diff --git a/type/__bird_ospf/man.rst b/type/__bird_ospf/man.rst index f3f4c9a..66c2e4a 100644 --- a/type/__bird_ospf/man.rst +++ b/type/__bird_ospf/man.rst @@ -24,12 +24,6 @@ import export The keyword or filter to decide what to export in the above channel. - -REQUIRED MULTIPLE PARAMETERS ----------------------------- -interface - An interface to include in OSPF area 0. - OPTIONAL PARAMETERS ------------------- description @@ -39,12 +33,19 @@ instance-id An OSPF instance ID, allowing several OSPF instances to run on the same links. +extra-area-configuration + Configuration string added to the `area` section of the OSPF configuration. + OPTIONAL MULTIPLE PARAMETERS ---------------------------- stubnet Add an optionless stubnet definition to the configuration. +interface + An interface to include in OSPF area 0. Is required unless + extra-area-configuration is set. + SEE ALSO -------- cdist-type__bird_core(7) diff --git a/type/__bird_ospf/manifest b/type/__bird_ospf/manifest index 211e91d..68d9c16 100755 --- a/type/__bird_ospf/manifest +++ b/type/__bird_ospf/manifest @@ -44,6 +44,21 @@ then instance_id="$(cat "${__object:?}/parameter/instance-id")" fi +extra_area_configuration= +if [ -f "${__object:?}/parameter/extra-area-configuration" ]; +then + extra_area_configuration="$(cat "${__object:?}/parameter/extra-area-configuration")" + + if [ "$extra_area_configuration" = "-" ]; then + extra_area_configuration=$(cat "$__object/stdin") + fi +fi + +if [ ! -f "${__object:?}/parameter/interface" ] && [ -z "$extra_area_configuration" ]; then + echo "Either --interface or --extra-area-configuration must be set." >&2 + exit 1 +fi + __file "${confdir:?}/ospf-${__object_id:?}.conf" \ --mode 0640 --owner root --group bird \ --source - << EOF @@ -59,6 +74,8 @@ $([ -n "${instance_id?}" ] && printf "\tinstance id %s;\n" "${instance_id?}") area 0 { $(sed -e 's/^/\t\tinterface "/' -e 's/$/";/' "${__object:?}/parameter/interface") $(sed -e 's/^/\t\tsubnet /' -e 's/$/;/' "${__object:?}/parameter/subnet") + + $extra_area_configuration }; } EOF diff --git a/type/__bird_ospf/parameter/optional b/type/__bird_ospf/parameter/optional index cf6dd53..880f228 100644 --- a/type/__bird_ospf/parameter/optional +++ b/type/__bird_ospf/parameter/optional @@ -1,2 +1,3 @@ description instance-id +extra-area-configuration diff --git a/type/__bird_ospf/parameter/optional_multiple b/type/__bird_ospf/parameter/optional_multiple index ed3f25a..8e5902d 100644 --- a/type/__bird_ospf/parameter/optional_multiple +++ b/type/__bird_ospf/parameter/optional_multiple @@ -1 +1,2 @@ stubnet +interface diff --git a/type/__bird_ospf/parameter/required_multiple b/type/__bird_ospf/parameter/required_multiple deleted file mode 100644 index b529896..0000000 --- a/type/__bird_ospf/parameter/required_multiple +++ /dev/null @@ -1 +0,0 @@ -interface diff --git a/type/__borg_repo/manifest b/type/__borg_repo/manifest index 968066d..4e4d35e 100644 --- a/type/__borg_repo/manifest +++ b/type/__borg_repo/manifest @@ -3,7 +3,7 @@ os="$(cat "${__global:?}"/explorer/os)" case "$os" in - "alpine") + "alpine"|"ubuntu") borg_package=borgbackup ;; *) @@ -17,3 +17,4 @@ if [ -f "${__object:?}/parameter/owner" ]; then __package sudo fi + diff --git a/type/__jitsi_meet/manifest b/type/__jitsi_meet/manifest index 1cae2be..0364db6 100755 --- a/type/__jitsi_meet/manifest +++ b/type/__jitsi_meet/manifest @@ -125,7 +125,10 @@ require="__directory${NGINX_ETC}/sites-available" __file "${NGINX_ETC}/sites-ava server_names_hash_bucket_size 64; -# nginx server configuration for: +types { +# nginx's default mime.types doesn't include a mapping for wasm + application/wasm wasm; +} server { diff --git a/type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh b/type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh new file mode 100755 index 0000000..295bdf0 --- /dev/null +++ b/type/__jitsi_meet_domain/files/_update_jitsi_configurations.sh @@ -0,0 +1,30 @@ +#!/bin/sh -eu + +# This is a helper to update the '.sh.orig' files for jitsi's +# configuration files. +# Then the changes must be propagated to their corresponding .sh +# files by the type maintainer or a contributor + +# We could automate this, but are using it as an indicator for the +# latest branch with which we conciliated changes. +BRANCH="jitsi-meet_6726" +REPO="https://github.com/jitsi/jitsi-meet" + +get_url() { + file="${1}" + printf "%s/raw/stable/%s/%s" "${REPO}" "${BRANCH}" "${file}" + +} + +download_file() { + file="${1}" + destination="${2:-${file}.sh.orig}" + url="$(get_url "${file}")" + echo "Downloading ${destination}" + curl -L "${url}" > "${destination}" + echo +} + +download_file config.js +download_file interface_config.js +download_file doc/debian/jitsi-meet/jitsi-meet.example nginx.sh.orig diff --git a/type/__jitsi_meet_domain/files/config.js.sh b/type/__jitsi_meet_domain/files/config.js.sh index f825761..4532ba6 100644 --- a/type/__jitsi_meet_domain/files/config.js.sh +++ b/type/__jitsi_meet_domain/files/config.js.sh @@ -39,9 +39,6 @@ fi // Websocket URL // websocket: 'wss://${JITSI_HOST}/xmpp-websocket', - // The name of client node advertised in XEP-0115 'c' stanza - clientNode: 'http://jitsi.org/jitsimeet', - // The real JID of focus participant - can be overridden here // Do not change username - FIXME: Make focus username configurable // https://github.com/jitsi/jitsi-meet/issues/7376 @@ -56,9 +53,16 @@ fi // issues related to insertable streams. // disableE2EE: false, + // Enables/disables thumbnail reordering in the filmstrip. It is enabled by default unless explicitly + // disabled by the below option. + // enableThumbnailReordering: true, + + // Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users. + // mobileXmppWsThreshold: 10 // enable XMPP WebSockets on mobile for 10% of the users + // P2P test mode disables automatic switching to P2P when there are 2 // participants in the conference. - p2pTestMode: false + // p2pTestMode: false, // Enables the test specific features consumed by jitsi-meet-torture // testMode: false @@ -71,8 +75,10 @@ fi // simulcast is turned off for the desktop share. If presenter is turned // on while screensharing is in progress, the max bitrate is automatically // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines - // the probability for this to be enabled. - // capScreenshareBitrate: 1 // 0 to disable + // the probability for this to be enabled. This setting has been deprecated. + // desktopSharingFrameRate.max now determines whether simulcast will be enabled + // or disabled for the screenshare. + // capScreenshareBitrate: 1 // 0 to disable - deprecated. // Enable callstats only for a percentage of users. // This takes a value between 0 and 100 which determines the probability for @@ -80,6 +86,18 @@ fi // callStatsThreshold: 5 // enable callstats for 5% of the users. }, + // Disables moderator indicators. + // disableModeratorIndicator: false, + + // Disables the reactions feature. + // disableReactions: true, + + // Disables polls feature. + // disablePolls: false, + + // Disables self-view tile. (hides it from tile view and from filmstrip) + // disableSelfView: false, + // Disables ICE/UDP by filtering out local and remote UDP candidates in // signalling. // webrtcIceUdpDisable: false, @@ -92,6 +110,9 @@ fi // Media // + // Enable unified plan implementation support on Chromium based browsers. + // enableUnifiedOnChrome: false, + // Audio // Disable measuring of audio levels. @@ -108,6 +129,10 @@ fi // about the call. // enableSaveLogs: false, + // Enabling this will hide the "Show More" link in the GSM popover that can be + // used to display more statistics about the connection (IP, Port, protocol, etc). + // disableShowMoreStats: true, + // Enabling this will run the lib-jitsi-meet noise detection module which will // notify the user if there is noise, other than voice, coming from the current // selected microphone. The purpose it to let the user know that the input could @@ -129,19 +154,34 @@ fi // participants and to enable it back a reload is needed. // startSilent: false - // Sets the preferred target bitrate for the Opus audio codec by setting its - // 'maxaveragebitrate' parameter. Currently not available in p2p mode. - // Valid values are in the range 6000 to 510000 - // opusMaxAverageBitrate: 20000, - // Enables support for opus-red (redundancy for Opus). // enableOpusRed: false, + // Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio. + // Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC. + // audioQuality: { + // stereo: false, + // opusMaxAverageBitrate: null // Value to fit the 6000 to 510000 range. + // }, + // Video // Sets the preferred resolution (height) for local video. Defaults to 720. // resolution: 720, + // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not + // disableRemoveRaisedHandOnFocus: false, + + // Specifies whether there will be a search field in speaker stats or not + // disableSpeakerStatsSearch: false, + + // Specifies whether participants in speaker stats should be ordered or not, and with what priority + // speakerStatsOrder: [ + // 'role', <- Moderators on top + // 'name', <- Alphabetically by name + // 'hasLeft', <- The ones that have left in the bottom + // ] <- the order of the array elements determines priority + // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. // Use -1 to disable. // maxFullResolutionParticipants: 2, @@ -165,9 +205,10 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Enable / disable simulcast support. // disableSimulcast: false, - // Enable / disable layer suspension. If enabled, endpoints whose HD - // layers are not in use will be suspended (no longer sent) until they - // are requested again. + // Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended + // (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen + // sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent + // by the client. // enableLayerSuspension: false, // Every participant after the Nth will start video muted. @@ -229,6 +270,18 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // subtitles and buttons can be configured) // transcribingEnabled: false, + // If true transcriber will use the application language. + // The application language is either explicitly set by participants in their settings or automatically + // detected based on the environment, e.g. if the app is opened in a chrome instance which is using french as its + // default language then transcriptions for that participant will be in french. + // Defaults to true. + // transcribeWithAppLanguage: true, + + // Transcriber language. This settings will only work if "transcribeWithAppLanguage" is explicitly set to false. + // Available languages can be found in + // ./src/react/features/transcribing/transcriber-langs.json. + // preferredTranscribeLanguage: 'en-US', + // Enables automatic turning on captions when recording is started // autoCaptionOnRecord: false, @@ -237,6 +290,20 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Default value for the channel "last N" attribute. -1 for unlimited. channelLastN: ${CHANNEL_LAST_N}, + // Connection indicators + // connectionIndicators: { + // autoHide: true, + // autoHideTimeout: 5000, + // disabled: false, + // disableDetails: false, + // inactiveDisabled: false + // }, + + // Provides a way for the lastN value to be controlled through the UI. + // When startLastN is present, conference starts with a last-n value of startLastN and channelLastN + // value will be used when the quality level is selected using "Manage Video Quality" slider. + // startLastN: 1, + // Provides a way to use different "last N" values based on the number of participants in the conference. // The keys in an Object represent number of participants and the values are "last N" to be used when number of // participants gets to or above the number. @@ -274,12 +341,24 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // // to take effect. // preferredCodec: 'VP8', // + // // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints + // // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet. + // // This will result in Safari not being able to decode video from endpoints sending VP9 video. + // // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the + // // preferred codec and goes back to the preferred codec when that endpoint leaves. + // // enforcePreferredCodec: false, + // // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on // // the available bandwidth calculated by the browser, but it will be capped by the values specified here. // // This is currently not implemented on app based clients on mobile. // maxBitratesVideo: { + // H264: { + // low: 200000, + // standard: 500000, + // high: 1500000 + // }, // VP8 : { // low: 200000, // standard: 500000, @@ -288,7 +367,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // VP9: { // low: 100000, // standard: 300000, - // high: 1200000 + // high: 1200000 // } // }, // @@ -312,6 +391,13 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // resizeDesktopForPresenter: false // }, + // Notification timeouts + // notificationTimeouts: { + // short: 2500, + // medium: 5000, + // long: 10000 + // }, + // // Options for the recording limit notification. // recordingLimit: { // @@ -330,6 +416,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Disables or enables RTX (RFC 4588) (defaults to false). // disableRtx: false, + // Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event. + // disableBeforeUnloadHandlers: true, + // Disables or enables TCC support in this client (default: enabled). // enableTcc: true, @@ -345,8 +434,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // enableIceRestart: false, // Enables forced reload of the client when the call is migrated as a result of - // the bridge going down. Currently enabled by default as call migration through - // session-terminate is causing siganling issues when Octo is enabled. + // the bridge going down. // enableForcedReload: true, // Use TURN/UDP servers for the jitsi-videobridge connection (by default @@ -354,6 +442,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // bridge itself is reachable via UDP) // useTurnUdp: false + // Enable support for encoded transform in supported browsers. This allows + // E2EE to work in Safari if the corresponding flag is enabled in the browser. + // Experimental. + // enableEncodedTransformSupport: false, + // UI // @@ -363,6 +456,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Hides lobby button // hideLobbyButton: false, + // If Lobby is enabled starts knocking automatically. + // autoKnockLobby: false, + + // Hides add breakout room button + // hideAddRoomButton: false, + // Require users to always specify a display name. // requireDisplayName: true, @@ -382,7 +481,15 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // enableClosePage: false, // Disable hiding of remote thumbnails when in a 1-on-1 conference call. - // disable1On1Mode: false, + // Setting this to null, will also disable showing the remote videos + // when the toolbar is shown on mouse movements + // disable1On1Mode: null | false | true, + + // Default local name to be displayed + // defaultLocalDisplayName: 'me', + + // Default remote name to be displayed + // defaultRemoteDisplayName: 'Fellow Jitster', // Default language for the user interface. defaultLanguage: '${DEFAULT_LANGUAGE}', @@ -405,8 +512,18 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // and microsoftApiApplicationClientID // enableCalendarIntegration: false, - // When 'true', it shows an intermediate page before joining, where the user can configure their devices. - // prejoinPageEnabled: false, + // Configs for prejoin page. + // prejoinConfig: { + // // When 'true', it shows an intermediate page before joining, where the user can configure their devices. + // // This replaces \`prejoinPageEnabled\`. + // enabled: true, + // // List of buttons to hide from the extra join options dropdown. + // hideExtraJoinButtons: ['no-audio', 'by-phone'] + // }, + + // When 'true', the user cannot edit the display name. + // (Mainly useful when used in conjuction with the JWT so the JWT name becomes read only.) + // readOnlyName: false, // If etherpad integration is enabled, setting this to true will // automatically open the etherpad when a participant joins. This @@ -427,6 +544,10 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Base URL for a Gravatar-compatible service. Defaults to libravatar. // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', + // App name to be displayed in the invitation email subject, as an alternative to + // interfaceConfig.APP_NAME. + // inviteAppName: null, + // Moved from interfaceConfig(TOOLBAR_BUTTONS). // The name of the toolbar buttons to display in the toolbar, including the // "More actions" menu. If present, the button will display. Exceptions are @@ -439,13 +560,94 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // - 'desktop' controls the "Share your screen" button // - if \`toolbarButtons\` is undefined, we fallback to enabling all buttons on the UI // toolbarButtons: [ - // 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen', - // 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording', - // 'livestreaming', 'etherpad', 'sharedvideo', 'shareaudio', 'settings', 'raisehand', - // 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', - // 'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security' + // 'camera', + // 'chat', + // 'closedcaptions', + // 'desktop', + // 'download', + // 'embedmeeting', + // 'etherpad', + // 'feedback', + // 'filmstrip', + // 'fullscreen', + // 'hangup', + // 'help', + // 'invite', + // 'livestreaming', + // 'microphone', + // 'mute-everyone', + // 'mute-video-everyone', + // 'participants-pane', + // 'profile', + // 'raisehand', + // 'recording', + // 'security', + // 'select-background', + // 'settings', + // 'shareaudio', + // 'sharedvideo', + // 'shortcuts', + // 'stats', + // 'tileview', + // 'toggle-camera', + // 'videoquality', + // '__end' // ], + // Holds values related to toolbar visibility control. + // toolbarConfig: { + // // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT + // // The initial numer of miliseconds for the toolbar buttons to be visible on screen. + // initialTimeout: 20000, + // // Moved from interfaceConfig.TOOLBAR_TIMEOUT + // // Number of miliseconds for the toolbar buttons to be visible on screen. + // timeout: 4000, + // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE + // // Whether toolbar should be always visible or should hide after x miliseconds. + // alwaysVisible: false + // }, + + // Toolbar buttons which have their click event exposed through the API on + // \`toolbarButtonClicked\` event instead of executing the normal click routine. + // buttonsWithNotifyClick: [ + // 'camera', + // 'chat', + // 'closedcaptions', + // 'desktop', + // 'download', + // 'embedmeeting', + // 'etherpad', + // 'feedback', + // 'filmstrip', + // 'fullscreen', + // 'hangup', + // 'help', + // 'invite', + // 'livestreaming', + // 'microphone', + // 'mute-everyone', + // 'mute-video-everyone', + // 'participants-pane', + // 'profile', + // 'raisehand', + // 'recording', + // 'security', + // 'select-background', + // 'settings', + // 'shareaudio', + // 'sharedvideo', + // 'shortcuts', + // 'stats', + // 'tileview', + // 'toggle-camera', + // 'videoquality', + // '__end' + // ], + + // List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons: + // 'microphone', 'camera', 'select-background', 'invite', 'settings' + // hiddenPremeetingButtons: [], + // Stats // @@ -463,12 +665,37 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // callStatsID: '', // callStatsSecret: '', + // The callstats initialize config params as described in the API: + // https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret + // callStatsConfigParams: { + // disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter. + // applicationVersion: "app_version", // Application version specified by the developer. + // disablePrecalltest: true, // disables the pre-call test, it is enabled by default. + // siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made. + // additionalIDs: { // additionalIDs object, contains application related IDs. + // customerID: "Customer Identifier. Example, walmart.", + // tenantID: "Tenant Identifier. Example, monster.", + // productName: "Product Name. Example, Jitsi.", + // meetingsName: "Meeting Name. Example, Jitsi loves callstats.", + // serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.", + // pbxID: "PBX Identifier. Example, walmart.", + // pbxExtensionID: "PBX Extension Identifier. Example, 5625.", + // fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.", + // sessionID: "Session Identifier. Example, session-12-34" + // }, + // collectLegacyStats: true, //enables the collection of legacy stats in chrome browser + // collectIP: true //enables the collection localIP address + // }, + // Enables sending participants' display names to callstats // enableDisplayNameInStats: false, // Enables sending participants' emails (if available) to callstats and other analytics // enableEmailInStats: false, + // Enables detecting faces of participants and get their expression and send it to other participants + // enableFacialRecognition: true, + // Controls the percentage of automatic feedback shown to participants when callstats is enabled. // The default value is 100%. If set to 0, no automatic feedback will be requested // feedbackPercentage: 100, @@ -494,11 +721,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // connection. enabled: true, - // The STUN servers that will be used in the peer to peer connections - stunServers: [ - - { urls: 'stun:${TURN_SERVER}:443' } - ] + // Enable unified plan implementation support on Chromium for p2p connection. + // enableUnifiedOnChrome: false, // Sets the ICE transport policy for the p2p connection. At the time // of this writing the list of possible values are 'all' and 'relay', @@ -525,10 +749,20 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // How long we're going to wait, before going back to P2P after the 3rd // participant has left the conference (to filter out page reload). - // backToP2PDelay: 5 + // backToP2PDelay: 5, + + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + // { urls: 'stun:jitsi-meet.example.com:3478' }, + { urls: 'stun:${TURN_SERVER}:443' } + ] }, analytics: { + // True if the analytics should be disabled + // disabled: false, + // The Google Analytics Tracking ID: // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' @@ -544,7 +778,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // module connects to the provided rtcstatsEndpoint and sends statistics regarding // PeerConnection states along with getStats metrics polled at the specified // interval. - // rtcstatsEnabled: true, + // rtcstatsEnabled: false, // In order to enable rtcstats one needs to provide a endpoint url. // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, @@ -572,13 +806,43 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // userRegion: "asia" }, + // Array of disabled sounds. + // Possible values: + // - 'ASKED_TO_UNMUTE_SOUND' + // - 'E2EE_OFF_SOUND' + // - 'E2EE_ON_SOUND' + // - 'INCOMING_MSG_SOUND' + // - 'KNOCKING_PARTICIPANT_SOUND' + // - 'LIVE_STREAMING_OFF_SOUND' + // - 'LIVE_STREAMING_ON_SOUND' + // - 'NO_AUDIO_SIGNAL_SOUND' + // - 'NOISY_AUDIO_INPUT_SOUND' + // - 'OUTGOING_CALL_EXPIRED_SOUND' + // - 'OUTGOING_CALL_REJECTED_SOUND' + // - 'OUTGOING_CALL_RINGING_SOUND' + // - 'OUTGOING_CALL_START_SOUND' + // - 'PARTICIPANT_JOINED_SOUND' + // - 'PARTICIPANT_LEFT_SOUND' + // - 'RAISE_HAND_SOUND' + // - 'REACTION_SOUND' + // - 'RECORDING_OFF_SOUND' + // - 'RECORDING_ON_SOUND' + // - 'TALK_WHILE_MUTED_SOUND' + // disabledSounds: [], + + // DEPRECATED! Use \`disabledSounds\` instead. // Decides whether the start/stop recording audio notifications should play on record. // disableRecordAudioNotification: false, + // DEPRECATED! Use \`disabledSounds\` instead. // Disables the sounds that play when other participants join or leave the // conference (if set to true, these sounds will not be played). // disableJoinLeaveSounds: false, + // DEPRECATED! Use \`disabledSounds\` instead. + // Disables the sounds that play when a chat message is received. + // disableIncomingMessageSound: false, + // Information for the chrome extension banner // chromeExtensionBanner: { // // The chrome extension to be installed address @@ -599,8 +863,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // localRecording: { // Enables local recording. // Additionally, 'localrecording' (all lowercase) needs to be added to - // TOOLBAR_BUTTONS in interface_config.js for the Local Recording - // button to show up on the toolbar. + // the \`toolbarButtons\`-array for the Local Recording button to show up + // on the toolbar. // // enabled: true, // @@ -609,6 +873,10 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // format: 'flac' // + // }, + // e2ee: { + // labels, + // externallyManagedKey: false // }, // Options related to end-to-end (participant to participant) ping. @@ -663,7 +931,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Options related to the remote participant menu. // remoteVideoMenu: { // // If set to true the 'Kick out' button will be disabled. - // disableKick: true + // disableKick: true, + // // If set to true the 'Grant moderator' button will be disabled. + // disableGrantModerator: true // }, // If set to true all muting operations of remote participants will be disabled. @@ -675,20 +945,67 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) /** External API url used to receive branding specific information. If there is no url set or there are missing fields, the defaults are applied. + The config file should be in JSON. None of the fields are mandatory and the response must have the shape: - { - // The hex value for the colour used as background - backgroundColor: '#fff', - // The url for the image used as background - backgroundImageUrl: 'https://example.com/background-img.png', - // The anchor url used when clicking the logo image - logoClickUrl: 'https://example-company.org', - // The url used for the image used as logo - logoImageUrl: 'https://example.com/logo-img.png' - } + { + // The domain url to apply (will replace the domain in the sharing conference link/embed section) + inviteDomain: 'example-company.org, + // The hex value for the colour used as background + backgroundColor: '#fff', + // The url for the image used as background + backgroundImageUrl: 'https://example.com/background-img.png', + // The anchor url used when clicking the logo image + logoClickUrl: 'https://example-company.org', + // The url used for the image used as logo + logoImageUrl: 'https://example.com/logo-img.png', + // Overwrite for pool of background images for avatars + avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'], + // The lobby/prejoin screen background + premeetingBackground: 'url(https://example.com/premeeting-background.png)', + // A list of images that can be used as video backgrounds. + // When this field is present, the default images will be replaced with those provided. + virtualBackgrounds: ['https://example.com/img.jpg'], + // Object containing a theme's properties. It also supports partial overwrites of the main theme. + // For a list of all possible theme tokens and their current defaults, please check: + // https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json + // For a short explanations on each of the tokens, please check: + // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.js + // IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code + // or they are partially applied. + customTheme: { + palette: { + ui01: "orange !important", + ui02: "maroon", + surface02: 'darkgreen', + ui03: "violet", + ui04: "magenta", + ui05: "blueviolet", + field02Hover: 'red', + action01: 'green', + action01Hover: 'lightgreen', + action02Disabled: 'beige', + success02: 'cadetblue', + action02Hover: 'aliceblue' + }, + typography: { + labelRegular: { + fontSize: 25, + lineHeight: 30, + fontWeight: 500 + } + } + } + } */ dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}", + // When true the user cannot add more images to be used as virtual background. + // Only the default ones from will be available. + // disableAddingBackgroundImages: false, + + // Disables using screensharing as virtual background. + // disableScreensharingVirtualBackground: false, + // Sets the background transparency level. '0' is fully transparent, '1' is opaque. // backgroundAlpha: 1, @@ -700,12 +1017,35 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // If true, tile view will not be enabled automatically when the participants count threshold is reached. // disableTileView: true, + // If true, the tiles will be displayed contained within the available space rather than enlarged to cover it. + // disableTileEnlargement: true, + + // Controls the visibility and behavior of the top header conference info labels. + // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. + // conferenceInfo: { + // // those labels will not be hidden in tandem with the toolbox. + // alwaysVisible: ['recording', 'local-recording'], + // // those labels will be auto-hidden in tandem with the toolbox buttons. + // autoHide: [ + // 'subject', + // 'conference-timer', + // 'participants-count', + // 'e2ee', + // 'transcribing', + // 'video-quality', + // 'insecure-room' + // ] + // }, + // Hides the conference subject // hideConferenceSubject: true, // Hides the conference timer. // hideConferenceTimer: true, + // Hides the recording label + // hideRecordingLabel: false, + // Hides the participants stats // hideParticipantsStats: true, @@ -717,6 +1057,13 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // is not persisting the local storage inside the iframe. // useHostPageLocalStorage: true, + // etherpad ("shared document") integration. + // + + // If set, add a "Open shared document" link to the bottom right menu that + // will open an etherpad document. + // etherpad_base: 'https://your-etherpad-installati.on/p/', + // List of undocumented settings used in jitsi-meet /** _immediateReloadThreshold @@ -729,8 +1076,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) dialOutCodesUrl disableRemoteControl displayJids - etherpad_base externalConnectUrl + e2eeLabels firefox_fake_device googleApiApplicationClientID iAmRecorder @@ -772,6 +1119,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) websocketKeepAliveUrl */ + /** + * Default interval (milliseconds) for triggering mouseMoved iframe API event + */ + mouseMoveCallbackInterval: 1000, + /** Use this array to configure which notifications will be shown to the user The items correspond to the title or description key of that notification @@ -805,11 +1157,19 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied // 'localRecording.localRecording', // shown when a local recording is started // 'notify.disconnected', // shown when a participant has left + // 'notify.connectedOneMember', // show when a participant joined + // 'notify.connectedTwoMembers', // show when two participants joined simultaneously + // 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously // 'notify.grantedTo', // shown when moderator rights were granted to a participant // 'notify.invitedOneMember', // shown when 1 participant has been invited // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.kickParticipant', // shown when a participant is kicked + // 'notify.moderationStartedTitle', // shown when AV moderation is activated + // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated + // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation + // 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation + // 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation // 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party // 'notify.mutedTitle', // shown when user has been muted upon joining, // 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device @@ -818,6 +1178,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'notify.passwordSetRemotely', // shown when a password has been set remotely // 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.startSilentTitle', // shown when user joined with no audio + // 'notify.unmute', // shown to moderator when user raises hand during AV moderation // 'prejoin.errorDialOut', // 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutFailed', @@ -831,7 +1192,13 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone // 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted // 'transcribing.failedToStart' // shown when transcribing fails to start - // ] + // ], + + // Prevent the filmstrip from autohiding when screen width is under a certain threshold + // disableFilmstripAutohiding: false, + + // Specifies whether the chat emoticons are disabled or not + // disableChatSmileys: false, // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. diff --git a/type/__jitsi_meet_domain/files/config.js.sh.orig b/type/__jitsi_meet_domain/files/config.js.sh.orig index 9d49d52..eb30636 100644 --- a/type/__jitsi_meet_domain/files/config.js.sh.orig +++ b/type/__jitsi_meet_domain/files/config.js.sh.orig @@ -27,9 +27,6 @@ var config = { // Websocket URL // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket', - // The name of client node advertised in XEP-0115 'c' stanza - clientNode: 'http://jitsi.org/jitsimeet', - // The real JID of focus participant - can be overridden here // Do not change username - FIXME: Make focus username configurable // https://github.com/jitsi/jitsi-meet/issues/7376 @@ -44,9 +41,16 @@ var config = { // issues related to insertable streams. // disableE2EE: false, + // Enables/disables thumbnail reordering in the filmstrip. It is enabled by default unless explicitly + // disabled by the below option. + // enableThumbnailReordering: true, + + // Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users. + // mobileXmppWsThreshold: 10 // enable XMPP WebSockets on mobile for 10% of the users + // P2P test mode disables automatic switching to P2P when there are 2 // participants in the conference. - p2pTestMode: false + // p2pTestMode: false, // Enables the test specific features consumed by jitsi-meet-torture // testMode: false @@ -59,8 +63,10 @@ var config = { // simulcast is turned off for the desktop share. If presenter is turned // on while screensharing is in progress, the max bitrate is automatically // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines - // the probability for this to be enabled. - // capScreenshareBitrate: 1 // 0 to disable + // the probability for this to be enabled. This setting has been deprecated. + // desktopSharingFrameRate.max now determines whether simulcast will be enabled + // or disabled for the screenshare. + // capScreenshareBitrate: 1 // 0 to disable - deprecated. // Enable callstats only for a percentage of users. // This takes a value between 0 and 100 which determines the probability for @@ -68,6 +74,18 @@ var config = { // callStatsThreshold: 5 // enable callstats for 5% of the users. }, + // Disables moderator indicators. + // disableModeratorIndicator: false, + + // Disables the reactions feature. + // disableReactions: true, + + // Disables polls feature. + // disablePolls: false, + + // Disables self-view tile. (hides it from tile view and from filmstrip) + // disableSelfView: false, + // Disables ICE/UDP by filtering out local and remote UDP candidates in // signalling. // webrtcIceUdpDisable: false, @@ -80,6 +98,9 @@ var config = { // Media // + // Enable unified plan implementation support on Chromium based browsers. + // enableUnifiedOnChrome: false, + // Audio // Disable measuring of audio levels. @@ -96,6 +117,10 @@ var config = { // about the call. // enableSaveLogs: false, + // Enabling this will hide the "Show More" link in the GSM popover that can be + // used to display more statistics about the connection (IP, Port, protocol, etc). + // disableShowMoreStats: true, + // Enabling this will run the lib-jitsi-meet noise detection module which will // notify the user if there is noise, other than voice, coming from the current // selected microphone. The purpose it to let the user know that the input could @@ -117,19 +142,34 @@ var config = { // participants and to enable it back a reload is needed. // startSilent: false - // Sets the preferred target bitrate for the Opus audio codec by setting its - // 'maxaveragebitrate' parameter. Currently not available in p2p mode. - // Valid values are in the range 6000 to 510000 - // opusMaxAverageBitrate: 20000, - // Enables support for opus-red (redundancy for Opus). // enableOpusRed: false, + // Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio. + // Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC. + // audioQuality: { + // stereo: false, + // opusMaxAverageBitrate: null // Value to fit the 6000 to 510000 range. + // }, + // Video // Sets the preferred resolution (height) for local video. Defaults to 720. // resolution: 720, + // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not + // disableRemoveRaisedHandOnFocus: false, + + // Specifies whether there will be a search field in speaker stats or not + // disableSpeakerStatsSearch: false, + + // Specifies whether participants in speaker stats should be ordered or not, and with what priority + // speakerStatsOrder: [ + // 'role', <- Moderators on top + // 'name', <- Alphabetically by name + // 'hasLeft', <- The ones that have left in the bottom + // ] <- the order of the array elements determines priority + // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. // Use -1 to disable. // maxFullResolutionParticipants: 2, @@ -152,9 +192,10 @@ var config = { // Enable / disable simulcast support. // disableSimulcast: false, - // Enable / disable layer suspension. If enabled, endpoints whose HD - // layers are not in use will be suspended (no longer sent) until they - // are requested again. + // Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended + // (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen + // sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent + // by the client. // enableLayerSuspension: false, // Every participant after the Nth will start video muted. @@ -216,6 +257,18 @@ var config = { // subtitles and buttons can be configured) // transcribingEnabled: false, + // If true transcriber will use the application language. + // The application language is either explicitly set by participants in their settings or automatically + // detected based on the environment, e.g. if the app is opened in a chrome instance which is using french as its + // default language then transcriptions for that participant will be in french. + // Defaults to true. + // transcribeWithAppLanguage: true, + + // Transcriber language. This settings will only work if "transcribeWithAppLanguage" is explicitly set to false. + // Available languages can be found in + // ./src/react/features/transcribing/transcriber-langs.json. + // preferredTranscribeLanguage: 'en-US', + // Enables automatic turning on captions when recording is started // autoCaptionOnRecord: false, @@ -224,6 +277,20 @@ var config = { // Default value for the channel "last N" attribute. -1 for unlimited. channelLastN: -1, + // Connection indicators + // connectionIndicators: { + // autoHide: true, + // autoHideTimeout: 5000, + // disabled: false, + // disableDetails: false, + // inactiveDisabled: false + // }, + + // Provides a way for the lastN value to be controlled through the UI. + // When startLastN is present, conference starts with a last-n value of startLastN and channelLastN + // value will be used when the quality level is selected using "Manage Video Quality" slider. + // startLastN: 1, + // Provides a way to use different "last N" values based on the number of participants in the conference. // The keys in an Object represent number of participants and the values are "last N" to be used when number of // participants gets to or above the number. @@ -261,12 +328,24 @@ var config = { // // to take effect. // preferredCodec: 'VP8', // + // // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints + // // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet. + // // This will result in Safari not being able to decode video from endpoints sending VP9 video. + // // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the + // // preferred codec and goes back to the preferred codec when that endpoint leaves. + // // enforcePreferredCodec: false, + // // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on // // the available bandwidth calculated by the browser, but it will be capped by the values specified here. // // This is currently not implemented on app based clients on mobile. // maxBitratesVideo: { + // H264: { + // low: 200000, + // standard: 500000, + // high: 1500000 + // }, // VP8 : { // low: 200000, // standard: 500000, @@ -275,7 +354,7 @@ var config = { // VP9: { // low: 100000, // standard: 300000, - // high: 1200000 + // high: 1200000 // } // }, // @@ -299,6 +378,13 @@ var config = { // resizeDesktopForPresenter: false // }, + // Notification timeouts + // notificationTimeouts: { + // short: 2500, + // medium: 5000, + // long: 10000 + // }, + // // Options for the recording limit notification. // recordingLimit: { // @@ -317,6 +403,9 @@ var config = { // Disables or enables RTX (RFC 4588) (defaults to false). // disableRtx: false, + // Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event. + // disableBeforeUnloadHandlers: true, + // Disables or enables TCC support in this client (default: enabled). // enableTcc: true, @@ -332,8 +421,7 @@ var config = { // enableIceRestart: false, // Enables forced reload of the client when the call is migrated as a result of - // the bridge going down. Currently enabled by default as call migration through - // session-terminate is causing siganling issues when Octo is enabled. + // the bridge going down. // enableForcedReload: true, // Use TURN/UDP servers for the jitsi-videobridge connection (by default @@ -341,6 +429,11 @@ var config = { // bridge itself is reachable via UDP) // useTurnUdp: false + // Enable support for encoded transform in supported browsers. This allows + // E2EE to work in Safari if the corresponding flag is enabled in the browser. + // Experimental. + // enableEncodedTransformSupport: false, + // UI // @@ -350,6 +443,12 @@ var config = { // Hides lobby button // hideLobbyButton: false, + // If Lobby is enabled starts knocking automatically. + // autoKnockLobby: false, + + // Hides add breakout room button + // hideAddRoomButton: false, + // Require users to always specify a display name. // requireDisplayName: true, @@ -369,7 +468,15 @@ var config = { // enableClosePage: false, // Disable hiding of remote thumbnails when in a 1-on-1 conference call. - // disable1On1Mode: false, + // Setting this to null, will also disable showing the remote videos + // when the toolbar is shown on mouse movements + // disable1On1Mode: null | false | true, + + // Default local name to be displayed + // defaultLocalDisplayName: 'me', + + // Default remote name to be displayed + // defaultRemoteDisplayName: 'Fellow Jitster', // Default language for the user interface. // defaultLanguage: 'en', @@ -392,8 +499,18 @@ var config = { // and microsoftApiApplicationClientID // enableCalendarIntegration: false, - // When 'true', it shows an intermediate page before joining, where the user can configure their devices. - // prejoinPageEnabled: false, + // Configs for prejoin page. + // prejoinConfig: { + // // When 'true', it shows an intermediate page before joining, where the user can configure their devices. + // // This replaces `prejoinPageEnabled`. + // enabled: true, + // // List of buttons to hide from the extra join options dropdown. + // hideExtraJoinButtons: ['no-audio', 'by-phone'] + // }, + + // When 'true', the user cannot edit the display name. + // (Mainly useful when used in conjuction with the JWT so the JWT name becomes read only.) + // readOnlyName: false, // If etherpad integration is enabled, setting this to true will // automatically open the etherpad when a participant joins. This @@ -414,6 +531,10 @@ var config = { // Base URL for a Gravatar-compatible service. Defaults to libravatar. // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', + // App name to be displayed in the invitation email subject, as an alternative to + // interfaceConfig.APP_NAME. + // inviteAppName: null, + // Moved from interfaceConfig(TOOLBAR_BUTTONS). // The name of the toolbar buttons to display in the toolbar, including the // "More actions" menu. If present, the button will display. Exceptions are @@ -426,13 +547,94 @@ var config = { // - 'desktop' controls the "Share your screen" button // - if `toolbarButtons` is undefined, we fallback to enabling all buttons on the UI // toolbarButtons: [ - // 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen', - // 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording', - // 'livestreaming', 'etherpad', 'sharedvideo', 'shareaudio', 'settings', 'raisehand', - // 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', - // 'tileview', 'select-background', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security' + // 'camera', + // 'chat', + // 'closedcaptions', + // 'desktop', + // 'download', + // 'embedmeeting', + // 'etherpad', + // 'feedback', + // 'filmstrip', + // 'fullscreen', + // 'hangup', + // 'help', + // 'invite', + // 'livestreaming', + // 'microphone', + // 'mute-everyone', + // 'mute-video-everyone', + // 'participants-pane', + // 'profile', + // 'raisehand', + // 'recording', + // 'security', + // 'select-background', + // 'settings', + // 'shareaudio', + // 'sharedvideo', + // 'shortcuts', + // 'stats', + // 'tileview', + // 'toggle-camera', + // 'videoquality', + // '__end' // ], + // Holds values related to toolbar visibility control. + // toolbarConfig: { + // // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT + // // The initial numer of miliseconds for the toolbar buttons to be visible on screen. + // initialTimeout: 20000, + // // Moved from interfaceConfig.TOOLBAR_TIMEOUT + // // Number of miliseconds for the toolbar buttons to be visible on screen. + // timeout: 4000, + // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE + // // Whether toolbar should be always visible or should hide after x miliseconds. + // alwaysVisible: false + // }, + + // Toolbar buttons which have their click event exposed through the API on + // `toolbarButtonClicked` event instead of executing the normal click routine. + // buttonsWithNotifyClick: [ + // 'camera', + // 'chat', + // 'closedcaptions', + // 'desktop', + // 'download', + // 'embedmeeting', + // 'etherpad', + // 'feedback', + // 'filmstrip', + // 'fullscreen', + // 'hangup', + // 'help', + // 'invite', + // 'livestreaming', + // 'microphone', + // 'mute-everyone', + // 'mute-video-everyone', + // 'participants-pane', + // 'profile', + // 'raisehand', + // 'recording', + // 'security', + // 'select-background', + // 'settings', + // 'shareaudio', + // 'sharedvideo', + // 'shortcuts', + // 'stats', + // 'tileview', + // 'toggle-camera', + // 'videoquality', + // '__end' + // ], + + // List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons: + // 'microphone', 'camera', 'select-background', 'invite', 'settings' + // hiddenPremeetingButtons: [], + // Stats // @@ -450,12 +652,37 @@ var config = { // callStatsID: '', // callStatsSecret: '', + // The callstats initialize config params as described in the API: + // https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret + // callStatsConfigParams: { + // disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter. + // applicationVersion: "app_version", // Application version specified by the developer. + // disablePrecalltest: true, // disables the pre-call test, it is enabled by default. + // siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made. + // additionalIDs: { // additionalIDs object, contains application related IDs. + // customerID: "Customer Identifier. Example, walmart.", + // tenantID: "Tenant Identifier. Example, monster.", + // productName: "Product Name. Example, Jitsi.", + // meetingsName: "Meeting Name. Example, Jitsi loves callstats.", + // serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.", + // pbxID: "PBX Identifier. Example, walmart.", + // pbxExtensionID: "PBX Extension Identifier. Example, 5625.", + // fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.", + // sessionID: "Session Identifier. Example, session-12-34" + // }, + // collectLegacyStats: true, //enables the collection of legacy stats in chrome browser + // collectIP: true //enables the collection localIP address + // }, + // Enables sending participants' display names to callstats // enableDisplayNameInStats: false, // Enables sending participants' emails (if available) to callstats and other analytics // enableEmailInStats: false, + // Enables detecting faces of participants and get their expression and send it to other participants + // enableFacialRecognition: true, + // Controls the percentage of automatic feedback shown to participants when callstats is enabled. // The default value is 100%. If set to 0, no automatic feedback will be requested // feedbackPercentage: 100, @@ -481,12 +708,8 @@ var config = { // connection. enabled: true, - // The STUN servers that will be used in the peer to peer connections - stunServers: [ - - // { urls: 'stun:jitsi-meet.example.com:3478' }, - { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } - ] + // Enable unified plan implementation support on Chromium for p2p connection. + // enableUnifiedOnChrome: false, // Sets the ICE transport policy for the p2p connection. At the time // of this writing the list of possible values are 'all' and 'relay', @@ -513,10 +736,20 @@ var config = { // How long we're going to wait, before going back to P2P after the 3rd // participant has left the conference (to filter out page reload). - // backToP2PDelay: 5 + // backToP2PDelay: 5, + + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + // { urls: 'stun:jitsi-meet.example.com:3478' }, + { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } + ] }, analytics: { + // True if the analytics should be disabled + // disabled: false, + // The Google Analytics Tracking ID: // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' @@ -532,7 +765,7 @@ var config = { // module connects to the provided rtcstatsEndpoint and sends statistics regarding // PeerConnection states along with getStats metrics polled at the specified // interval. - // rtcstatsEnabled: true, + // rtcstatsEnabled: false, // In order to enable rtcstats one needs to provide a endpoint url. // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, @@ -560,13 +793,43 @@ var config = { // userRegion: "asia" }, + // Array of disabled sounds. + // Possible values: + // - 'ASKED_TO_UNMUTE_SOUND' + // - 'E2EE_OFF_SOUND' + // - 'E2EE_ON_SOUND' + // - 'INCOMING_MSG_SOUND' + // - 'KNOCKING_PARTICIPANT_SOUND' + // - 'LIVE_STREAMING_OFF_SOUND' + // - 'LIVE_STREAMING_ON_SOUND' + // - 'NO_AUDIO_SIGNAL_SOUND' + // - 'NOISY_AUDIO_INPUT_SOUND' + // - 'OUTGOING_CALL_EXPIRED_SOUND' + // - 'OUTGOING_CALL_REJECTED_SOUND' + // - 'OUTGOING_CALL_RINGING_SOUND' + // - 'OUTGOING_CALL_START_SOUND' + // - 'PARTICIPANT_JOINED_SOUND' + // - 'PARTICIPANT_LEFT_SOUND' + // - 'RAISE_HAND_SOUND' + // - 'REACTION_SOUND' + // - 'RECORDING_OFF_SOUND' + // - 'RECORDING_ON_SOUND' + // - 'TALK_WHILE_MUTED_SOUND' + // disabledSounds: [], + + // DEPRECATED! Use `disabledSounds` instead. // Decides whether the start/stop recording audio notifications should play on record. // disableRecordAudioNotification: false, + // DEPRECATED! Use `disabledSounds` instead. // Disables the sounds that play when other participants join or leave the // conference (if set to true, these sounds will not be played). // disableJoinLeaveSounds: false, + // DEPRECATED! Use `disabledSounds` instead. + // Disables the sounds that play when a chat message is received. + // disableIncomingMessageSound: false, + // Information for the chrome extension banner // chromeExtensionBanner: { // // The chrome extension to be installed address @@ -587,8 +850,8 @@ var config = { // localRecording: { // Enables local recording. // Additionally, 'localrecording' (all lowercase) needs to be added to - // TOOLBAR_BUTTONS in interface_config.js for the Local Recording - // button to show up on the toolbar. + // the `toolbarButtons`-array for the Local Recording button to show up + // on the toolbar. // // enabled: true, // @@ -597,6 +860,10 @@ var config = { // format: 'flac' // + // }, + // e2ee: { + // labels, + // externallyManagedKey: false // }, // Options related to end-to-end (participant to participant) ping. @@ -651,7 +918,9 @@ var config = { // Options related to the remote participant menu. // remoteVideoMenu: { // // If set to true the 'Kick out' button will be disabled. - // disableKick: true + // disableKick: true, + // // If set to true the 'Grant moderator' button will be disabled. + // disableGrantModerator: true // }, // If set to true all muting operations of remote participants will be disabled. @@ -663,20 +932,67 @@ var config = { /** External API url used to receive branding specific information. If there is no url set or there are missing fields, the defaults are applied. + The config file should be in JSON. None of the fields are mandatory and the response must have the shape: - { - // The hex value for the colour used as background - backgroundColor: '#fff', - // The url for the image used as background - backgroundImageUrl: 'https://example.com/background-img.png', - // The anchor url used when clicking the logo image - logoClickUrl: 'https://example-company.org', - // The url used for the image used as logo - logoImageUrl: 'https://example.com/logo-img.png' - } + { + // The domain url to apply (will replace the domain in the sharing conference link/embed section) + inviteDomain: 'example-company.org, + // The hex value for the colour used as background + backgroundColor: '#fff', + // The url for the image used as background + backgroundImageUrl: 'https://example.com/background-img.png', + // The anchor url used when clicking the logo image + logoClickUrl: 'https://example-company.org', + // The url used for the image used as logo + logoImageUrl: 'https://example.com/logo-img.png', + // Overwrite for pool of background images for avatars + avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'], + // The lobby/prejoin screen background + premeetingBackground: 'url(https://example.com/premeeting-background.png)', + // A list of images that can be used as video backgrounds. + // When this field is present, the default images will be replaced with those provided. + virtualBackgrounds: ['https://example.com/img.jpg'], + // Object containing a theme's properties. It also supports partial overwrites of the main theme. + // For a list of all possible theme tokens and their current defaults, please check: + // https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json + // For a short explanations on each of the tokens, please check: + // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.js + // IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code + // or they are partially applied. + customTheme: { + palette: { + ui01: "orange !important", + ui02: "maroon", + surface02: 'darkgreen', + ui03: "violet", + ui04: "magenta", + ui05: "blueviolet", + field02Hover: 'red', + action01: 'green', + action01Hover: 'lightgreen', + action02Disabled: 'beige', + success02: 'cadetblue', + action02Hover: 'aliceblue' + }, + typography: { + labelRegular: { + fontSize: 25, + lineHeight: 30, + fontWeight: 500 + } + } + } + } */ // dynamicBrandingUrl: '', + // When true the user cannot add more images to be used as virtual background. + // Only the default ones from will be available. + // disableAddingBackgroundImages: false, + + // Disables using screensharing as virtual background. + // disableScreensharingVirtualBackground: false, + // Sets the background transparency level. '0' is fully transparent, '1' is opaque. // backgroundAlpha: 1, @@ -688,12 +1004,35 @@ var config = { // If true, tile view will not be enabled automatically when the participants count threshold is reached. // disableTileView: true, + // If true, the tiles will be displayed contained within the available space rather than enlarged to cover it. + // disableTileEnlargement: true, + + // Controls the visibility and behavior of the top header conference info labels. + // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. + // conferenceInfo: { + // // those labels will not be hidden in tandem with the toolbox. + // alwaysVisible: ['recording', 'local-recording'], + // // those labels will be auto-hidden in tandem with the toolbox buttons. + // autoHide: [ + // 'subject', + // 'conference-timer', + // 'participants-count', + // 'e2ee', + // 'transcribing', + // 'video-quality', + // 'insecure-room' + // ] + // }, + // Hides the conference subject // hideConferenceSubject: true, // Hides the conference timer. // hideConferenceTimer: true, + // Hides the recording label + // hideRecordingLabel: false, + // Hides the participants stats // hideParticipantsStats: true, @@ -705,6 +1044,13 @@ var config = { // is not persisting the local storage inside the iframe. // useHostPageLocalStorage: true, + // etherpad ("shared document") integration. + // + + // If set, add a "Open shared document" link to the bottom right menu that + // will open an etherpad document. + // etherpad_base: 'https://your-etherpad-installati.on/p/', + // List of undocumented settings used in jitsi-meet /** _immediateReloadThreshold @@ -717,8 +1063,8 @@ var config = { dialOutCodesUrl disableRemoteControl displayJids - etherpad_base externalConnectUrl + e2eeLabels firefox_fake_device googleApiApplicationClientID iAmRecorder @@ -760,6 +1106,11 @@ var config = { websocketKeepAliveUrl */ + /** + * Default interval (milliseconds) for triggering mouseMoved iframe API event + */ + mouseMoveCallbackInterval: 1000, + /** Use this array to configure which notifications will be shown to the user The items correspond to the title or description key of that notification @@ -793,11 +1144,19 @@ var config = { // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied // 'localRecording.localRecording', // shown when a local recording is started // 'notify.disconnected', // shown when a participant has left + // 'notify.connectedOneMember', // show when a participant joined + // 'notify.connectedTwoMembers', // show when two participants joined simultaneously + // 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously // 'notify.grantedTo', // shown when moderator rights were granted to a participant // 'notify.invitedOneMember', // shown when 1 participant has been invited // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.kickParticipant', // shown when a participant is kicked + // 'notify.moderationStartedTitle', // shown when AV moderation is activated + // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated + // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation + // 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation + // 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation // 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party // 'notify.mutedTitle', // shown when user has been muted upon joining, // 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device @@ -806,6 +1165,7 @@ var config = { // 'notify.passwordSetRemotely', // shown when a password has been set remotely // 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.startSilentTitle', // shown when user joined with no audio + // 'notify.unmute', // shown to moderator when user raises hand during AV moderation // 'prejoin.errorDialOut', // 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutFailed', @@ -819,7 +1179,13 @@ var config = { // 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone // 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted // 'transcribing.failedToStart' // shown when transcribing fails to start - // ] + // ], + + // Prevent the filmstrip from autohiding when screen width is under a certain threshold + // disableFilmstripAutohiding: false, + + // Specifies whether the chat emoticons are disabled or not + // disableChatSmileys: false, // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. diff --git a/type/__jitsi_meet_domain/files/interface_config.js.sh b/type/__jitsi_meet_domain/files/interface_config.js.sh index 2a65bfc..abcf68b 100644 --- a/type/__jitsi_meet_domain/files/interface_config.js.sh +++ b/type/__jitsi_meet_domain/files/interface_config.js.sh @@ -36,42 +36,13 @@ var interfaceConfig = { BRAND_WATERMARK_LINK: '', CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it - /** - * Whether the connection indicator icon should hide itself based on - * connection strength. If true, the connection indicator will remain - * displayed while the participant has a weak connection and will hide - * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is - * strong. - * - * @type {boolean} - */ - CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true, - - /** - * How long the connection indicator should remain displayed before hiding. - * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED. - * - * @type {number} - */ - CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000, - - /** - * If true, hides the connection indicators completely. - * - * @type {boolean} - */ - CONNECTION_INDICATOR_DISABLED: false, DEFAULT_BACKGROUND: '#474747', - DEFAULT_LOCAL_DISPLAY_NAME: 'me', DEFAULT_LOGO_URL: '${BRANDING_WATERMARK_PATH}', - DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', DEFAULT_WELCOME_PAGE_LOGO_URL: '${BRANDING_WATERMARK_PATH}', DISABLE_DOMINANT_SPEAKER_INDICATOR: false, - DISABLE_FOCUS_INDICATOR: false, - /** * If true, notifications regarding joining/leaving are no longer displayed. */ @@ -127,7 +98,6 @@ var interfaceConfig = { */ HIDE_INVITE_MORE_HEADER: false, - INITIAL_TOOLBAR_TIMEOUT: 20000, JITSI_WATERMARK_LINK: 'https://jitsi.org', LANG_DETECTION: true, // Allow i18n to detect the system language @@ -196,10 +166,10 @@ var interfaceConfig = { SHOW_BRAND_WATERMARK: false, /** - * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. - * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) - * being already installed is done before rendering. - */ + * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. + * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) + * being already installed is done before rendering. + */ SHOW_CHROME_EXTENSION_BANNER: false, SHOW_DEEP_LINKING_IMAGE: false, @@ -213,16 +183,6 @@ var interfaceConfig = { */ SUPPORT_URL: 'https://community.jitsi.org/', - TOOLBAR_ALWAYS_VISIBLE: false, - - /** - * DEPRECATED! - * This config was moved to config.js as \`toolbarButtons\`. - */ - // TOOLBAR_BUTTONS: [], - - TOOLBAR_TIMEOUT: 4000, - // Browsers, in addition to those which do not fully support WebRTC, that // are not supported and should show the unsupported browser page. UNSUPPORTED_BROWSERS: [], @@ -274,19 +234,40 @@ var interfaceConfig = { */ // ANDROID_APP_PACKAGE: 'org.jitsi.meet', - /** - * Override the behavior of some notifications to remain displayed until - * explicitly dismissed through a user action. The value is how long, in - * milliseconds, those notifications should remain displayed. - */ - // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000, - // List of undocumented settings /** INDICATOR_FONT_SIZES PHONE_NUMBER_REGEX */ + // -----------------DEPRECATED CONFIGS BELOW THIS LINE----------------------------- + + // Connection indicators ( + // CONNECTION_INDICATOR_AUTO_HIDE_ENABLED, + // CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT, + // CONNECTION_INDICATOR_DISABLED) got moved to config.js. + + // Please use disableModeratorIndicator from config.js + // DISABLE_FOCUS_INDICATOR: false, + + // Please use defaultLocalDisplayName from config.js + // DEFAULT_LOCAL_DISPLAY_NAME: 'me', + + // Please use defaultRemoteDisplayName from config.js + // DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', + + // Moved to config.js as \`toolbarConfig.initialTimeout\`. + // INITIAL_TOOLBAR_TIMEOUT: 20000, + + // Moved to config.js as \`toolbarConfig.alwaysVisible\`. + // TOOLBAR_ALWAYS_VISIBLE: false, + + // This config was moved to config.js as \`toolbarButtons\`. + // TOOLBAR_BUTTONS: [], + + // Moved to config.js as \`toolbarConfig.timeout\`. + // TOOLBAR_TIMEOUT: 4000, + // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. // eslint-disable-next-line sort-keys diff --git a/type/__jitsi_meet_domain/files/interface_config.js.sh.orig b/type/__jitsi_meet_domain/files/interface_config.js.sh.orig index fb8dd48..c3a76af 100644 --- a/type/__jitsi_meet_domain/files/interface_config.js.sh.orig +++ b/type/__jitsi_meet_domain/files/interface_config.js.sh.orig @@ -25,42 +25,13 @@ var interfaceConfig = { BRAND_WATERMARK_LINK: '', CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it - /** - * Whether the connection indicator icon should hide itself based on - * connection strength. If true, the connection indicator will remain - * displayed while the participant has a weak connection and will hide - * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is - * strong. - * - * @type {boolean} - */ - CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true, - - /** - * How long the connection indicator should remain displayed before hiding. - * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED. - * - * @type {number} - */ - CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000, - - /** - * If true, hides the connection indicators completely. - * - * @type {boolean} - */ - CONNECTION_INDICATOR_DISABLED: false, DEFAULT_BACKGROUND: '#474747', - DEFAULT_LOCAL_DISPLAY_NAME: 'me', DEFAULT_LOGO_URL: 'images/watermark.svg', - DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg', DISABLE_DOMINANT_SPEAKER_INDICATOR: false, - DISABLE_FOCUS_INDICATOR: false, - /** * If true, notifications regarding joining/leaving are no longer displayed. */ @@ -116,7 +87,6 @@ var interfaceConfig = { */ HIDE_INVITE_MORE_HEADER: false, - INITIAL_TOOLBAR_TIMEOUT: 20000, JITSI_WATERMARK_LINK: 'https://jitsi.org', LANG_DETECTION: true, // Allow i18n to detect the system language @@ -185,10 +155,10 @@ var interfaceConfig = { SHOW_BRAND_WATERMARK: false, /** - * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. - * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) - * being already installed is done before rendering. - */ + * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. + * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) + * being already installed is done before rendering. + */ SHOW_CHROME_EXTENSION_BANNER: false, SHOW_DEEP_LINKING_IMAGE: false, @@ -202,16 +172,6 @@ var interfaceConfig = { */ SUPPORT_URL: 'https://community.jitsi.org/', - TOOLBAR_ALWAYS_VISIBLE: false, - - /** - * DEPRECATED! - * This config was moved to config.js as `toolbarButtons`. - */ - // TOOLBAR_BUTTONS: [], - - TOOLBAR_TIMEOUT: 4000, - // Browsers, in addition to those which do not fully support WebRTC, that // are not supported and should show the unsupported browser page. UNSUPPORTED_BROWSERS: [], @@ -263,19 +223,40 @@ var interfaceConfig = { */ // ANDROID_APP_PACKAGE: 'org.jitsi.meet', - /** - * Override the behavior of some notifications to remain displayed until - * explicitly dismissed through a user action. The value is how long, in - * milliseconds, those notifications should remain displayed. - */ - // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000, - // List of undocumented settings /** INDICATOR_FONT_SIZES PHONE_NUMBER_REGEX */ + // -----------------DEPRECATED CONFIGS BELOW THIS LINE----------------------------- + + // Connection indicators ( + // CONNECTION_INDICATOR_AUTO_HIDE_ENABLED, + // CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT, + // CONNECTION_INDICATOR_DISABLED) got moved to config.js. + + // Please use disableModeratorIndicator from config.js + // DISABLE_FOCUS_INDICATOR: false, + + // Please use defaultLocalDisplayName from config.js + // DEFAULT_LOCAL_DISPLAY_NAME: 'me', + + // Please use defaultRemoteDisplayName from config.js + // DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', + + // Moved to config.js as `toolbarConfig.initialTimeout`. + // INITIAL_TOOLBAR_TIMEOUT: 20000, + + // Moved to config.js as `toolbarConfig.alwaysVisible`. + // TOOLBAR_ALWAYS_VISIBLE: false, + + // This config was moved to config.js as `toolbarButtons`. + // TOOLBAR_BUTTONS: [], + + // Moved to config.js as `toolbarConfig.timeout`. + // TOOLBAR_TIMEOUT: 4000, + // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. // eslint-disable-next-line sort-keys diff --git a/type/__jitsi_meet_domain/files/nginx.sh b/type/__jitsi_meet_domain/files/nginx.sh index 8b124e2..6e874c1 100644 --- a/type/__jitsi_meet_domain/files/nginx.sh +++ b/type/__jitsi_meet_domain/files/nginx.sh @@ -2,6 +2,14 @@ # shellcheck disable=SC2034 # This is intended to be included JITSI_NGINX_CONFIG="$(cat <_` + for details. + owner Owner of the deployed files, passed to `chown`. Defaults to 'root'. brand Web UI branding, defaults to 'Element'. +branding_auth_header_logo_url + A logo image that is shown in the header during authentication flows. + +branding_welcome_background_url + An image to use as a wallpaper outside the app during authentication flows. If an array is passed, an image is chosen randomly for each visit. + +branding_auth_footer_links + a list of links to show in the authentication page footer: `[{"text": "Link + text", "url": "https://link.target"}, {"text": "Other link", ...}]` + default_country_code ISO 3166 alpha2 country code to use when showing country selectors, such as phone number inputs. Defaults to GB. diff --git a/type/__matrix_element/manifest b/type/__matrix_element/manifest index 544bd96..fe937c5 100755 --- a/type/__matrix_element/manifest +++ b/type/__matrix_element/manifest @@ -25,11 +25,13 @@ INSTALL_DIR=$(cat "$__object/parameter/install_dir") export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name") export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url") +export IDENTITY_SERVER_URL=$(cat "$__object/parameter/identity_server_url") export BRAND=$(cat "$__object/parameter/brand") export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code") export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers") export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url") export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url") +export BRANDING_WELCOME_BACKGROUND_URL=$(cat "$__object/parameter/branding_welcome_background_url") if [ -f "$__object/parameter/jitsi_domain" ]; then export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain") @@ -44,14 +46,24 @@ if [ -f "$__object/parameter/branding_auth_footer_links" ]; then fi if [ -f "$__object/parameter/homepage" ]; then - export EMBED_HOMEPAGE=1 homepage=$(cat "$__object/parameter/homepage") + if [ -f "$homepage" ]; then + upload_homepage=1 + else + export HOME_PAGE_URL=$homepage + fi fi +WELCOME_PAGE_URL="welcome.html" if [ -f "$__object/parameter/welcomepage" ]; then - export EMBED_WELCOMEPAGE=1 welcomepage=$(cat "$__object/parameter/welcomepage") + if [ -f welcomepage ]; then + export UPLOAD_WELCOMEPAGE=1 + else + WELCOME_PAGE_URL=$welcomepage + fi fi +export WELCOME_PAGE_URL if [ -f "$__object/parameter/custom_asset" ]; then "$__object/parameter/custom_asset" | while IFS= read -r file; do @@ -91,14 +103,14 @@ require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json" --mode 0664 \ --state present -if [ $EMBED_HOMEPAGE ]; then +if [ $upload_homepage ]; then require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \ --source "$homepage" \ --mode 0664 \ --state present fi -if [ $EMBED_WELCOMEPAGE ]; then +if [ $upload_welcomepage ]; then require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \ --source "$welcomepage" \ --mode 0664 \ diff --git a/type/__matrix_element/parameter/default/branding_welcome_background_url b/type/__matrix_element/parameter/default/branding_welcome_background_url new file mode 100644 index 0000000..5f5acef --- /dev/null +++ b/type/__matrix_element/parameter/default/branding_welcome_background_url @@ -0,0 +1 @@ +themes/element/img/backgrounds/lake.jpg diff --git a/type/__matrix_element/parameter/default/identity_server b/type/__matrix_element/parameter/default/identity_server new file mode 100644 index 0000000..e69de29 diff --git a/type/__matrix_element/parameter/optional b/type/__matrix_element/parameter/optional index 21a2faf..2830f81 100644 --- a/type/__matrix_element/parameter/optional +++ b/type/__matrix_element/parameter/optional @@ -1,5 +1,6 @@ default_server_url default_server_name +identity_server_url brand default_country_code privacy_policy_url @@ -11,3 +12,4 @@ welcomepage jitsi_domain branding_auth_header_logo_url branding_auth_footer_links +branding_welcome_background_url diff --git a/type/__matrix_synapse/files/homeserver.yaml.sh b/type/__matrix_synapse/files/homeserver.yaml.sh index bc94391..d719d3f 100755 --- a/type/__matrix_synapse/files/homeserver.yaml.sh +++ b/type/__matrix_synapse/files/homeserver.yaml.sh @@ -448,7 +448,7 @@ retention: # matter much because Synapse doesn't take it into account yet. # default_policy: - min_lifetime: 1d + min_lifetime: ${MESSAGE_RETENTION_POLICY_MIN_LIFETIME:?} max_lifetime: ${MESSAGE_RETENTION_POLICY_MAX_LIFETIME:?} # Retention policy limits. If set, and the state of a room contains a @@ -1175,14 +1175,26 @@ fi cat << EOF # The shared secret used to compute passwords for the TURN server # -turn_shared_secret: "$TURN_SHARED_SECRET" +EOF +if [ -n "$TURN_SHARED_SECRET" ]; then + echo "turn_shared_secret: \"$TURN_SHARED_SECRET\"" +fi + +cat << EOF # The Username and password if the TURN server needs them and # does not use a token # -#turn_username: "TURNSERVER_USERNAME" -#turn_password: "TURNSERVER_PASSWORD" +EOF +if [ -n "$TURN_USERNAME" ] || [ "$TURN_PASSWORD" ]; then + cat <<- EOF + turn_username: "$TURN_USERNAME" + turn_password: "$TURN_PASSWORD" + EOF +fi + +cat << EOF # How long generated TURN credentials last # turn_user_lifetime: ${TURN_USER_LIFETIME:?} @@ -1322,7 +1334,7 @@ fi cat << EOF # Enable 3PIDs lookup requests to identity servers from this server. # -#enable_3pid_lookup: true +enable_3pid_lookup: ${ENABLE_3PID_LOOKUPS:?} # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. @@ -1330,9 +1342,12 @@ EOF if [ -n "$REGISTRATION_SHARED_SECRET" ]; then echo "registration_shared_secret: '$REGISTRATION_SHARED_SECRET'" +else + echo "# registration_shared_secret: 'secret'" fi cat << EOF + # Set the number of bcrypt rounds used to generate password hash. # Larger numbers increase the work factor needed to generate the hash. # The default number is 12 (which equates to 2^12 rounds). @@ -1353,7 +1368,13 @@ allow_guest_access: ${ALLOW_GUEST_ACCESS:?} # (By default, no suggestion is made, so it is left up to the client.) # #default_identity_server: https://matrix.org +EOF +if [ -n "$DEFAULT_IDENTITY_SERVER" ]; then + echo "default_identity_server: \"$DEFAULT_IDENTITY_SERVER\"" +fi + +cat << EOF # Handle threepid (email/phone etc) registration and password resets through a set of # *trusted* identity servers. Note that this allows the configured identity server to # reset passwords for accounts! @@ -1696,7 +1717,24 @@ saml2_config: # local: ["saml2/idp.xml"] # remote: # - url: https://our_idp/metadata.xml +EOF +if [ -n "$SAML2_IDP_METADATA_URL" ]; then + cat << EOF + metadata: + remote: + - url: "$SAML2_IDP_METADATA_URL" +EOF +fi + +if [ -n "$SAML2_SP_CERT" ] || [ -n "$SAML2_SP_KEY" ]; then + cat << EOF + key_file: "$SAML2_SP_KEY" + cert_file: "$SAML2_SP_CERT" +EOF +fi + +cat << EOF # Allowed clock difference in seconds between the homeserver and IdP. # # Uncomment the below to increase the accepted time difference from 0 to 3 seconds. @@ -1770,7 +1808,15 @@ saml2_config: # The custom module's class. Uncomment to use a custom module. # #module: mapping_provider.SamlMappingProvider +EOF +if [ -n "$SAML2_MAPPING_PROVIDER_MODULE" ]; then + cat << EOF + module: "$SAML2_MAPPING_PROVIDER_MODULE" +EOF +fi + +cat << EOF # Custom configuration values for the module. Below options are # intended for the built-in provider, they should be changed if # using a custom module. This section will be passed as a Python @@ -1800,6 +1846,17 @@ saml2_config: # value will be used instead. # #mxid_mapping: dotreplace +EOF + +if [ -n "$SAML2_MAPPING_PROVIDER_EXTRA_CONFIG" ]; then + echo "$SAML2_MAPPING_PROVIDER_EXTRA_CONFIG" | while IFS= read -r entry; do + cat << EOF + $entry +EOF + done +fi + +cat << EOF # In previous versions of synapse, the mapping from SAML attribute to # MXID was always calculated dynamically rather than stored in a @@ -2134,7 +2191,7 @@ sso: # You can see the default templates at: # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates # - #template_dir: "res/templates" + template_dir: "${SSO_TEMPLATE_DIR:?}" # JSON web token integration. The following settings can be used to make diff --git a/type/__matrix_synapse/gencode-remote b/type/__matrix_synapse/gencode-remote index cf7c648..30770ed 100755 --- a/type/__matrix_synapse/gencode-remote +++ b/type/__matrix_synapse/gencode-remote @@ -8,7 +8,7 @@ case "$os" in synapse_conf_dir=/etc/synapse synapse_service=synapse ;; - debian) + debian|ubuntu) synapse_conf_dir=/etc/matrix-synapse synapse_service=matrix-synapse ;; diff --git a/type/__matrix_synapse/man.rst b/type/__matrix_synapse/man.rst index 4eb23bb..0589a5e 100644 --- a/type/__matrix_synapse/man.rst +++ b/type/__matrix_synapse/man.rst @@ -133,6 +133,14 @@ turn-uri turn-shared-secret Shared secret used to access the TURN REST API. +turn-username + Username used to authenticate against the TURN server if needed / a shared + secret token is not used. + +turn-password + Password used to authenticate against the TURN server if needed / a shared + secret token is not used. + turn-user-lifetime Lifetime of TURN credentials. Defaults to 1h. @@ -181,6 +189,25 @@ bind-address Address used to bind the synapse listeners. Can be specified multiple times. Defaults to '::1' and '127.0.0.1'. +saml2-idp-metadata-url + HTTP(S) url to SAML2 Identity Provider (IdP), used for Single Sign On (SSO) logic. + +saml2-sp-key + Path to PEM-formatted key file for use by PySAML2. + +saml2-sp-cert + Path to PEM-formatted cert file for use by PySAML2. + +saml2-mapping-provider-module + Name of custom Python module used to map SAML2 attributes to synapse internals. + +saml2-mapping-provider-extra-settings + Extra YAML-formatted key/pair values provided as configuration to the SAML2 + mapping provider module (e.g. 'key: value'). Can be specified multiple times. + +sso-template-dir + Directory used to source SSO-related HTML templates. + extra-setting Arbitrary string to be added to the configuration file. Can be specified multiple times. @@ -222,6 +249,9 @@ allow-public-rooms-without-auth enable-server-notices Enable the server notices room. +enable-3pid-lookups + Enable 3PIDs lookup requests to identity servers from this server. + allow-guest-access Allows users to register as guests without a password/email/etc, and participate in rooms hosted on this server which have been made accessible diff --git a/type/__matrix_synapse/manifest b/type/__matrix_synapse/manifest index 4650a17..6a89de6 100755 --- a/type/__matrix_synapse/manifest +++ b/type/__matrix_synapse/manifest @@ -20,41 +20,24 @@ # OS-specific configuration. os=$(cat "$__global/explorer/os") -distribution=$(cat "$__global/explorer/lsb_codename") case "$os" in - debian) + debian|ubuntu) synapse_user=matrix-synapse - synapse_pkg=matrix-synapse + synapse_pkg=matrix-synapse-py3 synapse_service=matrix-synapse ldap_auth_provider_pkg=matrix-synapse-ldap3 synapse_conf_dir='/etc/matrix-synapse' synapse_data_dir='/var/lib/matrix-synapse' - # See https://packages.debian.org/bullseye/matrix-synapse for state of - # synapse packaging in debian. - case "$distribution" in - stretch) - echo "The matrix-synapse package in debian stretch is outdated and unusable." >&2 - exit 1 - ;; - buster) - # Enable debian-backports for debian Buster, as the 'stable' - # matrix-synapse package is ways too old (< 1.0). - apt_target_release=buster-backports - __apt_backports - ;; - bullseye|sid) - # As of writting (2021-02), the default matrix-synapse of those - # release is perfectly usable. - : - ;; - *) - echo "Unknown debian release '$distribution'. Exiting" >&2 - exit 1 - ;; - esac - ;; + __apt_key matrix-org \ + --uri https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg + + require="__apt_key/matrix-org" __apt_source matrix-org \ + --uri https://packages.matrix.org/debian/ \ + --component main + package_req="__apt_source/matrix-org" + ;; alpine) synapse_user=synapse synapse_pkg=synapse @@ -113,7 +96,7 @@ export SERVER_NAME BASE_URL REPORT_STATS MAX_UPLOAD_SIZE EXPOSE_METRICS \ WEB_CLIENT_URL ROOM_ENCRYPTION_POLICY BIND_ADDRESSES if [ -f "$__object/parameter/enable-server-notices" ]; then - export ENABLE_SERVER_NOTICES=1 + export ENABLE_SERVER_NOTICES=1 fi # TLS. @@ -189,25 +172,76 @@ ENABLE_REGISTRATIONS=$(get_boolean_for 'enable-registrations') USER_DIRECTORY_SEARCH_ALL_USERS=$(get_boolean_for 'user-directory-search-all-users') export ALLOW_GUEST_ACCESS ENABLE_REGISTRATIONS USER_DIRECTORY_SEARCH_ALL_USERS -if [ -f "$__object/parameter/registration-shared-token" ]; then +if [ -f "$__object/parameter/registration-shared-secret" ]; then REGISTRATION_SHARED_SECRET=$(cat "$__object/parameter/registration-shared-secret") export REGISTRATION_SHARED_SECRET fi if [ -f "$__object/parameter/registration-requires-email" ]; then - export REGISTRATION_REQUIRES_EMAIL=1 + export REGISTRATION_REQUIRES_EMAIL=1 fi if [ -f "$__object/parameter/auto-join-room" ]; then - AUTO_JOIN_ROOMS="$(cat "$__object/parameter/auto-join-room")" - export AUTO_JOIN_ROOMS + AUTO_JOIN_ROOMS="$(cat "$__object/parameter/auto-join-room")" + export AUTO_JOIN_ROOMS fi if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then - RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern") - export RESGISTRATION_ALLOWS_EMAIL_PATTERN + RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration-allows-email-pattern") + export RESGISTRATION_ALLOWS_EMAIL_PATTERN fi +if [ -f "$__object/parameter/saml2-idp-metadata-url" ]; then + # Synapse fails to start while trying to parse IDP metadata if this package + # is not installed. + __package xmlsec1 + + SAML2_IDP_METADATA_URL=$(cat "$__object/parameter/saml2-idp-metadata-url") + export SAML2_IDP_METADATA_URL +fi + +if [ -f "$__object/parameter/saml2-sp-key" ]; then + SAML2_SP_KEY=$(cat "$__object/parameter/saml2-sp-key") + export SAML2_SP_KEY +fi + +if [ -f "$__object/parameter/saml2-sp-cert" ]; then + SAML2_SP_CERT=$(cat "$__object/parameter/saml2-sp-cert") + export SAML2_SP_CERT +fi + +if [ -f "$__object/parameter/saml2-mapping-provider-module" ]; then + SAML2_MAPPING_PROVIDER_MODULE=$(cat "$__object/parameter/saml2-mapping-provider-module") + export SAML2_MAPPING_PROVIDER_MODULE +fi + +if [ -f "$__object/parameter/saml2-mapping-provider-extra-config" ]; then + SAML2_MAPPING_PROVIDER_EXTRA_CONFIG=$(cat "$__object/parameter/saml2-mapping-provider-extra-config") + export SAML2_MAPPING_PROVIDER_EXTRA_CONFIG +fi + +SSO_TEMPLATE_DIR=$(cat "$__object/parameter/sso-template-dir") +export SSO_TEMPLATE_DIR + +if [ -n "$SAML2_SP_KEY" ] && [ -z "$SAML2_SP_CERT" ]; then + echo "--saml2-sp-cert must be set if --saml2-sp-key is provided." >&2 + exit 1 +elif [ -n "$SAML2_SP_CERT" ] && [ -z "$SAML2_SP_KEY" ]; then + echo "--saml2-sp-key must be set if --saml2-sp-cert is provided." >&2 + exit 1 +fi + +if [ -f "$__object/parameter/default-identity-server" ]; then + DEFAULT_IDENTITY_SERVER=$(cat "$__object/parameter/default-identity-server") + export DEFAULT_IDENTITY_SERVER +fi + +ENABLE_3PID_LOOKUPS='false' +if [ -f "$__object/parameter/enable-3pid-lookups" ]; then + ENABLE_3PID_LOOKUPS='true' +fi +export ENABLE_3PID_LOOKUPS + # Federation. ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation') ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth') @@ -223,7 +257,8 @@ fi # Message retention. ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-policy') MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime") -export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME +MESSAGE_RETENTION_POLICY_MIN_LIFETIME=$MESSAGE_RETENTION_POLICY_MAX_LIFETIME +export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME MESSAGE_RETENTION_POLICY_MIN_LIFETIME # Previews. ENABLE_URL_PREVIEW=$(get_boolean_for 'enable-url-preview') @@ -263,6 +298,16 @@ if [ -f "$__object/parameter/turn-uri" ]; then export TURN_URIS fi +if [ -f "$__object/parameter/turn-username" ]; then + TURN_USERNAME=$(cat "$__object/parameter/turn-username") + export TURN_USERNAME +fi + +if [ -f "$__object/parameter/turn-password" ]; then + TURN_PASSWORD=$(cat "$__object/parameter/turn-password") + export TURN_PASSWORD +fi + # Worker-mode configuration. export MAIN_LISTENER_PORT=8008 export ENABLE_MEDIA_REPO='true' @@ -296,38 +341,25 @@ export ENABLE_REPLICATION ENABLE_REDIS_SUPPORT WORKER_REPLICATION_SECRET \ case "$DATABASE_ENGINE" in sqlite3) : - ;; + ;; psycopg2) when='database engine is psycopg2' is_required_when "$DATABASE_HOST" '--database-host' "$when" is_required_when "$DATABASE_USER" '--database-user' "$when" - ;; + ;; *) echo "Invalid database engine: $DATABASE_ENGINE." >&2 exit 1 - ;; + ;; esac -# Install OS packages. We have a bit of boilerplate to handle the debian -# backports situation. -synapse_req= -if [ -n "$apt_target_release" ]; then - require="__apt_backports" __package_apt "$synapse_pkg" \ - --target-release "$apt_target_release" - synapse_req="__package_apt/$synapse_pkg" -else - __package "$synapse_pkg" - synapse_req="__package/$synapse_pkg" -fi +# Install OS packages. +require="$package_req" __package "$synapse_pkg" +synapse_req="__package/$synapse_pkg" if [ -n "$ENABLE_LDAP_AUTH" ]; then - if [ -n "$apt_target_release" ]; then - require="__package_apt/$synapse_pkg" __package_apt "$ldap_auth_provider_pkg" \ - --target-release "$apt_target_release" - else - __package "$ldap_auth_provider_pkg" - fi + require="$package_req" __package "$ldap_auth_provider_pkg" fi # Generate and deploy configuration files. @@ -336,13 +368,13 @@ mkdir -p "$__object/files" "$__type/files/log.config.sh" > "$__object/files/log.config" require="$synapse_req" __file "$synapse_conf_dir/homeserver.yaml" \ - --owner $synapse_user \ - --mode 600 \ - --source "$__object/files/homeserver.yaml" + --owner $synapse_user \ + --mode 600 \ + --source "$__object/files/homeserver.yaml" require="$synapse_req" __file "$LOG_CONFIG_PATH" \ - --owner $synapse_user \ - --mode 600 \ - --source "$__object/files/log.config" + --owner $synapse_user \ + --mode 600 \ + --source "$__object/files/log.config" for directory in $DATA_DIR $LOG_DIR; do require="$synapse_req" __directory $directory \ @@ -350,8 +382,8 @@ for directory in $DATA_DIR $LOG_DIR; do --owner $synapse_user done -# Make dpkg-reconfigure happy on debian systems. -if [ "$os" = "debian" ]; then +# Make dpkg-reconfigure happy on debian-based systems. +if [ "$os" = "debian" ] || [ "$os" = "ubuntu" ]; then require="$synapse_req" __file "$synapse_conf_dir/conf.d/server_name.yaml" \ --owner $synapse_user \ --source - <<- EOF diff --git a/type/__matrix_synapse/parameter/boolean b/type/__matrix_synapse/parameter/boolean index 7ff48de..ac87271 100644 --- a/type/__matrix_synapse/parameter/boolean +++ b/type/__matrix_synapse/parameter/boolean @@ -17,3 +17,4 @@ user-directory-search-all-users enable-message-retention-policy worker-mode enable-url-preview +enable-3pid-lookups diff --git a/type/__matrix_synapse/parameter/default/sso-template-dir b/type/__matrix_synapse/parameter/default/sso-template-dir new file mode 100644 index 0000000..b51bcdc --- /dev/null +++ b/type/__matrix_synapse/parameter/default/sso-template-dir @@ -0,0 +1 @@ +res/template diff --git a/type/__matrix_synapse/parameter/optional b/type/__matrix_synapse/parameter/optional index 1378365..1786dd1 100644 --- a/type/__matrix_synapse/parameter/optional +++ b/type/__matrix_synapse/parameter/optional @@ -13,6 +13,8 @@ ldap-bind-password ldap-filter turn-shared-secret turn-user-lifetime +turn-username +turn-password max-upload-size smtp-host smtp-port @@ -34,3 +36,9 @@ background-tasks-worker tls-cert tls-private-key registration-shared-secret +saml2-idp-metadata-url +saml2-sp-key +saml2-sp-cert +default-identity-server +saml2-mapping-provider-module +sso-template-dir diff --git a/type/__matrix_synapse/parameter/optional_multiple b/type/__matrix_synapse/parameter/optional_multiple index 8871dd6..dfd69cb 100644 --- a/type/__matrix_synapse/parameter/optional_multiple +++ b/type/__matrix_synapse/parameter/optional_multiple @@ -5,3 +5,4 @@ app-service-config-file extra-setting bind-address outbound-federation-worker +saml2-mapping-provider-extra-config diff --git a/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service b/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service index 6352b00..6f89cd8 100644 --- a/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service +++ b/type/__matrix_synapse_worker/files/matrix-synapse-worker@.service @@ -15,7 +15,7 @@ NotifyAccess=main User=matrix-synapse WorkingDirectory=/var/lib/matrix-synapse EnvironmentFile=/etc/default/matrix-synapse -ExecStart=/usr/bin/python3 -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml +ExecStart=/opt/venvs/matrix-synapse/bin/python -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure RestartSec=3 diff --git a/type/__matterbridge/manifest b/type/__matterbridge/manifest index ef02112..2b5738b 100755 --- a/type/__matterbridge/manifest +++ b/type/__matterbridge/manifest @@ -20,7 +20,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - debian) + debian|ubuntu) # This type assume systemd for service installation. ;; *) @@ -31,11 +31,13 @@ case "$os" in esac # Required parameters. -VERSION=$(cat "$__object/parameter/version") +version=$(cat "$__object/parameter/version") if [ -f "$__object/parameter/config" ]; then - CONFIG="$(cat "$__object/parameter/config")" - if [ "$CONFIG" = "-" ]; then - CONFIG=$(cat "$__object/stdin") + config="$(cat "$__object/parameter/config")" + if [ "$config" = "-" ]; then + mkdir -p "$__object/files" + config="$__object/files/matterbridge.toml" + cat "$__object/stdin" > "$config" fi fi @@ -46,11 +48,11 @@ export USER=matterbridge export GROUP=$USER # Internal variables. -artefact="matterbridge-$VERSION-linux-64bit" +artefact="matterbridge-$version-linux-64bit" checksum_file="checksums.txt" release_download_url=https://github.com/42wim/matterbridge/releases/download -binary_url="$release_download_url/v$VERSION/$artefact" -checksum_file_url="$release_download_url/v$VERSION/$checksum_file" +binary_url="$release_download_url/v$version/$artefact" +checksum_file_url="$release_download_url/v$version/$checksum_file" config_dir=$(dirname $CONFIG_PATH) systemd_unit_path='/etc/systemd/system/matterbridge.service' @@ -88,7 +90,7 @@ require="__user/$USER" __directory "$config_dir" \ require="__directory/$config_dir" __file "$CONFIG_PATH" \ --owner "$USER" \ --mode 0640 \ - --source "$CONFIG" + --source "$config" __file "$systemd_unit_path" \ --source "$__object/files/matterbridge.service" diff --git a/type/__nginx/man.rst b/type/__nginx/man.rst index 71d47e7..c1827c0 100644 --- a/type/__nginx/man.rst +++ b/type/__nginx/man.rst @@ -28,6 +28,16 @@ uacme-hookscript Custom hook passed to the __uacme_obtain type: useful to integrate the dns-01 challenge with third-party DNS providers. +acme-url + ACMEv2 server directory object URL. Lets'Encrypt is used by default. + +acme-eab-credentials + Specify RFC8555 External Account Binding credentials according to + https://tools.ietf.org/html/rfc8555#section-7.3.4, in order to associate a new + ACME account with an existing account in a non-ACME system such as a CA + customer database. KEYID must be an ASCII string. KEY must be + base64url-encoded. + EXAMPLES -------- diff --git a/type/__nginx/manifest b/type/__nginx/manifest index b552319..cdd483a 100644 --- a/type/__nginx/manifest +++ b/type/__nginx/manifest @@ -36,6 +36,20 @@ then set_custom_uacme_hookscript="--hookscript $uacme_hookscript" fi +set_custom_acme_url= +if [ -f "${__object:?}/parameter/acme-url" ]; +then + custom_acme_url=$(cat "${__object:?}/parameter/acme-url") + set_custom_acme_url="--acme-url $custom_acme_url" +fi + +set_acme_eab_credentials= +if [ -f "${__object:?}/parameter/acme-eab-credentials" ]; +then + acme_eab_credentials=$(cat "${__object:?}/parameter/acme-eab-credentials") + set_acme_eab_credentials="--eab-credentials $acme_eab_credentials" +fi + # Deploy simple HTTP vhost, allowing to serve ACME challenges. __nginx_vhost "301-to-https-$domain" \ --domain "$domain" --altdomains "$altdomains" --to-https @@ -46,12 +60,18 @@ if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to") fi -__uacme_account +# shellcheck disable=SC2086 +__uacme_account \ + $set_custom_acme_url \ + $set_acme_eab_credentials \ + # shellcheck disable=SC2086 require="__nginx_vhost/301-to-https-$domain __uacme_account" \ __uacme_obtain "$domain" \ --altdomains "$altdomains" \ $set_custom_uacme_hookscript \ + $set_custom_acme_url \ + $set_acme_eab_credentials \ --owner "$cert_ownership" \ --install-key-to "$nginx_certdir/$domain/privkey.pem" \ --install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \ diff --git a/type/__nginx/parameter/optional b/type/__nginx/parameter/optional index 1a5fb95..8d6fae6 100644 --- a/type/__nginx/parameter/optional +++ b/type/__nginx/parameter/optional @@ -2,4 +2,6 @@ config domain altdomains uacme-hookscript +acme-url +acme-eab-credentials force-cert-ownership-to diff --git a/type/__uacme_account/gencode-remote b/type/__uacme_account/gencode-remote index e1d9551..b75d2d7 100644 --- a/type/__uacme_account/gencode-remote +++ b/type/__uacme_account/gencode-remote @@ -18,6 +18,21 @@ then admin_mail="$(cat "${__object:?}/parameter/admin-mail")"; fi +# Autoaccept ACME server terms (if any) upon new account creation. +uacme_opts="--yes" + +# Non-default ACMEv2 server directory object URL. +if [ -f "${__object:?}/parameter/acme-url" ]; then + custom_acme_url=$(cat "${__object:?}/parameter/acme-url") + uacme_opts="$uacme_opts --acme-url $custom_acme_url" +fi + +# Specify RFC8555 External Account Binding credentials. +if [ -f "${__object:?}/parameter/eab-credentials" ]; then + eab_credentials=$(cat "${__object:?}/parameter/eab-credentials") + uacme_opts="$uacme_opts --eab $eab_credentials" +fi + confdir="${default_confdir:?}" if [ -f "${__object:?}/parameter/confdir" ]; then @@ -27,6 +42,6 @@ fi cat << EOF if ! [ -f "${confdir}/private/key.pem" ]; then - uacme -y new ${admin_mail} + uacme $uacme_opts new ${admin_mail} fi EOF diff --git a/type/__uacme_account/man.rst b/type/__uacme_account/man.rst index be5efc6..c18bb40 100644 --- a/type/__uacme_account/man.rst +++ b/type/__uacme_account/man.rst @@ -23,6 +23,16 @@ confdir admin-mail Administrative contact email to register the account with. +acme-url + ACMEv2 server directory object URL. Lets'Encrypt is used by default. + +eab-credentials + Specify RFC8555 External Account Binding credentials according to + https://tools.ietf.org/html/rfc8555#section-7.3.4, in order to associate a new + ACME account with an existing account in a non-ACME system such as a CA + customer database. KEYID must be an ASCII string. KEY must be + base64url-encoded. This is parameter is not supported by uacme < 1.6. + EXAMPLES -------- @@ -43,6 +53,7 @@ SEE ALSO AUTHORS ------- Joachim Desroches +Timothée Floure COPYING ------- diff --git a/type/__uacme_account/parameter/optional b/type/__uacme_account/parameter/optional index 0eaba67..dff247c 100644 --- a/type/__uacme_account/parameter/optional +++ b/type/__uacme_account/parameter/optional @@ -1,2 +1,4 @@ confdir admin-mail +acme-url +eab-credentials diff --git a/type/__uacme_obtain/files/renew.sh.sh b/type/__uacme_obtain/files/renew.sh.sh index 18bf061..dc82fd9 100755 --- a/type/__uacme_obtain/files/renew.sh.sh +++ b/type/__uacme_obtain/files/renew.sh.sh @@ -7,8 +7,8 @@ UACME_CHALLENGE_PATH=${CHALLENGEDIR:?} export UACME_CHALLENGE_PATH # Issue certificate. -uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${MUST_STAPLE?} ${KEYTYPE?} \\ - issue -- ${DOMAIN:?} +uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${ACME_URL?} \\ + ${EAB_CREDENTIALS?} ${MUST_STAPLE?} ${KEYTYPE?} issue -- ${DOMAIN:?} # Note: exit code 0 means that certificate was issued. # Note: exit code 1 means that certificate was still valid, hence not renewed. diff --git a/type/__uacme_obtain/manifest b/type/__uacme_obtain/manifest index f41e881..b41ddde 100644 --- a/type/__uacme_obtain/manifest +++ b/type/__uacme_obtain/manifest @@ -69,6 +69,22 @@ then fi export MUST_STAPLE +# Non-default ACMEv2 server directory object URL. +ACME_URL= +if [ -f "${__object:?}/parameter/acme-url" ]; then + custom_acme_url=$(cat "${__object:?}/parameter/acme-url") + ACME_URL="--acme-url $custom_acme_url" +fi +export ACME_URL + +# Specify RFC8555 External Account Binding credentials. +EAB_CREDENTIALS= +if [ -f "${__object:?}/parameter/eab-credentials" ]; then + eab_credentials_param=$(cat "${__object:?}/parameter/eab-credentials") + EAB_CREDENTIALS="--eab $eab_credentials_param" +fi +export EAB_CREDENTIALS + OWNER=root if [ -f "${__object:?}/parameter/owner" ]; then diff --git a/type/__uacme_obtain/parameter/optional b/type/__uacme_obtain/parameter/optional index fd721af..9fa9846 100644 --- a/type/__uacme_obtain/parameter/optional +++ b/type/__uacme_obtain/parameter/optional @@ -5,3 +5,5 @@ owner install-cert-to install-key-to renew-hook +acme-url +eab-credentials