diff --git a/type/__jitsi_meet/explorer/configured-memory b/type/__jitsi_meet/explorer/configured-memory deleted file mode 100755 index 658f94b..0000000 --- a/type/__jitsi_meet/explorer/configured-memory +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -eu - -JICOFO="/usr/share/jicofo/jicofo.sh" -VIDEOBRIDGE="/usr/share/jitsi-videobridge/lib/videobridge.rc" - -if [ -f "${JICOFO:?}" ]; then - jicofo_memory="$(grep JICOFO_MAX_MEMORY= "${JICOFO:?}" | cut -d= -f 2 | cut -d ";" -f 1)" -fi -if [ -f "${VIDEOBRIDGE:?}" ]; then - vb_memory="$(grep VIDEOBRIDGE_MAX_MEMORY= "${VIDEOBRIDGE:?}" | cut -d= -f 2)" -fi -cat < COPYING ------- -Copyright \(C) 2022 Evilham. +Copyright \(C) 2021 Evilham. diff --git a/type/__jitsi_meet/manifest b/type/__jitsi_meet/manifest index 78b3524..599af18 100755 --- a/type/__jitsi_meet/manifest +++ b/type/__jitsi_meet/manifest @@ -1,6 +1,7 @@ #!/bin/sh -e os="$(cat "${__global}/explorer/os")" +init="$(cat "${__global}/explorer/init")" case "${os}" in devuan|debian) ;; @@ -10,29 +11,10 @@ case "${os}" in ;; esac -current_conferences="$(cat "${__object}/explorer/jitsi-status" | grep -E "^jitsi_conferences[[:space:]]" | cut -d ' ' -f 2)" - -ABORT_CONFERENCE_COUNT="$(cat "${__object}/parameter/abort-conference-count")" - -if [ -n "${current_conferences}" ] && [ -n "${ABORT_CONFERENCE_COUNT}" ] && \ - [ "${ABORT_CONFERENCE_COUNT}" -le "${current_conferences}" ]; then - cat <<-EOF -Early bail out was requested when at least ${ABORT_CONFERENCE_COUNT} conferences are taking place. -There are currently ${current_conferences} active conferences. - -Try again at a later time or remove or increase --abort-conference-count - EOF - exit 1 -fi JITSI_HOST="${__target_host}" -if [ -f "${__object}/parameter/jitsi-version" ]; then - # This has been deprecated and will be removed 'soon' - JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")" -else - # Note this won't be a parameter anymore, we won't let users stay behind - JITSI_VERSION="$(cat "${__type}/files/jitsi-version")" -fi +# Currently unused, see below +# JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")" TURN_SERVER="$(cat "${__object}/parameter/turn-server")" TURN_SECRET="$(cat "${__object}/parameter/turn-secret")" @@ -40,6 +22,8 @@ if [ -z "${TURN_SERVER}" ]; then TURN_SERVER="${JITSI_HOST}" fi +PROMETHEUS_JITSI_EXPORTER_IS_VERSION="$(cat "${__object}/explorer/prometheus-jitsi-meet-explorer-version")" + # The rest is loosely based on Jitsi's documentation # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart @@ -71,12 +55,11 @@ __debconf_set_selections jitsi_meet --line "${DEBCONF_SETTINGS}" export require="${require} __debconf_set_selections/jitsi_meet" # Install and upgrade packages as needed -# NOTE: we are doing version pinning again, but it breaks sometimes when -# the version is not the latest. -# This happens because dependencies might not be properly resolved. -# To avoid this, this type must be maintained up to date. -# If we don't use this, keeping Jitsi's up to date is very difficult. -__package_apt jitsi-meet --version "${JITSI_VERSION}" +__package_apt jitsi-meet +# We are not doing version pinning anymore because it breaks when +# the version is not the latest. +# This happens because dependencies cannot be properly resolved. +# --version "${JITSI_VERSION}" # Proceed only after installation/upgrade has finished export require="__package_apt/jitsi-meet" @@ -166,144 +149,95 @@ server { } EOF -# Starting from 2.0.7210, jitsi defines following nginx upstreams -__directory "${NGINX_ETC}/conf.d" --state present -require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/prosody.conf" \ - --mode 644 \ - --source - << EOF -upstream prosody { - zone upstreams 64K; - server 127.0.0.1:5280; - keepalive 2; -} -EOF -require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/jvb1.conf" \ - --mode 644 \ - --source - << EOF -upstream jvb1 { - zone upstreams 64K; - server 127.0.0.1:9090; - keepalive 2; -} -EOF - if [ -f "${__object}/parameter/secured-domains" ]; then SECURED_DOMAINS_STATE='present' + SECURED_DOMAINS_STATE_JICOFO='present' else SECURED_DOMAINS_STATE='absent' + SECURED_DOMAINS_STATE_JICOFO='absent' fi -# This is the main host config -PROSODY_MAIN_CONFIG="YES" -# Prosody settings for common components (jvb, focus, ...) -# shellcheck source=type/__jitsi_meet/files/prosody.cfg.lua.sh -. "${__type}/files/prosody.cfg.lua.sh" # This defines PROSODY_CONFIG -__file "/etc/prosody/conf.d/00_jitsi_base.cfg.lua" \ - --group prosody \ - --mode 0440 \ - --source - < +__block jitsi_jicofo_secured_domains \ + --prefix "// begin cdist: jicofo_secured_domains" \ + --suffix "// end cdist: jicofo_secured_domains" \ + --file /etc/jitsi/jicofo/jicofo.conf \ + --state "${SECURED_DOMAINS_STATE_JICOFO}" \ + --text '-' <]*(/external_api.js).!src='\1'!" \ - -e "s!

[^<]*

!

Jitsi Meetings with interpreter

!" \ - -e "s!https://meet.mayfirst.org!/!" \ - -e "s!(style.css|jsi.js)([^?])!\1?v=${jsi_updated_on:?}\2!" \ - /opt/jsi/static/index.html.sample +PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.5" +PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:3ddf43a48d9a2f62be1bc6db9e7ba75d61994f9423e5c5b28be019f41f06f745" +PROMETHEUS_JITSI_EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}/prometheus-jitsi-meet-exporter-linux-amd64" +PROMETHEUS_JITSI_EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version" +if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then + case "${init}" in + init|sysvinit) + __runit + require="__runit" __runit_service \ + prometheus-jitsi-meet-exporter --log --source - <&1 EOF -)" + + export require="__runit_service/prometheus-jitsi-meet-exporter" + JITSI_MEET_EXPORTER_SERVICE="sv %s prometheus-jitsi-meet-exporter" + ;; + systemd) + __systemd_unit prometheus-jitsi-meet-exporter.service \ + --source "-" \ + --enablement-state "enabled" < jitsi-version diff --git a/type/__jitsi_meet_domain/files/config.js.sh b/type/__jitsi_meet_domain/files/config.js.sh index 43e1e29..58df3fc 100644 --- a/type/__jitsi_meet_domain/files/config.js.sh +++ b/type/__jitsi_meet_domain/files/config.js.sh @@ -4,32 +4,32 @@ JITSI_CONFIG_JS="$(cat <. - // NOTE [cdist]: if we use '${DOMAIN}', jicofo won't start the meeting - authdomain: '${JITSI_HOST}', + // authdomain: '${JITSI_HOST}', // Focus component domain. Defaults to focus.. - focus: 'focus.${JITSI_HOST}', + // focus: 'focus.${JITSI_HOST}', // XMPP MUC domain. FIXME: use XEP-0030 to discover it. - muc: 'conference.${DOMAIN}' + muc: 'conference.${JITSI_HOST}' }, // BOSH URL. FIXME: use XEP-0156 to discover it. @@ -37,12 +37,12 @@ var config = { bosh: '///http-bind', // Websocket URL - // websocket: 'wss://${DOMAIN}/xmpp-websocket', + // websocket: 'wss://${JITSI_HOST}/xmpp-websocket', // The real JID of focus participant - can be overridden here // Do not change username - FIXME: Make focus username configurable // https://github.com/jitsi/jitsi-meet/issues/7376 - focusUserJid: 'focus@auth.${JITSI_HOST}', + // focusUserJid: 'focus@auth.${JITSI_HOST}', // Testing / experimental features. @@ -80,11 +80,6 @@ var config = { // or disabled for the screenshare. // capScreenshareBitrate: 1 // 0 to disable - deprecated. - // Whether to use fake constraints (height: 99999, width: 99999) when calling getDisplayMedia on - // Chromium based browsers. This is intended as a workaround for - // https://bugs.chromium.org/p/chromium/issues/detail?id=1056311 - // setScreenSharingResolutionConstraints: true - // Enable callstats only for a percentage of users. // This takes a value between 0 and 100 which determines the probability for // the callstats to be enabled. @@ -95,10 +90,6 @@ var config = { flags: { // Enables source names in the signaling. // sourceNameSignaling: false, - - // Enables sending multiple video streams, i.e., camera and desktop tracks can be shared in the conference - // separately as two different streams instead of one composite stream. - // sendMultipleVideoStreams: false }, // Disables moderator indicators. @@ -285,9 +276,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // appKey: '' // Specify your app key here. // // A URL to redirect the user to, after authenticating // // by default uses: - // // 'https://${DOMAIN}/static/oauth.html' + // // 'https://${JITSI_HOST}/static/oauth.html' // redirectURI: - // 'https://${DOMAIN}/subfolder/static/oauth.html' + // 'https://${JITSI_HOST}/subfolder/static/oauth.html' // }, // When integrations like dropbox are enabled only that will be shown, // by enabling fileRecordingsServiceEnabled, we show both the integrations @@ -302,9 +293,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Whether to enable live streaming or not. // liveStreamingEnabled: false, - // Whether to enable local recording or not. - // enableLocalRecording: false, - // Transcription (in interface_config, // subtitles and buttons can be configured) // transcribingEnabled: false, @@ -498,9 +486,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // If Lobby is enabled starts knocking automatically. // autoKnockLobby: false, - // Enable lobby chat. - // enableLobbyChat: true, - // DEPRECATED! Use \`breakoutRooms.hideAddRoomButton\` instead. // Hides add breakout room button // hideAddRoomButton: false, @@ -540,7 +525,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Hides the dominant speaker name badge that hovers above the toolbox // hideDominantSpeakerBadge: false, - // Default language for the user interface. Cannot be overwritten. + // Default language for the user interface. defaultLanguage: '${DEFAULT_LANGUAGE}', // Disables profile and the edit of all fields from the profile settings (display name and email) @@ -569,10 +554,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // // When 'true', it shows an intermediate page before joining, where the user can configure their devices. // // This replaces \`prejoinPageEnabled\`. // enabled: true, - // // Hides the participant name editing field in the prejoin screen. - // // If requireDisplayName is also set as true, a name should still be provided through - // // either the jwt or the userInfo from the iframe api init object in order for this to have an effect. - // hideDisplayName: false, // // List of buttons to hide from the extra join options dropdown. // hideExtraJoinButtons: ['no-audio', 'by-phone'] // }, @@ -600,17 +581,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Array with avatar URL prefixes that need to use CORS. // corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ], - // Base URL for a Gravatar-compatible service. Defaults to Gravatar. - // DEPRECATED! Use \`gravatar.baseUrl\` instead. - // gravatarBaseURL: 'https://www.gravatar.com/avatar/', - - // Setup for Gravatar-compatible services. - // gravatar: { - // // Defaults to Gravatar. - // baseUrl: 'https://www.gravatar.com/avatar/', - // // True if Gravatar should be disabled. - // disabled: false - // }, + // Base URL for a Gravatar-compatible service. Defaults to libravatar. + // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', // App name to be displayed in the invitation email subject, as an alternative to // interfaceConfig.APP_NAME. @@ -632,7 +604,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'chat', // 'closedcaptions', // 'desktop', - // 'dock-iframe' // 'download', // 'embedmeeting', // 'etherpad', @@ -641,11 +612,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'fullscreen', // 'hangup', // 'help', - // 'highlight', // 'invite', - // 'linktosalesforce', // 'livestreaming', // 'microphone', + // 'mute-everyone', + // 'mute-video-everyone', // 'participants-pane', // 'profile', // 'raisehand', @@ -659,7 +630,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // 'stats', // 'tileview', // 'toggle-camera', - // 'undock-iframe', // 'videoquality', // '__end' // ], @@ -674,9 +644,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // timeout: 4000, // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE // // Whether toolbar should be always visible or should hide after x miliseconds. - // alwaysVisible: false, - // // Indicates whether the toolbar should still autohide when chat is open - // autoHideWhileChatIsOpen: false + // alwaysVisible: false // }, // Toolbar buttons which have their click/tap event exposed through the API on @@ -785,25 +753,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) // Enables sending participants' emails (if available) to callstats and other analytics // enableEmailInStats: false, - // faceLandmarks: { - // // Enables sharing your face coordinates. Used for centering faces within a video. - // enableFaceCentering: false, + // Enables detecting faces of participants and get their expression and send it to other participants + // enableFacialRecognition: true, - // // Enables detecting face expressions and sharing data with other participants - // enableFaceExpressionsDetection: false, - - // // Enables displaying face expressions in speaker stats - // enableDisplayFaceExpressions: false, - - // // Enable rtc stats for face landmarks - // enableRTCStats: false, - - // // Minimum required face movement percentage threshold for sending new face centering coordinates data. - // faceCenteringThreshold: 10, - - // // Milliseconds for processing a new image capture in order to detect face coordinates if they exist. - // captureInterval: 1000 - // }, + // Enables displaying facial expressions in speaker stats + // enableDisplayFacialExpressions: true, // Controls the percentage of automatic feedback shown to participants when callstats is enabled. // The default value is 100%. If set to 0, no automatic feedback will be requested @@ -869,7 +823,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) }, analytics: { -${ANALYTICS_SETTINGS} // True if the analytics should be disabled // disabled: false, @@ -957,22 +910,33 @@ ${ANALYTICS_SETTINGS} // chromeExtensionBanner: { // // The chrome extension to be installed address // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', - // edgeUrl: 'https://microsoftedge.microsoft.com/addons/detail/jitsi-meetings/eeecajlpbgjppibfledfihobcabccihn', // // Extensions info which allows checking if they are installed or not // chromeExtensionsInfo: [ // { // id: 'kglhbbefdnlheedjiejgomgmfplipfeb', // path: 'jitsi-logo-48x48.png' - // }, - // // Edge extension info - // { - // id: 'eeecajlpbgjppibfledfihobcabccihn', - // path: 'jitsi-logo-48x48.png' // } // ] // }, + // Local Recording + // + + // localRecording: { + // Enables local recording. + // Additionally, 'localrecording' (all lowercase) needs to be added to + // the \`toolbarButtons\`-array for the Local Recording button to show up + // on the toolbar. + // + // enabled: true, + // + + // The recording format, can be one of 'ogg', 'flac' or 'wav'. + // format: 'flac' + // + + // }, // e2ee: { // labels, // externallyManagedKey: false @@ -980,18 +944,14 @@ ${ANALYTICS_SETTINGS} // Options related to end-to-end (participant to participant) ping. // e2eping: { - // // Whether ene-to-end pings should be enabled. - // enabled: false, + // // The interval in milliseconds at which pings will be sent. + // // Defaults to 10000, set to <= 0 to disable. + // pingInterval: 10000, // - // // The number of responses to wait for. - // numRequests: 5, - // - // // The max conference size in which e2e pings will be sent. - // maxConferenceSize: 200, - // - // // The maximum number of e2e ping messages per second for the whole conference to aim for. - // // This is used to contol the pacing of messages in order to reduce the load on the backend. - // maxMessagesPerSecond: 250 + // // The interval in milliseconds at which analytics events + // // with the measured RTT will be sent. Defaults to 60000, set + // // to <= 0 to disable. + // analyticsInterval: 60000, // }, // If set, will attempt to use the provided video input device label when @@ -1018,8 +978,7 @@ ${ANALYTICS_SETTINGS} // Disables all invite functions from the app (share, invite, dial out...etc) // disableInviteFunctions: true, - // Disables storing the room name to the recents list. When in an iframe this is ignored and - // the room is never stored in the recents list. + // Disables storing the room name to the recents list // doNotStoreRoom: true, // Deployment specific URLs. @@ -1034,25 +993,12 @@ ${ANALYTICS_SETTINGS} // Options related to the remote participant menu. // remoteVideoMenu: { - // // Whether the remote video context menu to be rendered or not. - // disabled: true, // // If set to true the 'Kick out' button will be disabled. // disableKick: true, // // If set to true the 'Grant moderator' button will be disabled. - // disableGrantModerator: true, - // // If set to true the 'Send private message' button will be disabled. - // disablePrivateChat: true + // disableGrantModerator: true // }, - // Endpoint that enables support for salesforce integration with in-meeting resource linking - // This is required for: - // listing the most recent records - salesforceUrl/records/recents - // searching records - salesforceUrl/records?text=\${text} - // retrieving record details - salesforceUrl/records/\${id}?type=\${type} - // and linking the meeting - salesforceUrl/sessions/\${sessionId}/records/\${id} - // - // salesforceUrl: 'https://api.example.com/', - // If set to true all muting operations of remote participants will be disabled. // disableRemoteMute: true, @@ -1116,22 +1062,10 @@ ${ANALYTICS_SETTINGS} */ dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}", - // Options related to the participants pane. - // participantsPane: { - // // Hides the moderator settings tab. - // hideModeratorSettingsTab: false, - // // Hides the more actions button. - // hideMoreActionsButton: false, - // // Hides the mute all button. - // hideMuteAllButton: false - // }, - // Options related to the breakout rooms feature. // breakoutRooms: { // // Hides the add breakout room button. This replaces \`hideAddRoomButton\`. // hideAddRoomButton: false, - // // Hides the auto assign participants button. - // hideAutoAssignButton: false, // // Hides the join breakout room button. // hideJoinRoomButton: false // }, @@ -1162,7 +1096,7 @@ ${ANALYTICS_SETTINGS} // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. // conferenceInfo: { // // those labels will not be hidden in tandem with the toolbox. - // alwaysVisible: ['recording', 'raised-hands-count'], + // alwaysVisible: ['recording', 'local-recording', 'raised-hands-count'], // // those labels will be auto-hidden in tandem with the toolbox buttons. // autoHide: [ // 'subject', @@ -1171,8 +1105,7 @@ ${ANALYTICS_SETTINGS} // 'e2ee', // 'transcribing', // 'video-quality', - // 'insecure-room', - // 'highlight-moment' + // 'insecure-room' // ] // }, @@ -1206,24 +1139,14 @@ ${ANALYTICS_SETTINGS} // will open an etherpad document. // etherpad_base: 'https://your-etherpad-installati.on/p/', - // To enable information about dial-in access to meetings you need to provide - // dialInNumbersUrl and dialInConfCodeUrl. - // dialInNumbersUrl returns a json array of numbers that can be used for dial-in. - // {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"} - // dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in - // or the other way around (more info in resources/cloud-api.swagger) - // - // For JaaS customers the default values are: - // dialInNumbersUrl: 'https://conference-mapper.jitsi.net/v1/access/dids', - // dialInConfCodeUrl: 'https://conference-mapper.jitsi.net/v1/access', - // - // List of undocumented settings used in jitsi-meet /** _immediateReloadThreshold debug debugAudioLevels deploymentInfo + dialInConfCodeUrl + dialInNumbersUrl dialOutAuthUrl dialOutCodesUrl disableRemoteControl @@ -1308,6 +1231,7 @@ ${ANALYTICS_SETTINGS} // 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable // 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied + // 'localRecording.localRecording', // shown when a local recording is started // 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed // 'notify.disconnected', // shown when a participant has left // 'notify.connectedOneMember', // show when a participant joined @@ -1321,7 +1245,6 @@ ${ANALYTICS_SETTINGS} // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.kickParticipant', // shown when a participant is kicked - // 'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration // 'notify.moderationStartedTitle', // shown when AV moderation is activated // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation @@ -1337,7 +1260,6 @@ ${ANALYTICS_SETTINGS} // 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.startSilentTitle', // shown when user joined with no audio // 'notify.unmute', // shown to moderator when user raises hand during AV moderation - // 'notify.hostAskedUnmute', // shown to participant when host asks them to unmute // 'prejoin.errorDialOut', // 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutFailed', @@ -1353,9 +1275,6 @@ ${ANALYTICS_SETTINGS} // 'transcribing.failedToStart' // shown when transcribing fails to start // ], - // List of notifications to be disabled. Works in tandem with the above setting. - // disabledNotifications: [], - // Prevent the filmstrip from autohiding when screen width is under a certain threshold // disableFilmstripAutohiding: false, @@ -1363,37 +1282,12 @@ ${ANALYTICS_SETTINGS} // // Disables user resizable filmstrip. Also, allows configuration of the filmstrip // // (width, tiles aspect ratios) through the interfaceConfig options. // disableResizable: false, + // } - // // Disables the stage filmstrip - // // (displaying multiple participants on stage besides the vertical filmstrip) - // disableStageFilmstrip: false - // }, - - // Tile view related config options. - // tileView: { - // // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may - // // not be possible to show the exact number of participants specified here. - // numberOfVisibleTiles: 25 - // }, // Specifies whether the chat emoticons are disabled or not // disableChatSmileys: false, - // Settings for the GIPHY integration. - // giphy: { - // // Whether the feature is enabled or not. - // enabled: false, - // // SDK API Key from Giphy. - // sdkKey: '', - // // Display mode can be one of: - // // - tile: show the GIF on the tile of the participant that sent it. - // // - chat: show the GIF as a message in chat - // // - all: all of the above. This is the default option - // displayMode: 'all', - // // How long the GIF should be displayed on the tile (in miliseconds). - // tileTime: 5000 - // }, - // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. makeJsonParserHappy: 'even if last key had a trailing comma' diff --git a/type/__jitsi_meet_domain/files/config.js.sh.orig b/type/__jitsi_meet_domain/files/config.js.sh.orig index a61a591..0976642 100644 --- a/type/__jitsi_meet_domain/files/config.js.sh.orig +++ b/type/__jitsi_meet_domain/files/config.js.sh.orig @@ -1,11 +1,5 @@ - /* eslint-disable no-unused-vars, no-var */ -/* - * NOTE: If you add a new option please remember to document it here: - * https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration - */ - var config = { // Connection // @@ -74,11 +68,6 @@ var config = { // or disabled for the screenshare. // capScreenshareBitrate: 1 // 0 to disable - deprecated. - // Whether to use fake constraints (height: 99999, width: 99999) when calling getDisplayMedia on - // Chromium based browsers. This is intended as a workaround for - // https://bugs.chromium.org/p/chromium/issues/detail?id=1056311 - // setScreenSharingResolutionConstraints: true - // Enable callstats only for a percentage of users. // This takes a value between 0 and 100 which determines the probability for // the callstats to be enabled. @@ -89,10 +78,6 @@ var config = { flags: { // Enables source names in the signaling. // sourceNameSignaling: false, - - // Enables sending multiple video streams, i.e., camera and desktop tracks can be shared in the conference - // separately as two different streams instead of one composite stream. - // sendMultipleVideoStreams: false }, // Disables moderator indicators. @@ -295,9 +280,6 @@ var config = { // Whether to enable live streaming or not. // liveStreamingEnabled: false, - // Whether to enable local recording or not. - // enableLocalRecording: false, - // Transcription (in interface_config, // subtitles and buttons can be configured) // transcribingEnabled: false, @@ -491,9 +473,6 @@ var config = { // If Lobby is enabled starts knocking automatically. // autoKnockLobby: false, - // Enable lobby chat. - // enableLobbyChat: true, - // DEPRECATED! Use `breakoutRooms.hideAddRoomButton` instead. // Hides add breakout room button // hideAddRoomButton: false, @@ -533,7 +512,7 @@ var config = { // Hides the dominant speaker name badge that hovers above the toolbox // hideDominantSpeakerBadge: false, - // Default language for the user interface. Cannot be overwritten. + // Default language for the user interface. // defaultLanguage: 'en', // Disables profile and the edit of all fields from the profile settings (display name and email) @@ -562,10 +541,6 @@ var config = { // // When 'true', it shows an intermediate page before joining, where the user can configure their devices. // // This replaces `prejoinPageEnabled`. // enabled: true, - // // Hides the participant name editing field in the prejoin screen. - // // If requireDisplayName is also set as true, a name should still be provided through - // // either the jwt or the userInfo from the iframe api init object in order for this to have an effect. - // hideDisplayName: false, // // List of buttons to hide from the extra join options dropdown. // hideExtraJoinButtons: ['no-audio', 'by-phone'] // }, @@ -593,17 +568,8 @@ var config = { // Array with avatar URL prefixes that need to use CORS. // corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ], - // Base URL for a Gravatar-compatible service. Defaults to Gravatar. - // DEPRECATED! Use `gravatar.baseUrl` instead. - // gravatarBaseURL: 'https://www.gravatar.com/avatar/', - - // Setup for Gravatar-compatible services. - // gravatar: { - // // Defaults to Gravatar. - // baseUrl: 'https://www.gravatar.com/avatar/', - // // True if Gravatar should be disabled. - // disabled: false - // }, + // Base URL for a Gravatar-compatible service. Defaults to libravatar. + // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', // App name to be displayed in the invitation email subject, as an alternative to // interfaceConfig.APP_NAME. @@ -625,7 +591,6 @@ var config = { // 'chat', // 'closedcaptions', // 'desktop', - // 'dock-iframe' // 'download', // 'embedmeeting', // 'etherpad', @@ -634,11 +599,11 @@ var config = { // 'fullscreen', // 'hangup', // 'help', - // 'highlight', // 'invite', - // 'linktosalesforce', // 'livestreaming', // 'microphone', + // 'mute-everyone', + // 'mute-video-everyone', // 'participants-pane', // 'profile', // 'raisehand', @@ -652,7 +617,6 @@ var config = { // 'stats', // 'tileview', // 'toggle-camera', - // 'undock-iframe', // 'videoquality', // '__end' // ], @@ -667,9 +631,7 @@ var config = { // timeout: 4000, // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE // // Whether toolbar should be always visible or should hide after x miliseconds. - // alwaysVisible: false, - // // Indicates whether the toolbar should still autohide when chat is open - // autoHideWhileChatIsOpen: false + // alwaysVisible: false // }, // Toolbar buttons which have their click/tap event exposed through the API on @@ -778,25 +740,11 @@ var config = { // Enables sending participants' emails (if available) to callstats and other analytics // enableEmailInStats: false, - // faceLandmarks: { - // // Enables sharing your face coordinates. Used for centering faces within a video. - // enableFaceCentering: false, + // Enables detecting faces of participants and get their expression and send it to other participants + // enableFacialRecognition: true, - // // Enables detecting face expressions and sharing data with other participants - // enableFaceExpressionsDetection: false, - - // // Enables displaying face expressions in speaker stats - // enableDisplayFaceExpressions: false, - - // // Enable rtc stats for face landmarks - // enableRTCStats: false, - - // // Minimum required face movement percentage threshold for sending new face centering coordinates data. - // faceCenteringThreshold: 10, - - // // Milliseconds for processing a new image capture in order to detect face coordinates if they exist. - // captureInterval: 1000 - // }, + // Enables displaying facial expressions in speaker stats + // enableDisplayFacialExpressions: true, // Controls the percentage of automatic feedback shown to participants when callstats is enabled. // The default value is 100%. If set to 0, no automatic feedback will be requested @@ -949,22 +897,33 @@ var config = { // chromeExtensionBanner: { // // The chrome extension to be installed address // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', - // edgeUrl: 'https://microsoftedge.microsoft.com/addons/detail/jitsi-meetings/eeecajlpbgjppibfledfihobcabccihn', // // Extensions info which allows checking if they are installed or not // chromeExtensionsInfo: [ // { // id: 'kglhbbefdnlheedjiejgomgmfplipfeb', // path: 'jitsi-logo-48x48.png' - // }, - // // Edge extension info - // { - // id: 'eeecajlpbgjppibfledfihobcabccihn', - // path: 'jitsi-logo-48x48.png' // } // ] // }, + // Local Recording + // + + // localRecording: { + // Enables local recording. + // Additionally, 'localrecording' (all lowercase) needs to be added to + // the `toolbarButtons`-array for the Local Recording button to show up + // on the toolbar. + // + // enabled: true, + // + + // The recording format, can be one of 'ogg', 'flac' or 'wav'. + // format: 'flac' + // + + // }, // e2ee: { // labels, // externallyManagedKey: false @@ -972,18 +931,14 @@ var config = { // Options related to end-to-end (participant to participant) ping. // e2eping: { - // // Whether ene-to-end pings should be enabled. - // enabled: false, + // // The interval in milliseconds at which pings will be sent. + // // Defaults to 10000, set to <= 0 to disable. + // pingInterval: 10000, // - // // The number of responses to wait for. - // numRequests: 5, - // - // // The max conference size in which e2e pings will be sent. - // maxConferenceSize: 200, - // - // // The maximum number of e2e ping messages per second for the whole conference to aim for. - // // This is used to contol the pacing of messages in order to reduce the load on the backend. - // maxMessagesPerSecond: 250 + // // The interval in milliseconds at which analytics events + // // with the measured RTT will be sent. Defaults to 60000, set + // // to <= 0 to disable. + // analyticsInterval: 60000, // }, // If set, will attempt to use the provided video input device label when @@ -1010,8 +965,7 @@ var config = { // Disables all invite functions from the app (share, invite, dial out...etc) // disableInviteFunctions: true, - // Disables storing the room name to the recents list. When in an iframe this is ignored and - // the room is never stored in the recents list. + // Disables storing the room name to the recents list // doNotStoreRoom: true, // Deployment specific URLs. @@ -1026,25 +980,12 @@ var config = { // Options related to the remote participant menu. // remoteVideoMenu: { - // // Whether the remote video context menu to be rendered or not. - // disabled: true, // // If set to true the 'Kick out' button will be disabled. // disableKick: true, // // If set to true the 'Grant moderator' button will be disabled. - // disableGrantModerator: true, - // // If set to true the 'Send private message' button will be disabled. - // disablePrivateChat: true + // disableGrantModerator: true // }, - // Endpoint that enables support for salesforce integration with in-meeting resource linking - // This is required for: - // listing the most recent records - salesforceUrl/records/recents - // searching records - salesforceUrl/records?text=${text} - // retrieving record details - salesforceUrl/records/${id}?type=${type} - // and linking the meeting - salesforceUrl/sessions/${sessionId}/records/${id} - // - // salesforceUrl: 'https://api.example.com/', - // If set to true all muting operations of remote participants will be disabled. // disableRemoteMute: true, @@ -1108,22 +1049,10 @@ var config = { */ // dynamicBrandingUrl: '', - // Options related to the participants pane. - // participantsPane: { - // // Hides the moderator settings tab. - // hideModeratorSettingsTab: false, - // // Hides the more actions button. - // hideMoreActionsButton: false, - // // Hides the mute all button. - // hideMuteAllButton: false - // }, - // Options related to the breakout rooms feature. // breakoutRooms: { // // Hides the add breakout room button. This replaces `hideAddRoomButton`. // hideAddRoomButton: false, - // // Hides the auto assign participants button. - // hideAutoAssignButton: false, // // Hides the join breakout room button. // hideJoinRoomButton: false // }, @@ -1154,7 +1083,7 @@ var config = { // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. // conferenceInfo: { // // those labels will not be hidden in tandem with the toolbox. - // alwaysVisible: ['recording', 'raised-hands-count'], + // alwaysVisible: ['recording', 'local-recording', 'raised-hands-count'], // // those labels will be auto-hidden in tandem with the toolbox buttons. // autoHide: [ // 'subject', @@ -1163,8 +1092,7 @@ var config = { // 'e2ee', // 'transcribing', // 'video-quality', - // 'insecure-room', - // 'highlight-moment' + // 'insecure-room' // ] // }, @@ -1198,24 +1126,14 @@ var config = { // will open an etherpad document. // etherpad_base: 'https://your-etherpad-installati.on/p/', - // To enable information about dial-in access to meetings you need to provide - // dialInNumbersUrl and dialInConfCodeUrl. - // dialInNumbersUrl returns a json array of numbers that can be used for dial-in. - // {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"} - // dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in - // or the other way around (more info in resources/cloud-api.swagger) - // - // For JaaS customers the default values are: - // dialInNumbersUrl: 'https://conference-mapper.jitsi.net/v1/access/dids', - // dialInConfCodeUrl: 'https://conference-mapper.jitsi.net/v1/access', - // - // List of undocumented settings used in jitsi-meet /** _immediateReloadThreshold debug debugAudioLevels deploymentInfo + dialInConfCodeUrl + dialInNumbersUrl dialOutAuthUrl dialOutCodesUrl disableRemoteControl @@ -1300,6 +1218,7 @@ var config = { // 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable // 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied + // 'localRecording.localRecording', // shown when a local recording is started // 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed // 'notify.disconnected', // shown when a participant has left // 'notify.connectedOneMember', // show when a participant joined @@ -1313,7 +1232,6 @@ var config = { // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.kickParticipant', // shown when a participant is kicked - // 'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration // 'notify.moderationStartedTitle', // shown when AV moderation is activated // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation @@ -1329,7 +1247,6 @@ var config = { // 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.startSilentTitle', // shown when user joined with no audio // 'notify.unmute', // shown to moderator when user raises hand during AV moderation - // 'notify.hostAskedUnmute', // shown to participant when host asks them to unmute // 'prejoin.errorDialOut', // 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutFailed', @@ -1345,9 +1262,6 @@ var config = { // 'transcribing.failedToStart' // shown when transcribing fails to start // ], - // List of notifications to be disabled. Works in tandem with the above setting. - // disabledNotifications: [], - // Prevent the filmstrip from autohiding when screen width is under a certain threshold // disableFilmstripAutohiding: false, @@ -1355,37 +1269,12 @@ var config = { // // Disables user resizable filmstrip. Also, allows configuration of the filmstrip // // (width, tiles aspect ratios) through the interfaceConfig options. // disableResizable: false, + // } - // // Disables the stage filmstrip - // // (displaying multiple participants on stage besides the vertical filmstrip) - // disableStageFilmstrip: false - // }, - - // Tile view related config options. - // tileView: { - // // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may - // // not be possible to show the exact number of participants specified here. - // numberOfVisibleTiles: 25 - // }, // Specifies whether the chat emoticons are disabled or not // disableChatSmileys: false, - // Settings for the GIPHY integration. - // giphy: { - // // Whether the feature is enabled or not. - // enabled: false, - // // SDK API Key from Giphy. - // sdkKey: '', - // // Display mode can be one of: - // // - tile: show the GIF on the tile of the participant that sent it. - // // - chat: show the GIF as a message in chat - // // - all: all of the above. This is the default option - // displayMode: 'all', - // // How long the GIF should be displayed on the tile (in miliseconds). - // tileTime: 5000 - // }, - // Allow all above example options to include a trailing comma and // prevent fear when commenting out the last value. makeJsonParserHappy: 'even if last key had a trailing comma' diff --git a/type/__jitsi_meet_domain/files/interface_config.js.sh b/type/__jitsi_meet_domain/files/interface_config.js.sh index 0589ced..094cc6e 100644 --- a/type/__jitsi_meet_domain/files/interface_config.js.sh +++ b/type/__jitsi_meet_domain/files/interface_config.js.sh @@ -20,7 +20,7 @@ JITSI_INTERFACE_CONFIG_JS="$(cat < + + +COPYING +------- +Copyright \(C) 2022 Joachim Desroches. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__php_fpm/manifest b/type/__php_fpm/manifest new file mode 100644 index 0000000..84c4383 --- /dev/null +++ b/type/__php_fpm/manifest @@ -0,0 +1,47 @@ +#!/bin/sh + +os=$(cat "${__global:?}/explorer/os") + +PHPVER=$(cat "${__object:?}/parameter/php-version") +export PHPVER + +case "$os" in +'alpine') + package="php${PHPVER}-fpm" + service="php-fpm${PHPVER}" + opcache_package="php${PHPVER}-opcache" + apcu_package="php${PHPVER}-pecl-apcu" + ;; + +*) + printf "Your operating system is currently not supported by this type\n" >&2 + printf "Please contribute an implementation for it if you can.\n" >&2 + exit 1 + ;; +esac + +__package "$package" +require="__package/$package" __start_on_boot "$service" + +if [ -f "${__object:?}/parameter/enable-opcache" ]; then + __package "$opcache_package" +fi + +if [ -f "${__object:?}/parameter/enable-apcu" ]; then + __package "$apcu_package" +fi + +MEMORY_LIMIT=$(cat "${__object:?}/parameter/memory-limit") +export MEMORY_LIMIT + +UPLOAD_MAX_FILESIZE=$(cat "${__object:?}/parameter/upload-max-filesize") +export UPLOAD_MAX_FILESIZE + +mkdir -p "${__object:?}/files" +"${__type:?}/files/php.ini.sh" >"${__object:?}/files/php.ini" + +require="__package/$package" __file "/etc/php${PHPVER}/php.ini" \ + --mode 644 --source "${__object:?}/files/php.ini" \ + --onchange "service $service restart" + +require="__file/etc/php${PHPVER}/php.ini" __service "$service" --action start diff --git a/type/__php_fpm/parameter/boolean b/type/__php_fpm/parameter/boolean new file mode 100644 index 0000000..9964486 --- /dev/null +++ b/type/__php_fpm/parameter/boolean @@ -0,0 +1,2 @@ +enable-opcache +enable-apcu diff --git a/type/__php_fpm/parameter/default/memory-limit b/type/__php_fpm/parameter/default/memory-limit new file mode 100644 index 0000000..d95fe12 --- /dev/null +++ b/type/__php_fpm/parameter/default/memory-limit @@ -0,0 +1 @@ +512M diff --git a/type/__php_fpm/parameter/default/upload-max-filesize b/type/__php_fpm/parameter/default/upload-max-filesize new file mode 100644 index 0000000..5fbcf1c --- /dev/null +++ b/type/__php_fpm/parameter/default/upload-max-filesize @@ -0,0 +1 @@ +2M diff --git a/type/__php_fpm/parameter/optional b/type/__php_fpm/parameter/optional new file mode 100644 index 0000000..a41a87c --- /dev/null +++ b/type/__php_fpm/parameter/optional @@ -0,0 +1,2 @@ +upload-max-filesize +memory-limit diff --git a/type/__php_fpm/parameter/required b/type/__php_fpm/parameter/required new file mode 100644 index 0000000..173609d --- /dev/null +++ b/type/__php_fpm/parameter/required @@ -0,0 +1 @@ +php-version diff --git a/type/__jitsi_meet/parameter/default/abort-conference-count b/type/__php_fpm/singleton similarity index 100% rename from type/__jitsi_meet/parameter/default/abort-conference-count rename to type/__php_fpm/singleton diff --git a/type/__php_fpm_pool/files/www.conf.sh b/type/__php_fpm_pool/files/www.conf.sh new file mode 100755 index 0000000..aa8fa7c --- /dev/null +++ b/type/__php_fpm_pool/files/www.conf.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +cat < + + +COPYING +------- +Copyright \(C) 2022 Joachim Desroches. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__php_fpm_pool/manifest b/type/__php_fpm_pool/manifest new file mode 100644 index 0000000..b090c9d --- /dev/null +++ b/type/__php_fpm_pool/manifest @@ -0,0 +1,37 @@ +#!/bin/sh + +# XXX: this type does not configure or install php-fpm: it expects the +# __recycledcloud_php_fpm type to be used first before pools are configured. + +os=$(cat "${__global:?}/explorer/os") +name=${__object_id:?} + +PHPVER=$(cat "${__object:?}/parameter/php-version") +export PHPVER + +case "$os" in +'alpine') + service="php-fpm${PHPVER}" + : + ;; + +*) + printf "Your operating system is currently not supported by this type\n" >&2 + printf "Please contribute an implementation for it if you can.\n" >&2 + exit 1 + ;; +esac + +POOL_NAME="$name" +POOL_USER=$(cat "${__object:?}/parameter/pool-user") +POOL_GROUP=$(cat "${__object:?}/parameter/pool-group") +POOL_LISTEN_ADDR=$(cat "${__object:?}/parameter/pool-listen-addr") +POOL_LISTEN_OWNER=$(cat "${__object:?}/parameter/pool-listen-owner") +export POOL_USER POOL_GROUP POOL_LISTEN_ADDR POOL_LISTEN_OWNER POOL_NAME + +mkdir -p "${__object:?}/files" +"${__type:?}/files/www.conf.sh" >"${__object:?}/files/www.conf" + +__file "/etc/php${PHPVER:?}/php-fpm.d/${name}.conf" \ + --mode 644 --source "${__object:?}/files/www.conf" \ + --onchange "service $service reload" diff --git a/type/__php_fpm_pool/parameter/optional b/type/__php_fpm_pool/parameter/optional new file mode 100644 index 0000000..7adc0a3 --- /dev/null +++ b/type/__php_fpm_pool/parameter/optional @@ -0,0 +1,2 @@ +memory-limit +open-basedir diff --git a/type/__php_fpm_pool/parameter/required b/type/__php_fpm_pool/parameter/required new file mode 100644 index 0000000..d247290 --- /dev/null +++ b/type/__php_fpm_pool/parameter/required @@ -0,0 +1,5 @@ +php-version +pool-user +pool-group +pool-listen-addr +pool-listen-owner diff --git a/type/__single_binary_service/explorer/explorer-version b/type/__single_binary_service/explorer/explorer-version deleted file mode 100755 index 690cc5f..0000000 --- a/type/__single_binary_service/explorer/explorer-version +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -e - -BIN_PREFIX="/usr/local/bin" -SERVICE_NAME="${__object_id}" - -VERSION_FILE="${BIN_PREFIX}/.${SERVICE_NAME}.cdist.version" - -if [ -f "${VERSION_FILE}" ]; then - cat "${VERSION_FILE}" -fi diff --git a/type/__single_binary_service/man.rst b/type/__single_binary_service/man.rst deleted file mode 100644 index 65b4fc0..0000000 --- a/type/__single_binary_service/man.rst +++ /dev/null @@ -1,190 +0,0 @@ -cdist-type__single_binary_service(7) -==================================== - -NAME ----- -cdist-type__single_binary_service - Setup a single-binary service - - -DESCRIPTION ------------ -This type is designed to easily deploy and configure a single-binary service -named `${__object_id}`. - -A good example of this are Prometheus exporters. - -This type makes certain assumptions that might not be correct on your system. -If you need more flexibility, please get in touch and provide a use-case -(and hopefully a backwards-compatible patch). - -This type will place the downloaded binary and, if requested, other extra -binaries in `/usr/local/bin`. - -If a `--config-file-source` is provided, it will be placed under: -`/etc/${__object_id}.conf`. - -This type supports services managed by `__runit(7)` when `systemd` is not -the init system being used. - - -REQUIRED PARAMETERS -------------------- -checksum - This will be passed verbatim to `__download(7)`. - Use something like `sha256:...`. - -url - This will be passed verbatim to `__download(7)`. - -version - This type will use a thumbstone file with a "version" number to track - whether or not a service must be updated. - This thumbstone file is placed under - `/usr/local/bin/.${__object_id}.cdist.version`. - - -BOOLEAN PARAMETERS ------------------- -unpack - If present, the contents of `--url` will be treated as an archive to be - unpacked with `__unpack(7)`. - See also `--unpack-args` and `--extra-binary`. - -do-not-manage-user - Always considered present when `--user` is `root`. - If present, the user in `--user` will not be managed by this type with - `__user`, this means it *must* exist beforehand when installing the service - and it will not be removed by this type. - - -OPTIONAL PARAMETERS -------------------- -config-file-source - If present, this file's contents will be placed under - `/etc/${__object_id}.conf` with permissions `0440` and ownership assigned to - `--user` and `--group`. - If `-` is passed, this type's `stdin` will be used. - -user - The user under which the service will run. Defaults to `root`. - If this user is not `root` and `--do-not-manage-user` is not present, - this user will be created or removed as per the `--state` parameter. - -user-home-dir - Does not have an effect if `--do-not-manage-user` is used or `--user` is - `root`. - The home directory of the service user. It will be created. - Defaults to `/nonexistent`, in this case the home directory will not be - created. - -group - The group under which the service will run. Defaults to `--user`. - -state - Whether the service is to be `present` (default) or `absent`. - When `absent`, this type will clean any binaries listed in `--extra-binary` - and also the config file as described in `--config-file-source`. - -binary - This will be the binary name. Defaults to `${__object_id}`. - If `--unpack` is used, a binary with this name must be unpacked. - Otherwise, the contents of `--url` will be placed under this binary name. - -service-args - Any extra arguments to pass along with `--service-exec`. Beware that any - service-args having the format `--config=/etc/foo.cfg` should be - represented in the following way `--service-exec='--config=/etc/foo.cfg'` - -service-exec - The executable to use for this service. - Defaults to `/usr/local/bin/BINARY_NAME` where `BINARY_NAME` is the - resulting value of `--binary`. - -service-definition - The service definition to be used as an override. - Note that this type decides dinammically between runit and systemd, and - you can currently only define either a systemd unit or a runit script here. - Use this parameter only for testing and get in touch to discuss how your - particular use-case can be supported by the type. - -service-description - The service description to be used in, e.g. the systemd unit file. - Defaults to `cdist-managed '${__object_id}' service`. - -unpack-args - Only has an effect if `--unpack` is used. - These arguments will be passed verbatim to `__unpack(7)`. - Very useful as this type assumes the archive does not have the binaries in - subdirectories; that can be worked around with - `--unpack-args '--tar-strip 1'`. - -unpack-extension - Only has an effect if `--unpack` is used. - The file extension of the file to unpack, defaults to `.tar.gz`. - -working-directory - If set, the working directory with which the service will be started. - - -OPTIONAL MULTIPLE PARAMETERS ----------------------------- -extra-binary - Only useful with `--unpack`. - If passed, these binaries will also be installed when `--state` is `present` - and removed when `--state` is `absent`. - Handle with care :-). - - -EXAMPLES --------- - -.. code-block:: sh - - # Install and enable the ipmi_exporter service - # The variables are defined in the manifest previously - __single_binary_service ipmi_exporter \ - --user "${USER}" \ - --service-args ' --config.file=/etc/ipmi_exporter.conf' \ - --version "${SHOULD_VERSION}" \ - --checksum "${CHECKSUM}" \ - --url "${DOWNLOAD_URL}" \ - --state "present" \ - --unpack \ - --unpack-args "--tar-strip 1" \ - --config-file-source '-' <<-EOF - # Remotely managed, changes will be lost - # [...] config contents goes here - EOF - - # Remove the ipmi_exporter service along with the user and its config - __single_binary_service ipmi_exporter \ - --user "${USER}" \ - --version "${SHOULD_VERSION}" \ - --checksum "${CHECKSUM}" \ - --url "${DOWNLOAD_URL}" \ - --state "absent" - - # Same, but the service was using my user! Let's not delete that! - __single_binary_service ipmi_exporter \ - --user "evilham" \ - --do-not-manage-user \ - --version "${SHOULD_VERSION}" \ - --checksum "${CHECKSUM}" \ - --url "${DOWNLOAD_URL}" \ - --state "absent" - - -SEE ALSO --------- -- `__download(7)` -- `__unpack(7)` - - -AUTHORS -------- -Evilham - - -COPYING -------- -Copyright \(C) 2022 Evilham. diff --git a/type/__single_binary_service/manifest b/type/__single_binary_service/manifest deleted file mode 100755 index 8288b94..0000000 --- a/type/__single_binary_service/manifest +++ /dev/null @@ -1,288 +0,0 @@ -#!/bin/sh -e -SERVICE_NAME="${__object_id}" - -OS="$(cat "${__global}/explorer/os")" - -case "${OS}" in - debian|devuan) - SUPER_USER_GROUP=root - ETC_DIR="/etc" - ;; - *bsd) - SUPER_USER_GROUP=wheel - ETC_DIR="/usr/local/etc" - ;; - *) - echo "Your OS '${OS}' is currently not supported." >&2 - exit 1 - ;; -esac -INIT="$(cat "${__global}/explorer/init")" - -case "${INIT}" in - systemd) - service_definition_require="__systemd_unit/${SERVICE_NAME}.service" - service_command="service ${SERVICE_NAME} %s" - ;; - runit|sysvinit) - # We will use runit to manage these services - __runit - export require="__runit" - service_definition_require="__runit_service/${SERVICE_NAME}" - service_command="sv %s ${SERVICE_NAME}" - ;; - *) - echo "Init system ${INIT}' is currently not supported." >&2 - exit 1 - ;; -esac - -BIN_DIR="/usr/local/bin" - -# Ensure the target bin dir exists -# Care, we never want to remove it :-D -__directory "${BIN_DIR}" \ - --state "exists" \ - --mode 0755 -export require="${require} __directory${BIN_DIR}" - -STATE="$(cat "${__object}/parameter/state")" -USER="$(cat "${__object}/parameter/user")" -GROUP="$(cat "${__object}/parameter/group" 2>/dev/null || true)" -if [ -z "${GROUP}" ]; then - if [ "${USER}" != "root" ]; then - GROUP="${USER}" - else - GROUP="${SUPER_USER_GROUP}" - fi -fi - - -BINARY="$(cat "${__object}/parameter/binary" 2>/dev/null || true)" -if [ -z "${BINARY}" ]; then - BINARY="${SERVICE_NAME}" -fi -EXTRA_BINARIES="$(cat "${__object}/parameter/extra-binary" 2>/dev/null || true)" -# This only makes sense for file archives -if [ -n "${EXTRA_BINARIES}" ] && [ -f "${__object}/parameter/unpack" ]; then - cat >&2 <<-EOF - You cannot specify extra binaries without the --unpack argument. - Make sure that the --url argument points to a file archive. -EOF -fi - -SERVICE_EXEC="$(cat "${__object}/parameter/service-exec" 2>/dev/null || true)" -if [ -z "${SERVICE_EXEC}" ]; then - SERVICE_EXEC="${BIN_DIR}/${BINARY}" -fi -SERVICE_ARGS="$(cat "${__object}/parameter/service-args")" -SERVICE_EXEC="${SERVICE_EXEC} ${SERVICE_ARGS}" - -SERVICE_DESCRIPTION="$(cat "${__object}/parameter/service-description" \ - 2>/dev/null || true)" -if [ -z "${SERVICE_DESCRIPTION}" ]; then - SERVICE_DESCRIPTION="cdist-managed '${SERVICE_NAME}' service" -fi - -SERVICE_DEFINITION="$(cat "${__object}/parameter/service-definition" 2>/dev/null || true)" - -WORKING_DIRECTORY_PATH="$(cat "${__object}/parameter/working-directory" 2>/dev/null || true)" -if [ -n "${WORKING_DIRECTORY_PATH}" ]; then - WORKING_DIRECTORY_SYSTEMD="WorkingDirectory=${WORKING_DIRECTORY_PATH}" - WORKING_DIRECTORY_RUNIT="cd '${WORKING_DIRECTORY_PATH}'" -fi - -DOWNLOAD_URL="$(cat "${__object}/parameter/url")" -CHECKSUM="$(cat "${__object}/parameter/checksum")" -SHOULD_VERSION="$(cat "${__object}/parameter/version")" - -# Create a user for the service if it is not root -USER_HOME_DIR="/root" -if [ "${USER}" != "root" ] && \ - [ ! -f "${__object}/parameter/do-not-manage-user" ]; then - if [ "${STATE}" = "absent" ]; then - # When removing, ensure user is not being used - user_require="${service_definition_require}" - fi - USER_HOME_DIR="$(cat "${__object}/parameter/user-home-dir")" - if [ "${USER_HOME_DIR}" != "/nonexistent" ]; then - USER_CREATE_HOME="--create-home" - fi - require="${require} ${user_require}" __user "${USER}" \ - --system \ - --state "${STATE}" \ - --home "${USER_HOME_DIR}" \ - --comment "cdist-managed ${SERVICE_NAME} user" \ - ${USER_CREATE_HOME} - # Track dependencies - service_require="${service_require} __user/${USER}" -fi - -# Place config file if necessary -CONFIG_FILE_DEST="${ETC_DIR}/${SERVICE_NAME}.conf" -CONFIG_FILE_SOURCE="$(cat "${__object}/parameter/config-file-source" 2>/dev/null || true)" -if [ "${CONFIG_FILE_SOURCE}" = "-" ]; then - CONFIG_FILE_SOURCE="${__object}/stdin" -fi -if [ -n "${CONFIG_FILE_SOURCE}" ] && [ "${STATE}" = "present" ]; then - require="${require} __user/${USER}" __file \ - "${CONFIG_FILE_DEST}" \ - --owner "${USER}" \ - --group "${GROUP}" \ - --mode "0440" \ - --source "${CONFIG_FILE_SOURCE}" - service_require="${service_require} __file${CONFIG_FILE_DEST}" -fi - - - -# This should setup the object in $service_definition_require -# See above. -case "${INIT}" in - systemd) - if [ -z "${SERVICE_DEFINITION}" ]; then - SERVICE_DEFINITION="$(cat </dev/null || true)" - # Download packed file - __download "${TMP_PATH}${UNPACK_EXTENSION}" \ - --url "${DOWNLOAD_URL}" \ - --download remote \ - --sum "${CHECKSUM}" - - # Unpack file and also perform service upgrade - # shellcheck disable=SC2086 - require="__download${TMP_PATH}${UNPACK_EXTENSION}" \ - __unpack "${TMP_PATH}${UNPACK_EXTENSION}" \ - ${UNPACK_ARGS} \ - --destination "${TMP_PATH}" - version_bump_require="__unpack${TMP_PATH}${UNPACK_EXTENSION}" - else - # Create temp directory - __directory "${TMP_PATH}" - # Download binary directoy to the temp directory with the - # specified binary name - require="__directory${TMP_PATH}" __download \ - "${TMP_PATH}/${BINARY}" \ - --url "${DOWNLOAD_URL}" \ - --download remote \ - --sum "${CHECKSUM}" - version_bump_require="__download${TMP_PATH}/${BINARY}" - fi - - # Perform update of cdist-managed version file - # And also perform service upgrade - # This is a bug if service_upgrade fails >,< - printf "%s" "${SHOULD_VERSION}" | \ - require="${version_bump_require}" __file \ - "${VERSION_FILE}" \ - --onchange "${perform_service_upgrade}" \ - --source "-" -else - # We only restart here if there was a config change - # but there was not a version change - require="${service_require}" __check_messages \ - "single_binary_service_${__object_id}" \ - --pattern "^__file${CONFIG_FILE_DEST}" \ - --execute "$(sv_cmd restart)" -fi diff --git a/type/__single_binary_service/parameter/boolean b/type/__single_binary_service/parameter/boolean deleted file mode 100644 index a779fd5..0000000 --- a/type/__single_binary_service/parameter/boolean +++ /dev/null @@ -1,2 +0,0 @@ -do-not-manage-user -unpack diff --git a/type/__single_binary_service/parameter/default/service-args b/type/__single_binary_service/parameter/default/service-args deleted file mode 100644 index e69de29..0000000 diff --git a/type/__single_binary_service/parameter/default/state b/type/__single_binary_service/parameter/default/state deleted file mode 100644 index e7f6134..0000000 --- a/type/__single_binary_service/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/type/__single_binary_service/parameter/default/unpack-extension b/type/__single_binary_service/parameter/default/unpack-extension deleted file mode 100644 index c95e2e9..0000000 --- a/type/__single_binary_service/parameter/default/unpack-extension +++ /dev/null @@ -1 +0,0 @@ -.tar.gz \ No newline at end of file diff --git a/type/__single_binary_service/parameter/default/user b/type/__single_binary_service/parameter/default/user deleted file mode 100644 index d8649da..0000000 --- a/type/__single_binary_service/parameter/default/user +++ /dev/null @@ -1 +0,0 @@ -root diff --git a/type/__single_binary_service/parameter/default/user-home-dir b/type/__single_binary_service/parameter/default/user-home-dir deleted file mode 100644 index 4d21ca6..0000000 --- a/type/__single_binary_service/parameter/default/user-home-dir +++ /dev/null @@ -1 +0,0 @@ -/nonexistent diff --git a/type/__single_binary_service/parameter/optional b/type/__single_binary_service/parameter/optional deleted file mode 100644 index 7c88cb4..0000000 --- a/type/__single_binary_service/parameter/optional +++ /dev/null @@ -1,13 +0,0 @@ -config-file-source -user -group -state -binary -service-args -service-exec -service-description -service-definition -unpack-extension -unpack-args -user-home-dir -working-directory diff --git a/type/__single_binary_service/parameter/optional_multiple b/type/__single_binary_service/parameter/optional_multiple deleted file mode 100644 index e1ca562..0000000 --- a/type/__single_binary_service/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -extra-binary diff --git a/type/__single_binary_service/parameter/required b/type/__single_binary_service/parameter/required deleted file mode 100644 index b1e8d01..0000000 --- a/type/__single_binary_service/parameter/required +++ /dev/null @@ -1,3 +0,0 @@ -url -checksum -version diff --git a/type/__uacme_obtain/man.rst b/type/__uacme_obtain/man.rst index 16ebe87..f1db899 100644 --- a/type/__uacme_obtain/man.rst +++ b/type/__uacme_obtain/man.rst @@ -38,8 +38,7 @@ install-key-to Installation path of the certificate's private key. renew-hook - Renew hook executed on certificate renewal (e.g. `service nginx reload`, `-` - for the standard input). + Renew hook executed on certificate renewal (e.g. `service nginx reload`). force-cert-ownership-to Override default ownership for TLS certificate, passed as argument to chown. diff --git a/type/__uacme_obtain/manifest b/type/__uacme_obtain/manifest index a40119b..b41ddde 100644 --- a/type/__uacme_obtain/manifest +++ b/type/__uacme_obtain/manifest @@ -109,11 +109,7 @@ export CERT_TARGET RENEW_HOOK= if [ -f "${__object:?}/parameter/renew-hook" ]; then - if [ "$(cat "${__object:?}/parameter/renew-hook")" = "-" ]; then - RENEW_HOOK="$(cat ${__object:?}/stdin)" - else - RENEW_HOOK="$(cat "${__object:?}/parameter/renew-hook")" - fi + RENEW_HOOK="$(cat "${__object:?}/parameter/renew-hook")" fi export RENEW_HOOK