pedro/cdist-contrib-pedro-fork
1
0
Fork 0
forked from ungleich-public/cdist-contrib
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'jitsi' into 'master'

Browse source 
Jitsi Meet (and runit) types

See merge request ungleich-public/cdist-contrib!21
This commit is contained in:
fnux 2021-01-27 21:04:42 +01:00
commit 75d901c8e4
39 changed files with 2495 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
type/__jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh -e
EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
if [ -f "${EXPORTER_VERSION_FILE}" ]; then
cat "${EXPORTER_VERSION_FILE}"
fi

56
type/__jitsi_meet/files/debconf_settings.sh Normal file
View file

@ -0,0 +1,56 @@
#!/bin/sh -e
# This can be obtained with debconf-get-selections on a host with jitsi
# (and also analysing the deb-src)
if false; then
# We are currently not using these, just here as documentation
DEBCONF_SETTINGS="$(cat <<EOF
# Jicofo user password:
jicofo jicofo/jicofo-authpassword password STH
jitsi-meet-prosody jicofo/jicofo-authpassword password STH
# The secret used to connect to xmpp server as component
jitsi-meet-prosody jitsi-videobridge/jvbsecret password STH
jitsi-videobridge jitsi-videobridge/jvbsecret password STH
jitsi-videobridge2 jitsi-videobridge/jvbsecret password STH
# Jicofo Component secret:
jicofo jicofo/jicofosecret password STH
jitsi-meet-prosody jicofo/jicofosecret password STH
# Jicofo username:
jicofo jicofo/jicofo-authuser string focus
jitsi-meet-prosody jicofo/jicofo-authuser string focus
# The hostname of the current installation:
jitsi-meet-turnserver jitsi-meet-turnserver/jvb-hostname string ${JITSI_HOST}
# Full local server path to the SSL certificate file:
jitsi-meet-web-config jitsi-meet/cert-path-crt string
# Full local server path to the SSL key file:
jitsi-meet-web-config jitsi-meet/cert-path-key string
EOF
)"
fi
DEBCONF_SETTINGS="$(cat <<EOF
# The hostname of the current installation:
jitsi-meet-web-config jitsi-meet/jvb-hostname string ${JITSI_HOST}
# Hostname:
jicofo jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
jitsi-meet-prosody jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
jitsi-meet-turnserver jitsi-videobridge/jvb-hostname string ${TURN_SERVER}
jitsi-meet-web-config jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
jitsi-videobridge jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
jitsi-videobridge2 jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
# The hostname of the current installation:
jitsi-meet-prosody jitsi-meet-prosody/jvb-hostname string ${JITSI_HOST}
# SSL certificate for the Jitsi Meet instance
# Choices: Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate), I want to use my own certificate
jitsi-meet-web-config jitsi-meet/cert-choice select Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)
EOF
)"
if [ -n "${TURN_SECRET}" ]; then
DEBCONF_SETTINGS="$(cat <<EOF
${DEBCONF_SETTINGS}
# The turn server secret
jitsi-meet-prosody jitsi-meet-prosody/turn-secret string ${TURN_SECRET}
EOF
)"
fi

10
type/__jitsi_meet/files/ufw Normal file
View file

@ -0,0 +1,10 @@
#!/bin/sh -e
# Setup firewall
__ufw
# Allow jitsi ports
require="__ufw" __ufw_rule http --rule 'allow 80/tcp'
require="__ufw" __ufw_rule https --rule 'allow 443/tcp'
require="__ufw" __ufw_rule jitsi_prom --rule 'allow 9888/tcp'
require="__ufw" __ufw_rule avfallback --rule 'allow 4443/tcp'
require="__ufw" __ufw_rule avdefault --rule 'allow 10000/udp'

5
type/__jitsi_meet/gencode-remote Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh -e
if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
echo "service nginx reload"
fi

84
type/__jitsi_meet/man.rst Normal file
View file

@ -0,0 +1,84 @@
cdist-type__jitsi_meet(7)
=================================
NAME
----
cdist-type__jitsi_meet - Setup the server-side of Jitsi-Meet.
DESCRIPTION
-----------
This (singleton) type installs and configures jitsi-meet automatically.
It does so by following loosely the official quick-install instructions and
eXO's notes for installing and managing Jitsi Meet instances.
This type also sets up nginx in a way that is compatible with
`__letsencrypt_cert` and assumes that it will only serve Jitsi instances.
You will also need the `__jitsi_meet_domain` type in order to finish setting up
the web frontend (including TLS certificates) and its settings.
You may want to use the `files/ufw` example manifest for a `__ufw`-based
firewall compatible with this type.
This file does not include rules for TCP port 9888, which exposes the
prometheus exporter if not disabled.
You should apply your own rules here.
This type only works on De{bi,vu}an systems.
NOTE: This type currently does not deal with setting up coturn.
For that, you might want to check `__coturn` in
https://code.ungleich.ch/ungleich-public/cdist-contrib
In that case, this type should run *after* `__coturn`.
OPTIONAL PARAMETERS
-------------------
turn-secret
The shared secret for the TURN server.
turn-server
The hostname of the TURN server.
This will assume that it is listening with TLS on port 443.
BOOLEAN PARAMETERS
------------------
disable-prometheus-exporter
This type enables a prometheus exporter for jitsi by default, if you would
rather not have that, pass this parameter.
The explorer is based on:
https://github.com/systemli/prometheus-jitsi-meet-exporter
EXAMPLES
--------
.. code-block:: sh
# Setup the firewall
. "${__global}/type/__jitsi_meet/files/ufw"
export require="__ufw"
# Setup Jitsi on this host
__jitsi_meet \
--turn-server "turn.exo.cat" \
--turn-secret "WeNeedGoodSecurity"
SEE ALSO
--------
- `__jitsi_meet_domain`
AUTHORS
-------
Evilham <contact@evilham.com>
COPYING
-------
Copyright \(C) 2020 Evilham.

197
type/__jitsi_meet/manifest Executable file
View file

@ -0,0 +1,197 @@
#!/bin/sh -e
os="$(cat "${__global}/explorer/os")"
init="$(cat "${__global}/explorer/init")"
case "${os}" in
devuan|debian)
;;
*)
echo "Your OS '${os}' is currently not supported." > /dev/stderr
exit 1
;;
esac
JITSI_HOST="${__target_host}"
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
if [ -z "${TURN_SERVER}" ]; then
TURN_SERVER="${JITSI_HOST}"
fi
PROMETHEUS_JITSI_EXPORTER_IS_VERSION="$(cat "${__object}/explorer/prometheus-jitsi-meet-explorer-version")"
# The rest is loosely based on Jitsi's documentation
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
# Setup repositories
## First the signing keys
__package gnupg2
require="__package/gnupg2" __apt_key_uri jitsi_meet \
--name 'Jitsi <dev@jitsi.org>' \
--uri https://download.jitsi.org/jitsi-key.gpg.key \
--state present
## Now the repositories (they are a tad weird, so distribution is 'stable/')
require="__apt_key_uri/jitsi_meet" __apt_source jitsi_meet \
--uri 'https://download.jitsi.org' \
--distribution 'stable/' \
--state present
## Ensure apt cache is up-to-date
require="__apt_source/jitsi_meet" __apt_update_index
export require="${require} __apt_source/jitsi_meet __apt_update_index"
# Pre-feed debconf settings, so Jitsi's installation has a good config
# shellcheck source=type/__jitsi_meet/files/debconf_settings.sh
. "${__type}/files/debconf_settings.sh" # This defines DEBCONF_SETTINGS
__debconf_set_selections jitsi_meet --file - <<EOF
${DEBCONF_SETTINGS}
EOF
export require="${require} __debconf_set_selections/jitsi_meet"
# Install and upgrade packages as needed
__package jitsi-meet
# Proceed only after installation/upgrade has finished
export require="__package/jitsi-meet"
# TODO: generalise and move out
# Prep nginx for acme settings
NGINX_ETC="/etc/nginx"
#
# Setup the acme-challenge snippet
#
__directory "${NGINX_ETC}/snippets" --state present
require="__directory${NGINX_ETC}/snippets" __file "${NGINX_ETC}/snippets/acme-challenge.conf" \
--mode 644 \
--source - << EOF
# This file is managed remotely, all changes will be lost
# This was heavily inspired by debops.org.
# Automatic Certificate Management Environment (ACME) support.
# https://tools.ietf.org/html/draft-ietf-acme-acme-01
# https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment
# Return the ACME challenge present in the server public root.
# If not found, switch to global web server root.
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
try_files \$uri @well-known-acme-challenge;
}
# Return the ACME challenge present in the global server public root.
# If not present, redirect request to a specified domain.
location @well-known-acme-challenge {
root /usr/share/jitsi-meet;
default_type "text/plain";
try_files \$uri @redirect-acme-challenge;
}
# Redirect the ACME challenge to a different host. If a redirect loop is
# detected, return 404.
location @redirect-acme-challenge {
if (\$arg_redirect) {
return 404;
}
return 307 \$scheme://${ACME_DOMAIN}\$request_uri?redirect=yes;
}
# Return 404 if ACME challenge well known path is accessed directly.
location = /.well-known/acme-challenge/ {
return 404;
}
EOF
__directory "${NGINX_ETC}/sites-available" --state present
require="__directory${NGINX_ETC}/sites-available" __file "${NGINX_ETC}/sites-available/default" \
--mode 644 \
--source - << EOF
# This file is managed remotely, all changes will be lost
# nginx server configuration for:
server {
# Listen on IPv4
listen 80;
# Note: there is an ipv6only=off flag, but it is Linux-only
# incidentally, that defaults to "on", which is what causes
# not having the double listen to listen on IPv6-only
listen [::]:80;
server_name welcome;
root /srv/www/sites/welcome/public;
include snippets/acme-challenge.conf;
location / {
return 301 https://\$host\$request_uri;
}
}
EOF
# These two should be changed on new release
PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.2"
PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:c64852b1cf63efd1632ec07ac9fcead09baccc1bd8c7b21ca830a0d82d00fb3d"
PROMETHEUS_JITSI_EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${PROMETHEUS_JITSI_EXPORTER_VERSION}/prometheus-jitsi-meet-exporter-linux-amd64"
PROMETHEUS_JITSI_EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then
case "${init}" in
init|sysvinit)
__runit
require="__runit" __runit_service \
prometheus-jitsi-meet-exporter --log --source - <<EOF
#!/bin/sh -e
cd /tmp
exec chpst -u "nobody:nogroup" env HOME="/tmp" \\
prometheus-jitsi-meet-exporter \\
-videobridge-url 'http://localhost:8888/stats' \\
-web.listen-address ':9888' 2>&1
EOF
export require="__runit_service/prometheus-jitsi-meet-exporter"
JITSI_MEET_EXPORTER_SERVICE="sv %s prometheus-jitsi-meet-exporter"
;;
systemd)
__systemd_unit prometheus-jitsi-meet-exporter.service \
--source "-" \
--enablement-state "enabled" <<EOF
[Unit]
Description=Metrics Exporter for Jitsi Meet
After=network.target
[Service]
Type=simple
DynamicUser=yes
ExecStart=/usr/local/bin/prometheus-jitsi-meet-exporter -videobridge-url 'http://localhost:8888/stats' -web.listen-address ':9888'
Restart=always
[Install]
WantedBy=multi-user.target
EOF
export require="__systemd_unit/prometheus-jitsi-meet-exporter.service"
JITSI_MEET_EXPORTER_SERVICE="service prometheus-jitsi-meet-exporter %s"
;;
esac
if [ "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" != \
"${PROMETHEUS_JITSI_EXPORTER_IS_VERSION}" ]; then
# shellcheck disable=SC2059
__download \
/tmp/prometheus-jitsi-meet-exporter \
--url "${PROMETHEUS_JITSI_EXPORTER_URL}" \
--download remote \
--sum "${PROMETHEUS_JITSI_EXPORTER_CHECKSUM}" \
--onchange "$(printf "${JITSI_MEET_EXPORTER_SERVICE}" "stop") || true; chmod 555 /tmp/prometheus-jitsi-meet-exporter && mv /tmp/prometheus-jitsi-meet-exporter /usr/local/bin/prometheus-jitsi-meet-exporter && $(printf "${JITSI_MEET_EXPORTER_SERVICE}" "restart")"
printf "%s" "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" | \
require="${require} __download/tmp/prometheus-jitsi-meet-exporter" __file \
"${PROMETHEUS_JITSI_EXPORTER_VERSION_FILE}" \
--source "-"
fi
fi
# TODO: disable the exporter if it is deployed and then admin changes their mind

1
type/__jitsi_meet/parameter/boolean Normal file
View file

@ -0,0 +1 @@
disable-prometheus-exporter

0
type/__jitsi_meet/parameter/default/turn-server Normal file
View file

2
type/__jitsi_meet/parameter/optional Normal file
View file

@ -0,0 +1,2 @@
turn-secret
turn-server

0
type/__jitsi_meet/singleton Normal file
View file

700
type/__jitsi_meet_domain/files/config.js.sh Normal file
View file

@ -0,0 +1,700 @@
#!/bin/sh -e
# shellcheck disable=SC2034 # This is intended to be included
JITSI_CONFIG_JS="$(cat <<EOF
/* eslint-disable no-unused-vars, no-var */
var config = {
// Connection
//
hosts: {
// XMPP domain.
domain: '${JITSI_HOST}',
// When using authentication, domain for guest users.
// anonymousdomain: 'guest.example.com',
// Domain for authenticated users. Defaults to <domain>.
// authdomain: '${JITSI_HOST}',
// Call control component (Jigasi).
// call_control: 'callcontrol.${JITSI_HOST}',
// Focus component domain. Defaults to focus.<domain>.
// focus: 'focus.${JITSI_HOST}',
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
muc: 'conference.<!--# echo var="subdomain" default="" -->${JITSI_HOST}'
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '//${JITSI_HOST}/http-bind',
// Websocket URL
// websocket: 'wss://${JITSI_HOST}/xmpp-websocket',
// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',
// The real JID of focus participant - can be overridden here
// Do not change username - FIXME: Make focus username configurable
// https://github.com/jitsi/jitsi-meet/issues/7376
// focusUserJid: 'focus@auth.${JITSI_HOST}',
// Testing / experimental features.
//
testing: {
// Disables the End to End Encryption feature. Useful for debugging
// issues related to insertable streams.
// disableE2EE: false,
// P2P test mode disables automatic switching to P2P when there are 2
// participants in the conference.
p2pTestMode: false
// Enables the test specific features consumed by jitsi-meet-torture
// testMode: false
// Disables the auto-play behavior of *all* newly created video element.
// This is useful when the client runs on a host with limited resources.
// noAutoPlayVideo: false
// Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
// simulcast is turned off for the desktop share. If presenter is turned
// on while screensharing is in progress, the max bitrate is automatically
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
// the probability for this to be enabled.
// capScreenshareBitrate: 1 // 0 to disable
// Enable callstats only for a percentage of users.
// This takes a value between 0 and 100 which determines the probability for
// the callstats to be enabled.
// callStatsThreshold: 5 // enable callstats for 5% of the users.
},
// Disables ICE/UDP by filtering out local and remote UDP candidates in
// signalling.
// webrtcIceUdpDisable: false,
// Disables ICE/TCP by filtering out local and remote TCP candidates in
// signalling.
// webrtcIceTcpDisable: false,
// Media
//
// Audio
// Disable measuring of audio levels.
disableAudioLevels: $(if [ -n "${DISABLE_AUDIO_LEVELS}" ]; then printf "true"; else printf "false"; fi),
// audioLevelsInterval: 200,
// Enabling this will run the lib-jitsi-meet no audio detection module which
// will notify the user if the current selected microphone has no audio
// input and will suggest another valid device if one is present.
enableNoAudioDetection: true,
// Enabling this will run the lib-jitsi-meet noise detection module which will
// notify the user if there is noise, other than voice, coming from the current
// selected microphone. The purpose it to let the user know that the input could
// be potentially unpleasant for other meeting participants.
enableNoisyMicDetection: true,
// Start the conference in audio only mode (no video is being received nor
// sent).
// startAudioOnly: false,
// Every participant after the Nth will start audio muted.
// startAudioMuted: 10,
// Start calls with audio muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithAudioMuted: false,
// Enabling it (with #params) will disable local audio output of remote
// participants and to enable it back a reload is needed.
// startSilent: false
// Sets the preferred target bitrate for the Opus audio codec by setting its
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
// Valid values are in the range 6000 to 510000
// opusMaxAverageBitrate: 20000,
// Enables redundancy for Opus
// enableOpusRed: false
// Video
// Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720,
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
// Use -1 to disable.
// maxFullResolutionParticipants: 2,
// w3c spec-compliant video constraints to use for video capture. Currently
// used by browsers that return true from lib-jitsi-meet's
// util#browser#usesNewGumFlow. The constraints are independent from
// this config's resolution value. Defaults to requesting an ideal
// resolution of 720p.
// constraints: {
// video: {
// height: {
// ideal: 720,
// max: 720,
// min: 240
// }
// }
// },
$(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Enable / disable simulcast support.
// disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD
// layers are not in use will be suspended (no longer sent) until they
// are requested again.
// enableLayerSuspension: false,
// Every participant after the Nth will start video muted.
startVideoMuted: ${START_VIDEO_MUTED},
// Start calls with video muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithVideoMuted: false,
// If set to true, prefer to use the H.264 video codec (if supported).
// Note that it's not recommended to do this because simulcast is not
// supported when using H.264. For 1-to-1 calls this setting is enabled by
// default and can be toggled in the p2p section.
// This option has been deprecated, use preferredCodec under videoQuality section instead.
// preferH264: true,
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// Desktop sharing
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
// desktopSharingFrameRate: {
// min: 5,
// max: 5
// },
// Try to start calls with screen-sharing instead of camera video.
// startScreenSharing: false,
// Recording
// Whether to enable file recording or not.
// fileRecordingsEnabled: false,
// Enable the dropbox integration.
// dropbox: {
// appKey: '<APP_KEY>' // Specify your app key here.
// // A URL to redirect the user to, after authenticating
// // by default uses:
// // 'https://${JITSI_HOST}/static/oauth.html'
// redirectURI:
// 'https://${JITSI_HOST}/subfolder/static/oauth.html'
// },
// When integrations like dropbox are enabled only that will be shown,
// by enabling fileRecordingsServiceEnabled, we show both the integrations
// and the generic recording service (its configuration and storage type
// depends on jibri configuration)
// fileRecordingsServiceEnabled: false,
// Whether to show the possibility to share file recording with other people
// (e.g. meeting participants), based on the actual implementation
// on the backend.
// fileRecordingsServiceSharingEnabled: false,
// Whether to enable live streaming or not.
// liveStreamingEnabled: false,
// Transcription (in interface_config,
// subtitles and buttons can be configured)
// transcribingEnabled: false,
// Enables automatic turning on captions when recording is started
// autoCaptionOnRecord: false,
// Misc
// Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: ${CHANNEL_LAST_N},
// Provides a way to use different "last N" values based on the number of participants in the conference.
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
// participants gets to or above the number.
//
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
// will be used as default until the first threshold is reached.
//
// lastNLimits: {
// 5: 20,
// 30: 15,
// 50: 10,
// 70: 5,
// 90: 2
// },
// Specify the settings for video quality optimizations on the client.
// videoQuality: {
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
// disabledCodec: 'H264',
//
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
// // to take effect.
// preferredCodec: 'VP8',
//
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
// // This is currently not implemented on app based clients on mobile.
// maxBitratesVideo: {
// low: 200000,
// standard: 500000,
// high: 1500000
// },
//
// // The options can be used to override default thresholds of video thumbnail heights corresponding to
// // the video quality levels used in the application. At the time of this writing the allowed levels are:
// // 'low' - for the low quality level (180p at the time of this writing)
// // 'standard' - for the medium quality level (360p)
// // 'high' - for the high quality level (720p)
// // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
// //
// // With the default config value below the application will use 'low' quality until the thumbnails are
// // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
// // the high quality.
// minHeightForQualityLvl: {
// 360: 'standard,
// 720: 'high'
// }
// },
// // Options for the recording limit notification.
// recordingLimit: {
//
// // The recording limit in minutes. Note: This number appears in the notification text
// // but doesn't enforce the actual recording time limit. This should be configured in
// // jibri!
// limit: 60,
//
// // The name of the app with unlimited recordings.
// appName: 'Unlimited recordings APP',
//
// // The URL of the app with unlimited recordings.
// appURL: 'https://unlimited.recordings.app.com/'
// },
// Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false,
// Disables or enables TCC (the default is in Jicofo and set to true)
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
// affects congestion control, it practically enables send-side bandwidth
// estimations.
// enableTcc: true,
// Disables or enables REMB (the default is in Jicofo and set to false)
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
// control, it practically enables recv-side bandwidth estimations. When
// both TCC and REMB are enabled, TCC takes precedence. When both are
// disabled, then bandwidth estimations are disabled.
// enableRemb: false,
// Enables ICE restart logic in LJM and displays the page reload overlay on
// ICE failure. Current disabled by default because it's causing issues with
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
// not a real ICE restart), the client maintains the TCC sequence number
// counter, but the bridge resets it. The bridge sends media packets with
// TCC sequence numbers starting from 0.
// enableIceRestart: false,
// Defines the minimum number of participants to start a call (the default
// is set in Jicofo and set to 2).
// minParticipants: 2,
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
// we filter out TURN/UDP because it is usually not needed since the
// bridge itself is reachable via UDP)
// useTurnUdp: false
// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel).
// openBridgeChannel: true,
openBridgeChannel: 'websocket',
// UI
//
// Hides lobby button
// hideLobbyButton: false,
// Require users to always specify a display name.
// requireDisplayName: true,
// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
enableWelcomePage: true,
// Enabling the close page will ignore the welcome page redirection when
// a call is hangup.
// enableClosePage: false,
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// disable1On1Mode: false,
// Default language for the user interface.
defaultLanguage: '${DEFAULT_LANGUAGE}',
// If true all users without a token will be considered guests and all users
// with token will be considered non-guests. Only guests will be allowed to
// edit their profile.
enableUserRolesBasedOnToken: false,
// Whether or not some features are checked based on token.
// enableFeaturesBasedOnToken: false,
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
// lockRoomGuestEnabled: false,
// When enabled the password used for locking a room is restricted to up to the number of digits specified
// roomPasswordNumberOfDigits: 10,
// default: roomPasswordNumberOfDigits: false,
// Message to show the users. Example: 'The service will be down for
// maintenance at 01:00 AM GMT,
noticeMessage: '${NOTICE_MESSAGE}',
// Enables calendar integration, depends on googleApiApplicationClientID
// and microsoftApiApplicationClientID
// enableCalendarIntegration: false,
// When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// prejoinPageEnabled: false,
// If true, shows the unsafe room name warning label when a room name is
// deemed unsafe (due to the simplicity in the name) and a password is not
// set or the lobby is not enabled.
// enableInsecureRoomNameWarning: false,
// Whether to automatically copy invitation URL after creating a room.
// Document should be focused for this option to work
// enableAutomaticUrlCopy: false,
// Stats
//
// Whether to enable stats collection or not in the TraceablePeerConnection.
// This can be useful for debugging purposes (post-processing/analysis of
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
// estimation tests.
// gatherStats: false,
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
// pcStatsInterval: 10000,
// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',
// Enables sending participants' display names to callstats
// enableDisplayNameInStats: false,
// Enables sending participants' emails (if available) to callstats and other analytics
// enableEmailInStats: false,
// Privacy
//
// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// will not function.
disableThirdPartyRequests: $(if [ -z "${ENABLE_THIRD_PARTY_REQUESTS}" ]; then printf "true"; else printf "false"; fi),
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
//
p2p: {
// Enables peer to peer mode. When enabled the system will try to
// establish a direct connection when there are exactly 2 participants
// in the room. If that succeeds the conference will stop sending data
// through the JVB and use the peer to peer connection instead. When a
// 3rd participant joins the conference will be moved back to the JVB
// connection.
enabled: true,
// The STUN servers that will be used in the peer to peer connections
stunServers: [
{ urls: 'stun:${TURN_SERVER}:443' }
]
// Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay',
// but that is subject to change in the future. The enum is defined in
// the WebRTC standard:
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
// If not set, the effective value is 'all'.
// iceTransportPolicy: 'all',
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
// is supported). This setting is deprecated, use preferredCodec instead.
// preferH264: true
// Provides a way to set the video codec preference on the p2p connection. Acceptable
// codec values are 'VP8', 'VP9' and 'H264'.
// preferredCodec: 'H264',
// If set to true, disable H.264 video codec by stripping it out of the
// SDP. This setting is deprecated, use disabledCodec instead.
// disableH264: false,
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
// disabledCodec: '',
// How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload).
// backToP2PDelay: 5
},
analytics: {
// The Google Analytics Tracking ID:
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
// Matomo configuration:
// matomoEndpoint: 'https://your-matomo-endpoint/',
// matomoSiteID: '42',
// The Amplitude APP Key:
// amplitudeAPPKey: '<APP_KEY>'
// Configuration for the rtcstats server:
// By enabling rtcstats server every time a conference is joined the rtcstats
// module connects to the provided rtcstatsEndpoint and sends statistics regarding
// PeerConnection states along with getStats metrics polled at the specified
// interval.
// rtcstatsEnabled: true,
// In order to enable rtcstats one needs to provide a endpoint url.
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
// The interval at which rtcstats will poll getStats, defaults to 1000ms.
// If the value is set to 0 getStats won't be polled and the rtcstats client
// will only send data related to RTCPeerConnection events.
// rtcstatsPolIInterval: 1000
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
// scriptURLs: [
// "libs/analytics-ga.min.js", // google-analytics
// "https://example.com/my-custom-analytics.js"
// ],
},
// Logs that should go be passed through the 'log' event if a handler is defined for it
// apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
// Information about the jitsi-meet instance we are connecting to, including
// the user region as seen by the server.
deploymentInfo: {
// shard: "shard1",
// region: "europe",
// userRegion: "asia"
},
// Decides whether the start/stop recording audio notifications should play on record.
// disableRecordAudioNotification: false,
// Information for the chrome extension banner
// chromeExtensionBanner: {
// // The chrome extension to be installed address
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
// // Extensions info which allows checking if they are installed or not
// chromeExtensionsInfo: [
// {
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
// path: 'jitsi-logo-48x48.png'
// }
// ]
// },
// Local Recording
//
// localRecording: {
// Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
// button to show up on the toolbar.
//
// enabled: true,
//
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
// format: 'flac'
//
// },
// Options related to end-to-end (participant to participant) ping.
// e2eping: {
// // The interval in milliseconds at which pings will be sent.
// // Defaults to 10000, set to <= 0 to disable.
// pingInterval: 10000,
//
// // The interval in milliseconds at which analytics events
// // with the measured RTT will be sent. Defaults to 60000, set
// // to <= 0 to disable.
// analyticsInterval: 60000,
// },
// If set, will attempt to use the provided video input device label when
// triggering a screenshare, instead of proceeding through the normal flow
// for obtaining a desktop stream.
// NOTE: This option is experimental and is currently intended for internal
// use only.
// _desktopSharingSourceDevice: 'sample-id-or-label',
// If true, any checks to handoff to another application will be prevented
// and instead the app will continue to display in the current browser.
// disableDeepLinking: false,
// A property to disable the right click context menu for localVideo
// the menu has option to flip the locally seen video for local presentations
// disableLocalVideoFlip: false,
// Mainly privacy related settings
// Disables all invite functions from the app (share, invite, dial out...etc)
// disableInviteFunctions: true,
// Disables storing the room name to the recents list
// doNotStoreRoom: true,
// Deployment specific URLs.
// deploymentUrls: {
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
// // user documentation.
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
// // to the specified URL for an app download page.
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
// },
// Options related to the remote participant menu.
// remoteVideoMenu: {
// // If set to true the 'Kick out' button will be disabled.
// disableKick: true
// },
// If set to true all muting operations of remote participants will be disabled.
// disableRemoteMute: true,
/**
External API url used to receive branding specific information.
If there is no url set or there are missing fields, the defaults are applied.
None of the fields are mandatory and the response must have the shape:
{
// The hex value for the colour used as background
backgroundColor: '#fff',
// The url for the image used as background
backgroundImageUrl: 'https://example.com/background-img.png',
// The anchor url used when clicking the logo image
logoClickUrl: 'https://example-company.org',
// The url used for the image used as logo
logoImageUrl: 'https://example.com/logo-img.png'
}
*/
brandingDataUrl: "$(if [ -n "${BRANDING_JSON}" ]; then printf "/branding.json"; fi)",
// The URL of the moderated rooms microservice, if available. If it
// is present, a link to the service will be rendered on the welcome page,
// otherwise the app doesn't render it.
// moderatedRoomServiceUrl: 'https://moderated.${JITSI_HOST}',
// List of undocumented settings used in jitsi-meet
/**
_immediateReloadThreshold
debug
debugAudioLevels
deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl
dialOutCodesUrl
disableRemoteControl
displayJids
etherpad_base
externalConnectUrl
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
iAmSipGateway
microsoftApiApplicationClientID
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
*/
/**
* This property can be used to alter the generated meeting invite links (in combination with a branding domain
* which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
* can become https://brandedDomain/roomAlias)
*/
// brandingRoomAlias: null,
// List of undocumented settings used in lib-jitsi-meet
/**
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableNS
enableLipSync
enableTalkWhileMuted
forceJVB121Ratio
hiddenDomain
ignoreStartMuted
nick
startBitrate
*/
// Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value.
makeJsonParserHappy: 'even if last key had a trailing comma'
// no configuration value should follow this line.
};
/* eslint-enable no-unused-vars, no-var */
EOF
)"

694
type/__jitsi_meet_domain/files/config.js.sh.orig Normal file
View file

@ -0,0 +1,694 @@
/* eslint-disable no-unused-vars, no-var */
var config = {
// Connection
//
hosts: {
// XMPP domain.
domain: 'jitsi-meet.example.org',
// When using authentication, domain for guest users.
// anonymousdomain: 'guest.example.com',
// Domain for authenticated users. Defaults to <domain>.
// authdomain: 'jitsi-meet.example.org',
// Call control component (Jigasi).
// call_control: 'callcontrol.jitsi-meet.example.org',
// Focus component domain. Defaults to focus.<domain>.
// focus: 'focus.jitsi-meet.example.org',
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
muc: 'conference.<!--# echo var="subdomain" default="" -->jitsi-meet.example.org'
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '//jitsi-meet.example.org/http-bind',
// Websocket URL
// websocket: 'wss://jitsi-meet.example.org/xmpp-websocket',
// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',
// The real JID of focus participant - can be overridden here
// Do not change username - FIXME: Make focus username configurable
// https://github.com/jitsi/jitsi-meet/issues/7376
// focusUserJid: 'focus@auth.jitsi-meet.example.org',
// Testing / experimental features.
//
testing: {
// Disables the End to End Encryption feature. Useful for debugging
// issues related to insertable streams.
// disableE2EE: false,
// P2P test mode disables automatic switching to P2P when there are 2
// participants in the conference.
p2pTestMode: false
// Enables the test specific features consumed by jitsi-meet-torture
// testMode: false
// Disables the auto-play behavior of *all* newly created video element.
// This is useful when the client runs on a host with limited resources.
// noAutoPlayVideo: false
// Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
// simulcast is turned off for the desktop share. If presenter is turned
// on while screensharing is in progress, the max bitrate is automatically
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
// the probability for this to be enabled.
// capScreenshareBitrate: 1 // 0 to disable
// Enable callstats only for a percentage of users.
// This takes a value between 0 and 100 which determines the probability for
// the callstats to be enabled.
// callStatsThreshold: 5 // enable callstats for 5% of the users.
},
// Disables ICE/UDP by filtering out local and remote UDP candidates in
// signalling.
// webrtcIceUdpDisable: false,
// Disables ICE/TCP by filtering out local and remote TCP candidates in
// signalling.
// webrtcIceTcpDisable: false,
// Media
//
// Audio
// Disable measuring of audio levels.
// disableAudioLevels: false,
// audioLevelsInterval: 200,
// Enabling this will run the lib-jitsi-meet no audio detection module which
// will notify the user if the current selected microphone has no audio
// input and will suggest another valid device if one is present.
enableNoAudioDetection: true,
// Enabling this will run the lib-jitsi-meet noise detection module which will
// notify the user if there is noise, other than voice, coming from the current
// selected microphone. The purpose it to let the user know that the input could
// be potentially unpleasant for other meeting participants.
enableNoisyMicDetection: true,
// Start the conference in audio only mode (no video is being received nor
// sent).
// startAudioOnly: false,
// Every participant after the Nth will start audio muted.
// startAudioMuted: 10,
// Start calls with audio muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithAudioMuted: false,
// Enabling it (with #params) will disable local audio output of remote
// participants and to enable it back a reload is needed.
// startSilent: false
// Sets the preferred target bitrate for the Opus audio codec by setting its
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
// Valid values are in the range 6000 to 510000
// opusMaxAverageBitrate: 20000,
// Enables redundancy for Opus
// enableOpusRed: false
// Video
// Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720,
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
// Use -1 to disable.
// maxFullResolutionParticipants: 2,
// w3c spec-compliant video constraints to use for video capture. Currently
// used by browsers that return true from lib-jitsi-meet's
// util#browser#usesNewGumFlow. The constraints are independent from
// this config's resolution value. Defaults to requesting an ideal
// resolution of 720p.
// constraints: {
// video: {
// height: {
// ideal: 720,
// max: 720,
// min: 240
// }
// }
// },
// Enable / disable simulcast support.
// disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD
// layers are not in use will be suspended (no longer sent) until they
// are requested again.
// enableLayerSuspension: false,
// Every participant after the Nth will start video muted.
// startVideoMuted: 10,
// Start calls with video muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithVideoMuted: false,
// If set to true, prefer to use the H.264 video codec (if supported).
// Note that it's not recommended to do this because simulcast is not
// supported when using H.264. For 1-to-1 calls this setting is enabled by
// default and can be toggled in the p2p section.
// This option has been deprecated, use preferredCodec under videoQuality section instead.
// preferH264: true,
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// Desktop sharing
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
// desktopSharingFrameRate: {
// min: 5,
// max: 5
// },
// Try to start calls with screen-sharing instead of camera video.
// startScreenSharing: false,
// Recording
// Whether to enable file recording or not.
// fileRecordingsEnabled: false,
// Enable the dropbox integration.
// dropbox: {
// appKey: '<APP_KEY>' // Specify your app key here.
// // A URL to redirect the user to, after authenticating
// // by default uses:
// // 'https://jitsi-meet.example.org/static/oauth.html'
// redirectURI:
// 'https://jitsi-meet.example.org/subfolder/static/oauth.html'
// },
// When integrations like dropbox are enabled only that will be shown,
// by enabling fileRecordingsServiceEnabled, we show both the integrations
// and the generic recording service (its configuration and storage type
// depends on jibri configuration)
// fileRecordingsServiceEnabled: false,
// Whether to show the possibility to share file recording with other people
// (e.g. meeting participants), based on the actual implementation
// on the backend.
// fileRecordingsServiceSharingEnabled: false,
// Whether to enable live streaming or not.
// liveStreamingEnabled: false,
// Transcription (in interface_config,
// subtitles and buttons can be configured)
// transcribingEnabled: false,
// Enables automatic turning on captions when recording is started
// autoCaptionOnRecord: false,
// Misc
// Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: -1,
// Provides a way to use different "last N" values based on the number of participants in the conference.
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
// participants gets to or above the number.
//
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
// will be used as default until the first threshold is reached.
//
// lastNLimits: {
// 5: 20,
// 30: 15,
// 50: 10,
// 70: 5,
// 90: 2
// },
// Specify the settings for video quality optimizations on the client.
// videoQuality: {
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
// disabledCodec: 'H264',
//
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
// // to take effect.
// preferredCodec: 'VP8',
//
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
// // This is currently not implemented on app based clients on mobile.
// maxBitratesVideo: {
// low: 200000,
// standard: 500000,
// high: 1500000
// },
//
// // The options can be used to override default thresholds of video thumbnail heights corresponding to
// // the video quality levels used in the application. At the time of this writing the allowed levels are:
// // 'low' - for the low quality level (180p at the time of this writing)
// // 'standard' - for the medium quality level (360p)
// // 'high' - for the high quality level (720p)
// // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
// //
// // With the default config value below the application will use 'low' quality until the thumbnails are
// // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
// // the high quality.
// minHeightForQualityLvl: {
// 360: 'standard,
// 720: 'high'
// }
// },
// // Options for the recording limit notification.
// recordingLimit: {
//
// // The recording limit in minutes. Note: This number appears in the notification text
// // but doesn't enforce the actual recording time limit. This should be configured in
// // jibri!
// limit: 60,
//
// // The name of the app with unlimited recordings.
// appName: 'Unlimited recordings APP',
//
// // The URL of the app with unlimited recordings.
// appURL: 'https://unlimited.recordings.app.com/'
// },
// Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false,
// Disables or enables TCC (the default is in Jicofo and set to true)
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
// affects congestion control, it practically enables send-side bandwidth
// estimations.
// enableTcc: true,
// Disables or enables REMB (the default is in Jicofo and set to false)
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
// control, it practically enables recv-side bandwidth estimations. When
// both TCC and REMB are enabled, TCC takes precedence. When both are
// disabled, then bandwidth estimations are disabled.
// enableRemb: false,
// Enables ICE restart logic in LJM and displays the page reload overlay on
// ICE failure. Current disabled by default because it's causing issues with
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
// not a real ICE restart), the client maintains the TCC sequence number
// counter, but the bridge resets it. The bridge sends media packets with
// TCC sequence numbers starting from 0.
// enableIceRestart: false,
// Defines the minimum number of participants to start a call (the default
// is set in Jicofo and set to 2).
// minParticipants: 2,
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
// we filter out TURN/UDP because it is usually not needed since the
// bridge itself is reachable via UDP)
// useTurnUdp: false
// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel).
// openBridgeChannel: true,
openBridgeChannel: 'websocket',
// UI
//
// Hides lobby button
// hideLobbyButton: false,
// Require users to always specify a display name.
// requireDisplayName: true,
// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
enableWelcomePage: true,
// Enabling the close page will ignore the welcome page redirection when
// a call is hangup.
// enableClosePage: false,
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// disable1On1Mode: false,
// Default language for the user interface.
// defaultLanguage: 'en',
// If true all users without a token will be considered guests and all users
// with token will be considered non-guests. Only guests will be allowed to
// edit their profile.
enableUserRolesBasedOnToken: false,
// Whether or not some features are checked based on token.
// enableFeaturesBasedOnToken: false,
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
// lockRoomGuestEnabled: false,
// When enabled the password used for locking a room is restricted to up to the number of digits specified
// roomPasswordNumberOfDigits: 10,
// default: roomPasswordNumberOfDigits: false,
// Message to show the users. Example: 'The service will be down for
// maintenance at 01:00 AM GMT,
// noticeMessage: '',
// Enables calendar integration, depends on googleApiApplicationClientID
// and microsoftApiApplicationClientID
// enableCalendarIntegration: false,
// When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// prejoinPageEnabled: false,
// If true, shows the unsafe room name warning label when a room name is
// deemed unsafe (due to the simplicity in the name) and a password is not
// set or the lobby is not enabled.
// enableInsecureRoomNameWarning: false,
// Whether to automatically copy invitation URL after creating a room.
// Document should be focused for this option to work
// enableAutomaticUrlCopy: false,
// Stats
//
// Whether to enable stats collection or not in the TraceablePeerConnection.
// This can be useful for debugging purposes (post-processing/analysis of
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
// estimation tests.
// gatherStats: false,
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
// pcStatsInterval: 10000,
// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',
// Enables sending participants' display names to callstats
// enableDisplayNameInStats: false,
// Enables sending participants' emails (if available) to callstats and other analytics
// enableEmailInStats: false,
// Privacy
//
// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// will not function.
// disableThirdPartyRequests: false,
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
//
p2p: {
// Enables peer to peer mode. When enabled the system will try to
// establish a direct connection when there are exactly 2 participants
// in the room. If that succeeds the conference will stop sending data
// through the JVB and use the peer to peer connection instead. When a
// 3rd participant joins the conference will be moved back to the JVB
// connection.
enabled: true,
// The STUN servers that will be used in the peer to peer connections
stunServers: [
// { urls: 'stun:jitsi-meet.example.org:3478' },
{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
]
// Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay',
// but that is subject to change in the future. The enum is defined in
// the WebRTC standard:
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
// If not set, the effective value is 'all'.
// iceTransportPolicy: 'all',
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
// is supported). This setting is deprecated, use preferredCodec instead.
// preferH264: true
// Provides a way to set the video codec preference on the p2p connection. Acceptable
// codec values are 'VP8', 'VP9' and 'H264'.
// preferredCodec: 'H264',
// If set to true, disable H.264 video codec by stripping it out of the
// SDP. This setting is deprecated, use disabledCodec instead.
// disableH264: false,
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
// disabledCodec: '',
// How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload).
// backToP2PDelay: 5
},
analytics: {
// The Google Analytics Tracking ID:
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
// Matomo configuration:
// matomoEndpoint: 'https://your-matomo-endpoint/',
// matomoSiteID: '42',
// The Amplitude APP Key:
// amplitudeAPPKey: '<APP_KEY>'
// Configuration for the rtcstats server:
// By enabling rtcstats server every time a conference is joined the rtcstats
// module connects to the provided rtcstatsEndpoint and sends statistics regarding
// PeerConnection states along with getStats metrics polled at the specified
// interval.
// rtcstatsEnabled: true,
// In order to enable rtcstats one needs to provide a endpoint url.
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
// The interval at which rtcstats will poll getStats, defaults to 1000ms.
// If the value is set to 0 getStats won't be polled and the rtcstats client
// will only send data related to RTCPeerConnection events.
// rtcstatsPolIInterval: 1000
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
// scriptURLs: [
// "libs/analytics-ga.min.js", // google-analytics
// "https://example.com/my-custom-analytics.js"
// ],
},
// Logs that should go be passed through the 'log' event if a handler is defined for it
// apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
// Information about the jitsi-meet instance we are connecting to, including
// the user region as seen by the server.
deploymentInfo: {
// shard: "shard1",
// region: "europe",
// userRegion: "asia"
},
// Decides whether the start/stop recording audio notifications should play on record.
// disableRecordAudioNotification: false,
// Information for the chrome extension banner
// chromeExtensionBanner: {
// // The chrome extension to be installed address
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
// // Extensions info which allows checking if they are installed or not
// chromeExtensionsInfo: [
// {
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
// path: 'jitsi-logo-48x48.png'
// }
// ]
// },
// Local Recording
//
// localRecording: {
// Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
// button to show up on the toolbar.
//
// enabled: true,
//
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
// format: 'flac'
//
// },
// Options related to end-to-end (participant to participant) ping.
// e2eping: {
// // The interval in milliseconds at which pings will be sent.
// // Defaults to 10000, set to <= 0 to disable.
// pingInterval: 10000,
//
// // The interval in milliseconds at which analytics events
// // with the measured RTT will be sent. Defaults to 60000, set
// // to <= 0 to disable.
// analyticsInterval: 60000,
// },
// If set, will attempt to use the provided video input device label when
// triggering a screenshare, instead of proceeding through the normal flow
// for obtaining a desktop stream.
// NOTE: This option is experimental and is currently intended for internal
// use only.
// _desktopSharingSourceDevice: 'sample-id-or-label',
// If true, any checks to handoff to another application will be prevented
// and instead the app will continue to display in the current browser.
// disableDeepLinking: false,
// A property to disable the right click context menu for localVideo
// the menu has option to flip the locally seen video for local presentations
// disableLocalVideoFlip: false,
// Mainly privacy related settings
// Disables all invite functions from the app (share, invite, dial out...etc)
// disableInviteFunctions: true,
// Disables storing the room name to the recents list
// doNotStoreRoom: true,
// Deployment specific URLs.
// deploymentUrls: {
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
// // user documentation.
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
// // to the specified URL for an app download page.
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
// },
// Options related to the remote participant menu.
// remoteVideoMenu: {
// // If set to true the 'Kick out' button will be disabled.
// disableKick: true
// },
// If set to true all muting operations of remote participants will be disabled.
// disableRemoteMute: true,
/**
External API url used to receive branding specific information.
If there is no url set or there are missing fields, the defaults are applied.
None of the fields are mandatory and the response must have the shape:
{
// The hex value for the colour used as background
backgroundColor: '#fff',
// The url for the image used as background
backgroundImageUrl: 'https://example.com/background-img.png',
// The anchor url used when clicking the logo image
logoClickUrl: 'https://example-company.org',
// The url used for the image used as logo
logoImageUrl: 'https://example.com/logo-img.png'
}
*/
// brandingDataUrl: '',
// The URL of the moderated rooms microservice, if available. If it
// is present, a link to the service will be rendered on the welcome page,
// otherwise the app doesn't render it.
// moderatedRoomServiceUrl: 'https://moderated.jitsi-meet.example.org',
// List of undocumented settings used in jitsi-meet
/**
_immediateReloadThreshold
debug
debugAudioLevels
deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl
dialOutCodesUrl
disableRemoteControl
displayJids
etherpad_base
externalConnectUrl
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
iAmSipGateway
microsoftApiApplicationClientID
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
*/
/**
* This property can be used to alter the generated meeting invite links (in combination with a branding domain
* which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
* can become https://brandedDomain/roomAlias)
*/
// brandingRoomAlias: null,
// List of undocumented settings used in lib-jitsi-meet
/**
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableNS
enableLipSync
enableTalkWhileMuted
forceJVB121Ratio
hiddenDomain
ignoreStartMuted
nick
startBitrate
*/
// Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value.
makeJsonParserHappy: 'even if last key had a trailing comma'
// no configuration value should follow this line.
};
/* eslint-enable no-unused-vars, no-var */

156
type/__jitsi_meet_domain/files/nginx.sh Normal file
View file

@ -0,0 +1,156 @@
#!/bin/sh -e
# shellcheck disable=SC2034 # This is intended to be included
JITSI_NGINX_CONFIG="$(cat <<EOF
server_names_hash_bucket_size 64;
server {
listen 80;
listen [::]:80;
server_name ${DOMAIN};
include snippets/acme-challenge.conf;
location / {
return 301 https://\$host\$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ${DOMAIN};
include snippets/acme-challenge.conf;
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # about 40000 sessions
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
root /usr/share/jitsi-meet;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
# Try the custom page for this domain, fallback to default page
index index-${DOMAIN}.html index.html index.htm;
error_page 404 /static/404.html;
gzip on;
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
gzip_vary on;
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 512;
# We expect this domain to be properly configured, the file should exist
location = /config.js {
alias /etc/jitsi/meet/${DOMAIN}-config.js;
}
# This may or may not exist; it will be set up in config.js if needed
location = /branding.json {
alias /etc/jitsi/meet/${DOMAIN}-branding.json;
}
# Try custom image and fallback to default
location = /images/watermark.png {
try_files /images/watermark-${DOMAIN}.png \$uri;
}
location = /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)\$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/\$1/\$2;
# cache all versioned files
if (\$arg_v) {
expires 1y;
}
}
# BOSH
location = /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For \$remote_addr;
# Prevision for 'multi-domain' jitsi instances
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
proxy_set_header Host ${JITSI_HOST};
}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=\$prefix&\$args;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
# Prevision for 'multi-domain' jitsi instances
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
proxy_set_header Host ${JITSI_HOST};
tcp_nodelay on;
}
# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/\$1\$is_args\$args;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
location ~ ^/([^/?&:'"]+)\$ {
try_files \$uri @root_path;
}
location @root_path {
rewrite ^/(.*)\$ / break;
}
location ~ ^/([^/?&:'"]+)/config.js\$
{
set \$subdomain "\$1.";
set \$subdir "\$1/";
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
}
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)\$ {
set \$subdomain "\$1.";
set \$subdir "\$1/";
rewrite ^/([^/?&:'"]+)/(.*)\$ /\$2;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set \$subdomain "\$1.";
set \$subdir "\$1/";
set \$prefix "\$1";
rewrite ^/(.*)\$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set \$subdomain "\$1.";
set \$subdir "\$1/";
set \$prefix "\$1";
rewrite ^/(.*)\$ /xmpp-websocket;
}
}
EOF
)"

139
type/__jitsi_meet_domain/files/nginx.sh.orig Normal file
View file

@ -0,0 +1,139 @@
server_names_hash_bucket_size 64;
server {
listen 80;
listen [::]:80;
server_name jitsi-meet.example.com;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /usr/share/jitsi-meet;
}
location = /.well-known/acme-challenge/ {
return 404;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jitsi-meet.example.com;
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # about 40000 sessions
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt;
ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key;
root /usr/share/jitsi-meet;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
gzip on;
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
gzip_vary on;
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 512;
location = /config.js {
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
}
location = /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/$1/$2;
# cache all versioned files
if ($arg_v) {
expires 1y;
}
}
# BOSH
location = /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
tcp_nodelay on;
}
# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path;
}
location @root_path {
rewrite ^/(.*)$ / break;
}
location ~ ^/([^/?&:'"]+)/config.js$
{
set $subdomain "$1.";
set $subdir "$1/";
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
}
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /xmpp-websocket;
}
}

5
type/__jitsi_meet_domain/gencode-remote Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh -e
if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
echo "service nginx reload"
fi

150
type/__jitsi_meet_domain/man.rst Normal file
View file

@ -0,0 +1,150 @@
cdist-type__jitsi_meet_domain(7)
========================================
NAME
----
cdist-type__jitsi_meet_domain - Setup a frontend for Jitsi-Meet.
DESCRIPTION
-----------
This type installs and configures the frontend for Jitsi-Meet.
This supports "multi-domain" installations, notice that in such a setup, all
rooms are shared across the different URLs, e.g.
https://jitsi1.example.org/room1 and https://jitsi2.example.org/room1 are
equivalent.
This is due to the underlying XMPP and signaling rooms being common.
There might be a way to perform tricks on the Nginx-side to avoid this, but
time is lacking :-).
This assumes `__jitsi_meet` has already been ran on the target host, and,
amongst others, that Jitsi was set up with `__target_host` as the Jitsi domain.
This type will take care of TLS settings, branding and client-side
configuration for Jitsi.
This type only works on De{bi,vu}an systems.
REQUIRED PARAMETERS
-------------------
object id
The domain that will be configured as a Jitsi-Meet instance.
admin-email
Where to send Let's Encrypt emails like "certificate needs renewal".
OPTIONAL PARAMETERS
-------------------
channel-last-n
Default value for the "last N" attribute.
Defaults to 20. Set to -1 for unlimited.
default-language
Default language for the user interface.
Defaults to 'en'.
notice-message
Message to show the users when they join a room.
start-video-muted
Every participant after the Nth will start video muted.
Defaults to 10.
turn-server
The TURN server to be used.
Defaults to `__target_host`.
video-constraints
w3c spec-compliant video constraints to use for video capture. Currently
used by browsers that return true from lib-jitsi-meet's
util#browser#usesNewGumFlow. The constraints are independent from
this config's resolution value. Defaults to requesting an ideal
resolution of 720p.
It must not have a trailing comma, see `constraints` in
`__jitsi_meet_domain/files/config.js.sh`.
branding-json
Path to a JSON file that will be served as the `brandingDataUrl`.
For information on the format see `brandingDataUrl` in
`__jitsi_meet_domain/files/config.js.sh`.
If not set, no branding will be set up.
branding-index
Path to an HTML file that will be served instead of Jitsi-Meet's default
one.
If not set, the default index file will be used.
branding-watermark
Path to a png file that will be served instead of Jitsi-Meet's default
one.
If not set, the default watermark will be used.
BOOLEAN PARAMETERS
------------------
disable-audio-levels
Disable measuring of audio levels.
This has been reported to improve performance on clients.
enable-third-party-requests
This type disables third-party requests by default, this flag re-enables
them, restoring Jitsi-Meet's defaults.
This affects things like avatars, callstats, ...
EXAMPLES
--------
.. code-block:: sh
# Setup a Jitsi frontend for jitsi.exo.cat
__jitsi_meet_domain "jitsi.exo.cat" \
--admin-email "info@exo.cat" \
--turn-server "turn.exo.cat" \
--notice-message "Hola!" \
--disable-audio-levels \
--turn-secret "WeNeedGoodSecurity" \
--video-constraints "$(cat <<EOF
constraints: {
video: {
height: {
ideal: 320,
max: 320,
min: 180
}
}
}
EOF
)"
SEE ALSO
--------
- `__jitsi_meet`
AUTHORS
-------
Evilham <contact@evilham.com>
COPYING
-------
Copyright \(C) 2020 Evilham.

90
type/__jitsi_meet_domain/manifest Executable file
View file

@ -0,0 +1,90 @@
#!/bin/sh -e
os="$(cat "${__global}/explorer/os")"
case "${os}" in
devuan|debian)
;;
*)
echo "Your OS '${os}' is currently not supported." > /dev/stderr
exit 1
;;
esac
DOMAIN="${__object_id}"
ADMIN_EMAIL="$(cat "${__object}/parameter/admin-email")"
CHANNEL_LAST_N="$(cat "${__object}/parameter/channel-last-n")"
DEFAULT_LANGUAGE="$(cat "${__object}/parameter/default-language")"
NOTICE_MESSAGE="$(cat "${__object}/parameter/notice-message")"
START_VIDEO_MUTED="$(cat "${__object}/parameter/start-video-muted")"
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
VIDEO_CONSTRAINTS="$(cat "${__object}/parameter/video-constraints")"
BRANDING_INDEX="$(cat "${__object}/parameter/branding-index")"
BRANDING_JSON="$(cat "${__object}/parameter/branding-json")"
BRANDING_WATERMARK="$(cat "${__object}/parameter/branding-watermark")"
if [ -f "${__object}/parameter/enable-third-party-requests" ]; then
ENABLE_THIRD_PARTY_REQUESTS="YES"
fi
if [ -f "${__object}/parameter/disable-audio-levels" ]; then
DISABLE_AUDIO_LEVELS="YES"
fi
if [ -z "${TURN_SERVER}" ]; then
TURN_SERVER="${__target_host}"
fi
if [ -z "${JITSI_HOST}" ]; then
JITSI_HOST="${__target_host}"
fi
#
# Deal with certbot
#
# use object id as domain
__letsencrypt_cert "${DOMAIN}" \
--admin-email "${ADMIN_EMAIL}" \
--automatic-renewal \
--renew-hook "service nginx reload" \
--webroot /usr/share/jitsi-meet
# Create virtualhost for nginx
# shellcheck source=type/__jitsi_meet_domain/files/nginx.sh
. "${__type}/files/nginx.sh" # This defines JITSI_NGINX_CONFIG
require="__letsencrypt_cert/${DOMAIN}" __file \
"/etc/nginx/sites-enabled/${DOMAIN}.conf" \
--mode 0644 --source "-" <<EOF
${JITSI_NGINX_CONFIG}
EOF
# Setup jitsi config
# shellcheck source=type/__jitsi_meet_domain/files/config.js.sh
. "${__type}/files/config.js.sh" # This defines JITSI_CONFIG_JS
__file "/etc/jitsi/meet/${DOMAIN}-config.js" \
--mode 0644 --source "-" <<EOF
${JITSI_CONFIG_JS}
EOF
#
# Deal with branding as requested
#
# Helper function to manage the state of the target branding file
_var_state() {
if [ -n "${1}" ]; then
echo "present"
else
echo "absent"
fi
}
__file "/usr/share/jitsi-meet/index-${DOMAIN}.html" \
--mode 0644 \
--state "$(_var_state "${BRANDING_INDEX}")" \
--source "${BRANDING_INDEX}"
__file "/etc/jitsi/meet/${DOMAIN}-branding.json" \
--mode 0644 \
--state "$(_var_state "${BRANDING_JSON}")" \
--source "${BRANDING_JSON}"
__file "/usr/share/jitsi-meet/images/watermark-${DOMAIN}.png" \
--mode 0644 \
--state "$(_var_state "${BRANDING_WATERMARK}")" \
--source "${BRANDING_WATERMARK}"

2
type/__jitsi_meet_domain/parameter/boolean Normal file
View file

@ -0,0 +1,2 @@
disable-audio-levels
enable-third-party-requests

0
type/__jitsi_meet_domain/parameter/default/branding-index Normal file
View file

0
type/__jitsi_meet_domain/parameter/default/branding-json Normal file
View file

0
type/__jitsi_meet_domain/parameter/default/branding-watermark Normal file
View file

1
type/__jitsi_meet_domain/parameter/default/channel-last-n Normal file
View file

@ -0,0 +1 @@
20

1
type/__jitsi_meet_domain/parameter/default/default-language Normal file
View file

@ -0,0 +1 @@
en

0
type/__jitsi_meet_domain/parameter/default/notice-message Normal file
View file

1
type/__jitsi_meet_domain/parameter/default/start-video-muted Normal file
View file

@ -0,0 +1 @@
10

0
type/__jitsi_meet_domain/parameter/default/turn-server Normal file
View file

0
type/__jitsi_meet_domain/parameter/default/video-constraints Normal file
View file

9
type/__jitsi_meet_domain/parameter/optional Normal file
View file

@ -0,0 +1,9 @@
channel-last-n
default-language
notice-message
start-video-muted
turn-server
video-constraints
branding-json
branding-index
branding-watermark

1
type/__jitsi_meet_domain/parameter/required Normal file
View file

@ -0,0 +1 @@
admin-email

7
type/__runit/explorer/runit-etc Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh -e
runit_etc_dir="/etc/runit"
if [ -d "${runit_etc_dir}" ]; then
echo "YES"
fi

7
type/__runit/explorer/svdir-exists Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh -e
svdir="/var/service"
if [ -d "${svdir}" ]; then
echo "YES"
fi

21
type/__runit/gencode-remote Executable file
View file

@ -0,0 +1,21 @@
#!/bin/sh -e
svdir="/var/service"
svdir_exists="$(cat "${__object}/explorer/svdir-exists")"
runit_etc="$(cat "${__object}/explorer/runit-etc")"
if [ -z "${svdir_exists}" ]; then
echo "mkdir '${svdir}'"
sv_restart="YES"
fi
if [ -z "${runit_etc}" ]; then
echo "cp -R '/usr/local/etc/runit' '/etc/runit'"
sv_restart="YES"
fi
if grep -q "^__key_value/runsvdir_enable" "${__messages_in}"; then
sv_restart="YES"
fi
if [ -n "${sv_restart}" ]; then
echo "service runsvdir restart || service runsvdir start"
fi

46
type/__runit/man.rst Normal file
View file

@ -0,0 +1,46 @@
cdist-type__runit(7)
============================
NAME
----
cdist-type__runit - Install and configure runit
DESCRIPTION
-----------
This is a singleton type.
Install and configure runit, not as an init system, but as a service monitor.
It configures and if necessary starts runsvdir as documented for the
Operating System.
This type currently heavily focuses on FreeBSD, support for other Operating
Systems can be achieved but no effort whatsoever has been put into it.
REQUIRED PARAMETERS
-------------------
None.
EXAMPLES
--------
.. code-block:: sh
__runit
SEE ALSO
--------
:strong:`cdist-type__runit_service`\ (7)
AUTHORS
-------
Evilham <cvs--@--evilham.com>
COPYING
-------
Copyright \(C) 2020 Evilham. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

10
type/__runit/manifest Executable file
View file

@ -0,0 +1,10 @@
#!/bin/sh -e
__package "runit"
__key_value \
--file "/etc/rc.conf" \
--key "runsvdir_enable" \
--delimiter "=" \
--value "yes" \
"runsvdir_enable"

0
type/__runit/singleton Normal file
View file

58
type/__runit_service/man.rst Normal file
View file

@ -0,0 +1,58 @@
cdist-type__runit_service(7)
====================================
NAME
----
cdist-type__runit_service - Create a runit-compatible service dir.
DESCRIPTION
-----------
Create a directory structure compatible with runit-like service management.
Note that sv(8) and runsvdir(8) must be present on the target system, this can
be achieved with e.g. `__runit`.
The `__object_id` will be used as the service name.
REQUIRED PARAMETERS
-------------------
source
File to save as <servicedir>/run. If set to '-', standard input will be used.
BOOLEAN PARAMETERS
------------------
log
Setup logging with `svlogd -tt ./main`.
EXAMPLES
--------
.. code-block:: sh
require="__runit" __runit_service tasksched \
--source - << EOF
#!/bin/sh -e
cd "${HOME}/.local/share/tasksched"
exec ./server.js 2>&1
EOF
SEE ALSO
--------
:strong:`cdist-type__runit`\ (7)
AUTHORS
-------
Evilham <cvs--@--evilham.com>
COPYING
-------
Copyright \(C) 2020 Evilham. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

33
type/__runit_service/manifest Executable file
View file

@ -0,0 +1,33 @@
#!/bin/sh -e
svdir="/var/service"
sv="${__object_id}"
state="present"
run_file="${svdir}/${sv}/run"
source="$(cat "$__object/parameter/source")"
if [ "$source" = "-" ]; then
source="$__object/stdin"
fi
# Create this service's directory
__directory --state "${state}" "${svdir}/${sv}"
export require="__directory${svdir}/${sv}"
if [ -f "${__object}/parameter/log" ]; then
# Setup logger if requested
__directory --parents "${svdir}/${sv}/log/main"
export require="${require} __directory${svdir}/${sv}/log/main"
__file "${svdir}/${sv}/log/run" \
--state "${state}" \
--mode 0755 \
--source "-" <<EOF
#!/bin/sh
exec svlogd -tt ./main
EOF
fi
# Setup run file
__file --state "${state}" --mode 0755 --source "${source}" "${run_file}"

1
type/__runit_service/parameter/boolean Normal file
View file

@ -0,0 +1 @@
log

1
type/__runit_service/parameter/required Normal file
View file

@ -0,0 +1 @@
source