroup" env HOME="/tmp" \\
prometheus-jitsi-meet-exporter \\
-videobridge-url 'http://localhost:8888/stats' \\
-web.listen-address ':9888' 2>&1
EOF
export require="__runit_service/prometheus-jitsi-meet-exporter"
JITSI_MEET_EXPORTER_SERVICE="sv %s prometheus-jitsi-meet-exporter"
;;
systemd)
__systemd_unit prometheus-jitsi-meet-exporter.service \
--source "-" \
--enablement-state "enabled" <<EOF
[Unit]
Description=Metrics Exporter for Jitsi Meet
After=network.target
[Service]
Type=simple
DynamicUser=yes
ExecStart=/usr/local/bin/prometheus-jitsi-meet-exporter -videobridge-url 'http://localhost:8888/stats' -web.listen-address ':9888'
Restart=always
[Install]
WantedBy=multi-user.target
EOF
export require="__systemd_unit/prometheus-jitsi-meet-exporter.service"
JITSI_MEET_EXPORTER_SERVICE="service prometheus-jitsi-meet-exporter %s"
;;
esac
if [ "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" != \
"${PROMETHEUS_JITSI_EXPORTER_IS_VERSION}" ]; then
# shellcheck disable=SC2059
__download \
/tmp/prometheus-jitsi-meet-exporter \
--url "${PROMETHEUS_JITSI_EXPORTER_URL}" \
--download remote \
--sum "${PROMETHEUS_JITSI_EXPORTER_CHECKSUM}" \
--onchange "$(printf "${JITSI_MEET_EXPORTER_SERVICE}" "stop") || true; chmod 555 /tmp/prometheus-jitsi-meet-exporter && mv /tmp/prometheus-jitsi-meet-exporter /usr/local/bin/prometheus-jitsi-meet-exporter && $(printf "${JITSI_MEET_EXPORTER_SERVICE}" "restart")"
printf "%s" "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" | \
require="${require} __download/tmp/prometheus-jitsi-meet-exporter" __file \
"${PROMETHEUS_JITSI_EXPORTER_VERSION_FILE}" \
--source "-"
fi
fi
# TODO: disable the exporter if it is deployed and then admin changes their mind

1
type/__jitsi_meet/parameter/boolean
View file

@ -1 +0,0 @@
disable-prometheus-exporter

0
type/__jitsi_meet/parameter/default/turn-server
View file

2
type/__jitsi_meet/parameter/optional
View file

@ -1,2 +0,0 @@
turn-secret
turn-server

0
type/__jitsi_meet/singleton
View file

700
type/__jitsi_meet_domain/files/config.js.sh
View file

@ -1,700 +0,0 @@
#!/bin/sh -e
# shellcheck disable=SC2034 # This is intended to be included
JITSI_CONFIG_JS="$(cat <<EOF
/* eslint-disable no-unused-vars, no-var */
var config = {
// Connection
//
hosts: {
// XMPP domain.
domain: '${JITSI_HOST}',
// When using authentication, domain for guest users.
// anonymousdomain: 'guest.example.com',
// Domain for authenticated users. Defaults to <domain>.
// authdomain: '${JITSI_HOST}',
// Call control component (Jigasi).
// call_control: 'callcontrol.${JITSI_HOST}',
// Focus component domain. Defaults to focus.<domain>.
// focus: 'focus.${JITSI_HOST}',
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
muc: 'conference.<!--# echo var="subdomain" default="" -->${JITSI_HOST}'
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '//${JITSI_HOST}/http-bind',
// Websocket URL
// websocket: 'wss://${JITSI_HOST}/xmpp-websocket',
// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',
// The real JID of focus participant - can be overridden here
// Do not change username - FIXME: Make focus username configurable
// https://github.com/jitsi/jitsi-meet/issues/7376
// focusUserJid: 'focus@auth.${JITSI_HOST}',
// Testing / experimental features.
//
testing: {
// Disables the End to End Encryption feature. Useful for debugging
// issues related to insertable streams.
// disableE2EE: false,
// P2P test mode disables automatic switching to P2P when there are 2
// participants in the conference.
p2pTestMode: false
// Enables the test specific features consumed by jitsi-meet-torture
// testMode: false
// Disables the auto-play behavior of *all* newly created video element.
// This is useful when the client runs on a host with limited resources.
// noAutoPlayVideo: false
// Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
// simulcast is turned off for the desktop share. If presenter is turned
// on while screensharing is in progress, the max bitrate is automatically
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
// the probability for this to be enabled.
// capScreenshareBitrate: 1 // 0 to disable
// Enable callstats only for a percentage of users.
// This takes a value between 0 and 100 which determines the probability for
// the callstats to be enabled.
// callStatsThreshold: 5 // enable callstats for 5% of the users.
},
// Disables ICE/UDP by filtering out local and remote UDP candidates in
// signalling.
// webrtcIceUdpDisable: false,
// Disables ICE/TCP by filtering out local and remote TCP candidates in
// signalling.
// webrtcIceTcpDisable: false,
// Media
//
// Audio
// Disable measuring of audio levels.
disableAudioLevels: $(if [ -n "${DISABLE_AUDIO_LEVELS}" ]; then printf "true"; else printf "false"; fi),
// audioLevelsInterval: 200,
// Enabling this will run the lib-jitsi-meet no audio detection module which
// will notify the user if the current selected microphone has no audio
// input and will suggest another valid device if one is present.
enableNoAudioDetection: true,
// Enabling this will run the lib-jitsi-meet noise detection module which will
// notify the user if there is noise, other than voice, coming from the current
// selected microphone. The purpose it to let the user know that the input could
// be potentially unpleasant for other meeting participants.
enableNoisyMicDetection: true,
// Start the conference in audio only mode (no video is being received nor
// sent).
// startAudioOnly: false,
// Every participant after the Nth will start audio muted.
// startAudioMuted: 10,
// Start calls with audio muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithAudioMuted: false,
// Enabling it (with #params) will disable local audio output of remote
// participants and to enable it back a reload is needed.
// startSilent: false
// Sets the preferred target bitrate for the Opus audio codec by setting its
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
// Valid values are in the range 6000 to 510000
// opusMaxAverageBitrate: 20000,
// Enables redundancy for Opus
// enableOpusRed: false
// Video
// Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720,
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
// Use -1 to disable.
// maxFullResolutionParticipants: 2,
// w3c spec-compliant video constraints to use for video capture. Currently
// used by browsers that return true from lib-jitsi-meet's
// util#browser#usesNewGumFlow. The constraints are independent from
// this config's resolution value. Defaults to requesting an ideal
// resolution of 720p.
// constraints: {
// video: {
// height: {
// ideal: 720,
// max: 720,
// min: 240
// }
// }
// },
$(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Enable / disable simulcast support.
// disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD
// layers are not in use will be suspended (no longer sent) until they
// are requested again.
// enableLayerSuspension: false,
// Every participant after the Nth will start video muted.
startVideoMuted: ${START_VIDEO_MUTED},
// Start calls with video muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithVideoMuted: false,
// If set to true, prefer to use the H.264 video codec (if supported).
// Note that it's not recommended to do this because simulcast is not
// supported when using H.264. For 1-to-1 calls this setting is enabled by
// default and can be toggled in the p2p section.
// This option has been deprecated, use preferredCodec under videoQuality section instead.
// preferH264: true,
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// Desktop sharing
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
// desktopSharingFrameRate: {
// min: 5,
// max: 5
// },
// Try to start calls with screen-sharing instead of camera video.
// startScreenSharing: false,
// Recording
// Whether to enable file recording or not.
// fileRecordingsEnabled: false,
// Enable the dropbox integration.
// dropbox: {
// appKey: '<APP_KEY>' // Specify your app key here.
// // A URL to redirect the user to, after authenticating
// // by default uses:
// // 'https://${JITSI_HOST}/static/oauth.html'
// redirectURI:
// 'https://${JITSI_HOST}/subfolder/static/oauth.html'
// },
// When integrations like dropbox are enabled only that will be shown,
// by enabling fileRecordingsServiceEnabled, we show both the integrations
// and the generic recording service (its configuration and storage type
// depends on jibri configuration)
// fileRecordingsServiceEnabled: false,
// Whether to show the possibility to share file recording with other people
// (e.g. meeting participants), based on the actual implementation
// on the backend.
// fileRecordingsServiceSharingEnabled: false,
// Whether to enable live streaming or not.
// liveStreamingEnabled: false,
// Transcription (in interface_config,
// subtitles and buttons can be configured)
// transcribingEnabled: false,
// Enables automatic turning on captions when recording is started
// autoCaptionOnRecord: false,
// Misc
// Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: ${CHANNEL_LAST_N},
// Provides a way to use different "last N" values based on the number of participants in the conference.
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
// participants gets to or above the number.
//
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
// will be used as default until the first threshold is reached.
//
// lastNLimits: {
// 5: 20,
// 30: 15,
// 50: 10,
// 70: 5,
// 90: 2
// },
// Specify the settings for video quality optimizations on the client.
// videoQuality: {
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
// disabledCodec: 'H264',
//
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
// // to take effect.
// preferredCodec: 'VP8',
//
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
// // This is currently not implemented on app based clients on mobile.
// maxBitratesVideo: {
// low: 200000,
// standard: 500000,
// high: 1500000
// },
//
// // The options can be used to override default thresholds of video thumbnail heights corresponding to
// // the video quality levels used in the application. At the time of this writing the allowed levels are:
// // 'low' - for the low quality level (180p at the time of this writing)
// // 'standard' - for the medium quality level (360p)
// // 'high' - for the high quality level (720p)
// // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
// //
// // With the default config value below the application will use 'low' quality until the thumbnails are
// // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
// // the high quality.
// minHeightForQualityLvl: {
// 360: 'standard,
// 720: 'high'
// }
// },
// // Options for the recording limit notification.
// recordingLimit: {
//
// // The recording limit in minutes. Note: This number appears in the notification text
// // but doesn't enforce the actual recording time limit. This should be configured in
// // jibri!
// limit: 60,
//
// // The name of the app with unlimited recordings.
// appName: 'Unlimited recordings APP',
//
// // The URL of the app with unlimited recordings.
// appURL: 'https://unlimited.recordings.app.com/'
// },
// Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false,
// Disables or enables TCC (the default is in Jicofo and set to true)
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
// affects congestion control, it practically enables send-side bandwidth
// estimations.
// enableTcc: true,
// Disables or enables REMB (the default is in Jicofo and set to false)
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
// control, it practically enables recv-side bandwidth estimations. When
// both TCC and REMB are enabled, TCC takes precedence. When both are
// disabled, then bandwidth estimations are disabled.
// enableRemb: false,
// Enables ICE restart logic in LJM and displays the page reload overlay on
// ICE failure. Current disabled by default because it's causing issues with
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
// not a real ICE restart), the client maintains the TCC sequence number
// counter, but the bridge resets it. The bridge sends media packets with
// TCC sequence numbers starting from 0.
// enableIceRestart: false,
// Defines the minimum number of participants to start a call (the default
// is set in Jicofo and set to 2).
// minParticipants: 2,
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
// we filter out TURN/UDP because it is usually not needed since the
// bridge itself is reachable via UDP)
// useTurnUdp: false
// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel).
// openBridgeChannel: true,
openBridgeChannel: 'websocket',
// UI
//
// Hides lobby button
// hideLobbyButton: false,
// Require users to always specify a display name.
// requireDisplayName: true,
// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
enableWelcomePage: true,
// Enabling the close page will ignore the welcome page redirection when
// a call is hangup.
// enableClosePage: false,
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// disable1On1Mode: false,
// Default language for the user interface.
defaultLanguage: '${DEFAULT_LANGUAGE}',
// If true all users without a token will be considered guests and all users
// with token will be considered non-guests. Only guests will be allowed to
// edit their profile.
enableUserRolesBasedOnToken: false,
// Whether or not some features are checked based on token.
// enableFeaturesBasedOnToken: false,
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
// lockRoomGuestEnabled: false,
// When enabled the password used for locking a room is restricted to up to the number of digits specified
// roomPasswordNumberOfDigits: 10,
// default: roomPasswordNumberOfDigits: false,
// Message to show the users. Example: 'The service will be down for
// maintenance at 01:00 AM GMT,
noticeMessage: '${NOTICE_MESSAGE}',
// Enables calendar integration, depends on googleApiApplicationClientID
// and microsoftApiApplicationClientID
// enableCalendarIntegration: false,
// When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// prejoinPageEnabled: false,
// If true, shows the unsafe room name warning label when a room name is
// deemed unsafe (due to the simplicity in the name) and a password is not
// set or the lobby is not enabled.
// enableInsecureRoomNameWarning: false,
// Whether to automatically copy invitation URL after creating a room.
// Document should be focused for this option to work
// enableAutomaticUrlCopy: false,
// Stats
//
// Whether to enable stats collection or not in the TraceablePeerConnection.
// This can be useful for debugging purposes (post-processing/analysis of
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
// estimation tests.
// gatherStats: false,
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
// pcStatsInterval: 10000,
// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',
// Enables sending participants' display names to callstats
// enableDisplayNameInStats: false,
// Enables sending participants' emails (if available) to callstats and other analytics
// enableEmailInStats: false,
// Privacy
//
// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// will not function.
disableThirdPartyRequests: $(if [ -z "${ENABLE_THIRD_PARTY_REQUESTS}" ]; then printf "true"; else printf "false"; fi),
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
//
p2p: {
// Enables peer to peer mode. When enabled the system will try to
// establish a direct connection when there are exactly 2 participants
// in the room. If that succeeds the conference will stop sending data
// through the JVB and use the peer to peer connection instead. When a
// 3rd participant joins the conference will be moved back to the JVB
// connection.
enabled: true,
// The STUN servers that will be used in the peer to peer connections
stunServers: [
{ urls: 'stun:${TURN_SERVER}:443' }
]
// Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay',
// but that is subject to change in the future. The enum is defined in
// the WebRTC standard:
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
// If not set, the effective value is 'all'.
// iceTransportPolicy: 'all',
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
// is supported). This setting is deprecated, use preferredCodec instead.
// preferH264: true
// Provides a way to set the video codec preference on the p2p connection. Acceptable
// codec values are 'VP8', 'VP9' and 'H264'.
// preferredCodec: 'H264',
// If set to true, disable H.264 video codec by stripping it out of the
// SDP. This setting is deprecated, use disabledCodec instead.
// disableH264: false,
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
// disabledCodec: '',
// How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload).
// backToP2PDelay: 5
},
analytics: {
// The Google Analytics Tracking ID:
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
// Matomo configuration:
// matomoEndpoint: 'https://your-matomo-endpoint/',
// matomoSiteID: '42',
// The Amplitude APP Key:
// amplitudeAPPKey: '<APP_KEY>'
// Configuration for the rtcstats server:
// By enabling rtcstats server every time a conference is joined the rtcstats
// module connects to the provided rtcstatsEndpoint and sends statistics regarding
// PeerConnection states along with getStats metrics polled at the specified
// interval.
// rtcstatsEnabled: true,
// In order to enable rtcstats one needs to provide a endpoint url.
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
// The interval at which rtcstats will poll getStats, defaults to 1000ms.
// If the value is set to 0 getStats won't be polled and the rtcstats client
// will only send data related to RTCPeerConnection events.
// rtcstatsPolIInterval: 1000
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
// scriptURLs: [
// "libs/analytics-ga.min.js", // google-analytics
// "https://example.com/my-custom-analytics.js"
// ],
},
// Logs that should go be passed through the 'log' event if a handler is defined for it
// apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
// Information about the jitsi-meet instance we are connecting to, including
// the user region as seen by the server.
deploymentInfo: {
// shard: "shard1",
// region: "europe",
// userRegion: "asia"
},
// Decides whether the start/stop recording audio notifications should play on record.
// disableRecordAudioNotification: false,
// Information for the chrome extension banner
// chromeExtensionBanner: {
// // The chrome extension to be installed address
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
// // Extensions info which allows checking if they are installed or not
// chromeExtensionsInfo: [
// {
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
// path: 'jitsi-logo-48x48.png'
// }
// ]
// },
// Local Recording
//
// localRecording: {
// Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
// button to show up on the toolbar.
//
// enabled: true,
//
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
// format: 'flac'
//
// },
// Options related to end-to-end (participant to participant) ping.
// e2eping: {
// // The interval in milliseconds at which pings will be sent.
// // Defaults to 10000, set to <= 0 to disable.
// pingInterval: 10000,
//
// // The interval in milliseconds at which analytics events
// // with the measured RTT will be sent. Defaults to 60000, set
// // to <= 0 to disable.
// analyticsInterval: 60000,
// },
// If set, will attempt to use the provided video input device label when
// triggering a screenshare, instead of proceeding through the normal flow
// for obtaining a desktop stream.
// NOTE: This option is experimental and is currently intended for internal
// use only.
// _desktopSharingSourceDevice: 'sample-id-or-label',
// If true, any checks to handoff to another application will be prevented
// and instead the app will continue to display in the current browser.
// disableDeepLinking: false,
// A property to disable the right click context menu for localVideo
// the menu has option to flip the locally seen video for local presentations
// disableLocalVideoFlip: false,
// Mainly privacy related settings
// Disables all invite functions from the app (share, invite, dial out...etc)
// disableInviteFunctions: true,
// Disables storing the room name to the recents list
// doNotStoreRoom: true,
// Deployment specific URLs.
// deploymentUrls: {
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
// // user documentation.
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
// // to the specified URL for an app download page.
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
// },
// Options related to the remote participant menu.
// remoteVideoMenu: {
// // If set to true the 'Kick out' button will be disabled.
// disableKick: true
// },
// If set to true all muting operations of remote participants will be disabled.
// disableRemoteMute: true,
/**
External API url used to receive branding specific information.
If there is no url set or there are missing fields, the defaults are applied.
None of the fields are mandatory and the response must have the shape:
{
// The hex value for the colour used as background
backgroundColor: '#fff',
// The url for the image used as background
backgroundImageUrl: 'https://example.com/background-img.png',
// The anchor url used when clicking the logo image
logoClickUrl: 'https://example-company.org',
// The url used for the image used as logo
logoImageUrl: 'https://example.com/logo-img.png'
}
*/
brandingDataUrl: "$(if [ -n "${BRANDING_JSON}" ]; then printf "/branding.json"; fi)",
// The URL of the moderated rooms microservice, if available. If it
// is present, a link to the service will be rendered on the welcome page,
// otherwise the app doesn't render it.
// moderatedRoomServiceUrl: 'https://moderated.${JITSI_HOST}',
// List of undocumented settings used in jitsi-meet
/**
_immediateReloadThreshold
debug
debugAudioLevels
deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl
dialOutCodesUrl
disableRemoteControl
displayJids
etherpad_base
externalConnectUrl
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
iAmSipGateway
microsoftApiApplicationClientID
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
*/
/**
* This property can be used to alter the generated meeting invite links (in combination with a branding domain
* which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
* can become https://brandedDomain/roomAlias)
*/
// brandingRoomAlias: null,
// List of undocumented settings used in lib-jitsi-meet
/**
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableNS
enableLipSync
enableTalkWhileMuted
forceJVB121Ratio
hiddenDomain
ignoreStartMuted
nick
startBitrate
*/
// Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value.
makeJsonParserHappy: 'even if last key had a trailing comma'
// no configuration value should follow this line.
};
/* eslint-enable no-unused-vars, no-var */
EOF
)"

694
type/__jitsi_meet_domain/files/config.js.sh.orig
View file

@ -1,694 +0,0 @@
/* eslint-disable no-unused-vars, no-var */
var config = {
// Connection
//
hosts: {
// XMPP domain.
domain: 'jitsi-meet.example.org',
// When using authentication, domain for guest users.
// anonymousdomain: 'guest.example.com',
// Domain for authenticated users. Defaults to <domain>.
// authdomain: 'jitsi-meet.example.org',
// Call control component (Jigasi).
// call_control: 'callcontrol.jitsi-meet.example.org',
// Focus component domain. Defaults to focus.<domain>.
// focus: 'focus.jitsi-meet.example.org',
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
muc: 'conference.<!--# echo var="subdomain" default="" -->jitsi-meet.example.org'
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '//jitsi-meet.example.org/http-bind',
// Websocket URL
// websocket: 'wss://jitsi-meet.example.org/xmpp-websocket',
// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',
// The real JID of focus participant - can be overridden here
// Do not change username - FIXME: Make focus username configurable
// https://github.com/jitsi/jitsi-meet/issues/7376
// focusUserJid: 'focus@auth.jitsi-meet.example.org',
// Testing / experimental features.
//
testing: {
// Disables the End to End Encryption feature. Useful for debugging
// issues related to insertable streams.
// disableE2EE: false,
// P2P test mode disables automatic switching to P2P when there are 2
// participants in the conference.
p2pTestMode: false
// Enables the test specific features consumed by jitsi-meet-torture
// testMode: false
// Disables the auto-play behavior of *all* newly created video element.
// This is useful when the client runs on a host with limited resources.
// noAutoPlayVideo: false
// Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
// simulcast is turned off for the desktop share. If presenter is turned
// on while screensharing is in progress, the max bitrate is automatically
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
// the probability for this to be enabled.
// capScreenshareBitrate: 1 // 0 to disable
// Enable callstats only for a percentage of users.
// This takes a value between 0 and 100 which determines the probability for
// the callstats to be enabled.
// callStatsThreshold: 5 // enable callstats for 5% of the users.
},
// Disables ICE/UDP by filtering out local and remote UDP candidates in
// signalling.
// webrtcIceUdpDisable: false,
// Disables ICE/TCP by filtering out local and remote TCP candidates in
// signalling.
// webrtcIceTcpDisable: false,
// Media
//
// Audio
// Disable measuring of audio levels.
// disableAudioLevels: false,
// audioLevelsInterval: 200,
// Enabling this will run the lib-jitsi-meet no audio detection module which
// will notify the user if the current selected microphone has no audio
// input and will suggest another valid device if one is present.
enableNoAudioDetection: true,
// Enabling this will run the lib-jitsi-meet noise detection module which will
// notify the user if there is noise, other than voice, coming from the current
// selected microphone. The purpose it to let the user know that the input could
// be potentially unpleasant for other meeting participants.
enableNoisyMicDetection: true,
// Start the conference in audio only mode (no video is being received nor
// sent).
// startAudioOnly: false,
// Every participant after the Nth will start audio muted.
// startAudioMuted: 10,
// Start calls with audio muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithAudioMuted: false,
// Enabling it (with #params) will disable local audio output of remote
// participants and to enable it back a reload is needed.
// startSilent: false
// Sets the preferred target bitrate for the Opus audio codec by setting its
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
// Valid values are in the range 6000 to 510000
// opusMaxAverageBitrate: 20000,
// Enables redundancy for Opus
// enableOpusRed: false
// Video
// Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720,
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
// Use -1 to disable.
// maxFullResolutionParticipants: 2,
// w3c spec-compliant video constraints to use for video capture. Currently
// used by browsers that return true from lib-jitsi-meet's
// util#browser#usesNewGumFlow. The constraints are independent from
// this config's resolution value. Defaults to requesting an ideal
// resolution of 720p.
// constraints: {
// video: {
// height: {
// ideal: 720,
// max: 720,
// min: 240
// }
// }
// },
// Enable / disable simulcast support.
// disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD
// layers are not in use will be suspended (no longer sent) until they
// are requested again.
// enableLayerSuspension: false,
// Every participant after the Nth will start video muted.
// startVideoMuted: 10,
// Start calls with video muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithVideoMuted: false,
// If set to true, prefer to use the H.264 video codec (if supported).
// Note that it's not recommended to do this because simulcast is not
// supported when using H.264. For 1-to-1 calls this setting is enabled by
// default and can be toggled in the p2p section.
// This option has been deprecated, use preferredCodec under videoQuality section instead.
// preferH264: true,
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// Desktop sharing
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
// desktopSharingFrameRate: {
// min: 5,
// max: 5
// },
// Try to start calls with screen-sharing instead of camera video.
// startScreenSharing: false,
// Recording
// Whether to enable file recording or not.
// fileRecordingsEnabled: false,
// Enable the dropbox integration.
// dropbox: {
// appKey: '<APP_KEY>' // Specify your app key here.
// // A URL to redirect the user to, after authenticating
// // by default uses:
// // 'https://jitsi-meet.example.org/static/oauth.html'
// redirectURI:
// 'https://jitsi-meet.example.org/subfolder/static/oauth.html'
// },
// When integrations like dropbox are enabled only that will be shown,
// by enabling fileRecordingsServiceEnabled, we show both the integrations
// and the generic recording service (its configuration and storage type
// depends on jibri configuration)
// fileRecordingsServiceEnabled: false,
// Whether to show the possibility to share file recording with other people
// (e.g. meeting participants), based on the actual implementation
// on the backend.
// fileRecordingsServiceSharingEnabled: false,
// Whether to enable live streaming or not.
// liveStreamingEnabled: false,
// Transcription (in interface_config,
// subtitles and buttons can be configured)
// transcribingEnabled: false,
// Enables automatic turning on captions when recording is started
// autoCaptionOnRecord: false,
// Misc
// Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: -1,
// Provides a way to use different "last N" values based on the number of participants in the conference.
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
// participants gets to or above the number.
//
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
// will be used as default until the first threshold is reached.
//
// lastNLimits: {
// 5: 20,
// 30: 15,
// 50: 10,
// 70: 5,
// 90: 2
// },
// Specify the settings for video quality optimizations on the client.
// videoQuality: {
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
// disabledCodec: 'H264',
//
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
// // to take effect.
// preferredCodec: 'VP8',
//
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
// // This is currently not implemented on app based clients on mobile.
// maxBitratesVideo: {
// low: 200000,
// standard: 500000,
// high: 1500000
// },
//
// // The options can be used to override default thresholds of video thumbnail heights corresponding to
// // the video quality levels used in the application. At the time of this writing the allowed levels are:
// // 'low' - for the low quality level (180p at the time of this writing)
// // 'standard' - for the medium quality level (360p)
// // 'high' - for the high quality level (720p)
// // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
// //
// // With the default config value below the application will use 'low' quality until the thumbnails are
// // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
// // the high quality.
// minHeightForQualityLvl: {
// 360: 'standard,
// 720: 'high'
// }
// },
// // Options for the recording limit notification.
// recordingLimit: {
//
// // The recording limit in minutes. Note: This number appears in the notification text
// // but doesn't enforce the actual recording time limit. This should be configured in
// // jibri!
// limit: 60,
//
// // The name of the app with unlimited recordings.
// appName: 'Unlimited recordings APP',
//
// // The URL of the app with unlimited recordings.
// appURL: 'https://unlimited.recordings.app.com/'
// },
// Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false,
// Disables or enables TCC (the default is in Jicofo and set to true)
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
// affects congestion control, it practically enables send-side bandwidth
// estimations.
// enableTcc: true,
// Disables or enables REMB (the default is in Jicofo and set to false)
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
// control, it practically enables recv-side bandwidth estimations. When
// both TCC and REMB are enabled, TCC takes precedence. When both are
// disabled, then bandwidth estimations are disabled.
// enableRemb: false,
// Enables ICE restart logic in LJM and displays the page reload overlay on
// ICE failure. Current disabled by default because it's causing issues with
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
// not a real ICE restart), the client maintains the TCC sequence number
// counter, but the bridge resets it. The bridge sends media packets with
// TCC sequence numbers starting from 0.
// enableIceRestart: false,
// Defines the minimum number of participants to start a call (the default
// is set in Jicofo and set to 2).
// minParticipants: 2,
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
// we filter out TURN/UDP because it is usually not needed since the
// bridge itself is reachable via UDP)
// useTurnUdp: false
// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel).
// openBridgeChannel: true,
openBridgeChannel: 'websocket',
// UI
//
// Hides lobby button
// hideLobbyButton: false,
// Require users to always specify a display name.
// requireDisplayName: true,
// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
enableWelcomePage: true,
// Enabling the close page will ignore the welcome page redirection when
// a call is hangup.
// enableClosePage: false,
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// disable1On1Mode: false,
// Default language for the user interface.
// defaultLanguage: 'en',
// If true all users without a token will be considered guests and all users
// with token will be considered non-guests. Only guests will be allowed to
// edit their profile.
enableUserRolesBasedOnToken: false,
// Whether or not some features are checked based on token.
// enableFeaturesBasedOnToken: false,
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
// lockRoomGuestEnabled: false,
// When enabled the password used for locking a room is restricted to up to the number of digits specified
// roomPasswordNumberOfDigits: 10,
// default: roomPasswordNumberOfDigits: false,
// Message to show the users. Example: 'The service will be down for
// maintenance at 01:00 AM GMT,
// noticeMessage: '',
// Enables calendar integration, depends on googleApiApplicationClientID
// and microsoftApiApplicationClientID
// enableCalendarIntegration: false,
// When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// prejoinPageEnabled: false,
// If true, shows the unsafe room name warning label when a room name is
// deemed unsafe (due to the simplicity in the name) and a password is not
// set or the lobby is not enabled.
// enableInsecureRoomNameWarning: false,
// Whether to automatically copy invitation URL after creating a room.
// Document should be focused for this option to work
// enableAutomaticUrlCopy: false,
// Stats
//
// Whether to enable stats collection or not in the TraceablePeerConnection.
// This can be useful for debugging purposes (post-processing/analysis of
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
// estimation tests.
// gatherStats: false,
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
// pcStatsInterval: 10000,
// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',
// Enables sending participants' display names to callstats
// enableDisplayNameInStats: false,
// Enables sending participants' emails (if available) to callstats and other analytics
// enableEmailInStats: false,
// Privacy
//
// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// will not function.
// disableThirdPartyRequests: false,
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
//
p2p: {
// Enables peer to peer mode. When enabled the system will try to
// establish a direct connection when there are exactly 2 participants
// in the room. If that succeeds the conference will stop sending data
// through the JVB and use the peer to peer connection instead. When a
// 3rd participant joins the conference will be moved back to the JVB
// connection.
enabled: true,
// The STUN servers that will be used in the peer to peer connections
stunServers: [
// { urls: 'stun:jitsi-meet.example.org:3478' },
{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
]
// Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay',
// but that is subject to change in the future. The enum is defined in
// the WebRTC standard:
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
// If not set, the effective value is 'all'.
// iceTransportPolicy: 'all',
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
// is supported). This setting is deprecated, use preferredCodec instead.
// preferH264: true
// Provides a way to set the video codec preference on the p2p connection. Acceptable
// codec values are 'VP8', 'VP9' and 'H264'.
// preferredCodec: 'H264',
// If set to true, disable H.264 video codec by stripping it out of the
// SDP. This setting is deprecated, use disabledCodec instead.
// disableH264: false,
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
// disabledCodec: '',
// How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload).
// backToP2PDelay: 5
},
analytics: {
// The Google Analytics Tracking ID:
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
// Matomo configuration:
// matomoEndpoint: 'https://your-matomo-endpoint/',
// matomoSiteID: '42',
// The Amplitude APP Key:
// amplitudeAPPKey: '<APP_KEY>'
// Configuration for the rtcstats server:
// By enabling rtcstats server every time a conference is joined the rtcstats
// module connects to the provided rtcstatsEndpoint and sends statistics regarding
// PeerConnection states along with getStats metrics polled at the specified
// interval.
// rtcstatsEnabled: true,
// In order to enable rtcstats one needs to provide a endpoint url.
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
// The interval at which rtcstats will poll getStats, defaults to 1000ms.
// If the value is set to 0 getStats won't be polled and the rtcstats client
// will only send data related to RTCPeerConnection events.
// rtcstatsPolIInterval: 1000
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
// scriptURLs: [
// "libs/analytics-ga.min.js", // google-analytics
// "https://example.com/my-custom-analytics.js"
// ],
},
// Logs that should go be passed through the 'log' event if a handler is defined for it
// apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
// Information about the jitsi-meet instance we are connecting to, including
// the user region as seen by the server.
deploymentInfo: {
// shard: "shard1",
// region: "europe",
// userRegion: "asia"
},
// Decides whether the start/stop recording audio notifications should play on record.
// disableRecordAudioNotification: false,
// Information for the chrome extension banner
// chromeExtensionBanner: {
// // The chrome extension to be installed address
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
// // Extensions info which allows checking if they are installed or not
// chromeExtensionsInfo: [
// {
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
// path: 'jitsi-logo-48x48.png'
// }
// ]
// },
// Local Recording
//
// localRecording: {
// Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
// button to show up on the toolbar.
//
// enabled: true,
//
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
// format: 'flac'
//
// },
// Options related to end-to-end (participant to participant) ping.
// e2eping: {
// // The interval in milliseconds at which pings will be sent.
// // Defaults to 10000, set to <= 0 to disable.
// pingInterval: 10000,
//
// // The interval in milliseconds at which analytics events
// // with the measured RTT will be sent. Defaults to 60000, set
// // to <= 0 to disable.
// analyticsInterval: 60000,
// },
// If set, will attempt to use the provided video input device label when
// triggering a screenshare, instead of proceeding through the normal flow
// for obtaining a desktop stream.
// NOTE: This option is experimental and is currently intended for internal
// use only.
// _desktopSharingSourceDevice: 'sample-id-or-label',
// If true, any checks to handoff to another application will be prevented
// and instead the app will continue to display in the current browser.
// disableDeepLinking: false,
// A property to disable the right click context menu for localVideo
// the menu has option to flip the locally seen video for local presentations
// disableLocalVideoFlip: false,
// Mainly privacy related settings
// Disables all invite functions from the app (share, invite, dial out...etc)
// disableInviteFunctions: true,
// Disables storing the room name to the recents list
// doNotStoreRoom: true,
// Deployment specific URLs.
// deploymentUrls: {
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
// // user documentation.
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
// // to the specified URL for an app download page.
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
// },
// Options related to the remote participant menu.
// remoteVideoMenu: {
// // If set to true the 'Kick out' button will be disabled.
// disableKick: true
// },
// If set to true all muting operations of remote participants will be disabled.
// disableRemoteMute: true,
/**
External API url used to receive branding specific information.
If there is no url set or there are missing fields, the defaults are applied.
None of the fields are mandatory and the response must have the shape:
{
// The hex value for the colour used as background
backgroundColor: '#fff',
// The url for the image used as background
backgroundImageUrl: 'https://example.com/background-img.png',
// The anchor url used when clicking the logo image
logoClickUrl: 'https://example-company.org',
// The url used for the image used as logo
logoImageUrl: 'https://example.com/logo-img.png'
}
*/
// brandingDataUrl: '',
// The URL of the moderated rooms microservice, if available. If it
// is present, a link to the service will be rendered on the welcome page,
// otherwise the app doesn't render it.
// moderatedRoomServiceUrl: 'https://moderated.jitsi-meet.example.org',
// List of undocumented settings used in jitsi-meet
/**
_immediateReloadThreshold
debug
debugAudioLevels
deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl
dialOutCodesUrl
disableRemoteControl
displayJids
etherpad_base
externalConnectUrl
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
iAmSipGateway
microsoftApiApplicationClientID
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
*/
/**
* This property can be used to alter the generated meeting invite links (in combination with a branding domain
* which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
* can become https://brandedDomain/roomAlias)
*/
// brandingRoomAlias: null,
// List of undocumented settings used in lib-jitsi-meet
/**
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableNS
enableLipSync
enableTalkWhileMuted
forceJVB121Ratio
hiddenDomain
ignoreStartMuted
nick
startBitrate
*/
// Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value.
makeJsonParserHappy: 'even if last key had a trailing comma'
// no configuration value should follow this line.
};
/* eslint-enable no-unused-vars, no-var */

156
type/__jitsi_meet_domain/files/nginx.sh
View file

@ -1,156 +0,0 @@
#!/bin/sh -e
# shellcheck disable=SC2034 # This is intended to be included
JITSI_NGINX_CONFIG="$(cat <<EOF
server_names_hash_bucket_size 64;
server {
listen 80;
listen [::]:80;
server_name ${DOMAIN};
include snippets/acme-challenge.conf;
location / {
return 301 https://\$host\$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ${DOMAIN};
include snippets/acme-challenge.conf;
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # about 40000 sessions
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
root /usr/share/jitsi-meet;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
# Try the custom page for this domain, fallback to default page
index index-${DOMAIN}.html index.html index.htm;
error_page 404 /static/404.html;
gzip on;
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
gzip_vary on;
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 512;
# We expect this domain to be properly configured, the file should exist
location = /config.js {
alias /etc/jitsi/meet/${DOMAIN}-config.js;
}
# This may or may not exist; it will be set up in config.js if needed
location = /branding.json {
alias /etc/jitsi/meet/${DOMAIN}-branding.json;
}
# Try custom image and fallback to default
location = /images/watermark.png {
try_files /images/watermark-${DOMAIN}.png \$uri;
}
location = /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)\$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/\$1/\$2;
# cache all versioned files
if (\$arg_v) {
expires 1y;
}
}
# BOSH
location = /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For \$remote_addr;
# Prevision for 'multi-domain' jitsi instances
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
proxy_set_header Host ${JITSI_HOST};
}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=\$prefix&\$args;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
# Prevision for 'multi-domain' jitsi instances
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
proxy_set_header Host ${JITSI_HOST};
tcp_nodelay on;
}
# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/\$1\$is_args\$args;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
location ~ ^/([^/?&:'"]+)\$ {
try_files \$uri @root_path;
}
location @root_path {
rewrite ^/(.*)\$ / break;
}
location ~ ^/([^/?&:'"]+)/config.js\$
{
set \$subdomain "\$1.";
set \$subdir "\$1/";
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
}
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)\$ {
set \$subdomain "\$1.";
set \$subdir "\$1/";
rewrite ^/([^/?&:'"]+)/(.*)\$ /\$2;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set \$subdomain "\$1.";
set \$subdir "\$1/";
set \$prefix "\$1";
rewrite ^/(.*)\$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set \$subdomain "\$1.";
set \$subdir "\$1/";
set \$prefix "\$1";
rewrite ^/(.*)\$ /xmpp-websocket;
}
}
EOF
)"

139
type/__jitsi_meet_domain/files/nginx.sh.orig
View file

@ -1,139 +0,0 @@
server_names_hash_bucket_size 64;
server {
listen 80;
listen [::]:80;
server_name jitsi-meet.example.com;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /usr/share/jitsi-meet;
}
location = /.well-known/acme-challenge/ {
return 404;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jitsi-meet.example.com;
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # about 40000 sessions
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt;
ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key;
root /usr/share/jitsi-meet;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
gzip on;
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
gzip_vary on;
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 512;
location = /config.js {
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
}
location = /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/$1/$2;
# cache all versioned files
if ($arg_v) {
expires 1y;
}
}
# BOSH
location = /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
tcp_nodelay on;
}
# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path;
}
location @root_path {
rewrite ^/(.*)$ / break;
}
location ~ ^/([^/?&:'"]+)/config.js$
{
set $subdomain "$1.";
set $subdir "$1/";
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
}
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /xmpp-websocket;
}
}

5
type/__jitsi_meet_domain/gencode-remote
View file

@ -1,5 +0,0 @@
#!/bin/sh -e
if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
echo "service nginx reload"
fi

150
type/__jitsi_meet_domain/man.rst
View file

@ -1,150 +0,0 @@
cdist-type__jitsi_meet_domain(7)
========================================
NAME
----
cdist-type__jitsi_meet_domain - Setup a frontend for Jitsi-Meet.
DESCRIPTION
-----------
This type installs and configures the frontend for Jitsi-Meet.
This supports "multi-domain" installations, notice that in such a setup, all
rooms are shared across the different URLs, e.g.
https://jitsi1.example.org/room1 and https://jitsi2.example.org/room1 are
equivalent.
This is due to the underlying XMPP and signaling rooms being common.
There might be a way to perform tricks on the Nginx-side to avoid this, but
time is lacking :-).
This assumes `__jitsi_meet` has already been ran on the target host, and,
amongst others, that Jitsi was set up with `__target_host` as the Jitsi domain.
This type will take care of TLS settings, branding and client-side
configuration for Jitsi.
This type only works on De{bi,vu}an systems.
REQUIRED PARAMETERS
-------------------
object id
The domain that will be configured as a Jitsi-Meet instance.
admin-email
Where to send Let's Encrypt emails like "certificate needs renewal".
OPTIONAL PARAMETERS
-------------------
channel-last-n
Default value for the "last N" attribute.
Defaults to 20. Set to -1 for unlimited.
default-language
Default language for the user interface.
Defaults to 'en'.
notice-message
Message to show the users when they join a room.
start-video-muted
Every participant after the Nth will start video muted.
Defaults to 10.
turn-server
The TURN server to be used.
Defaults to `__target_host`.
video-constraints
w3c spec-compliant video constraints to use for video capture. Currently
used by browsers that return true from lib-jitsi-meet's
util#browser#usesNewGumFlow. The constraints are independent from
this config's resolution value. Defaults to requesting an ideal
resolution of 720p.
It must not have a trailing comma, see `constraints` in
`__jitsi_meet_domain/files/config.js.sh`.
branding-json
Path to a JSON file that will be served as the `brandingDataUrl`.
For information on the format see `brandingDataUrl` in
`__jitsi_meet_domain/files/config.js.sh`.
If not set, no branding will be set up.
branding-index
Path to an HTML file that will be served instead of Jitsi-Meet's default
one.
If not set, the default index file will be used.
branding-watermark
Path to a png file that will be served instead of Jitsi-Meet's default
one.
If not set, the default watermark will be used.
BOOLEAN PARAMETERS
------------------
disable-audio-levels
Disable measuring of audio levels.
This has been reported to improve performance on clients.
enable-third-party-requests
This type disables third-party requests by default, this flag re-enables
them, restoring Jitsi-Meet's defaults.
This affects things like avatars, callstats, ...
EXAMPLES
--------
.. code-block:: sh
# Setup a Jitsi frontend for jitsi.exo.cat
__jitsi_meet_domain "jitsi.exo.cat" \
--admin-email "info@exo.cat" \
--turn-server "turn.exo.cat" \
--notice-message "Hola!" \
--disable-audio-levels \
--turn-secret "WeNeedGoodSecurity" \
--video-constraints "$(cat <<EOF
constraints: {
video: {
height: {
ideal: 320,
max: 320,
min: 180
}
}
}
EOF
)"
SEE ALSO
--------
- `__jitsi_meet`
AUTHORS
-------
Evilham <contact@evilham.com>
COPYING
-------
Copyright \(C) 2020 Evilham.

90
type/__jitsi_meet_domain/manifest
View file

@ -1,90 +0,0 @@
#!/bin/sh -e
os="$(cat "${__global}/explorer/os")"
case "${os}" in
devuan|debian)
;;
*)
echo "Your OS '${os}' is currently not supported." > /dev/stderr
exit 1
;;
esac
DOMAIN="${__object_id}"
ADMIN_EMAIL="$(cat "${__object}/parameter/admin-email")"
CHANNEL_LAST_N="$(cat "${__object}/parameter/channel-last-n")"
DEFAULT_LANGUAGE="$(cat "${__object}/parameter/default-language")"
NOTICE_MESSAGE="$(cat "${__object}/parameter/notice-message")"
START_VIDEO_MUTED="$(cat "${__object}/parameter/start-video-muted")"
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
VIDEO_CONSTRAINTS="$(cat "${__object}/parameter/video-constraints")"
BRANDING_INDEX="$(cat "${__object}/parameter/branding-index")"
BRANDING_JSON="$(cat "${__object}/parameter/branding-json")"
BRANDING_WATERMARK="$(cat "${__object}/parameter/branding-watermark")"
if [ -f "${__object}/parameter/enable-third-party-requests" ]; then
ENABLE_THIRD_PARTY_REQUESTS="YES"
fi
if [ -f "${__object}/parameter/disable-audio-levels" ]; then
DISABLE_AUDIO_LEVELS="YES"
fi
if [ -z "${TURN_SERVER}" ]; then
TURN_SERVER="${__target_host}"
fi
if [ -z "${JITSI_HOST}" ]; then
JITSI_HOST="${__target_host}"
fi
#
# Deal with certbot
#
# use object id as domain
__letsencrypt_cert "${DOMAIN}" \
--admin-email "${ADMIN_EMAIL}" \
--automatic-renewal \
--renew-hook "service nginx reload" \
--webroot /usr/share/jitsi-meet
# Create virtualhost for nginx
# shellcheck source=type/__jitsi_meet_domain/files/nginx.sh
. "${__type}/files/nginx.sh" # This defines JITSI_NGINX_CONFIG
require="__letsencrypt_cert/${DOMAIN}" __file \
"/etc/nginx/sites-enabled/${DOMAIN}.conf" \
--mode 0644 --source "-" <<EOF
${JITSI_NGINX_CONFIG}
EOF
# Setup jitsi config
# shellcheck source=type/__jitsi_meet_domain/files/config.js.sh
. "${__type}/files/config.js.sh" # This defines JITSI_CONFIG_JS
__file "/etc/jitsi/meet/${DOMAIN}-config.js" \
--mode 0644 --source "-" <<EOF
${JITSI_CONFIG_JS}
EOF
#
# Deal with branding as requested
#
# Helper function to manage the state of the target branding file
_var_state() {
if [ -n "${1}" ]; then
echo "present"
else
echo "absent"
fi
}
__file "/usr/share/jitsi-meet/index-${DOMAIN}.html" \
--mode 0644 \
--state "$(_var_state "${BRANDING_INDEX}")" \
--source "${BRANDING_INDEX}"
__file "/etc/jitsi/meet/${DOMAIN}-branding.json" \
--mode 0644 \
--state "$(_var_state "${BRANDING_JSON}")" \
--source "${BRANDING_JSON}"
__file "/usr/share/jitsi-meet/images/watermark-${DOMAIN}.png" \
--mode 0644 \
--state "$(_var_state "${BRANDING_WATERMARK}")" \
--source "${BRANDING_WATERMARK}"

2
type/__jitsi_meet_domain/parameter/boolean
View file

@ -1,2 +0,0 @@
disable-audio-levels
enable-third-party-requests

0
type/__jitsi_meet_domain/parameter/default/branding-index
View file

0
type/__jitsi_meet_domain/parameter/default/branding-json
View file

0
type/__jitsi_meet_domain/parameter/default/branding-watermark
View file

1
type/__jitsi_meet_domain/parameter/default/channel-last-n
View file

@ -1 +0,0 @@
20

1
type/__jitsi_meet_domain/parameter/default/default-language
View file

@ -1 +0,0 @@
en

0
type/__jitsi_meet_domain/parameter/default/notice-message
View file

1
type/__jitsi_meet_domain/parameter/default/start-video-muted
View file

@ -1 +0,0 @@
10

0
type/__jitsi_meet_domain/parameter/default/turn-server
View file

0
type/__jitsi_meet_domain/parameter/default/video-constraints
View file

9
type/__jitsi_meet_domain/parameter/optional
View file

@ -1,9 +0,0 @@
channel-last-n
default-language
notice-message
start-video-muted
turn-server
video-constraints
branding-json
branding-index
branding-watermark

1
type/__jitsi_meet_domain/parameter/required
View file

@ -1 +0,0 @@
admin-email

73
type/__mail_alias/explorer/aliases
View file

@ -1,73 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Find aliases for a given user name and print the aliases (each one on a
# separate line)
aliases_file=$("${__type_explorer:?}/aliases_file")
test -r "${aliases_file}" || exit 0
: "${__object_id:?}" # assert __object_id is set, because it is used in AWK
awk -F ':[ \t]*' '
function print_aliases(aliases, matches) {
# prints comma-separated aliases (one per line)
split(aliases, matches, /,[ \t]*/)
for (i in matches) {
gsub(/^[ \t]*|[ \t]*$/, "", matches[i])
if (matches[i]) print matches[i]
}
}
/^#/ {
# comment line (ignore)
select = 0; cont = 0 # comments terminate alias lists and continuations
next
}
{
# is this line a continuation line?
# (the prev. line ended in a backslash or the line starts with whitespace)
is_cont = /^[ \t]/ || cont
# detect if the line is a line to be continued (ends with a backslash)
cont = /\\$/
# if it is, we drop the backslash from the line
if (cont) sub(/[ \t]*\\$/, "", $0)
}
is_cont {
# if in the alias list of the "target" user, we also print these aliases.
if (select) print_aliases($0)
next
}
$1 == ENVIRON["__object_id"] {
# "target" user -> print alias list
select = 1
print_aliases($2)
next
}
{
# other user
select = 0
}
' "${aliases_file}"

52
type/__mail_alias/explorer/aliases_file
View file

@ -1,52 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer finds the aliases file to modify.
found() { echo "$*"; exit 0; }
check_file() {
if test -f "$1"
then
found "$1"
fi
}
case $("${__explorer:?}/os")
in
(freebsd|openbsd|solaris)
check_file /etc/mail/aliases
# default
found /etc/mail/aliases
;;
(alpine|debian|devuan|ubuntu)
check_file /etc/aliases
# default
found /etc/aliases
;;
(*)
check_file /etc/mail/aliases
check_file /etc/aliases
# default
found /etc/aliases
;;
esac

96
type/__mail_alias/files/update_aliases.awk
View file

@ -1,96 +0,0 @@
#!/usr/bin/awk -f
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
function getvalue(path, line) {
# Reads the first line of the file located at path and returns it.
getline line < path
close(path)
return line
}
function sepafter(f, def, _) {
# finds the separator between field $f and $(f+1)
_ = substr($0, length($f)+1, index(substr($0, length($f)+1), $(f+1))-1)
return _ ? _ : def
}
function write_aliases( line) {
if (aliases_written) return
# print aliases line
printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ")
while ((getline line < aliases_should_file) > 0) {
if (aliases_written) printf ", "
printf "%s", line
aliases_written = 1
}
printf "\n"
close(aliases_should_file)
}
BEGIN {
FS = ":[ \t]*"
parameter_dir = ENVIRON["__object"] "/parameter/"
mode = (getvalue(parameter_dir "state") != "absent")
aliases_should_file = (parameter_dir "/alias")
}
/^[ \t]*\#/ {
# comment line (leave alone)
select = 0; cont = 0 # comments terminate alias lists and continuations
print
next
}
{
# is this line a continuation line?
# (the prev. line ended in a backslash or the line starts with whitespace)
is_cont = /^[ \t]/ || cont
# detect if the line is a line to be continued (ends with a backslash)
cont = /\\$/
}
is_cont {
# we only print the line if it has not been rewritten (select)
if (!select) print
next
}
$1 == ENVIRON["__object_id"] {
# "target" user -> rewrite aliases list
select = 1
if (mode) write_aliases()
next
}
{
# other user
select = 0
print
}
END {
# if the last line was an alias, the separator will be reused (looks better)
if (mode && !aliases_written)
write_aliases()
}

87
type/__mail_alias/gencode-remote
View file

@ -1,87 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
aliases_file=$(cat "${__object:?}/explorer/aliases_file")
test -n "${aliases_file}" || {
echo 'Could not determine aliases file path.' >&2
exit 1
}
state_should=$(cat "${__object:?}/parameter/state")
case ${state_should}
in
(present)
if cmp -s "${__object:?}/explorer/aliases" "${__object:?}/parameter/alias"
then
# all good!
exit 0
fi
test -s "${__object:?}/parameter/alias" || {
printf 'The --alias parameter is required if --state present.\n' >&2
printf 'Use --state absent to remove all aliases.\n' >&2
exit 1
}
if test -s "${__object:?}/explorer/aliases"
then
echo "update aliases" >>"${__messages_out:?}"
else
echo "add aliases" >>"${__messages_out:?}"
fi
;;
(absent)
# nothing to do if no aliases found.
test -s "${__object:?}/explorer/aliases" || exit 0
echo "delete aliases" >>"${__messages_out:?}"
;;
(*)
printf 'Invalid --state: %s.\n' "${state_should}" >&2
printf 'Acceptable values are: present, absent.\n' >&2
exit 1
esac
cat <<EOF
test -f $(quote "${aliases_file}") || touch $(quote "${aliases_file}")
awk $(drop_awk_comments "${__type:?}/files/update_aliases.awk") <$(quote "${aliases_file}") >$(quote "${aliases_file}.tmp") \
|| {
rm -f $(quote "${aliases_file}.tmp")
echo 'Generating new aliases file failed!' >&2
exit 1
}
if ! cmp -s $(quote "${aliases_file}") $(quote "${aliases_file}.tmp")
then
# aliases file was modified, replace:
cat $(quote "${aliases_file}.tmp") >$(quote "${aliases_file}")
# then, run newaliases if present ("missing" on Alpine Linux because of typo)
command -v newaliases >/dev/null 2>&1 && newaliases || true
fi
rm -f $(quote "${aliases_file}.tmp")
EOF

76
type/__mail_alias/man.rst
View file

@ -1,76 +0,0 @@
cdist-type__mail_alias(7)
=========================
NAME
----
cdist-type__mail_alias - Manage mail aliases.
DESCRIPTION
-----------
This cdist type allows you to configure mail aliases (/etc/aliases).
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present' or 'absent', defaults to 'present'
alias
an alias, i.e. a mail address where mail for the user should be redirected
to.
This parameter can be specified multiple times to redirect to multiple
recipients.
If ``--state`` is ``present`` this parameter is required.
See `aliases(5)` for the different forms this parameter can take.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Redirect root mail to a "real" email address
__mail_alias root --alias admin@example.com
# Disable redirection of mail for joe
__mail_alias joe --state absent
BUGS
----
- Quoted strings are not parsed by this type. As a result, aliases
containing ``,`` (commas) are treated incorrectly (they are treated as
separate aliases.)
Make sure that email addresses, file names, and pipe commands do not contain
commas.
- ``:include:`` directives in the aliases file are not evaluated by this type.
They are treated like a regular alias, the values of the included file are
not expanded.
SEE ALSO
--------
:strong:`aliases`\ (5)
AUTHORS
-------
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

0
type/__mail_alias/nonparallel
View file

1
type/__mail_alias/parameter/default/state
View file

@ -1 +0,0 @@
present

1
type/__mail_alias/parameter/optional
View file

@ -1 +0,0 @@
state

1
type/__mail_alias/parameter/optional_multiple
View file

@ -1 +0,0 @@
alias

90
type/__matrix_element/files/config.json.sh
View file

@ -1,90 +0,0 @@
#!/bin/sh
#
# Upstream configuration guide/documentation:
# https://github.com/vector-im/riot-web/blob/develop/docs/config.md
generate_embedded_pages () {
if [ "$EMBED_HOMEPAGE" != "" ]; then
cat << EOF
"embeddedPages": {
"homeUrl": "home.html"
},
EOF
fi
}
generate_jitsi_config () {
if [ "$JITSI_DOMAIN" != "" ]; then
cat << EOF
"jitsi": {
"preferredDomain": "$JITSI_DOMAIN"
},
EOF
fi
}
generate_branding () {
echo '"branding": {'
if [ "$BRANDING_AUTH_HEADER_LOGO_URL" != "" ]; then
cat << EOF
"authHeaderLogoUrl": "$BRANDING_AUTH_HEADER_LOGO_URL",
EOF
fi
if [ "$BRANDING_AUTH_FOOTER_LINKS" != "" ]; then
cat << EOF
"authFooterLinks": "$BRANDING_AUTH_FOOTER_LINKS",
EOF
fi
cat << EOF
"welcomeBackgroundUrl": "themes/element/img/backgrounds/lake.jpg"
EOF
echo '},'
}
cat << EOF
{
"default_server_config": {
"m.homeserver": {
"base_url": "$DEFAULT_SERVER_URL",
"server_name": "$DEFAULT_SERVER_NAME"
},
"m.identity_server": {
"base_url": "https://vector.im"
}
},
"brand": "$BRAND",
$(generate_branding)
"defaultCountryCode": "$DEFAULT_COUNTRY_CODE",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
"roomDirectory": {
"servers": [
$ROOM_DIRECTORY_SERVERS
]
},
"disable_custom_urls": "$DISABLE_CUSTOM_URLS",
$(generate_embedded_pages)
$(generate_jitsi_config)
"terms_and_conditions_links": [
{
"url": "$PRIVACY_POLICY_URL",
"text": "Privacy Policy"
},
{
"url": "$COOKIE_POLICY_URL",
"text": "Cookie Policy"
}
]
}
EOF

95
type/__matrix_element/gencode-remote
View file

@ -1,95 +0,0 @@
#!/bin/sh -e
#
# 2019 Timothée Floure (timothee.floure@ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Function to compare version strings. Returns success (0) if the version
# given by stdin is higher than the version provided by the argument.
#
# Taken from the cdist core type __sensible_editor.
version_ge() {
awk -F '[^0-9.]' -v target="${1:?}" '
function max(x, y) { return x > y ? x : y; }
BEGIN {
getline;
nx = split($1, x, ".");
ny = split(target, y, ".");
for (i = 1; i <= max(nx, ny); ++i) {
diff = int(x[i]) - int(y[i]);
if (diff < 0) exit 1;
else if (diff > 0) exit 0;
else continue;
}
}'
}
VERSION=$(cat "$__object/parameter/version")
INSTALL_DIR=$(cat "$__object/parameter/install_dir")
OWNER=$(cat "$__object/parameter/owner")
# tarball name changed due to application renaming
if echo "$VERSION" | version_ge 1.7.14; then
src="element-v$VERSION"
else
src="riot-v$VERSION"
fi
archive="$src.tar.gz"
url="https://github.com/vector-im/riot-web/releases/download/v$VERSION/$archive"
# tar and curl are installed by the __matrix-riot manifest. mktemp is usually
# provided by coreutils and assumed installed.
cat << EOF
set -e
# Ensure that coreutils is installed.
if [ ! -x \$(which mktemp) ]; then
echo "mktemp is not available on the remote host." >&2
exit 1
fi
# Create temporary working directory.
tmpdir=\$(mktemp -d)
custom_files_dir="\$tmpdir/custom_files"
cd \$tmpdir
# Download and extract sources.
curl -L '$url' > $archive
tar xf $archive
# Backup files deployed by __matrix_element.
mkdir -p \$custom_files_dir
for file in $INSTALL_DIR/cdist/*; do
cp "\$file" "\$custom_files_dir"
done
# Deploy sources and restore configuration.
rm -r '$INSTALL_DIR'
mv '$src' '$INSTALL_DIR'
for file in \$custom_files_dir/*; do
cp "\$file" '$INSTALL_DIR'
done
# Chown deployed files to requested owner.
chown -R '$OWNER' '$INSTALL_DIR'
# Remove temporary working directory.
cd /
rm -r \$tmpdir
EOF

87
type/__matrix_element/man.rst
View file

@ -1,87 +0,0 @@
cdist-type__matrix_element(7)
=============================
NAME
----
cdist-type__matrix_element - Install and configure Element, a web Matrix client.
DESCRIPTION
-----------
This type install and configure the Element web client.
REQUIRED PARAMETERS
-------------------
install_dir
Root directory of Element's static files.
version
Release of Element to install.
OPTIONAL PARAMETERS
-------------------
default_server_name
Name of matrix homeserver to connect to, defaults to 'matrix.org'.
default_server_url
URL of matrix homeserver to connect to, defaults to 'https://matrix-client.matrix.org'.
owner
Owner of the deployed files, passed to `chown`. Defaults to 'root'.
brand
Web UI branding, defaults to 'Element'.
default_country_code
ISO 3166 alpha2 country code to use when showing country selectors, such as
phone number inputs. Defaults to GB.
privacy_policy_url
Defaults to 'https://element.io/privacy'.
cookie_policy_url
Defaults to 'https://matrix.org/docs/guides/element_im_cookie_policy'.
jitsi_domain
Domain name of preferred Jitsi instance (default is jitsi.element.im). This is
used whenever a user clicks on the voice/video call buttons.
homepage
Path to custom homepage, displayed once logged in.
welcomepage
Path to custom welcome (= login) page.
custom_asset
Serve a file a the top-level directory (e.g. /my-custom-logo.svg). Can be specified multiple times.
BOOLEAN PARAMETERS
-------------------
disable_custom_urls
Disallow the user to change the default homeserver when signing up or logging in.
EXAMPLES
--------
.. code-block:: sh
__matrix_element my-element --install_dir /var/www/element-web --version 1.5.6
SEE ALSO
--------
- `cdist-type__matrix_synapse(7) <cdist-type__matrix_synapse.html>`_
AUTHORS
-------
Timothée Floure <timothee.floure@ungleich.ch>
COPYING
-------
Copyright \(C) 2019 Timothée Floure. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

106
type/__matrix_element/manifest
View file

@ -1,106 +0,0 @@
#!/bin/sh -e
#
# 2019 Timothée Floure (timothee.floure@ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
# Ignore "Declare and assign separately to avoid masking return values. [SC2155]"
# => not relevant for the type arguments.
# shellcheck disable=SC2155
INSTALL_DIR=$(cat "$__object/parameter/install_dir")
export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name")
export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url")
export BRAND=$(cat "$__object/parameter/brand")
export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code")
export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers")
export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url")
export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url")
if [ -f "$__object/parameter/jitsi_domain" ]; then
export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain")
fi
if [ -f "$__object/parameter/branding_auth_header_logo_url" ]; then
export BRANDING_AUTH_HEADER_LOGO_URL=$(cat "$__object/parameter/branding_auth_header_logo_url")
fi
if [ -f "$__object/parameter/branding_auth_footer_links" ]; then
export BRANDING_AUTH_FOOTER_LINKS=$(cat "$__object/parameter/branding_auth_footer_links")
fi
if [ -f "$__object/parameter/homepage" ]; then
export EMBED_HOMEPAGE=1
homepage=$(cat "$__object/parameter/homepage")
fi
if [ -f "$__object/parameter/welcomepage" ]; then
export EMBED_WELCOMEPAGE=1
welcomepage=$(cat "$__object/parameter/welcomepage")
fi
if [ -f "$__object/parameter/custom_asset" ]; then
"$__object/parameter/custom_asset" | while IFS= read -r file; do
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/$(basename "$file")" \
--source "$file" \
--mode 0664 \
--state present
done
fi
if [ -f "$__object/parameter/disable_custom_urls" ]; then
export DISABLE_CUSTOM_URLS='true'
else
export DISABLE_CUSTOM_URLS='false'
fi
# Owner of the uploaded files.
owner=$(cat "$__object/parameter/owner")
# Ensure that curl and tar are installed, as they will be required by the
# gencode-remote script.
__package curl --state present
__package tar --state present
# Generate and deploy configuration file.
mkdir -p "$__object/files"
"$__type/files/config.json.sh" > "$__object/files/config.json"
# Install the config.json configuration file. The application's sources are
# downloaded and deployed by gencode-remote.
__directory "$INSTALL_DIR/cdist" \
--owner "$owner" --mode 0755 --parents \
--state present
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json" \
--source "$__object/files/config.json" \
--mode 0664 \
--state present
if [ $EMBED_HOMEPAGE ]; then
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \
--source "$homepage" \
--mode 0664 \
--state present
fi
if [ $EMBED_WELCOMEPAGE ]; then
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \
--source "$welcomepage" \
--mode 0664 \
--state present
fi

1
type/__matrix_element/parameter/boolean
View file

@ -1 +0,0 @@
disable_custom_urls

1
type/__matrix_element/parameter/default/brand
View file

@ -1 +0,0 @@
Element

1
type/__matrix_element/parameter/default/cookie_policy_url
View file

@ -1 +0,0 @@
https://matrix.org/docs/guides/riot_im_cookie_policy

1
type/__matrix_element/parameter/default/default_country_code
View file

@ -1 +0,0 @@
GB

1
type/__matrix_element/parameter/default/default_server_name
View file

@ -1 +0,0 @@
matrix.org

1
type/__matrix_element/parameter/default/default_server_url
View file

@ -1 +0,0 @@
https://matrix-client.matrix.org

1
type/__matrix_element/parameter/default/owner
View file

@ -1 +0,0 @@
root

1
type/__matrix_element/parameter/default/privacy_policy_url
View file

@ -1 +0,0 @@
https://element.io/privacy

1
type/__matrix_element/parameter/default/room_directory_servers
View file

@ -1 +0,0 @@
"matrix.org"

13
type/__matrix_element/parameter/optional
View file

@ -1,13 +0,0 @@
default_server_url
default_server_name
brand
default_country_code
privacy_policy_url
cookie_policy_url
room_directory_servers
owner
homepage
welcomepage
jitsi_domain
branding_auth_header_logo_url
branding_auth_footer_links

1
type/__matrix_element/parameter/optional_multiple
View file

@ -1 +0,0 @@
custom_asset

2
type/__matrix_element/parameter/required
View file

@ -1,2 +0,0 @@
version
install_dir

4
type/__matterbridge/man.rst
View file

@ -33,9 +33,9 @@ EXAMPLES
.. code-block:: sh
__matterbridge --version 1.16.3 --config - <<- EOF
__matterbridge --version 1.16.3 --config - << EOF
[...]
EOF
EOF
SEE ALSO

4
type/__netbox/gencode-remote
View file

@ -51,7 +51,9 @@ fi
# Install python dependencies.
# avoid gunicorn, because it will be done in an other type
grep -v "^gunicorn==" "\$tmpdir/$src/requirements.txt" \
| xargs /opt/netbox/venv/bin/pip3 install -q
> "\$tmpdir/$src/requirements.txt.new"
/opt/netbox/venv/bin/pip3 install -q -r "\$tmpdir/$src/requirements.txt.new"
EOF
if [ -f "$__object/parameter/ldap-server" ]; then

11
type/__netbox/man.rst
View file

@ -31,6 +31,12 @@ version
on GitHub at the NetBox project page under
"`Releases <https://github.com/netbox-community/netbox/releases>`_".
Too big version jumps can break the NetBox migration path. It's good
practise to don't skip major versions and common that you must upgrade to
the latest minor inside the current major version till you can upgrade to
the next major version. Diffrent version steps must be done manually as
this type only upgrades to the given version directly.
database
PostgreSQL database name.
@ -122,6 +128,7 @@ basepath
webroot ``/``. For example, if installed at https://example.com/netbox/, set
the value ``netbox/``.
http-proxy
https-proxy
Proxy which will be used with any HTTP request like webhooks.
@ -170,12 +177,12 @@ redis-ssl
smtp-use-tls
Uses TLS to connect to the SMTP email server. `See documentation
<https://docs.djangoproject.com/en/3.1/ref/settings/#email-use-tls>`__
<https://docs.djangoproject.com/en/3.1/ref/settings/#email-use-tls>`_
for more information.
smtp-use-ssl
Uses implicit TLS with the SMTP email server. `See documentation
<https://docs.djangoproject.com/en/3.1/ref/settings/#email-use-ssl>`__
<https://docs.djangoproject.com/en/3.1/ref/settings/#email-use-ssl>`_
for more information.
login-required

5
type/__netbox_uwsgi/man.rst
View file

@ -65,7 +65,10 @@ protocol
parameter. Possible values are ``uwsgi``, ``http``, ``fastcgi`` and
``scgi``. If nothing given, it defaults to ``uwsgi``.
scgi-bind, uwsgi-bind, http-bind, fastcgi-bind
uwsgi-bind
http-bind
fastcgi-bind
scgi-bind
Bind the application to a specific protocol instead of implicit uwsgi via
``--bind-to``. If such parameter given, ``--bind-to`` will be ignored. Must
be a UNIX/TCP socket. Can be set multiple times.

7
type/__runit/explorer/runit-etc
View file

@ -1,7 +0,0 @@
#!/bin/sh -e
runit_etc_dir="/etc/runit"
if [ -d "${runit_etc_dir}" ]; then
echo "YES"
fi

7
type/__runit/explorer/svdir-exists
View file

@ -1,7 +0,0 @@
#!/bin/sh -e
svdir="/var/service"
if [ -d "${svdir}" ]; then
echo "YES"
fi

21
type/__runit/gencode-remote
View file

@ -1,21 +0,0 @@
#!/bin/sh -e
svdir="/var/service"
svdir_exists="$(cat "${__object}/explorer/svdir-exists")"
runit_etc="$(cat "${__object}/explorer/runit-etc")"
if [ -z "${svdir_exists}" ]; then
echo "mkdir '${svdir}'"
sv_restart="YES"
fi
if [ -z "${runit_etc}" ]; then
echo "cp -R '/usr/local/etc/runit' '/etc/runit'"
sv_restart="YES"
fi
if grep -q "^__key_value/runsvdir_enable" "${__messages_in}"; then
sv_restart="YES"
fi
if [ -n "${sv_restart}" ]; then
echo "service runsvdir restart || service runsvdir start"
fi

46
type/__runit/man.rst
View file

@ -1,46 +0,0 @@
cdist-type__runit(7)
============================
NAME
----
cdist-type__runit - Install and configure runit
DESCRIPTION
-----------
This is a singleton type.
Install and configure runit, not as an init system, but as a service monitor.
It configures and if necessary starts runsvdir as documented for the
Operating System.
This type currently heavily focuses on FreeBSD, support for other Operating
Systems can be achieved but no effort whatsoever has been put into it.
REQUIRED PARAMETERS
-------------------
None.
EXAMPLES
--------
.. code-block:: sh
__runit
SEE ALSO
--------
:strong:`cdist-type__runit_service`\ (7)
AUTHORS
-------
Evilham <cvs--@--evilham.com>
COPYING
-------
Copyright \(C) 2020 Evilham. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

10
type/__runit/manifest
View file

@ -1,10 +0,0 @@
#!/bin/sh -e
__package "runit"
__key_value \
--file "/etc/rc.conf" \
--key "runsvdir_enable" \
--delimiter "=" \
--value "yes" \
"runsvdir_enable"

Some files were not shown because too many files have changed in this diff Show more