Commit graph

27 commits

Author SHA1 Message Date
evilham 11ecb37dd9
[__jitsi_meet] Add --abort-conference-count parameter
Only has an effect if the prometheus exporter is enabled and if it is not
empty (default).
If at least this many conferences are active on the server, the type will
bail out before making any changes.
This is useful if you want to avoid service disruptions due to e.g. an SLA.

Sponsored by:	camilion.eu
2022-06-21 11:19:11 +02:00
evilham 797f7c8648
[__jitsi_meet] Improve manpage regarding ufw and SSH
This documents the fact that this type does not make decisions about anything
other than Jitsi-Meet itself and therefore care should be taken with the SSH
port.

Related to:	ungleich-public/cdist-contrib#23
Reported by:	@pedro
2022-05-08 21:47:26 +02:00
evilham 8e1d0b68f1
[__jitsi_meet*] Add new parameters for heavier branding
This uses nginx' server-side includes, so each domain configured by
`__jitsi_meet_domain` can have its own customisation.

Note that the file customisation file must exist for each domain,
`__jitsi_meet_domain` takes care of that already.

Sponsored by:   camilion.eu, eXO.cat
2022-04-28 17:42:30 +02:00
evilham a63d9ec458
[__jitsi_meet] Configure jicofo so metrics are more useful
By default the REST API provided by jicofo is less useful than desired.
This is a tad under-documented, so finding the right settings was tricky :-).

Sponsored by:   camilion.eu, eXO.cat
2022-04-28 17:32:15 +02:00
evilham 0cff414884
[__jitsi_meet] Simplify exporter logic and update it to 1.2.0
This uses the newly merged __single_binary_service and:

- Fixes the bug where once added, the exporter could not be removed
- Simplifies keeping it up to date

Sponsored by:   camilion.eu, eXO.cat
2022-04-28 17:28:46 +02:00
evilham 151dc32fb5
[__jitsi_meet*] Add support for simultaneous interpretations
By using https://gitlab.com/mfmt/jsi which consists of very small and simple
static files, we enable interpretations by default.

With this commit, any DOMAIN created with __jitsi_meet_domain will serve jsi on
https://DOMAIN/i/ and any ROOM can be used with simultaneous interpretation on
https://DOMAIN/i/ROOM

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 19:46:03 +02:00
evilham 7e2ba98d36
[__jitsi_meet] Fix issue with jicofo memory adaptation
That was being a bit of a mess.

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 17:52:49 +02:00
evilham 1658121549
[__jitsi_meet*] Update to 2.0.7210
While there, make things a tad easier to maintain.

Note that in this version, jitsi switches to using nginx upstreams; it shouldn't
be relevant for instances fully managed with these types.

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 15:52:47 +02:00
evilham c5070a3a33
[__jitsi_meet] Fix adjustment of jicofo's max memory
Leftover from last commit >,<

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 14:44:10 +02:00
evilham 80bbbd3aa8
[__jitsi_meet] Adapt jicofo and videobridge memory usage
This enables us to setup smaller jitsi instances that work reliably.

We set 3 threshholds:
- < 3G RAM: use 0.75G max memory
- < 5G RAM: use 1G max memory
- < 8G RAM: use 2G max memory
- >= 8G RAM: use 3G max memory (jitsi's default)

For more information as to why and how this is done, see:
https://gitlab.com/guifi-exo/projectes/-/issues/318
https://github.com/jitsi/jitsi-meet/issues/6589
as investigated back in the day by @pedro

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 14:37:08 +02:00
evilham 87cc109bf1
[__jitsi_meet*] Make rooms on different domains not equivalent
This is a backwards-compatible change.

We switch the approach from "treat all domains as if they were the main domain"
to: "each domain has its own prosody settings".

This works perfectly fine, even with secured domains.

There is a caveat with secured domains, in that they use the main domain to log
in; this means that users are shared across all domains (as they were before
this commit).

This is due to jicofo refusing to start meetings from a domain that is not
configured, and it only accepting one domain.

Right now, this is acceptable, however we could want to authenticate against
e.g. different LDAP / IMAP servers in the future, so this would need addressing
at that stage.

Probably the best way to solve it is by patching jicofo, so it accepts starting
conferences from multiple domains and getting that patch upstream.

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 13:20:30 +02:00
evilham fa37ede84f
[__jitsi_meet] Unconfuse jitsi-version and secured domains
Closes #14 by committing to keeping the package up to date as promptly as
possible; else weird  things happen and there are no real good solutions for
this.  E.g. we have seen in the past that due to security issues, a jitsi
dependency  needs to be upgraded, but some package that jitsi-meet depends upon
also has an upper limit on that package's version.

A note was added to the manpage in order make it explicit that maintenance of
this type can be sponsored to ensure its proper functioning.

Closes #15 by using `__file`. This will also allow us to have more control over
jicofo's settings, which might be important when we start doing recordings.

Sponsored by:	lafede.cat
2022-04-10 19:45:08 +02:00
sparrowhawk a6f6a7fba8
[__jitsi_meet]: Fix deprecated usage of __debconf_set_selections.
Replace the --file parameter with the --line parameter, as recommended
since cdist 6.9.6.
2022-03-14 15:30:11 +01:00
evilham ac99cd8d84
[__jitsi_meet_domain] Update to 2.0.7001-1
Obsoletes #13
2022-03-10 21:23:45 +01:00
evilham ac03f05766 [__jitsi_meet] Fix bug with secured domains
This is a leftover from when we were using __line instead of __block.

Closes #15

Reported by:  @pedro
2022-03-10 21:20:52 +01:00
evilham e052178122 [__jitsi*] Update to 2.0.6726
Sponsored by: plataformess.org
2021-12-22 20:05:37 +01:00
evilham 30c72c1033 [__jitsi_meet] Fix shellchek of unused variable 2021-10-01 12:00:50 +02:00
evilham affd398cff [__jitsi*] Update to 2.0.6293 2021-10-01 11:51:50 +02:00
evilham d4f303c64b [__jitsi_meet*] Relocate hash_bucket_size nginx directive
This was causing issues in multi-domain scenarios where it'd get duplicated.

Fixes #8
2021-05-23 11:45:54 +02:00
evilham fbdcd8d6fc [__jitsi_meet*] Improve documentation
Also improve __jitsi_meet_user's support for removing users in that a password
is not required to remove them.
2021-05-10 17:04:44 +02:00
pedro 87bc766115 [__jitsi_meet*] Add parameters for secure domains
This is done with slight adaptations from the official guide at
https://jitsi.github.io/handbook/docs/devops-guide/secure-domain

Amongst other changes, we rely on Prosody's configuration parser only overwriting the parts of a VirtualHost that are explicitly specified in "later appearing" (lexicographically speaking) files.
This allows us to let Jitsi manage the main config file and adding the few customisations on top of it.
We also use the Plaintext authenticator as this is enough atm and is the easiest to manage in an idempotent fashion; support for other authentication mechanisms is possible, see Prosody's documentation for that.
2021-05-10 16:40:46 +02:00
evilham 2a97346979 [__jitsi_meet] Update to 2.3, add versioning parameter.
Jitsi's repositories have rotated keys, this removes the previous key if
necessary and ensures the new key is present.

Can't be merged until following lands:
  https://code.ungleich.ch/ungleich-public/cdist/-/merge_requests/994
since we rely on `--use-deprecated-apt-key` and the improvements in the type to
modify the keyring in a reliable fashion.

This also updates the exporter to version 1.1.5 released on April 25th 2021.
2021-05-10 12:21:57 +02:00
evilham 7b892e1332 [__jitsi_meet] Upgrade prometheus jitsi exporter to 1.1.3
This also fixes a typo in the URL that resulted in the exporter not being
installed '-.-.
2021-02-06 20:36:57 +01:00
fnux 87d4c33e26
Make shellcheck happy with the __jitsi_* types 2021-01-13 08:54:28 +01:00
fnux a1620e8221
__jitsi_meet: remove forgotten/invalid requirement 2021-01-12 16:32:29 +01:00
fnux ac63762653
'unbrand' evilham's runit types 2021-01-11 14:18:41 +01:00
fnux d3bf8512ec
'unbrand' evilham's jitsi types 2021-01-11 14:18:41 +01:00