[__jitsi_meet] Unconfuse jitsi-version and secured domains
Closes #14 by committing to keeping the package up to date as promptly as possible; else weird things happen and there are no real good solutions for this. E.g. we have seen in the past that due to security issues, a jitsi dependency needs to be upgraded, but some package that jitsi-meet depends upon also has an upper limit on that package's version. A note was added to the manpage in order make it explicit that maintenance of this type can be sponsored to ensure its proper functioning. Closes #15 by using `__file`. This will also allow us to have more control over jicofo's settings, which might be important when we start doing recordings. Sponsored by: lafede.cat
This commit is contained in:
parent
af04f7464b
commit
fa37ede84f
6 changed files with 67 additions and 29 deletions
34
type/__jitsi_meet/files/jicofo.conf.sh
Executable file
34
type/__jitsi_meet/files/jicofo.conf.sh
Executable file
|
@ -0,0 +1,34 @@
|
||||||
|
#!/bin/sh -eu
|
||||||
|
|
||||||
|
# Start
|
||||||
|
cat <<EOF
|
||||||
|
# Managed remotely, changes will be lost
|
||||||
|
|
||||||
|
# Jicofo HOCON configuration. See /usr/share/jicofo/jicofo.jar/reference.conf for
|
||||||
|
#available options, syntax, and default values.
|
||||||
|
jicofo {
|
||||||
|
xmpp: {
|
||||||
|
client: {
|
||||||
|
client-proxy: focus.${JITSI_HOST:?}
|
||||||
|
}
|
||||||
|
trusted-domains: [ "recorder.${JITSI_HOST:?}" ]
|
||||||
|
}
|
||||||
|
bridge: {
|
||||||
|
brewery-jid: "JvbBrewery@internal.auth.${JITSI_HOST:?}"
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Secured domains if needed
|
||||||
|
if [ "${SECURED_DOMAINS_STATE:?}" = "present" ]; then
|
||||||
|
cat <<EOF
|
||||||
|
|
||||||
|
authentication: {
|
||||||
|
enabled: true
|
||||||
|
type: XMPP
|
||||||
|
login-url: ${JITSI_HOST:?}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
|
# End
|
||||||
|
echo '}'
|
|
@ -5,7 +5,7 @@ if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
JITSI_HOST="${__object_id}"
|
JITSI_HOST="${__object_id}"
|
||||||
if grep -qE "^(__line/jitsi_jicofo_secured_domains|__file/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua)" "${__messages_in}"; then
|
if grep -qE "^(__line/jitsi_jicofo_secured_domains|__file/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua|__file/etc/jitsi/jicofo/jicofo.conf)" "${__messages_in}"; then
|
||||||
echo "systemctl restart prosody"
|
echo "systemctl restart prosody"
|
||||||
echo "systemctl restart jicofo"
|
echo "systemctl restart jicofo"
|
||||||
echo "systemctl restart jitsi-videobridge2"
|
echo "systemctl restart jitsi-videobridge2"
|
||||||
|
|
|
@ -28,6 +28,15 @@ You should apply your own rules here.
|
||||||
|
|
||||||
This type only works on De{bi,vu}an systems.
|
This type only works on De{bi,vu}an systems.
|
||||||
|
|
||||||
|
It is very important for this type to stay up to date with the software, as
|
||||||
|
otherwise new deployments or maintenance of existing instances might be
|
||||||
|
negatively affected.
|
||||||
|
If you can, please contribute updates to `__jitsi_meet` and
|
||||||
|
`__jitsi_meet_domain` promptly and regularly.
|
||||||
|
Alternatively, you can help finance that work; get in touch with the type
|
||||||
|
authors for that (see below).
|
||||||
|
|
||||||
|
|
||||||
NOTE: This type currently does not deal with setting up coturn.
|
NOTE: This type currently does not deal with setting up coturn.
|
||||||
For that, you might want to check `__coturn` in
|
For that, you might want to check `__coturn` in
|
||||||
https://code.ungleich.ch/ungleich-public/cdist-contrib
|
https://code.ungleich.ch/ungleich-public/cdist-contrib
|
||||||
|
@ -43,11 +52,6 @@ turn-server
|
||||||
The hostname of the TURN server.
|
The hostname of the TURN server.
|
||||||
This will assume that it is listening with TLS on port 443.
|
This will assume that it is listening with TLS on port 443.
|
||||||
|
|
||||||
jitsi-version
|
|
||||||
The jitsi-meet version of the Debian package to be installed.
|
|
||||||
While this can be specified, only the default value is known to work
|
|
||||||
properly with this type.
|
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
BOOLEAN PARAMETERS
|
||||||
------------------
|
------------------
|
||||||
|
@ -92,4 +96,4 @@ Evilham <contact@evilham.com>
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2021 Evilham.
|
Copyright \(C) 2022 Evilham.
|
||||||
|
|
|
@ -13,8 +13,13 @@ esac
|
||||||
|
|
||||||
|
|
||||||
JITSI_HOST="${__target_host}"
|
JITSI_HOST="${__target_host}"
|
||||||
# Currently unused, see below
|
if [ -f "${__object}/parameter/jitsi-version" ]; then
|
||||||
# JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
|
# This has been deprecated and will be removed 'soon'
|
||||||
|
JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
|
||||||
|
else
|
||||||
|
# Note this won't be a parameter anymore, we won't let users stay behind
|
||||||
|
JITSI_VERSION="$(cat "${__type}/files/jitsi-version")"
|
||||||
|
fi
|
||||||
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
|
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
|
||||||
TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
|
TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
|
||||||
|
|
||||||
|
@ -55,11 +60,12 @@ __debconf_set_selections jitsi_meet --line "${DEBCONF_SETTINGS}"
|
||||||
export require="${require} __debconf_set_selections/jitsi_meet"
|
export require="${require} __debconf_set_selections/jitsi_meet"
|
||||||
|
|
||||||
# Install and upgrade packages as needed
|
# Install and upgrade packages as needed
|
||||||
__package_apt jitsi-meet
|
# NOTE: we are doing version pinning again, but it breaks sometimes when
|
||||||
# We are not doing version pinning anymore because it breaks when
|
|
||||||
# the version is not the latest.
|
# the version is not the latest.
|
||||||
# This happens because dependencies cannot be properly resolved.
|
# This happens because dependencies might not be properly resolved.
|
||||||
# --version "${JITSI_VERSION}"
|
# To avoid this, this type must be maintained up to date.
|
||||||
|
# If we don't use this, keeping Jitsi's up to date is very difficult.
|
||||||
|
__package_apt jitsi-meet --version "${JITSI_VERSION}"
|
||||||
|
|
||||||
# Proceed only after installation/upgrade has finished
|
# Proceed only after installation/upgrade has finished
|
||||||
export require="__package_apt/jitsi-meet"
|
export require="__package_apt/jitsi-meet"
|
||||||
|
@ -151,10 +157,8 @@ EOF
|
||||||
|
|
||||||
if [ -f "${__object}/parameter/secured-domains" ]; then
|
if [ -f "${__object}/parameter/secured-domains" ]; then
|
||||||
SECURED_DOMAINS_STATE='present'
|
SECURED_DOMAINS_STATE='present'
|
||||||
SECURED_DOMAINS_STATE_JICOFO='present'
|
|
||||||
else
|
else
|
||||||
SECURED_DOMAINS_STATE='absent'
|
SECURED_DOMAINS_STATE='absent'
|
||||||
SECURED_DOMAINS_STATE_JICOFO='absent'
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \
|
__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \
|
||||||
|
@ -169,18 +173,10 @@ VirtualHost "guest.${JITSI_HOST}"
|
||||||
c2s_require_encryption = false
|
c2s_require_encryption = false
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
__block jitsi_jicofo_secured_domains \
|
export SECURED_DOMAINS_STATE
|
||||||
--prefix "// begin cdist: jicofo_secured_domains" \
|
export JITSI_HOST
|
||||||
--suffix "// end cdist: jicofo_secured_domains" \
|
"${__type}/files/jicofo.conf.sh" | \
|
||||||
--file /etc/jitsi/jicofo/jicofo.conf \
|
__file /etc/jitsi/jicofo/jicofo.conf --mode 0444 --source '-'
|
||||||
--state "${SECURED_DOMAINS_STATE_JICOFO}" \
|
|
||||||
--text '-' <<EOF
|
|
||||||
authentication: {
|
|
||||||
enabled: true
|
|
||||||
type: XMPP
|
|
||||||
login-url: ${JITSI_HOST}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# These two should be changed on new release
|
# These two should be changed on new release
|
||||||
PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.5"
|
PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.5"
|
||||||
|
|
4
type/__jitsi_meet/parameter/deprecated/jitsi-version
Normal file
4
type/__jitsi_meet/parameter/deprecated/jitsi-version
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
Supporting different versions lead to strange issues in the life-time of a
|
||||||
|
Jitsi instance. Chiefly: difficulties upgrading.
|
||||||
|
|
||||||
|
If you are specifying this for a valid reason, please get in touch.
|
Loading…
Reference in a new issue