Commit graph

322 commits

Author SHA1 Message Date
80bbbd3aa8
[__jitsi_meet] Adapt jicofo and videobridge memory usage
This enables us to setup smaller jitsi instances that work reliably.

We set 3 threshholds:
- < 3G RAM: use 0.75G max memory
- < 5G RAM: use 1G max memory
- < 8G RAM: use 2G max memory
- >= 8G RAM: use 3G max memory (jitsi's default)

For more information as to why and how this is done, see:
https://gitlab.com/guifi-exo/projectes/-/issues/318
https://github.com/jitsi/jitsi-meet/issues/6589
as investigated back in the day by @pedro

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 14:37:08 +02:00
87cc109bf1
[__jitsi_meet*] Make rooms on different domains not equivalent
This is a backwards-compatible change.

We switch the approach from "treat all domains as if they were the main domain"
to: "each domain has its own prosody settings".

This works perfectly fine, even with secured domains.

There is a caveat with secured domains, in that they use the main domain to log
in; this means that users are shared across all domains (as they were before
this commit).

This is due to jicofo refusing to start meetings from a domain that is not
configured, and it only accepting one domain.

Right now, this is acceptable, however we could want to authenticate against
e.g. different LDAP / IMAP servers in the future, so this would need addressing
at that stage.

Probably the best way to solve it is by patching jicofo, so it accepts starting
conferences from multiple domains and getting that patch upstream.

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 13:20:30 +02:00
a12b343660
[__jitsi_meet_domain] Add analytics settings parameter
with this, admins can take advantage of e.g. matomo to have some usage
statistics.

The parameter defaults to `disabled: true`, which is the most privacy-friendly!

Sponsored by:   camilion.eu
2022-04-21 13:13:12 +02:00
29cafd4f9a
[__jitsi_meet_domain] Simplify logic for secured domains 2022-04-16 13:22:16 +02:00
fa37ede84f
[__jitsi_meet] Unconfuse jitsi-version and secured domains
Closes #14 by committing to keeping the package up to date as promptly as
possible; else weird  things happen and there are no real good solutions for
this.  E.g. we have seen in the past that due to security issues, a jitsi
dependency  needs to be upgraded, but some package that jitsi-meet depends upon
also has an upper limit on that package's version.

A note was added to the manpage in order make it explicit that maintenance of
this type can be sponsored to ensure its proper functioning.

Closes #15 by using `__file`. This will also allow us to have more control over
jicofo's settings, which might be important when we start doing recordings.

Sponsored by:	lafede.cat
2022-04-10 19:45:08 +02:00
af04f7464b
[__nginx_vhost]: follow Alpine vhost default directory change.
Since nginx package version v1.10.1-r3, Alpine packagers have changed
the default vhost directory from conf.d to http.d [0]. This reflects
this change.

[0]: alpine package commit 383ba9c0a200ed1f4b11d7db74207526ad90bbe3
2022-03-14 16:15:58 +01:00
a6f6a7fba8
[__jitsi_meet]: Fix deprecated usage of __debconf_set_selections.
Replace the --file parameter with the --line parameter, as recommended
since cdist 6.9.6.
2022-03-14 15:30:11 +01:00
a1b3a034c7
[__jitsi_meet_domain] Support the --state parameter
This enables removing domains in a simple fashion.

Closes #3.
2022-03-10 21:28:28 +01:00
ac99cd8d84
[__jitsi_meet_domain] Update to 2.0.7001-1
Obsoletes #13
2022-03-10 21:23:45 +01:00
ac03f05766 [__jitsi_meet] Fix bug with secured domains
This is a leftover from when we were using __line instead of __block.

Closes #15

Reported by:  @pedro
2022-03-10 21:20:52 +01:00
ecd10de2d3
[__opendkim*] FreeBSD support and minor fixes
While adding FreeBSD support to the type I noticed various issues:

- We were making sure that the KeyTable and SigningTable were created in
  __opendkim_genkey, but that was being done with the default cdist permissions
  (0400) which could result in issues when reloading the service after privilege
  drop.
  This is addressed by checking that it exists/creating it in __opendkim (just
  once, not once per __opendkim_genkey call) with laxer permissions (0444).
- In __opendkim, the service was being started after the config file was
  installed. This is insufficient as OpenDKIM will refuse to start with the
  generated config if either SigningTable or KeyTable do not exist yet.
- __opendkim_genkey had the implicit assumption that the --directory parameter
  always ended in a slash. This was not documented and error-prone; we are now
  a bit laxer and add the trailing slash if it is missing.
- __opendkim_genkey was not changing permissions for the resulting .txt file.
  This was not critical for it to function, but it was inconsistent.
- As documented in #17, __opendkim allows for a --userid parameter that might
  cause issues with keys generated by __opendkim_genkey.
  This issue has not been addressed yet, but I recommend deprecating the
  --userid parameter.
2022-03-10 20:08:51 +01:00
422b97bc1b
[systemd_resolved]: make singleton. 2022-02-28 16:18:51 +01:00
f6d0cbbeb7
__systemd_resolved: initial implementation. 2022-02-28 16:18:49 +01:00
9a779aafa3
__matrix_synapse: add --disable-{displayname,3pid}-changes flag 2022-02-08 13:45:29 +01:00
727fbd55fb
[bird_radv] Add option to include MTU in RAs. 2022-02-07 13:46:08 +01:00
6310db7301
[bird_bgp]: minor cleanup. 2022-02-07 13:33:57 +01:00
3f52e758fc
__systemd-network: initial implementation. 2022-02-02 14:09:16 +01:00
4fdba43dd6
[__matrix_synapse]: typos in manpage. 2022-02-02 11:49:50 +01:00
c32a1836aa
__matrix_synapse: add --sso-template-dir parameter 2022-01-24 11:23:38 +01:00
287d8df9bd
__matrix_synapse: set message min lifetime (although currently ignored
by synapse)
2022-01-24 08:56:12 +01:00
723d7ed250
__matrix_element: add more branding parameters 2022-01-16 14:14:42 +01:00
974e42e20e
__matrix_synapse: add --saml2-mapping-provider-extra-settings flag 2022-01-16 12:41:37 +01:00
c198a74a34
__matrix_element: add --identity_server_url flag 2022-01-12 16:22:41 +01:00
35e1477521
__matrix_synapse: fix ignored --enable-3pid-lookups flag 2022-01-12 16:22:41 +01:00
b2c1fee672
__matrix_synapse: add --saml2-mapping-provider-module flag 2022-01-12 16:22:41 +01:00
eecb2b4629
__bird_ospf: ass -extra-area-configuration parameter 2022-01-11 16:12:45 +01:00
023206d3d9
borg-repo: add ubuntu as supported OS. 2022-01-11 09:24:43 +01:00
c466733111
__matrix_synapse: add --enable-3pid-lookups flag, normalize indentation 2022-01-07 11:42:13 +01:00
afe76af679
__matterbridge: add support for ubuntu, fix configuration via STDIN 2021-12-23 12:30:58 +01:00
35e299a5d1
__matrix_synapse: add --saml2-sp-key and --saml2-sp-cert flags 2021-12-23 10:46:21 +01:00
e052178122 [__jitsi*] Update to 2.0.6726
Sponsored by: plataformess.org
2021-12-22 20:05:37 +01:00
a38275f6d7
__uacme*, __nginx: allow external ACME provider, EAB authentication 2021-12-14 12:37:18 +01:00
698525fcd2
__matrix_synapse: add saml2-idp-medatada-url flag to manpage 2021-12-06 08:41:13 +01:00
7b27eb5445
__matrix_synapse: add --default-identity-server flag 2021-12-02 13:07:06 +01:00
96beae4c2f
__matrix_synapse:add --smal2-idp-metadata-uri flag 2021-12-02 11:38:26 +01:00
d872f1d4f0
__matrix_synapse: add --turn-username and --turn-password flags 2021-12-01 15:55:34 +01:00
08e81d1e97
__matrix_synapse: fixe ignored registration-shared-secret parameter 2021-12-01 08:32:37 +01:00
25406ea3a0
__matrix_synapse: add support for Ubuntu 2021-11-30 13:32:03 +01:00
fc6764be44
__matrix_synapse_worker: change synapse call to fit matrix.org packaging 2021-11-16 15:13:16 +01:00
18f02e24aa
__matrix_synapse: use upstream matrix.org APT repository on debian 2021-11-16 14:16:37 +01:00
2038244ec4 [__runit*] Add support for Debian/Devuan
Apparently these types were only supporting FreeBSD, this brings in support for
Debian and Devuan by taking advantage of
https://packages.debian.org/bullseye/runit-run
2021-10-30 10:40:01 +02:00
30c72c1033 [__jitsi_meet] Fix shellchek of unused variable 2021-10-01 12:00:50 +02:00
affd398cff [__jitsi*] Update to 2.0.6293 2021-10-01 11:51:50 +02:00
c64997d8fb
__bird_ospf: add stubnets option
This commit adds the ability for the bird OSPF type to use stubnets.
2021-09-15 17:00:33 +02:00
58ac59edb2 Merge branch 'nginx' into 'master'
nginx types

See merge request ungleich-public/cdist-contrib!40
2021-07-06 16:56:29 +02:00
735a1dddca
__nginx: add minimal usage example 2021-07-06 16:43:52 +02:00
653c85e948
__nginx_vhost: complete truncated sentence in manpage 2021-07-06 16:43:16 +02:00
55d832851d
Add __networktime type. 2021-07-06 14:44:07 +02:00
f116272f92
__nginx_vhost: drop mention of unsupported FreeBSD from manpage 2021-06-23 10:47:21 +02:00
502cb54ce2
__nginx_vhost: make configuration reload more robust 2021-06-23 10:46:10 +02:00