Compare commits
2 commits
master
...
dfaeab2cf5
Author | SHA1 | Date | |
---|---|---|---|
dfaeab2cf5 | |||
8aee2ec76d |
126 changed files with 77 additions and 5216 deletions
|
@ -1,29 +1,14 @@
|
|||
stages:
|
||||
- test
|
||||
- doc
|
||||
|
||||
image: code.ungleich.ch:5050/ungleich-public/cdist-contrib/ci-container:latest
|
||||
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
|
||||
|
||||
shellcheck:
|
||||
stage: test
|
||||
script:
|
||||
- make lint
|
||||
- ./scripts/run-shellcheck.sh
|
||||
|
||||
manpages:
|
||||
stage: test
|
||||
script:
|
||||
- make check-manpages
|
||||
|
||||
docs:
|
||||
stage: doc
|
||||
only:
|
||||
- master
|
||||
before_script:
|
||||
- eval $(ssh-agent -s)
|
||||
- echo "$CD_SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
|
||||
- mkdir -p ~/.ssh
|
||||
- echo "$CD_SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
|
||||
- chmod 644 ~/.ssh/known_hosts
|
||||
script:
|
||||
- make html
|
||||
- sftp fnux@staticwebhosting.ungleich.ch:public_html/cdist-contrib <<< "put -r docs/dist/html/*"
|
||||
- ./scripts/run-manpage-checks.sh
|
||||
|
|
6
CHANGELOG.md
Normal file
6
CHANGELOG.md
Normal file
|
@ -0,0 +1,6 @@
|
|||
# cdist-contrib changes
|
||||
|
||||
* 2020-06-07: New type: __unbound_exporter (Timothée Floure)
|
||||
* 2020-06-07: Extended type: wire remote control configuration for __unbond (Timothée Floure)
|
||||
* 2020-06-03: New type: __unbound (Timothée Floure)
|
||||
* 2020-04-28: New type: __find_exec (Ander Punnar)
|
70
Makefile
70
Makefile
|
@ -1,70 +0,0 @@
|
|||
.PHONY: help
|
||||
help:
|
||||
@echo "Please use \`make <target>' where <target> is one of"
|
||||
@echo "man build only man user documentation"
|
||||
@echo "html build only html user documentation"
|
||||
@echo "docs build both man and html user documentation"
|
||||
@echo "check-manpages check for manpage in types"
|
||||
@echo "lint run shellcheck on types"
|
||||
@echo "check run both type manpage checks and linting"
|
||||
@echo "clean clean"
|
||||
|
||||
DOCS_SRC_DIR=./docs/src
|
||||
TYPEDIR=./type
|
||||
|
||||
SPHINXM=make -C $(DOCS_SRC_DIR) man
|
||||
SPHINXH=make -C $(DOCS_SRC_DIR) html
|
||||
SPHINXC=make -C $(DOCS_SRC_DIR) clean
|
||||
|
||||
################################################################################
|
||||
# Manpages
|
||||
#
|
||||
MAN7DSTDIR=$(DOCS_SRC_DIR)/man7
|
||||
|
||||
# Use shell / ls to get complete list - $(TYPEDIR)/*/man.rst does not work
|
||||
# Using ls does not work if no file with given pattern exist, so use wildcard
|
||||
MANTYPESRC=$(wildcard $(TYPEDIR)/*/man.rst)
|
||||
MANTYPEPREFIX=$(subst $(TYPEDIR)/,$(MAN7DSTDIR)/cdist-type,$(MANTYPESRC))
|
||||
MANTYPES=$(subst /man.rst,.rst,$(MANTYPEPREFIX))
|
||||
|
||||
# Link manpage: do not create man.html but correct named file
|
||||
$(MAN7DSTDIR)/cdist-type%.rst: $(TYPEDIR)/%/man.rst
|
||||
mkdir -p $(MAN7DSTDIR)
|
||||
ln -sf "../../../$^" $@
|
||||
|
||||
DOCSINDEX=$(MAN7DSTDIR)/index.rst
|
||||
DOCSINDEXH=$(DOCS_SRC_DIR)/index.rst.sh
|
||||
|
||||
$(DOCSINDEX): $(DOCSINDEXH)
|
||||
$(DOCSINDEXH)
|
||||
|
||||
# Manpages: .cdist Types
|
||||
DOT_CDIST_PATH=${HOME}/.cdist
|
||||
DOTMAN7DSTDIR=$(MAN7DSTDIR)
|
||||
DOTTYPEDIR=$(DOT_CDIST_PATH)/type
|
||||
|
||||
# Link manpage: do not create man.html but correct named file
|
||||
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
|
||||
ln -sf "$^" $@
|
||||
|
||||
man: $(MANTYPES) $(DOCSINDEX)
|
||||
$(SPHINXM)
|
||||
|
||||
html: $(MANTYPES) $(DOCSINDEX)
|
||||
$(SPHINXH)
|
||||
|
||||
docs: man html
|
||||
|
||||
check-manpages:
|
||||
./scripts/run-manpage-checks.sh
|
||||
|
||||
lint:
|
||||
./scripts/run-shellcheck.sh
|
||||
|
||||
check: check-manpages lint
|
||||
|
||||
clean:
|
||||
$(SPHINXC)
|
||||
rm -f docs/src/index.rst
|
||||
rm -rf docs/src/man7/
|
||||
rm -rf docs/src/__pycache__/
|
18
README.md
18
README.md
|
@ -5,9 +5,8 @@ tool with community-maitained types which are either too specific to fit/be
|
|||
maintained in cdist itself or were not accepted in code cdist but could still
|
||||
be useful.
|
||||
|
||||
This project does not have releases and is continously updated: see git history
|
||||
for change log. You will find HTML documentation at
|
||||
[contrib.cdi.st](https://contrib.cdi.st).
|
||||
This project does not have releases and is continously updated: see
|
||||
`CHANGELOG.md` for details.
|
||||
|
||||
## Using cdist-contrib
|
||||
|
||||
|
@ -33,11 +32,14 @@ And you would run [cdist][cdist] from the same directory as follows:
|
|||
|
||||
## Participating in the [cdist][cdist] community
|
||||
|
||||
Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix!
|
||||
Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix or on
|
||||
[#cdist over mattermost][cdistmattermost].
|
||||
|
||||
|
||||
[cdist]: https://www.cdi.st/
|
||||
[cdistconfig]: https://www.cdi.st/manual/latest/cdist-configuration.html
|
||||
[cdistmatrix]: https://matrix.to/#/#cdist:ungleich.ch
|
||||
[cdistmattermost]: https://chat.ungleich.ch/ungleich/channels/cdist
|
||||
|
||||
## Contributing
|
||||
|
||||
|
@ -51,11 +53,3 @@ Every type in cdist-contrib must:
|
|||
|
||||
* Have a `man.rst` documentation page.
|
||||
* Pass [shellcheck](http://shellcheck.net/) without errors.
|
||||
|
||||
## Other resources
|
||||
|
||||
Some people/organizations are known to keep some cdist types that might be of
|
||||
interest to others:
|
||||
|
||||
* [cdist-evilham](https://git.sr.ht/~evilham/cdist-evilham): Evilham's cdist-types
|
||||
* [cdist-recycledcloud](https://code.recycled.cloud/e-Durable/cdist-recycledcloud): e-Durable SA / Recycled Cloud public types
|
||||
|
|
|
@ -1,235 +0,0 @@
|
|||
# Makefile for Sphinx documentation
|
||||
#
|
||||
|
||||
# You can set these variables from the command line.
|
||||
SPHINXOPTS ?=
|
||||
SPHINXBUILD ?= sphinx-build
|
||||
PAPER ?=
|
||||
BUILDDIR ?= ../dist
|
||||
# for cache, etc.
|
||||
_BUILDDIR = _build
|
||||
|
||||
# User-friendly check for sphinx-build
|
||||
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
|
||||
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don\'t have Sphinx installed, grab it from http://sphinx-doc.org/)
|
||||
endif
|
||||
|
||||
# Internal variables.
|
||||
PAPEROPT_a4 = -D latex_paper_size=a4
|
||||
PAPEROPT_letter = -D latex_paper_size=letter
|
||||
ALLSPHINXOPTS = -d $(_BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
|
||||
# the i18n builder cannot share the environment and doctrees with the others
|
||||
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
|
||||
|
||||
.PHONY: help
|
||||
help:
|
||||
@echo "Please use \`make <target>' where <target> is one of"
|
||||
@echo " html to make standalone HTML files"
|
||||
@echo " dirhtml to make HTML files named index.html in directories"
|
||||
@echo " singlehtml to make a single large HTML file"
|
||||
@echo " pickle to make pickle files"
|
||||
@echo " json to make JSON files"
|
||||
@echo " htmlhelp to make HTML files and a HTML help project"
|
||||
@echo " qthelp to make HTML files and a qthelp project"
|
||||
@echo " applehelp to make an Apple Help Book"
|
||||
@echo " devhelp to make HTML files and a Devhelp project"
|
||||
@echo " epub to make an epub"
|
||||
@echo " epub3 to make an epub3"
|
||||
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
|
||||
@echo " latexpdf to make LaTeX files and run them through pdflatex"
|
||||
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
|
||||
@echo " text to make text files"
|
||||
@echo " man to make manual pages"
|
||||
@echo " texinfo to make Texinfo files"
|
||||
@echo " info to make Texinfo files and run them through makeinfo"
|
||||
@echo " gettext to make PO message catalogs"
|
||||
@echo " changes to make an overview of all changed/added/deprecated items"
|
||||
@echo " xml to make Docutils-native XML files"
|
||||
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
|
||||
@echo " linkcheck to check all external links for integrity"
|
||||
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
|
||||
@echo " coverage to run coverage check of the documentation (if enabled)"
|
||||
@echo " dummy to check syntax errors of document sources"
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -rf $(BUILDDIR)/*
|
||||
rm -rf $(_BUILDDIR)/*
|
||||
|
||||
.PHONY: html
|
||||
html:
|
||||
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
|
||||
|
||||
.PHONY: dirhtml
|
||||
dirhtml:
|
||||
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
|
||||
|
||||
.PHONY: singlehtml
|
||||
singlehtml:
|
||||
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
|
||||
|
||||
.PHONY: pickle
|
||||
pickle:
|
||||
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
|
||||
@echo
|
||||
@echo "Build finished; now you can process the pickle files."
|
||||
|
||||
.PHONY: json
|
||||
json:
|
||||
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
|
||||
@echo
|
||||
@echo "Build finished; now you can process the JSON files."
|
||||
|
||||
.PHONY: htmlhelp
|
||||
htmlhelp:
|
||||
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run HTML Help Workshop with the" \
|
||||
".hhp project file in $(BUILDDIR)/htmlhelp."
|
||||
|
||||
.PHONY: qthelp
|
||||
qthelp:
|
||||
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
|
||||
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
|
||||
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/cdist-docs.qhcp"
|
||||
@echo "To view the help file:"
|
||||
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/cdist-docs.qhc"
|
||||
|
||||
.PHONY: applehelp
|
||||
applehelp:
|
||||
$(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp
|
||||
@echo
|
||||
@echo "Build finished. The help book is in $(BUILDDIR)/applehelp."
|
||||
@echo "N.B. You won't be able to view it unless you put it in" \
|
||||
"~/Library/Documentation/Help or install it in your application" \
|
||||
"bundle."
|
||||
|
||||
.PHONY: devhelp
|
||||
devhelp:
|
||||
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
|
||||
@echo
|
||||
@echo "Build finished."
|
||||
@echo "To view the help file:"
|
||||
@echo "# mkdir -p $$HOME/.local/share/devhelp/cdist-docs"
|
||||
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/cdist-docs"
|
||||
@echo "# devhelp"
|
||||
|
||||
.PHONY: epub
|
||||
epub:
|
||||
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
|
||||
@echo
|
||||
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
|
||||
|
||||
.PHONY: epub3
|
||||
epub3:
|
||||
$(SPHINXBUILD) -b epub3 $(ALLSPHINXOPTS) $(BUILDDIR)/epub3
|
||||
@echo
|
||||
@echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3."
|
||||
|
||||
.PHONY: latex
|
||||
latex:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo
|
||||
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
|
||||
@echo "Run \`make' in that directory to run these through (pdf)latex" \
|
||||
"(use \`make latexpdf' here to do that automatically)."
|
||||
|
||||
.PHONY: latexpdf
|
||||
latexpdf:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo "Running LaTeX files through pdflatex..."
|
||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf
|
||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||
|
||||
.PHONY: latexpdfja
|
||||
latexpdfja:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo "Running LaTeX files through platex and dvipdfmx..."
|
||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
|
||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||
|
||||
.PHONY: text
|
||||
text:
|
||||
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
|
||||
@echo
|
||||
@echo "Build finished. The text files are in $(BUILDDIR)/text."
|
||||
|
||||
.PHONY: man
|
||||
man:
|
||||
$(SPHINXBUILD) -b cman $(ALLSPHINXOPTS) $(BUILDDIR)/man
|
||||
mkdir -p $(BUILDDIR)/man/man7
|
||||
mv -f $(BUILDDIR)/man/*.7 $(BUILDDIR)/man/man7/
|
||||
@echo
|
||||
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
|
||||
|
||||
.PHONY: texinfo
|
||||
texinfo:
|
||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||
@echo
|
||||
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
|
||||
@echo "Run \`make' in that directory to run these through makeinfo" \
|
||||
"(use \`make info' here to do that automatically)."
|
||||
|
||||
.PHONY: info
|
||||
info:
|
||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||
@echo "Running Texinfo files through makeinfo..."
|
||||
make -C $(BUILDDIR)/texinfo info
|
||||
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
|
||||
|
||||
.PHONY: gettext
|
||||
gettext:
|
||||
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
|
||||
@echo
|
||||
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
|
||||
|
||||
.PHONY: changes
|
||||
changes:
|
||||
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
|
||||
@echo
|
||||
@echo "The overview file is in $(BUILDDIR)/changes."
|
||||
|
||||
.PHONY: linkcheck
|
||||
linkcheck:
|
||||
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
|
||||
@echo
|
||||
@echo "Link check complete; look for any errors in the above output " \
|
||||
"or in $(BUILDDIR)/linkcheck/output.txt."
|
||||
|
||||
.PHONY: doctest
|
||||
doctest:
|
||||
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
|
||||
@echo "Testing of doctests in the sources finished, look at the " \
|
||||
"results in $(BUILDDIR)/doctest/output.txt."
|
||||
|
||||
.PHONY: coverage
|
||||
coverage:
|
||||
$(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage
|
||||
@echo "Testing of coverage in the sources finished, look at the " \
|
||||
"results in $(BUILDDIR)/coverage/python.txt."
|
||||
|
||||
.PHONY: xml
|
||||
xml:
|
||||
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
|
||||
@echo
|
||||
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
|
||||
|
||||
.PHONY: pseudoxml
|
||||
pseudoxml:
|
||||
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
|
||||
@echo
|
||||
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
|
||||
|
||||
.PHONY: dummy
|
||||
dummy:
|
||||
$(SPHINXBUILD) -b dummy $(ALLSPHINXOPTS) $(BUILDDIR)/dummy
|
||||
@echo
|
||||
@echo "Build finished. Dummy builder generates no files."
|
101
docs/src/conf.py
101
docs/src/conf.py
|
@ -1,101 +0,0 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
import sys
|
||||
import os
|
||||
import sphinx_rtd_theme
|
||||
|
||||
from datetime import date
|
||||
|
||||
# If extensions (or modules to document with autodoc) are in another directory,
|
||||
# add these directories to sys.path here. If the directory is relative to the
|
||||
# documentation root, use os.path.abspath to make it absolute, like shown here.
|
||||
# sys.path.insert(0, os.path.abspath('.'))
|
||||
sys.path.insert(0, os.path.abspath(os.path.join(
|
||||
os.path.dirname(os.path.realpath(__file__)), "..", "..")))
|
||||
|
||||
# -- General configuration ------------------------------------------------
|
||||
|
||||
# If your documentation needs a minimal Sphinx version, state it here.
|
||||
# needs_sphinx = '1.0'
|
||||
|
||||
# Add any Sphinx extension module names here, as strings. They can be
|
||||
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
|
||||
# ones.
|
||||
extensions = [
|
||||
'docs.src.manpage',
|
||||
'sphinx.ext.extlinks',
|
||||
]
|
||||
|
||||
# The suffix(es) of source filenames.
|
||||
# You can specify multiple suffix as a list of string:
|
||||
source_suffix = ['.rst']
|
||||
|
||||
# The encoding of source files.
|
||||
# source_encoding = 'utf-8-sig'
|
||||
|
||||
# The master toctree document.
|
||||
master_doc = 'index'
|
||||
|
||||
# General information about the project.
|
||||
project = 'cdist-contrib'
|
||||
copyright = 'cdist-contrib contributors'
|
||||
|
||||
# The version info for the project you're documenting, acts as replacement for
|
||||
# |version| and |release|, also used in various other places throughout the
|
||||
# built documents.
|
||||
|
||||
version = str(date.today())
|
||||
release = os.popen('git rev-parse HEAD').read()
|
||||
|
||||
# The language for content autogenerated by Sphinx. Refer to documentation
|
||||
# for a list of supported languages.
|
||||
#
|
||||
# This is also used if you do content translation via gettext catalogs.
|
||||
# Usually you set "language" from the command line for these cases.
|
||||
language = None
|
||||
|
||||
# The name of the Pygments (syntax highlighting) style to use.
|
||||
pygments_style = 'sphinx'
|
||||
|
||||
# If true, `todo` and `todoList` produce output, else they produce nothing.
|
||||
todo_include_todos = False
|
||||
|
||||
# -- Options for HTML output ----------------------------------------------
|
||||
|
||||
# The theme to use for HTML and HTML Help pages. See the documentation for
|
||||
# a list of builtin themes.
|
||||
html_theme = 'sphinx_rtd_theme'
|
||||
html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
|
||||
|
||||
# Output file base name for HTML help builder.
|
||||
htmlhelp_basename = 'cdistcontribdoc'
|
||||
|
||||
# -- Options for manual page output ---------------------------------------
|
||||
|
||||
# One entry per manual page. List of tuples
|
||||
# (source start file, name, description, authors, manual section).
|
||||
root_mandir = os.path.dirname(os.path.realpath(__file__))
|
||||
mandirs = []
|
||||
for mansubdir in ('man7',):
|
||||
mandirs.append((os.path.join(root_mandir, mansubdir), mansubdir[-1]))
|
||||
man_pages = []
|
||||
for mandir, section in mandirs:
|
||||
for root, dirs, files in os.walk(mandir):
|
||||
for fname in files:
|
||||
froot, fext = os.path.splitext(fname)
|
||||
if fext == '.rst':
|
||||
man_page = (os.path.join('man' + str(section), froot),
|
||||
froot, '', [], section)
|
||||
man_pages.append(man_page)
|
||||
|
||||
# man_pages = [
|
||||
# ('cdist-type', 'cdist-type', 'cdist-type documentation',
|
||||
# [author], 1),
|
||||
# ('man7/cdist-type__file', 'cdist-type__file',
|
||||
# '', [], 1),
|
||||
# ('cdist-type__directory', 'cdist-type__directory',
|
||||
# 'cdist-type__directory documentation', [author], 1),
|
||||
# ]
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
# man_show_urls = False
|
|
@ -1,40 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
__cdist_pwd="$(pwd -P)"
|
||||
__cdist_mydir="${0%/*}";
|
||||
__cdist_abs_mydir="$(cd "$__cdist_mydir" && pwd -P)"
|
||||
__cdist_myname=${0##*/};
|
||||
__cdist_abs_myname="$__cdist_abs_mydir/$__cdist_myname"
|
||||
|
||||
filename="${__cdist_myname%.sh}"
|
||||
dest="$__cdist_abs_mydir/$filename"
|
||||
|
||||
if ! command -v pandoc > /dev/null; then
|
||||
echo "Pandoc is required to generate HTML index from README." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd "$__cdist_abs_mydir"
|
||||
|
||||
exec > "$dest"
|
||||
|
||||
pandoc -f markdown -t rst ../../README.md
|
||||
|
||||
cat << EOF
|
||||
|
||||
.. toctree::
|
||||
:hidden:
|
||||
|
||||
EOF
|
||||
|
||||
# If there is no such file then ls prints error to stderr,
|
||||
# so redirect stderr to /dev/null.
|
||||
for type in $(ls man7/cdist-type__*.rst 2>/dev/null | LC_ALL=C sort); do
|
||||
no_dir="${type#man7/}";
|
||||
no_type="${no_dir#cdist-type}";
|
||||
name="${no_type%.rst}";
|
||||
manref="${no_dir%.rst}"
|
||||
man="${manref}(7)"
|
||||
|
||||
echo " $name" "<man7/${manref}>"
|
||||
done
|
|
@ -1,87 +0,0 @@
|
|||
import sphinx.builders.manpage
|
||||
import sphinx.writers.manpage
|
||||
from docutils.frontend import OptionParser
|
||||
from sphinx.util.console import bold, darkgreen
|
||||
from six import string_types
|
||||
from docutils.io import FileOutput
|
||||
from os import path
|
||||
from sphinx.util.nodes import inline_all_toctrees
|
||||
from sphinx import addnodes
|
||||
from sphinx.util import logging
|
||||
|
||||
"""
|
||||
Extension based on sphinx builtin manpage.
|
||||
It does not write its own .SH NAME based on config,
|
||||
but leaves everything to actual reStructuredText file content.
|
||||
"""
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class ManualPageTranslator(sphinx.writers.manpage.ManualPageTranslator):
|
||||
|
||||
def header(self):
|
||||
tmpl = (".TH \"%(title_upper)s\" \"%(manual_section)s\""
|
||||
" \"%(date)s\" \"%(version)s\" \"%(manual_group)s\"\n")
|
||||
return tmpl % self._docinfo
|
||||
|
||||
|
||||
class ManualPageWriter(sphinx.writers.manpage.ManualPageWriter):
|
||||
|
||||
def __init__(self, builder):
|
||||
super().__init__(builder)
|
||||
self.translator_class = (
|
||||
self.builder.get_translator_class() or ManualPageTranslator)
|
||||
|
||||
|
||||
class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder):
|
||||
|
||||
name = 'cman'
|
||||
default_translator_class = ManualPageTranslator
|
||||
|
||||
def write(self, *ignored):
|
||||
docwriter = ManualPageWriter(self)
|
||||
docsettings = OptionParser(
|
||||
defaults=self.env.settings,
|
||||
components=(docwriter,),
|
||||
read_config_files=True).get_default_values()
|
||||
|
||||
logger.info(bold('writing... '), nonl=True)
|
||||
|
||||
for info in self.config.man_pages:
|
||||
docname, name, description, authors, section = info
|
||||
if isinstance(authors, string_types):
|
||||
if authors:
|
||||
authors = [authors]
|
||||
else:
|
||||
authors = []
|
||||
|
||||
targetname = '%s.%s' % (name, section)
|
||||
logger.info(darkgreen(targetname) + ' { ', nonl=True)
|
||||
destination = FileOutput(
|
||||
destination_path=path.join(self.outdir, targetname),
|
||||
encoding='utf-8')
|
||||
|
||||
tree = self.env.get_doctree(docname)
|
||||
docnames = set()
|
||||
largetree = inline_all_toctrees(self, docnames, docname, tree,
|
||||
darkgreen, [docname])
|
||||
logger.info('} ', nonl=True)
|
||||
self.env.resolve_references(largetree, docname, self)
|
||||
# remove pending_xref nodes
|
||||
for pendingnode in largetree.traverse(addnodes.pending_xref):
|
||||
pendingnode.replace_self(pendingnode.children)
|
||||
|
||||
largetree.settings = docsettings
|
||||
largetree.settings.title = name
|
||||
largetree.settings.subtitle = description
|
||||
largetree.settings.authors = authors
|
||||
largetree.settings.section = section
|
||||
|
||||
docwriter.write(largetree, destination)
|
||||
logger.info("")
|
||||
|
||||
|
||||
def setup(app):
|
||||
app.add_builder(ManualPageBuilder)
|
|
@ -1,7 +0,0 @@
|
|||
# This image is used in the cdist-contrib CI for linting and generating the
|
||||
# documentation.
|
||||
FROM fedora:latest
|
||||
MAINTAINER Timothée Floure <fnux@ungleich.ch>
|
||||
|
||||
RUN dnf install -y git findutils make python3-sphinx python3-sphinx_rtd_theme \
|
||||
ShellCheck openssh-clients pandoc
|
|
@ -1,29 +1,21 @@
|
|||
#!/bin/sh -eu
|
||||
#!/bin/sh
|
||||
|
||||
SHELLCHECKCMD='shellcheck -s sh -f gcc -x'
|
||||
SHELLCHECKCMD="shellcheck -s sh -f gcc -x"
|
||||
# Skip SC2154 for variables starting with __ since such variables are cdist
|
||||
# environment variables.
|
||||
SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]'
|
||||
SHELLCHECKTMP='.shellcheck.tmp'
|
||||
SHELLCHECKTMP=".shellcheck.tmp"
|
||||
|
||||
# Move to top-level cdist-contrib directory.
|
||||
cd "$(dirname $0)"/..
|
||||
cd $(dirname $0)/..
|
||||
|
||||
check () {
|
||||
find type/ -type f "$@" -exec ${SHELLCHECKCMD} {} + \
|
||||
| grep -v "${SHELLCHECK_SKIP}" >>"${SHELLCHECKTMP}" || true
|
||||
find type/ -type f $1 $2 -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
|
||||
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
|
||||
}
|
||||
|
||||
rm -f "${SHELLCHECKTMP}"
|
||||
|
||||
check -path '*/explorer/*'
|
||||
check -path '*/files/*' -name '*.sh'
|
||||
check -path "*/explorer/*"
|
||||
check -path "*/files/*.sh"
|
||||
check -name manifest
|
||||
check -name gencode-local
|
||||
check -name gencode-remote
|
||||
|
||||
if test -s "${SHELLCHECKTMP}"
|
||||
then
|
||||
cat "${SHELLCHECKTMP}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
passphrase=
|
||||
appendonly=
|
||||
|
||||
case "$(cat "${__object:?}/parameter/encryption")" in
|
||||
none)
|
||||
enc=none
|
||||
;;
|
||||
repokey)
|
||||
enc=repokey
|
||||
if [ -f "${__object:?}/parameter/passphrase" ];
|
||||
then
|
||||
passphrase="$(cat "${__object:?}/parameter/passphrase")"
|
||||
else
|
||||
echo "__borg_repo cannot use repokey encryption with no passphrase. Aborting." >&2;
|
||||
exit 1;
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
echo "$enc is not a known encryption mode for __borg_repo. Aborting." >&2
|
||||
exit 1;
|
||||
esac
|
||||
|
||||
if [ -f "${__object:?}/parameter/append-only" ];
|
||||
then
|
||||
appendonly='--append-only'
|
||||
fi
|
||||
|
||||
cat <<- EOF
|
||||
if ! borg check --repository-only 1>&2 2>/dev/null "/${__object_id:?}";
|
||||
then
|
||||
BORG_NEW_PASSPHRASE=$passphrase borg init -e ${enc:?} $appendonly /${__object_id:?}
|
||||
fi
|
||||
EOF
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
cdist-type__borg_repo(7)
|
||||
========================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__borg_repo - Configure a borg repository on host
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
|
||||
Initializes a borg repository at the location specified in the
|
||||
`${__object_id}`. Nothing is done if the repository already exists.
|
||||
|
||||
Currently, only `none` and `repokey` are supported as encryption modes;
|
||||
`repokey` requires the `passphrase` argument to be given. The default is
|
||||
`none`.
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
encryption
|
||||
The encryption to use.
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
passphrase
|
||||
The passphrase to encrypt the keyfile with.
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
append-only
|
||||
If the repository is append-only
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Joachim Desroches. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
|
@ -1,14 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
os="$(cat "${__global:?}"/explorer/os)"
|
||||
|
||||
case "$os" in
|
||||
"alpine")
|
||||
borg_package=borgbackup
|
||||
;;
|
||||
*)
|
||||
echo "__borg_repo is not yet implemented for os $os. Aborting." >&2;
|
||||
exit 1;
|
||||
esac
|
||||
|
||||
__package "$borg_package"
|
|
@ -1 +0,0 @@
|
|||
append-only
|
|
@ -1 +0,0 @@
|
|||
none
|
|
@ -1 +0,0 @@
|
|||
passphrase
|
|
@ -1 +0,0 @@
|
|||
encryption
|
|
@ -1,49 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# This explorer determines the path of dma's auth.conf file
|
||||
|
||||
# No dma.conf -> use default
|
||||
test -f /etc/dma/dma.conf || {
|
||||
echo /etc/dma/auth.conf
|
||||
exit 0
|
||||
}
|
||||
test -r /etc/dma/dma.conf || {
|
||||
echo 'Cannot read /etc/dma/dma.conf' >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Get AUTHPATH from dma.conf
|
||||
awk -F'[ \t]' '
|
||||
{
|
||||
sub(/#.*$/, "", $0) # remove comments
|
||||
if (!$0) next # ignore empty lines
|
||||
}
|
||||
$1 == "AUTHPATH" {
|
||||
# Store authpath. In dma conf parsing last wins.
|
||||
if ($2) authpath = substr($0, index($0, " ") + 1)
|
||||
}
|
||||
END {
|
||||
if (authpath) {
|
||||
print authpath
|
||||
exit 0
|
||||
} else exit 1
|
||||
}
|
||||
' /etc/dma/dma.conf \
|
||||
|| echo /etc/dma/auth.conf # default
|
|
@ -1,34 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# This explorer returns a sorted list of "active" (= non-commented) lines
|
||||
# in the dma.conf file.
|
||||
# "Trailing" line comments are stripped off.
|
||||
#
|
||||
# NOTE: This explorer assumes that the sort(1) utility supports the non-POXIX
|
||||
# -s (stable sort) option.
|
||||
|
||||
CONF_PATH=/etc/dma # set in Makefile
|
||||
dma_conf="${CONF_PATH:?}/dma.conf"
|
||||
|
||||
test -f "${dma_conf}" || exit 0
|
||||
|
||||
grep -v -e '^[ \t]*#\|^$' "${dma_conf}" \
|
||||
| sed -e 's/[ \t]*#.*$//' \
|
||||
| sort -s -k 1,1
|
|
@ -1,178 +0,0 @@
|
|||
#!/usr/bin/awk -f
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
function comment_line(line) {
|
||||
# returns the position in line at which the comment's text starts
|
||||
# (0 if the line is not a comment)
|
||||
match(line, /^[ \t]*\#+[ \t]*/)
|
||||
return RSTART ? (RLENGTH + 1) : 0
|
||||
}
|
||||
function empty_line(line) { return line ~ /^[ \t]*$/ }
|
||||
function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word"
|
||||
|
||||
function first(line, sep_re) {
|
||||
# returns the part of the line until sep is found
|
||||
# (or the whole line if sep is not found)
|
||||
if (!sep_re) sep_re = "[" SUBSEP "]"
|
||||
match(line, sep_re)
|
||||
return RSTART ? substr(line, 1, RSTART - 1) : line
|
||||
}
|
||||
|
||||
function rest(line, sep_re) {
|
||||
# returns the part of the line after the first occurrence of sep is found.
|
||||
# (or nothing if sep is not found)
|
||||
if (!sep_re) sep_re = "[" SUBSEP "]"
|
||||
if (match(line, sep_re))
|
||||
return substr(line, RSTART + RLENGTH)
|
||||
}
|
||||
|
||||
function conf_pop(word, value) {
|
||||
# returns the next value for the config `word` and delete it from the list.
|
||||
# if value is set, this function will only return value if it is the first
|
||||
# option in the list, otherwise it returns 0.
|
||||
|
||||
if (!(word in conf)) return 0
|
||||
if (!value) {
|
||||
if (index(conf[word], SUBSEP)) # more than one element?
|
||||
value = substr(conf[word], 1, index(conf[word], SUBSEP) - 1)
|
||||
else
|
||||
value = conf[word]
|
||||
}
|
||||
|
||||
if (index(conf[word], SUBSEP)) {
|
||||
if (index(conf[word], value SUBSEP) != 1) return 0
|
||||
conf[word] = substr(conf[word], length(value) + 2)
|
||||
} else {
|
||||
if (conf[word] != value) return 0
|
||||
delete conf[word]
|
||||
}
|
||||
return value
|
||||
}
|
||||
|
||||
function print_conf(word, value) {
|
||||
# print a config line with the given parameters
|
||||
printf "%s", word
|
||||
if (value) printf " %s", value
|
||||
printf "\n"
|
||||
}
|
||||
|
||||
function print_confs(word, value) {
|
||||
# print config lines for all values stored in conf[word].
|
||||
if (!(word in conf)) return
|
||||
if (conf[word]) {
|
||||
while (value = conf_pop(word))
|
||||
print_conf(word, value)
|
||||
} else {
|
||||
print_conf(word)
|
||||
delete conf[word]
|
||||
}
|
||||
}
|
||||
|
||||
BEGIN {
|
||||
FS = "\n"
|
||||
EQS = "[ \t]" # copied from dma/conf.c
|
||||
|
||||
if (ARGV[2]) exit (e=1)
|
||||
|
||||
# Loop over file twice!
|
||||
ARGV[2] = ARGV[1]
|
||||
ARGC++
|
||||
|
||||
# read the "should" state into the `conf` array.
|
||||
while (getline < "/dev/stdin") {
|
||||
word = first($0, EQS)
|
||||
if ((word in conf))
|
||||
conf[word] = conf[word] SUBSEP rest($0, EQS)
|
||||
else
|
||||
conf[word] = rest($0, EQS)
|
||||
}
|
||||
}
|
||||
|
||||
# first pass, gather information about where which information is stored in the
|
||||
# current config file. This information will be used in the second pass.
|
||||
NR == FNR {
|
||||
if (comment_line($0)) {
|
||||
# comment line
|
||||
word = first(substr($0, comment_line($0)), " ")
|
||||
if (is_word(word)) last_occ["#" word] = FNR
|
||||
} else {
|
||||
word = first($0, EQS)
|
||||
if (is_word(word)) last_occ[word] = FNR
|
||||
}
|
||||
}
|
||||
|
||||
# before second pass prepare hashes containing location information to be used
|
||||
# in the second pass.
|
||||
NR > FNR && FNR == 1 {
|
||||
# First we drop the locations of commented-out options if a non-commented
|
||||
# option is available. If a non-commented option is available, we will
|
||||
# append new config options there to have them all at one place.
|
||||
for (k in last_occ)
|
||||
if (k ~ /^\#/ && (substr(k, 2) in last_occ))
|
||||
delete last_occ[k]
|
||||
|
||||
# Reverse the option => line mapping. The line_map allows for easier lookups
|
||||
# in the second pass.
|
||||
for (k in last_occ) line_map[last_occ[k]] = k
|
||||
}
|
||||
|
||||
# second pass, generate and output new config
|
||||
NR > FNR {
|
||||
if (comment_line($0) || empty_line($0)) {
|
||||
# comment or empty line
|
||||
print
|
||||
|
||||
if ((FNR in line_map)) {
|
||||
if (line_map[FNR] ~ /^\#/) {
|
||||
# This line contains a commented config option. If the conf hash
|
||||
# contains options to be set, we output them here because this
|
||||
# option is not used in the current config.
|
||||
k = substr(line_map[FNR], 2)
|
||||
if ((k in conf)) print_confs(k)
|
||||
}
|
||||
|
||||
if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) {
|
||||
# INSECURE goes where SECURE comment is.
|
||||
print_confs("INSECURE")
|
||||
}
|
||||
}
|
||||
} else {
|
||||
word = first($0, EQS)
|
||||
value = rest($0, EQS)
|
||||
sub(/[ \t]*\#.*$/, "", value) # ignore comments in value
|
||||
|
||||
if ((word in conf) && value == first(conf[word])) {
|
||||
# keep config options we want
|
||||
conf_pop(word)
|
||||
print
|
||||
}
|
||||
|
||||
if ((FNR in line_map) && line_map[FNR] == word) {
|
||||
# rest of config options should be here
|
||||
print_confs(word)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
END {
|
||||
if (e) exit
|
||||
|
||||
# print rest of config options (
|
||||
for (word in conf) print_confs(word)
|
||||
}
|
|
@ -1,177 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
|
||||
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
|
||||
|
||||
CONF_PATH=/etc/dma # set in Makefile
|
||||
|
||||
# Determine mailname
|
||||
if test -f "${__object:?}/parameter/mailname"
|
||||
then
|
||||
mailname=$(cat "${__object:?}/parameter/mailname")
|
||||
else
|
||||
case $(cat "${__global:?}/explorer/os")
|
||||
in
|
||||
(debian|devuan|ubuntu)
|
||||
# On Debian-like systems use /etc/mailname unless --mailname is used
|
||||
mailname='/etc/mailname'
|
||||
;;
|
||||
(*)
|
||||
mailname=${__target_fqdn:?}
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
|
||||
# Generate "should" values for config
|
||||
conf_should=$(
|
||||
if test -s "${__object:?}/parameter/smarthost"
|
||||
then
|
||||
printf 'SMARTHOST %s\n' "$(cat "${__object:?}/parameter/smarthost")"
|
||||
fi
|
||||
|
||||
printf 'MAILNAME %s\n' "${mailname}"
|
||||
|
||||
if test -s "${__object:?}/explorer/auth_conf"
|
||||
then
|
||||
printf "AUTHPATH %s\n" "$(cat "${__object:?}/explorer/auth_conf")"
|
||||
fi
|
||||
|
||||
case $(cat "${__object:?}/parameter/security")
|
||||
in
|
||||
(ssl|tls)
|
||||
default_smtp_port=465
|
||||
echo 'SECURETRANSFER'
|
||||
;;
|
||||
(starttls)
|
||||
default_smtp_port=587
|
||||
echo 'SECURETRANSFER'
|
||||
echo 'STARTTLS'
|
||||
;;
|
||||
(opportunistic)
|
||||
default_smtp_port=25
|
||||
echo 'SECURETRANSFER'
|
||||
echo 'STARTTLS'
|
||||
echo 'OPPORTUNISTIC_TLS'
|
||||
;;
|
||||
(insecure)
|
||||
default_smtp_port=25
|
||||
echo 'INSECURE'
|
||||
;;
|
||||
esac
|
||||
|
||||
if test -s "${__object:?}/parameter/port"
|
||||
then
|
||||
printf 'PORT %u\n' "$(cat "${__object:?}/parameter/port")"
|
||||
elif test "${default_smtp_port}" -ne 25 # DMA uses port 25 by default
|
||||
then
|
||||
printf 'PORT %u\n' "${default_smtp_port}"
|
||||
fi
|
||||
|
||||
if test -f "${__object:?}/parameter/masquerade"
|
||||
then
|
||||
while read -r line
|
||||
do
|
||||
printf 'MASQUERADE %s\n' "${line}"
|
||||
done <"${__object:?}/parameter/masquerade"
|
||||
fi
|
||||
|
||||
if test -f "${__object:?}/parameter/defer"
|
||||
then
|
||||
echo 'DEFER'
|
||||
fi
|
||||
|
||||
if test -f "${__object:?}/parameter/fullbounce"
|
||||
then
|
||||
echo 'FULLBOUNCE'
|
||||
fi
|
||||
|
||||
if test -f "${__object:?}/parameter/nullclient"
|
||||
then
|
||||
test -s "${__object:?}/parameter/smarthost" || {
|
||||
echo '--nullclient requires a --smarthost to be defined' >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
echo 'NULLCLIENT'
|
||||
fi
|
||||
)
|
||||
# Sort conf_should to compare against "conf_is"
|
||||
conf_should=$(echo "${conf_should}" | sort -s -k 1,1)
|
||||
|
||||
config_updated=false
|
||||
if ! echo "${conf_should}" | cmp -s "${__object:?}/explorer/conf" -
|
||||
then
|
||||
# config needs to be updated
|
||||
dma_conf="${CONF_PATH:?}/dma.conf"
|
||||
|
||||
# The following AWK script will output the new config file to be stored on
|
||||
# disk. To do so it reads the current dma.conf file and the config options
|
||||
# that should be set (from stdin).
|
||||
# Note that the path to the current dma.conf is passed to AWK twice, because
|
||||
# the new file cannot be generated in one pass.
|
||||
|
||||
# The logic tries to place options at a sensible location, that is:
|
||||
# a) if the option is already used in the config file:
|
||||
# group all similar options (e.g. MASQUERADE) at one place in the order
|
||||
# they are listed in stdin.
|
||||
# b) if it is a new option and a "default comment" (e.g. "#PORT 25") exists:
|
||||
# place options grouped directly after the comment (the comment is left
|
||||
# alone)
|
||||
# c) otherwise:
|
||||
# options are grouped by word (the first word in the line) and appended
|
||||
# at the end of the file.
|
||||
|
||||
cat <<-CODE
|
||||
awk $(drop_awk_comments "${__type:?}/files/update_dma_conf.awk") $(quote "${dma_conf}") <<'EOF' >$(quote "${dma_conf}.tmp") \
|
||||
&& cat $(quote "${dma_conf}.tmp") >$(quote "${dma_conf}")
|
||||
${conf_should}
|
||||
EOF
|
||||
rm $(quote "${dma_conf}.tmp")
|
||||
CODE
|
||||
|
||||
config_updated=true
|
||||
echo 'config updated' >>"${__messages_out:?}"
|
||||
fi
|
||||
|
||||
|
||||
# Send a test email if enabled and necessary (=configuration changed)
|
||||
if test -f "${__object:?}/parameter/send-test-mail"
|
||||
then
|
||||
if grep -q '^__mail_alias/root:' "${__messages_in:?}" \
|
||||
|| grep -q '^__dma_auth/' "${__messages_in:?}" \
|
||||
|| ${config_updated}
|
||||
then
|
||||
cat <<-CODE
|
||||
sendmail root <<'EOF'
|
||||
Subject: [cdist] Test mail from '${__target_fqdn:?}'
|
||||
|
||||
Hi,
|
||||
|
||||
you can ignore this message.
|
||||
Its sole purpose is to notify you that root mail on ${__target_fqdn:?}
|
||||
will be redirected to you.
|
||||
|
||||
Enjoy!
|
||||
EOF
|
||||
CODE
|
||||
fi
|
||||
fi
|
|
@ -1,112 +0,0 @@
|
|||
cdist-type__dma(7)
|
||||
============================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__dma - Setup the DragonFly Mail Agent as the MTA.
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This (singleton) type uses DMA, a small Mail Transport Agent (MTA), to accept
|
||||
mails from locally installed Mail User Agents (MUA) and either deliver the mails
|
||||
to a remote smart host for delivery or communicate with remote SMTP servers
|
||||
directly.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
None.
|
||||
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
defer
|
||||
If enabled, mail will not be sent immediately, but stored in a queue.
|
||||
To flush the queue and send the mails, ```dma -q`` has to be run
|
||||
periodically (e.g. using a cron job.)
|
||||
This type does not manage such a cron job, but some operating systems ship
|
||||
such a cron job with the package.
|
||||
fullbounce
|
||||
Enable if bounce messages should include the complete original message,
|
||||
not just the headers.
|
||||
nullclient
|
||||
Enable to bypass aliases and local delivery, and instead forward all mails
|
||||
to the defined ``--smarthost``.
|
||||
send-test-mail
|
||||
If set, this type will send a test email to root after setup, to check if
|
||||
the configured settings work.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
mailname
|
||||
If present, this will be the hostname used to identify this host and the
|
||||
remote part of the sender addresses.
|
||||
If not defined, it defaults to ``/etc/mailname`` on Debian derivatives and
|
||||
to ``__target_fqdn`` otherwise.
|
||||
See `dma(8)` for more information.
|
||||
|
||||
Note: on Debian derivatives the ``/etc/mailname`` file should be updated
|
||||
instead of using this parameter.
|
||||
masquerade
|
||||
Masquerade the envelope-from addresses with this address/hostname.
|
||||
Use this setting if mails are not accepted by destination mail servers
|
||||
because your sender domain is invalid.
|
||||
This option can be used multiple times.
|
||||
For more information see the `dma(8)` man page.
|
||||
port
|
||||
The port on which to deliver email.
|
||||
If not provided, a sensible default port will be used based on the
|
||||
``--security`` argument.
|
||||
security
|
||||
Configures whether and how DMA should use secure connections.
|
||||
|
||||
ssl/tls
|
||||
Enable TLS/SSL secured transfer.
|
||||
starttls
|
||||
Use STARTTLS to establish a secure connection.
|
||||
opportunistic (default)
|
||||
Will try to establish a secure connection using STARTTLS, but allow
|
||||
unencrypted transfer if STARTTLS fails.
|
||||
Most useful when dma is used without a smarthost, delivering remote
|
||||
messages directly to the outside mail exchangers.
|
||||
insecure
|
||||
allow plain text SMTP login over an insecure connection.
|
||||
Should really *not* be used anymore!
|
||||
smarthost
|
||||
The mail server used to send email.
|
||||
It must be configured to act as a relay for the host being configured by
|
||||
this type so that mail can be sent to users non-local to the smarthost.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
# Install DMA and use the smarthost mx1.domain.tld to send mail.
|
||||
__dma --smarthost mx1.domain.tld --send-test-mail
|
||||
|
||||
# Install DMA in a default configuration.
|
||||
__dma
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- `DragonFly Mail Agent <https://github.com/corecode/dma>`_
|
||||
- `DragonFly Handbook MTA <https://www.dragonflybsd.org/handbook/mta/>`_
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Evilham <contact@evilham.com>
|
||||
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Evilham and Dennis Camera. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
|
@ -1,66 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
os=$(cat "${__global:?}/explorer/os")
|
||||
|
||||
# Install DMA
|
||||
case ${os}
|
||||
in
|
||||
(alpine)
|
||||
__package dma --state present
|
||||
export require='__package/dma'
|
||||
;;
|
||||
(debian|devuan|ubuntu)
|
||||
__package dma --state present
|
||||
export require='__package/dma'
|
||||
;;
|
||||
(freebsd)
|
||||
# Stop sendmail if necessary
|
||||
__process 'sendmail' --name 'sendmail.*' --state absent \
|
||||
--stop '/etc/rc.d/sendmail onestop'
|
||||
|
||||
# ... and disable it
|
||||
__key_value 'rcconf-sendmail-enable' --file '/etc/rc.conf' \
|
||||
--key 'sendmail_enable' --delimiter '=' --value '"NONE"' \
|
||||
--exact_delimiter
|
||||
|
||||
# Setup mailwrapper accordingly
|
||||
__file '/etc/mail/mailer.conf' --mode 0644 --source - <<-'EOF'
|
||||
#
|
||||
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
|
||||
#
|
||||
sendmail /usr/libexec/dma
|
||||
send-mail /usr/libexec/dma
|
||||
mailq /usr/libexec/dma
|
||||
newaliases /usr/libexec/dma
|
||||
rmail /usr/libexec/dma
|
||||
EOF
|
||||
;;
|
||||
(*)
|
||||
cat <<EOF >&2
|
||||
Your OS (${os}) is not supported yet.
|
||||
|
||||
Maybe adding support is as simple as adapting the packages or allowing it,
|
||||
we highly encourage you to open a PR with the necessary changes.
|
||||
See: https://code.ungleich.ch/ungleich-public/cdist-contrib/
|
||||
EOF
|
||||
exit 1
|
||||
;;
|
||||
esac
|
|
@ -1,4 +0,0 @@
|
|||
defer
|
||||
fullbounce
|
||||
nullclient
|
||||
send-test-mail
|
|
@ -1 +0,0 @@
|
|||
opportunistic
|
|
@ -1,4 +0,0 @@
|
|||
mailname
|
||||
port
|
||||
security
|
||||
smarthost
|
|
@ -1 +0,0 @@
|
|||
masquerade
|
|
@ -1 +0,0 @@
|
|||
../../__dma/explorer/auth_conf
|
|
@ -1,91 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# This explorer looks for a line matching the server parameter
|
||||
# in dma's auth.conf and reports:
|
||||
# present: a line matching login + host + password exists
|
||||
# absent: no line matching login + host exists
|
||||
# different_login: a line exists but with a different login user
|
||||
# different_password: a line exists but with a different password
|
||||
# multiple: multiple lines matching host exist (should not happen)
|
||||
|
||||
auth_conf=$("${__type_explorer:?}/auth_conf")
|
||||
test -r "${auth_conf}" || exit 0
|
||||
|
||||
awk -F'\n' '
|
||||
function getvalue(path) {
|
||||
# Reads the first line of the file located at path and returns it.
|
||||
getline < path
|
||||
close(path)
|
||||
return $0
|
||||
}
|
||||
|
||||
BEGIN {
|
||||
DP = "[: \t]" # copied from dma/conf.c
|
||||
|
||||
parameter_dir = ENVIRON["__object"] "/parameter/"
|
||||
|
||||
# Read the parameters of this object
|
||||
host_param = ENVIRON["__object_id"]
|
||||
login_param = getvalue(parameter_dir "login")
|
||||
passwd_param = getvalue(parameter_dir "password")
|
||||
|
||||
state = "absent"
|
||||
}
|
||||
|
||||
/^#/ || /^$/ {
|
||||
# skip comments and empty lines
|
||||
next
|
||||
}
|
||||
|
||||
{
|
||||
# parse line
|
||||
|
||||
login = substr($0, 1, index($0, "|") - 1)
|
||||
if (!login) { login = $0 } # if no "|" found
|
||||
|
||||
host = substr($0, length(login) + 2)
|
||||
|
||||
if (match(host, DP)) {
|
||||
passwd = substr(host, RSTART + 1)
|
||||
host = substr(host, 1, RSTART - 1)
|
||||
} else {
|
||||
passwd = ""
|
||||
}
|
||||
}
|
||||
|
||||
host == host_param {
|
||||
# a match…
|
||||
if (state == "absent") {
|
||||
if (login != login_param)
|
||||
state = "different_login"
|
||||
else if (passwd != passwd_param)
|
||||
state = "different_password"
|
||||
else
|
||||
state = "present"
|
||||
} else {
|
||||
# report "multiple" to that the type can remove the duplicates.
|
||||
state = "multiple"
|
||||
}
|
||||
}
|
||||
|
||||
END {
|
||||
print state
|
||||
}
|
||||
' "${auth_conf}"
|
|
@ -1,93 +0,0 @@
|
|||
#!/usr/bin/awk -f
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
function getvalue(path) {
|
||||
# Reads the first line of the file located at path and returns it.
|
||||
getline < path
|
||||
close(path)
|
||||
return $0
|
||||
}
|
||||
|
||||
function print_should() {
|
||||
printf "%s|%s:%s\n", login_param, host_param, passwd_param
|
||||
}
|
||||
|
||||
BEGIN {
|
||||
FS = "\n"
|
||||
DP = "[: \t]" # copied from dma/conf.c
|
||||
|
||||
parameter_dir = ENVIRON["__object"] "/parameter/"
|
||||
|
||||
mode = (getvalue(parameter_dir "state") != "absent")
|
||||
|
||||
host_param = ENVIRON["__object_id"]
|
||||
login_param = getvalue(parameter_dir "login")
|
||||
passwd_param = getvalue(parameter_dir "password")
|
||||
}
|
||||
|
||||
# skip comments and empty lines
|
||||
/^#/ || /^$/ {
|
||||
print
|
||||
next
|
||||
}
|
||||
|
||||
{
|
||||
# parse line (like dma/conf.c would)
|
||||
|
||||
login = substr($0, 1, index($0, "|") - 1)
|
||||
if (!login) { login = $0 } # if no "|" found
|
||||
|
||||
host = substr($0, length(login) + 2)
|
||||
|
||||
if (match(host, DP)) {
|
||||
passwd = substr(host, RSTART + 1)
|
||||
host = substr(host, 1, RSTART - 1)
|
||||
} else {
|
||||
passwd = ""
|
||||
}
|
||||
}
|
||||
|
||||
host == host_param {
|
||||
if (mode) {
|
||||
# state_should == present
|
||||
if (!written) {
|
||||
# replace first line if host matches (but only if no line has
|
||||
# been written already -> no duplicates)
|
||||
print_should()
|
||||
written = 1
|
||||
}
|
||||
next
|
||||
} else {
|
||||
# state_should == absent
|
||||
next
|
||||
}
|
||||
}
|
||||
|
||||
# leave other lines alone
|
||||
{
|
||||
print
|
||||
}
|
||||
|
||||
END {
|
||||
if (mode && !written) {
|
||||
# append line if no match to replace was found
|
||||
print_should()
|
||||
}
|
||||
}
|
|
@ -1,72 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
|
||||
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
|
||||
|
||||
state_is=$(cat "${__object:?}/explorer/state")
|
||||
state_should=$(cat "${__object:?}/parameter/state")
|
||||
|
||||
server=${__object_id:?}
|
||||
login=$(cat "${__object:?}/parameter/login")
|
||||
|
||||
|
||||
auth_conf=$(cat "${__object:?}/explorer/auth_conf")
|
||||
test -n "${auth_conf}" || {
|
||||
echo 'Cannot determine path of dma auth.conf' >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
if test "${state_is}" = "${state_should}"
|
||||
then
|
||||
# state is as it should
|
||||
exit 0
|
||||
fi
|
||||
|
||||
case ${state_should}
|
||||
in
|
||||
(present)
|
||||
test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; }
|
||||
|
||||
if test "${state_is}" = 'absent'
|
||||
then
|
||||
printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
|
||||
else
|
||||
printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
|
||||
fi
|
||||
;;
|
||||
(absent)
|
||||
printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
|
||||
;;
|
||||
(*)
|
||||
printf 'Invalid --state: %s.\n' "${state_should}" >&2
|
||||
printf 'Acceptable values are: present, absent.\n' >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
cat <<EOF
|
||||
test -f $(quote "${auth_conf}") || touch $(quote "${auth_conf}")
|
||||
|
||||
awk $(drop_awk_comments "${__type:?}/files/update_dma_auth.awk") <$(quote "${auth_conf}") >$(quote "${auth_conf}.tmp") \
|
||||
&& cat $(quote "${auth_conf}.tmp") >$(quote "${auth_conf}")
|
||||
rm -f $(quote "${auth_conf}.tmp")
|
||||
EOF
|
|
@ -1,66 +0,0 @@
|
|||
cdist-type__dma_auth(7)
|
||||
=======================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__dma_auth - Configure SMTP logins for the DragonFly Mail Agent MTA.
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This cdist type allows you to set up credentials to log in to remote SMTP
|
||||
servers.
|
||||
|
||||
NB: dma currently (v0.13) does not differentiate between users on a host.
|
||||
It will use whatever user it finds in the ``auth.conf`` first.
|
||||
Thus, this type will use the ``__object_id`` as the host specifier.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
login
|
||||
The user's LOGIN name on the SMTP server.
|
||||
password
|
||||
The user's password (in plain text.)
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
state
|
||||
Either ``present`` or ``absent``. Defaults to ``present``.
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
None.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
# Set the password for smarthost
|
||||
__dma_auth smarthost.example.com --login joe --password hunter2
|
||||
|
||||
# Set credentials for user at an external provider
|
||||
__dma_auth mail.provider.com --login paul@example.com --password letmein
|
||||
|
||||
# Delete credentials for example.com (for all users)
|
||||
__dma_auth example.com --login '' --password '' --state absent
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
:strong:`cdist-type__dma`\ (7), :strong:`dma`\ (8)
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Dennis Camera. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
|
@ -1 +0,0 @@
|
|||
present
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -1,2 +0,0 @@
|
|||
login
|
||||
password
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
|
||||
|
||||
if [ -f "${EXPORTER_VERSION_FILE}" ]; then
|
||||
cat "${EXPORTER_VERSION_FILE}"
|
||||
fi
|
|
@ -1,56 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# This can be obtained with debconf-get-selections on a host with jitsi
|
||||
# (and also analysing the deb-src)
|
||||
if false; then
|
||||
# We are currently not using these, just here as documentation
|
||||
DEBCONF_SETTINGS="$(cat <<EOF
|
||||
# Jicofo user password:
|
||||
jicofo jicofo/jicofo-authpassword password STH
|
||||
jitsi-meet-prosody jicofo/jicofo-authpassword password STH
|
||||
# The secret used to connect to xmpp server as component
|
||||
jitsi-meet-prosody jitsi-videobridge/jvbsecret password STH
|
||||
jitsi-videobridge jitsi-videobridge/jvbsecret password STH
|
||||
jitsi-videobridge2 jitsi-videobridge/jvbsecret password STH
|
||||
# Jicofo Component secret:
|
||||
jicofo jicofo/jicofosecret password STH
|
||||
jitsi-meet-prosody jicofo/jicofosecret password STH
|
||||
# Jicofo username:
|
||||
jicofo jicofo/jicofo-authuser string focus
|
||||
jitsi-meet-prosody jicofo/jicofo-authuser string focus
|
||||
# The hostname of the current installation:
|
||||
jitsi-meet-turnserver jitsi-meet-turnserver/jvb-hostname string ${JITSI_HOST}
|
||||
# Full local server path to the SSL certificate file:
|
||||
jitsi-meet-web-config jitsi-meet/cert-path-crt string
|
||||
# Full local server path to the SSL key file:
|
||||
jitsi-meet-web-config jitsi-meet/cert-path-key string
|
||||
EOF
|
||||
)"
|
||||
fi
|
||||
|
||||
DEBCONF_SETTINGS="$(cat <<EOF
|
||||
# The hostname of the current installation:
|
||||
jitsi-meet-web-config jitsi-meet/jvb-hostname string ${JITSI_HOST}
|
||||
# Hostname:
|
||||
jicofo jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
|
||||
jitsi-meet-prosody jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
|
||||
jitsi-meet-turnserver jitsi-videobridge/jvb-hostname string ${TURN_SERVER}
|
||||
jitsi-meet-web-config jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
|
||||
jitsi-videobridge jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
|
||||
jitsi-videobridge2 jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
|
||||
# The hostname of the current installation:
|
||||
jitsi-meet-prosody jitsi-meet-prosody/jvb-hostname string ${JITSI_HOST}
|
||||
# SSL certificate for the Jitsi Meet instance
|
||||
# Choices: Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate), I want to use my own certificate
|
||||
jitsi-meet-web-config jitsi-meet/cert-choice select Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)
|
||||
EOF
|
||||
)"
|
||||
|
||||
if [ -n "${TURN_SECRET}" ]; then
|
||||
DEBCONF_SETTINGS="$(cat <<EOF
|
||||
${DEBCONF_SETTINGS}
|
||||
# The turn server secret
|
||||
jitsi-meet-prosody jitsi-meet-prosody/turn-secret string ${TURN_SECRET}
|
||||
EOF
|
||||
)"
|
||||
fi
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# Setup firewall
|
||||
__ufw
|
||||
# Allow jitsi ports
|
||||
require="__ufw" __ufw_rule http --rule 'allow 80/tcp'
|
||||
require="__ufw" __ufw_rule https --rule 'allow 443/tcp'
|
||||
require="__ufw" __ufw_rule jitsi_prom --rule 'allow 9888/tcp'
|
||||
require="__ufw" __ufw_rule avfallback --rule 'allow 4443/tcp'
|
||||
require="__ufw" __ufw_rule avdefault --rule 'allow 10000/udp'
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
|
||||
echo "service nginx reload"
|
||||
fi
|
|
@ -1,84 +0,0 @@
|
|||
cdist-type__jitsi_meet(7)
|
||||
=================================
|
||||
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__jitsi_meet - Setup the server-side of Jitsi-Meet.
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This (singleton) type installs and configures jitsi-meet automatically.
|
||||
|
||||
It does so by following loosely the official quick-install instructions and
|
||||
eXO's notes for installing and managing Jitsi Meet instances.
|
||||
|
||||
This type also sets up nginx in a way that is compatible with
|
||||
`__letsencrypt_cert` and assumes that it will only serve Jitsi instances.
|
||||
|
||||
You will also need the `__jitsi_meet_domain` type in order to finish setting up
|
||||
the web frontend (including TLS certificates) and its settings.
|
||||
|
||||
You may want to use the `files/ufw` example manifest for a `__ufw`-based
|
||||
firewall compatible with this type.
|
||||
This file does not include rules for TCP port 9888, which exposes the
|
||||
prometheus exporter if not disabled.
|
||||
You should apply your own rules here.
|
||||
|
||||
This type only works on De{bi,vu}an systems.
|
||||
|
||||
NOTE: This type currently does not deal with setting up coturn.
|
||||
For that, you might want to check `__coturn` in
|
||||
https://code.ungleich.ch/ungleich-public/cdist-contrib
|
||||
In that case, this type should run *after* `__coturn`.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
turn-secret
|
||||
The shared secret for the TURN server.
|
||||
|
||||
|
||||
turn-server
|
||||
The hostname of the TURN server.
|
||||
This will assume that it is listening with TLS on port 443.
|
||||
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
disable-prometheus-exporter
|
||||
This type enables a prometheus exporter for jitsi by default, if you would
|
||||
rather not have that, pass this parameter.
|
||||
The explorer is based on:
|
||||
https://github.com/systemli/prometheus-jitsi-meet-exporter
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
# Setup the firewall
|
||||
. "${__global}/type/__jitsi_meet/files/ufw"
|
||||
export require="__ufw"
|
||||
# Setup Jitsi on this host
|
||||
__jitsi_meet \
|
||||
--turn-server "turn.exo.cat" \
|
||||
--turn-secret "WeNeedGoodSecurity"
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- `__jitsi_meet_domain`
|
||||
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Evilham <contact@evilham.com>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Evilham.
|
|
@ -1,197 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
os="$(cat "${__global}/explorer/os")"
|
||||
init="$(cat "${__global}/explorer/init")"
|
||||
case "${os}" in
|
||||
devuan|debian)
|
||||
;;
|
||||
*)
|
||||
echo "Your OS '${os}' is currently not supported." > /dev/stderr
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
JITSI_HOST="${__target_host}"
|
||||
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
|
||||
TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
|
||||
|
||||
if [ -z "${TURN_SERVER}" ]; then
|
||||
TURN_SERVER="${JITSI_HOST}"
|
||||
fi
|
||||
|
||||
PROMETHEUS_JITSI_EXPORTER_IS_VERSION="$(cat "${__object}/explorer/prometheus-jitsi-meet-explorer-version")"
|
||||
|
||||
# The rest is loosely based on Jitsi's documentation
|
||||
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
|
||||
|
||||
# Setup repositories
|
||||
## First the signing keys
|
||||
__package gnupg2
|
||||
require="__package/gnupg2" __apt_key_uri jitsi_meet \
|
||||
--name 'Jitsi <dev@jitsi.org>' \
|
||||
--uri https://download.jitsi.org/jitsi-key.gpg.key \
|
||||
--state present
|
||||
## Now the repositories (they are a tad weird, so distribution is 'stable/')
|
||||
require="__apt_key_uri/jitsi_meet" __apt_source jitsi_meet \
|
||||
--uri 'https://download.jitsi.org' \
|
||||
--distribution 'stable/' \
|
||||
--state present
|
||||
## Ensure apt cache is up-to-date
|
||||
require="__apt_source/jitsi_meet" __apt_update_index
|
||||
|
||||
export require="${require} __apt_source/jitsi_meet __apt_update_index"
|
||||
|
||||
# Pre-feed debconf settings, so Jitsi's installation has a good config
|
||||
# shellcheck source=type/__jitsi_meet/files/debconf_settings.sh
|
||||
. "${__type}/files/debconf_settings.sh" # This defines DEBCONF_SETTINGS
|
||||
__debconf_set_selections jitsi_meet --file - <<EOF
|
||||
${DEBCONF_SETTINGS}
|
||||
EOF
|
||||
export require="${require} __debconf_set_selections/jitsi_meet"
|
||||
|
||||
# Install and upgrade packages as needed
|
||||
__package jitsi-meet
|
||||
|
||||
# Proceed only after installation/upgrade has finished
|
||||
export require="__package/jitsi-meet"
|
||||
|
||||
# TODO: generalise and move out
|
||||
# Prep nginx for acme settings
|
||||
|
||||
NGINX_ETC="/etc/nginx"
|
||||
|
||||
#
|
||||
# Setup the acme-challenge snippet
|
||||
#
|
||||
__directory "${NGINX_ETC}/snippets" --state present
|
||||
require="__directory${NGINX_ETC}/snippets" __file "${NGINX_ETC}/snippets/acme-challenge.conf" \
|
||||
--mode 644 \
|
||||
--source - << EOF
|
||||
# This file is managed remotely, all changes will be lost
|
||||
|
||||
# This was heavily inspired by debops.org.
|
||||
|
||||
# Automatic Certificate Management Environment (ACME) support.
|
||||
# https://tools.ietf.org/html/draft-ietf-acme-acme-01
|
||||
# https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment
|
||||
|
||||
|
||||
# Return the ACME challenge present in the server public root.
|
||||
# If not found, switch to global web server root.
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
default_type "text/plain";
|
||||
try_files \$uri @well-known-acme-challenge;
|
||||
}
|
||||
|
||||
# Return the ACME challenge present in the global server public root.
|
||||
# If not present, redirect request to a specified domain.
|
||||
location @well-known-acme-challenge {
|
||||
root /usr/share/jitsi-meet;
|
||||
default_type "text/plain";
|
||||
try_files \$uri @redirect-acme-challenge;
|
||||
}
|
||||
|
||||
# Redirect the ACME challenge to a different host. If a redirect loop is
|
||||
# detected, return 404.
|
||||
location @redirect-acme-challenge {
|
||||
if (\$arg_redirect) {
|
||||
return 404;
|
||||
}
|
||||
return 307 \$scheme://${ACME_DOMAIN}\$request_uri?redirect=yes;
|
||||
}
|
||||
|
||||
# Return 404 if ACME challenge well known path is accessed directly.
|
||||
location = /.well-known/acme-challenge/ {
|
||||
return 404;
|
||||
}
|
||||
EOF
|
||||
|
||||
__directory "${NGINX_ETC}/sites-available" --state present
|
||||
require="__directory${NGINX_ETC}/sites-available" __file "${NGINX_ETC}/sites-available/default" \
|
||||
--mode 644 \
|
||||
--source - << EOF
|
||||
# This file is managed remotely, all changes will be lost
|
||||
|
||||
# nginx server configuration for:
|
||||
|
||||
server {
|
||||
|
||||
# Listen on IPv4
|
||||
listen 80;
|
||||
# Note: there is an ipv6only=off flag, but it is Linux-only
|
||||
# incidentally, that defaults to "on", which is what causes
|
||||
# not having the double listen to listen on IPv6-only
|
||||
listen [::]:80;
|
||||
|
||||
server_name welcome;
|
||||
|
||||
root /srv/www/sites/welcome/public;
|
||||
|
||||
include snippets/acme-challenge.conf;
|
||||
|
||||
location / {
|
||||
return 301 https://\$host\$request_uri;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
# These two should be changed on new release
|
||||
PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.2"
|
||||
PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:c64852b1cf63efd1632ec07ac9fcead09baccc1bd8c7b21ca830a0d82d00fb3d"
|
||||
PROMETHEUS_JITSI_EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${PROMETHEUS_JITSI_EXPORTER_VERSION}/prometheus-jitsi-meet-exporter-linux-amd64"
|
||||
PROMETHEUS_JITSI_EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
|
||||
if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then
|
||||
case "${init}" in
|
||||
init|sysvinit)
|
||||
__runit
|
||||
require="__runit" __runit_service \
|
||||
prometheus-jitsi-meet-exporter --log --source - <<EOF
|
||||
#!/bin/sh -e
|
||||
cd /tmp
|
||||
exec chpst -u "nobody:nogroup" env HOME="/tmp" \\
|
||||
prometheus-jitsi-meet-exporter \\
|
||||
-videobridge-url 'http://localhost:8888/stats' \\
|
||||
-web.listen-address ':9888' 2>&1
|
||||
EOF
|
||||
|
||||
export require="__runit_service/prometheus-jitsi-meet-exporter"
|
||||
JITSI_MEET_EXPORTER_SERVICE="sv %s prometheus-jitsi-meet-exporter"
|
||||
;;
|
||||
systemd)
|
||||
__systemd_unit prometheus-jitsi-meet-exporter.service \
|
||||
--source "-" \
|
||||
--enablement-state "enabled" <<EOF
|
||||
[Unit]
|
||||
Description=Metrics Exporter for Jitsi Meet
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
DynamicUser=yes
|
||||
ExecStart=/usr/local/bin/prometheus-jitsi-meet-exporter -videobridge-url 'http://localhost:8888/stats' -web.listen-address ':9888'
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
export require="__systemd_unit/prometheus-jitsi-meet-exporter.service"
|
||||
JITSI_MEET_EXPORTER_SERVICE="service prometheus-jitsi-meet-exporter %s"
|
||||
;;
|
||||
esac
|
||||
if [ "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" != \
|
||||
"${PROMETHEUS_JITSI_EXPORTER_IS_VERSION}" ]; then
|
||||
# shellcheck disable=SC2059
|
||||
__download \
|
||||
/tmp/prometheus-jitsi-meet-exporter \
|
||||
--url "${PROMETHEUS_JITSI_EXPORTER_URL}" \
|
||||
--download remote \
|
||||
--sum "${PROMETHEUS_JITSI_EXPORTER_CHECKSUM}" \
|
||||
--onchange "$(printf "${JITSI_MEET_EXPORTER_SERVICE}" "stop") || true; chmod 555 /tmp/prometheus-jitsi-meet-exporter && mv /tmp/prometheus-jitsi-meet-exporter /usr/local/bin/prometheus-jitsi-meet-exporter && $(printf "${JITSI_MEET_EXPORTER_SERVICE}" "restart")"
|
||||
printf "%s" "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" | \
|
||||
require="${require} __download/tmp/prometheus-jitsi-meet-exporter" __file \
|
||||
"${PROMETHEUS_JITSI_EXPORTER_VERSION_FILE}" \
|
||||
--source "-"
|
||||
fi
|
||||
fi
|
||||
# TODO: disable the exporter if it is deployed and then admin changes their mind
|
|
@ -1 +0,0 @@
|
|||
disable-prometheus-exporter
|
|
@ -1,2 +0,0 @@
|
|||
turn-secret
|
||||
turn-server
|
|
@ -1,700 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# shellcheck disable=SC2034 # This is intended to be included
|
||||
JITSI_CONFIG_JS="$(cat <<EOF
|
||||
/* eslint-disable no-unused-vars, no-var */
|
||||
|
||||
var config = {
|
||||
// Connection
|
||||
//
|
||||
|
||||
hosts: {
|
||||
// XMPP domain.
|
||||
domain: '${JITSI_HOST}',
|
||||
|
||||
// When using authentication, domain for guest users.
|
||||
// anonymousdomain: 'guest.example.com',
|
||||
|
||||
// Domain for authenticated users. Defaults to <domain>.
|
||||
// authdomain: '${JITSI_HOST}',
|
||||
|
||||
// Call control component (Jigasi).
|
||||
// call_control: 'callcontrol.${JITSI_HOST}',
|
||||
|
||||
// Focus component domain. Defaults to focus.<domain>.
|
||||
// focus: 'focus.${JITSI_HOST}',
|
||||
|
||||
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||
muc: 'conference.<!--# echo var="subdomain" default="" -->${JITSI_HOST}'
|
||||
},
|
||||
|
||||
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||
bosh: '//${JITSI_HOST}/http-bind',
|
||||
|
||||
// Websocket URL
|
||||
// websocket: 'wss://${JITSI_HOST}/xmpp-websocket',
|
||||
|
||||
// The name of client node advertised in XEP-0115 'c' stanza
|
||||
clientNode: 'http://jitsi.org/jitsimeet',
|
||||
|
||||
// The real JID of focus participant - can be overridden here
|
||||
// Do not change username - FIXME: Make focus username configurable
|
||||
// https://github.com/jitsi/jitsi-meet/issues/7376
|
||||
// focusUserJid: 'focus@auth.${JITSI_HOST}',
|
||||
|
||||
|
||||
// Testing / experimental features.
|
||||
//
|
||||
|
||||
testing: {
|
||||
// Disables the End to End Encryption feature. Useful for debugging
|
||||
// issues related to insertable streams.
|
||||
// disableE2EE: false,
|
||||
|
||||
// P2P test mode disables automatic switching to P2P when there are 2
|
||||
// participants in the conference.
|
||||
p2pTestMode: false
|
||||
|
||||
// Enables the test specific features consumed by jitsi-meet-torture
|
||||
// testMode: false
|
||||
|
||||
// Disables the auto-play behavior of *all* newly created video element.
|
||||
// This is useful when the client runs on a host with limited resources.
|
||||
// noAutoPlayVideo: false
|
||||
|
||||
// Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
|
||||
// simulcast is turned off for the desktop share. If presenter is turned
|
||||
// on while screensharing is in progress, the max bitrate is automatically
|
||||
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
|
||||
// the probability for this to be enabled.
|
||||
// capScreenshareBitrate: 1 // 0 to disable
|
||||
|
||||
// Enable callstats only for a percentage of users.
|
||||
// This takes a value between 0 and 100 which determines the probability for
|
||||
// the callstats to be enabled.
|
||||
// callStatsThreshold: 5 // enable callstats for 5% of the users.
|
||||
},
|
||||
|
||||
// Disables ICE/UDP by filtering out local and remote UDP candidates in
|
||||
// signalling.
|
||||
// webrtcIceUdpDisable: false,
|
||||
|
||||
// Disables ICE/TCP by filtering out local and remote TCP candidates in
|
||||
// signalling.
|
||||
// webrtcIceTcpDisable: false,
|
||||
|
||||
|
||||
// Media
|
||||
//
|
||||
|
||||
// Audio
|
||||
|
||||
// Disable measuring of audio levels.
|
||||
disableAudioLevels: $(if [ -n "${DISABLE_AUDIO_LEVELS}" ]; then printf "true"; else printf "false"; fi),
|
||||
// audioLevelsInterval: 200,
|
||||
|
||||
// Enabling this will run the lib-jitsi-meet no audio detection module which
|
||||
// will notify the user if the current selected microphone has no audio
|
||||
// input and will suggest another valid device if one is present.
|
||||
enableNoAudioDetection: true,
|
||||
|
||||
// Enabling this will run the lib-jitsi-meet noise detection module which will
|
||||
// notify the user if there is noise, other than voice, coming from the current
|
||||
// selected microphone. The purpose it to let the user know that the input could
|
||||
// be potentially unpleasant for other meeting participants.
|
||||
enableNoisyMicDetection: true,
|
||||
|
||||
// Start the conference in audio only mode (no video is being received nor
|
||||
// sent).
|
||||
// startAudioOnly: false,
|
||||
|
||||
// Every participant after the Nth will start audio muted.
|
||||
// startAudioMuted: 10,
|
||||
|
||||
// Start calls with audio muted. Unlike the option above, this one is only
|
||||
// applied locally. FIXME: having these 2 options is confusing.
|
||||
// startWithAudioMuted: false,
|
||||
|
||||
// Enabling it (with #params) will disable local audio output of remote
|
||||
// participants and to enable it back a reload is needed.
|
||||
// startSilent: false
|
||||
|
||||
// Sets the preferred target bitrate for the Opus audio codec by setting its
|
||||
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
|
||||
// Valid values are in the range 6000 to 510000
|
||||
// opusMaxAverageBitrate: 20000,
|
||||
|
||||
// Enables redundancy for Opus
|
||||
// enableOpusRed: false
|
||||
|
||||
// Video
|
||||
|
||||
// Sets the preferred resolution (height) for local video. Defaults to 720.
|
||||
// resolution: 720,
|
||||
|
||||
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
|
||||
// Use -1 to disable.
|
||||
// maxFullResolutionParticipants: 2,
|
||||
|
||||
// w3c spec-compliant video constraints to use for video capture. Currently
|
||||
// used by browsers that return true from lib-jitsi-meet's
|
||||
// util#browser#usesNewGumFlow. The constraints are independent from
|
||||
// this config's resolution value. Defaults to requesting an ideal
|
||||
// resolution of 720p.
|
||||
// constraints: {
|
||||
// video: {
|
||||
// height: {
|
||||
// ideal: 720,
|
||||
// max: 720,
|
||||
// min: 240
|
||||
// }
|
||||
// }
|
||||
// },
|
||||
$(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||
|
||||
// Enable / disable simulcast support.
|
||||
// disableSimulcast: false,
|
||||
|
||||
// Enable / disable layer suspension. If enabled, endpoints whose HD
|
||||
// layers are not in use will be suspended (no longer sent) until they
|
||||
// are requested again.
|
||||
// enableLayerSuspension: false,
|
||||
|
||||
// Every participant after the Nth will start video muted.
|
||||
startVideoMuted: ${START_VIDEO_MUTED},
|
||||
|
||||
// Start calls with video muted. Unlike the option above, this one is only
|
||||
// applied locally. FIXME: having these 2 options is confusing.
|
||||
// startWithVideoMuted: false,
|
||||
|
||||
// If set to true, prefer to use the H.264 video codec (if supported).
|
||||
// Note that it's not recommended to do this because simulcast is not
|
||||
// supported when using H.264. For 1-to-1 calls this setting is enabled by
|
||||
// default and can be toggled in the p2p section.
|
||||
// This option has been deprecated, use preferredCodec under videoQuality section instead.
|
||||
// preferH264: true,
|
||||
|
||||
// If set to true, disable H.264 video codec by stripping it out of the
|
||||
// SDP.
|
||||
// disableH264: false,
|
||||
|
||||
// Desktop sharing
|
||||
|
||||
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
|
||||
// desktopSharingFrameRate: {
|
||||
// min: 5,
|
||||
// max: 5
|
||||
// },
|
||||
|
||||
// Try to start calls with screen-sharing instead of camera video.
|
||||
// startScreenSharing: false,
|
||||
|
||||
// Recording
|
||||
|
||||
// Whether to enable file recording or not.
|
||||
// fileRecordingsEnabled: false,
|
||||
// Enable the dropbox integration.
|
||||
// dropbox: {
|
||||
// appKey: '<APP_KEY>' // Specify your app key here.
|
||||
// // A URL to redirect the user to, after authenticating
|
||||
// // by default uses:
|
||||
// // 'https://${JITSI_HOST}/static/oauth.html'
|
||||
// redirectURI:
|
||||
// 'https://${JITSI_HOST}/subfolder/static/oauth.html'
|
||||
// },
|
||||
// When integrations like dropbox are enabled only that will be shown,
|
||||
// by enabling fileRecordingsServiceEnabled, we show both the integrations
|
||||
// and the generic recording service (its configuration and storage type
|
||||
// depends on jibri configuration)
|
||||
// fileRecordingsServiceEnabled: false,
|
||||
// Whether to show the possibility to share file recording with other people
|
||||
// (e.g. meeting participants), based on the actual implementation
|
||||
// on the backend.
|
||||
// fileRecordingsServiceSharingEnabled: false,
|
||||
|
||||
// Whether to enable live streaming or not.
|
||||
// liveStreamingEnabled: false,
|
||||
|
||||
// Transcription (in interface_config,
|
||||
// subtitles and buttons can be configured)
|
||||
// transcribingEnabled: false,
|
||||
|
||||
// Enables automatic turning on captions when recording is started
|
||||
// autoCaptionOnRecord: false,
|
||||
|
||||
// Misc
|
||||
|
||||
// Default value for the channel "last N" attribute. -1 for unlimited.
|
||||
channelLastN: ${CHANNEL_LAST_N},
|
||||
|
||||
// Provides a way to use different "last N" values based on the number of participants in the conference.
|
||||
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
|
||||
// participants gets to or above the number.
|
||||
//
|
||||
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
|
||||
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
|
||||
// will be used as default until the first threshold is reached.
|
||||
//
|
||||
// lastNLimits: {
|
||||
// 5: 20,
|
||||
// 30: 15,
|
||||
// 50: 10,
|
||||
// 70: 5,
|
||||
// 90: 2
|
||||
// },
|
||||
|
||||
// Specify the settings for video quality optimizations on the client.
|
||||
// videoQuality: {
|
||||
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
|
||||
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
|
||||
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
|
||||
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
|
||||
// disabledCodec: 'H264',
|
||||
//
|
||||
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
|
||||
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
|
||||
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
|
||||
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
|
||||
// // to take effect.
|
||||
// preferredCodec: 'VP8',
|
||||
//
|
||||
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
|
||||
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
|
||||
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
|
||||
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
|
||||
// // This is currently not implemented on app based clients on mobile.
|
||||
// maxBitratesVideo: {
|
||||
// low: 200000,
|
||||
// standard: 500000,
|
||||
// high: 1500000
|
||||
// },
|
||||
//
|
||||
// // The options can be used to override default thresholds of video thumbnail heights corresponding to
|
||||
// // the video quality levels used in the application. At the time of this writing the allowed levels are:
|
||||
// // 'low' - for the low quality level (180p at the time of this writing)
|
||||
// // 'standard' - for the medium quality level (360p)
|
||||
// // 'high' - for the high quality level (720p)
|
||||
// // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
|
||||
// //
|
||||
// // With the default config value below the application will use 'low' quality until the thumbnails are
|
||||
// // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
|
||||
// // the high quality.
|
||||
// minHeightForQualityLvl: {
|
||||
// 360: 'standard,
|
||||
// 720: 'high'
|
||||
// }
|
||||
// },
|
||||
|
||||
// // Options for the recording limit notification.
|
||||
// recordingLimit: {
|
||||
//
|
||||
// // The recording limit in minutes. Note: This number appears in the notification text
|
||||
// // but doesn't enforce the actual recording time limit. This should be configured in
|
||||
// // jibri!
|
||||
// limit: 60,
|
||||
//
|
||||
// // The name of the app with unlimited recordings.
|
||||
// appName: 'Unlimited recordings APP',
|
||||
//
|
||||
// // The URL of the app with unlimited recordings.
|
||||
// appURL: 'https://unlimited.recordings.app.com/'
|
||||
// },
|
||||
|
||||
// Disables or enables RTX (RFC 4588) (defaults to false).
|
||||
// disableRtx: false,
|
||||
|
||||
// Disables or enables TCC (the default is in Jicofo and set to true)
|
||||
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
|
||||
// affects congestion control, it practically enables send-side bandwidth
|
||||
// estimations.
|
||||
// enableTcc: true,
|
||||
|
||||
// Disables or enables REMB (the default is in Jicofo and set to false)
|
||||
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
|
||||
// control, it practically enables recv-side bandwidth estimations. When
|
||||
// both TCC and REMB are enabled, TCC takes precedence. When both are
|
||||
// disabled, then bandwidth estimations are disabled.
|
||||
// enableRemb: false,
|
||||
|
||||
// Enables ICE restart logic in LJM and displays the page reload overlay on
|
||||
// ICE failure. Current disabled by default because it's causing issues with
|
||||
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
|
||||
// not a real ICE restart), the client maintains the TCC sequence number
|
||||
// counter, but the bridge resets it. The bridge sends media packets with
|
||||
// TCC sequence numbers starting from 0.
|
||||
// enableIceRestart: false,
|
||||
|
||||
// Defines the minimum number of participants to start a call (the default
|
||||
// is set in Jicofo and set to 2).
|
||||
// minParticipants: 2,
|
||||
|
||||
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
|
||||
// we filter out TURN/UDP because it is usually not needed since the
|
||||
// bridge itself is reachable via UDP)
|
||||
// useTurnUdp: false
|
||||
|
||||
// Enables / disables a data communication channel with the Videobridge.
|
||||
// Values can be 'datachannel', 'websocket', true (treat it as
|
||||
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
|
||||
// open any channel).
|
||||
// openBridgeChannel: true,
|
||||
openBridgeChannel: 'websocket',
|
||||
|
||||
|
||||
// UI
|
||||
//
|
||||
|
||||
// Hides lobby button
|
||||
// hideLobbyButton: false,
|
||||
|
||||
// Require users to always specify a display name.
|
||||
// requireDisplayName: true,
|
||||
|
||||
// Whether to use a welcome page or not. In case it's false a random room
|
||||
// will be joined when no room is specified.
|
||||
enableWelcomePage: true,
|
||||
|
||||
// Enabling the close page will ignore the welcome page redirection when
|
||||
// a call is hangup.
|
||||
// enableClosePage: false,
|
||||
|
||||
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
|
||||
// disable1On1Mode: false,
|
||||
|
||||
// Default language for the user interface.
|
||||
defaultLanguage: '${DEFAULT_LANGUAGE}',
|
||||
|
||||
// If true all users without a token will be considered guests and all users
|
||||
// with token will be considered non-guests. Only guests will be allowed to
|
||||
// edit their profile.
|
||||
enableUserRolesBasedOnToken: false,
|
||||
|
||||
// Whether or not some features are checked based on token.
|
||||
// enableFeaturesBasedOnToken: false,
|
||||
|
||||
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
|
||||
// lockRoomGuestEnabled: false,
|
||||
|
||||
// When enabled the password used for locking a room is restricted to up to the number of digits specified
|
||||
// roomPasswordNumberOfDigits: 10,
|
||||
// default: roomPasswordNumberOfDigits: false,
|
||||
|
||||
// Message to show the users. Example: 'The service will be down for
|
||||
// maintenance at 01:00 AM GMT,
|
||||
noticeMessage: '${NOTICE_MESSAGE}',
|
||||
|
||||
// Enables calendar integration, depends on googleApiApplicationClientID
|
||||
// and microsoftApiApplicationClientID
|
||||
// enableCalendarIntegration: false,
|
||||
|
||||
// When 'true', it shows an intermediate page before joining, where the user can configure their devices.
|
||||
// prejoinPageEnabled: false,
|
||||
|
||||
// If true, shows the unsafe room name warning label when a room name is
|
||||
// deemed unsafe (due to the simplicity in the name) and a password is not
|
||||
// set or the lobby is not enabled.
|
||||
// enableInsecureRoomNameWarning: false,
|
||||
|
||||
// Whether to automatically copy invitation URL after creating a room.
|
||||
// Document should be focused for this option to work
|
||||
// enableAutomaticUrlCopy: false,
|
||||
|
||||
// Stats
|
||||
//
|
||||
|
||||
// Whether to enable stats collection or not in the TraceablePeerConnection.
|
||||
// This can be useful for debugging purposes (post-processing/analysis of
|
||||
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
|
||||
// estimation tests.
|
||||
// gatherStats: false,
|
||||
|
||||
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
|
||||
// pcStatsInterval: 10000,
|
||||
|
||||
// To enable sending statistics to callstats.io you must provide the
|
||||
// Application ID and Secret.
|
||||
// callStatsID: '',
|
||||
// callStatsSecret: '',
|
||||
|
||||
// Enables sending participants' display names to callstats
|
||||
// enableDisplayNameInStats: false,
|
||||
|
||||
// Enables sending participants' emails (if available) to callstats and other analytics
|
||||
// enableEmailInStats: false,
|
||||
|
||||
// Privacy
|
||||
//
|
||||
|
||||
// If third party requests are disabled, no other server will be contacted.
|
||||
// This means avatars will be locally generated and callstats integration
|
||||
// will not function.
|
||||
disableThirdPartyRequests: $(if [ -z "${ENABLE_THIRD_PARTY_REQUESTS}" ]; then printf "true"; else printf "false"; fi),
|
||||
|
||||
|
||||
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
|
||||
//
|
||||
|
||||
p2p: {
|
||||
// Enables peer to peer mode. When enabled the system will try to
|
||||
// establish a direct connection when there are exactly 2 participants
|
||||
// in the room. If that succeeds the conference will stop sending data
|
||||
// through the JVB and use the peer to peer connection instead. When a
|
||||
// 3rd participant joins the conference will be moved back to the JVB
|
||||
// connection.
|
||||
enabled: true,
|
||||
|
||||
// The STUN servers that will be used in the peer to peer connections
|
||||
stunServers: [
|
||||
|
||||
{ urls: 'stun:${TURN_SERVER}:443' }
|
||||
]
|
||||
|
||||
// Sets the ICE transport policy for the p2p connection. At the time
|
||||
// of this writing the list of possible values are 'all' and 'relay',
|
||||
// but that is subject to change in the future. The enum is defined in
|
||||
// the WebRTC standard:
|
||||
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
|
||||
// If not set, the effective value is 'all'.
|
||||
// iceTransportPolicy: 'all',
|
||||
|
||||
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
|
||||
// is supported). This setting is deprecated, use preferredCodec instead.
|
||||
// preferH264: true
|
||||
|
||||
// Provides a way to set the video codec preference on the p2p connection. Acceptable
|
||||
// codec values are 'VP8', 'VP9' and 'H264'.
|
||||
// preferredCodec: 'H264',
|
||||
|
||||
// If set to true, disable H.264 video codec by stripping it out of the
|
||||
// SDP. This setting is deprecated, use disabledCodec instead.
|
||||
// disableH264: false,
|
||||
|
||||
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
|
||||
// disabledCodec: '',
|
||||
|
||||
// How long we're going to wait, before going back to P2P after the 3rd
|
||||
// participant has left the conference (to filter out page reload).
|
||||
// backToP2PDelay: 5
|
||||
},
|
||||
|
||||
analytics: {
|
||||
// The Google Analytics Tracking ID:
|
||||
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
|
||||
|
||||
// Matomo configuration:
|
||||
// matomoEndpoint: 'https://your-matomo-endpoint/',
|
||||
// matomoSiteID: '42',
|
||||
|
||||
// The Amplitude APP Key:
|
||||
// amplitudeAPPKey: '<APP_KEY>'
|
||||
|
||||
// Configuration for the rtcstats server:
|
||||
// By enabling rtcstats server every time a conference is joined the rtcstats
|
||||
// module connects to the provided rtcstatsEndpoint and sends statistics regarding
|
||||
// PeerConnection states along with getStats metrics polled at the specified
|
||||
// interval.
|
||||
// rtcstatsEnabled: true,
|
||||
|
||||
// In order to enable rtcstats one needs to provide a endpoint url.
|
||||
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
|
||||
|
||||
// The interval at which rtcstats will poll getStats, defaults to 1000ms.
|
||||
// If the value is set to 0 getStats won't be polled and the rtcstats client
|
||||
// will only send data related to RTCPeerConnection events.
|
||||
// rtcstatsPolIInterval: 1000
|
||||
|
||||
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
|
||||
// scriptURLs: [
|
||||
// "libs/analytics-ga.min.js", // google-analytics
|
||||
// "https://example.com/my-custom-analytics.js"
|
||||
// ],
|
||||
},
|
||||
|
||||
// Logs that should go be passed through the 'log' event if a handler is defined for it
|
||||
// apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
|
||||
|
||||
// Information about the jitsi-meet instance we are connecting to, including
|
||||
// the user region as seen by the server.
|
||||
deploymentInfo: {
|
||||
// shard: "shard1",
|
||||
// region: "europe",
|
||||
// userRegion: "asia"
|
||||
},
|
||||
|
||||
// Decides whether the start/stop recording audio notifications should play on record.
|
||||
// disableRecordAudioNotification: false,
|
||||
|
||||
// Information for the chrome extension banner
|
||||
// chromeExtensionBanner: {
|
||||
// // The chrome extension to be installed address
|
||||
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||
|
||||
// // Extensions info which allows checking if they are installed or not
|
||||
// chromeExtensionsInfo: [
|
||||
// {
|
||||
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||
// path: 'jitsi-logo-48x48.png'
|
||||
// }
|
||||
// ]
|
||||
// },
|
||||
|
||||
// Local Recording
|
||||
//
|
||||
|
||||
// localRecording: {
|
||||
// Enables local recording.
|
||||
// Additionally, 'localrecording' (all lowercase) needs to be added to
|
||||
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
|
||||
// button to show up on the toolbar.
|
||||
//
|
||||
// enabled: true,
|
||||
//
|
||||
|
||||
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
|
||||
// format: 'flac'
|
||||
//
|
||||
|
||||
// },
|
||||
|
||||
// Options related to end-to-end (participant to participant) ping.
|
||||
// e2eping: {
|
||||
// // The interval in milliseconds at which pings will be sent.
|
||||
// // Defaults to 10000, set to <= 0 to disable.
|
||||
// pingInterval: 10000,
|
||||
//
|
||||
// // The interval in milliseconds at which analytics events
|
||||
// // with the measured RTT will be sent. Defaults to 60000, set
|
||||
// // to <= 0 to disable.
|
||||
// analyticsInterval: 60000,
|
||||
// },
|
||||
|
||||
// If set, will attempt to use the provided video input device label when
|
||||
// triggering a screenshare, instead of proceeding through the normal flow
|
||||
// for obtaining a desktop stream.
|
||||
// NOTE: This option is experimental and is currently intended for internal
|
||||
// use only.
|
||||
// _desktopSharingSourceDevice: 'sample-id-or-label',
|
||||
|
||||
// If true, any checks to handoff to another application will be prevented
|
||||
// and instead the app will continue to display in the current browser.
|
||||
// disableDeepLinking: false,
|
||||
|
||||
// A property to disable the right click context menu for localVideo
|
||||
// the menu has option to flip the locally seen video for local presentations
|
||||
// disableLocalVideoFlip: false,
|
||||
|
||||
// Mainly privacy related settings
|
||||
|
||||
// Disables all invite functions from the app (share, invite, dial out...etc)
|
||||
// disableInviteFunctions: true,
|
||||
|
||||
// Disables storing the room name to the recents list
|
||||
// doNotStoreRoom: true,
|
||||
|
||||
// Deployment specific URLs.
|
||||
// deploymentUrls: {
|
||||
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
|
||||
// // user documentation.
|
||||
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
|
||||
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
|
||||
// // to the specified URL for an app download page.
|
||||
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
|
||||
// },
|
||||
|
||||
// Options related to the remote participant menu.
|
||||
// remoteVideoMenu: {
|
||||
// // If set to true the 'Kick out' button will be disabled.
|
||||
// disableKick: true
|
||||
// },
|
||||
|
||||
// If set to true all muting operations of remote participants will be disabled.
|
||||
// disableRemoteMute: true,
|
||||
|
||||
/**
|
||||
External API url used to receive branding specific information.
|
||||
If there is no url set or there are missing fields, the defaults are applied.
|
||||
None of the fields are mandatory and the response must have the shape:
|
||||
{
|
||||
// The hex value for the colour used as background
|
||||
backgroundColor: '#fff',
|
||||
// The url for the image used as background
|
||||
backgroundImageUrl: 'https://example.com/background-img.png',
|
||||
// The anchor url used when clicking the logo image
|
||||
logoClickUrl: 'https://example-company.org',
|
||||
// The url used for the image used as logo
|
||||
logoImageUrl: 'https://example.com/logo-img.png'
|
||||
}
|
||||
*/
|
||||
brandingDataUrl: "$(if [ -n "${BRANDING_JSON}" ]; then printf "/branding.json"; fi)",
|
||||
|
||||
// The URL of the moderated rooms microservice, if available. If it
|
||||
// is present, a link to the service will be rendered on the welcome page,
|
||||
// otherwise the app doesn't render it.
|
||||
// moderatedRoomServiceUrl: 'https://moderated.${JITSI_HOST}',
|
||||
|
||||
// List of undocumented settings used in jitsi-meet
|
||||
/**
|
||||
_immediateReloadThreshold
|
||||
debug
|
||||
debugAudioLevels
|
||||
deploymentInfo
|
||||
dialInConfCodeUrl
|
||||
dialInNumbersUrl
|
||||
dialOutAuthUrl
|
||||
dialOutCodesUrl
|
||||
disableRemoteControl
|
||||
displayJids
|
||||
etherpad_base
|
||||
externalConnectUrl
|
||||
firefox_fake_device
|
||||
googleApiApplicationClientID
|
||||
iAmRecorder
|
||||
iAmSipGateway
|
||||
microsoftApiApplicationClientID
|
||||
peopleSearchQueryTypes
|
||||
peopleSearchUrl
|
||||
requireDisplayName
|
||||
tokenAuthUrl
|
||||
*/
|
||||
|
||||
/**
|
||||
* This property can be used to alter the generated meeting invite links (in combination with a branding domain
|
||||
* which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
|
||||
* can become https://brandedDomain/roomAlias)
|
||||
*/
|
||||
// brandingRoomAlias: null,
|
||||
|
||||
// List of undocumented settings used in lib-jitsi-meet
|
||||
/**
|
||||
_peerConnStatusOutOfLastNTimeout
|
||||
_peerConnStatusRtcMuteTimeout
|
||||
abTesting
|
||||
avgRtpStatsN
|
||||
callStatsConfIDNamespace
|
||||
callStatsCustomScriptUrl
|
||||
desktopSharingSources
|
||||
disableAEC
|
||||
disableAGC
|
||||
disableAP
|
||||
disableHPF
|
||||
disableNS
|
||||
enableLipSync
|
||||
enableTalkWhileMuted
|
||||
forceJVB121Ratio
|
||||
hiddenDomain
|
||||
ignoreStartMuted
|
||||
nick
|
||||
startBitrate
|
||||
*/
|
||||
|
||||
|
||||
// Allow all above example options to include a trailing comma and
|
||||
// prevent fear when commenting out the last value.
|
||||
makeJsonParserHappy: 'even if last key had a trailing comma'
|
||||
|
||||
// no configuration value should follow this line.
|
||||
};
|
||||
|
||||
/* eslint-enable no-unused-vars, no-var */
|
||||
EOF
|
||||
)"
|
|
@ -1,694 +0,0 @@
|
|||
/* eslint-disable no-unused-vars, no-var */
|
||||
|
||||
var config = {
|
||||
// Connection
|
||||
//
|
||||
|
||||
hosts: {
|
||||
// XMPP domain.
|
||||
domain: 'jitsi-meet.example.org',
|
||||
|
||||
// When using authentication, domain for guest users.
|
||||
// anonymousdomain: 'guest.example.com',
|
||||
|
||||
// Domain for authenticated users. Defaults to <domain>.
|
||||
// authdomain: 'jitsi-meet.example.org',
|
||||
|
||||
// Call control component (Jigasi).
|
||||
// call_control: 'callcontrol.jitsi-meet.example.org',
|
||||
|
||||
// Focus component domain. Defaults to focus.<domain>.
|
||||
// focus: 'focus.jitsi-meet.example.org',
|
||||
|
||||
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||
muc: 'conference.<!--# echo var="subdomain" default="" -->jitsi-meet.example.org'
|
||||
},
|
||||
|
||||
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||
bosh: '//jitsi-meet.example.org/http-bind',
|
||||
|
||||
// Websocket URL
|
||||
// websocket: 'wss://jitsi-meet.example.org/xmpp-websocket',
|
||||
|
||||
// The name of client node advertised in XEP-0115 'c' stanza
|
||||
clientNode: 'http://jitsi.org/jitsimeet',
|
||||
|
||||
// The real JID of focus participant - can be overridden here
|
||||
// Do not change username - FIXME: Make focus username configurable
|
||||
// https://github.com/jitsi/jitsi-meet/issues/7376
|
||||
// focusUserJid: 'focus@auth.jitsi-meet.example.org',
|
||||
|
||||
|
||||
// Testing / experimental features.
|
||||
//
|
||||
|
||||
testing: {
|
||||
// Disables the End to End Encryption feature. Useful for debugging
|
||||
// issues related to insertable streams.
|
||||
// disableE2EE: false,
|
||||
|
||||
// P2P test mode disables automatic switching to P2P when there are 2
|
||||
// participants in the conference.
|
||||
p2pTestMode: false
|
||||
|
||||
// Enables the test specific features consumed by jitsi-meet-torture
|
||||
// testMode: false
|
||||
|
||||
// Disables the auto-play behavior of *all* newly created video element.
|
||||
// This is useful when the client runs on a host with limited resources.
|
||||
// noAutoPlayVideo: false
|
||||
|
||||
// Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
|
||||
// simulcast is turned off for the desktop share. If presenter is turned
|
||||
// on while screensharing is in progress, the max bitrate is automatically
|
||||
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
|
||||
// the probability for this to be enabled.
|
||||
// capScreenshareBitrate: 1 // 0 to disable
|
||||
|
||||
// Enable callstats only for a percentage of users.
|
||||
// This takes a value between 0 and 100 which determines the probability for
|
||||
// the callstats to be enabled.
|
||||
// callStatsThreshold: 5 // enable callstats for 5% of the users.
|
||||
},
|
||||
|
||||
// Disables ICE/UDP by filtering out local and remote UDP candidates in
|
||||
// signalling.
|
||||
// webrtcIceUdpDisable: false,
|
||||
|
||||
// Disables ICE/TCP by filtering out local and remote TCP candidates in
|
||||
// signalling.
|
||||
// webrtcIceTcpDisable: false,
|
||||
|
||||
|
||||
// Media
|
||||
//
|
||||
|
||||
// Audio
|
||||
|
||||
// Disable measuring of audio levels.
|
||||
// disableAudioLevels: false,
|
||||
// audioLevelsInterval: 200,
|
||||
|
||||
// Enabling this will run the lib-jitsi-meet no audio detection module which
|
||||
// will notify the user if the current selected microphone has no audio
|
||||
// input and will suggest another valid device if one is present.
|
||||
enableNoAudioDetection: true,
|
||||
|
||||
// Enabling this will run the lib-jitsi-meet noise detection module which will
|
||||
// notify the user if there is noise, other than voice, coming from the current
|
||||
// selected microphone. The purpose it to let the user know that the input could
|
||||
// be potentially unpleasant for other meeting participants.
|
||||
enableNoisyMicDetection: true,
|
||||
|
||||
// Start the conference in audio only mode (no video is being received nor
|
||||
// sent).
|
||||
// startAudioOnly: false,
|
||||
|
||||
// Every participant after the Nth will start audio muted.
|
||||
// startAudioMuted: 10,
|
||||
|
||||
// Start calls with audio muted. Unlike the option above, this one is only
|
||||
// applied locally. FIXME: having these 2 options is confusing.
|
||||
// startWithAudioMuted: false,
|
||||
|
||||
// Enabling it (with #params) will disable local audio output of remote
|
||||
// participants and to enable it back a reload is needed.
|
||||
// startSilent: false
|
||||
|
||||
// Sets the preferred target bitrate for the Opus audio codec by setting its
|
||||
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
|
||||
// Valid values are in the range 6000 to 510000
|
||||
// opusMaxAverageBitrate: 20000,
|
||||
|
||||
// Enables redundancy for Opus
|
||||
// enableOpusRed: false
|
||||
|
||||
// Video
|
||||
|
||||
// Sets the preferred resolution (height) for local video. Defaults to 720.
|
||||
// resolution: 720,
|
||||
|
||||
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
|
||||
// Use -1 to disable.
|
||||
// maxFullResolutionParticipants: 2,
|
||||
|
||||
// w3c spec-compliant video constraints to use for video capture. Currently
|
||||
// used by browsers that return true from lib-jitsi-meet's
|
||||
// util#browser#usesNewGumFlow. The constraints are independent from
|
||||
// this config's resolution value. Defaults to requesting an ideal
|
||||
// resolution of 720p.
|
||||
// constraints: {
|
||||
// video: {
|
||||
// height: {
|
||||
// ideal: 720,
|
||||
// max: 720,
|
||||
// min: 240
|
||||
// }
|
||||
// }
|
||||
// },
|
||||
|
||||
// Enable / disable simulcast support.
|
||||
// disableSimulcast: false,
|
||||
|
||||
// Enable / disable layer suspension. If enabled, endpoints whose HD
|
||||
// layers are not in use will be suspended (no longer sent) until they
|
||||
// are requested again.
|
||||
// enableLayerSuspension: false,
|
||||
|
||||
// Every participant after the Nth will start video muted.
|
||||
// startVideoMuted: 10,
|
||||
|
||||
// Start calls with video muted. Unlike the option above, this one is only
|
||||
// applied locally. FIXME: having these 2 options is confusing.
|
||||
// startWithVideoMuted: false,
|
||||
|
||||
// If set to true, prefer to use the H.264 video codec (if supported).
|
||||
// Note that it's not recommended to do this because simulcast is not
|
||||
// supported when using H.264. For 1-to-1 calls this setting is enabled by
|
||||
// default and can be toggled in the p2p section.
|
||||
// This option has been deprecated, use preferredCodec under videoQuality section instead.
|
||||
// preferH264: true,
|
||||
|
||||
// If set to true, disable H.264 video codec by stripping it out of the
|
||||
// SDP.
|
||||
// disableH264: false,
|
||||
|
||||
// Desktop sharing
|
||||
|
||||
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
|
||||
// desktopSharingFrameRate: {
|
||||
// min: 5,
|
||||
// max: 5
|
||||
// },
|
||||
|
||||
// Try to start calls with screen-sharing instead of camera video.
|
||||
// startScreenSharing: false,
|
||||
|
||||
// Recording
|
||||
|
||||
// Whether to enable file recording or not.
|
||||
// fileRecordingsEnabled: false,
|
||||
// Enable the dropbox integration.
|
||||
// dropbox: {
|
||||
// appKey: '<APP_KEY>' // Specify your app key here.
|
||||
// // A URL to redirect the user to, after authenticating
|
||||
// // by default uses:
|
||||
// // 'https://jitsi-meet.example.org/static/oauth.html'
|
||||
// redirectURI:
|
||||
// 'https://jitsi-meet.example.org/subfolder/static/oauth.html'
|
||||
// },
|
||||
// When integrations like dropbox are enabled only that will be shown,
|
||||
// by enabling fileRecordingsServiceEnabled, we show both the integrations
|
||||
// and the generic recording service (its configuration and storage type
|
||||
// depends on jibri configuration)
|
||||
// fileRecordingsServiceEnabled: false,
|
||||
// Whether to show the possibility to share file recording with other people
|
||||
// (e.g. meeting participants), based on the actual implementation
|
||||
// on the backend.
|
||||
// fileRecordingsServiceSharingEnabled: false,
|
||||
|
||||
// Whether to enable live streaming or not.
|
||||
// liveStreamingEnabled: false,
|
||||
|
||||
// Transcription (in interface_config,
|
||||
// subtitles and buttons can be configured)
|
||||
// transcribingEnabled: false,
|
||||
|
||||
// Enables automatic turning on captions when recording is started
|
||||
// autoCaptionOnRecord: false,
|
||||
|
||||
// Misc
|
||||
|
||||
// Default value for the channel "last N" attribute. -1 for unlimited.
|
||||
channelLastN: -1,
|
||||
|
||||
// Provides a way to use different "last N" values based on the number of participants in the conference.
|
||||
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
|
||||
// participants gets to or above the number.
|
||||
//
|
||||
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
|
||||
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
|
||||
// will be used as default until the first threshold is reached.
|
||||
//
|
||||
// lastNLimits: {
|
||||
// 5: 20,
|
||||
// 30: 15,
|
||||
// 50: 10,
|
||||
// 70: 5,
|
||||
// 90: 2
|
||||
// },
|
||||
|
||||
// Specify the settings for video quality optimizations on the client.
|
||||
// videoQuality: {
|
||||
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
|
||||
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
|
||||
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
|
||||
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
|
||||
// disabledCodec: 'H264',
|
||||
//
|
||||
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
|
||||
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
|
||||
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
|
||||
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
|
||||
// // to take effect.
|
||||
// preferredCodec: 'VP8',
|
||||
//
|
||||
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
|
||||
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
|
||||
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
|
||||
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
|
||||
// // This is currently not implemented on app based clients on mobile.
|
||||
// maxBitratesVideo: {
|
||||
// low: 200000,
|
||||
// standard: 500000,
|
||||
// high: 1500000
|
||||
// },
|
||||
//
|
||||
// // The options can be used to override default thresholds of video thumbnail heights corresponding to
|
||||
// // the video quality levels used in the application. At the time of this writing the allowed levels are:
|
||||
// // 'low' - for the low quality level (180p at the time of this writing)
|
||||
// // 'standard' - for the medium quality level (360p)
|
||||
// // 'high' - for the high quality level (720p)
|
||||
// // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
|
||||
// //
|
||||
// // With the default config value below the application will use 'low' quality until the thumbnails are
|
||||
// // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
|
||||
// // the high quality.
|
||||
// minHeightForQualityLvl: {
|
||||
// 360: 'standard,
|
||||
// 720: 'high'
|
||||
// }
|
||||
// },
|
||||
|
||||
// // Options for the recording limit notification.
|
||||
// recordingLimit: {
|
||||
//
|
||||
// // The recording limit in minutes. Note: This number appears in the notification text
|
||||
// // but doesn't enforce the actual recording time limit. This should be configured in
|
||||
// // jibri!
|
||||
// limit: 60,
|
||||
//
|
||||
// // The name of the app with unlimited recordings.
|
||||
// appName: 'Unlimited recordings APP',
|
||||
//
|
||||
// // The URL of the app with unlimited recordings.
|
||||
// appURL: 'https://unlimited.recordings.app.com/'
|
||||
// },
|
||||
|
||||
// Disables or enables RTX (RFC 4588) (defaults to false).
|
||||
// disableRtx: false,
|
||||
|
||||
// Disables or enables TCC (the default is in Jicofo and set to true)
|
||||
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
|
||||
// affects congestion control, it practically enables send-side bandwidth
|
||||
// estimations.
|
||||
// enableTcc: true,
|
||||
|
||||
// Disables or enables REMB (the default is in Jicofo and set to false)
|
||||
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
|
||||
// control, it practically enables recv-side bandwidth estimations. When
|
||||
// both TCC and REMB are enabled, TCC takes precedence. When both are
|
||||
// disabled, then bandwidth estimations are disabled.
|
||||
// enableRemb: false,
|
||||
|
||||
// Enables ICE restart logic in LJM and displays the page reload overlay on
|
||||
// ICE failure. Current disabled by default because it's causing issues with
|
||||
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
|
||||
// not a real ICE restart), the client maintains the TCC sequence number
|
||||
// counter, but the bridge resets it. The bridge sends media packets with
|
||||
// TCC sequence numbers starting from 0.
|
||||
// enableIceRestart: false,
|
||||
|
||||
// Defines the minimum number of participants to start a call (the default
|
||||
// is set in Jicofo and set to 2).
|
||||
// minParticipants: 2,
|
||||
|
||||
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
|
||||
// we filter out TURN/UDP because it is usually not needed since the
|
||||
// bridge itself is reachable via UDP)
|
||||
// useTurnUdp: false
|
||||
|
||||
// Enables / disables a data communication channel with the Videobridge.
|
||||
// Values can be 'datachannel', 'websocket', true (treat it as
|
||||
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
|
||||
// open any channel).
|
||||
// openBridgeChannel: true,
|
||||
openBridgeChannel: 'websocket',
|
||||
|
||||
|
||||
// UI
|
||||
//
|
||||
|
||||
// Hides lobby button
|
||||
// hideLobbyButton: false,
|
||||
|
||||
// Require users to always specify a display name.
|
||||
// requireDisplayName: true,
|
||||
|
||||
// Whether to use a welcome page or not. In case it's false a random room
|
||||
// will be joined when no room is specified.
|
||||
enableWelcomePage: true,
|
||||
|
||||
// Enabling the close page will ignore the welcome page redirection when
|
||||
// a call is hangup.
|
||||
// enableClosePage: false,
|
||||
|
||||
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
|
||||
// disable1On1Mode: false,
|
||||
|
||||
// Default language for the user interface.
|
||||
// defaultLanguage: 'en',
|
||||
|
||||
// If true all users without a token will be considered guests and all users
|
||||
// with token will be considered non-guests. Only guests will be allowed to
|
||||
// edit their profile.
|
||||
enableUserRolesBasedOnToken: false,
|
||||
|
||||
// Whether or not some features are checked based on token.
|
||||
// enableFeaturesBasedOnToken: false,
|
||||
|
||||
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
|
||||
// lockRoomGuestEnabled: false,
|
||||
|
||||
// When enabled the password used for locking a room is restricted to up to the number of digits specified
|
||||
// roomPasswordNumberOfDigits: 10,
|
||||
// default: roomPasswordNumberOfDigits: false,
|
||||
|
||||
// Message to show the users. Example: 'The service will be down for
|
||||
// maintenance at 01:00 AM GMT,
|
||||
// noticeMessage: '',
|
||||
|
||||
// Enables calendar integration, depends on googleApiApplicationClientID
|
||||
// and microsoftApiApplicationClientID
|
||||
// enableCalendarIntegration: false,
|
||||
|
||||
// When 'true', it shows an intermediate page before joining, where the user can configure their devices.
|
||||
// prejoinPageEnabled: false,
|
||||
|
||||
// If true, shows the unsafe room name warning label when a room name is
|
||||
// deemed unsafe (due to the simplicity in the name) and a password is not
|
||||
// set or the lobby is not enabled.
|
||||
// enableInsecureRoomNameWarning: false,
|
||||
|
||||
// Whether to automatically copy invitation URL after creating a room.
|
||||
// Document should be focused for this option to work
|
||||
// enableAutomaticUrlCopy: false,
|
||||
|
||||
// Stats
|
||||
//
|
||||
|
||||
// Whether to enable stats collection or not in the TraceablePeerConnection.
|
||||
// This can be useful for debugging purposes (post-processing/analysis of
|
||||
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
|
||||
// estimation tests.
|
||||
// gatherStats: false,
|
||||
|
||||
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
|
||||
// pcStatsInterval: 10000,
|
||||
|
||||
// To enable sending statistics to callstats.io you must provide the
|
||||
// Application ID and Secret.
|
||||
// callStatsID: '',
|
||||
// callStatsSecret: '',
|
||||
|
||||
// Enables sending participants' display names to callstats
|
||||
// enableDisplayNameInStats: false,
|
||||
|
||||
// Enables sending participants' emails (if available) to callstats and other analytics
|
||||
// enableEmailInStats: false,
|
||||
|
||||
// Privacy
|
||||
//
|
||||
|
||||
// If third party requests are disabled, no other server will be contacted.
|
||||
// This means avatars will be locally generated and callstats integration
|
||||
// will not function.
|
||||
// disableThirdPartyRequests: false,
|
||||
|
||||
|
||||
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
|
||||
//
|
||||
|
||||
p2p: {
|
||||
// Enables peer to peer mode. When enabled the system will try to
|
||||
// establish a direct connection when there are exactly 2 participants
|
||||
// in the room. If that succeeds the conference will stop sending data
|
||||
// through the JVB and use the peer to peer connection instead. When a
|
||||
// 3rd participant joins the conference will be moved back to the JVB
|
||||
// connection.
|
||||
enabled: true,
|
||||
|
||||
// The STUN servers that will be used in the peer to peer connections
|
||||
stunServers: [
|
||||
|
||||
// { urls: 'stun:jitsi-meet.example.org:3478' },
|
||||
{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
|
||||
]
|
||||
|
||||
// Sets the ICE transport policy for the p2p connection. At the time
|
||||
// of this writing the list of possible values are 'all' and 'relay',
|
||||
// but that is subject to change in the future. The enum is defined in
|
||||
// the WebRTC standard:
|
||||
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
|
||||
// If not set, the effective value is 'all'.
|
||||
// iceTransportPolicy: 'all',
|
||||
|
||||
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
|
||||
// is supported). This setting is deprecated, use preferredCodec instead.
|
||||
// preferH264: true
|
||||
|
||||
// Provides a way to set the video codec preference on the p2p connection. Acceptable
|
||||
// codec values are 'VP8', 'VP9' and 'H264'.
|
||||
// preferredCodec: 'H264',
|
||||
|
||||
// If set to true, disable H.264 video codec by stripping it out of the
|
||||
// SDP. This setting is deprecated, use disabledCodec instead.
|
||||
// disableH264: false,
|
||||
|
||||
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
|
||||
// disabledCodec: '',
|
||||
|
||||
// How long we're going to wait, before going back to P2P after the 3rd
|
||||
// participant has left the conference (to filter out page reload).
|
||||
// backToP2PDelay: 5
|
||||
},
|
||||
|
||||
analytics: {
|
||||
// The Google Analytics Tracking ID:
|
||||
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
|
||||
|
||||
// Matomo configuration:
|
||||
// matomoEndpoint: 'https://your-matomo-endpoint/',
|
||||
// matomoSiteID: '42',
|
||||
|
||||
// The Amplitude APP Key:
|
||||
// amplitudeAPPKey: '<APP_KEY>'
|
||||
|
||||
// Configuration for the rtcstats server:
|
||||
// By enabling rtcstats server every time a conference is joined the rtcstats
|
||||
// module connects to the provided rtcstatsEndpoint and sends statistics regarding
|
||||
// PeerConnection states along with getStats metrics polled at the specified
|
||||
// interval.
|
||||
// rtcstatsEnabled: true,
|
||||
|
||||
// In order to enable rtcstats one needs to provide a endpoint url.
|
||||
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
|
||||
|
||||
// The interval at which rtcstats will poll getStats, defaults to 1000ms.
|
||||
// If the value is set to 0 getStats won't be polled and the rtcstats client
|
||||
// will only send data related to RTCPeerConnection events.
|
||||
// rtcstatsPolIInterval: 1000
|
||||
|
||||
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
|
||||
// scriptURLs: [
|
||||
// "libs/analytics-ga.min.js", // google-analytics
|
||||
// "https://example.com/my-custom-analytics.js"
|
||||
// ],
|
||||
},
|
||||
|
||||
// Logs that should go be passed through the 'log' event if a handler is defined for it
|
||||
// apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
|
||||
|
||||
// Information about the jitsi-meet instance we are connecting to, including
|
||||
// the user region as seen by the server.
|
||||
deploymentInfo: {
|
||||
// shard: "shard1",
|
||||
// region: "europe",
|
||||
// userRegion: "asia"
|
||||
},
|
||||
|
||||
// Decides whether the start/stop recording audio notifications should play on record.
|
||||
// disableRecordAudioNotification: false,
|
||||
|
||||
// Information for the chrome extension banner
|
||||
// chromeExtensionBanner: {
|
||||
// // The chrome extension to be installed address
|
||||
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||
|
||||
// // Extensions info which allows checking if they are installed or not
|
||||
// chromeExtensionsInfo: [
|
||||
// {
|
||||
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||
// path: 'jitsi-logo-48x48.png'
|
||||
// }
|
||||
// ]
|
||||
// },
|
||||
|
||||
// Local Recording
|
||||
//
|
||||
|
||||
// localRecording: {
|
||||
// Enables local recording.
|
||||
// Additionally, 'localrecording' (all lowercase) needs to be added to
|
||||
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
|
||||
// button to show up on the toolbar.
|
||||
//
|
||||
// enabled: true,
|
||||
//
|
||||
|
||||
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
|
||||
// format: 'flac'
|
||||
//
|
||||
|
||||
// },
|
||||
|
||||
// Options related to end-to-end (participant to participant) ping.
|
||||
// e2eping: {
|
||||
// // The interval in milliseconds at which pings will be sent.
|
||||
// // Defaults to 10000, set to <= 0 to disable.
|
||||
// pingInterval: 10000,
|
||||
//
|
||||
// // The interval in milliseconds at which analytics events
|
||||
// // with the measured RTT will be sent. Defaults to 60000, set
|
||||
// // to <= 0 to disable.
|
||||
// analyticsInterval: 60000,
|
||||
// },
|
||||
|
||||
// If set, will attempt to use the provided video input device label when
|
||||
// triggering a screenshare, instead of proceeding through the normal flow
|
||||
// for obtaining a desktop stream.
|
||||
// NOTE: This option is experimental and is currently intended for internal
|
||||
// use only.
|
||||
// _desktopSharingSourceDevice: 'sample-id-or-label',
|
||||
|
||||
// If true, any checks to handoff to another application will be prevented
|
||||
// and instead the app will continue to display in the current browser.
|
||||
// disableDeepLinking: false,
|
||||
|
||||
// A property to disable the right click context menu for localVideo
|
||||
// the menu has option to flip the locally seen video for local presentations
|
||||
// disableLocalVideoFlip: false,
|
||||
|
||||
// Mainly privacy related settings
|
||||
|
||||
// Disables all invite functions from the app (share, invite, dial out...etc)
|
||||
// disableInviteFunctions: true,
|
||||
|
||||
// Disables storing the room name to the recents list
|
||||
// doNotStoreRoom: true,
|
||||
|
||||
// Deployment specific URLs.
|
||||
// deploymentUrls: {
|
||||
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
|
||||
// // user documentation.
|
||||
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
|
||||
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
|
||||
// // to the specified URL for an app download page.
|
||||
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
|
||||
// },
|
||||
|
||||
// Options related to the remote participant menu.
|
||||
// remoteVideoMenu: {
|
||||
// // If set to true the 'Kick out' button will be disabled.
|
||||
// disableKick: true
|
||||
// },
|
||||
|
||||
// If set to true all muting operations of remote participants will be disabled.
|
||||
// disableRemoteMute: true,
|
||||
|
||||
/**
|
||||
External API url used to receive branding specific information.
|
||||
If there is no url set or there are missing fields, the defaults are applied.
|
||||
None of the fields are mandatory and the response must have the shape:
|
||||
{
|
||||
// The hex value for the colour used as background
|
||||
backgroundColor: '#fff',
|
||||
// The url for the image used as background
|
||||
backgroundImageUrl: 'https://example.com/background-img.png',
|
||||
// The anchor url used when clicking the logo image
|
||||
logoClickUrl: 'https://example-company.org',
|
||||
// The url used for the image used as logo
|
||||
logoImageUrl: 'https://example.com/logo-img.png'
|
||||
}
|
||||
*/
|
||||
// brandingDataUrl: '',
|
||||
|
||||
// The URL of the moderated rooms microservice, if available. If it
|
||||
// is present, a link to the service will be rendered on the welcome page,
|
||||
// otherwise the app doesn't render it.
|
||||
// moderatedRoomServiceUrl: 'https://moderated.jitsi-meet.example.org',
|
||||
|
||||
// List of undocumented settings used in jitsi-meet
|
||||
/**
|
||||
_immediateReloadThreshold
|
||||
debug
|
||||
debugAudioLevels
|
||||
deploymentInfo
|
||||
dialInConfCodeUrl
|
||||
dialInNumbersUrl
|
||||
dialOutAuthUrl
|
||||
dialOutCodesUrl
|
||||
disableRemoteControl
|
||||
displayJids
|
||||
etherpad_base
|
||||
externalConnectUrl
|
||||
firefox_fake_device
|
||||
googleApiApplicationClientID
|
||||
iAmRecorder
|
||||
iAmSipGateway
|
||||
microsoftApiApplicationClientID
|
||||
peopleSearchQueryTypes
|
||||
peopleSearchUrl
|
||||
requireDisplayName
|
||||
tokenAuthUrl
|
||||
*/
|
||||
|
||||
/**
|
||||
* This property can be used to alter the generated meeting invite links (in combination with a branding domain
|
||||
* which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
|
||||
* can become https://brandedDomain/roomAlias)
|
||||
*/
|
||||
// brandingRoomAlias: null,
|
||||
|
||||
// List of undocumented settings used in lib-jitsi-meet
|
||||
/**
|
||||
_peerConnStatusOutOfLastNTimeout
|
||||
_peerConnStatusRtcMuteTimeout
|
||||
abTesting
|
||||
avgRtpStatsN
|
||||
callStatsConfIDNamespace
|
||||
callStatsCustomScriptUrl
|
||||
desktopSharingSources
|
||||
disableAEC
|
||||
disableAGC
|
||||
disableAP
|
||||
disableHPF
|
||||
disableNS
|
||||
enableLipSync
|
||||
enableTalkWhileMuted
|
||||
forceJVB121Ratio
|
||||
hiddenDomain
|
||||
ignoreStartMuted
|
||||
nick
|
||||
startBitrate
|
||||
*/
|
||||
|
||||
|
||||
// Allow all above example options to include a trailing comma and
|
||||
// prevent fear when commenting out the last value.
|
||||
makeJsonParserHappy: 'even if last key had a trailing comma'
|
||||
|
||||
// no configuration value should follow this line.
|
||||
};
|
||||
|
||||
/* eslint-enable no-unused-vars, no-var */
|
|
@ -1,156 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# shellcheck disable=SC2034 # This is intended to be included
|
||||
JITSI_NGINX_CONFIG="$(cat <<EOF
|
||||
server_names_hash_bucket_size 64;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name ${DOMAIN};
|
||||
|
||||
include snippets/acme-challenge.conf;
|
||||
|
||||
location / {
|
||||
return 301 https://\$host\$request_uri;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name ${DOMAIN};
|
||||
|
||||
include snippets/acme-challenge.conf;
|
||||
|
||||
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m; # about 40000 sessions
|
||||
ssl_session_tickets off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
|
||||
|
||||
root /usr/share/jitsi-meet;
|
||||
|
||||
# ssi on with javascript for multidomain variables in config.js
|
||||
ssi on;
|
||||
ssi_types application/x-javascript application/javascript;
|
||||
|
||||
# Try the custom page for this domain, fallback to default page
|
||||
index index-${DOMAIN}.html index.html index.htm;
|
||||
error_page 404 /static/404.html;
|
||||
|
||||
gzip on;
|
||||
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
|
||||
gzip_vary on;
|
||||
gzip_proxied no-cache no-store private expired auth;
|
||||
gzip_min_length 512;
|
||||
|
||||
# We expect this domain to be properly configured, the file should exist
|
||||
location = /config.js {
|
||||
alias /etc/jitsi/meet/${DOMAIN}-config.js;
|
||||
}
|
||||
# This may or may not exist; it will be set up in config.js if needed
|
||||
location = /branding.json {
|
||||
alias /etc/jitsi/meet/${DOMAIN}-branding.json;
|
||||
}
|
||||
# Try custom image and fallback to default
|
||||
location = /images/watermark.png {
|
||||
try_files /images/watermark-${DOMAIN}.png \$uri;
|
||||
}
|
||||
|
||||
location = /external_api.js {
|
||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
||||
}
|
||||
|
||||
#ensure all static content can always be found first
|
||||
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)\$
|
||||
{
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
alias /usr/share/jitsi-meet/\$1/\$2;
|
||||
|
||||
# cache all versioned files
|
||||
if (\$arg_v) {
|
||||
expires 1y;
|
||||
}
|
||||
}
|
||||
|
||||
# BOSH
|
||||
location = /http-bind {
|
||||
proxy_pass http://localhost:5280/http-bind;
|
||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||
# Prevision for 'multi-domain' jitsi instances
|
||||
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
|
||||
proxy_set_header Host ${JITSI_HOST};
|
||||
}
|
||||
|
||||
# xmpp websockets
|
||||
location = /xmpp-websocket {
|
||||
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=\$prefix&\$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade \$http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
# Prevision for 'multi-domain' jitsi instances
|
||||
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
|
||||
proxy_set_header Host ${JITSI_HOST};
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# colibri (JVB) websockets for jvb1
|
||||
location ~ ^/colibri-ws/default-id/(.*) {
|
||||
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/\$1\$is_args\$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade \$http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)\$ {
|
||||
try_files \$uri @root_path;
|
||||
}
|
||||
|
||||
location @root_path {
|
||||
rewrite ^/(.*)\$ / break;
|
||||
}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)/config.js\$
|
||||
{
|
||||
set \$subdomain "\$1.";
|
||||
set \$subdir "\$1/";
|
||||
|
||||
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
|
||||
}
|
||||
|
||||
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
|
||||
location ~ ^/([^/?&:'"]+)/(.*)\$ {
|
||||
set \$subdomain "\$1.";
|
||||
set \$subdir "\$1/";
|
||||
rewrite ^/([^/?&:'"]+)/(.*)\$ /\$2;
|
||||
}
|
||||
|
||||
# BOSH for subdomains
|
||||
location ~ ^/([^/?&:'"]+)/http-bind {
|
||||
set \$subdomain "\$1.";
|
||||
set \$subdir "\$1/";
|
||||
set \$prefix "\$1";
|
||||
|
||||
rewrite ^/(.*)\$ /http-bind;
|
||||
}
|
||||
|
||||
# websockets for subdomains
|
||||
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
|
||||
set \$subdomain "\$1.";
|
||||
set \$subdir "\$1/";
|
||||
set \$prefix "\$1";
|
||||
|
||||
rewrite ^/(.*)\$ /xmpp-websocket;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
)"
|
|
@ -1,139 +0,0 @@
|
|||
server_names_hash_bucket_size 64;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name jitsi-meet.example.com;
|
||||
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
default_type "text/plain";
|
||||
root /usr/share/jitsi-meet;
|
||||
}
|
||||
location = /.well-known/acme-challenge/ {
|
||||
return 404;
|
||||
}
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name jitsi-meet.example.com;
|
||||
|
||||
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m; # about 40000 sessions
|
||||
ssl_session_tickets off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt;
|
||||
ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key;
|
||||
|
||||
root /usr/share/jitsi-meet;
|
||||
|
||||
# ssi on with javascript for multidomain variables in config.js
|
||||
ssi on;
|
||||
ssi_types application/x-javascript application/javascript;
|
||||
|
||||
index index.html index.htm;
|
||||
error_page 404 /static/404.html;
|
||||
|
||||
gzip on;
|
||||
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
|
||||
gzip_vary on;
|
||||
gzip_proxied no-cache no-store private expired auth;
|
||||
gzip_min_length 512;
|
||||
|
||||
location = /config.js {
|
||||
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
|
||||
}
|
||||
|
||||
location = /external_api.js {
|
||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
||||
}
|
||||
|
||||
#ensure all static content can always be found first
|
||||
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
|
||||
{
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
alias /usr/share/jitsi-meet/$1/$2;
|
||||
|
||||
# cache all versioned files
|
||||
if ($arg_v) {
|
||||
expires 1y;
|
||||
}
|
||||
}
|
||||
|
||||
# BOSH
|
||||
location = /http-bind {
|
||||
proxy_pass http://localhost:5280/http-bind;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
||||
# xmpp websockets
|
||||
location = /xmpp-websocket {
|
||||
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $http_host;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# colibri (JVB) websockets for jvb1
|
||||
location ~ ^/colibri-ws/default-id/(.*) {
|
||||
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)$ {
|
||||
try_files $uri @root_path;
|
||||
}
|
||||
|
||||
location @root_path {
|
||||
rewrite ^/(.*)$ / break;
|
||||
}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)/config.js$
|
||||
{
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
|
||||
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
|
||||
}
|
||||
|
||||
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
|
||||
location ~ ^/([^/?&:'"]+)/(.*)$ {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
|
||||
}
|
||||
|
||||
# BOSH for subdomains
|
||||
location ~ ^/([^/?&:'"]+)/http-bind {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
set $prefix "$1";
|
||||
|
||||
rewrite ^/(.*)$ /http-bind;
|
||||
}
|
||||
|
||||
# websockets for subdomains
|
||||
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
set $prefix "$1";
|
||||
|
||||
rewrite ^/(.*)$ /xmpp-websocket;
|
||||
}
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
|
||||
echo "service nginx reload"
|
||||
fi
|
|
@ -1,150 +0,0 @@
|
|||
cdist-type__jitsi_meet_domain(7)
|
||||
========================================
|
||||
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__jitsi_meet_domain - Setup a frontend for Jitsi-Meet.
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This type installs and configures the frontend for Jitsi-Meet.
|
||||
|
||||
This supports "multi-domain" installations, notice that in such a setup, all
|
||||
rooms are shared across the different URLs, e.g.
|
||||
https://jitsi1.example.org/room1 and https://jitsi2.example.org/room1 are
|
||||
equivalent.
|
||||
|
||||
This is due to the underlying XMPP and signaling rooms being common.
|
||||
There might be a way to perform tricks on the Nginx-side to avoid this, but
|
||||
time is lacking :-).
|
||||
|
||||
This assumes `__jitsi_meet` has already been ran on the target host, and,
|
||||
amongst others, that Jitsi was set up with `__target_host` as the Jitsi domain.
|
||||
|
||||
This type will take care of TLS settings, branding and client-side
|
||||
configuration for Jitsi.
|
||||
|
||||
This type only works on De{bi,vu}an systems.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
object id
|
||||
The domain that will be configured as a Jitsi-Meet instance.
|
||||
|
||||
|
||||
admin-email
|
||||
Where to send Let's Encrypt emails like "certificate needs renewal".
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
channel-last-n
|
||||
Default value for the "last N" attribute.
|
||||
Defaults to 20. Set to -1 for unlimited.
|
||||
|
||||
|
||||
default-language
|
||||
Default language for the user interface.
|
||||
Defaults to 'en'.
|
||||
|
||||
|
||||
notice-message
|
||||
Message to show the users when they join a room.
|
||||
|
||||
|
||||
start-video-muted
|
||||
Every participant after the Nth will start video muted.
|
||||
Defaults to 10.
|
||||
|
||||
|
||||
turn-server
|
||||
The TURN server to be used.
|
||||
Defaults to `__target_host`.
|
||||
|
||||
|
||||
video-constraints
|
||||
w3c spec-compliant video constraints to use for video capture. Currently
|
||||
used by browsers that return true from lib-jitsi-meet's
|
||||
util#browser#usesNewGumFlow. The constraints are independent from
|
||||
this config's resolution value. Defaults to requesting an ideal
|
||||
resolution of 720p.
|
||||
It must not have a trailing comma, see `constraints` in
|
||||
`__jitsi_meet_domain/files/config.js.sh`.
|
||||
|
||||
|
||||
branding-json
|
||||
Path to a JSON file that will be served as the `brandingDataUrl`.
|
||||
For information on the format see `brandingDataUrl` in
|
||||
`__jitsi_meet_domain/files/config.js.sh`.
|
||||
If not set, no branding will be set up.
|
||||
|
||||
|
||||
branding-index
|
||||
Path to an HTML file that will be served instead of Jitsi-Meet's default
|
||||
one.
|
||||
If not set, the default index file will be used.
|
||||
|
||||
|
||||
branding-watermark
|
||||
Path to a png file that will be served instead of Jitsi-Meet's default
|
||||
one.
|
||||
If not set, the default watermark will be used.
|
||||
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
disable-audio-levels
|
||||
Disable measuring of audio levels.
|
||||
This has been reported to improve performance on clients.
|
||||
|
||||
|
||||
enable-third-party-requests
|
||||
This type disables third-party requests by default, this flag re-enables
|
||||
them, restoring Jitsi-Meet's defaults.
|
||||
This affects things like avatars, callstats, ...
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
# Setup a Jitsi frontend for jitsi.exo.cat
|
||||
__jitsi_meet_domain "jitsi.exo.cat" \
|
||||
--admin-email "info@exo.cat" \
|
||||
--turn-server "turn.exo.cat" \
|
||||
--notice-message "Hola!" \
|
||||
--disable-audio-levels \
|
||||
--turn-secret "WeNeedGoodSecurity" \
|
||||
--video-constraints "$(cat <<EOF
|
||||
constraints: {
|
||||
video: {
|
||||
height: {
|
||||
ideal: 320,
|
||||
max: 320,
|
||||
min: 180
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
)"
|
||||
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- `__jitsi_meet`
|
||||
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Evilham <contact@evilham.com>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Evilham.
|
|
@ -1,90 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
os="$(cat "${__global}/explorer/os")"
|
||||
case "${os}" in
|
||||
devuan|debian)
|
||||
;;
|
||||
*)
|
||||
echo "Your OS '${os}' is currently not supported." > /dev/stderr
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
DOMAIN="${__object_id}"
|
||||
ADMIN_EMAIL="$(cat "${__object}/parameter/admin-email")"
|
||||
CHANNEL_LAST_N="$(cat "${__object}/parameter/channel-last-n")"
|
||||
DEFAULT_LANGUAGE="$(cat "${__object}/parameter/default-language")"
|
||||
NOTICE_MESSAGE="$(cat "${__object}/parameter/notice-message")"
|
||||
START_VIDEO_MUTED="$(cat "${__object}/parameter/start-video-muted")"
|
||||
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
|
||||
VIDEO_CONSTRAINTS="$(cat "${__object}/parameter/video-constraints")"
|
||||
BRANDING_INDEX="$(cat "${__object}/parameter/branding-index")"
|
||||
BRANDING_JSON="$(cat "${__object}/parameter/branding-json")"
|
||||
BRANDING_WATERMARK="$(cat "${__object}/parameter/branding-watermark")"
|
||||
|
||||
if [ -f "${__object}/parameter/enable-third-party-requests" ]; then
|
||||
ENABLE_THIRD_PARTY_REQUESTS="YES"
|
||||
fi
|
||||
if [ -f "${__object}/parameter/disable-audio-levels" ]; then
|
||||
DISABLE_AUDIO_LEVELS="YES"
|
||||
fi
|
||||
|
||||
if [ -z "${TURN_SERVER}" ]; then
|
||||
TURN_SERVER="${__target_host}"
|
||||
fi
|
||||
if [ -z "${JITSI_HOST}" ]; then
|
||||
JITSI_HOST="${__target_host}"
|
||||
fi
|
||||
|
||||
#
|
||||
# Deal with certbot
|
||||
#
|
||||
# use object id as domain
|
||||
__letsencrypt_cert "${DOMAIN}" \
|
||||
--admin-email "${ADMIN_EMAIL}" \
|
||||
--automatic-renewal \
|
||||
--renew-hook "service nginx reload" \
|
||||
--webroot /usr/share/jitsi-meet
|
||||
|
||||
# Create virtualhost for nginx
|
||||
# shellcheck source=type/__jitsi_meet_domain/files/nginx.sh
|
||||
. "${__type}/files/nginx.sh" # This defines JITSI_NGINX_CONFIG
|
||||
require="__letsencrypt_cert/${DOMAIN}" __file \
|
||||
"/etc/nginx/sites-enabled/${DOMAIN}.conf" \
|
||||
--mode 0644 --source "-" <<EOF
|
||||
${JITSI_NGINX_CONFIG}
|
||||
EOF
|
||||
|
||||
# Setup jitsi config
|
||||
# shellcheck source=type/__jitsi_meet_domain/files/config.js.sh
|
||||
. "${__type}/files/config.js.sh" # This defines JITSI_CONFIG_JS
|
||||
__file "/etc/jitsi/meet/${DOMAIN}-config.js" \
|
||||
--mode 0644 --source "-" <<EOF
|
||||
${JITSI_CONFIG_JS}
|
||||
EOF
|
||||
|
||||
|
||||
#
|
||||
# Deal with branding as requested
|
||||
#
|
||||
# Helper function to manage the state of the target branding file
|
||||
_var_state() {
|
||||
if [ -n "${1}" ]; then
|
||||
echo "present"
|
||||
else
|
||||
echo "absent"
|
||||
fi
|
||||
}
|
||||
|
||||
__file "/usr/share/jitsi-meet/index-${DOMAIN}.html" \
|
||||
--mode 0644 \
|
||||
--state "$(_var_state "${BRANDING_INDEX}")" \
|
||||
--source "${BRANDING_INDEX}"
|
||||
__file "/etc/jitsi/meet/${DOMAIN}-branding.json" \
|
||||
--mode 0644 \
|
||||
--state "$(_var_state "${BRANDING_JSON}")" \
|
||||
--source "${BRANDING_JSON}"
|
||||
__file "/usr/share/jitsi-meet/images/watermark-${DOMAIN}.png" \
|
||||
--mode 0644 \
|
||||
--state "$(_var_state "${BRANDING_WATERMARK}")" \
|
||||
--source "${BRANDING_WATERMARK}"
|
|
@ -1,2 +0,0 @@
|
|||
disable-audio-levels
|
||||
enable-third-party-requests
|
|
@ -1 +0,0 @@
|
|||
20
|
|
@ -1 +0,0 @@
|
|||
en
|
|
@ -1 +0,0 @@
|
|||
10
|
|
@ -1,9 +0,0 @@
|
|||
channel-last-n
|
||||
default-language
|
||||
notice-message
|
||||
start-video-muted
|
||||
turn-server
|
||||
video-constraints
|
||||
branding-json
|
||||
branding-index
|
||||
branding-watermark
|
|
@ -1 +0,0 @@
|
|||
admin-email
|
|
@ -1,73 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# Find aliases for a given user name and print the aliases (each one on a
|
||||
# separate line)
|
||||
|
||||
aliases_file=$("${__type_explorer:?}/aliases_file")
|
||||
test -r "${aliases_file}" || exit 0
|
||||
|
||||
: "${__object_id:?}" # assert __object_id is set, because it is used in AWK
|
||||
|
||||
awk -F ':[ \t]*' '
|
||||
function print_aliases(aliases, matches) {
|
||||
# prints comma-separated aliases (one per line)
|
||||
split(aliases, matches, /,[ \t]*/)
|
||||
for (i in matches) {
|
||||
gsub(/^[ \t]*|[ \t]*$/, "", matches[i])
|
||||
if (matches[i]) print matches[i]
|
||||
}
|
||||
}
|
||||
|
||||
/^#/ {
|
||||
# comment line (ignore)
|
||||
select = 0; cont = 0 # comments terminate alias lists and continuations
|
||||
next
|
||||
}
|
||||
|
||||
{
|
||||
# is this line a continuation line?
|
||||
# (the prev. line ended in a backslash or the line starts with whitespace)
|
||||
is_cont = /^[ \t]/ || cont
|
||||
|
||||
# detect if the line is a line to be continued (ends with a backslash)
|
||||
cont = /\\$/
|
||||
|
||||
# if it is, we drop the backslash from the line
|
||||
if (cont) sub(/[ \t]*\\$/, "", $0)
|
||||
}
|
||||
|
||||
is_cont {
|
||||
# if in the alias list of the "target" user, we also print these aliases.
|
||||
if (select) print_aliases($0)
|
||||
next
|
||||
}
|
||||
|
||||
$1 == ENVIRON["__object_id"] {
|
||||
# "target" user -> print alias list
|
||||
select = 1
|
||||
print_aliases($2)
|
||||
next
|
||||
}
|
||||
|
||||
{
|
||||
# other user
|
||||
select = 0
|
||||
}
|
||||
' "${aliases_file}"
|
|
@ -1,52 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# This explorer finds the aliases file to modify.
|
||||
|
||||
found() { echo "$*"; exit 0; }
|
||||
|
||||
check_file() {
|
||||
if test -f "$1"
|
||||
then
|
||||
found "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
case $("${__explorer:?}/os")
|
||||
in
|
||||
(freebsd|openbsd|solaris)
|
||||
check_file /etc/mail/aliases
|
||||
|
||||
# default
|
||||
found /etc/mail/aliases
|
||||
;;
|
||||
(alpine|debian|devuan|ubuntu)
|
||||
check_file /etc/aliases
|
||||
|
||||
# default
|
||||
found /etc/aliases
|
||||
;;
|
||||
(*)
|
||||
check_file /etc/mail/aliases
|
||||
check_file /etc/aliases
|
||||
|
||||
# default
|
||||
found /etc/aliases
|
||||
;;
|
||||
esac
|
|
@ -1,96 +0,0 @@
|
|||
#!/usr/bin/awk -f
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
function getvalue(path, line) {
|
||||
# Reads the first line of the file located at path and returns it.
|
||||
getline line < path
|
||||
close(path)
|
||||
return line
|
||||
}
|
||||
|
||||
function sepafter(f, def, _) {
|
||||
# finds the separator between field $f and $(f+1)
|
||||
_ = substr($0, length($f)+1, index(substr($0, length($f)+1), $(f+1))-1)
|
||||
return _ ? _ : def
|
||||
}
|
||||
|
||||
function write_aliases( line) {
|
||||
if (aliases_written) return
|
||||
|
||||
# print aliases line
|
||||
printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ")
|
||||
while ((getline line < aliases_should_file) > 0) {
|
||||
if (aliases_written) printf ", "
|
||||
printf "%s", line
|
||||
aliases_written = 1
|
||||
}
|
||||
printf "\n"
|
||||
close(aliases_should_file)
|
||||
}
|
||||
|
||||
BEGIN {
|
||||
FS = ":[ \t]*"
|
||||
|
||||
parameter_dir = ENVIRON["__object"] "/parameter/"
|
||||
|
||||
mode = (getvalue(parameter_dir "state") != "absent")
|
||||
aliases_should_file = (parameter_dir "/alias")
|
||||
}
|
||||
|
||||
/^[ \t]*\#/ {
|
||||
# comment line (leave alone)
|
||||
select = 0; cont = 0 # comments terminate alias lists and continuations
|
||||
print
|
||||
next
|
||||
}
|
||||
|
||||
{
|
||||
# is this line a continuation line?
|
||||
# (the prev. line ended in a backslash or the line starts with whitespace)
|
||||
is_cont = /^[ \t]/ || cont
|
||||
|
||||
# detect if the line is a line to be continued (ends with a backslash)
|
||||
cont = /\\$/
|
||||
}
|
||||
|
||||
is_cont {
|
||||
# we only print the line if it has not been rewritten (select)
|
||||
if (!select) print
|
||||
next
|
||||
}
|
||||
|
||||
$1 == ENVIRON["__object_id"] {
|
||||
# "target" user -> rewrite aliases list
|
||||
select = 1
|
||||
if (mode) write_aliases()
|
||||
next
|
||||
}
|
||||
|
||||
{
|
||||
# other user
|
||||
select = 0
|
||||
print
|
||||
}
|
||||
|
||||
END {
|
||||
# if the last line was an alias, the separator will be reused (looks better)
|
||||
if (mode && !aliases_written)
|
||||
write_aliases()
|
||||
}
|
|
@ -1,87 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
|
||||
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
|
||||
|
||||
aliases_file=$(cat "${__object:?}/explorer/aliases_file")
|
||||
|
||||
test -n "${aliases_file}" || {
|
||||
echo 'Could not determine aliases file path.' >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
||||
state_should=$(cat "${__object:?}/parameter/state")
|
||||
|
||||
case ${state_should}
|
||||
in
|
||||
(present)
|
||||
if cmp -s "${__object:?}/explorer/aliases" "${__object:?}/parameter/alias"
|
||||
then
|
||||
# all good!
|
||||
exit 0
|
||||
fi
|
||||
|
||||
test -s "${__object:?}/parameter/alias" || {
|
||||
printf 'The --alias parameter is required if --state present.\n' >&2
|
||||
printf 'Use --state absent to remove all aliases.\n' >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
if test -s "${__object:?}/explorer/aliases"
|
||||
then
|
||||
echo "update aliases" >>"${__messages_out:?}"
|
||||
else
|
||||
echo "add aliases" >>"${__messages_out:?}"
|
||||
fi
|
||||
;;
|
||||
(absent)
|
||||
# nothing to do if no aliases found.
|
||||
test -s "${__object:?}/explorer/aliases" || exit 0
|
||||
|
||||
echo "delete aliases" >>"${__messages_out:?}"
|
||||
;;
|
||||
(*)
|
||||
printf 'Invalid --state: %s.\n' "${state_should}" >&2
|
||||
printf 'Acceptable values are: present, absent.\n' >&2
|
||||
exit 1
|
||||
esac
|
||||
|
||||
cat <<EOF
|
||||
test -f $(quote "${aliases_file}") || touch $(quote "${aliases_file}")
|
||||
|
||||
awk $(drop_awk_comments "${__type:?}/files/update_aliases.awk") <$(quote "${aliases_file}") >$(quote "${aliases_file}.tmp") \
|
||||
|| {
|
||||
rm -f $(quote "${aliases_file}.tmp")
|
||||
echo 'Generating new aliases file failed!' >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
if ! cmp -s $(quote "${aliases_file}") $(quote "${aliases_file}.tmp")
|
||||
then
|
||||
# aliases file was modified, replace:
|
||||
cat $(quote "${aliases_file}.tmp") >$(quote "${aliases_file}")
|
||||
|
||||
# then, run newaliases if present ("missing" on Alpine Linux because of typo)
|
||||
command -v newaliases >/dev/null 2>&1 && newaliases || true
|
||||
fi
|
||||
rm -f $(quote "${aliases_file}.tmp")
|
||||
EOF
|
|
@ -1,76 +0,0 @@
|
|||
cdist-type__mail_alias(7)
|
||||
=========================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__mail_alias - Manage mail aliases.
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This cdist type allows you to configure mail aliases (/etc/aliases).
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
None.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
state
|
||||
'present' or 'absent', defaults to 'present'
|
||||
alias
|
||||
an alias, i.e. a mail address where mail for the user should be redirected
|
||||
to.
|
||||
This parameter can be specified multiple times to redirect to multiple
|
||||
recipients.
|
||||
If ``--state`` is ``present`` this parameter is required.
|
||||
See `aliases(5)` for the different forms this parameter can take.
|
||||
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
None.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
# Redirect root mail to a "real" email address
|
||||
__mail_alias root --alias admin@example.com
|
||||
|
||||
# Disable redirection of mail for joe
|
||||
__mail_alias joe --state absent
|
||||
|
||||
|
||||
BUGS
|
||||
----
|
||||
- Quoted strings are not parsed by this type. As a result, aliases
|
||||
containing ``,`` (commas) are treated incorrectly (they are treated as
|
||||
separate aliases.)
|
||||
Make sure that email addresses, file names, and pipe commands do not contain
|
||||
commas.
|
||||
- ``:include:`` directives in the aliases file are not evaluated by this type.
|
||||
They are treated like a regular alias, the values of the included file are
|
||||
not expanded.
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
:strong:`aliases`\ (5)
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Dennis Camera. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
|
@ -1 +0,0 @@
|
|||
present
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -1 +0,0 @@
|
|||
alias
|
|
@ -1,90 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Upstream configuration guide/documentation:
|
||||
# https://github.com/vector-im/riot-web/blob/develop/docs/config.md
|
||||
|
||||
generate_embedded_pages () {
|
||||
if [ "$EMBED_HOMEPAGE" != "" ]; then
|
||||
cat << EOF
|
||||
"embeddedPages": {
|
||||
"homeUrl": "home.html"
|
||||
},
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
generate_jitsi_config () {
|
||||
if [ "$JITSI_DOMAIN" != "" ]; then
|
||||
cat << EOF
|
||||
"jitsi": {
|
||||
"preferredDomain": "$JITSI_DOMAIN"
|
||||
},
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
generate_branding () {
|
||||
echo '"branding": {'
|
||||
|
||||
if [ "$BRANDING_AUTH_HEADER_LOGO_URL" != "" ]; then
|
||||
cat << EOF
|
||||
"authHeaderLogoUrl": "$BRANDING_AUTH_HEADER_LOGO_URL",
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ "$BRANDING_AUTH_FOOTER_LINKS" != "" ]; then
|
||||
cat << EOF
|
||||
"authFooterLinks": "$BRANDING_AUTH_FOOTER_LINKS",
|
||||
EOF
|
||||
fi
|
||||
|
||||
cat << EOF
|
||||
"welcomeBackgroundUrl": "themes/element/img/backgrounds/lake.jpg"
|
||||
EOF
|
||||
echo '},'
|
||||
}
|
||||
|
||||
cat << EOF
|
||||
{
|
||||
"default_server_config": {
|
||||
"m.homeserver": {
|
||||
"base_url": "$DEFAULT_SERVER_URL",
|
||||
"server_name": "$DEFAULT_SERVER_NAME"
|
||||
},
|
||||
"m.identity_server": {
|
||||
"base_url": "https://vector.im"
|
||||
}
|
||||
},
|
||||
"brand": "$BRAND",
|
||||
$(generate_branding)
|
||||
"defaultCountryCode": "$DEFAULT_COUNTRY_CODE",
|
||||
"integrations_ui_url": "https://scalar.vector.im/",
|
||||
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||
"integrations_widgets_urls": [
|
||||
"https://scalar.vector.im/_matrix/integrations/v1",
|
||||
"https://scalar.vector.im/api",
|
||||
"https://scalar-staging.vector.im/_matrix/integrations/v1",
|
||||
"https://scalar-staging.vector.im/api",
|
||||
"https://scalar-staging.riot.im/scalar/api"
|
||||
],
|
||||
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
||||
"roomDirectory": {
|
||||
"servers": [
|
||||
$ROOM_DIRECTORY_SERVERS
|
||||
]
|
||||
},
|
||||
"disable_custom_urls": "$DISABLE_CUSTOM_URLS",
|
||||
$(generate_embedded_pages)
|
||||
$(generate_jitsi_config)
|
||||
"terms_and_conditions_links": [
|
||||
{
|
||||
"url": "$PRIVACY_POLICY_URL",
|
||||
"text": "Privacy Policy"
|
||||
},
|
||||
{
|
||||
"url": "$COOKIE_POLICY_URL",
|
||||
"text": "Cookie Policy"
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
|
@ -1,95 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2019 Timothée Floure (timothee.floure@ungleich.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
# Function to compare version strings. Returns success (0) if the version
|
||||
# given by stdin is higher than the version provided by the argument.
|
||||
#
|
||||
# Taken from the cdist core type __sensible_editor.
|
||||
version_ge() {
|
||||
awk -F '[^0-9.]' -v target="${1:?}" '
|
||||
function max(x, y) { return x > y ? x : y; }
|
||||
BEGIN {
|
||||
getline;
|
||||
nx = split($1, x, ".");
|
||||
ny = split(target, y, ".");
|
||||
for (i = 1; i <= max(nx, ny); ++i) {
|
||||
diff = int(x[i]) - int(y[i]);
|
||||
if (diff < 0) exit 1;
|
||||
else if (diff > 0) exit 0;
|
||||
else continue;
|
||||
}
|
||||
}'
|
||||
}
|
||||
|
||||
|
||||
VERSION=$(cat "$__object/parameter/version")
|
||||
INSTALL_DIR=$(cat "$__object/parameter/install_dir")
|
||||
OWNER=$(cat "$__object/parameter/owner")
|
||||
|
||||
# tarball name changed due to application renaming
|
||||
if echo "$VERSION" | version_ge 1.7.14; then
|
||||
src="element-v$VERSION"
|
||||
else
|
||||
src="riot-v$VERSION"
|
||||
fi
|
||||
archive="$src.tar.gz"
|
||||
url="https://github.com/vector-im/riot-web/releases/download/v$VERSION/$archive"
|
||||
|
||||
# tar and curl are installed by the __matrix-riot manifest. mktemp is usually
|
||||
# provided by coreutils and assumed installed.
|
||||
cat << EOF
|
||||
set -e
|
||||
|
||||
# Ensure that coreutils is installed.
|
||||
if [ ! -x \$(which mktemp) ]; then
|
||||
echo "mktemp is not available on the remote host." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Create temporary working directory.
|
||||
tmpdir=\$(mktemp -d)
|
||||
custom_files_dir="\$tmpdir/custom_files"
|
||||
cd \$tmpdir
|
||||
|
||||
# Download and extract sources.
|
||||
curl -L '$url' > $archive
|
||||
tar xf $archive
|
||||
|
||||
# Backup files deployed by __matrix_element.
|
||||
mkdir -p \$custom_files_dir
|
||||
for file in $INSTALL_DIR/cdist/*; do
|
||||
cp "\$file" "\$custom_files_dir"
|
||||
done
|
||||
|
||||
# Deploy sources and restore configuration.
|
||||
rm -r '$INSTALL_DIR'
|
||||
mv '$src' '$INSTALL_DIR'
|
||||
|
||||
for file in \$custom_files_dir/*; do
|
||||
cp "\$file" '$INSTALL_DIR'
|
||||
done
|
||||
|
||||
# Chown deployed files to requested owner.
|
||||
chown -R '$OWNER' '$INSTALL_DIR'
|
||||
|
||||
# Remove temporary working directory.
|
||||
cd /
|
||||
rm -r \$tmpdir
|
||||
EOF
|
|
@ -1,87 +0,0 @@
|
|||
cdist-type__matrix_element(7)
|
||||
=============================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__matrix_element - Install and configure Element, a web Matrix client.
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This type install and configure the Element web client.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
install_dir
|
||||
Root directory of Element's static files.
|
||||
|
||||
version
|
||||
Release of Element to install.
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
default_server_name
|
||||
Name of matrix homeserver to connect to, defaults to 'matrix.org'.
|
||||
|
||||
default_server_url
|
||||
URL of matrix homeserver to connect to, defaults to 'https://matrix-client.matrix.org'.
|
||||
|
||||
owner
|
||||
Owner of the deployed files, passed to `chown`. Defaults to 'root'.
|
||||
|
||||
brand
|
||||
Web UI branding, defaults to 'Element'.
|
||||
|
||||
default_country_code
|
||||
ISO 3166 alpha2 country code to use when showing country selectors, such as
|
||||
phone number inputs. Defaults to GB.
|
||||
|
||||
privacy_policy_url
|
||||
Defaults to 'https://element.io/privacy'.
|
||||
|
||||
cookie_policy_url
|
||||
Defaults to 'https://matrix.org/docs/guides/element_im_cookie_policy'.
|
||||
|
||||
jitsi_domain
|
||||
Domain name of preferred Jitsi instance (default is jitsi.element.im). This is
|
||||
used whenever a user clicks on the voice/video call buttons.
|
||||
|
||||
homepage
|
||||
Path to custom homepage, displayed once logged in.
|
||||
|
||||
welcomepage
|
||||
Path to custom welcome (= login) page.
|
||||
|
||||
custom_asset
|
||||
Serve a file a the top-level directory (e.g. /my-custom-logo.svg). Can be specified multiple times.
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
-------------------
|
||||
disable_custom_urls
|
||||
Disallow the user to change the default homeserver when signing up or logging in.
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
__matrix_element my-element --install_dir /var/www/element-web --version 1.5.6
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- `cdist-type__matrix_synapse(7) <cdist-type__matrix_synapse.html>`_
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Timothée Floure <timothee.floure@ungleich.ch>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2019 Timothée Floure. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
|
@ -1,106 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2019 Timothée Floure (timothee.floure@ungleich.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# Ignore "Declare and assign separately to avoid masking return values. [SC2155]"
|
||||
# => not relevant for the type arguments.
|
||||
# shellcheck disable=SC2155
|
||||
|
||||
INSTALL_DIR=$(cat "$__object/parameter/install_dir")
|
||||
|
||||
export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name")
|
||||
export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url")
|
||||
export BRAND=$(cat "$__object/parameter/brand")
|
||||
export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code")
|
||||
export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers")
|
||||
export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url")
|
||||
export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url")
|
||||
|
||||
if [ -f "$__object/parameter/jitsi_domain" ]; then
|
||||
export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain")
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/branding_auth_header_logo_url" ]; then
|
||||
export BRANDING_AUTH_HEADER_LOGO_URL=$(cat "$__object/parameter/branding_auth_header_logo_url")
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/branding_auth_footer_links" ]; then
|
||||
export BRANDING_AUTH_FOOTER_LINKS=$(cat "$__object/parameter/branding_auth_footer_links")
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/homepage" ]; then
|
||||
export EMBED_HOMEPAGE=1
|
||||
homepage=$(cat "$__object/parameter/homepage")
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/welcomepage" ]; then
|
||||
export EMBED_WELCOMEPAGE=1
|
||||
welcomepage=$(cat "$__object/parameter/welcomepage")
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/custom_asset" ]; then
|
||||
"$__object/parameter/custom_asset" | while IFS= read -r file; do
|
||||
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/$(basename "$file")" \
|
||||
--source "$file" \
|
||||
--mode 0664 \
|
||||
--state present
|
||||
done
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/disable_custom_urls" ]; then
|
||||
export DISABLE_CUSTOM_URLS='true'
|
||||
else
|
||||
export DISABLE_CUSTOM_URLS='false'
|
||||
fi
|
||||
|
||||
# Owner of the uploaded files.
|
||||
owner=$(cat "$__object/parameter/owner")
|
||||
|
||||
# Ensure that curl and tar are installed, as they will be required by the
|
||||
# gencode-remote script.
|
||||
__package curl --state present
|
||||
__package tar --state present
|
||||
|
||||
# Generate and deploy configuration file.
|
||||
mkdir -p "$__object/files"
|
||||
"$__type/files/config.json.sh" > "$__object/files/config.json"
|
||||
|
||||
# Install the config.json configuration file. The application's sources are
|
||||
# downloaded and deployed by gencode-remote.
|
||||
__directory "$INSTALL_DIR/cdist" \
|
||||
--owner "$owner" --mode 0755 --parents \
|
||||
--state present
|
||||
|
||||
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json" \
|
||||
--source "$__object/files/config.json" \
|
||||
--mode 0664 \
|
||||
--state present
|
||||
|
||||
if [ $EMBED_HOMEPAGE ]; then
|
||||
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \
|
||||
--source "$homepage" \
|
||||
--mode 0664 \
|
||||
--state present
|
||||
fi
|
||||
|
||||
if [ $EMBED_WELCOMEPAGE ]; then
|
||||
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \
|
||||
--source "$welcomepage" \
|
||||
--mode 0664 \
|
||||
--state present
|
||||
fi
|
|
@ -1 +0,0 @@
|
|||
disable_custom_urls
|
|
@ -1 +0,0 @@
|
|||
Element
|
|
@ -1 +0,0 @@
|
|||
https://matrix.org/docs/guides/riot_im_cookie_policy
|
|
@ -1 +0,0 @@
|
|||
GB
|
|
@ -1 +0,0 @@
|
|||
matrix.org
|
|
@ -1 +0,0 @@
|
|||
https://matrix-client.matrix.org
|
|
@ -1 +0,0 @@
|
|||
root
|
|
@ -1 +0,0 @@
|
|||
https://element.io/privacy
|
|
@ -1 +0,0 @@
|
|||
"matrix.org"
|
|
@ -1,13 +0,0 @@
|
|||
default_server_url
|
||||
default_server_name
|
||||
brand
|
||||
default_country_code
|
||||
privacy_policy_url
|
||||
cookie_policy_url
|
||||
room_directory_servers
|
||||
owner
|
||||
homepage
|
||||
welcomepage
|
||||
jitsi_domain
|
||||
branding_auth_header_logo_url
|
||||
branding_auth_footer_links
|
|
@ -1 +0,0 @@
|
|||
custom_asset
|
|
@ -1,2 +0,0 @@
|
|||
version
|
||||
install_dir
|
|
@ -33,7 +33,7 @@ EXAMPLES
|
|||
|
||||
.. code-block:: sh
|
||||
|
||||
__matterbridge --version 1.16.3 --config - <<- EOF
|
||||
__matterbridge --version 1.16.3 --config - << EOF
|
||||
[...]
|
||||
EOF
|
||||
|
||||
|
|
|
@ -51,7 +51,9 @@ fi
|
|||
# Install python dependencies.
|
||||
# avoid gunicorn, because it will be done in an other type
|
||||
grep -v "^gunicorn==" "\$tmpdir/$src/requirements.txt" \
|
||||
| xargs /opt/netbox/venv/bin/pip3 install -q
|
||||
> "\$tmpdir/$src/requirements.txt.new"
|
||||
/opt/netbox/venv/bin/pip3 install -q -r "\$tmpdir/$src/requirements.txt.new"
|
||||
|
||||
EOF
|
||||
|
||||
if [ -f "$__object/parameter/ldap-server" ]; then
|
||||
|
|
|
@ -31,6 +31,12 @@ version
|
|||
on GitHub at the NetBox project page under
|
||||
"`Releases <https://github.com/netbox-community/netbox/releases>`_".
|
||||
|
||||
Too big version jumps can break the NetBox migration path. It's good
|
||||
practise to don't skip major versions and common that you must upgrade to
|
||||
the latest minor inside the current major version till you can upgrade to
|
||||
the next major version. Diffrent version steps must be done manually as
|
||||
this type only upgrades to the given version directly.
|
||||
|
||||
database
|
||||
PostgreSQL database name.
|
||||
|
||||
|
@ -122,6 +128,7 @@ basepath
|
|||
webroot ``/``. For example, if installed at https://example.com/netbox/, set
|
||||
the value ``netbox/``.
|
||||
|
||||
http-proxy
|
||||
https-proxy
|
||||
Proxy which will be used with any HTTP request like webhooks.
|
||||
|
||||
|
@ -170,12 +177,12 @@ redis-ssl
|
|||
|
||||
smtp-use-tls
|
||||
Uses TLS to connect to the SMTP email server. `See documentation
|
||||
<https://docs.djangoproject.com/en/3.1/ref/settings/#email-use-tls>`__
|
||||
<https://docs.djangoproject.com/en/3.1/ref/settings/#email-use-tls>`_
|
||||
for more information.
|
||||
|
||||
smtp-use-ssl
|
||||
Uses implicit TLS with the SMTP email server. `See documentation
|
||||
<https://docs.djangoproject.com/en/3.1/ref/settings/#email-use-ssl>`__
|
||||
<https://docs.djangoproject.com/en/3.1/ref/settings/#email-use-ssl>`_
|
||||
for more information.
|
||||
|
||||
login-required
|
||||
|
|
|
@ -65,7 +65,10 @@ protocol
|
|||
parameter. Possible values are ``uwsgi``, ``http``, ``fastcgi`` and
|
||||
``scgi``. If nothing given, it defaults to ``uwsgi``.
|
||||
|
||||
scgi-bind, uwsgi-bind, http-bind, fastcgi-bind
|
||||
uwsgi-bind
|
||||
http-bind
|
||||
fastcgi-bind
|
||||
scgi-bind
|
||||
Bind the application to a specific protocol instead of implicit uwsgi via
|
||||
``--bind-to``. If such parameter given, ``--bind-to`` will be ignored. Must
|
||||
be a UNIX/TCP socket. Can be set multiple times.
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
runit_etc_dir="/etc/runit"
|
||||
|
||||
if [ -d "${runit_etc_dir}" ]; then
|
||||
echo "YES"
|
||||
fi
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
svdir="/var/service"
|
||||
|
||||
if [ -d "${svdir}" ]; then
|
||||
echo "YES"
|
||||
fi
|
|
@ -1,21 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
svdir="/var/service"
|
||||
svdir_exists="$(cat "${__object}/explorer/svdir-exists")"
|
||||
runit_etc="$(cat "${__object}/explorer/runit-etc")"
|
||||
|
||||
if [ -z "${svdir_exists}" ]; then
|
||||
echo "mkdir '${svdir}'"
|
||||
sv_restart="YES"
|
||||
fi
|
||||
if [ -z "${runit_etc}" ]; then
|
||||
echo "cp -R '/usr/local/etc/runit' '/etc/runit'"
|
||||
sv_restart="YES"
|
||||
fi
|
||||
if grep -q "^__key_value/runsvdir_enable" "${__messages_in}"; then
|
||||
sv_restart="YES"
|
||||
fi
|
||||
|
||||
if [ -n "${sv_restart}" ]; then
|
||||
echo "service runsvdir restart || service runsvdir start"
|
||||
fi
|
|
@ -1,46 +0,0 @@
|
|||
cdist-type__runit(7)
|
||||
============================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__runit - Install and configure runit
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This is a singleton type.
|
||||
|
||||
Install and configure runit, not as an init system, but as a service monitor.
|
||||
It configures and if necessary starts runsvdir as documented for the
|
||||
Operating System.
|
||||
|
||||
This type currently heavily focuses on FreeBSD, support for other Operating
|
||||
Systems can be achieved but no effort whatsoever has been put into it.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
None.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
__runit
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
:strong:`cdist-type__runit_service`\ (7)
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Evilham <cvs--@--evilham.com>
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Evilham. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
__package "runit"
|
||||
|
||||
__key_value \
|
||||
--file "/etc/rc.conf" \
|
||||
--key "runsvdir_enable" \
|
||||
--delimiter "=" \
|
||||
--value "yes" \
|
||||
"runsvdir_enable"
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue