WIP

2022-05-05 00:25:27 +02:00 · 2022-05-05 00:25:27 +02:00 · 81ffe69e57
commit 81ffe69e57
parent 1791d35f84
7 changed files with 194 additions and 1 deletions
--- a/type/__jitsi_meet/files/jibri.cfg.lua.sh
+++ b/type/__jitsi_meet/files/jibri.cfg.lua.sh
@ -0,0 +1,14 @@
+#!/bin/sh -eu
+
+# Source:
+# https://github.com/jitsi/jibri#prosody
+
+# shellcheck disable=SC2034  # This is intended to be included
+JIBRI_CONFIG="$(cat <<END
+VirtualHost "recorder.${JITSI_DOMAIN:?}"
+  modules_enabled = {
+    "ping";
+  }
+  authentication = "internal_plain"
+END
+)"
--- a/type/__jitsi_meet/files/jibri.conf.sh
+++ b/type/__jitsi_meet/files/jibri.conf.sh
@ -0,0 +1,134 @@
+#!/bin/sh -eu
+
+# Start
+cat <<EOF
+# Managed remotely, changes will be lost
+
+# thanks
+#   https://community.jitsi.org/t/jibri-service-fails/85272/4
+#   https://github.com/emrahcom/emrah-buster-templates/blob/master/machines/eb-jibri-template/etc/jitsi/jibri/jibri.conf
+
+jibri {
+  // A unique identifier for this Jibri
+  // TODO: eventually this will be required with no default
+  id = ""
+  // Whether or not Jibri should return to idle state after handling
+  // (successfully or unsuccessfully) a request.  A value of 'true'
+  // here means that a Jibri will NOT return back to the IDLE state
+  // and will need to be restarted in order to be used again.
+  single-use-mode = false
+  api {
+    http {
+      external-api-port = 2222
+      internal-api-port = 3333
+    }
+    xmpp {
+      // See example_xmpp_envs.conf for an example of what is expected here
+      environments = [{
+        name = "jibri-env"
+        xmpp-server-hosts = ["${JIBRI_HOST:?}"]
+        xmpp-domain = "${JIBRI_HOST:?}"
+
+        control-muc {
+          domain = "internal.auth.${JIBRI_HOST:?}"
+          room-name = "JibriBrewery"
+          nickname = "jibri-nickname"
+        }
+
+        control-login {
+          domain = "auth.${JIBRI_HOST:?}"
+          username = "jibri"
+          password = "${JIBRI_AUTH_PASS:?}"
+        }
+
+        call-login {
+          domain = "recorder.${JIBRI_HOST:?}"
+          username = "recorder"
+          password = "${JIBRI_RECORDER_PASS:?}"
+        }
+
+        strip-from-room-domain = "conference."
+        usage-timeout = 0
+        trust-all-xmpp-certs = true
+      }]
+    }
+  }
+  recording {
+    recordings-directory = "/tmp/recordings"
+    # TODO: make this an optional param and remove the default
+    finalize-script = "/opt/finalize_recording.sh"
+  }
+  streaming {
+    // A list of regex patterns for allowed RTMP URLs.  The RTMP URL used
+    // when starting a stream must match at least one of the patterns in
+    // this list.
+    rtmp-allow-list = [
+      // By default, all services are allowed
+      ".*"
+    ]
+  }
+  sip {
+    // The routing rule for the outbound scenario in VoxImplant is based on this prefix
+    outbound-prefix = "out_"
+  }
+  ffmpeg {
+    resolution = "1920x1080"
+    // The audio source that will be used to capture audio on Linux
+    audio-source = "alsa"
+    // The audio device that will be used to capture audio on Linux
+    audio-device = "plug:bsnoop"
+  }
+  chrome {
+    // The flags which will be passed to chromium when launching
+    flags = [
+      "--use-fake-ui-for-media-stream",
+      "--start-maximized",
+      "--kiosk",
+      "--enabled",
+      "--autoplay-policy=no-user-gesture-required"
+    ]
+  }
+  stats {
+    enable-stats-d = true
+  }
+  webhook {
+    // A list of subscribers interested in receiving webhook events
+    subscribers = []
+  }
+  jwt-info {
+    // The path to a .pem file which will be used to sign JWT tokens used in webhook
+    // requests.  If not set, no JWT will be added to webhook requests.
+    # signing-key-path = "/path/to/key.pem"
+
+    // The kid to use as part of the JWT
+    # kid = "key-id"
+
+    // The issuer of the JWT
+    # issuer = "issuer"
+
+    // The audience of the JWT
+    # audience = "audience"
+
+    // The TTL of each generated JWT.  Can't be less than 10 minutes.
+    # ttl = 1 hour
+  }
+  call-status-checks {
+    // If not all clients have their audio and video muted, but Jibri does not
+    // detect any data stream (audio or video) comming in, it will stop
+    // recording after NO_MEDIA_TIMEOUT expires.
+    no-media-timeout = 3 minutes
+
+    // If all clients have their audio and video muted, Jibri consideres this
+    // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
+    all-muted-timeout = 10 minutes
+
+    // When detecting if a call is empty, Jibri takes into consideration for how
+    // long the call has been empty already. If it has been empty for more than
+    // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
+    default-call-empty-timeout = 30 seconds
+
+    // If ICE hasn't completed, or stays in a state other than "connected" for this amount of time, Jibri will stop.
+    ice-connection-timeout = 30 seconds
+  }
+}
+EOF
--- a/type/__jitsi_meet/files/jicofo.conf.sh
+++ b/type/__jitsi_meet/files/jicofo.conf.sh
@ -28,6 +28,18 @@ cat <<EOF
    login-url: ${JITSI_HOST:?}
  }
 EOF
+
+# Jibri if needed
+if [ "${JIBRI_STATE:?}" = "present" ]; then
+cat <<EOF
+
+  jibri: {
+    // The JID of the MUC to be used as a brewery for jibri instances for streaming.
+    brewery-jid: "JibriBrewery@internal.auth.${JITSI_HOST:?}",
+    // How long to wait for Jibri to start recording from the time it accepts a START request.
+    pending-timeout: 90
+  }
+EOF
 fi

 # End
--- a/type/__jitsi_meet/manifest
+++ b/type/__jitsi_meet/manifest
@ -179,6 +179,15 @@ else
  SECURED_DOMAINS_STATE='absent'
 fi

+if [ -f "${__object}/parameter/jibri" ]; then
+  JIBRI_STATE='present'
+else
+  JIBRI_STATE='absent'
+fi
+
+export JIBRI_STATE
+. manifest_jibri
+
 # This is the main host config
 PROSODY_MAIN_CONFIG="YES"
 # Prosody settings for common components (jvb, focus, ...)
--- a/type/__jitsi_meet/manifest_jibri
+++ b/type/__jitsi_meet/manifest_jibri
@ -0,0 +1,19 @@
+#!/bin/sh -e
+
+# shellcheck source=type/__jitsi_meet/files/prosody.cfg.lua.sh
+. "${__type}/files/jibri.cfg.lua.sh"  # This defines JIBRI_CONFIG
+__file "/etc/prosody/conf.d/01_jibri.cfg.lua" \
+	--group prosody \
+	--mode 0440 \
+	--source - <<EOF
+${JIBRI_CONFIG}
+EOF
+
+# TODO/WARNING cleartext passwords
+JIBRI_AUTH_PASS='jibriauthpass'
+JIBRI_RECORDER_PASS='jibrirecorderpass'
+__jitsi_meet_user "jibri" --password "${JIBRI_AUTH_PASS}" --domain "auth.${JITSI_HOST}" --state "present"
+__jitsi_meet_user "recorder" --password "${JIBRI_RECORDER_PASS}" --domain "recorder.${JITSI_HOST}" --state "present"
+
+"${__type}/files/jibri.conf.sh" | \
+	__file /etc/jitsi/jibri/jibri.conf --mode 0444 --source '-'
--- a/type/__jitsi_meet/parameter/boolean
+++ b/type/__jitsi_meet/parameter/boolean
@ -1,2 +1,3 @@
 disable-prometheus-exporter
 secured-domains
+jibri
--- a/type/__jitsi_meet_user/manifest
+++ b/type/__jitsi_meet_user/manifest
@ -5,6 +5,7 @@ basic_urlencode() {
 }

 PASSWD="$(cat "${__object}/parameter/password" 2>/dev/null || true)"
+DOMAIN="$(cat "${__object}/parameter/domain" 2>/dev/null || true)"
 STATE="$(cat "${__object}/parameter/state")"

 if [ -z "${PASSWD}" ] && [ "${STATE}" != "absent" ]; then
@ -23,7 +24,10 @@ EOF
 fi

 JITSI_USER="$(basic_urlencode "${JITSI_USER_RAW}")"
-FQDN="$(basic_urlencode "${__target_host}")"
+if [ -z "${DOMAIN}" ]; then
+	DOMAIN="${__target_host}"
+fi
+FQDN="$(basic_urlencode "${DOMAIN}")"
 FQDN_PATH="/var/lib/prosody/${FQDN}/accounts"
 FILENAME="${FQDN_PATH}/${JITSI_USER}.dat"