Compare commits
28 commits
efdbd7cc65
...
master
Author | SHA1 | Date | |
---|---|---|---|
11ecb37dd9 | |||
03a9b8b333 | |||
7a3b706b16 | |||
756e5b17c6 | |||
797f7c8648 | |||
1791d35f84 | |||
8e1d0b68f1 | |||
aa3f2eeb00 | |||
a63d9ec458 | |||
0cff414884 | |||
977b530dab | |||
1865ff9dce | |||
67bc8aa02b | |||
151dc32fb5 | |||
7e2ba98d36 | |||
1658121549 | |||
c5070a3a33 | |||
80bbbd3aa8 | |||
87cc109bf1 | |||
a12b343660 | |||
29cafd4f9a | |||
fa37ede84f | |||
1af7e960fa | |||
3e77fbbb43 | |||
afa48b1028 | |||
c5929f397d | |||
d5b552ddb4 | |||
51d0b817fe |
42 changed files with 1637 additions and 240 deletions
15
type/__jitsi_meet/explorer/configured-memory
Executable file
15
type/__jitsi_meet/explorer/configured-memory
Executable file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/sh -eu
|
||||||
|
|
||||||
|
JICOFO="/usr/share/jicofo/jicofo.sh"
|
||||||
|
VIDEOBRIDGE="/usr/share/jitsi-videobridge/lib/videobridge.rc"
|
||||||
|
|
||||||
|
if [ -f "${JICOFO:?}" ]; then
|
||||||
|
jicofo_memory="$(grep JICOFO_MAX_MEMORY= "${JICOFO:?}" | cut -d= -f 2 | cut -d ";" -f 1)"
|
||||||
|
fi
|
||||||
|
if [ -f "${VIDEOBRIDGE:?}" ]; then
|
||||||
|
vb_memory="$(grep VIDEOBRIDGE_MAX_MEMORY= "${VIDEOBRIDGE:?}" | cut -d= -f 2)"
|
||||||
|
fi
|
||||||
|
cat <<EOF
|
||||||
|
jicofo ${jicofo_memory:-n/a}
|
||||||
|
videobridge ${vb_memory:-n/a}
|
||||||
|
EOF
|
6
type/__jitsi_meet/explorer/jitsi-status
Executable file
6
type/__jitsi_meet/explorer/jitsi-status
Executable file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/bin/sh -eu
|
||||||
|
|
||||||
|
if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then
|
||||||
|
# TODO: detect curl / depend on it?
|
||||||
|
curl -s localhost:9888/metrics
|
||||||
|
fi
|
|
@ -1,7 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
|
|
||||||
|
|
||||||
if [ -f "${EXPORTER_VERSION_FILE}" ]; then
|
|
||||||
cat "${EXPORTER_VERSION_FILE}"
|
|
||||||
fi
|
|
34
type/__jitsi_meet/files/jicofo.conf.sh
Executable file
34
type/__jitsi_meet/files/jicofo.conf.sh
Executable file
|
@ -0,0 +1,34 @@
|
||||||
|
#!/bin/sh -eu
|
||||||
|
|
||||||
|
# Start
|
||||||
|
cat <<EOF
|
||||||
|
# Managed remotely, changes will be lost
|
||||||
|
|
||||||
|
# Jicofo HOCON configuration. See /usr/share/jicofo/jicofo.jar/reference.conf for
|
||||||
|
#available options, syntax, and default values.
|
||||||
|
jicofo {
|
||||||
|
xmpp: {
|
||||||
|
client: {
|
||||||
|
client-proxy: focus.${JITSI_HOST:?}
|
||||||
|
}
|
||||||
|
trusted-domains: [ "recorder.${JITSI_HOST:?}" ]
|
||||||
|
}
|
||||||
|
bridge: {
|
||||||
|
brewery-jid: "JvbBrewery@internal.auth.${JITSI_HOST:?}"
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Secured domains if needed
|
||||||
|
if [ "${SECURED_DOMAINS_STATE:?}" = "present" ]; then
|
||||||
|
cat <<EOF
|
||||||
|
|
||||||
|
authentication: {
|
||||||
|
enabled: true
|
||||||
|
type: XMPP
|
||||||
|
login-url: ${JITSI_HOST:?}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
|
# End
|
||||||
|
echo '}'
|
1
type/__jitsi_meet/files/jitsi-version
Symbolic link
1
type/__jitsi_meet/files/jitsi-version
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__jitsi_meet_domain/files/jitsi-version
|
1
type/__jitsi_meet/files/prosody.cfg.lua.sh
Symbolic link
1
type/__jitsi_meet/files/prosody.cfg.lua.sh
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__jitsi_meet_domain/files/prosody.cfg.lua.sh
|
|
@ -1,11 +1,43 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
memory="$(cat "${__global}/explorer/memory")"
|
||||||
|
G="000000" # Will totally eff up the zero-count otherwise
|
||||||
|
# MAX_MEMORY will affect jicofo and videobridge
|
||||||
|
# As a rule of thumb, the machine's RAM should be more than 2.5 * MAX_MEMORY
|
||||||
|
if [ "${memory}" -lt "3${G}" ]; then
|
||||||
|
# If you use this, let us know how it works!
|
||||||
|
MAX_MEMORY="768m"
|
||||||
|
elif [ "${memory}" -lt "5${G}" ]; then
|
||||||
|
MAX_MEMORY="1024m"
|
||||||
|
elif [ "${memory}" -lt "8${G}" ]; then
|
||||||
|
MAX_MEMORY="2048m"
|
||||||
|
else
|
||||||
|
# Jitsi recommends running on 8G RAM and these are the defaults
|
||||||
|
MAX_MEMORY="3072m"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if cut -f 2 "${__object}/explorer/configured-memory" | grep -qvE "^${MAX_MEMORY}$"; then
|
||||||
|
# At least one service has different memory settings
|
||||||
|
RESTART_SERVICES="YES"
|
||||||
|
cat <<-EOF
|
||||||
|
sed -i.tmp -E \
|
||||||
|
-e 's!^(#[[:space:]]*)?(VIDEOBRIDGE_MAX_MEMORY)=.*\$!\2=${MAX_MEMORY}!' \
|
||||||
|
/usr/share/jitsi-videobridge/lib/videobridge.rc
|
||||||
|
sed -i.tmp -E \
|
||||||
|
-e 's!(JICOFO_MAX_MEMORY)[^";]+;!\1=${MAX_MEMORY};!' \
|
||||||
|
/usr/share/jicofo/jicofo.sh
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
|
if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
|
||||||
echo "service nginx reload"
|
echo "service nginx reload"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
JITSI_HOST="${__object_id}"
|
if grep -qE "^(__line/jitsi_jicofo_secured_domains|(__file|__link)/etc/prosody/conf.d/|__file/etc/jitsi/(jicofo/jicofo.conf|videobridge/jvb.conf))" "${__messages_in}"; then
|
||||||
if grep -qE "^(__line/jitsi_jicofo_secured_domains|__file/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua)" "${__messages_in}"; then
|
RESTART_SERVICES="YES"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${RESTART_SERVICES}" ]; then
|
||||||
echo "systemctl restart prosody"
|
echo "systemctl restart prosody"
|
||||||
echo "systemctl restart jicofo"
|
echo "systemctl restart jicofo"
|
||||||
echo "systemctl restart jitsi-videobridge2"
|
echo "systemctl restart jitsi-videobridge2"
|
||||||
|
|
|
@ -21,13 +21,24 @@ You will also need the `__jitsi_meet_domain` type in order to finish setting up
|
||||||
the web frontend (including TLS certificates) and its settings.
|
the web frontend (including TLS certificates) and its settings.
|
||||||
|
|
||||||
You may want to use the `files/ufw` example manifest for a `__ufw`-based
|
You may want to use the `files/ufw` example manifest for a `__ufw`-based
|
||||||
firewall compatible with this type.
|
firewall compatible with this type that allows all ports needed by Jitsi-Meet.
|
||||||
This file does not include rules for TCP port 9888, which exposes the
|
Note however that this will not deal with rules for SSH or for TCP port 9888,
|
||||||
prometheus exporter if not disabled.
|
which exposes the prometheus exporter if not disabled.
|
||||||
You should apply your own rules here.
|
Remember to apply your own rules here, particularly regarding SSH.
|
||||||
|
|
||||||
This type only works on De{bi,vu}an systems.
|
This type only works on De{bi,vu}an systems.
|
||||||
|
|
||||||
|
It is very important for this type to stay up to date with the software, as
|
||||||
|
otherwise new deployments or maintenance of existing instances might be
|
||||||
|
negatively affected.
|
||||||
|
If you can, please contribute updates to `__jitsi_meet` and
|
||||||
|
`__jitsi_meet_domain` promptly and regularly.
|
||||||
|
Alternatively, you can help finance that work; get in touch with the type
|
||||||
|
authors for that (see below).
|
||||||
|
|
||||||
|
This type takes care of adapting the maximum memory used by jicofo and
|
||||||
|
videobridge in function of the hosts installed memory.
|
||||||
|
|
||||||
NOTE: This type currently does not deal with setting up coturn.
|
NOTE: This type currently does not deal with setting up coturn.
|
||||||
For that, you might want to check `__coturn` in
|
For that, you might want to check `__coturn` in
|
||||||
https://code.ungleich.ch/ungleich-public/cdist-contrib
|
https://code.ungleich.ch/ungleich-public/cdist-contrib
|
||||||
|
@ -36,6 +47,14 @@ NOTE: This type currently does not deal with setting up coturn.
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
abort-conference-count
|
||||||
|
Only has an effect if the prometheus exporter is enabled and if it is not
|
||||||
|
empty (default).
|
||||||
|
If at least this many conferences are active on the server, the type will
|
||||||
|
bail out before making any changes.
|
||||||
|
This is useful if you want to avoid service disruptions due to e.g. an SLA.
|
||||||
|
|
||||||
|
|
||||||
turn-secret
|
turn-secret
|
||||||
The shared secret for the TURN server.
|
The shared secret for the TURN server.
|
||||||
|
|
||||||
|
@ -43,11 +62,6 @@ turn-server
|
||||||
The hostname of the TURN server.
|
The hostname of the TURN server.
|
||||||
This will assume that it is listening with TLS on port 443.
|
This will assume that it is listening with TLS on port 443.
|
||||||
|
|
||||||
jitsi-version
|
|
||||||
The jitsi-meet version of the Debian package to be installed.
|
|
||||||
While this can be specified, only the default value is known to work
|
|
||||||
properly with this type.
|
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
BOOLEAN PARAMETERS
|
||||||
------------------
|
------------------
|
||||||
|
@ -70,9 +84,11 @@ EXAMPLES
|
||||||
|
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
# Setup the firewall
|
# Setup the firewall for Jitsi-Meet
|
||||||
. "${__global}/type/__jitsi_meet/files/ufw"
|
. "${__global}/type/__jitsi_meet/files/ufw"
|
||||||
export require="__ufw"
|
export require="__ufw"
|
||||||
|
# Setup firewall SSH rules as necessary
|
||||||
|
__ufw_rule ssh --rule 'allow 22/tcp from 10.0.0.0/24'
|
||||||
# Setup Jitsi on this host
|
# Setup Jitsi on this host
|
||||||
__jitsi_meet \
|
__jitsi_meet \
|
||||||
--turn-server "turn.exo.cat" \
|
--turn-server "turn.exo.cat" \
|
||||||
|
@ -92,4 +108,4 @@ Evilham <contact@evilham.com>
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2021 Evilham.
|
Copyright \(C) 2022 Evilham.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
|
|
||||||
os="$(cat "${__global}/explorer/os")"
|
os="$(cat "${__global}/explorer/os")"
|
||||||
init="$(cat "${__global}/explorer/init")"
|
|
||||||
case "${os}" in
|
case "${os}" in
|
||||||
devuan|debian)
|
devuan|debian)
|
||||||
;;
|
;;
|
||||||
|
@ -11,10 +10,29 @@ case "${os}" in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
current_conferences="$(cat "${__object}/explorer/jitsi-status" | grep -E "^jitsi_conferences[[:space:]]" | cut -d ' ' -f 2)"
|
||||||
|
|
||||||
|
ABORT_CONFERENCE_COUNT="$(cat "${__object}/parameter/abort-conference-count")"
|
||||||
|
|
||||||
|
if [ -n "${current_conferences}" ] && [ -n "${ABORT_CONFERENCE_COUNT}" ] && \
|
||||||
|
[ "${ABORT_CONFERENCE_COUNT}" -le "${current_conferences}" ]; then
|
||||||
|
cat <<-EOF
|
||||||
|
Early bail out was requested when at least ${ABORT_CONFERENCE_COUNT} conferences are taking place.
|
||||||
|
There are currently ${current_conferences} active conferences.
|
||||||
|
|
||||||
|
Try again at a later time or remove or increase --abort-conference-count
|
||||||
|
EOF
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
JITSI_HOST="${__target_host}"
|
JITSI_HOST="${__target_host}"
|
||||||
# Currently unused, see below
|
if [ -f "${__object}/parameter/jitsi-version" ]; then
|
||||||
# JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
|
# This has been deprecated and will be removed 'soon'
|
||||||
|
JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
|
||||||
|
else
|
||||||
|
# Note this won't be a parameter anymore, we won't let users stay behind
|
||||||
|
JITSI_VERSION="$(cat "${__type}/files/jitsi-version")"
|
||||||
|
fi
|
||||||
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
|
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
|
||||||
TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
|
TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
|
||||||
|
|
||||||
|
@ -22,8 +40,6 @@ if [ -z "${TURN_SERVER}" ]; then
|
||||||
TURN_SERVER="${JITSI_HOST}"
|
TURN_SERVER="${JITSI_HOST}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
PROMETHEUS_JITSI_EXPORTER_IS_VERSION="$(cat "${__object}/explorer/prometheus-jitsi-meet-explorer-version")"
|
|
||||||
|
|
||||||
# The rest is loosely based on Jitsi's documentation
|
# The rest is loosely based on Jitsi's documentation
|
||||||
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
|
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
|
||||||
|
|
||||||
|
@ -55,11 +71,12 @@ __debconf_set_selections jitsi_meet --line "${DEBCONF_SETTINGS}"
|
||||||
export require="${require} __debconf_set_selections/jitsi_meet"
|
export require="${require} __debconf_set_selections/jitsi_meet"
|
||||||
|
|
||||||
# Install and upgrade packages as needed
|
# Install and upgrade packages as needed
|
||||||
__package_apt jitsi-meet
|
# NOTE: we are doing version pinning again, but it breaks sometimes when
|
||||||
# We are not doing version pinning anymore because it breaks when
|
|
||||||
# the version is not the latest.
|
# the version is not the latest.
|
||||||
# This happens because dependencies cannot be properly resolved.
|
# This happens because dependencies might not be properly resolved.
|
||||||
# --version "${JITSI_VERSION}"
|
# To avoid this, this type must be maintained up to date.
|
||||||
|
# If we don't use this, keeping Jitsi's up to date is very difficult.
|
||||||
|
__package_apt jitsi-meet --version "${JITSI_VERSION}"
|
||||||
|
|
||||||
# Proceed only after installation/upgrade has finished
|
# Proceed only after installation/upgrade has finished
|
||||||
export require="__package_apt/jitsi-meet"
|
export require="__package_apt/jitsi-meet"
|
||||||
|
@ -149,95 +166,144 @@ server {
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
if [ -f "${__object}/parameter/secured-domains" ]; then
|
# Starting from 2.0.7210, jitsi defines following nginx upstreams
|
||||||
SECURED_DOMAINS_STATE='present'
|
__directory "${NGINX_ETC}/conf.d" --state present
|
||||||
SECURED_DOMAINS_STATE_JICOFO='present'
|
require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/prosody.conf" \
|
||||||
else
|
--mode 644 \
|
||||||
SECURED_DOMAINS_STATE='absent'
|
|
||||||
SECURED_DOMAINS_STATE_JICOFO='absent'
|
|
||||||
fi
|
|
||||||
|
|
||||||
__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \
|
|
||||||
--owner prosody --group prosody --mode 0440 \
|
|
||||||
--state ${SECURED_DOMAINS_STATE} \
|
|
||||||
--source - << EOF
|
--source - << EOF
|
||||||
VirtualHost "${JITSI_HOST}"
|
upstream prosody {
|
||||||
authentication = "internal_plain"
|
zone upstreams 64K;
|
||||||
|
server 127.0.0.1:5280;
|
||||||
VirtualHost "guest.${JITSI_HOST}"
|
keepalive 2;
|
||||||
authentication = "anonymous"
|
}
|
||||||
c2s_require_encryption = false
|
|
||||||
EOF
|
EOF
|
||||||
|
require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/jvb1.conf" \
|
||||||
__block jitsi_jicofo_secured_domains \
|
--mode 644 \
|
||||||
--prefix "// begin cdist: jicofo_secured_domains" \
|
--source - << EOF
|
||||||
--suffix "// end cdist: jicofo_secured_domains" \
|
upstream jvb1 {
|
||||||
--file /etc/jitsi/jicofo/jicofo.conf \
|
zone upstreams 64K;
|
||||||
--state "${SECURED_DOMAINS_STATE_JICOFO}" \
|
server 127.0.0.1:9090;
|
||||||
--text '-' <<EOF
|
keepalive 2;
|
||||||
authentication: {
|
|
||||||
enabled: true
|
|
||||||
type: XMPP
|
|
||||||
login-url: ${JITSI_HOST}
|
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
if [ -f "${__object}/parameter/secured-domains" ]; then
|
||||||
|
SECURED_DOMAINS_STATE='present'
|
||||||
|
else
|
||||||
|
SECURED_DOMAINS_STATE='absent'
|
||||||
|
fi
|
||||||
|
|
||||||
|
# This is the main host config
|
||||||
|
PROSODY_MAIN_CONFIG="YES"
|
||||||
|
# Prosody settings for common components (jvb, focus, ...)
|
||||||
|
# shellcheck source=type/__jitsi_meet/files/prosody.cfg.lua.sh
|
||||||
|
. "${__type}/files/prosody.cfg.lua.sh" # This defines PROSODY_CONFIG
|
||||||
|
__file "/etc/prosody/conf.d/00_jitsi_base.cfg.lua" \
|
||||||
|
--group prosody \
|
||||||
|
--mode 0440 \
|
||||||
|
--source - <<EOF
|
||||||
|
${PROSODY_CONFIG}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Clean up zauth.cfg.lua file, which we don't use now
|
||||||
|
__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \
|
||||||
|
--state absent
|
||||||
|
|
||||||
|
export SECURED_DOMAINS_STATE
|
||||||
|
export JITSI_HOST
|
||||||
|
"${__type}/files/jicofo.conf.sh" | \
|
||||||
|
__file /etc/jitsi/jicofo/jicofo.conf --mode 0444 --source '-'
|
||||||
|
|
||||||
|
# Enable the private colibri REST API end point for better stats
|
||||||
|
__file "/etc/jitsi/videobridge/jvb.conf" --mode 0444 --source '-' <<EOFJVB
|
||||||
|
videobridge {
|
||||||
|
http-servers {
|
||||||
|
public {
|
||||||
|
port = 9090
|
||||||
|
}
|
||||||
|
private {
|
||||||
|
port = 8080
|
||||||
|
}
|
||||||
|
}
|
||||||
|
websockets {
|
||||||
|
enabled = true
|
||||||
|
domain = "${JITSI_HOST}:443"
|
||||||
|
tls = true
|
||||||
|
}
|
||||||
|
apis {
|
||||||
|
rest {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOFJVB
|
||||||
|
|
||||||
|
# Enable simple per-domain body customisation
|
||||||
|
__file "/usr/share/jitsi-meet/body.html" \
|
||||||
|
--mode 0644 \
|
||||||
|
--source '-' <<EOF
|
||||||
|
<!--#include virtual="body-\${host}.html" -->
|
||||||
|
EOF
|
||||||
|
|
||||||
# These two should be changed on new release
|
# These two should be changed on new release
|
||||||
PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.5"
|
EXPORTER_VERSION="1.2.0"
|
||||||
PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:3ddf43a48d9a2f62be1bc6db9e7ba75d61994f9423e5c5b28be019f41f06f745"
|
EXPORTER_CHECKSUM="sha256:6377ffa7be0c7deb66545616add7245da96f8b7746d6712f41cfa9fe72c935ce"
|
||||||
PROMETHEUS_JITSI_EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}/prometheus-jitsi-meet-exporter-linux-amd64"
|
EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${EXPORTER_VERSION}/prometheus-jitsi-meet-exporter_${EXPORTER_VERSION}_linux_amd64.tar.gz"
|
||||||
PROMETHEUS_JITSI_EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
|
if [ -f "${__object}/parameter/disable-prometheus-exporter" ]; then
|
||||||
if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then
|
EXPORTER_STATE="absent"
|
||||||
case "${init}" in
|
else
|
||||||
init|sysvinit)
|
EXPORTER_STATE="present"
|
||||||
__runit
|
|
||||||
require="__runit" __runit_service \
|
|
||||||
prometheus-jitsi-meet-exporter --log --source - <<EOF
|
|
||||||
#!/bin/sh -e
|
|
||||||
cd /tmp
|
|
||||||
exec chpst -u "nobody:nogroup" env HOME="/tmp" \\
|
|
||||||
prometheus-jitsi-meet-exporter \\
|
|
||||||
-videobridge-url 'http://localhost:8888/stats' \\
|
|
||||||
-web.listen-address ':9888' 2>&1
|
|
||||||
EOF
|
|
||||||
|
|
||||||
export require="__runit_service/prometheus-jitsi-meet-exporter"
|
|
||||||
JITSI_MEET_EXPORTER_SERVICE="sv %s prometheus-jitsi-meet-exporter"
|
|
||||||
;;
|
|
||||||
systemd)
|
|
||||||
__systemd_unit prometheus-jitsi-meet-exporter.service \
|
|
||||||
--source "-" \
|
|
||||||
--enablement-state "enabled" <<EOF
|
|
||||||
[Unit]
|
|
||||||
Description=Metrics Exporter for Jitsi Meet
|
|
||||||
After=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=simple
|
|
||||||
DynamicUser=yes
|
|
||||||
ExecStart=/usr/local/bin/prometheus-jitsi-meet-exporter -videobridge-url 'http://localhost:8888/stats' -web.listen-address ':9888'
|
|
||||||
Restart=always
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
EOF
|
|
||||||
export require="__systemd_unit/prometheus-jitsi-meet-exporter.service"
|
|
||||||
JITSI_MEET_EXPORTER_SERVICE="service prometheus-jitsi-meet-exporter %s"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
if [ "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" != \
|
|
||||||
"${PROMETHEUS_JITSI_EXPORTER_IS_VERSION}" ]; then
|
|
||||||
# shellcheck disable=SC2059
|
|
||||||
__download \
|
|
||||||
/tmp/prometheus-jitsi-meet-exporter \
|
|
||||||
--url "${PROMETHEUS_JITSI_EXPORTER_URL}" \
|
|
||||||
--download remote \
|
|
||||||
--sum "${PROMETHEUS_JITSI_EXPORTER_CHECKSUM}" \
|
|
||||||
--onchange "$(printf "${JITSI_MEET_EXPORTER_SERVICE}" "stop") || true; chmod 555 /tmp/prometheus-jitsi-meet-exporter && mv /tmp/prometheus-jitsi-meet-exporter /usr/local/bin/prometheus-jitsi-meet-exporter && $(printf "${JITSI_MEET_EXPORTER_SERVICE}" "restart")"
|
|
||||||
printf "%s" "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" | \
|
|
||||||
require="${require} __download/tmp/prometheus-jitsi-meet-exporter" __file \
|
|
||||||
"${PROMETHEUS_JITSI_EXPORTER_VERSION_FILE}" \
|
|
||||||
--source "-"
|
|
||||||
fi
|
fi
|
||||||
fi
|
__evilham_single_binary_service prometheus-jitsi-meet-exporter \
|
||||||
# TODO: disable the exporter if it is deployed and then admin changes their mind
|
--state "${EXPORTER_STATE}" \
|
||||||
|
--do-not-manage-user \
|
||||||
|
--user "nobody" \
|
||||||
|
--group "nogroup" \
|
||||||
|
--version "${EXPORTER_VERSION}" \
|
||||||
|
--checksum "${EXPORTER_CHECKSUM}" \
|
||||||
|
--url "${EXPORTER_URL}" \
|
||||||
|
--unpack \
|
||||||
|
--service-args "-videobridge-url 'http://localhost:8080/colibri/stats' -web.listen-address ':9888'"
|
||||||
|
|
||||||
|
#
|
||||||
|
# Setup interpreter assets if requested
|
||||||
|
# See: https://gitlab.com/mfmt/jsi/
|
||||||
|
#
|
||||||
|
jsi_updated_on="2022-04-21"
|
||||||
|
__link "/usr/share/jitsi-meet/interpreters.html" \
|
||||||
|
--type symbolic \
|
||||||
|
--source "/opt/jsi/static/index.html.sample"
|
||||||
|
__directory /opt/jsi --mode 0755
|
||||||
|
export require="__directory/opt/jsi"
|
||||||
|
__download /opt/jsi/jsi.tar.gz \
|
||||||
|
--url 'https://gitlab.com/mfmt/jsi/-/archive/1d2cceaf615ee61c0bba80e5bddc61c5d1018303/jsi-1d2cceaf615ee61c0bba80e5bddc61c5d1018303.tar.gz' \
|
||||||
|
--sum "sha256:b020141093daa9937507b098f358d0be994834c3e23866a457fc5140415a0c53"
|
||||||
|
export require="__download/opt/jsi/jsi.tar.gz"
|
||||||
|
__unpack /opt/jsi/jsi.tar.gz \
|
||||||
|
--preserve-archive \
|
||||||
|
--tar-strip 1 \
|
||||||
|
--destination /opt/jsi/static \
|
||||||
|
--onchange "$(cat <<EOF
|
||||||
|
# Patch style.css to be served on /i/
|
||||||
|
sed -i.tmp -E \
|
||||||
|
-e 's!url[(]/img/welcome-background.png[)]!url(/i/img/welcome-background.png)!' \
|
||||||
|
/opt/jsi/static/style.css
|
||||||
|
# Patch jsi.js to be served on /i/
|
||||||
|
# and so it always uses the domain it's served from
|
||||||
|
# and so it uses /i/ROOM for the form
|
||||||
|
sed -i.tmp -E \
|
||||||
|
-e 's!substr[(][0-9]+[)]!substr(3)!' \
|
||||||
|
-e 's!config[.]jitsimeet_url!url.host!' \
|
||||||
|
-e 's!(window[.]location[.]href)[[:space:]]*=[[:space:]]*"/"!\1 = "/i/"!' \
|
||||||
|
/opt/jsi/static/jsi.js
|
||||||
|
# Patch the sample index.html, so it loads external_api.js from same host
|
||||||
|
# and to easen up on the branding
|
||||||
|
# and to enable browser cache
|
||||||
|
sed -i.tmp -E \
|
||||||
|
-e "s!src=[^>]*(/external_api.js).!src='\1'!" \
|
||||||
|
-e "s!<h1>[^<]*</h1>!<h1>Jitsi Meetings with interpreter</h1>!" \
|
||||||
|
-e "s!https://meet.mayfirst.org!/!" \
|
||||||
|
-e "s!(style.css|jsi.js)([^?])!\1?v=${jsi_updated_on:?}\2!" \
|
||||||
|
/opt/jsi/static/index.html.sample
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
2.0.7001-1
|
|
4
type/__jitsi_meet/parameter/deprecated/jitsi-version
Normal file
4
type/__jitsi_meet/parameter/deprecated/jitsi-version
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
Supporting different versions lead to strange issues in the life-time of a
|
||||||
|
Jitsi instance. Chiefly: difficulties upgrading.
|
||||||
|
|
||||||
|
If you are specifying this for a valid reason, please get in touch.
|
|
@ -1,3 +1,4 @@
|
||||||
|
abort-conference-count
|
||||||
jitsi-version
|
jitsi-version
|
||||||
turn-secret
|
turn-secret
|
||||||
turn-server
|
turn-server
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
# We could automate this, but are using it as an indicator for the
|
# We could automate this, but are using it as an indicator for the
|
||||||
# latest branch with which we conciliated changes.
|
# latest branch with which we conciliated changes.
|
||||||
BRANCH="jitsi-meet_7001"
|
BRANCH="jitsi-meet_7439"
|
||||||
REPO="https://github.com/jitsi/jitsi-meet"
|
REPO="https://github.com/jitsi/jitsi-meet"
|
||||||
|
|
||||||
get_url() {
|
get_url() {
|
||||||
|
@ -28,3 +28,8 @@ download_file() {
|
||||||
download_file config.js
|
download_file config.js
|
||||||
download_file interface_config.js
|
download_file interface_config.js
|
||||||
download_file doc/debian/jitsi-meet/jitsi-meet.example nginx.sh.orig
|
download_file doc/debian/jitsi-meet/jitsi-meet.example nginx.sh.orig
|
||||||
|
download_file doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example prosody.cfg.lua.sh.orig
|
||||||
|
|
||||||
|
# Change the version file, maintainers should check that it matches
|
||||||
|
# the deb version
|
||||||
|
printf "2.0.%s-1" "${BRANCH#*_}" > jitsi-version
|
||||||
|
|
|
@ -4,32 +4,32 @@
|
||||||
JITSI_CONFIG_JS="$(cat <<EOF
|
JITSI_CONFIG_JS="$(cat <<EOF
|
||||||
/* eslint-disable no-unused-vars, no-var */
|
/* eslint-disable no-unused-vars, no-var */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* NOTE: If you add a new option please remember to document it here:
|
||||||
|
* https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration
|
||||||
|
*/
|
||||||
|
|
||||||
var config = {
|
var config = {
|
||||||
// Connection
|
// Connection
|
||||||
//
|
//
|
||||||
|
|
||||||
hosts: {
|
hosts: {
|
||||||
// XMPP domain.
|
// XMPP domain.
|
||||||
domain: '${JITSI_HOST}',
|
domain: '${DOMAIN}',
|
||||||
|
|
||||||
// When using authentication, domain for guest users.
|
// When using authentication, domain for guest users.
|
||||||
$( if [ -n "${SECURED_DOMAINS}" ]; then cat<<EOF2
|
$( if [ -z "${SECURED_DOMAINS}" ]; then printf "// "
|
||||||
anonymousdomain: 'guest.${JITSI_HOST}',
|
fi)anonymousdomain: 'guest.${DOMAIN}',
|
||||||
EOF2
|
|
||||||
else cat <<EOF2
|
|
||||||
// anonymousdomain: 'guest.example.com',
|
|
||||||
EOF2
|
|
||||||
fi
|
|
||||||
)
|
|
||||||
|
|
||||||
// Domain for authenticated users. Defaults to <domain>.
|
// Domain for authenticated users. Defaults to <domain>.
|
||||||
// authdomain: '${JITSI_HOST}',
|
// NOTE [cdist]: if we use '${DOMAIN}', jicofo won't start the meeting
|
||||||
|
authdomain: '${JITSI_HOST}',
|
||||||
|
|
||||||
// Focus component domain. Defaults to focus.<domain>.
|
// Focus component domain. Defaults to focus.<domain>.
|
||||||
// focus: 'focus.${JITSI_HOST}',
|
focus: 'focus.${JITSI_HOST}',
|
||||||
|
|
||||||
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||||
muc: 'conference.${JITSI_HOST}'
|
muc: 'conference.${DOMAIN}'
|
||||||
},
|
},
|
||||||
|
|
||||||
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||||
|
@ -37,12 +37,12 @@ fi
|
||||||
bosh: '//<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind',
|
bosh: '//<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind',
|
||||||
|
|
||||||
// Websocket URL
|
// Websocket URL
|
||||||
// websocket: 'wss://${JITSI_HOST}/xmpp-websocket',
|
// websocket: 'wss://${DOMAIN}/xmpp-websocket',
|
||||||
|
|
||||||
// The real JID of focus participant - can be overridden here
|
// The real JID of focus participant - can be overridden here
|
||||||
// Do not change username - FIXME: Make focus username configurable
|
// Do not change username - FIXME: Make focus username configurable
|
||||||
// https://github.com/jitsi/jitsi-meet/issues/7376
|
// https://github.com/jitsi/jitsi-meet/issues/7376
|
||||||
// focusUserJid: 'focus@auth.${JITSI_HOST}',
|
focusUserJid: 'focus@auth.${JITSI_HOST}',
|
||||||
|
|
||||||
|
|
||||||
// Testing / experimental features.
|
// Testing / experimental features.
|
||||||
|
@ -80,6 +80,11 @@ fi
|
||||||
// or disabled for the screenshare.
|
// or disabled for the screenshare.
|
||||||
// capScreenshareBitrate: 1 // 0 to disable - deprecated.
|
// capScreenshareBitrate: 1 // 0 to disable - deprecated.
|
||||||
|
|
||||||
|
// Whether to use fake constraints (height: 99999, width: 99999) when calling getDisplayMedia on
|
||||||
|
// Chromium based browsers. This is intended as a workaround for
|
||||||
|
// https://bugs.chromium.org/p/chromium/issues/detail?id=1056311
|
||||||
|
// setScreenSharingResolutionConstraints: true
|
||||||
|
|
||||||
// Enable callstats only for a percentage of users.
|
// Enable callstats only for a percentage of users.
|
||||||
// This takes a value between 0 and 100 which determines the probability for
|
// This takes a value between 0 and 100 which determines the probability for
|
||||||
// the callstats to be enabled.
|
// the callstats to be enabled.
|
||||||
|
@ -90,6 +95,10 @@ fi
|
||||||
flags: {
|
flags: {
|
||||||
// Enables source names in the signaling.
|
// Enables source names in the signaling.
|
||||||
// sourceNameSignaling: false,
|
// sourceNameSignaling: false,
|
||||||
|
|
||||||
|
// Enables sending multiple video streams, i.e., camera and desktop tracks can be shared in the conference
|
||||||
|
// separately as two different streams instead of one composite stream.
|
||||||
|
// sendMultipleVideoStreams: false
|
||||||
},
|
},
|
||||||
|
|
||||||
// Disables moderator indicators.
|
// Disables moderator indicators.
|
||||||
|
@ -276,9 +285,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// appKey: '<APP_KEY>' // Specify your app key here.
|
// appKey: '<APP_KEY>' // Specify your app key here.
|
||||||
// // A URL to redirect the user to, after authenticating
|
// // A URL to redirect the user to, after authenticating
|
||||||
// // by default uses:
|
// // by default uses:
|
||||||
// // 'https://${JITSI_HOST}/static/oauth.html'
|
// // 'https://${DOMAIN}/static/oauth.html'
|
||||||
// redirectURI:
|
// redirectURI:
|
||||||
// 'https://${JITSI_HOST}/subfolder/static/oauth.html'
|
// 'https://${DOMAIN}/subfolder/static/oauth.html'
|
||||||
// },
|
// },
|
||||||
// When integrations like dropbox are enabled only that will be shown,
|
// When integrations like dropbox are enabled only that will be shown,
|
||||||
// by enabling fileRecordingsServiceEnabled, we show both the integrations
|
// by enabling fileRecordingsServiceEnabled, we show both the integrations
|
||||||
|
@ -293,6 +302,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// Whether to enable live streaming or not.
|
// Whether to enable live streaming or not.
|
||||||
// liveStreamingEnabled: false,
|
// liveStreamingEnabled: false,
|
||||||
|
|
||||||
|
// Whether to enable local recording or not.
|
||||||
|
// enableLocalRecording: false,
|
||||||
|
|
||||||
// Transcription (in interface_config,
|
// Transcription (in interface_config,
|
||||||
// subtitles and buttons can be configured)
|
// subtitles and buttons can be configured)
|
||||||
// transcribingEnabled: false,
|
// transcribingEnabled: false,
|
||||||
|
@ -486,6 +498,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// If Lobby is enabled starts knocking automatically.
|
// If Lobby is enabled starts knocking automatically.
|
||||||
// autoKnockLobby: false,
|
// autoKnockLobby: false,
|
||||||
|
|
||||||
|
// Enable lobby chat.
|
||||||
|
// enableLobbyChat: true,
|
||||||
|
|
||||||
// DEPRECATED! Use \`breakoutRooms.hideAddRoomButton\` instead.
|
// DEPRECATED! Use \`breakoutRooms.hideAddRoomButton\` instead.
|
||||||
// Hides add breakout room button
|
// Hides add breakout room button
|
||||||
// hideAddRoomButton: false,
|
// hideAddRoomButton: false,
|
||||||
|
@ -525,7 +540,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// Hides the dominant speaker name badge that hovers above the toolbox
|
// Hides the dominant speaker name badge that hovers above the toolbox
|
||||||
// hideDominantSpeakerBadge: false,
|
// hideDominantSpeakerBadge: false,
|
||||||
|
|
||||||
// Default language for the user interface.
|
// Default language for the user interface. Cannot be overwritten.
|
||||||
defaultLanguage: '${DEFAULT_LANGUAGE}',
|
defaultLanguage: '${DEFAULT_LANGUAGE}',
|
||||||
|
|
||||||
// Disables profile and the edit of all fields from the profile settings (display name and email)
|
// Disables profile and the edit of all fields from the profile settings (display name and email)
|
||||||
|
@ -554,6 +569,10 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
|
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
|
||||||
// // This replaces \`prejoinPageEnabled\`.
|
// // This replaces \`prejoinPageEnabled\`.
|
||||||
// enabled: true,
|
// enabled: true,
|
||||||
|
// // Hides the participant name editing field in the prejoin screen.
|
||||||
|
// // If requireDisplayName is also set as true, a name should still be provided through
|
||||||
|
// // either the jwt or the userInfo from the iframe api init object in order for this to have an effect.
|
||||||
|
// hideDisplayName: false,
|
||||||
// // List of buttons to hide from the extra join options dropdown.
|
// // List of buttons to hide from the extra join options dropdown.
|
||||||
// hideExtraJoinButtons: ['no-audio', 'by-phone']
|
// hideExtraJoinButtons: ['no-audio', 'by-phone']
|
||||||
// },
|
// },
|
||||||
|
@ -581,8 +600,17 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// Array with avatar URL prefixes that need to use CORS.
|
// Array with avatar URL prefixes that need to use CORS.
|
||||||
// corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ],
|
// corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ],
|
||||||
|
|
||||||
// Base URL for a Gravatar-compatible service. Defaults to libravatar.
|
// Base URL for a Gravatar-compatible service. Defaults to Gravatar.
|
||||||
// gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/',
|
// DEPRECATED! Use \`gravatar.baseUrl\` instead.
|
||||||
|
// gravatarBaseURL: 'https://www.gravatar.com/avatar/',
|
||||||
|
|
||||||
|
// Setup for Gravatar-compatible services.
|
||||||
|
// gravatar: {
|
||||||
|
// // Defaults to Gravatar.
|
||||||
|
// baseUrl: 'https://www.gravatar.com/avatar/',
|
||||||
|
// // True if Gravatar should be disabled.
|
||||||
|
// disabled: false
|
||||||
|
// },
|
||||||
|
|
||||||
// App name to be displayed in the invitation email subject, as an alternative to
|
// App name to be displayed in the invitation email subject, as an alternative to
|
||||||
// interfaceConfig.APP_NAME.
|
// interfaceConfig.APP_NAME.
|
||||||
|
@ -604,6 +632,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// 'chat',
|
// 'chat',
|
||||||
// 'closedcaptions',
|
// 'closedcaptions',
|
||||||
// 'desktop',
|
// 'desktop',
|
||||||
|
// 'dock-iframe'
|
||||||
// 'download',
|
// 'download',
|
||||||
// 'embedmeeting',
|
// 'embedmeeting',
|
||||||
// 'etherpad',
|
// 'etherpad',
|
||||||
|
@ -612,11 +641,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// 'fullscreen',
|
// 'fullscreen',
|
||||||
// 'hangup',
|
// 'hangup',
|
||||||
// 'help',
|
// 'help',
|
||||||
|
// 'highlight',
|
||||||
// 'invite',
|
// 'invite',
|
||||||
|
// 'linktosalesforce',
|
||||||
// 'livestreaming',
|
// 'livestreaming',
|
||||||
// 'microphone',
|
// 'microphone',
|
||||||
// 'mute-everyone',
|
|
||||||
// 'mute-video-everyone',
|
|
||||||
// 'participants-pane',
|
// 'participants-pane',
|
||||||
// 'profile',
|
// 'profile',
|
||||||
// 'raisehand',
|
// 'raisehand',
|
||||||
|
@ -630,6 +659,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// 'stats',
|
// 'stats',
|
||||||
// 'tileview',
|
// 'tileview',
|
||||||
// 'toggle-camera',
|
// 'toggle-camera',
|
||||||
|
// 'undock-iframe',
|
||||||
// 'videoquality',
|
// 'videoquality',
|
||||||
// '__end'
|
// '__end'
|
||||||
// ],
|
// ],
|
||||||
|
@ -644,7 +674,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// timeout: 4000,
|
// timeout: 4000,
|
||||||
// // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
|
// // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
|
||||||
// // Whether toolbar should be always visible or should hide after x miliseconds.
|
// // Whether toolbar should be always visible or should hide after x miliseconds.
|
||||||
// alwaysVisible: false
|
// alwaysVisible: false,
|
||||||
|
// // Indicates whether the toolbar should still autohide when chat is open
|
||||||
|
// autoHideWhileChatIsOpen: false
|
||||||
// },
|
// },
|
||||||
|
|
||||||
// Toolbar buttons which have their click/tap event exposed through the API on
|
// Toolbar buttons which have their click/tap event exposed through the API on
|
||||||
|
@ -753,11 +785,25 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// Enables sending participants' emails (if available) to callstats and other analytics
|
// Enables sending participants' emails (if available) to callstats and other analytics
|
||||||
// enableEmailInStats: false,
|
// enableEmailInStats: false,
|
||||||
|
|
||||||
// Enables detecting faces of participants and get their expression and send it to other participants
|
// faceLandmarks: {
|
||||||
// enableFacialRecognition: true,
|
// // Enables sharing your face coordinates. Used for centering faces within a video.
|
||||||
|
// enableFaceCentering: false,
|
||||||
|
|
||||||
// Enables displaying facial expressions in speaker stats
|
// // Enables detecting face expressions and sharing data with other participants
|
||||||
// enableDisplayFacialExpressions: true,
|
// enableFaceExpressionsDetection: false,
|
||||||
|
|
||||||
|
// // Enables displaying face expressions in speaker stats
|
||||||
|
// enableDisplayFaceExpressions: false,
|
||||||
|
|
||||||
|
// // Enable rtc stats for face landmarks
|
||||||
|
// enableRTCStats: false,
|
||||||
|
|
||||||
|
// // Minimum required face movement percentage threshold for sending new face centering coordinates data.
|
||||||
|
// faceCenteringThreshold: 10,
|
||||||
|
|
||||||
|
// // Milliseconds for processing a new image capture in order to detect face coordinates if they exist.
|
||||||
|
// captureInterval: 1000
|
||||||
|
// },
|
||||||
|
|
||||||
// Controls the percentage of automatic feedback shown to participants when callstats is enabled.
|
// Controls the percentage of automatic feedback shown to participants when callstats is enabled.
|
||||||
// The default value is 100%. If set to 0, no automatic feedback will be requested
|
// The default value is 100%. If set to 0, no automatic feedback will be requested
|
||||||
|
@ -823,6 +869,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
},
|
},
|
||||||
|
|
||||||
analytics: {
|
analytics: {
|
||||||
|
${ANALYTICS_SETTINGS}
|
||||||
// True if the analytics should be disabled
|
// True if the analytics should be disabled
|
||||||
// disabled: false,
|
// disabled: false,
|
||||||
|
|
||||||
|
@ -910,33 +957,22 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// chromeExtensionBanner: {
|
// chromeExtensionBanner: {
|
||||||
// // The chrome extension to be installed address
|
// // The chrome extension to be installed address
|
||||||
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||||
|
// edgeUrl: 'https://microsoftedge.microsoft.com/addons/detail/jitsi-meetings/eeecajlpbgjppibfledfihobcabccihn',
|
||||||
|
|
||||||
// // Extensions info which allows checking if they are installed or not
|
// // Extensions info which allows checking if they are installed or not
|
||||||
// chromeExtensionsInfo: [
|
// chromeExtensionsInfo: [
|
||||||
// {
|
// {
|
||||||
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||||
// path: 'jitsi-logo-48x48.png'
|
// path: 'jitsi-logo-48x48.png'
|
||||||
|
// },
|
||||||
|
// // Edge extension info
|
||||||
|
// {
|
||||||
|
// id: 'eeecajlpbgjppibfledfihobcabccihn',
|
||||||
|
// path: 'jitsi-logo-48x48.png'
|
||||||
// }
|
// }
|
||||||
// ]
|
// ]
|
||||||
// },
|
// },
|
||||||
|
|
||||||
// Local Recording
|
|
||||||
//
|
|
||||||
|
|
||||||
// localRecording: {
|
|
||||||
// Enables local recording.
|
|
||||||
// Additionally, 'localrecording' (all lowercase) needs to be added to
|
|
||||||
// the \`toolbarButtons\`-array for the Local Recording button to show up
|
|
||||||
// on the toolbar.
|
|
||||||
//
|
|
||||||
// enabled: true,
|
|
||||||
//
|
|
||||||
|
|
||||||
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
|
|
||||||
// format: 'flac'
|
|
||||||
//
|
|
||||||
|
|
||||||
// },
|
|
||||||
// e2ee: {
|
// e2ee: {
|
||||||
// labels,
|
// labels,
|
||||||
// externallyManagedKey: false
|
// externallyManagedKey: false
|
||||||
|
@ -944,14 +980,18 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
|
|
||||||
// Options related to end-to-end (participant to participant) ping.
|
// Options related to end-to-end (participant to participant) ping.
|
||||||
// e2eping: {
|
// e2eping: {
|
||||||
// // The interval in milliseconds at which pings will be sent.
|
// // Whether ene-to-end pings should be enabled.
|
||||||
// // Defaults to 10000, set to <= 0 to disable.
|
// enabled: false,
|
||||||
// pingInterval: 10000,
|
|
||||||
//
|
//
|
||||||
// // The interval in milliseconds at which analytics events
|
// // The number of responses to wait for.
|
||||||
// // with the measured RTT will be sent. Defaults to 60000, set
|
// numRequests: 5,
|
||||||
// // to <= 0 to disable.
|
//
|
||||||
// analyticsInterval: 60000,
|
// // The max conference size in which e2e pings will be sent.
|
||||||
|
// maxConferenceSize: 200,
|
||||||
|
//
|
||||||
|
// // The maximum number of e2e ping messages per second for the whole conference to aim for.
|
||||||
|
// // This is used to contol the pacing of messages in order to reduce the load on the backend.
|
||||||
|
// maxMessagesPerSecond: 250
|
||||||
// },
|
// },
|
||||||
|
|
||||||
// If set, will attempt to use the provided video input device label when
|
// If set, will attempt to use the provided video input device label when
|
||||||
|
@ -978,7 +1018,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// Disables all invite functions from the app (share, invite, dial out...etc)
|
// Disables all invite functions from the app (share, invite, dial out...etc)
|
||||||
// disableInviteFunctions: true,
|
// disableInviteFunctions: true,
|
||||||
|
|
||||||
// Disables storing the room name to the recents list
|
// Disables storing the room name to the recents list. When in an iframe this is ignored and
|
||||||
|
// the room is never stored in the recents list.
|
||||||
// doNotStoreRoom: true,
|
// doNotStoreRoom: true,
|
||||||
|
|
||||||
// Deployment specific URLs.
|
// Deployment specific URLs.
|
||||||
|
@ -993,12 +1034,25 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
|
|
||||||
// Options related to the remote participant menu.
|
// Options related to the remote participant menu.
|
||||||
// remoteVideoMenu: {
|
// remoteVideoMenu: {
|
||||||
|
// // Whether the remote video context menu to be rendered or not.
|
||||||
|
// disabled: true,
|
||||||
// // If set to true the 'Kick out' button will be disabled.
|
// // If set to true the 'Kick out' button will be disabled.
|
||||||
// disableKick: true,
|
// disableKick: true,
|
||||||
// // If set to true the 'Grant moderator' button will be disabled.
|
// // If set to true the 'Grant moderator' button will be disabled.
|
||||||
// disableGrantModerator: true
|
// disableGrantModerator: true,
|
||||||
|
// // If set to true the 'Send private message' button will be disabled.
|
||||||
|
// disablePrivateChat: true
|
||||||
// },
|
// },
|
||||||
|
|
||||||
|
// Endpoint that enables support for salesforce integration with in-meeting resource linking
|
||||||
|
// This is required for:
|
||||||
|
// listing the most recent records - salesforceUrl/records/recents
|
||||||
|
// searching records - salesforceUrl/records?text=\${text}
|
||||||
|
// retrieving record details - salesforceUrl/records/\${id}?type=\${type}
|
||||||
|
// and linking the meeting - salesforceUrl/sessions/\${sessionId}/records/\${id}
|
||||||
|
//
|
||||||
|
// salesforceUrl: 'https://api.example.com/',
|
||||||
|
|
||||||
// If set to true all muting operations of remote participants will be disabled.
|
// If set to true all muting operations of remote participants will be disabled.
|
||||||
// disableRemoteMute: true,
|
// disableRemoteMute: true,
|
||||||
|
|
||||||
|
@ -1062,10 +1116,22 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
*/
|
*/
|
||||||
dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}",
|
dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}",
|
||||||
|
|
||||||
|
// Options related to the participants pane.
|
||||||
|
// participantsPane: {
|
||||||
|
// // Hides the moderator settings tab.
|
||||||
|
// hideModeratorSettingsTab: false,
|
||||||
|
// // Hides the more actions button.
|
||||||
|
// hideMoreActionsButton: false,
|
||||||
|
// // Hides the mute all button.
|
||||||
|
// hideMuteAllButton: false
|
||||||
|
// },
|
||||||
|
|
||||||
// Options related to the breakout rooms feature.
|
// Options related to the breakout rooms feature.
|
||||||
// breakoutRooms: {
|
// breakoutRooms: {
|
||||||
// // Hides the add breakout room button. This replaces \`hideAddRoomButton\`.
|
// // Hides the add breakout room button. This replaces \`hideAddRoomButton\`.
|
||||||
// hideAddRoomButton: false,
|
// hideAddRoomButton: false,
|
||||||
|
// // Hides the auto assign participants button.
|
||||||
|
// hideAutoAssignButton: false,
|
||||||
// // Hides the join breakout room button.
|
// // Hides the join breakout room button.
|
||||||
// hideJoinRoomButton: false
|
// hideJoinRoomButton: false
|
||||||
// },
|
// },
|
||||||
|
@ -1096,7 +1162,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
|
// If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
|
||||||
// conferenceInfo: {
|
// conferenceInfo: {
|
||||||
// // those labels will not be hidden in tandem with the toolbox.
|
// // those labels will not be hidden in tandem with the toolbox.
|
||||||
// alwaysVisible: ['recording', 'local-recording', 'raised-hands-count'],
|
// alwaysVisible: ['recording', 'raised-hands-count'],
|
||||||
// // those labels will be auto-hidden in tandem with the toolbox buttons.
|
// // those labels will be auto-hidden in tandem with the toolbox buttons.
|
||||||
// autoHide: [
|
// autoHide: [
|
||||||
// 'subject',
|
// 'subject',
|
||||||
|
@ -1105,7 +1171,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// 'e2ee',
|
// 'e2ee',
|
||||||
// 'transcribing',
|
// 'transcribing',
|
||||||
// 'video-quality',
|
// 'video-quality',
|
||||||
// 'insecure-room'
|
// 'insecure-room',
|
||||||
|
// 'highlight-moment'
|
||||||
// ]
|
// ]
|
||||||
// },
|
// },
|
||||||
|
|
||||||
|
@ -1139,14 +1206,24 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// will open an etherpad document.
|
// will open an etherpad document.
|
||||||
// etherpad_base: 'https://your-etherpad-installati.on/p/',
|
// etherpad_base: 'https://your-etherpad-installati.on/p/',
|
||||||
|
|
||||||
|
// To enable information about dial-in access to meetings you need to provide
|
||||||
|
// dialInNumbersUrl and dialInConfCodeUrl.
|
||||||
|
// dialInNumbersUrl returns a json array of numbers that can be used for dial-in.
|
||||||
|
// {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"}
|
||||||
|
// dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
|
||||||
|
// or the other way around (more info in resources/cloud-api.swagger)
|
||||||
|
//
|
||||||
|
// For JaaS customers the default values are:
|
||||||
|
// dialInNumbersUrl: 'https://conference-mapper.jitsi.net/v1/access/dids',
|
||||||
|
// dialInConfCodeUrl: 'https://conference-mapper.jitsi.net/v1/access',
|
||||||
|
//
|
||||||
|
|
||||||
// List of undocumented settings used in jitsi-meet
|
// List of undocumented settings used in jitsi-meet
|
||||||
/**
|
/**
|
||||||
_immediateReloadThreshold
|
_immediateReloadThreshold
|
||||||
debug
|
debug
|
||||||
debugAudioLevels
|
debugAudioLevels
|
||||||
deploymentInfo
|
deploymentInfo
|
||||||
dialInConfCodeUrl
|
|
||||||
dialInNumbersUrl
|
|
||||||
dialOutAuthUrl
|
dialOutAuthUrl
|
||||||
dialOutCodesUrl
|
dialOutCodesUrl
|
||||||
disableRemoteControl
|
disableRemoteControl
|
||||||
|
@ -1231,7 +1308,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
|
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
|
||||||
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
|
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
|
||||||
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
|
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
|
||||||
// 'localRecording.localRecording', // shown when a local recording is started
|
|
||||||
// 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
|
// 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
|
||||||
// 'notify.disconnected', // shown when a participant has left
|
// 'notify.disconnected', // shown when a participant has left
|
||||||
// 'notify.connectedOneMember', // show when a participant joined
|
// 'notify.connectedOneMember', // show when a participant joined
|
||||||
|
@ -1245,6 +1321,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
|
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
|
||||||
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited
|
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited
|
||||||
// 'notify.kickParticipant', // shown when a participant is kicked
|
// 'notify.kickParticipant', // shown when a participant is kicked
|
||||||
|
// 'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration
|
||||||
// 'notify.moderationStartedTitle', // shown when AV moderation is activated
|
// 'notify.moderationStartedTitle', // shown when AV moderation is activated
|
||||||
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
|
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
|
||||||
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
|
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
|
||||||
|
@ -1260,6 +1337,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// 'notify.raisedHand', // shown when a partcipant used raise hand,
|
// 'notify.raisedHand', // shown when a partcipant used raise hand,
|
||||||
// 'notify.startSilentTitle', // shown when user joined with no audio
|
// 'notify.startSilentTitle', // shown when user joined with no audio
|
||||||
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation
|
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation
|
||||||
|
// 'notify.hostAskedUnmute', // shown to participant when host asks them to unmute
|
||||||
// 'prejoin.errorDialOut',
|
// 'prejoin.errorDialOut',
|
||||||
// 'prejoin.errorDialOutDisconnected',
|
// 'prejoin.errorDialOutDisconnected',
|
||||||
// 'prejoin.errorDialOutFailed',
|
// 'prejoin.errorDialOutFailed',
|
||||||
|
@ -1275,6 +1353,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// 'transcribing.failedToStart' // shown when transcribing fails to start
|
// 'transcribing.failedToStart' // shown when transcribing fails to start
|
||||||
// ],
|
// ],
|
||||||
|
|
||||||
|
// List of notifications to be disabled. Works in tandem with the above setting.
|
||||||
|
// disabledNotifications: [],
|
||||||
|
|
||||||
// Prevent the filmstrip from autohiding when screen width is under a certain threshold
|
// Prevent the filmstrip from autohiding when screen width is under a certain threshold
|
||||||
// disableFilmstripAutohiding: false,
|
// disableFilmstripAutohiding: false,
|
||||||
|
|
||||||
|
@ -1282,12 +1363,37 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
|
||||||
// // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
|
// // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
|
||||||
// // (width, tiles aspect ratios) through the interfaceConfig options.
|
// // (width, tiles aspect ratios) through the interfaceConfig options.
|
||||||
// disableResizable: false,
|
// disableResizable: false,
|
||||||
// }
|
|
||||||
|
|
||||||
|
// // Disables the stage filmstrip
|
||||||
|
// // (displaying multiple participants on stage besides the vertical filmstrip)
|
||||||
|
// disableStageFilmstrip: false
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Tile view related config options.
|
||||||
|
// tileView: {
|
||||||
|
// // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may
|
||||||
|
// // not be possible to show the exact number of participants specified here.
|
||||||
|
// numberOfVisibleTiles: 25
|
||||||
|
// },
|
||||||
|
|
||||||
// Specifies whether the chat emoticons are disabled or not
|
// Specifies whether the chat emoticons are disabled or not
|
||||||
// disableChatSmileys: false,
|
// disableChatSmileys: false,
|
||||||
|
|
||||||
|
// Settings for the GIPHY integration.
|
||||||
|
// giphy: {
|
||||||
|
// // Whether the feature is enabled or not.
|
||||||
|
// enabled: false,
|
||||||
|
// // SDK API Key from Giphy.
|
||||||
|
// sdkKey: '',
|
||||||
|
// // Display mode can be one of:
|
||||||
|
// // - tile: show the GIF on the tile of the participant that sent it.
|
||||||
|
// // - chat: show the GIF as a message in chat
|
||||||
|
// // - all: all of the above. This is the default option
|
||||||
|
// displayMode: 'all',
|
||||||
|
// // How long the GIF should be displayed on the tile (in miliseconds).
|
||||||
|
// tileTime: 5000
|
||||||
|
// },
|
||||||
|
|
||||||
// Allow all above example options to include a trailing comma and
|
// Allow all above example options to include a trailing comma and
|
||||||
// prevent fear when commenting out the last value.
|
// prevent fear when commenting out the last value.
|
||||||
makeJsonParserHappy: 'even if last key had a trailing comma'
|
makeJsonParserHappy: 'even if last key had a trailing comma'
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
|
|
||||||
/* eslint-disable no-unused-vars, no-var */
|
/* eslint-disable no-unused-vars, no-var */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* NOTE: If you add a new option please remember to document it here:
|
||||||
|
* https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration
|
||||||
|
*/
|
||||||
|
|
||||||
var config = {
|
var config = {
|
||||||
// Connection
|
// Connection
|
||||||
//
|
//
|
||||||
|
@ -68,6 +74,11 @@ var config = {
|
||||||
// or disabled for the screenshare.
|
// or disabled for the screenshare.
|
||||||
// capScreenshareBitrate: 1 // 0 to disable - deprecated.
|
// capScreenshareBitrate: 1 // 0 to disable - deprecated.
|
||||||
|
|
||||||
|
// Whether to use fake constraints (height: 99999, width: 99999) when calling getDisplayMedia on
|
||||||
|
// Chromium based browsers. This is intended as a workaround for
|
||||||
|
// https://bugs.chromium.org/p/chromium/issues/detail?id=1056311
|
||||||
|
// setScreenSharingResolutionConstraints: true
|
||||||
|
|
||||||
// Enable callstats only for a percentage of users.
|
// Enable callstats only for a percentage of users.
|
||||||
// This takes a value between 0 and 100 which determines the probability for
|
// This takes a value between 0 and 100 which determines the probability for
|
||||||
// the callstats to be enabled.
|
// the callstats to be enabled.
|
||||||
|
@ -78,6 +89,10 @@ var config = {
|
||||||
flags: {
|
flags: {
|
||||||
// Enables source names in the signaling.
|
// Enables source names in the signaling.
|
||||||
// sourceNameSignaling: false,
|
// sourceNameSignaling: false,
|
||||||
|
|
||||||
|
// Enables sending multiple video streams, i.e., camera and desktop tracks can be shared in the conference
|
||||||
|
// separately as two different streams instead of one composite stream.
|
||||||
|
// sendMultipleVideoStreams: false
|
||||||
},
|
},
|
||||||
|
|
||||||
// Disables moderator indicators.
|
// Disables moderator indicators.
|
||||||
|
@ -280,6 +295,9 @@ var config = {
|
||||||
// Whether to enable live streaming or not.
|
// Whether to enable live streaming or not.
|
||||||
// liveStreamingEnabled: false,
|
// liveStreamingEnabled: false,
|
||||||
|
|
||||||
|
// Whether to enable local recording or not.
|
||||||
|
// enableLocalRecording: false,
|
||||||
|
|
||||||
// Transcription (in interface_config,
|
// Transcription (in interface_config,
|
||||||
// subtitles and buttons can be configured)
|
// subtitles and buttons can be configured)
|
||||||
// transcribingEnabled: false,
|
// transcribingEnabled: false,
|
||||||
|
@ -473,6 +491,9 @@ var config = {
|
||||||
// If Lobby is enabled starts knocking automatically.
|
// If Lobby is enabled starts knocking automatically.
|
||||||
// autoKnockLobby: false,
|
// autoKnockLobby: false,
|
||||||
|
|
||||||
|
// Enable lobby chat.
|
||||||
|
// enableLobbyChat: true,
|
||||||
|
|
||||||
// DEPRECATED! Use `breakoutRooms.hideAddRoomButton` instead.
|
// DEPRECATED! Use `breakoutRooms.hideAddRoomButton` instead.
|
||||||
// Hides add breakout room button
|
// Hides add breakout room button
|
||||||
// hideAddRoomButton: false,
|
// hideAddRoomButton: false,
|
||||||
|
@ -512,7 +533,7 @@ var config = {
|
||||||
// Hides the dominant speaker name badge that hovers above the toolbox
|
// Hides the dominant speaker name badge that hovers above the toolbox
|
||||||
// hideDominantSpeakerBadge: false,
|
// hideDominantSpeakerBadge: false,
|
||||||
|
|
||||||
// Default language for the user interface.
|
// Default language for the user interface. Cannot be overwritten.
|
||||||
// defaultLanguage: 'en',
|
// defaultLanguage: 'en',
|
||||||
|
|
||||||
// Disables profile and the edit of all fields from the profile settings (display name and email)
|
// Disables profile and the edit of all fields from the profile settings (display name and email)
|
||||||
|
@ -541,6 +562,10 @@ var config = {
|
||||||
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
|
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
|
||||||
// // This replaces `prejoinPageEnabled`.
|
// // This replaces `prejoinPageEnabled`.
|
||||||
// enabled: true,
|
// enabled: true,
|
||||||
|
// // Hides the participant name editing field in the prejoin screen.
|
||||||
|
// // If requireDisplayName is also set as true, a name should still be provided through
|
||||||
|
// // either the jwt or the userInfo from the iframe api init object in order for this to have an effect.
|
||||||
|
// hideDisplayName: false,
|
||||||
// // List of buttons to hide from the extra join options dropdown.
|
// // List of buttons to hide from the extra join options dropdown.
|
||||||
// hideExtraJoinButtons: ['no-audio', 'by-phone']
|
// hideExtraJoinButtons: ['no-audio', 'by-phone']
|
||||||
// },
|
// },
|
||||||
|
@ -568,8 +593,17 @@ var config = {
|
||||||
// Array with avatar URL prefixes that need to use CORS.
|
// Array with avatar URL prefixes that need to use CORS.
|
||||||
// corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ],
|
// corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ],
|
||||||
|
|
||||||
// Base URL for a Gravatar-compatible service. Defaults to libravatar.
|
// Base URL for a Gravatar-compatible service. Defaults to Gravatar.
|
||||||
// gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/',
|
// DEPRECATED! Use `gravatar.baseUrl` instead.
|
||||||
|
// gravatarBaseURL: 'https://www.gravatar.com/avatar/',
|
||||||
|
|
||||||
|
// Setup for Gravatar-compatible services.
|
||||||
|
// gravatar: {
|
||||||
|
// // Defaults to Gravatar.
|
||||||
|
// baseUrl: 'https://www.gravatar.com/avatar/',
|
||||||
|
// // True if Gravatar should be disabled.
|
||||||
|
// disabled: false
|
||||||
|
// },
|
||||||
|
|
||||||
// App name to be displayed in the invitation email subject, as an alternative to
|
// App name to be displayed in the invitation email subject, as an alternative to
|
||||||
// interfaceConfig.APP_NAME.
|
// interfaceConfig.APP_NAME.
|
||||||
|
@ -591,6 +625,7 @@ var config = {
|
||||||
// 'chat',
|
// 'chat',
|
||||||
// 'closedcaptions',
|
// 'closedcaptions',
|
||||||
// 'desktop',
|
// 'desktop',
|
||||||
|
// 'dock-iframe'
|
||||||
// 'download',
|
// 'download',
|
||||||
// 'embedmeeting',
|
// 'embedmeeting',
|
||||||
// 'etherpad',
|
// 'etherpad',
|
||||||
|
@ -599,11 +634,11 @@ var config = {
|
||||||
// 'fullscreen',
|
// 'fullscreen',
|
||||||
// 'hangup',
|
// 'hangup',
|
||||||
// 'help',
|
// 'help',
|
||||||
|
// 'highlight',
|
||||||
// 'invite',
|
// 'invite',
|
||||||
|
// 'linktosalesforce',
|
||||||
// 'livestreaming',
|
// 'livestreaming',
|
||||||
// 'microphone',
|
// 'microphone',
|
||||||
// 'mute-everyone',
|
|
||||||
// 'mute-video-everyone',
|
|
||||||
// 'participants-pane',
|
// 'participants-pane',
|
||||||
// 'profile',
|
// 'profile',
|
||||||
// 'raisehand',
|
// 'raisehand',
|
||||||
|
@ -617,6 +652,7 @@ var config = {
|
||||||
// 'stats',
|
// 'stats',
|
||||||
// 'tileview',
|
// 'tileview',
|
||||||
// 'toggle-camera',
|
// 'toggle-camera',
|
||||||
|
// 'undock-iframe',
|
||||||
// 'videoquality',
|
// 'videoquality',
|
||||||
// '__end'
|
// '__end'
|
||||||
// ],
|
// ],
|
||||||
|
@ -631,7 +667,9 @@ var config = {
|
||||||
// timeout: 4000,
|
// timeout: 4000,
|
||||||
// // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
|
// // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
|
||||||
// // Whether toolbar should be always visible or should hide after x miliseconds.
|
// // Whether toolbar should be always visible or should hide after x miliseconds.
|
||||||
// alwaysVisible: false
|
// alwaysVisible: false,
|
||||||
|
// // Indicates whether the toolbar should still autohide when chat is open
|
||||||
|
// autoHideWhileChatIsOpen: false
|
||||||
// },
|
// },
|
||||||
|
|
||||||
// Toolbar buttons which have their click/tap event exposed through the API on
|
// Toolbar buttons which have their click/tap event exposed through the API on
|
||||||
|
@ -740,11 +778,25 @@ var config = {
|
||||||
// Enables sending participants' emails (if available) to callstats and other analytics
|
// Enables sending participants' emails (if available) to callstats and other analytics
|
||||||
// enableEmailInStats: false,
|
// enableEmailInStats: false,
|
||||||
|
|
||||||
// Enables detecting faces of participants and get their expression and send it to other participants
|
// faceLandmarks: {
|
||||||
// enableFacialRecognition: true,
|
// // Enables sharing your face coordinates. Used for centering faces within a video.
|
||||||
|
// enableFaceCentering: false,
|
||||||
|
|
||||||
// Enables displaying facial expressions in speaker stats
|
// // Enables detecting face expressions and sharing data with other participants
|
||||||
// enableDisplayFacialExpressions: true,
|
// enableFaceExpressionsDetection: false,
|
||||||
|
|
||||||
|
// // Enables displaying face expressions in speaker stats
|
||||||
|
// enableDisplayFaceExpressions: false,
|
||||||
|
|
||||||
|
// // Enable rtc stats for face landmarks
|
||||||
|
// enableRTCStats: false,
|
||||||
|
|
||||||
|
// // Minimum required face movement percentage threshold for sending new face centering coordinates data.
|
||||||
|
// faceCenteringThreshold: 10,
|
||||||
|
|
||||||
|
// // Milliseconds for processing a new image capture in order to detect face coordinates if they exist.
|
||||||
|
// captureInterval: 1000
|
||||||
|
// },
|
||||||
|
|
||||||
// Controls the percentage of automatic feedback shown to participants when callstats is enabled.
|
// Controls the percentage of automatic feedback shown to participants when callstats is enabled.
|
||||||
// The default value is 100%. If set to 0, no automatic feedback will be requested
|
// The default value is 100%. If set to 0, no automatic feedback will be requested
|
||||||
|
@ -897,33 +949,22 @@ var config = {
|
||||||
// chromeExtensionBanner: {
|
// chromeExtensionBanner: {
|
||||||
// // The chrome extension to be installed address
|
// // The chrome extension to be installed address
|
||||||
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||||
|
// edgeUrl: 'https://microsoftedge.microsoft.com/addons/detail/jitsi-meetings/eeecajlpbgjppibfledfihobcabccihn',
|
||||||
|
|
||||||
// // Extensions info which allows checking if they are installed or not
|
// // Extensions info which allows checking if they are installed or not
|
||||||
// chromeExtensionsInfo: [
|
// chromeExtensionsInfo: [
|
||||||
// {
|
// {
|
||||||
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||||
// path: 'jitsi-logo-48x48.png'
|
// path: 'jitsi-logo-48x48.png'
|
||||||
|
// },
|
||||||
|
// // Edge extension info
|
||||||
|
// {
|
||||||
|
// id: 'eeecajlpbgjppibfledfihobcabccihn',
|
||||||
|
// path: 'jitsi-logo-48x48.png'
|
||||||
// }
|
// }
|
||||||
// ]
|
// ]
|
||||||
// },
|
// },
|
||||||
|
|
||||||
// Local Recording
|
|
||||||
//
|
|
||||||
|
|
||||||
// localRecording: {
|
|
||||||
// Enables local recording.
|
|
||||||
// Additionally, 'localrecording' (all lowercase) needs to be added to
|
|
||||||
// the `toolbarButtons`-array for the Local Recording button to show up
|
|
||||||
// on the toolbar.
|
|
||||||
//
|
|
||||||
// enabled: true,
|
|
||||||
//
|
|
||||||
|
|
||||||
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
|
|
||||||
// format: 'flac'
|
|
||||||
//
|
|
||||||
|
|
||||||
// },
|
|
||||||
// e2ee: {
|
// e2ee: {
|
||||||
// labels,
|
// labels,
|
||||||
// externallyManagedKey: false
|
// externallyManagedKey: false
|
||||||
|
@ -931,14 +972,18 @@ var config = {
|
||||||
|
|
||||||
// Options related to end-to-end (participant to participant) ping.
|
// Options related to end-to-end (participant to participant) ping.
|
||||||
// e2eping: {
|
// e2eping: {
|
||||||
// // The interval in milliseconds at which pings will be sent.
|
// // Whether ene-to-end pings should be enabled.
|
||||||
// // Defaults to 10000, set to <= 0 to disable.
|
// enabled: false,
|
||||||
// pingInterval: 10000,
|
|
||||||
//
|
//
|
||||||
// // The interval in milliseconds at which analytics events
|
// // The number of responses to wait for.
|
||||||
// // with the measured RTT will be sent. Defaults to 60000, set
|
// numRequests: 5,
|
||||||
// // to <= 0 to disable.
|
//
|
||||||
// analyticsInterval: 60000,
|
// // The max conference size in which e2e pings will be sent.
|
||||||
|
// maxConferenceSize: 200,
|
||||||
|
//
|
||||||
|
// // The maximum number of e2e ping messages per second for the whole conference to aim for.
|
||||||
|
// // This is used to contol the pacing of messages in order to reduce the load on the backend.
|
||||||
|
// maxMessagesPerSecond: 250
|
||||||
// },
|
// },
|
||||||
|
|
||||||
// If set, will attempt to use the provided video input device label when
|
// If set, will attempt to use the provided video input device label when
|
||||||
|
@ -965,7 +1010,8 @@ var config = {
|
||||||
// Disables all invite functions from the app (share, invite, dial out...etc)
|
// Disables all invite functions from the app (share, invite, dial out...etc)
|
||||||
// disableInviteFunctions: true,
|
// disableInviteFunctions: true,
|
||||||
|
|
||||||
// Disables storing the room name to the recents list
|
// Disables storing the room name to the recents list. When in an iframe this is ignored and
|
||||||
|
// the room is never stored in the recents list.
|
||||||
// doNotStoreRoom: true,
|
// doNotStoreRoom: true,
|
||||||
|
|
||||||
// Deployment specific URLs.
|
// Deployment specific URLs.
|
||||||
|
@ -980,12 +1026,25 @@ var config = {
|
||||||
|
|
||||||
// Options related to the remote participant menu.
|
// Options related to the remote participant menu.
|
||||||
// remoteVideoMenu: {
|
// remoteVideoMenu: {
|
||||||
|
// // Whether the remote video context menu to be rendered or not.
|
||||||
|
// disabled: true,
|
||||||
// // If set to true the 'Kick out' button will be disabled.
|
// // If set to true the 'Kick out' button will be disabled.
|
||||||
// disableKick: true,
|
// disableKick: true,
|
||||||
// // If set to true the 'Grant moderator' button will be disabled.
|
// // If set to true the 'Grant moderator' button will be disabled.
|
||||||
// disableGrantModerator: true
|
// disableGrantModerator: true,
|
||||||
|
// // If set to true the 'Send private message' button will be disabled.
|
||||||
|
// disablePrivateChat: true
|
||||||
// },
|
// },
|
||||||
|
|
||||||
|
// Endpoint that enables support for salesforce integration with in-meeting resource linking
|
||||||
|
// This is required for:
|
||||||
|
// listing the most recent records - salesforceUrl/records/recents
|
||||||
|
// searching records - salesforceUrl/records?text=${text}
|
||||||
|
// retrieving record details - salesforceUrl/records/${id}?type=${type}
|
||||||
|
// and linking the meeting - salesforceUrl/sessions/${sessionId}/records/${id}
|
||||||
|
//
|
||||||
|
// salesforceUrl: 'https://api.example.com/',
|
||||||
|
|
||||||
// If set to true all muting operations of remote participants will be disabled.
|
// If set to true all muting operations of remote participants will be disabled.
|
||||||
// disableRemoteMute: true,
|
// disableRemoteMute: true,
|
||||||
|
|
||||||
|
@ -1049,10 +1108,22 @@ var config = {
|
||||||
*/
|
*/
|
||||||
// dynamicBrandingUrl: '',
|
// dynamicBrandingUrl: '',
|
||||||
|
|
||||||
|
// Options related to the participants pane.
|
||||||
|
// participantsPane: {
|
||||||
|
// // Hides the moderator settings tab.
|
||||||
|
// hideModeratorSettingsTab: false,
|
||||||
|
// // Hides the more actions button.
|
||||||
|
// hideMoreActionsButton: false,
|
||||||
|
// // Hides the mute all button.
|
||||||
|
// hideMuteAllButton: false
|
||||||
|
// },
|
||||||
|
|
||||||
// Options related to the breakout rooms feature.
|
// Options related to the breakout rooms feature.
|
||||||
// breakoutRooms: {
|
// breakoutRooms: {
|
||||||
// // Hides the add breakout room button. This replaces `hideAddRoomButton`.
|
// // Hides the add breakout room button. This replaces `hideAddRoomButton`.
|
||||||
// hideAddRoomButton: false,
|
// hideAddRoomButton: false,
|
||||||
|
// // Hides the auto assign participants button.
|
||||||
|
// hideAutoAssignButton: false,
|
||||||
// // Hides the join breakout room button.
|
// // Hides the join breakout room button.
|
||||||
// hideJoinRoomButton: false
|
// hideJoinRoomButton: false
|
||||||
// },
|
// },
|
||||||
|
@ -1083,7 +1154,7 @@ var config = {
|
||||||
// If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
|
// If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
|
||||||
// conferenceInfo: {
|
// conferenceInfo: {
|
||||||
// // those labels will not be hidden in tandem with the toolbox.
|
// // those labels will not be hidden in tandem with the toolbox.
|
||||||
// alwaysVisible: ['recording', 'local-recording', 'raised-hands-count'],
|
// alwaysVisible: ['recording', 'raised-hands-count'],
|
||||||
// // those labels will be auto-hidden in tandem with the toolbox buttons.
|
// // those labels will be auto-hidden in tandem with the toolbox buttons.
|
||||||
// autoHide: [
|
// autoHide: [
|
||||||
// 'subject',
|
// 'subject',
|
||||||
|
@ -1092,7 +1163,8 @@ var config = {
|
||||||
// 'e2ee',
|
// 'e2ee',
|
||||||
// 'transcribing',
|
// 'transcribing',
|
||||||
// 'video-quality',
|
// 'video-quality',
|
||||||
// 'insecure-room'
|
// 'insecure-room',
|
||||||
|
// 'highlight-moment'
|
||||||
// ]
|
// ]
|
||||||
// },
|
// },
|
||||||
|
|
||||||
|
@ -1126,14 +1198,24 @@ var config = {
|
||||||
// will open an etherpad document.
|
// will open an etherpad document.
|
||||||
// etherpad_base: 'https://your-etherpad-installati.on/p/',
|
// etherpad_base: 'https://your-etherpad-installati.on/p/',
|
||||||
|
|
||||||
|
// To enable information about dial-in access to meetings you need to provide
|
||||||
|
// dialInNumbersUrl and dialInConfCodeUrl.
|
||||||
|
// dialInNumbersUrl returns a json array of numbers that can be used for dial-in.
|
||||||
|
// {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"}
|
||||||
|
// dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
|
||||||
|
// or the other way around (more info in resources/cloud-api.swagger)
|
||||||
|
//
|
||||||
|
// For JaaS customers the default values are:
|
||||||
|
// dialInNumbersUrl: 'https://conference-mapper.jitsi.net/v1/access/dids',
|
||||||
|
// dialInConfCodeUrl: 'https://conference-mapper.jitsi.net/v1/access',
|
||||||
|
//
|
||||||
|
|
||||||
// List of undocumented settings used in jitsi-meet
|
// List of undocumented settings used in jitsi-meet
|
||||||
/**
|
/**
|
||||||
_immediateReloadThreshold
|
_immediateReloadThreshold
|
||||||
debug
|
debug
|
||||||
debugAudioLevels
|
debugAudioLevels
|
||||||
deploymentInfo
|
deploymentInfo
|
||||||
dialInConfCodeUrl
|
|
||||||
dialInNumbersUrl
|
|
||||||
dialOutAuthUrl
|
dialOutAuthUrl
|
||||||
dialOutCodesUrl
|
dialOutCodesUrl
|
||||||
disableRemoteControl
|
disableRemoteControl
|
||||||
|
@ -1218,7 +1300,6 @@ var config = {
|
||||||
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
|
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
|
||||||
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
|
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
|
||||||
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
|
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
|
||||||
// 'localRecording.localRecording', // shown when a local recording is started
|
|
||||||
// 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
|
// 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
|
||||||
// 'notify.disconnected', // shown when a participant has left
|
// 'notify.disconnected', // shown when a participant has left
|
||||||
// 'notify.connectedOneMember', // show when a participant joined
|
// 'notify.connectedOneMember', // show when a participant joined
|
||||||
|
@ -1232,6 +1313,7 @@ var config = {
|
||||||
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
|
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
|
||||||
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited
|
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited
|
||||||
// 'notify.kickParticipant', // shown when a participant is kicked
|
// 'notify.kickParticipant', // shown when a participant is kicked
|
||||||
|
// 'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration
|
||||||
// 'notify.moderationStartedTitle', // shown when AV moderation is activated
|
// 'notify.moderationStartedTitle', // shown when AV moderation is activated
|
||||||
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
|
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
|
||||||
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
|
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
|
||||||
|
@ -1247,6 +1329,7 @@ var config = {
|
||||||
// 'notify.raisedHand', // shown when a partcipant used raise hand,
|
// 'notify.raisedHand', // shown when a partcipant used raise hand,
|
||||||
// 'notify.startSilentTitle', // shown when user joined with no audio
|
// 'notify.startSilentTitle', // shown when user joined with no audio
|
||||||
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation
|
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation
|
||||||
|
// 'notify.hostAskedUnmute', // shown to participant when host asks them to unmute
|
||||||
// 'prejoin.errorDialOut',
|
// 'prejoin.errorDialOut',
|
||||||
// 'prejoin.errorDialOutDisconnected',
|
// 'prejoin.errorDialOutDisconnected',
|
||||||
// 'prejoin.errorDialOutFailed',
|
// 'prejoin.errorDialOutFailed',
|
||||||
|
@ -1262,6 +1345,9 @@ var config = {
|
||||||
// 'transcribing.failedToStart' // shown when transcribing fails to start
|
// 'transcribing.failedToStart' // shown when transcribing fails to start
|
||||||
// ],
|
// ],
|
||||||
|
|
||||||
|
// List of notifications to be disabled. Works in tandem with the above setting.
|
||||||
|
// disabledNotifications: [],
|
||||||
|
|
||||||
// Prevent the filmstrip from autohiding when screen width is under a certain threshold
|
// Prevent the filmstrip from autohiding when screen width is under a certain threshold
|
||||||
// disableFilmstripAutohiding: false,
|
// disableFilmstripAutohiding: false,
|
||||||
|
|
||||||
|
@ -1269,12 +1355,37 @@ var config = {
|
||||||
// // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
|
// // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
|
||||||
// // (width, tiles aspect ratios) through the interfaceConfig options.
|
// // (width, tiles aspect ratios) through the interfaceConfig options.
|
||||||
// disableResizable: false,
|
// disableResizable: false,
|
||||||
// }
|
|
||||||
|
|
||||||
|
// // Disables the stage filmstrip
|
||||||
|
// // (displaying multiple participants on stage besides the vertical filmstrip)
|
||||||
|
// disableStageFilmstrip: false
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Tile view related config options.
|
||||||
|
// tileView: {
|
||||||
|
// // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may
|
||||||
|
// // not be possible to show the exact number of participants specified here.
|
||||||
|
// numberOfVisibleTiles: 25
|
||||||
|
// },
|
||||||
|
|
||||||
// Specifies whether the chat emoticons are disabled or not
|
// Specifies whether the chat emoticons are disabled or not
|
||||||
// disableChatSmileys: false,
|
// disableChatSmileys: false,
|
||||||
|
|
||||||
|
// Settings for the GIPHY integration.
|
||||||
|
// giphy: {
|
||||||
|
// // Whether the feature is enabled or not.
|
||||||
|
// enabled: false,
|
||||||
|
// // SDK API Key from Giphy.
|
||||||
|
// sdkKey: '',
|
||||||
|
// // Display mode can be one of:
|
||||||
|
// // - tile: show the GIF on the tile of the participant that sent it.
|
||||||
|
// // - chat: show the GIF as a message in chat
|
||||||
|
// // - all: all of the above. This is the default option
|
||||||
|
// displayMode: 'all',
|
||||||
|
// // How long the GIF should be displayed on the tile (in miliseconds).
|
||||||
|
// tileTime: 5000
|
||||||
|
// },
|
||||||
|
|
||||||
// Allow all above example options to include a trailing comma and
|
// Allow all above example options to include a trailing comma and
|
||||||
// prevent fear when commenting out the last value.
|
// prevent fear when commenting out the last value.
|
||||||
makeJsonParserHappy: 'even if last key had a trailing comma'
|
makeJsonParserHappy: 'even if last key had a trailing comma'
|
||||||
|
|
|
@ -20,7 +20,7 @@ JITSI_INTERFACE_CONFIG_JS="$(cat <<EOF
|
||||||
*/
|
*/
|
||||||
|
|
||||||
var interfaceConfig = {
|
var interfaceConfig = {
|
||||||
APP_NAME: 'Jitsi Meet',
|
APP_NAME: '${BRANDING_APP_NAME}',
|
||||||
AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
|
AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
|
||||||
AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
|
AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
|
||||||
|
|
||||||
|
|
1
type/__jitsi_meet_domain/files/jitsi-version
Normal file
1
type/__jitsi_meet_domain/files/jitsi-version
Normal file
|
@ -0,0 +1 @@
|
||||||
|
2.0.7439-1
|
|
@ -10,6 +10,17 @@ JITSI_NGINX_CONFIG="$(cat <<EOF
|
||||||
## nginx's default mime.types doesn't include a mapping for wasm
|
## nginx's default mime.types doesn't include a mapping for wasm
|
||||||
# application/wasm wasm;
|
# application/wasm wasm;
|
||||||
#}
|
#}
|
||||||
|
# These upstreams are managed by __jitsi_meet
|
||||||
|
#upstream prosody {
|
||||||
|
# zone upstreams 64K;
|
||||||
|
# server 127.0.0.1:5280;
|
||||||
|
# keepalive 2;
|
||||||
|
#}
|
||||||
|
#upstream jvb1 {
|
||||||
|
# zone upstreams 64K;
|
||||||
|
# server 127.0.0.1:9090;
|
||||||
|
# keepalive 2;
|
||||||
|
#}
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
@ -91,33 +102,48 @@ server {
|
||||||
expires 1y;
|
expires 1y;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
# Paths for jsi / interpreters
|
||||||
|
location ~ ^/i/(img/[^./]*.png|jsi.js|style.css)$
|
||||||
|
{
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
alias /opt/jsi/static/\$1;
|
||||||
|
|
||||||
|
# cache all versioned files
|
||||||
|
if (\$arg_v) {
|
||||||
|
expires 1y;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
location ~ ^/i/
|
||||||
|
{
|
||||||
|
try_files /${DOMAIN}-interpreters.html /interpreters.html \$uri;
|
||||||
|
}
|
||||||
|
|
||||||
# BOSH
|
# BOSH
|
||||||
location = /http-bind {
|
location = /http-bind {
|
||||||
# We are using 127.0.0.1, because we are not specifying a resolver
|
proxy_pass http://prosody/http-bind?prefix=\$prefix&\$args;
|
||||||
# otherwise nginx will fail to resolve 'localhost'
|
proxy_http_version 1.1;
|
||||||
proxy_pass http://127.0.0.1:5280/http-bind?prefix=\$prefix&\$args;
|
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||||
# Prevision for 'multi-domain' jitsi instances
|
# Prevision for 'multi-domain' jitsi instances
|
||||||
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
|
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
|
||||||
proxy_set_header Host ${JITSI_HOST};
|
proxy_set_header Host ${DOMAIN};
|
||||||
|
proxy_set_header Connection "";
|
||||||
}
|
}
|
||||||
|
|
||||||
# xmpp websockets
|
# xmpp websockets
|
||||||
location = /xmpp-websocket {
|
location = /xmpp-websocket {
|
||||||
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=\$prefix&\$args;
|
proxy_pass http://prosody/xmpp-websocket?prefix=\$prefix&\$args;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade \$http_upgrade;
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
# Prevision for 'multi-domain' jitsi instances
|
# Prevision for 'multi-domain' jitsi instances
|
||||||
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
|
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
|
||||||
proxy_set_header Host ${JITSI_HOST};
|
proxy_set_header Host ${DOMAIN};
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
}
|
}
|
||||||
|
|
||||||
# colibri (JVB) websockets for jvb1
|
# colibri (JVB) websockets for jvb1
|
||||||
location ~ ^/colibri-ws/default-id/(.*) {
|
location ~ ^/colibri-ws/default-id/(.*) {
|
||||||
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/\$1\$is_args\$args;
|
proxy_pass http://jvb1/colibri-ws/default-id/\$1\$is_args\$args;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade \$http_upgrade;
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
|
@ -4,6 +4,16 @@ types {
|
||||||
# nginx's default mime.types doesn't include a mapping for wasm
|
# nginx's default mime.types doesn't include a mapping for wasm
|
||||||
application/wasm wasm;
|
application/wasm wasm;
|
||||||
}
|
}
|
||||||
|
upstream prosody {
|
||||||
|
zone upstreams 64K;
|
||||||
|
server 127.0.0.1:5280;
|
||||||
|
keepalive 2;
|
||||||
|
}
|
||||||
|
upstream jvb1 {
|
||||||
|
zone upstreams 64K;
|
||||||
|
server 127.0.0.1:9090;
|
||||||
|
keepalive 2;
|
||||||
|
}
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
@ -77,14 +87,16 @@ server {
|
||||||
|
|
||||||
# BOSH
|
# BOSH
|
||||||
location = /http-bind {
|
location = /http-bind {
|
||||||
proxy_pass http://127.0.0.1:5280/http-bind?prefix=$prefix&$args;
|
proxy_pass http://prosody/http-bind?prefix=$prefix&$args;
|
||||||
|
proxy_http_version 1.1;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header Connection "";
|
||||||
}
|
}
|
||||||
|
|
||||||
# xmpp websockets
|
# xmpp websockets
|
||||||
location = /xmpp-websocket {
|
location = /xmpp-websocket {
|
||||||
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
|
proxy_pass http://prosody/xmpp-websocket?prefix=$prefix&$args;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
|
@ -94,7 +106,7 @@ server {
|
||||||
|
|
||||||
# colibri (JVB) websockets for jvb1
|
# colibri (JVB) websockets for jvb1
|
||||||
location ~ ^/colibri-ws/default-id/(.*) {
|
location ~ ^/colibri-ws/default-id/(.*) {
|
||||||
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
|
proxy_pass http://jvb1/colibri-ws/default-id/$1$is_args$args;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
228
type/__jitsi_meet_domain/files/prosody.cfg.lua.sh
Normal file
228
type/__jitsi_meet_domain/files/prosody.cfg.lua.sh
Normal file
|
@ -0,0 +1,228 @@
|
||||||
|
#!/bin/sh -eu
|
||||||
|
|
||||||
|
# Source:
|
||||||
|
# https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example
|
||||||
|
FOCUS_USER="focus"
|
||||||
|
JITSI_DOMAIN="${JITSI_DOMAIN:-${JITSI_HOST:?}}"
|
||||||
|
# PROSODY_MAIN_CONFIG: defined in __jitsi_meet, empty in __jitsi_meet_domain
|
||||||
|
PROSODY_SECUREDOMAIN_START="--[["
|
||||||
|
PROSODY_SECUREDOMAIN_END="--]]"
|
||||||
|
if [ -n "${PROSODY_MAIN_CONFIG}" ]; then
|
||||||
|
PROSODY_MAIN_START=""
|
||||||
|
PROSODY_MAIN_END=""
|
||||||
|
PROSODY_DOMAIN_START="--[["
|
||||||
|
PROSODY_DOMAIN_END="--]]"
|
||||||
|
else
|
||||||
|
PROSODY_MAIN_START="--[["
|
||||||
|
PROSODY_MAIN_END="--]]"
|
||||||
|
PROSODY_DOMAIN_START=""
|
||||||
|
PROSODY_DOMAIN_END=""
|
||||||
|
if [ -n "${SECURED_DOMAINS}" ]; then
|
||||||
|
PROSODY_SECUREDOMAIN_START=""
|
||||||
|
PROSODY_SECUREDOMAIN_END=""
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
# Websockets haven't been fully tested in this type and don't work reliably
|
||||||
|
PROSODY_WEBSOCKET="-- "
|
||||||
|
|
||||||
|
# shellcheck disable=SC2034 # This is intended to be included
|
||||||
|
PROSODY_CONFIG="$(cat <<EOFPROSODY
|
||||||
|
-- Managed remotely, changes will be lost
|
||||||
|
${PROSODY_MAIN_START}
|
||||||
|
-- This will be managed by __jitsi_meet
|
||||||
|
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
||||||
|
|
||||||
|
-- domain mapper options, must at least have domain base set to use the mapper
|
||||||
|
muc_mapper_domain_base = "${JITSI_HOST:?}";
|
||||||
|
|
||||||
|
external_service_secret = "${TURN_SECRET:-TurnSecret}";
|
||||||
|
external_services = {
|
||||||
|
{ type = "stun", host = "${JITSI_HOST:?}", port = 3478 },
|
||||||
|
{ type = "turn", host = "${JITSI_HOST:?}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
|
||||||
|
{ type = "turns", host = "${JITSI_HOST:?}", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
|
||||||
|
};
|
||||||
|
|
||||||
|
cross_domain_bosh = false;
|
||||||
|
consider_bosh_secure = true;
|
||||||
|
-- Use websockets
|
||||||
|
-- https://community.jitsi.org/t/how-to-how-to-enable-websockets-xmpp-websocket-and-smacks-for-prosody/87920
|
||||||
|
${PROSODY_WEBSOCKET}consider_websocket_secure = true;
|
||||||
|
|
||||||
|
-- https_ports = { }; -- Remove this line to prevent listening on port 5284
|
||||||
|
|
||||||
|
-- by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1)
|
||||||
|
--http_cors_override = {
|
||||||
|
-- bosh = {
|
||||||
|
-- enabled = false;
|
||||||
|
-- };
|
||||||
|
-- websocket = {
|
||||||
|
-- enabled = false;
|
||||||
|
-- };
|
||||||
|
--}
|
||||||
|
|
||||||
|
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
||||||
|
ssl = {
|
||||||
|
protocol = "tlsv1_2+";
|
||||||
|
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
|
||||||
|
}
|
||||||
|
|
||||||
|
unlimited_jids = {
|
||||||
|
"${FOCUS_USER:?}@auth.${JITSI_HOST:?}",
|
||||||
|
"jvb@auth.${JITSI_HOST:?}"
|
||||||
|
}
|
||||||
|
${PROSODY_MAIN_END}
|
||||||
|
|
||||||
|
${PROSODY_DOMAIN_START}
|
||||||
|
-- This will be managed by __jitsi_meet_domain
|
||||||
|
VirtualHost "${JITSI_DOMAIN:?}"
|
||||||
|
-- enabled = false -- Remove this line to enable this host
|
||||||
|
authentication = "anonymous"
|
||||||
|
-- Properties below are modified by jitsi-meet-tokens package config
|
||||||
|
-- and authentication above is switched to "token"
|
||||||
|
--app_id="example_app_id"
|
||||||
|
--app_secret="example_app_secret"
|
||||||
|
-- Assign this host a certificate for TLS, otherwise it would use the one
|
||||||
|
-- set in the global section (if any).
|
||||||
|
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
||||||
|
-- use the global one.
|
||||||
|
ssl = {
|
||||||
|
key = "/etc/prosody/certs/${JITSI_DOMAIN:?}.key";
|
||||||
|
certificate = "/etc/prosody/certs/${JITSI_DOMAIN:?}.crt";
|
||||||
|
}
|
||||||
|
av_moderation_component = "avmoderation.${JITSI_DOMAIN:?}"
|
||||||
|
speakerstats_component = "speakerstats.${JITSI_DOMAIN:?}"
|
||||||
|
conference_duration_component = "conferenceduration.${JITSI_DOMAIN:?}"
|
||||||
|
-- we need bosh
|
||||||
|
modules_enabled = {
|
||||||
|
"bosh";
|
||||||
|
"pubsub";
|
||||||
|
"ping"; -- Enable mod_ping
|
||||||
|
"speakerstats";
|
||||||
|
"external_services";
|
||||||
|
"conference_duration";
|
||||||
|
"muc_lobby_rooms";
|
||||||
|
"muc_breakout_rooms";
|
||||||
|
"av_moderation";
|
||||||
|
${PROSODY_WEBSOCKET} "websocket";
|
||||||
|
${PROSODY_WEBSOCKET} "smacks";
|
||||||
|
}
|
||||||
|
smacks_max_unacked_stanzas = 5;
|
||||||
|
smacks_hibernation_time = 60;
|
||||||
|
smacks_max_hibernated_sessions = 1;
|
||||||
|
smacks_max_old_sessions = 1;
|
||||||
|
c2s_require_encryption = false
|
||||||
|
lobby_muc = "lobby.${JITSI_DOMAIN:?}"
|
||||||
|
breakout_rooms_muc = "breakout.${JITSI_DOMAIN:?}"
|
||||||
|
main_muc = "conference.${JITSI_DOMAIN:?}"
|
||||||
|
-- muc_lobby_whitelist = { "recorder.${JITSI_DOMAIN:?}" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
||||||
|
|
||||||
|
Component "conference.${JITSI_DOMAIN:?}" "muc"
|
||||||
|
restrict_room_creation = true
|
||||||
|
storage = "memory"
|
||||||
|
modules_enabled = {
|
||||||
|
"muc_meeting_id";
|
||||||
|
"muc_domain_mapper";
|
||||||
|
"polls";
|
||||||
|
--"token_verification";
|
||||||
|
"muc_rate_limit";
|
||||||
|
}
|
||||||
|
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}" }
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
|
Component "breakout.${JITSI_DOMAIN:?}" "muc"
|
||||||
|
restrict_room_creation = true
|
||||||
|
storage = "memory"
|
||||||
|
modules_enabled = {
|
||||||
|
"muc_meeting_id";
|
||||||
|
"muc_domain_mapper";
|
||||||
|
--"token_verification";
|
||||||
|
"muc_rate_limit";
|
||||||
|
"polls";
|
||||||
|
}
|
||||||
|
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}" }
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
|
-- internal muc component
|
||||||
|
Component "internal.auth.${JITSI_DOMAIN:?}" "muc"
|
||||||
|
storage = "memory"
|
||||||
|
modules_enabled = {
|
||||||
|
"ping";
|
||||||
|
}
|
||||||
|
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}", "jvb@auth.${JITSI_HOST:?}" }
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
-- https://prosody.im/doc/modules/mod_muc
|
||||||
|
muc_room_cache_size = 1000
|
||||||
|
${PROSODY_DOMAIN_END}
|
||||||
|
${PROSODY_MAIN_START}
|
||||||
|
-- This will be managed by __jitsi_meet
|
||||||
|
|
||||||
|
VirtualHost "auth.${JITSI_DOMAIN:?}"
|
||||||
|
ssl = {
|
||||||
|
key = "/etc/prosody/certs/auth.${JITSI_DOMAIN:?}.key";
|
||||||
|
certificate = "/etc/prosody/certs/auth.${JITSI_DOMAIN:?}.crt";
|
||||||
|
}
|
||||||
|
|
||||||
|
modules_enabled = {
|
||||||
|
"limits_exception";
|
||||||
|
}
|
||||||
|
authentication = "internal_hashed"
|
||||||
|
${PROSODY_MAIN_END}
|
||||||
|
${PROSODY_DOMAIN_START}
|
||||||
|
-- This will be managed by __jitsi_meet_domain
|
||||||
|
|
||||||
|
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
|
||||||
|
Component "focus.${JITSI_DOMAIN:?}" "client_proxy"
|
||||||
|
-- Single focus user for the whole instance
|
||||||
|
target_address = "${FOCUS_USER:?}@auth.${JITSI_HOST:?}"
|
||||||
|
|
||||||
|
Component "speakerstats.${JITSI_DOMAIN:?}" "speakerstats_component"
|
||||||
|
muc_component = "conference.${JITSI_DOMAIN:?}"
|
||||||
|
|
||||||
|
Component "conferenceduration.${JITSI_DOMAIN:?}" "conference_duration_component"
|
||||||
|
muc_component = "conference.${JITSI_DOMAIN:?}"
|
||||||
|
|
||||||
|
Component "avmoderation.${JITSI_DOMAIN:?}" "av_moderation_component"
|
||||||
|
muc_component = "conference.${JITSI_DOMAIN:?}"
|
||||||
|
|
||||||
|
Component "lobby.${JITSI_DOMAIN:?}" "muc"
|
||||||
|
storage = "memory"
|
||||||
|
restrict_room_creation = true
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
modules_enabled = {
|
||||||
|
"muc_rate_limit";
|
||||||
|
"polls";
|
||||||
|
}
|
||||||
|
${PROSODY_DOMAIN_END}
|
||||||
|
|
||||||
|
--[[
|
||||||
|
-- Enables dial-in for Jitsi meet components customers
|
||||||
|
-- Note: make sure you have the following packages installed: lua-basexx, liblua5.3-dev, libssl-dev, luarocks
|
||||||
|
-- and execute $ sudo luarocks install luajwtjitsi 3.0-0
|
||||||
|
VirtualHost "jigasi.meet.jitsi"
|
||||||
|
enabled = false -- Jitsi meet components customers remove this line
|
||||||
|
modules_enabled = {
|
||||||
|
"ping";
|
||||||
|
"bosh";
|
||||||
|
}
|
||||||
|
authentication = "token"
|
||||||
|
app_id = "jitsi";
|
||||||
|
asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
|
||||||
|
asap_accepted_issuers = { "jaas-components" }
|
||||||
|
asap_accepted_audiences = { "jigasi.jitmeet.example.com" }
|
||||||
|
--]]
|
||||||
|
|
||||||
|
${PROSODY_SECUREDOMAIN_START}
|
||||||
|
-- Only used on secured domains
|
||||||
|
VirtualHost "${JITSI_DOMAIN}"
|
||||||
|
authentication = "internal_plain"
|
||||||
|
|
||||||
|
VirtualHost "guest.${JITSI_DOMAIN}"
|
||||||
|
authentication = "anonymous"
|
||||||
|
c2s_require_encryption = false
|
||||||
|
${PROSODY_SECUREDOMAIN_END}
|
||||||
|
EOFPROSODY
|
||||||
|
)"
|
154
type/__jitsi_meet_domain/files/prosody.cfg.lua.sh.orig
Normal file
154
type/__jitsi_meet_domain/files/prosody.cfg.lua.sh.orig
Normal file
|
@ -0,0 +1,154 @@
|
||||||
|
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
||||||
|
|
||||||
|
-- domain mapper options, must at least have domain base set to use the mapper
|
||||||
|
muc_mapper_domain_base = "jitmeet.example.com";
|
||||||
|
|
||||||
|
external_service_secret = "__turnSecret__";
|
||||||
|
external_services = {
|
||||||
|
{ type = "stun", host = "jitmeet.example.com", port = 3478 },
|
||||||
|
{ type = "turn", host = "jitmeet.example.com", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
|
||||||
|
{ type = "turns", host = "jitmeet.example.com", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
|
||||||
|
};
|
||||||
|
|
||||||
|
cross_domain_bosh = false;
|
||||||
|
consider_bosh_secure = true;
|
||||||
|
-- https_ports = { }; -- Remove this line to prevent listening on port 5284
|
||||||
|
|
||||||
|
-- by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1)
|
||||||
|
--http_cors_override = {
|
||||||
|
-- bosh = {
|
||||||
|
-- enabled = false;
|
||||||
|
-- };
|
||||||
|
-- websocket = {
|
||||||
|
-- enabled = false;
|
||||||
|
-- };
|
||||||
|
--}
|
||||||
|
|
||||||
|
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
||||||
|
ssl = {
|
||||||
|
protocol = "tlsv1_2+";
|
||||||
|
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
|
||||||
|
}
|
||||||
|
|
||||||
|
unlimited_jids = {
|
||||||
|
"focusUser@auth.jitmeet.example.com",
|
||||||
|
"jvb@auth.jitmeet.example.com"
|
||||||
|
}
|
||||||
|
|
||||||
|
VirtualHost "jitmeet.example.com"
|
||||||
|
-- enabled = false -- Remove this line to enable this host
|
||||||
|
authentication = "anonymous"
|
||||||
|
-- Properties below are modified by jitsi-meet-tokens package config
|
||||||
|
-- and authentication above is switched to "token"
|
||||||
|
--app_id="example_app_id"
|
||||||
|
--app_secret="example_app_secret"
|
||||||
|
-- Assign this host a certificate for TLS, otherwise it would use the one
|
||||||
|
-- set in the global section (if any).
|
||||||
|
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
||||||
|
-- use the global one.
|
||||||
|
ssl = {
|
||||||
|
key = "/etc/prosody/certs/jitmeet.example.com.key";
|
||||||
|
certificate = "/etc/prosody/certs/jitmeet.example.com.crt";
|
||||||
|
}
|
||||||
|
av_moderation_component = "avmoderation.jitmeet.example.com"
|
||||||
|
speakerstats_component = "speakerstats.jitmeet.example.com"
|
||||||
|
conference_duration_component = "conferenceduration.jitmeet.example.com"
|
||||||
|
-- we need bosh
|
||||||
|
modules_enabled = {
|
||||||
|
"bosh";
|
||||||
|
"pubsub";
|
||||||
|
"ping"; -- Enable mod_ping
|
||||||
|
"speakerstats";
|
||||||
|
"external_services";
|
||||||
|
"conference_duration";
|
||||||
|
"muc_lobby_rooms";
|
||||||
|
"muc_breakout_rooms";
|
||||||
|
"av_moderation";
|
||||||
|
}
|
||||||
|
c2s_require_encryption = false
|
||||||
|
lobby_muc = "lobby.jitmeet.example.com"
|
||||||
|
breakout_rooms_muc = "breakout.jitmeet.example.com"
|
||||||
|
main_muc = "conference.jitmeet.example.com"
|
||||||
|
-- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
||||||
|
|
||||||
|
Component "conference.jitmeet.example.com" "muc"
|
||||||
|
restrict_room_creation = true
|
||||||
|
storage = "memory"
|
||||||
|
modules_enabled = {
|
||||||
|
"muc_meeting_id";
|
||||||
|
"muc_domain_mapper";
|
||||||
|
"polls";
|
||||||
|
--"token_verification";
|
||||||
|
"muc_rate_limit";
|
||||||
|
}
|
||||||
|
admins = { "focusUser@auth.jitmeet.example.com" }
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
|
Component "breakout.jitmeet.example.com" "muc"
|
||||||
|
restrict_room_creation = true
|
||||||
|
storage = "memory"
|
||||||
|
modules_enabled = {
|
||||||
|
"muc_meeting_id";
|
||||||
|
"muc_domain_mapper";
|
||||||
|
--"token_verification";
|
||||||
|
"muc_rate_limit";
|
||||||
|
"polls";
|
||||||
|
}
|
||||||
|
admins = { "focusUser@auth.jitmeet.example.com" }
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
|
-- internal muc component
|
||||||
|
Component "internal.auth.jitmeet.example.com" "muc"
|
||||||
|
storage = "memory"
|
||||||
|
modules_enabled = {
|
||||||
|
"ping";
|
||||||
|
}
|
||||||
|
admins = { "focusUser@auth.jitmeet.example.com", "jvb@auth.jitmeet.example.com" }
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
|
VirtualHost "auth.jitmeet.example.com"
|
||||||
|
modules_enabled = {
|
||||||
|
"limits_exception";
|
||||||
|
}
|
||||||
|
authentication = "internal_hashed"
|
||||||
|
|
||||||
|
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
|
||||||
|
Component "focus.jitmeet.example.com" "client_proxy"
|
||||||
|
target_address = "focusUser@auth.jitmeet.example.com"
|
||||||
|
|
||||||
|
Component "speakerstats.jitmeet.example.com" "speakerstats_component"
|
||||||
|
muc_component = "conference.jitmeet.example.com"
|
||||||
|
|
||||||
|
Component "conferenceduration.jitmeet.example.com" "conference_duration_component"
|
||||||
|
muc_component = "conference.jitmeet.example.com"
|
||||||
|
|
||||||
|
Component "avmoderation.jitmeet.example.com" "av_moderation_component"
|
||||||
|
muc_component = "conference.jitmeet.example.com"
|
||||||
|
|
||||||
|
Component "lobby.jitmeet.example.com" "muc"
|
||||||
|
storage = "memory"
|
||||||
|
restrict_room_creation = true
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
modules_enabled = {
|
||||||
|
"muc_rate_limit";
|
||||||
|
"polls";
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Enables dial-in for Jitsi meet components customers
|
||||||
|
-- Note: make sure you have the following packages installed: lua-basexx, liblua5.3-dev, libssl-dev, luarocks
|
||||||
|
-- and execute $ sudo luarocks install luajwtjitsi 3.0-0
|
||||||
|
VirtualHost "jigasi.meet.jitsi"
|
||||||
|
enabled = false -- Jitsi meet components customers remove this line
|
||||||
|
modules_enabled = {
|
||||||
|
"ping";
|
||||||
|
"bosh";
|
||||||
|
}
|
||||||
|
authentication = "token"
|
||||||
|
app_id = "jitsi";
|
||||||
|
asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
|
||||||
|
asap_accepted_issuers = { "jaas-components" }
|
||||||
|
asap_accepted_audiences = { "jigasi.jitmeet.example.com" }
|
|
@ -11,14 +11,24 @@ DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
This type installs and configures the frontend for Jitsi-Meet.
|
This type installs and configures the frontend for Jitsi-Meet.
|
||||||
|
|
||||||
This supports "multi-domain" installations, notice that in such a setup, all
|
Additionally to regular Jitsi-Meet, users can load `DOMAIN/i/` and
|
||||||
rooms are shared across the different URLs, e.g.
|
`DOMAIN/i/ROOM` for an interpreter-enabled interface; this is done with a
|
||||||
https://jitsi1.example.org/room1 and https://jitsi2.example.org/room1 are
|
patched version of Jitsi Simultaneous Interpretation (jsi; see references).
|
||||||
equivalent.
|
At least a user with `interpreter` in their name must be present.
|
||||||
|
|
||||||
|
|
||||||
|
This type supports "multi-domain" installations.
|
||||||
|
|
||||||
|
New in April 2022: rooms are independent for each domain, that is:
|
||||||
|
https://jitsi1.example.org/room1 and https://jitsi2.example.org/room1 are
|
||||||
|
different rooms.
|
||||||
|
Note however, that right now if using secured domains, users are still shared
|
||||||
|
across any domains hosted in the same instance.
|
||||||
|
One way to work around that could be to run multiple jicofos, but we do not
|
||||||
|
want to bloat the servers.
|
||||||
|
A better way is to patch jicofo, get in touch with the type authors if you want
|
||||||
|
the gory details.
|
||||||
|
|
||||||
This is due to the underlying XMPP and signaling rooms being common.
|
|
||||||
There might be a way to perform tricks on the Nginx-side to avoid this, but
|
|
||||||
time is lacking :-).
|
|
||||||
|
|
||||||
This assumes `__jitsi_meet` has already been ran on the target host, and,
|
This assumes `__jitsi_meet` has already been ran on the target host, and,
|
||||||
amongst others, that Jitsi was set up with `__target_host` as the Jitsi domain.
|
amongst others, that Jitsi was set up with `__target_host` as the Jitsi domain.
|
||||||
|
@ -41,6 +51,11 @@ admin-email
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
analytics-settings
|
||||||
|
This goes inside the `analytics` part of `config.js`.
|
||||||
|
Defaults to: `disabled: true`.
|
||||||
|
See: https://github.com/jitsi/jitsi-meet/blob/master/config.js
|
||||||
|
|
||||||
channel-last-n
|
channel-last-n
|
||||||
Default value for the "last N" attribute.
|
Default value for the "last N" attribute.
|
||||||
Defaults to 20. Set to -1 for unlimited.
|
Defaults to 20. Set to -1 for unlimited.
|
||||||
|
@ -78,6 +93,15 @@ video-constraints
|
||||||
It must not have a trailing comma, see `constraints` in
|
It must not have a trailing comma, see `constraints` in
|
||||||
`__jitsi_meet_domain/files/config.js.sh`.
|
`__jitsi_meet_domain/files/config.js.sh`.
|
||||||
|
|
||||||
|
branding-app-name
|
||||||
|
This will change `Jitsi Meet` in many places to the brand you desire.
|
||||||
|
Defaults to `Jitsi Meet`.
|
||||||
|
|
||||||
|
branding-extra-body
|
||||||
|
This must be valid HTML, it will be included server-side and delivered to
|
||||||
|
clients alongside the default `index.html`.
|
||||||
|
This is useful if you would rather not replace the whole `index`, but
|
||||||
|
still want the chance to do some heavier branding / add instructions / etc.
|
||||||
|
|
||||||
branding-json
|
branding-json
|
||||||
Path to a JSON file that will be served as the `dynamicBrandingUrl`.
|
Path to a JSON file that will be served as the `dynamicBrandingUrl`.
|
||||||
|
@ -85,14 +109,12 @@ branding-json
|
||||||
`__jitsi_meet_domain/files/config.js.sh`.
|
`__jitsi_meet_domain/files/config.js.sh`.
|
||||||
If not set, no branding will be set up.
|
If not set, no branding will be set up.
|
||||||
|
|
||||||
|
|
||||||
branding-index
|
branding-index
|
||||||
Path to an HTML file that will be served instead of Jitsi-Meet's default
|
Path to an HTML file that will be served instead of Jitsi-Meet's default
|
||||||
one.
|
one.
|
||||||
If not set, the default index file will be used.
|
If not set, the default index file will be used.
|
||||||
If set to `-`, the type's standard input will be used.
|
If set to `-`, the type's standard input will be used.
|
||||||
|
|
||||||
|
|
||||||
branding-watermark
|
branding-watermark
|
||||||
Path to a png file that will be served instead of Jitsi-Meet's default
|
Path to a png file that will be served instead of Jitsi-Meet's default
|
||||||
one.
|
one.
|
||||||
|
@ -147,6 +169,7 @@ SEE ALSO
|
||||||
--------
|
--------
|
||||||
- `__jitsi_meet(7)`
|
- `__jitsi_meet(7)`
|
||||||
- `__jitsi_meet_user(7)`
|
- `__jitsi_meet_user(7)`
|
||||||
|
- Jitsi Meet Simultaneous Interpretation: https://gitlab.com/mfmt/jsi
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
|
|
|
@ -18,6 +18,8 @@ NOTICE_MESSAGE="$(cat "${__object}/parameter/notice-message")"
|
||||||
START_VIDEO_MUTED="$(cat "${__object}/parameter/start-video-muted")"
|
START_VIDEO_MUTED="$(cat "${__object}/parameter/start-video-muted")"
|
||||||
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
|
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
|
||||||
VIDEO_CONSTRAINTS="$(cat "${__object}/parameter/video-constraints")"
|
VIDEO_CONSTRAINTS="$(cat "${__object}/parameter/video-constraints")"
|
||||||
|
ANALYTICS_SETTINGS="$(cat "${__object}/parameter/analytics-settings")"
|
||||||
|
BRANDING_APP_NAME="$(cat "${__object}/parameter/branding-app-name")"
|
||||||
BRANDING_INDEX="$(cat "${__object}/parameter/branding-index")"
|
BRANDING_INDEX="$(cat "${__object}/parameter/branding-index")"
|
||||||
BRANDING_JSON="$(cat "${__object}/parameter/branding-json")"
|
BRANDING_JSON="$(cat "${__object}/parameter/branding-json")"
|
||||||
BRANDING_WATERMARK="$(cat "${__object}/parameter/branding-watermark")"
|
BRANDING_WATERMARK="$(cat "${__object}/parameter/branding-watermark")"
|
||||||
|
@ -130,3 +132,43 @@ __file "/usr/share/jitsi-meet/images/watermark-${DOMAIN}.png" \
|
||||||
--mode 0644 \
|
--mode 0644 \
|
||||||
--state "$(_var_state "${BRANDING_WATERMARK}")" \
|
--state "$(_var_state "${BRANDING_WATERMARK}")" \
|
||||||
--source "${BRANDING_WATERMARK}"
|
--source "${BRANDING_WATERMARK}"
|
||||||
|
# Simple body customisation
|
||||||
|
__file "/usr/share/jitsi-meet/body-${DOMAIN}.html" \
|
||||||
|
--mode 0644 \
|
||||||
|
--state "$(_var_state "${STATE}")" \
|
||||||
|
--source "${__object}/parameter/branding-extra-body"
|
||||||
|
|
||||||
|
#
|
||||||
|
# Take care of prosody settings for the domain
|
||||||
|
#
|
||||||
|
JITSI_DOMAIN="${DOMAIN}"
|
||||||
|
# Prosody settings for common components (jvb, focus, ...)
|
||||||
|
# shellcheck source=type/__jitsi_meet_domain/files/prosody.cfg.lua.sh
|
||||||
|
. "${__type}/files/prosody.cfg.lua.sh" # This defines PROSODY_CONFIG
|
||||||
|
__file "/etc/prosody/conf.avail/${DOMAIN}.cfg.lua" \
|
||||||
|
--group prosody \
|
||||||
|
--mode 0440 \
|
||||||
|
--state "${STATE}" \
|
||||||
|
--source '-' <<EOF
|
||||||
|
${PROSODY_CONFIG}
|
||||||
|
EOF
|
||||||
|
__link "/etc/prosody/conf.d/${DOMAIN}.cfg.lua" \
|
||||||
|
--source "/etc/prosody/conf.avail/${DOMAIN}.cfg.lua" \
|
||||||
|
--state "${STATE}" \
|
||||||
|
--type symbolic
|
||||||
|
|
||||||
|
if [ "${STATE}" = "present" ]; then
|
||||||
|
export require="${require} __file/etc/prosody/conf.avail/${DOMAIN}.cfg.lua __link/etc/prosody/conf.d/${DOMAIN}.cfg.lua"
|
||||||
|
__check_messages "prosody/${DOMAIN}" \
|
||||||
|
--pattern '^(__file|__link)/etc/prosody/conf[.](avail|d)/' \
|
||||||
|
--execute "$(cat <<EOF
|
||||||
|
if [ ! -f "/var/lib/prosody/${DOMAIN}.crt" ]; then
|
||||||
|
echo | prosodyctl cert generate '${DOMAIN}';
|
||||||
|
ln -sf '/var/lib/prosody/${DOMAIN}.key' '/etc/prosody/certs/${DOMAIN}.key'
|
||||||
|
ln -sf '/var/lib/prosody/${DOMAIN}.crt' '/etc/prosody/certs/${DOMAIN}.crt'
|
||||||
|
fi
|
||||||
|
# Surprisingly, a reload is not enough
|
||||||
|
service prosody restart
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
fi
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
disabled: true
|
|
@ -0,0 +1 @@
|
||||||
|
Jitsi Meet
|
|
@ -1,10 +1,13 @@
|
||||||
|
analytics-settings
|
||||||
channel-last-n
|
channel-last-n
|
||||||
default-language
|
default-language
|
||||||
notice-message
|
notice-message
|
||||||
start-video-muted
|
start-video-muted
|
||||||
turn-server
|
turn-server
|
||||||
video-constraints
|
video-constraints
|
||||||
|
branding-app-name
|
||||||
branding-json
|
branding-json
|
||||||
branding-index
|
branding-index
|
||||||
|
branding-extra-body
|
||||||
branding-watermark
|
branding-watermark
|
||||||
state
|
state
|
||||||
|
|
10
type/__single_binary_service/explorer/explorer-version
Executable file
10
type/__single_binary_service/explorer/explorer-version
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
BIN_PREFIX="/usr/local/bin"
|
||||||
|
SERVICE_NAME="${__object_id}"
|
||||||
|
|
||||||
|
VERSION_FILE="${BIN_PREFIX}/.${SERVICE_NAME}.cdist.version"
|
||||||
|
|
||||||
|
if [ -f "${VERSION_FILE}" ]; then
|
||||||
|
cat "${VERSION_FILE}"
|
||||||
|
fi
|
190
type/__single_binary_service/man.rst
Normal file
190
type/__single_binary_service/man.rst
Normal file
|
@ -0,0 +1,190 @@
|
||||||
|
cdist-type__single_binary_service(7)
|
||||||
|
====================================
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
cdist-type__single_binary_service - Setup a single-binary service
|
||||||
|
|
||||||
|
|
||||||
|
DESCRIPTION
|
||||||
|
-----------
|
||||||
|
This type is designed to easily deploy and configure a single-binary service
|
||||||
|
named `${__object_id}`.
|
||||||
|
|
||||||
|
A good example of this are Prometheus exporters.
|
||||||
|
|
||||||
|
This type makes certain assumptions that might not be correct on your system.
|
||||||
|
If you need more flexibility, please get in touch and provide a use-case
|
||||||
|
(and hopefully a backwards-compatible patch).
|
||||||
|
|
||||||
|
This type will place the downloaded binary and, if requested, other extra
|
||||||
|
binaries in `/usr/local/bin`.
|
||||||
|
|
||||||
|
If a `--config-file-source` is provided, it will be placed under:
|
||||||
|
`/etc/${__object_id}.conf`.
|
||||||
|
|
||||||
|
This type supports services managed by `__runit(7)` when `systemd` is not
|
||||||
|
the init system being used.
|
||||||
|
|
||||||
|
|
||||||
|
REQUIRED PARAMETERS
|
||||||
|
-------------------
|
||||||
|
checksum
|
||||||
|
This will be passed verbatim to `__download(7)`.
|
||||||
|
Use something like `sha256:...`.
|
||||||
|
|
||||||
|
url
|
||||||
|
This will be passed verbatim to `__download(7)`.
|
||||||
|
|
||||||
|
version
|
||||||
|
This type will use a thumbstone file with a "version" number to track
|
||||||
|
whether or not a service must be updated.
|
||||||
|
This thumbstone file is placed under
|
||||||
|
`/usr/local/bin/.${__object_id}.cdist.version`.
|
||||||
|
|
||||||
|
|
||||||
|
BOOLEAN PARAMETERS
|
||||||
|
------------------
|
||||||
|
unpack
|
||||||
|
If present, the contents of `--url` will be treated as an archive to be
|
||||||
|
unpacked with `__unpack(7)`.
|
||||||
|
See also `--unpack-args` and `--extra-binary`.
|
||||||
|
|
||||||
|
do-not-manage-user
|
||||||
|
Always considered present when `--user` is `root`.
|
||||||
|
If present, the user in `--user` will not be managed by this type with
|
||||||
|
`__user`, this means it *must* exist beforehand when installing the service
|
||||||
|
and it will not be removed by this type.
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONAL PARAMETERS
|
||||||
|
-------------------
|
||||||
|
config-file-source
|
||||||
|
If present, this file's contents will be placed under
|
||||||
|
`/etc/${__object_id}.conf` with permissions `0440` and ownership assigned to
|
||||||
|
`--user` and `--group`.
|
||||||
|
If `-` is passed, this type's `stdin` will be used.
|
||||||
|
|
||||||
|
user
|
||||||
|
The user under which the service will run. Defaults to `root`.
|
||||||
|
If this user is not `root` and `--do-not-manage-user` is not present,
|
||||||
|
this user will be created or removed as per the `--state` parameter.
|
||||||
|
|
||||||
|
user-home-dir
|
||||||
|
Does not have an effect if `--do-not-manage-user` is used or `--user` is
|
||||||
|
`root`.
|
||||||
|
The home directory of the service user. It will be created.
|
||||||
|
Defaults to `/nonexistent`, in this case the home directory will not be
|
||||||
|
created.
|
||||||
|
|
||||||
|
group
|
||||||
|
The group under which the service will run. Defaults to `--user`.
|
||||||
|
|
||||||
|
state
|
||||||
|
Whether the service is to be `present` (default) or `absent`.
|
||||||
|
When `absent`, this type will clean any binaries listed in `--extra-binary`
|
||||||
|
and also the config file as described in `--config-file-source`.
|
||||||
|
|
||||||
|
binary
|
||||||
|
This will be the binary name. Defaults to `${__object_id}`.
|
||||||
|
If `--unpack` is used, a binary with this name must be unpacked.
|
||||||
|
Otherwise, the contents of `--url` will be placed under this binary name.
|
||||||
|
|
||||||
|
service-args
|
||||||
|
Any extra arguments to pass along with `--service-exec`. Beware that any
|
||||||
|
service-args having the format `--config=/etc/foo.cfg` should be
|
||||||
|
represented in the following way `--service-exec='--config=/etc/foo.cfg'`
|
||||||
|
|
||||||
|
service-exec
|
||||||
|
The executable to use for this service.
|
||||||
|
Defaults to `/usr/local/bin/BINARY_NAME` where `BINARY_NAME` is the
|
||||||
|
resulting value of `--binary`.
|
||||||
|
|
||||||
|
service-definition
|
||||||
|
The service definition to be used as an override.
|
||||||
|
Note that this type decides dinammically between runit and systemd, and
|
||||||
|
you can currently only define either a systemd unit or a runit script here.
|
||||||
|
Use this parameter only for testing and get in touch to discuss how your
|
||||||
|
particular use-case can be supported by the type.
|
||||||
|
|
||||||
|
service-description
|
||||||
|
The service description to be used in, e.g. the systemd unit file.
|
||||||
|
Defaults to `cdist-managed '${__object_id}' service`.
|
||||||
|
|
||||||
|
unpack-args
|
||||||
|
Only has an effect if `--unpack` is used.
|
||||||
|
These arguments will be passed verbatim to `__unpack(7)`.
|
||||||
|
Very useful as this type assumes the archive does not have the binaries in
|
||||||
|
subdirectories; that can be worked around with
|
||||||
|
`--unpack-args '--tar-strip 1'`.
|
||||||
|
|
||||||
|
unpack-extension
|
||||||
|
Only has an effect if `--unpack` is used.
|
||||||
|
The file extension of the file to unpack, defaults to `.tar.gz`.
|
||||||
|
|
||||||
|
working-directory
|
||||||
|
If set, the working directory with which the service will be started.
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONAL MULTIPLE PARAMETERS
|
||||||
|
----------------------------
|
||||||
|
extra-binary
|
||||||
|
Only useful with `--unpack`.
|
||||||
|
If passed, these binaries will also be installed when `--state` is `present`
|
||||||
|
and removed when `--state` is `absent`.
|
||||||
|
Handle with care :-).
|
||||||
|
|
||||||
|
|
||||||
|
EXAMPLES
|
||||||
|
--------
|
||||||
|
|
||||||
|
.. code-block:: sh
|
||||||
|
|
||||||
|
# Install and enable the ipmi_exporter service
|
||||||
|
# The variables are defined in the manifest previously
|
||||||
|
__single_binary_service ipmi_exporter \
|
||||||
|
--user "${USER}" \
|
||||||
|
--service-args ' --config.file=/etc/ipmi_exporter.conf' \
|
||||||
|
--version "${SHOULD_VERSION}" \
|
||||||
|
--checksum "${CHECKSUM}" \
|
||||||
|
--url "${DOWNLOAD_URL}" \
|
||||||
|
--state "present" \
|
||||||
|
--unpack \
|
||||||
|
--unpack-args "--tar-strip 1" \
|
||||||
|
--config-file-source '-' <<-EOF
|
||||||
|
# Remotely managed, changes will be lost
|
||||||
|
# [...] config contents goes here
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Remove the ipmi_exporter service along with the user and its config
|
||||||
|
__single_binary_service ipmi_exporter \
|
||||||
|
--user "${USER}" \
|
||||||
|
--version "${SHOULD_VERSION}" \
|
||||||
|
--checksum "${CHECKSUM}" \
|
||||||
|
--url "${DOWNLOAD_URL}" \
|
||||||
|
--state "absent"
|
||||||
|
|
||||||
|
# Same, but the service was using my user! Let's not delete that!
|
||||||
|
__single_binary_service ipmi_exporter \
|
||||||
|
--user "evilham" \
|
||||||
|
--do-not-manage-user \
|
||||||
|
--version "${SHOULD_VERSION}" \
|
||||||
|
--checksum "${CHECKSUM}" \
|
||||||
|
--url "${DOWNLOAD_URL}" \
|
||||||
|
--state "absent"
|
||||||
|
|
||||||
|
|
||||||
|
SEE ALSO
|
||||||
|
--------
|
||||||
|
- `__download(7)`
|
||||||
|
- `__unpack(7)`
|
||||||
|
|
||||||
|
|
||||||
|
AUTHORS
|
||||||
|
-------
|
||||||
|
Evilham <contact@evilham.com>
|
||||||
|
|
||||||
|
|
||||||
|
COPYING
|
||||||
|
-------
|
||||||
|
Copyright \(C) 2022 Evilham.
|
288
type/__single_binary_service/manifest
Executable file
288
type/__single_binary_service/manifest
Executable file
|
@ -0,0 +1,288 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
SERVICE_NAME="${__object_id}"
|
||||||
|
|
||||||
|
OS="$(cat "${__global}/explorer/os")"
|
||||||
|
|
||||||
|
case "${OS}" in
|
||||||
|
debian|devuan)
|
||||||
|
SUPER_USER_GROUP=root
|
||||||
|
ETC_DIR="/etc"
|
||||||
|
;;
|
||||||
|
*bsd)
|
||||||
|
SUPER_USER_GROUP=wheel
|
||||||
|
ETC_DIR="/usr/local/etc"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Your OS '${OS}' is currently not supported." >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
INIT="$(cat "${__global}/explorer/init")"
|
||||||
|
|
||||||
|
case "${INIT}" in
|
||||||
|
systemd)
|
||||||
|
service_definition_require="__systemd_unit/${SERVICE_NAME}.service"
|
||||||
|
service_command="service ${SERVICE_NAME} %s"
|
||||||
|
;;
|
||||||
|
runit|sysvinit)
|
||||||
|
# We will use runit to manage these services
|
||||||
|
__runit
|
||||||
|
export require="__runit"
|
||||||
|
service_definition_require="__runit_service/${SERVICE_NAME}"
|
||||||
|
service_command="sv %s ${SERVICE_NAME}"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Init system ${INIT}' is currently not supported." >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
BIN_DIR="/usr/local/bin"
|
||||||
|
|
||||||
|
# Ensure the target bin dir exists
|
||||||
|
# Care, we never want to remove it :-D
|
||||||
|
__directory "${BIN_DIR}" \
|
||||||
|
--state "exists" \
|
||||||
|
--mode 0755
|
||||||
|
export require="${require} __directory${BIN_DIR}"
|
||||||
|
|
||||||
|
STATE="$(cat "${__object}/parameter/state")"
|
||||||
|
USER="$(cat "${__object}/parameter/user")"
|
||||||
|
GROUP="$(cat "${__object}/parameter/group" 2>/dev/null || true)"
|
||||||
|
if [ -z "${GROUP}" ]; then
|
||||||
|
if [ "${USER}" != "root" ]; then
|
||||||
|
GROUP="${USER}"
|
||||||
|
else
|
||||||
|
GROUP="${SUPER_USER_GROUP}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
BINARY="$(cat "${__object}/parameter/binary" 2>/dev/null || true)"
|
||||||
|
if [ -z "${BINARY}" ]; then
|
||||||
|
BINARY="${SERVICE_NAME}"
|
||||||
|
fi
|
||||||
|
EXTRA_BINARIES="$(cat "${__object}/parameter/extra-binary" 2>/dev/null || true)"
|
||||||
|
# This only makes sense for file archives
|
||||||
|
if [ -n "${EXTRA_BINARIES}" ] && [ -f "${__object}/parameter/unpack" ]; then
|
||||||
|
cat >&2 <<-EOF
|
||||||
|
You cannot specify extra binaries without the --unpack argument.
|
||||||
|
Make sure that the --url argument points to a file archive.
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
|
SERVICE_EXEC="$(cat "${__object}/parameter/service-exec" 2>/dev/null || true)"
|
||||||
|
if [ -z "${SERVICE_EXEC}" ]; then
|
||||||
|
SERVICE_EXEC="${BIN_DIR}/${BINARY}"
|
||||||
|
fi
|
||||||
|
SERVICE_ARGS="$(cat "${__object}/parameter/service-args")"
|
||||||
|
SERVICE_EXEC="${SERVICE_EXEC} ${SERVICE_ARGS}"
|
||||||
|
|
||||||
|
SERVICE_DESCRIPTION="$(cat "${__object}/parameter/service-description" \
|
||||||
|
2>/dev/null || true)"
|
||||||
|
if [ -z "${SERVICE_DESCRIPTION}" ]; then
|
||||||
|
SERVICE_DESCRIPTION="cdist-managed '${SERVICE_NAME}' service"
|
||||||
|
fi
|
||||||
|
|
||||||
|
SERVICE_DEFINITION="$(cat "${__object}/parameter/service-definition" 2>/dev/null || true)"
|
||||||
|
|
||||||
|
WORKING_DIRECTORY_PATH="$(cat "${__object}/parameter/working-directory" 2>/dev/null || true)"
|
||||||
|
if [ -n "${WORKING_DIRECTORY_PATH}" ]; then
|
||||||
|
WORKING_DIRECTORY_SYSTEMD="WorkingDirectory=${WORKING_DIRECTORY_PATH}"
|
||||||
|
WORKING_DIRECTORY_RUNIT="cd '${WORKING_DIRECTORY_PATH}'"
|
||||||
|
fi
|
||||||
|
|
||||||
|
DOWNLOAD_URL="$(cat "${__object}/parameter/url")"
|
||||||
|
CHECKSUM="$(cat "${__object}/parameter/checksum")"
|
||||||
|
SHOULD_VERSION="$(cat "${__object}/parameter/version")"
|
||||||
|
|
||||||
|
# Create a user for the service if it is not root
|
||||||
|
USER_HOME_DIR="/root"
|
||||||
|
if [ "${USER}" != "root" ] && \
|
||||||
|
[ ! -f "${__object}/parameter/do-not-manage-user" ]; then
|
||||||
|
if [ "${STATE}" = "absent" ]; then
|
||||||
|
# When removing, ensure user is not being used
|
||||||
|
user_require="${service_definition_require}"
|
||||||
|
fi
|
||||||
|
USER_HOME_DIR="$(cat "${__object}/parameter/user-home-dir")"
|
||||||
|
if [ "${USER_HOME_DIR}" != "/nonexistent" ]; then
|
||||||
|
USER_CREATE_HOME="--create-home"
|
||||||
|
fi
|
||||||
|
require="${require} ${user_require}" __user "${USER}" \
|
||||||
|
--system \
|
||||||
|
--state "${STATE}" \
|
||||||
|
--home "${USER_HOME_DIR}" \
|
||||||
|
--comment "cdist-managed ${SERVICE_NAME} user" \
|
||||||
|
${USER_CREATE_HOME}
|
||||||
|
# Track dependencies
|
||||||
|
service_require="${service_require} __user/${USER}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Place config file if necessary
|
||||||
|
CONFIG_FILE_DEST="${ETC_DIR}/${SERVICE_NAME}.conf"
|
||||||
|
CONFIG_FILE_SOURCE="$(cat "${__object}/parameter/config-file-source" 2>/dev/null || true)"
|
||||||
|
if [ "${CONFIG_FILE_SOURCE}" = "-" ]; then
|
||||||
|
CONFIG_FILE_SOURCE="${__object}/stdin"
|
||||||
|
fi
|
||||||
|
if [ -n "${CONFIG_FILE_SOURCE}" ] && [ "${STATE}" = "present" ]; then
|
||||||
|
require="${require} __user/${USER}" __file \
|
||||||
|
"${CONFIG_FILE_DEST}" \
|
||||||
|
--owner "${USER}" \
|
||||||
|
--group "${GROUP}" \
|
||||||
|
--mode "0440" \
|
||||||
|
--source "${CONFIG_FILE_SOURCE}"
|
||||||
|
service_require="${service_require} __file${CONFIG_FILE_DEST}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# This should setup the object in $service_definition_require
|
||||||
|
# See above.
|
||||||
|
case "${INIT}" in
|
||||||
|
systemd)
|
||||||
|
if [ -z "${SERVICE_DEFINITION}" ]; then
|
||||||
|
SERVICE_DEFINITION="$(cat <<EOF
|
||||||
|
[Unit]
|
||||||
|
Description=${SERVICE_DESCRIPTION}
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
|
||||||
|
User=${USER}
|
||||||
|
Group=${GROUP}
|
||||||
|
ExecStart=${SERVICE_EXEC}
|
||||||
|
Restart=always
|
||||||
|
${WORKING_DIRECTORY_SYSTEMD}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
fi
|
||||||
|
__systemd_unit "${SERVICE_NAME}.service" \
|
||||||
|
--source "-" \
|
||||||
|
--state "${STATE}" \
|
||||||
|
--enablement-state "enabled" <<EOF
|
||||||
|
${SERVICE_DEFINITION}
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
runit|sysvinit)
|
||||||
|
if [ -z "${SERVICE_DEFINITION}" ]; then
|
||||||
|
SERVICE_DEFINITION="$(cat <<EOF
|
||||||
|
#!/bin/sh -e
|
||||||
|
${WORKING_DIRECTORY_RUNIT}
|
||||||
|
export HOME="\$(getent passwd '${USER}' | cut -d: -f6)"
|
||||||
|
export USER="${USER}"
|
||||||
|
export GROUP="${GROUP}"
|
||||||
|
exec chpst -u "${USER}:${GROUP}" ${SERVICE_EXEC}
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
fi
|
||||||
|
__runit_service "${SERVICE_NAME}" \
|
||||||
|
--state "${STATE}" \
|
||||||
|
--log \
|
||||||
|
--source - <<EOF
|
||||||
|
${SERVICE_DEFINITION}
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
service_require="${service_require} ${service_definition_require}"
|
||||||
|
|
||||||
|
# Proceed after user and service description have been prepared
|
||||||
|
export require="${require} ${service_require}"
|
||||||
|
|
||||||
|
VERSION_FILE="${BIN_DIR}/.${SERVICE_NAME}.cdist.version"
|
||||||
|
IS_VERSION="$(cat "${__object}/explorer/explorer-version")"
|
||||||
|
|
||||||
|
|
||||||
|
if [ "${STATE}" = "absent" ]; then
|
||||||
|
# Perform cleanup of generated files
|
||||||
|
for bin_file in ${BINARY} ${EXTRA_BINARIES}; do
|
||||||
|
__file "${BIN_DIR}/${bin_file}" --state "absent"
|
||||||
|
done
|
||||||
|
__file "${VERSION_FILE}" --state "absent"
|
||||||
|
__file "${CONFIG_FILE_DEST}" --state "absent"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${STATE}" != "present" ]; then
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
sv_cmd() {
|
||||||
|
# This is intentional
|
||||||
|
# shellcheck disable=SC2059
|
||||||
|
printf "${service_command}" "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "${SHOULD_VERSION}" != "${IS_VERSION}" ]; then
|
||||||
|
# We are installing the service and there has been a version change
|
||||||
|
# (or it is first-time install)
|
||||||
|
TMP_PATH="/tmp/${SERVICE_NAME}-${SHOULD_VERSION}"
|
||||||
|
|
||||||
|
# This is what will stop the service, replace the binaries and
|
||||||
|
# start the service again
|
||||||
|
perform_service_upgrade="$(cat <<EOF
|
||||||
|
$(sv_cmd stop) || true
|
||||||
|
if [ -f '${TMP_PATH}' ]; then
|
||||||
|
chown root:${SUPER_USER_GROUP} '${TMP_PATH}'
|
||||||
|
chmod 0555 '${TMP_PATH}'
|
||||||
|
cp -af '${TMP_PATH}' '${BIN_DIR}/${BINARY}'
|
||||||
|
else
|
||||||
|
for bin_file in ${BINARY} ${EXTRA_BINARIES}; do
|
||||||
|
bin_path="${TMP_PATH}/\${bin_file}"
|
||||||
|
chown root:${SUPER_USER_GROUP} "\${bin_path}"
|
||||||
|
chmod 0555 "\${bin_path}"
|
||||||
|
cp -af "\${bin_path}" "${BIN_DIR}/\${bin_file}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
$(sv_cmd start) || true
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
||||||
|
if [ -f "${__object}/parameter/unpack" ]; then
|
||||||
|
UNPACK_EXTENSION="$(cat "${__object}/parameter/unpack-extension")"
|
||||||
|
UNPACK_ARGS="$(cat "${__object}/parameter/unpack-args" \
|
||||||
|
2>/dev/null || true)"
|
||||||
|
# Download packed file
|
||||||
|
__download "${TMP_PATH}${UNPACK_EXTENSION}" \
|
||||||
|
--url "${DOWNLOAD_URL}" \
|
||||||
|
--download remote \
|
||||||
|
--sum "${CHECKSUM}"
|
||||||
|
|
||||||
|
# Unpack file and also perform service upgrade
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
require="__download${TMP_PATH}${UNPACK_EXTENSION}" \
|
||||||
|
__unpack "${TMP_PATH}${UNPACK_EXTENSION}" \
|
||||||
|
${UNPACK_ARGS} \
|
||||||
|
--destination "${TMP_PATH}"
|
||||||
|
version_bump_require="__unpack${TMP_PATH}${UNPACK_EXTENSION}"
|
||||||
|
else
|
||||||
|
# Create temp directory
|
||||||
|
__directory "${TMP_PATH}"
|
||||||
|
# Download binary directoy to the temp directory with the
|
||||||
|
# specified binary name
|
||||||
|
require="__directory${TMP_PATH}" __download \
|
||||||
|
"${TMP_PATH}/${BINARY}" \
|
||||||
|
--url "${DOWNLOAD_URL}" \
|
||||||
|
--download remote \
|
||||||
|
--sum "${CHECKSUM}"
|
||||||
|
version_bump_require="__download${TMP_PATH}/${BINARY}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Perform update of cdist-managed version file
|
||||||
|
# And also perform service upgrade
|
||||||
|
# This is a bug if service_upgrade fails >,<
|
||||||
|
printf "%s" "${SHOULD_VERSION}" | \
|
||||||
|
require="${version_bump_require}" __file \
|
||||||
|
"${VERSION_FILE}" \
|
||||||
|
--onchange "${perform_service_upgrade}" \
|
||||||
|
--source "-"
|
||||||
|
else
|
||||||
|
# We only restart here if there was a config change
|
||||||
|
# but there was not a version change
|
||||||
|
require="${service_require}" __check_messages \
|
||||||
|
"single_binary_service_${__object_id}" \
|
||||||
|
--pattern "^__file${CONFIG_FILE_DEST}" \
|
||||||
|
--execute "$(sv_cmd restart)"
|
||||||
|
fi
|
2
type/__single_binary_service/parameter/boolean
Normal file
2
type/__single_binary_service/parameter/boolean
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
do-not-manage-user
|
||||||
|
unpack
|
1
type/__single_binary_service/parameter/default/state
Normal file
1
type/__single_binary_service/parameter/default/state
Normal file
|
@ -0,0 +1 @@
|
||||||
|
present
|
|
@ -0,0 +1 @@
|
||||||
|
.tar.gz
|
1
type/__single_binary_service/parameter/default/user
Normal file
1
type/__single_binary_service/parameter/default/user
Normal file
|
@ -0,0 +1 @@
|
||||||
|
root
|
|
@ -0,0 +1 @@
|
||||||
|
/nonexistent
|
13
type/__single_binary_service/parameter/optional
Normal file
13
type/__single_binary_service/parameter/optional
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
config-file-source
|
||||||
|
user
|
||||||
|
group
|
||||||
|
state
|
||||||
|
binary
|
||||||
|
service-args
|
||||||
|
service-exec
|
||||||
|
service-description
|
||||||
|
service-definition
|
||||||
|
unpack-extension
|
||||||
|
unpack-args
|
||||||
|
user-home-dir
|
||||||
|
working-directory
|
1
type/__single_binary_service/parameter/optional_multiple
Normal file
1
type/__single_binary_service/parameter/optional_multiple
Normal file
|
@ -0,0 +1 @@
|
||||||
|
extra-binary
|
3
type/__single_binary_service/parameter/required
Normal file
3
type/__single_binary_service/parameter/required
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
url
|
||||||
|
checksum
|
||||||
|
version
|
|
@ -38,7 +38,8 @@ install-key-to
|
||||||
Installation path of the certificate's private key.
|
Installation path of the certificate's private key.
|
||||||
|
|
||||||
renew-hook
|
renew-hook
|
||||||
Renew hook executed on certificate renewal (e.g. `service nginx reload`).
|
Renew hook executed on certificate renewal (e.g. `service nginx reload`, `-`
|
||||||
|
for the standard input).
|
||||||
|
|
||||||
force-cert-ownership-to
|
force-cert-ownership-to
|
||||||
Override default ownership for TLS certificate, passed as argument to chown.
|
Override default ownership for TLS certificate, passed as argument to chown.
|
||||||
|
|
|
@ -109,8 +109,12 @@ export CERT_TARGET
|
||||||
RENEW_HOOK=
|
RENEW_HOOK=
|
||||||
if [ -f "${__object:?}/parameter/renew-hook" ];
|
if [ -f "${__object:?}/parameter/renew-hook" ];
|
||||||
then
|
then
|
||||||
|
if [ "$(cat "${__object:?}/parameter/renew-hook")" = "-" ]; then
|
||||||
|
RENEW_HOOK="$(cat ${__object:?}/stdin)"
|
||||||
|
else
|
||||||
RENEW_HOOK="$(cat "${__object:?}/parameter/renew-hook")"
|
RENEW_HOOK="$(cat "${__object:?}/parameter/renew-hook")"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
export RENEW_HOOK
|
export RENEW_HOOK
|
||||||
|
|
||||||
if [ -n "$KEY_TARGET" ] && [ -z "$CERT_TARGET" ]; then
|
if [ -n "$KEY_TARGET" ] && [ -z "$CERT_TARGET" ]; then
|
||||||
|
|
Loading…
Reference in a new issue