Compare commits

...

28 commits

Author SHA1 Message Date
11ecb37dd9
[__jitsi_meet] Add --abort-conference-count parameter
Only has an effect if the prometheus exporter is enabled and if it is not
empty (default).
If at least this many conferences are active on the server, the type will
bail out before making any changes.
This is useful if you want to avoid service disruptions due to e.g. an SLA.

Sponsored by:	camilion.eu
2022-06-21 11:19:11 +02:00
03a9b8b333
[__jitsi_meet*] Update to 2.0.7439-1
Changelog:	https://github.com/jitsi/jitsi-meet-release-notes/blob/master/CHANGELOG-WEB.md#207439-2022-06-17

Sponsored by:	camilion.eu, eXO.cat
2022-06-21 11:12:27 +02:00
7a3b706b16
[__jitsi_meet*] Update to 2.0.7416-1
Changelog:	https://github.com/jitsi/jitsi-meet-release-notes/blob/master/CHANGELOG-WEB.md#207416-2022-06-16

Sponsored by:	camilion.eu, eXO.cat
2022-06-16 17:43:30 +02:00
756e5b17c6
[__jitsi_meet*] Update to 2.0.7287-1
Sponsored by:	camilion.eu, eXO.cat
2022-06-07 15:00:00 +02:00
797f7c8648
[__jitsi_meet] Improve manpage regarding ufw and SSH
This documents the fact that this type does not make decisions about anything
other than Jitsi-Meet itself and therefore care should be taken with the SSH
port.

Related to:	ungleich-public/cdist-contrib#23
Reported by:	@pedro
2022-05-08 21:47:26 +02:00
1791d35f84
[__jitsi_meet_domain] Add a muc_room_cache_size for jibri
@pedro is working on this and this change matched my workflow better :-)
2022-04-28 17:43:33 +02:00
8e1d0b68f1
[__jitsi_meet*] Add new parameters for heavier branding
This uses nginx' server-side includes, so each domain configured by
`__jitsi_meet_domain` can have its own customisation.

Note that the file customisation file must exist for each domain,
`__jitsi_meet_domain` takes care of that already.

Sponsored by:   camilion.eu, eXO.cat
2022-04-28 17:42:30 +02:00
aa3f2eeb00
[__jitsi_meet_domain] Make shellcheck happy and fix escaping issue
The escaping issue was overlooked because it was in a comment block; it wasn't
relevant.

No functional changes intended.

Sponsored by:   camilion.eu, eXO.cat
2022-04-28 17:34:32 +02:00
a63d9ec458
[__jitsi_meet] Configure jicofo so metrics are more useful
By default the REST API provided by jicofo is less useful than desired.
This is a tad under-documented, so finding the right settings was tricky :-).

Sponsored by:   camilion.eu, eXO.cat
2022-04-28 17:32:15 +02:00
0cff414884
[__jitsi_meet] Simplify exporter logic and update it to 1.2.0
This uses the newly merged __single_binary_service and:

- Fixes the bug where once added, the exporter could not be removed
- Simplifies keeping it up to date

Sponsored by:   camilion.eu, eXO.cat
2022-04-28 17:28:46 +02:00
977b530dab
[__single_binary_service] Update manpage to remove __evilham prefix 2022-04-28 17:22:19 +02:00
1865ff9dce Add 'type/__single_binary_service/' from commit '1af7e960fa882efc7202cad5cc01d3136886fa0a'
git-subtree-dir: type/__single_binary_service
git-subtree-mainline: 67bc8aa02b
git-subtree-split: 1af7e960fa
2022-04-28 17:20:02 +02:00
67bc8aa02b
__uacme_obtain: allow use of stdin with the --renew-hook parameter 2022-04-25 17:10:50 +02:00
151dc32fb5
[__jitsi_meet*] Add support for simultaneous interpretations
By using https://gitlab.com/mfmt/jsi which consists of very small and simple
static files, we enable interpretations by default.

With this commit, any DOMAIN created with __jitsi_meet_domain will serve jsi on
https://DOMAIN/i/ and any ROOM can be used with simultaneous interpretation on
https://DOMAIN/i/ROOM

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 19:46:03 +02:00
7e2ba98d36
[__jitsi_meet] Fix issue with jicofo memory adaptation
That was being a bit of a mess.

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 17:52:49 +02:00
1658121549
[__jitsi_meet*] Update to 2.0.7210
While there, make things a tad easier to maintain.

Note that in this version, jitsi switches to using nginx upstreams; it shouldn't
be relevant for instances fully managed with these types.

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 15:52:47 +02:00
c5070a3a33
[__jitsi_meet] Fix adjustment of jicofo's max memory
Leftover from last commit >,<

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 14:44:10 +02:00
80bbbd3aa8
[__jitsi_meet] Adapt jicofo and videobridge memory usage
This enables us to setup smaller jitsi instances that work reliably.

We set 3 threshholds:
- < 3G RAM: use 0.75G max memory
- < 5G RAM: use 1G max memory
- < 8G RAM: use 2G max memory
- >= 8G RAM: use 3G max memory (jitsi's default)

For more information as to why and how this is done, see:
https://gitlab.com/guifi-exo/projectes/-/issues/318
https://github.com/jitsi/jitsi-meet/issues/6589
as investigated back in the day by @pedro

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 14:37:08 +02:00
87cc109bf1
[__jitsi_meet*] Make rooms on different domains not equivalent
This is a backwards-compatible change.

We switch the approach from "treat all domains as if they were the main domain"
to: "each domain has its own prosody settings".

This works perfectly fine, even with secured domains.

There is a caveat with secured domains, in that they use the main domain to log
in; this means that users are shared across all domains (as they were before
this commit).

This is due to jicofo refusing to start meetings from a domain that is not
configured, and it only accepting one domain.

Right now, this is acceptable, however we could want to authenticate against
e.g. different LDAP / IMAP servers in the future, so this would need addressing
at that stage.

Probably the best way to solve it is by patching jicofo, so it accepts starting
conferences from multiple domains and getting that patch upstream.

Sponsored by:   camilion.eu, eXO.cat
2022-04-21 13:20:30 +02:00
a12b343660
[__jitsi_meet_domain] Add analytics settings parameter
with this, admins can take advantage of e.g. matomo to have some usage
statistics.

The parameter defaults to `disabled: true`, which is the most privacy-friendly!

Sponsored by:   camilion.eu
2022-04-21 13:13:12 +02:00
29cafd4f9a
[__jitsi_meet_domain] Simplify logic for secured domains 2022-04-16 13:22:16 +02:00
fa37ede84f
[__jitsi_meet] Unconfuse jitsi-version and secured domains
Closes #14 by committing to keeping the package up to date as promptly as
possible; else weird  things happen and there are no real good solutions for
this.  E.g. we have seen in the past that due to security issues, a jitsi
dependency  needs to be upgraded, but some package that jitsi-meet depends upon
also has an upper limit on that package's version.

A note was added to the manpage in order make it explicit that maintenance of
this type can be sponsored to ensure its proper functioning.

Closes #15 by using `__file`. This will also allow us to have more control over
jicofo's settings, which might be important when we start doing recordings.

Sponsored by:	lafede.cat
2022-04-10 19:45:08 +02:00
1af7e960fa [__single_binary_service] Many improvements + runit support
Amongst other things compressed files can be of a type other than .tar.gz (it
remains the default) and we now properly support runit services, FreeBSD and
Devuan.
2021-10-30 15:38:26 +02:00
3e77fbbb43 [__single_binary_service] Do not use echo echo echo 2021-08-04 21:02:37 +02:00
afa48b1028 [__single_binary_service] Support customisation of systemd units
Requested by pedro
2021-08-04 21:00:52 +02:00
c5929f397d [__single_binary_service] Adapt bug fixes proposed by pedro
there are several typos, some style issues and now there is at most one service
restart in all cases.

Submitted by:   pedro <git2021@cas.cat>
2021-08-04 20:27:08 +02:00
d5b552ddb4 [__single_binary_service] Add manpage, config-file and better absent
With these changes the type is good for general consumption (modulo the
limitations mentioned in the manpage under TODO).
2021-06-18 22:01:45 +02:00
51d0b817fe [__single_binary_service] Type to manage very simple services. 2021-06-18 20:52:58 +02:00
42 changed files with 1637 additions and 240 deletions

View file

@ -0,0 +1,15 @@
#!/bin/sh -eu
JICOFO="/usr/share/jicofo/jicofo.sh"
VIDEOBRIDGE="/usr/share/jitsi-videobridge/lib/videobridge.rc"
if [ -f "${JICOFO:?}" ]; then
jicofo_memory="$(grep JICOFO_MAX_MEMORY= "${JICOFO:?}" | cut -d= -f 2 | cut -d ";" -f 1)"
fi
if [ -f "${VIDEOBRIDGE:?}" ]; then
vb_memory="$(grep VIDEOBRIDGE_MAX_MEMORY= "${VIDEOBRIDGE:?}" | cut -d= -f 2)"
fi
cat <<EOF
jicofo ${jicofo_memory:-n/a}
videobridge ${vb_memory:-n/a}
EOF

View file

@ -0,0 +1,6 @@
#!/bin/sh -eu
if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then
# TODO: detect curl / depend on it?
curl -s localhost:9888/metrics
fi

View file

@ -1,7 +0,0 @@
#!/bin/sh -e
EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
if [ -f "${EXPORTER_VERSION_FILE}" ]; then
cat "${EXPORTER_VERSION_FILE}"
fi

View file

@ -0,0 +1,34 @@
#!/bin/sh -eu
# Start
cat <<EOF
# Managed remotely, changes will be lost
# Jicofo HOCON configuration. See /usr/share/jicofo/jicofo.jar/reference.conf for
#available options, syntax, and default values.
jicofo {
xmpp: {
client: {
client-proxy: focus.${JITSI_HOST:?}
}
trusted-domains: [ "recorder.${JITSI_HOST:?}" ]
}
bridge: {
brewery-jid: "JvbBrewery@internal.auth.${JITSI_HOST:?}"
}
EOF
# Secured domains if needed
if [ "${SECURED_DOMAINS_STATE:?}" = "present" ]; then
cat <<EOF
authentication: {
enabled: true
type: XMPP
login-url: ${JITSI_HOST:?}
}
EOF
fi
# End
echo '}'

View file

@ -0,0 +1 @@
../../__jitsi_meet_domain/files/jitsi-version

View file

@ -0,0 +1 @@
../../__jitsi_meet_domain/files/prosody.cfg.lua.sh

View file

@ -1,11 +1,43 @@
#!/bin/sh -e #!/bin/sh -e
memory="$(cat "${__global}/explorer/memory")"
G="000000" # Will totally eff up the zero-count otherwise
# MAX_MEMORY will affect jicofo and videobridge
# As a rule of thumb, the machine's RAM should be more than 2.5 * MAX_MEMORY
if [ "${memory}" -lt "3${G}" ]; then
# If you use this, let us know how it works!
MAX_MEMORY="768m"
elif [ "${memory}" -lt "5${G}" ]; then
MAX_MEMORY="1024m"
elif [ "${memory}" -lt "8${G}" ]; then
MAX_MEMORY="2048m"
else
# Jitsi recommends running on 8G RAM and these are the defaults
MAX_MEMORY="3072m"
fi
if cut -f 2 "${__object}/explorer/configured-memory" | grep -qvE "^${MAX_MEMORY}$"; then
# At least one service has different memory settings
RESTART_SERVICES="YES"
cat <<-EOF
sed -i.tmp -E \
-e 's!^(#[[:space:]]*)?(VIDEOBRIDGE_MAX_MEMORY)=.*\$!\2=${MAX_MEMORY}!' \
/usr/share/jitsi-videobridge/lib/videobridge.rc
sed -i.tmp -E \
-e 's!(JICOFO_MAX_MEMORY)[^";]+;!\1=${MAX_MEMORY};!' \
/usr/share/jicofo/jicofo.sh
EOF
fi
if grep -qE "^__file/etc/nginx" "${__messages_in}"; then if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
echo "service nginx reload" echo "service nginx reload"
fi fi
JITSI_HOST="${__object_id}" if grep -qE "^(__line/jitsi_jicofo_secured_domains|(__file|__link)/etc/prosody/conf.d/|__file/etc/jitsi/(jicofo/jicofo.conf|videobridge/jvb.conf))" "${__messages_in}"; then
if grep -qE "^(__line/jitsi_jicofo_secured_domains|__file/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua)" "${__messages_in}"; then RESTART_SERVICES="YES"
fi
if [ -n "${RESTART_SERVICES}" ]; then
echo "systemctl restart prosody" echo "systemctl restart prosody"
echo "systemctl restart jicofo" echo "systemctl restart jicofo"
echo "systemctl restart jitsi-videobridge2" echo "systemctl restart jitsi-videobridge2"

View file

@ -21,13 +21,24 @@ You will also need the `__jitsi_meet_domain` type in order to finish setting up
the web frontend (including TLS certificates) and its settings. the web frontend (including TLS certificates) and its settings.
You may want to use the `files/ufw` example manifest for a `__ufw`-based You may want to use the `files/ufw` example manifest for a `__ufw`-based
firewall compatible with this type. firewall compatible with this type that allows all ports needed by Jitsi-Meet.
This file does not include rules for TCP port 9888, which exposes the Note however that this will not deal with rules for SSH or for TCP port 9888,
prometheus exporter if not disabled. which exposes the prometheus exporter if not disabled.
You should apply your own rules here. Remember to apply your own rules here, particularly regarding SSH.
This type only works on De{bi,vu}an systems. This type only works on De{bi,vu}an systems.
It is very important for this type to stay up to date with the software, as
otherwise new deployments or maintenance of existing instances might be
negatively affected.
If you can, please contribute updates to `__jitsi_meet` and
`__jitsi_meet_domain` promptly and regularly.
Alternatively, you can help finance that work; get in touch with the type
authors for that (see below).
This type takes care of adapting the maximum memory used by jicofo and
videobridge in function of the hosts installed memory.
NOTE: This type currently does not deal with setting up coturn. NOTE: This type currently does not deal with setting up coturn.
For that, you might want to check `__coturn` in For that, you might want to check `__coturn` in
https://code.ungleich.ch/ungleich-public/cdist-contrib https://code.ungleich.ch/ungleich-public/cdist-contrib
@ -36,6 +47,14 @@ NOTE: This type currently does not deal with setting up coturn.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
abort-conference-count
Only has an effect if the prometheus exporter is enabled and if it is not
empty (default).
If at least this many conferences are active on the server, the type will
bail out before making any changes.
This is useful if you want to avoid service disruptions due to e.g. an SLA.
turn-secret turn-secret
The shared secret for the TURN server. The shared secret for the TURN server.
@ -43,11 +62,6 @@ turn-server
The hostname of the TURN server. The hostname of the TURN server.
This will assume that it is listening with TLS on port 443. This will assume that it is listening with TLS on port 443.
jitsi-version
The jitsi-meet version of the Debian package to be installed.
While this can be specified, only the default value is known to work
properly with this type.
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
------------------ ------------------
@ -70,9 +84,11 @@ EXAMPLES
.. code-block:: sh .. code-block:: sh
# Setup the firewall # Setup the firewall for Jitsi-Meet
. "${__global}/type/__jitsi_meet/files/ufw" . "${__global}/type/__jitsi_meet/files/ufw"
export require="__ufw" export require="__ufw"
# Setup firewall SSH rules as necessary
__ufw_rule ssh --rule 'allow 22/tcp from 10.0.0.0/24'
# Setup Jitsi on this host # Setup Jitsi on this host
__jitsi_meet \ __jitsi_meet \
--turn-server "turn.exo.cat" \ --turn-server "turn.exo.cat" \
@ -92,4 +108,4 @@ Evilham <contact@evilham.com>
COPYING COPYING
------- -------
Copyright \(C) 2021 Evilham. Copyright \(C) 2022 Evilham.

View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
os="$(cat "${__global}/explorer/os")" os="$(cat "${__global}/explorer/os")"
init="$(cat "${__global}/explorer/init")"
case "${os}" in case "${os}" in
devuan|debian) devuan|debian)
;; ;;
@ -11,10 +10,29 @@ case "${os}" in
;; ;;
esac esac
current_conferences="$(cat "${__object}/explorer/jitsi-status" | grep -E "^jitsi_conferences[[:space:]]" | cut -d ' ' -f 2)"
ABORT_CONFERENCE_COUNT="$(cat "${__object}/parameter/abort-conference-count")"
if [ -n "${current_conferences}" ] && [ -n "${ABORT_CONFERENCE_COUNT}" ] && \
[ "${ABORT_CONFERENCE_COUNT}" -le "${current_conferences}" ]; then
cat <<-EOF
Early bail out was requested when at least ${ABORT_CONFERENCE_COUNT} conferences are taking place.
There are currently ${current_conferences} active conferences.
Try again at a later time or remove or increase --abort-conference-count
EOF
exit 1
fi
JITSI_HOST="${__target_host}" JITSI_HOST="${__target_host}"
# Currently unused, see below if [ -f "${__object}/parameter/jitsi-version" ]; then
# JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")" # This has been deprecated and will be removed 'soon'
JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
else
# Note this won't be a parameter anymore, we won't let users stay behind
JITSI_VERSION="$(cat "${__type}/files/jitsi-version")"
fi
TURN_SERVER="$(cat "${__object}/parameter/turn-server")" TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
TURN_SECRET="$(cat "${__object}/parameter/turn-secret")" TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
@ -22,8 +40,6 @@ if [ -z "${TURN_SERVER}" ]; then
TURN_SERVER="${JITSI_HOST}" TURN_SERVER="${JITSI_HOST}"
fi fi
PROMETHEUS_JITSI_EXPORTER_IS_VERSION="$(cat "${__object}/explorer/prometheus-jitsi-meet-explorer-version")"
# The rest is loosely based on Jitsi's documentation # The rest is loosely based on Jitsi's documentation
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
@ -55,11 +71,12 @@ __debconf_set_selections jitsi_meet --line "${DEBCONF_SETTINGS}"
export require="${require} __debconf_set_selections/jitsi_meet" export require="${require} __debconf_set_selections/jitsi_meet"
# Install and upgrade packages as needed # Install and upgrade packages as needed
__package_apt jitsi-meet # NOTE: we are doing version pinning again, but it breaks sometimes when
# We are not doing version pinning anymore because it breaks when # the version is not the latest.
# the version is not the latest. # This happens because dependencies might not be properly resolved.
# This happens because dependencies cannot be properly resolved. # To avoid this, this type must be maintained up to date.
# --version "${JITSI_VERSION}" # If we don't use this, keeping Jitsi's up to date is very difficult.
__package_apt jitsi-meet --version "${JITSI_VERSION}"
# Proceed only after installation/upgrade has finished # Proceed only after installation/upgrade has finished
export require="__package_apt/jitsi-meet" export require="__package_apt/jitsi-meet"
@ -149,95 +166,144 @@ server {
} }
EOF EOF
if [ -f "${__object}/parameter/secured-domains" ]; then # Starting from 2.0.7210, jitsi defines following nginx upstreams
SECURED_DOMAINS_STATE='present' __directory "${NGINX_ETC}/conf.d" --state present
SECURED_DOMAINS_STATE_JICOFO='present' require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/prosody.conf" \
else --mode 644 \
SECURED_DOMAINS_STATE='absent' --source - << EOF
SECURED_DOMAINS_STATE_JICOFO='absent' upstream prosody {
fi zone upstreams 64K;
server 127.0.0.1:5280;
__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \ keepalive 2;
--owner prosody --group prosody --mode 0440 \ }
--state ${SECURED_DOMAINS_STATE} \ EOF
--source - <<EOF require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/jvb1.conf" \
VirtualHost "${JITSI_HOST}" --mode 644 \
authentication = "internal_plain" --source - << EOF
upstream jvb1 {
VirtualHost "guest.${JITSI_HOST}" zone upstreams 64K;
authentication = "anonymous" server 127.0.0.1:9090;
c2s_require_encryption = false keepalive 2;
}
EOF EOF
__block jitsi_jicofo_secured_domains \ if [ -f "${__object}/parameter/secured-domains" ]; then
--prefix "// begin cdist: jicofo_secured_domains" \ SECURED_DOMAINS_STATE='present'
--suffix "// end cdist: jicofo_secured_domains" \ else
--file /etc/jitsi/jicofo/jicofo.conf \ SECURED_DOMAINS_STATE='absent'
--state "${SECURED_DOMAINS_STATE_JICOFO}" \ fi
--text '-' <<EOF
authentication: { # This is the main host config
enabled: true PROSODY_MAIN_CONFIG="YES"
type: XMPP # Prosody settings for common components (jvb, focus, ...)
login-url: ${JITSI_HOST} # shellcheck source=type/__jitsi_meet/files/prosody.cfg.lua.sh
} . "${__type}/files/prosody.cfg.lua.sh" # This defines PROSODY_CONFIG
__file "/etc/prosody/conf.d/00_jitsi_base.cfg.lua" \
--group prosody \
--mode 0440 \
--source - <<EOF
${PROSODY_CONFIG}
EOF
# Clean up zauth.cfg.lua file, which we don't use now
__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \
--state absent
export SECURED_DOMAINS_STATE
export JITSI_HOST
"${__type}/files/jicofo.conf.sh" | \
__file /etc/jitsi/jicofo/jicofo.conf --mode 0444 --source '-'
# Enable the private colibri REST API end point for better stats
__file "/etc/jitsi/videobridge/jvb.conf" --mode 0444 --source '-' <<EOFJVB
videobridge {
http-servers {
public {
port = 9090
}
private {
port = 8080
}
}
websockets {
enabled = true
domain = "${JITSI_HOST}:443"
tls = true
}
apis {
rest {
enabled = true
}
}
}
EOFJVB
# Enable simple per-domain body customisation
__file "/usr/share/jitsi-meet/body.html" \
--mode 0644 \
--source '-' <<EOF
<!--#include virtual="body-\${host}.html" -->
EOF EOF
# These two should be changed on new release # These two should be changed on new release
PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.5" EXPORTER_VERSION="1.2.0"
PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:3ddf43a48d9a2f62be1bc6db9e7ba75d61994f9423e5c5b28be019f41f06f745" EXPORTER_CHECKSUM="sha256:6377ffa7be0c7deb66545616add7245da96f8b7746d6712f41cfa9fe72c935ce"
PROMETHEUS_JITSI_EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}/prometheus-jitsi-meet-exporter-linux-amd64" EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${EXPORTER_VERSION}/prometheus-jitsi-meet-exporter_${EXPORTER_VERSION}_linux_amd64.tar.gz"
PROMETHEUS_JITSI_EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version" if [ -f "${__object}/parameter/disable-prometheus-exporter" ]; then
if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then EXPORTER_STATE="absent"
case "${init}" in else
init|sysvinit) EXPORTER_STATE="present"
__runit
require="__runit" __runit_service \
prometheus-jitsi-meet-exporter --log --source - <<EOF
#!/bin/sh -e
cd /tmp
exec chpst -u "nobody:nogroup" env HOME="/tmp" \\
prometheus-jitsi-meet-exporter \\
-videobridge-url 'http://localhost:8888/stats' \\
-web.listen-address ':9888' 2>&1
EOF
export require="__runit_service/prometheus-jitsi-meet-exporter"
JITSI_MEET_EXPORTER_SERVICE="sv %s prometheus-jitsi-meet-exporter"
;;
systemd)
__systemd_unit prometheus-jitsi-meet-exporter.service \
--source "-" \
--enablement-state "enabled" <<EOF
[Unit]
Description=Metrics Exporter for Jitsi Meet
After=network.target
[Service]
Type=simple
DynamicUser=yes
ExecStart=/usr/local/bin/prometheus-jitsi-meet-exporter -videobridge-url 'http://localhost:8888/stats' -web.listen-address ':9888'
Restart=always
[Install]
WantedBy=multi-user.target
EOF
export require="__systemd_unit/prometheus-jitsi-meet-exporter.service"
JITSI_MEET_EXPORTER_SERVICE="service prometheus-jitsi-meet-exporter %s"
;;
esac
if [ "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" != \
"${PROMETHEUS_JITSI_EXPORTER_IS_VERSION}" ]; then
# shellcheck disable=SC2059
__download \
/tmp/prometheus-jitsi-meet-exporter \
--url "${PROMETHEUS_JITSI_EXPORTER_URL}" \
--download remote \
--sum "${PROMETHEUS_JITSI_EXPORTER_CHECKSUM}" \
--onchange "$(printf "${JITSI_MEET_EXPORTER_SERVICE}" "stop") || true; chmod 555 /tmp/prometheus-jitsi-meet-exporter && mv /tmp/prometheus-jitsi-meet-exporter /usr/local/bin/prometheus-jitsi-meet-exporter && $(printf "${JITSI_MEET_EXPORTER_SERVICE}" "restart")"
printf "%s" "${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}" | \
require="${require} __download/tmp/prometheus-jitsi-meet-exporter" __file \
"${PROMETHEUS_JITSI_EXPORTER_VERSION_FILE}" \
--source "-"
fi
fi fi
# TODO: disable the exporter if it is deployed and then admin changes their mind __evilham_single_binary_service prometheus-jitsi-meet-exporter \
--state "${EXPORTER_STATE}" \
--do-not-manage-user \
--user "nobody" \
--group "nogroup" \
--version "${EXPORTER_VERSION}" \
--checksum "${EXPORTER_CHECKSUM}" \
--url "${EXPORTER_URL}" \
--unpack \
--service-args "-videobridge-url 'http://localhost:8080/colibri/stats' -web.listen-address ':9888'"
#
# Setup interpreter assets if requested
# See: https://gitlab.com/mfmt/jsi/
#
jsi_updated_on="2022-04-21"
__link "/usr/share/jitsi-meet/interpreters.html" \
--type symbolic \
--source "/opt/jsi/static/index.html.sample"
__directory /opt/jsi --mode 0755
export require="__directory/opt/jsi"
__download /opt/jsi/jsi.tar.gz \
--url 'https://gitlab.com/mfmt/jsi/-/archive/1d2cceaf615ee61c0bba80e5bddc61c5d1018303/jsi-1d2cceaf615ee61c0bba80e5bddc61c5d1018303.tar.gz' \
--sum "sha256:b020141093daa9937507b098f358d0be994834c3e23866a457fc5140415a0c53"
export require="__download/opt/jsi/jsi.tar.gz"
__unpack /opt/jsi/jsi.tar.gz \
--preserve-archive \
--tar-strip 1 \
--destination /opt/jsi/static \
--onchange "$(cat <<EOF
# Patch style.css to be served on /i/
sed -i.tmp -E \
-e 's!url[(]/img/welcome-background.png[)]!url(/i/img/welcome-background.png)!' \
/opt/jsi/static/style.css
# Patch jsi.js to be served on /i/
# and so it always uses the domain it's served from
# and so it uses /i/ROOM for the form
sed -i.tmp -E \
-e 's!substr[(][0-9]+[)]!substr(3)!' \
-e 's!config[.]jitsimeet_url!url.host!' \
-e 's!(window[.]location[.]href)[[:space:]]*=[[:space:]]*"/"!\1 = "/i/"!' \
/opt/jsi/static/jsi.js
# Patch the sample index.html, so it loads external_api.js from same host
# and to easen up on the branding
# and to enable browser cache
sed -i.tmp -E \
-e "s!src=[^>]*(/external_api.js).!src='\1'!" \
-e "s!<h1>[^<]*</h1>!<h1>Jitsi Meetings with interpreter</h1>!" \
-e "s!https://meet.mayfirst.org!/!" \
-e "s!(style.css|jsi.js)([^?])!\1?v=${jsi_updated_on:?}\2!" \
/opt/jsi/static/index.html.sample
EOF
)"

View file

@ -1 +0,0 @@
2.0.7001-1

View file

@ -0,0 +1,4 @@
Supporting different versions lead to strange issues in the life-time of a
Jitsi instance. Chiefly: difficulties upgrading.
If you are specifying this for a valid reason, please get in touch.

View file

@ -1,3 +1,4 @@
abort-conference-count
jitsi-version jitsi-version
turn-secret turn-secret
turn-server turn-server

View file

@ -7,7 +7,7 @@
# We could automate this, but are using it as an indicator for the # We could automate this, but are using it as an indicator for the
# latest branch with which we conciliated changes. # latest branch with which we conciliated changes.
BRANCH="jitsi-meet_7001" BRANCH="jitsi-meet_7439"
REPO="https://github.com/jitsi/jitsi-meet" REPO="https://github.com/jitsi/jitsi-meet"
get_url() { get_url() {
@ -28,3 +28,8 @@ download_file() {
download_file config.js download_file config.js
download_file interface_config.js download_file interface_config.js
download_file doc/debian/jitsi-meet/jitsi-meet.example nginx.sh.orig download_file doc/debian/jitsi-meet/jitsi-meet.example nginx.sh.orig
download_file doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example prosody.cfg.lua.sh.orig
# Change the version file, maintainers should check that it matches
# the deb version
printf "2.0.%s-1" "${BRANCH#*_}" > jitsi-version

View file

@ -4,32 +4,32 @@
JITSI_CONFIG_JS="$(cat <<EOF JITSI_CONFIG_JS="$(cat <<EOF
/* eslint-disable no-unused-vars, no-var */ /* eslint-disable no-unused-vars, no-var */
/*
* NOTE: If you add a new option please remember to document it here:
* https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration
*/
var config = { var config = {
// Connection // Connection
// //
hosts: { hosts: {
// XMPP domain. // XMPP domain.
domain: '${JITSI_HOST}', domain: '${DOMAIN}',
// When using authentication, domain for guest users. // When using authentication, domain for guest users.
$( if [ -n "${SECURED_DOMAINS}" ]; then cat<<EOF2 $( if [ -z "${SECURED_DOMAINS}" ]; then printf "// "
anonymousdomain: 'guest.${JITSI_HOST}', fi)anonymousdomain: 'guest.${DOMAIN}',
EOF2
else cat <<EOF2
// anonymousdomain: 'guest.example.com',
EOF2
fi
)
// Domain for authenticated users. Defaults to <domain>. // Domain for authenticated users. Defaults to <domain>.
// authdomain: '${JITSI_HOST}', // NOTE [cdist]: if we use '${DOMAIN}', jicofo won't start the meeting
authdomain: '${JITSI_HOST}',
// Focus component domain. Defaults to focus.<domain>. // Focus component domain. Defaults to focus.<domain>.
// focus: 'focus.${JITSI_HOST}', focus: 'focus.${JITSI_HOST}',
// XMPP MUC domain. FIXME: use XEP-0030 to discover it. // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
muc: 'conference.${JITSI_HOST}' muc: 'conference.${DOMAIN}'
}, },
// BOSH URL. FIXME: use XEP-0156 to discover it. // BOSH URL. FIXME: use XEP-0156 to discover it.
@ -37,12 +37,12 @@ fi
bosh: '//<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind', bosh: '//<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind',
// Websocket URL // Websocket URL
// websocket: 'wss://${JITSI_HOST}/xmpp-websocket', // websocket: 'wss://${DOMAIN}/xmpp-websocket',
// The real JID of focus participant - can be overridden here // The real JID of focus participant - can be overridden here
// Do not change username - FIXME: Make focus username configurable // Do not change username - FIXME: Make focus username configurable
// https://github.com/jitsi/jitsi-meet/issues/7376 // https://github.com/jitsi/jitsi-meet/issues/7376
// focusUserJid: 'focus@auth.${JITSI_HOST}', focusUserJid: 'focus@auth.${JITSI_HOST}',
// Testing / experimental features. // Testing / experimental features.
@ -80,6 +80,11 @@ fi
// or disabled for the screenshare. // or disabled for the screenshare.
// capScreenshareBitrate: 1 // 0 to disable - deprecated. // capScreenshareBitrate: 1 // 0 to disable - deprecated.
// Whether to use fake constraints (height: 99999, width: 99999) when calling getDisplayMedia on
// Chromium based browsers. This is intended as a workaround for
// https://bugs.chromium.org/p/chromium/issues/detail?id=1056311
// setScreenSharingResolutionConstraints: true
// Enable callstats only for a percentage of users. // Enable callstats only for a percentage of users.
// This takes a value between 0 and 100 which determines the probability for // This takes a value between 0 and 100 which determines the probability for
// the callstats to be enabled. // the callstats to be enabled.
@ -90,6 +95,10 @@ fi
flags: { flags: {
// Enables source names in the signaling. // Enables source names in the signaling.
// sourceNameSignaling: false, // sourceNameSignaling: false,
// Enables sending multiple video streams, i.e., camera and desktop tracks can be shared in the conference
// separately as two different streams instead of one composite stream.
// sendMultipleVideoStreams: false
}, },
// Disables moderator indicators. // Disables moderator indicators.
@ -276,9 +285,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// appKey: '<APP_KEY>' // Specify your app key here. // appKey: '<APP_KEY>' // Specify your app key here.
// // A URL to redirect the user to, after authenticating // // A URL to redirect the user to, after authenticating
// // by default uses: // // by default uses:
// // 'https://${JITSI_HOST}/static/oauth.html' // // 'https://${DOMAIN}/static/oauth.html'
// redirectURI: // redirectURI:
// 'https://${JITSI_HOST}/subfolder/static/oauth.html' // 'https://${DOMAIN}/subfolder/static/oauth.html'
// }, // },
// When integrations like dropbox are enabled only that will be shown, // When integrations like dropbox are enabled only that will be shown,
// by enabling fileRecordingsServiceEnabled, we show both the integrations // by enabling fileRecordingsServiceEnabled, we show both the integrations
@ -293,6 +302,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Whether to enable live streaming or not. // Whether to enable live streaming or not.
// liveStreamingEnabled: false, // liveStreamingEnabled: false,
// Whether to enable local recording or not.
// enableLocalRecording: false,
// Transcription (in interface_config, // Transcription (in interface_config,
// subtitles and buttons can be configured) // subtitles and buttons can be configured)
// transcribingEnabled: false, // transcribingEnabled: false,
@ -486,6 +498,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// If Lobby is enabled starts knocking automatically. // If Lobby is enabled starts knocking automatically.
// autoKnockLobby: false, // autoKnockLobby: false,
// Enable lobby chat.
// enableLobbyChat: true,
// DEPRECATED! Use \`breakoutRooms.hideAddRoomButton\` instead. // DEPRECATED! Use \`breakoutRooms.hideAddRoomButton\` instead.
// Hides add breakout room button // Hides add breakout room button
// hideAddRoomButton: false, // hideAddRoomButton: false,
@ -525,7 +540,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Hides the dominant speaker name badge that hovers above the toolbox // Hides the dominant speaker name badge that hovers above the toolbox
// hideDominantSpeakerBadge: false, // hideDominantSpeakerBadge: false,
// Default language for the user interface. // Default language for the user interface. Cannot be overwritten.
defaultLanguage: '${DEFAULT_LANGUAGE}', defaultLanguage: '${DEFAULT_LANGUAGE}',
// Disables profile and the edit of all fields from the profile settings (display name and email) // Disables profile and the edit of all fields from the profile settings (display name and email)
@ -554,6 +569,10 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices. // // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// // This replaces \`prejoinPageEnabled\`. // // This replaces \`prejoinPageEnabled\`.
// enabled: true, // enabled: true,
// // Hides the participant name editing field in the prejoin screen.
// // If requireDisplayName is also set as true, a name should still be provided through
// // either the jwt or the userInfo from the iframe api init object in order for this to have an effect.
// hideDisplayName: false,
// // List of buttons to hide from the extra join options dropdown. // // List of buttons to hide from the extra join options dropdown.
// hideExtraJoinButtons: ['no-audio', 'by-phone'] // hideExtraJoinButtons: ['no-audio', 'by-phone']
// }, // },
@ -581,8 +600,17 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Array with avatar URL prefixes that need to use CORS. // Array with avatar URL prefixes that need to use CORS.
// corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ], // corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ],
// Base URL for a Gravatar-compatible service. Defaults to libravatar. // Base URL for a Gravatar-compatible service. Defaults to Gravatar.
// gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', // DEPRECATED! Use \`gravatar.baseUrl\` instead.
// gravatarBaseURL: 'https://www.gravatar.com/avatar/',
// Setup for Gravatar-compatible services.
// gravatar: {
// // Defaults to Gravatar.
// baseUrl: 'https://www.gravatar.com/avatar/',
// // True if Gravatar should be disabled.
// disabled: false
// },
// App name to be displayed in the invitation email subject, as an alternative to // App name to be displayed in the invitation email subject, as an alternative to
// interfaceConfig.APP_NAME. // interfaceConfig.APP_NAME.
@ -604,6 +632,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'chat', // 'chat',
// 'closedcaptions', // 'closedcaptions',
// 'desktop', // 'desktop',
// 'dock-iframe'
// 'download', // 'download',
// 'embedmeeting', // 'embedmeeting',
// 'etherpad', // 'etherpad',
@ -612,11 +641,11 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'fullscreen', // 'fullscreen',
// 'hangup', // 'hangup',
// 'help', // 'help',
// 'highlight',
// 'invite', // 'invite',
// 'linktosalesforce',
// 'livestreaming', // 'livestreaming',
// 'microphone', // 'microphone',
// 'mute-everyone',
// 'mute-video-everyone',
// 'participants-pane', // 'participants-pane',
// 'profile', // 'profile',
// 'raisehand', // 'raisehand',
@ -630,6 +659,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'stats', // 'stats',
// 'tileview', // 'tileview',
// 'toggle-camera', // 'toggle-camera',
// 'undock-iframe',
// 'videoquality', // 'videoquality',
// '__end' // '__end'
// ], // ],
@ -644,7 +674,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// timeout: 4000, // timeout: 4000,
// // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
// // Whether toolbar should be always visible or should hide after x miliseconds. // // Whether toolbar should be always visible or should hide after x miliseconds.
// alwaysVisible: false // alwaysVisible: false,
// // Indicates whether the toolbar should still autohide when chat is open
// autoHideWhileChatIsOpen: false
// }, // },
// Toolbar buttons which have their click/tap event exposed through the API on // Toolbar buttons which have their click/tap event exposed through the API on
@ -753,11 +785,25 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Enables sending participants' emails (if available) to callstats and other analytics // Enables sending participants' emails (if available) to callstats and other analytics
// enableEmailInStats: false, // enableEmailInStats: false,
// Enables detecting faces of participants and get their expression and send it to other participants // faceLandmarks: {
// enableFacialRecognition: true, // // Enables sharing your face coordinates. Used for centering faces within a video.
// enableFaceCentering: false,
// Enables displaying facial expressions in speaker stats // // Enables detecting face expressions and sharing data with other participants
// enableDisplayFacialExpressions: true, // enableFaceExpressionsDetection: false,
// // Enables displaying face expressions in speaker stats
// enableDisplayFaceExpressions: false,
// // Enable rtc stats for face landmarks
// enableRTCStats: false,
// // Minimum required face movement percentage threshold for sending new face centering coordinates data.
// faceCenteringThreshold: 10,
// // Milliseconds for processing a new image capture in order to detect face coordinates if they exist.
// captureInterval: 1000
// },
// Controls the percentage of automatic feedback shown to participants when callstats is enabled. // Controls the percentage of automatic feedback shown to participants when callstats is enabled.
// The default value is 100%. If set to 0, no automatic feedback will be requested // The default value is 100%. If set to 0, no automatic feedback will be requested
@ -823,6 +869,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
}, },
analytics: { analytics: {
${ANALYTICS_SETTINGS}
// True if the analytics should be disabled // True if the analytics should be disabled
// disabled: false, // disabled: false,
@ -910,33 +957,22 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// chromeExtensionBanner: { // chromeExtensionBanner: {
// // The chrome extension to be installed address // // The chrome extension to be installed address
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
// edgeUrl: 'https://microsoftedge.microsoft.com/addons/detail/jitsi-meetings/eeecajlpbgjppibfledfihobcabccihn',
// // Extensions info which allows checking if they are installed or not // // Extensions info which allows checking if they are installed or not
// chromeExtensionsInfo: [ // chromeExtensionsInfo: [
// { // {
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb', // id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
// path: 'jitsi-logo-48x48.png' // path: 'jitsi-logo-48x48.png'
// },
// // Edge extension info
// {
// id: 'eeecajlpbgjppibfledfihobcabccihn',
// path: 'jitsi-logo-48x48.png'
// } // }
// ] // ]
// }, // },
// Local Recording
//
// localRecording: {
// Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to
// the \`toolbarButtons\`-array for the Local Recording button to show up
// on the toolbar.
//
// enabled: true,
//
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
// format: 'flac'
//
// },
// e2ee: { // e2ee: {
// labels, // labels,
// externallyManagedKey: false // externallyManagedKey: false
@ -944,14 +980,18 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Options related to end-to-end (participant to participant) ping. // Options related to end-to-end (participant to participant) ping.
// e2eping: { // e2eping: {
// // The interval in milliseconds at which pings will be sent. // // Whether ene-to-end pings should be enabled.
// // Defaults to 10000, set to <= 0 to disable. // enabled: false,
// pingInterval: 10000,
// //
// // The interval in milliseconds at which analytics events // // The number of responses to wait for.
// // with the measured RTT will be sent. Defaults to 60000, set // numRequests: 5,
// // to <= 0 to disable. //
// analyticsInterval: 60000, // // The max conference size in which e2e pings will be sent.
// maxConferenceSize: 200,
//
// // The maximum number of e2e ping messages per second for the whole conference to aim for.
// // This is used to contol the pacing of messages in order to reduce the load on the backend.
// maxMessagesPerSecond: 250
// }, // },
// If set, will attempt to use the provided video input device label when // If set, will attempt to use the provided video input device label when
@ -978,7 +1018,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Disables all invite functions from the app (share, invite, dial out...etc) // Disables all invite functions from the app (share, invite, dial out...etc)
// disableInviteFunctions: true, // disableInviteFunctions: true,
// Disables storing the room name to the recents list // Disables storing the room name to the recents list. When in an iframe this is ignored and
// the room is never stored in the recents list.
// doNotStoreRoom: true, // doNotStoreRoom: true,
// Deployment specific URLs. // Deployment specific URLs.
@ -993,12 +1034,25 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Options related to the remote participant menu. // Options related to the remote participant menu.
// remoteVideoMenu: { // remoteVideoMenu: {
// // Whether the remote video context menu to be rendered or not.
// disabled: true,
// // If set to true the 'Kick out' button will be disabled. // // If set to true the 'Kick out' button will be disabled.
// disableKick: true, // disableKick: true,
// // If set to true the 'Grant moderator' button will be disabled. // // If set to true the 'Grant moderator' button will be disabled.
// disableGrantModerator: true // disableGrantModerator: true,
// // If set to true the 'Send private message' button will be disabled.
// disablePrivateChat: true
// }, // },
// Endpoint that enables support for salesforce integration with in-meeting resource linking
// This is required for:
// listing the most recent records - salesforceUrl/records/recents
// searching records - salesforceUrl/records?text=\${text}
// retrieving record details - salesforceUrl/records/\${id}?type=\${type}
// and linking the meeting - salesforceUrl/sessions/\${sessionId}/records/\${id}
//
// salesforceUrl: 'https://api.example.com/',
// If set to true all muting operations of remote participants will be disabled. // If set to true all muting operations of remote participants will be disabled.
// disableRemoteMute: true, // disableRemoteMute: true,
@ -1062,10 +1116,22 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
*/ */
dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}", dynamicBrandingUrl: "${DYNAMIC_BRANDING_URL}",
// Options related to the participants pane.
// participantsPane: {
// // Hides the moderator settings tab.
// hideModeratorSettingsTab: false,
// // Hides the more actions button.
// hideMoreActionsButton: false,
// // Hides the mute all button.
// hideMuteAllButton: false
// },
// Options related to the breakout rooms feature. // Options related to the breakout rooms feature.
// breakoutRooms: { // breakoutRooms: {
// // Hides the add breakout room button. This replaces \`hideAddRoomButton\`. // // Hides the add breakout room button. This replaces \`hideAddRoomButton\`.
// hideAddRoomButton: false, // hideAddRoomButton: false,
// // Hides the auto assign participants button.
// hideAutoAssignButton: false,
// // Hides the join breakout room button. // // Hides the join breakout room button.
// hideJoinRoomButton: false // hideJoinRoomButton: false
// }, // },
@ -1096,7 +1162,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
// conferenceInfo: { // conferenceInfo: {
// // those labels will not be hidden in tandem with the toolbox. // // those labels will not be hidden in tandem with the toolbox.
// alwaysVisible: ['recording', 'local-recording', 'raised-hands-count'], // alwaysVisible: ['recording', 'raised-hands-count'],
// // those labels will be auto-hidden in tandem with the toolbox buttons. // // those labels will be auto-hidden in tandem with the toolbox buttons.
// autoHide: [ // autoHide: [
// 'subject', // 'subject',
@ -1105,7 +1171,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'e2ee', // 'e2ee',
// 'transcribing', // 'transcribing',
// 'video-quality', // 'video-quality',
// 'insecure-room' // 'insecure-room',
// 'highlight-moment'
// ] // ]
// }, // },
@ -1139,14 +1206,24 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// will open an etherpad document. // will open an etherpad document.
// etherpad_base: 'https://your-etherpad-installati.on/p/', // etherpad_base: 'https://your-etherpad-installati.on/p/',
// To enable information about dial-in access to meetings you need to provide
// dialInNumbersUrl and dialInConfCodeUrl.
// dialInNumbersUrl returns a json array of numbers that can be used for dial-in.
// {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"}
// dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
// or the other way around (more info in resources/cloud-api.swagger)
//
// For JaaS customers the default values are:
// dialInNumbersUrl: 'https://conference-mapper.jitsi.net/v1/access/dids',
// dialInConfCodeUrl: 'https://conference-mapper.jitsi.net/v1/access',
//
// List of undocumented settings used in jitsi-meet // List of undocumented settings used in jitsi-meet
/** /**
_immediateReloadThreshold _immediateReloadThreshold
debug debug
debugAudioLevels debugAudioLevels
deploymentInfo deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl dialOutAuthUrl
dialOutCodesUrl dialOutCodesUrl
disableRemoteControl disableRemoteControl
@ -1231,7 +1308,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable // 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected // 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
// 'localRecording.localRecording', // shown when a local recording is started
// 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed // 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
// 'notify.disconnected', // shown when a participant has left // 'notify.disconnected', // shown when a participant has left
// 'notify.connectedOneMember', // show when a participant joined // 'notify.connectedOneMember', // show when a participant joined
@ -1245,6 +1321,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited
// 'notify.kickParticipant', // shown when a participant is kicked // 'notify.kickParticipant', // shown when a participant is kicked
// 'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration
// 'notify.moderationStartedTitle', // shown when AV moderation is activated // 'notify.moderationStartedTitle', // shown when AV moderation is activated
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
@ -1260,6 +1337,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.raisedHand', // shown when a partcipant used raise hand,
// 'notify.startSilentTitle', // shown when user joined with no audio // 'notify.startSilentTitle', // shown when user joined with no audio
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation // 'notify.unmute', // shown to moderator when user raises hand during AV moderation
// 'notify.hostAskedUnmute', // shown to participant when host asks them to unmute
// 'prejoin.errorDialOut', // 'prejoin.errorDialOut',
// 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutDisconnected',
// 'prejoin.errorDialOutFailed', // 'prejoin.errorDialOutFailed',
@ -1275,6 +1353,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'transcribing.failedToStart' // shown when transcribing fails to start // 'transcribing.failedToStart' // shown when transcribing fails to start
// ], // ],
// List of notifications to be disabled. Works in tandem with the above setting.
// disabledNotifications: [],
// Prevent the filmstrip from autohiding when screen width is under a certain threshold // Prevent the filmstrip from autohiding when screen width is under a certain threshold
// disableFilmstripAutohiding: false, // disableFilmstripAutohiding: false,
@ -1282,12 +1363,37 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// // Disables user resizable filmstrip. Also, allows configuration of the filmstrip // // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
// // (width, tiles aspect ratios) through the interfaceConfig options. // // (width, tiles aspect ratios) through the interfaceConfig options.
// disableResizable: false, // disableResizable: false,
// }
// // Disables the stage filmstrip
// // (displaying multiple participants on stage besides the vertical filmstrip)
// disableStageFilmstrip: false
// },
// Tile view related config options.
// tileView: {
// // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may
// // not be possible to show the exact number of participants specified here.
// numberOfVisibleTiles: 25
// },
// Specifies whether the chat emoticons are disabled or not // Specifies whether the chat emoticons are disabled or not
// disableChatSmileys: false, // disableChatSmileys: false,
// Settings for the GIPHY integration.
// giphy: {
// // Whether the feature is enabled or not.
// enabled: false,
// // SDK API Key from Giphy.
// sdkKey: '',
// // Display mode can be one of:
// // - tile: show the GIF on the tile of the participant that sent it.
// // - chat: show the GIF as a message in chat
// // - all: all of the above. This is the default option
// displayMode: 'all',
// // How long the GIF should be displayed on the tile (in miliseconds).
// tileTime: 5000
// },
// Allow all above example options to include a trailing comma and // Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value. // prevent fear when commenting out the last value.
makeJsonParserHappy: 'even if last key had a trailing comma' makeJsonParserHappy: 'even if last key had a trailing comma'

View file

@ -1,5 +1,11 @@
/* eslint-disable no-unused-vars, no-var */ /* eslint-disable no-unused-vars, no-var */
/*
* NOTE: If you add a new option please remember to document it here:
* https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration
*/
var config = { var config = {
// Connection // Connection
// //
@ -68,6 +74,11 @@ var config = {
// or disabled for the screenshare. // or disabled for the screenshare.
// capScreenshareBitrate: 1 // 0 to disable - deprecated. // capScreenshareBitrate: 1 // 0 to disable - deprecated.
// Whether to use fake constraints (height: 99999, width: 99999) when calling getDisplayMedia on
// Chromium based browsers. This is intended as a workaround for
// https://bugs.chromium.org/p/chromium/issues/detail?id=1056311
// setScreenSharingResolutionConstraints: true
// Enable callstats only for a percentage of users. // Enable callstats only for a percentage of users.
// This takes a value between 0 and 100 which determines the probability for // This takes a value between 0 and 100 which determines the probability for
// the callstats to be enabled. // the callstats to be enabled.
@ -78,6 +89,10 @@ var config = {
flags: { flags: {
// Enables source names in the signaling. // Enables source names in the signaling.
// sourceNameSignaling: false, // sourceNameSignaling: false,
// Enables sending multiple video streams, i.e., camera and desktop tracks can be shared in the conference
// separately as two different streams instead of one composite stream.
// sendMultipleVideoStreams: false
}, },
// Disables moderator indicators. // Disables moderator indicators.
@ -280,6 +295,9 @@ var config = {
// Whether to enable live streaming or not. // Whether to enable live streaming or not.
// liveStreamingEnabled: false, // liveStreamingEnabled: false,
// Whether to enable local recording or not.
// enableLocalRecording: false,
// Transcription (in interface_config, // Transcription (in interface_config,
// subtitles and buttons can be configured) // subtitles and buttons can be configured)
// transcribingEnabled: false, // transcribingEnabled: false,
@ -473,6 +491,9 @@ var config = {
// If Lobby is enabled starts knocking automatically. // If Lobby is enabled starts knocking automatically.
// autoKnockLobby: false, // autoKnockLobby: false,
// Enable lobby chat.
// enableLobbyChat: true,
// DEPRECATED! Use `breakoutRooms.hideAddRoomButton` instead. // DEPRECATED! Use `breakoutRooms.hideAddRoomButton` instead.
// Hides add breakout room button // Hides add breakout room button
// hideAddRoomButton: false, // hideAddRoomButton: false,
@ -512,7 +533,7 @@ var config = {
// Hides the dominant speaker name badge that hovers above the toolbox // Hides the dominant speaker name badge that hovers above the toolbox
// hideDominantSpeakerBadge: false, // hideDominantSpeakerBadge: false,
// Default language for the user interface. // Default language for the user interface. Cannot be overwritten.
// defaultLanguage: 'en', // defaultLanguage: 'en',
// Disables profile and the edit of all fields from the profile settings (display name and email) // Disables profile and the edit of all fields from the profile settings (display name and email)
@ -541,6 +562,10 @@ var config = {
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices. // // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// // This replaces `prejoinPageEnabled`. // // This replaces `prejoinPageEnabled`.
// enabled: true, // enabled: true,
// // Hides the participant name editing field in the prejoin screen.
// // If requireDisplayName is also set as true, a name should still be provided through
// // either the jwt or the userInfo from the iframe api init object in order for this to have an effect.
// hideDisplayName: false,
// // List of buttons to hide from the extra join options dropdown. // // List of buttons to hide from the extra join options dropdown.
// hideExtraJoinButtons: ['no-audio', 'by-phone'] // hideExtraJoinButtons: ['no-audio', 'by-phone']
// }, // },
@ -568,8 +593,17 @@ var config = {
// Array with avatar URL prefixes that need to use CORS. // Array with avatar URL prefixes that need to use CORS.
// corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ], // corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ],
// Base URL for a Gravatar-compatible service. Defaults to libravatar. // Base URL for a Gravatar-compatible service. Defaults to Gravatar.
// gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', // DEPRECATED! Use `gravatar.baseUrl` instead.
// gravatarBaseURL: 'https://www.gravatar.com/avatar/',
// Setup for Gravatar-compatible services.
// gravatar: {
// // Defaults to Gravatar.
// baseUrl: 'https://www.gravatar.com/avatar/',
// // True if Gravatar should be disabled.
// disabled: false
// },
// App name to be displayed in the invitation email subject, as an alternative to // App name to be displayed in the invitation email subject, as an alternative to
// interfaceConfig.APP_NAME. // interfaceConfig.APP_NAME.
@ -591,6 +625,7 @@ var config = {
// 'chat', // 'chat',
// 'closedcaptions', // 'closedcaptions',
// 'desktop', // 'desktop',
// 'dock-iframe'
// 'download', // 'download',
// 'embedmeeting', // 'embedmeeting',
// 'etherpad', // 'etherpad',
@ -599,11 +634,11 @@ var config = {
// 'fullscreen', // 'fullscreen',
// 'hangup', // 'hangup',
// 'help', // 'help',
// 'highlight',
// 'invite', // 'invite',
// 'linktosalesforce',
// 'livestreaming', // 'livestreaming',
// 'microphone', // 'microphone',
// 'mute-everyone',
// 'mute-video-everyone',
// 'participants-pane', // 'participants-pane',
// 'profile', // 'profile',
// 'raisehand', // 'raisehand',
@ -617,6 +652,7 @@ var config = {
// 'stats', // 'stats',
// 'tileview', // 'tileview',
// 'toggle-camera', // 'toggle-camera',
// 'undock-iframe',
// 'videoquality', // 'videoquality',
// '__end' // '__end'
// ], // ],
@ -631,7 +667,9 @@ var config = {
// timeout: 4000, // timeout: 4000,
// // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
// // Whether toolbar should be always visible or should hide after x miliseconds. // // Whether toolbar should be always visible or should hide after x miliseconds.
// alwaysVisible: false // alwaysVisible: false,
// // Indicates whether the toolbar should still autohide when chat is open
// autoHideWhileChatIsOpen: false
// }, // },
// Toolbar buttons which have their click/tap event exposed through the API on // Toolbar buttons which have their click/tap event exposed through the API on
@ -740,11 +778,25 @@ var config = {
// Enables sending participants' emails (if available) to callstats and other analytics // Enables sending participants' emails (if available) to callstats and other analytics
// enableEmailInStats: false, // enableEmailInStats: false,
// Enables detecting faces of participants and get their expression and send it to other participants // faceLandmarks: {
// enableFacialRecognition: true, // // Enables sharing your face coordinates. Used for centering faces within a video.
// enableFaceCentering: false,
// Enables displaying facial expressions in speaker stats // // Enables detecting face expressions and sharing data with other participants
// enableDisplayFacialExpressions: true, // enableFaceExpressionsDetection: false,
// // Enables displaying face expressions in speaker stats
// enableDisplayFaceExpressions: false,
// // Enable rtc stats for face landmarks
// enableRTCStats: false,
// // Minimum required face movement percentage threshold for sending new face centering coordinates data.
// faceCenteringThreshold: 10,
// // Milliseconds for processing a new image capture in order to detect face coordinates if they exist.
// captureInterval: 1000
// },
// Controls the percentage of automatic feedback shown to participants when callstats is enabled. // Controls the percentage of automatic feedback shown to participants when callstats is enabled.
// The default value is 100%. If set to 0, no automatic feedback will be requested // The default value is 100%. If set to 0, no automatic feedback will be requested
@ -897,33 +949,22 @@ var config = {
// chromeExtensionBanner: { // chromeExtensionBanner: {
// // The chrome extension to be installed address // // The chrome extension to be installed address
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
// edgeUrl: 'https://microsoftedge.microsoft.com/addons/detail/jitsi-meetings/eeecajlpbgjppibfledfihobcabccihn',
// // Extensions info which allows checking if they are installed or not // // Extensions info which allows checking if they are installed or not
// chromeExtensionsInfo: [ // chromeExtensionsInfo: [
// { // {
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb', // id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
// path: 'jitsi-logo-48x48.png' // path: 'jitsi-logo-48x48.png'
// },
// // Edge extension info
// {
// id: 'eeecajlpbgjppibfledfihobcabccihn',
// path: 'jitsi-logo-48x48.png'
// } // }
// ] // ]
// }, // },
// Local Recording
//
// localRecording: {
// Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to
// the `toolbarButtons`-array for the Local Recording button to show up
// on the toolbar.
//
// enabled: true,
//
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
// format: 'flac'
//
// },
// e2ee: { // e2ee: {
// labels, // labels,
// externallyManagedKey: false // externallyManagedKey: false
@ -931,14 +972,18 @@ var config = {
// Options related to end-to-end (participant to participant) ping. // Options related to end-to-end (participant to participant) ping.
// e2eping: { // e2eping: {
// // The interval in milliseconds at which pings will be sent. // // Whether ene-to-end pings should be enabled.
// // Defaults to 10000, set to <= 0 to disable. // enabled: false,
// pingInterval: 10000,
// //
// // The interval in milliseconds at which analytics events // // The number of responses to wait for.
// // with the measured RTT will be sent. Defaults to 60000, set // numRequests: 5,
// // to <= 0 to disable. //
// analyticsInterval: 60000, // // The max conference size in which e2e pings will be sent.
// maxConferenceSize: 200,
//
// // The maximum number of e2e ping messages per second for the whole conference to aim for.
// // This is used to contol the pacing of messages in order to reduce the load on the backend.
// maxMessagesPerSecond: 250
// }, // },
// If set, will attempt to use the provided video input device label when // If set, will attempt to use the provided video input device label when
@ -965,7 +1010,8 @@ var config = {
// Disables all invite functions from the app (share, invite, dial out...etc) // Disables all invite functions from the app (share, invite, dial out...etc)
// disableInviteFunctions: true, // disableInviteFunctions: true,
// Disables storing the room name to the recents list // Disables storing the room name to the recents list. When in an iframe this is ignored and
// the room is never stored in the recents list.
// doNotStoreRoom: true, // doNotStoreRoom: true,
// Deployment specific URLs. // Deployment specific URLs.
@ -980,12 +1026,25 @@ var config = {
// Options related to the remote participant menu. // Options related to the remote participant menu.
// remoteVideoMenu: { // remoteVideoMenu: {
// // Whether the remote video context menu to be rendered or not.
// disabled: true,
// // If set to true the 'Kick out' button will be disabled. // // If set to true the 'Kick out' button will be disabled.
// disableKick: true, // disableKick: true,
// // If set to true the 'Grant moderator' button will be disabled. // // If set to true the 'Grant moderator' button will be disabled.
// disableGrantModerator: true // disableGrantModerator: true,
// // If set to true the 'Send private message' button will be disabled.
// disablePrivateChat: true
// }, // },
// Endpoint that enables support for salesforce integration with in-meeting resource linking
// This is required for:
// listing the most recent records - salesforceUrl/records/recents
// searching records - salesforceUrl/records?text=${text}
// retrieving record details - salesforceUrl/records/${id}?type=${type}
// and linking the meeting - salesforceUrl/sessions/${sessionId}/records/${id}
//
// salesforceUrl: 'https://api.example.com/',
// If set to true all muting operations of remote participants will be disabled. // If set to true all muting operations of remote participants will be disabled.
// disableRemoteMute: true, // disableRemoteMute: true,
@ -1049,10 +1108,22 @@ var config = {
*/ */
// dynamicBrandingUrl: '', // dynamicBrandingUrl: '',
// Options related to the participants pane.
// participantsPane: {
// // Hides the moderator settings tab.
// hideModeratorSettingsTab: false,
// // Hides the more actions button.
// hideMoreActionsButton: false,
// // Hides the mute all button.
// hideMuteAllButton: false
// },
// Options related to the breakout rooms feature. // Options related to the breakout rooms feature.
// breakoutRooms: { // breakoutRooms: {
// // Hides the add breakout room button. This replaces `hideAddRoomButton`. // // Hides the add breakout room button. This replaces `hideAddRoomButton`.
// hideAddRoomButton: false, // hideAddRoomButton: false,
// // Hides the auto assign participants button.
// hideAutoAssignButton: false,
// // Hides the join breakout room button. // // Hides the join breakout room button.
// hideJoinRoomButton: false // hideJoinRoomButton: false
// }, // },
@ -1083,7 +1154,7 @@ var config = {
// If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
// conferenceInfo: { // conferenceInfo: {
// // those labels will not be hidden in tandem with the toolbox. // // those labels will not be hidden in tandem with the toolbox.
// alwaysVisible: ['recording', 'local-recording', 'raised-hands-count'], // alwaysVisible: ['recording', 'raised-hands-count'],
// // those labels will be auto-hidden in tandem with the toolbox buttons. // // those labels will be auto-hidden in tandem with the toolbox buttons.
// autoHide: [ // autoHide: [
// 'subject', // 'subject',
@ -1092,7 +1163,8 @@ var config = {
// 'e2ee', // 'e2ee',
// 'transcribing', // 'transcribing',
// 'video-quality', // 'video-quality',
// 'insecure-room' // 'insecure-room',
// 'highlight-moment'
// ] // ]
// }, // },
@ -1126,14 +1198,24 @@ var config = {
// will open an etherpad document. // will open an etherpad document.
// etherpad_base: 'https://your-etherpad-installati.on/p/', // etherpad_base: 'https://your-etherpad-installati.on/p/',
// To enable information about dial-in access to meetings you need to provide
// dialInNumbersUrl and dialInConfCodeUrl.
// dialInNumbersUrl returns a json array of numbers that can be used for dial-in.
// {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"}
// dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
// or the other way around (more info in resources/cloud-api.swagger)
//
// For JaaS customers the default values are:
// dialInNumbersUrl: 'https://conference-mapper.jitsi.net/v1/access/dids',
// dialInConfCodeUrl: 'https://conference-mapper.jitsi.net/v1/access',
//
// List of undocumented settings used in jitsi-meet // List of undocumented settings used in jitsi-meet
/** /**
_immediateReloadThreshold _immediateReloadThreshold
debug debug
debugAudioLevels debugAudioLevels
deploymentInfo deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl dialOutAuthUrl
dialOutCodesUrl dialOutCodesUrl
disableRemoteControl disableRemoteControl
@ -1218,7 +1300,6 @@ var config = {
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable // 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected // 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
// 'localRecording.localRecording', // shown when a local recording is started
// 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed // 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
// 'notify.disconnected', // shown when a participant has left // 'notify.disconnected', // shown when a participant has left
// 'notify.connectedOneMember', // show when a participant joined // 'notify.connectedOneMember', // show when a participant joined
@ -1232,6 +1313,7 @@ var config = {
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited // 'notify.invitedTwoMembers', // shown when 2 participants have been invited
// 'notify.kickParticipant', // shown when a participant is kicked // 'notify.kickParticipant', // shown when a participant is kicked
// 'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration
// 'notify.moderationStartedTitle', // shown when AV moderation is activated // 'notify.moderationStartedTitle', // shown when AV moderation is activated
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
@ -1247,6 +1329,7 @@ var config = {
// 'notify.raisedHand', // shown when a partcipant used raise hand, // 'notify.raisedHand', // shown when a partcipant used raise hand,
// 'notify.startSilentTitle', // shown when user joined with no audio // 'notify.startSilentTitle', // shown when user joined with no audio
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation // 'notify.unmute', // shown to moderator when user raises hand during AV moderation
// 'notify.hostAskedUnmute', // shown to participant when host asks them to unmute
// 'prejoin.errorDialOut', // 'prejoin.errorDialOut',
// 'prejoin.errorDialOutDisconnected', // 'prejoin.errorDialOutDisconnected',
// 'prejoin.errorDialOutFailed', // 'prejoin.errorDialOutFailed',
@ -1262,6 +1345,9 @@ var config = {
// 'transcribing.failedToStart' // shown when transcribing fails to start // 'transcribing.failedToStart' // shown when transcribing fails to start
// ], // ],
// List of notifications to be disabled. Works in tandem with the above setting.
// disabledNotifications: [],
// Prevent the filmstrip from autohiding when screen width is under a certain threshold // Prevent the filmstrip from autohiding when screen width is under a certain threshold
// disableFilmstripAutohiding: false, // disableFilmstripAutohiding: false,
@ -1269,12 +1355,37 @@ var config = {
// // Disables user resizable filmstrip. Also, allows configuration of the filmstrip // // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
// // (width, tiles aspect ratios) through the interfaceConfig options. // // (width, tiles aspect ratios) through the interfaceConfig options.
// disableResizable: false, // disableResizable: false,
// }
// // Disables the stage filmstrip
// // (displaying multiple participants on stage besides the vertical filmstrip)
// disableStageFilmstrip: false
// },
// Tile view related config options.
// tileView: {
// // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may
// // not be possible to show the exact number of participants specified here.
// numberOfVisibleTiles: 25
// },
// Specifies whether the chat emoticons are disabled or not // Specifies whether the chat emoticons are disabled or not
// disableChatSmileys: false, // disableChatSmileys: false,
// Settings for the GIPHY integration.
// giphy: {
// // Whether the feature is enabled or not.
// enabled: false,
// // SDK API Key from Giphy.
// sdkKey: '',
// // Display mode can be one of:
// // - tile: show the GIF on the tile of the participant that sent it.
// // - chat: show the GIF as a message in chat
// // - all: all of the above. This is the default option
// displayMode: 'all',
// // How long the GIF should be displayed on the tile (in miliseconds).
// tileTime: 5000
// },
// Allow all above example options to include a trailing comma and // Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value. // prevent fear when commenting out the last value.
makeJsonParserHappy: 'even if last key had a trailing comma' makeJsonParserHappy: 'even if last key had a trailing comma'

View file

@ -20,7 +20,7 @@ JITSI_INTERFACE_CONFIG_JS="$(cat <<EOF
*/ */
var interfaceConfig = { var interfaceConfig = {
APP_NAME: 'Jitsi Meet', APP_NAME: '${BRANDING_APP_NAME}',
AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)', AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)', AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',

View file

@ -0,0 +1 @@
2.0.7439-1

View file

@ -10,6 +10,17 @@ JITSI_NGINX_CONFIG="$(cat <<EOF
## nginx's default mime.types doesn't include a mapping for wasm ## nginx's default mime.types doesn't include a mapping for wasm
# application/wasm wasm; # application/wasm wasm;
#} #}
# These upstreams are managed by __jitsi_meet
#upstream prosody {
# zone upstreams 64K;
# server 127.0.0.1:5280;
# keepalive 2;
#}
#upstream jvb1 {
# zone upstreams 64K;
# server 127.0.0.1:9090;
# keepalive 2;
#}
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
@ -91,33 +102,48 @@ server {
expires 1y; expires 1y;
} }
} }
# Paths for jsi / interpreters
location ~ ^/i/(img/[^./]*.png|jsi.js|style.css)$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /opt/jsi/static/\$1;
# cache all versioned files
if (\$arg_v) {
expires 1y;
}
}
location ~ ^/i/
{
try_files /${DOMAIN}-interpreters.html /interpreters.html \$uri;
}
# BOSH # BOSH
location = /http-bind { location = /http-bind {
# We are using 127.0.0.1, because we are not specifying a resolver proxy_pass http://prosody/http-bind?prefix=\$prefix&\$args;
# otherwise nginx will fail to resolve 'localhost' proxy_http_version 1.1;
proxy_pass http://127.0.0.1:5280/http-bind?prefix=\$prefix&\$args;
proxy_set_header X-Forwarded-For \$remote_addr; proxy_set_header X-Forwarded-For \$remote_addr;
# Prevision for 'multi-domain' jitsi instances # Prevision for 'multi-domain' jitsi instances
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391 # https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
proxy_set_header Host ${JITSI_HOST}; proxy_set_header Host ${DOMAIN};
proxy_set_header Connection "";
} }
# xmpp websockets # xmpp websockets
location = /xmpp-websocket { location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=\$prefix&\$args; proxy_pass http://prosody/xmpp-websocket?prefix=\$prefix&\$args;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade; proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
# Prevision for 'multi-domain' jitsi instances # Prevision for 'multi-domain' jitsi instances
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391 # https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
proxy_set_header Host ${JITSI_HOST}; proxy_set_header Host ${DOMAIN};
tcp_nodelay on; tcp_nodelay on;
} }
# colibri (JVB) websockets for jvb1 # colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) { location ~ ^/colibri-ws/default-id/(.*) {
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/\$1\$is_args\$args; proxy_pass http://jvb1/colibri-ws/default-id/\$1\$is_args\$args;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade; proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";

View file

@ -4,6 +4,16 @@ types {
# nginx's default mime.types doesn't include a mapping for wasm # nginx's default mime.types doesn't include a mapping for wasm
application/wasm wasm; application/wasm wasm;
} }
upstream prosody {
zone upstreams 64K;
server 127.0.0.1:5280;
keepalive 2;
}
upstream jvb1 {
zone upstreams 64K;
server 127.0.0.1:9090;
keepalive 2;
}
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
@ -77,14 +87,16 @@ server {
# BOSH # BOSH
location = /http-bind { location = /http-bind {
proxy_pass http://127.0.0.1:5280/http-bind?prefix=$prefix&$args; proxy_pass http://prosody/http-bind?prefix=$prefix&$args;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header Connection "";
} }
# xmpp websockets # xmpp websockets
location = /xmpp-websocket { location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args; proxy_pass http://prosody/xmpp-websocket?prefix=$prefix&$args;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
@ -94,7 +106,7 @@ server {
# colibri (JVB) websockets for jvb1 # colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) { location ~ ^/colibri-ws/default-id/(.*) {
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args; proxy_pass http://jvb1/colibri-ws/default-id/$1$is_args$args;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";

View file

@ -0,0 +1,228 @@
#!/bin/sh -eu
# Source:
# https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example
FOCUS_USER="focus"
JITSI_DOMAIN="${JITSI_DOMAIN:-${JITSI_HOST:?}}"
# PROSODY_MAIN_CONFIG: defined in __jitsi_meet, empty in __jitsi_meet_domain
PROSODY_SECUREDOMAIN_START="--[["
PROSODY_SECUREDOMAIN_END="--]]"
if [ -n "${PROSODY_MAIN_CONFIG}" ]; then
PROSODY_MAIN_START=""
PROSODY_MAIN_END=""
PROSODY_DOMAIN_START="--[["
PROSODY_DOMAIN_END="--]]"
else
PROSODY_MAIN_START="--[["
PROSODY_MAIN_END="--]]"
PROSODY_DOMAIN_START=""
PROSODY_DOMAIN_END=""
if [ -n "${SECURED_DOMAINS}" ]; then
PROSODY_SECUREDOMAIN_START=""
PROSODY_SECUREDOMAIN_END=""
fi
fi
# Websockets haven't been fully tested in this type and don't work reliably
PROSODY_WEBSOCKET="-- "
# shellcheck disable=SC2034 # This is intended to be included
PROSODY_CONFIG="$(cat <<EOFPROSODY
-- Managed remotely, changes will be lost
${PROSODY_MAIN_START}
-- This will be managed by __jitsi_meet
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "${JITSI_HOST:?}";
external_service_secret = "${TURN_SECRET:-TurnSecret}";
external_services = {
{ type = "stun", host = "${JITSI_HOST:?}", port = 3478 },
{ type = "turn", host = "${JITSI_HOST:?}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
{ type = "turns", host = "${JITSI_HOST:?}", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};
cross_domain_bosh = false;
consider_bosh_secure = true;
-- Use websockets
-- https://community.jitsi.org/t/how-to-how-to-enable-websockets-xmpp-websocket-and-smacks-for-prosody/87920
${PROSODY_WEBSOCKET}consider_websocket_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284
-- by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1)
--http_cors_override = {
-- bosh = {
-- enabled = false;
-- };
-- websocket = {
-- enabled = false;
-- };
--}
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
protocol = "tlsv1_2+";
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}
unlimited_jids = {
"${FOCUS_USER:?}@auth.${JITSI_HOST:?}",
"jvb@auth.${JITSI_HOST:?}"
}
${PROSODY_MAIN_END}
${PROSODY_DOMAIN_START}
-- This will be managed by __jitsi_meet_domain
VirtualHost "${JITSI_DOMAIN:?}"
-- enabled = false -- Remove this line to enable this host
authentication = "anonymous"
-- Properties below are modified by jitsi-meet-tokens package config
-- and authentication above is switched to "token"
--app_id="example_app_id"
--app_secret="example_app_secret"
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
key = "/etc/prosody/certs/${JITSI_DOMAIN:?}.key";
certificate = "/etc/prosody/certs/${JITSI_DOMAIN:?}.crt";
}
av_moderation_component = "avmoderation.${JITSI_DOMAIN:?}"
speakerstats_component = "speakerstats.${JITSI_DOMAIN:?}"
conference_duration_component = "conferenceduration.${JITSI_DOMAIN:?}"
-- we need bosh
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
"speakerstats";
"external_services";
"conference_duration";
"muc_lobby_rooms";
"muc_breakout_rooms";
"av_moderation";
${PROSODY_WEBSOCKET} "websocket";
${PROSODY_WEBSOCKET} "smacks";
}
smacks_max_unacked_stanzas = 5;
smacks_hibernation_time = 60;
smacks_max_hibernated_sessions = 1;
smacks_max_old_sessions = 1;
c2s_require_encryption = false
lobby_muc = "lobby.${JITSI_DOMAIN:?}"
breakout_rooms_muc = "breakout.${JITSI_DOMAIN:?}"
main_muc = "conference.${JITSI_DOMAIN:?}"
-- muc_lobby_whitelist = { "recorder.${JITSI_DOMAIN:?}" } -- Here we can whitelist jibri to enter lobby enabled rooms
Component "conference.${JITSI_DOMAIN:?}" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
"polls";
--"token_verification";
"muc_rate_limit";
}
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}" }
muc_room_locking = false
muc_room_default_public_jids = true
Component "breakout.${JITSI_DOMAIN:?}" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
--"token_verification";
"muc_rate_limit";
"polls";
}
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}" }
muc_room_locking = false
muc_room_default_public_jids = true
-- internal muc component
Component "internal.auth.${JITSI_DOMAIN:?}" "muc"
storage = "memory"
modules_enabled = {
"ping";
}
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}", "jvb@auth.${JITSI_HOST:?}" }
muc_room_locking = false
muc_room_default_public_jids = true
-- https://prosody.im/doc/modules/mod_muc
muc_room_cache_size = 1000
${PROSODY_DOMAIN_END}
${PROSODY_MAIN_START}
-- This will be managed by __jitsi_meet
VirtualHost "auth.${JITSI_DOMAIN:?}"
ssl = {
key = "/etc/prosody/certs/auth.${JITSI_DOMAIN:?}.key";
certificate = "/etc/prosody/certs/auth.${JITSI_DOMAIN:?}.crt";
}
modules_enabled = {
"limits_exception";
}
authentication = "internal_hashed"
${PROSODY_MAIN_END}
${PROSODY_DOMAIN_START}
-- This will be managed by __jitsi_meet_domain
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
Component "focus.${JITSI_DOMAIN:?}" "client_proxy"
-- Single focus user for the whole instance
target_address = "${FOCUS_USER:?}@auth.${JITSI_HOST:?}"
Component "speakerstats.${JITSI_DOMAIN:?}" "speakerstats_component"
muc_component = "conference.${JITSI_DOMAIN:?}"
Component "conferenceduration.${JITSI_DOMAIN:?}" "conference_duration_component"
muc_component = "conference.${JITSI_DOMAIN:?}"
Component "avmoderation.${JITSI_DOMAIN:?}" "av_moderation_component"
muc_component = "conference.${JITSI_DOMAIN:?}"
Component "lobby.${JITSI_DOMAIN:?}" "muc"
storage = "memory"
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true
modules_enabled = {
"muc_rate_limit";
"polls";
}
${PROSODY_DOMAIN_END}
--[[
-- Enables dial-in for Jitsi meet components customers
-- Note: make sure you have the following packages installed: lua-basexx, liblua5.3-dev, libssl-dev, luarocks
-- and execute $ sudo luarocks install luajwtjitsi 3.0-0
VirtualHost "jigasi.meet.jitsi"
enabled = false -- Jitsi meet components customers remove this line
modules_enabled = {
"ping";
"bosh";
}
authentication = "token"
app_id = "jitsi";
asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
asap_accepted_issuers = { "jaas-components" }
asap_accepted_audiences = { "jigasi.jitmeet.example.com" }
--]]
${PROSODY_SECUREDOMAIN_START}
-- Only used on secured domains
VirtualHost "${JITSI_DOMAIN}"
authentication = "internal_plain"
VirtualHost "guest.${JITSI_DOMAIN}"
authentication = "anonymous"
c2s_require_encryption = false
${PROSODY_SECUREDOMAIN_END}
EOFPROSODY
)"

View file

@ -0,0 +1,154 @@
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "jitmeet.example.com";
external_service_secret = "__turnSecret__";
external_services = {
{ type = "stun", host = "jitmeet.example.com", port = 3478 },
{ type = "turn", host = "jitmeet.example.com", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
{ type = "turns", host = "jitmeet.example.com", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};
cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284
-- by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1)
--http_cors_override = {
-- bosh = {
-- enabled = false;
-- };
-- websocket = {
-- enabled = false;
-- };
--}
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
protocol = "tlsv1_2+";
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}
unlimited_jids = {
"focusUser@auth.jitmeet.example.com",
"jvb@auth.jitmeet.example.com"
}
VirtualHost "jitmeet.example.com"
-- enabled = false -- Remove this line to enable this host
authentication = "anonymous"
-- Properties below are modified by jitsi-meet-tokens package config
-- and authentication above is switched to "token"
--app_id="example_app_id"
--app_secret="example_app_secret"
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
key = "/etc/prosody/certs/jitmeet.example.com.key";
certificate = "/etc/prosody/certs/jitmeet.example.com.crt";
}
av_moderation_component = "avmoderation.jitmeet.example.com"
speakerstats_component = "speakerstats.jitmeet.example.com"
conference_duration_component = "conferenceduration.jitmeet.example.com"
-- we need bosh
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
"speakerstats";
"external_services";
"conference_duration";
"muc_lobby_rooms";
"muc_breakout_rooms";
"av_moderation";
}
c2s_require_encryption = false
lobby_muc = "lobby.jitmeet.example.com"
breakout_rooms_muc = "breakout.jitmeet.example.com"
main_muc = "conference.jitmeet.example.com"
-- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms
Component "conference.jitmeet.example.com" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
"polls";
--"token_verification";
"muc_rate_limit";
}
admins = { "focusUser@auth.jitmeet.example.com" }
muc_room_locking = false
muc_room_default_public_jids = true
Component "breakout.jitmeet.example.com" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
--"token_verification";
"muc_rate_limit";
"polls";
}
admins = { "focusUser@auth.jitmeet.example.com" }
muc_room_locking = false
muc_room_default_public_jids = true
-- internal muc component
Component "internal.auth.jitmeet.example.com" "muc"
storage = "memory"
modules_enabled = {
"ping";
}
admins = { "focusUser@auth.jitmeet.example.com", "jvb@auth.jitmeet.example.com" }
muc_room_locking = false
muc_room_default_public_jids = true
VirtualHost "auth.jitmeet.example.com"
modules_enabled = {
"limits_exception";
}
authentication = "internal_hashed"
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
Component "focus.jitmeet.example.com" "client_proxy"
target_address = "focusUser@auth.jitmeet.example.com"
Component "speakerstats.jitmeet.example.com" "speakerstats_component"
muc_component = "conference.jitmeet.example.com"
Component "conferenceduration.jitmeet.example.com" "conference_duration_component"
muc_component = "conference.jitmeet.example.com"
Component "avmoderation.jitmeet.example.com" "av_moderation_component"
muc_component = "conference.jitmeet.example.com"
Component "lobby.jitmeet.example.com" "muc"
storage = "memory"
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true
modules_enabled = {
"muc_rate_limit";
"polls";
}
-- Enables dial-in for Jitsi meet components customers
-- Note: make sure you have the following packages installed: lua-basexx, liblua5.3-dev, libssl-dev, luarocks
-- and execute $ sudo luarocks install luajwtjitsi 3.0-0
VirtualHost "jigasi.meet.jitsi"
enabled = false -- Jitsi meet components customers remove this line
modules_enabled = {
"ping";
"bosh";
}
authentication = "token"
app_id = "jitsi";
asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
asap_accepted_issuers = { "jaas-components" }
asap_accepted_audiences = { "jigasi.jitmeet.example.com" }

View file

@ -11,14 +11,24 @@ DESCRIPTION
----------- -----------
This type installs and configures the frontend for Jitsi-Meet. This type installs and configures the frontend for Jitsi-Meet.
This supports "multi-domain" installations, notice that in such a setup, all Additionally to regular Jitsi-Meet, users can load `DOMAIN/i/` and
rooms are shared across the different URLs, e.g. `DOMAIN/i/ROOM` for an interpreter-enabled interface; this is done with a
https://jitsi1.example.org/room1 and https://jitsi2.example.org/room1 are patched version of Jitsi Simultaneous Interpretation (jsi; see references).
equivalent. At least a user with `interpreter` in their name must be present.
This type supports "multi-domain" installations.
New in April 2022: rooms are independent for each domain, that is:
https://jitsi1.example.org/room1 and https://jitsi2.example.org/room1 are
different rooms.
Note however, that right now if using secured domains, users are still shared
across any domains hosted in the same instance.
One way to work around that could be to run multiple jicofos, but we do not
want to bloat the servers.
A better way is to patch jicofo, get in touch with the type authors if you want
the gory details.
This is due to the underlying XMPP and signaling rooms being common.
There might be a way to perform tricks on the Nginx-side to avoid this, but
time is lacking :-).
This assumes `__jitsi_meet` has already been ran on the target host, and, This assumes `__jitsi_meet` has already been ran on the target host, and,
amongst others, that Jitsi was set up with `__target_host` as the Jitsi domain. amongst others, that Jitsi was set up with `__target_host` as the Jitsi domain.
@ -41,6 +51,11 @@ admin-email
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
analytics-settings
This goes inside the `analytics` part of `config.js`.
Defaults to: `disabled: true`.
See: https://github.com/jitsi/jitsi-meet/blob/master/config.js
channel-last-n channel-last-n
Default value for the "last N" attribute. Default value for the "last N" attribute.
Defaults to 20. Set to -1 for unlimited. Defaults to 20. Set to -1 for unlimited.
@ -78,6 +93,15 @@ video-constraints
It must not have a trailing comma, see `constraints` in It must not have a trailing comma, see `constraints` in
`__jitsi_meet_domain/files/config.js.sh`. `__jitsi_meet_domain/files/config.js.sh`.
branding-app-name
This will change `Jitsi Meet` in many places to the brand you desire.
Defaults to `Jitsi Meet`.
branding-extra-body
This must be valid HTML, it will be included server-side and delivered to
clients alongside the default `index.html`.
This is useful if you would rather not replace the whole `index`, but
still want the chance to do some heavier branding / add instructions / etc.
branding-json branding-json
Path to a JSON file that will be served as the `dynamicBrandingUrl`. Path to a JSON file that will be served as the `dynamicBrandingUrl`.
@ -85,14 +109,12 @@ branding-json
`__jitsi_meet_domain/files/config.js.sh`. `__jitsi_meet_domain/files/config.js.sh`.
If not set, no branding will be set up. If not set, no branding will be set up.
branding-index branding-index
Path to an HTML file that will be served instead of Jitsi-Meet's default Path to an HTML file that will be served instead of Jitsi-Meet's default
one. one.
If not set, the default index file will be used. If not set, the default index file will be used.
If set to `-`, the type's standard input will be used. If set to `-`, the type's standard input will be used.
branding-watermark branding-watermark
Path to a png file that will be served instead of Jitsi-Meet's default Path to a png file that will be served instead of Jitsi-Meet's default
one. one.
@ -147,6 +169,7 @@ SEE ALSO
-------- --------
- `__jitsi_meet(7)` - `__jitsi_meet(7)`
- `__jitsi_meet_user(7)` - `__jitsi_meet_user(7)`
- Jitsi Meet Simultaneous Interpretation: https://gitlab.com/mfmt/jsi
AUTHORS AUTHORS

View file

@ -18,6 +18,8 @@ NOTICE_MESSAGE="$(cat "${__object}/parameter/notice-message")"
START_VIDEO_MUTED="$(cat "${__object}/parameter/start-video-muted")" START_VIDEO_MUTED="$(cat "${__object}/parameter/start-video-muted")"
TURN_SERVER="$(cat "${__object}/parameter/turn-server")" TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
VIDEO_CONSTRAINTS="$(cat "${__object}/parameter/video-constraints")" VIDEO_CONSTRAINTS="$(cat "${__object}/parameter/video-constraints")"
ANALYTICS_SETTINGS="$(cat "${__object}/parameter/analytics-settings")"
BRANDING_APP_NAME="$(cat "${__object}/parameter/branding-app-name")"
BRANDING_INDEX="$(cat "${__object}/parameter/branding-index")" BRANDING_INDEX="$(cat "${__object}/parameter/branding-index")"
BRANDING_JSON="$(cat "${__object}/parameter/branding-json")" BRANDING_JSON="$(cat "${__object}/parameter/branding-json")"
BRANDING_WATERMARK="$(cat "${__object}/parameter/branding-watermark")" BRANDING_WATERMARK="$(cat "${__object}/parameter/branding-watermark")"
@ -130,3 +132,43 @@ __file "/usr/share/jitsi-meet/images/watermark-${DOMAIN}.png" \
--mode 0644 \ --mode 0644 \
--state "$(_var_state "${BRANDING_WATERMARK}")" \ --state "$(_var_state "${BRANDING_WATERMARK}")" \
--source "${BRANDING_WATERMARK}" --source "${BRANDING_WATERMARK}"
# Simple body customisation
__file "/usr/share/jitsi-meet/body-${DOMAIN}.html" \
--mode 0644 \
--state "$(_var_state "${STATE}")" \
--source "${__object}/parameter/branding-extra-body"
#
# Take care of prosody settings for the domain
#
JITSI_DOMAIN="${DOMAIN}"
# Prosody settings for common components (jvb, focus, ...)
# shellcheck source=type/__jitsi_meet_domain/files/prosody.cfg.lua.sh
. "${__type}/files/prosody.cfg.lua.sh" # This defines PROSODY_CONFIG
__file "/etc/prosody/conf.avail/${DOMAIN}.cfg.lua" \
--group prosody \
--mode 0440 \
--state "${STATE}" \
--source '-' <<EOF
${PROSODY_CONFIG}
EOF
__link "/etc/prosody/conf.d/${DOMAIN}.cfg.lua" \
--source "/etc/prosody/conf.avail/${DOMAIN}.cfg.lua" \
--state "${STATE}" \
--type symbolic
if [ "${STATE}" = "present" ]; then
export require="${require} __file/etc/prosody/conf.avail/${DOMAIN}.cfg.lua __link/etc/prosody/conf.d/${DOMAIN}.cfg.lua"
__check_messages "prosody/${DOMAIN}" \
--pattern '^(__file|__link)/etc/prosody/conf[.](avail|d)/' \
--execute "$(cat <<EOF
if [ ! -f "/var/lib/prosody/${DOMAIN}.crt" ]; then
echo | prosodyctl cert generate '${DOMAIN}';
ln -sf '/var/lib/prosody/${DOMAIN}.key' '/etc/prosody/certs/${DOMAIN}.key'
ln -sf '/var/lib/prosody/${DOMAIN}.crt' '/etc/prosody/certs/${DOMAIN}.crt'
fi
# Surprisingly, a reload is not enough
service prosody restart
EOF
)"
fi

View file

@ -0,0 +1 @@
disabled: true

View file

@ -0,0 +1 @@
Jitsi Meet

View file

@ -1,10 +1,13 @@
analytics-settings
channel-last-n channel-last-n
default-language default-language
notice-message notice-message
start-video-muted start-video-muted
turn-server turn-server
video-constraints video-constraints
branding-app-name
branding-json branding-json
branding-index branding-index
branding-extra-body
branding-watermark branding-watermark
state state

View file

@ -0,0 +1,10 @@
#!/bin/sh -e
BIN_PREFIX="/usr/local/bin"
SERVICE_NAME="${__object_id}"
VERSION_FILE="${BIN_PREFIX}/.${SERVICE_NAME}.cdist.version"
if [ -f "${VERSION_FILE}" ]; then
cat "${VERSION_FILE}"
fi

View file

@ -0,0 +1,190 @@
cdist-type__single_binary_service(7)
====================================
NAME
----
cdist-type__single_binary_service - Setup a single-binary service
DESCRIPTION
-----------
This type is designed to easily deploy and configure a single-binary service
named `${__object_id}`.
A good example of this are Prometheus exporters.
This type makes certain assumptions that might not be correct on your system.
If you need more flexibility, please get in touch and provide a use-case
(and hopefully a backwards-compatible patch).
This type will place the downloaded binary and, if requested, other extra
binaries in `/usr/local/bin`.
If a `--config-file-source` is provided, it will be placed under:
`/etc/${__object_id}.conf`.
This type supports services managed by `__runit(7)` when `systemd` is not
the init system being used.
REQUIRED PARAMETERS
-------------------
checksum
This will be passed verbatim to `__download(7)`.
Use something like `sha256:...`.
url
This will be passed verbatim to `__download(7)`.
version
This type will use a thumbstone file with a "version" number to track
whether or not a service must be updated.
This thumbstone file is placed under
`/usr/local/bin/.${__object_id}.cdist.version`.
BOOLEAN PARAMETERS
------------------
unpack
If present, the contents of `--url` will be treated as an archive to be
unpacked with `__unpack(7)`.
See also `--unpack-args` and `--extra-binary`.
do-not-manage-user
Always considered present when `--user` is `root`.
If present, the user in `--user` will not be managed by this type with
`__user`, this means it *must* exist beforehand when installing the service
and it will not be removed by this type.
OPTIONAL PARAMETERS
-------------------
config-file-source
If present, this file's contents will be placed under
`/etc/${__object_id}.conf` with permissions `0440` and ownership assigned to
`--user` and `--group`.
If `-` is passed, this type's `stdin` will be used.
user
The user under which the service will run. Defaults to `root`.
If this user is not `root` and `--do-not-manage-user` is not present,
this user will be created or removed as per the `--state` parameter.
user-home-dir
Does not have an effect if `--do-not-manage-user` is used or `--user` is
`root`.
The home directory of the service user. It will be created.
Defaults to `/nonexistent`, in this case the home directory will not be
created.
group
The group under which the service will run. Defaults to `--user`.
state
Whether the service is to be `present` (default) or `absent`.
When `absent`, this type will clean any binaries listed in `--extra-binary`
and also the config file as described in `--config-file-source`.
binary
This will be the binary name. Defaults to `${__object_id}`.
If `--unpack` is used, a binary with this name must be unpacked.
Otherwise, the contents of `--url` will be placed under this binary name.
service-args
Any extra arguments to pass along with `--service-exec`. Beware that any
service-args having the format `--config=/etc/foo.cfg` should be
represented in the following way `--service-exec='--config=/etc/foo.cfg'`
service-exec
The executable to use for this service.
Defaults to `/usr/local/bin/BINARY_NAME` where `BINARY_NAME` is the
resulting value of `--binary`.
service-definition
The service definition to be used as an override.
Note that this type decides dinammically between runit and systemd, and
you can currently only define either a systemd unit or a runit script here.
Use this parameter only for testing and get in touch to discuss how your
particular use-case can be supported by the type.
service-description
The service description to be used in, e.g. the systemd unit file.
Defaults to `cdist-managed '${__object_id}' service`.
unpack-args
Only has an effect if `--unpack` is used.
These arguments will be passed verbatim to `__unpack(7)`.
Very useful as this type assumes the archive does not have the binaries in
subdirectories; that can be worked around with
`--unpack-args '--tar-strip 1'`.
unpack-extension
Only has an effect if `--unpack` is used.
The file extension of the file to unpack, defaults to `.tar.gz`.
working-directory
If set, the working directory with which the service will be started.
OPTIONAL MULTIPLE PARAMETERS
----------------------------
extra-binary
Only useful with `--unpack`.
If passed, these binaries will also be installed when `--state` is `present`
and removed when `--state` is `absent`.
Handle with care :-).
EXAMPLES
--------
.. code-block:: sh
# Install and enable the ipmi_exporter service
# The variables are defined in the manifest previously
__single_binary_service ipmi_exporter \
--user "${USER}" \
--service-args ' --config.file=/etc/ipmi_exporter.conf' \
--version "${SHOULD_VERSION}" \
--checksum "${CHECKSUM}" \
--url "${DOWNLOAD_URL}" \
--state "present" \
--unpack \
--unpack-args "--tar-strip 1" \
--config-file-source '-' <<-EOF
# Remotely managed, changes will be lost
# [...] config contents goes here
EOF
# Remove the ipmi_exporter service along with the user and its config
__single_binary_service ipmi_exporter \
--user "${USER}" \
--version "${SHOULD_VERSION}" \
--checksum "${CHECKSUM}" \
--url "${DOWNLOAD_URL}" \
--state "absent"
# Same, but the service was using my user! Let's not delete that!
__single_binary_service ipmi_exporter \
--user "evilham" \
--do-not-manage-user \
--version "${SHOULD_VERSION}" \
--checksum "${CHECKSUM}" \
--url "${DOWNLOAD_URL}" \
--state "absent"
SEE ALSO
--------
- `__download(7)`
- `__unpack(7)`
AUTHORS
-------
Evilham <contact@evilham.com>
COPYING
-------
Copyright \(C) 2022 Evilham.

View file

@ -0,0 +1,288 @@
#!/bin/sh -e
SERVICE_NAME="${__object_id}"
OS="$(cat "${__global}/explorer/os")"
case "${OS}" in
debian|devuan)
SUPER_USER_GROUP=root
ETC_DIR="/etc"
;;
*bsd)
SUPER_USER_GROUP=wheel
ETC_DIR="/usr/local/etc"
;;
*)
echo "Your OS '${OS}' is currently not supported." >&2
exit 1
;;
esac
INIT="$(cat "${__global}/explorer/init")"
case "${INIT}" in
systemd)
service_definition_require="__systemd_unit/${SERVICE_NAME}.service"
service_command="service ${SERVICE_NAME} %s"
;;
runit|sysvinit)
# We will use runit to manage these services
__runit
export require="__runit"
service_definition_require="__runit_service/${SERVICE_NAME}"
service_command="sv %s ${SERVICE_NAME}"
;;
*)
echo "Init system ${INIT}' is currently not supported." >&2
exit 1
;;
esac
BIN_DIR="/usr/local/bin"
# Ensure the target bin dir exists
# Care, we never want to remove it :-D
__directory "${BIN_DIR}" \
--state "exists" \
--mode 0755
export require="${require} __directory${BIN_DIR}"
STATE="$(cat "${__object}/parameter/state")"
USER="$(cat "${__object}/parameter/user")"
GROUP="$(cat "${__object}/parameter/group" 2>/dev/null || true)"
if [ -z "${GROUP}" ]; then
if [ "${USER}" != "root" ]; then
GROUP="${USER}"
else
GROUP="${SUPER_USER_GROUP}"
fi
fi
BINARY="$(cat "${__object}/parameter/binary" 2>/dev/null || true)"
if [ -z "${BINARY}" ]; then
BINARY="${SERVICE_NAME}"
fi
EXTRA_BINARIES="$(cat "${__object}/parameter/extra-binary" 2>/dev/null || true)"
# This only makes sense for file archives
if [ -n "${EXTRA_BINARIES}" ] && [ -f "${__object}/parameter/unpack" ]; then
cat >&2 <<-EOF
You cannot specify extra binaries without the --unpack argument.
Make sure that the --url argument points to a file archive.
EOF
fi
SERVICE_EXEC="$(cat "${__object}/parameter/service-exec" 2>/dev/null || true)"
if [ -z "${SERVICE_EXEC}" ]; then
SERVICE_EXEC="${BIN_DIR}/${BINARY}"
fi
SERVICE_ARGS="$(cat "${__object}/parameter/service-args")"
SERVICE_EXEC="${SERVICE_EXEC} ${SERVICE_ARGS}"
SERVICE_DESCRIPTION="$(cat "${__object}/parameter/service-description" \
2>/dev/null || true)"
if [ -z "${SERVICE_DESCRIPTION}" ]; then
SERVICE_DESCRIPTION="cdist-managed '${SERVICE_NAME}' service"
fi
SERVICE_DEFINITION="$(cat "${__object}/parameter/service-definition" 2>/dev/null || true)"
WORKING_DIRECTORY_PATH="$(cat "${__object}/parameter/working-directory" 2>/dev/null || true)"
if [ -n "${WORKING_DIRECTORY_PATH}" ]; then
WORKING_DIRECTORY_SYSTEMD="WorkingDirectory=${WORKING_DIRECTORY_PATH}"
WORKING_DIRECTORY_RUNIT="cd '${WORKING_DIRECTORY_PATH}'"
fi
DOWNLOAD_URL="$(cat "${__object}/parameter/url")"
CHECKSUM="$(cat "${__object}/parameter/checksum")"
SHOULD_VERSION="$(cat "${__object}/parameter/version")"
# Create a user for the service if it is not root
USER_HOME_DIR="/root"
if [ "${USER}" != "root" ] && \
[ ! -f "${__object}/parameter/do-not-manage-user" ]; then
if [ "${STATE}" = "absent" ]; then
# When removing, ensure user is not being used
user_require="${service_definition_require}"
fi
USER_HOME_DIR="$(cat "${__object}/parameter/user-home-dir")"
if [ "${USER_HOME_DIR}" != "/nonexistent" ]; then
USER_CREATE_HOME="--create-home"
fi
require="${require} ${user_require}" __user "${USER}" \
--system \
--state "${STATE}" \
--home "${USER_HOME_DIR}" \
--comment "cdist-managed ${SERVICE_NAME} user" \
${USER_CREATE_HOME}
# Track dependencies
service_require="${service_require} __user/${USER}"
fi
# Place config file if necessary
CONFIG_FILE_DEST="${ETC_DIR}/${SERVICE_NAME}.conf"
CONFIG_FILE_SOURCE="$(cat "${__object}/parameter/config-file-source" 2>/dev/null || true)"
if [ "${CONFIG_FILE_SOURCE}" = "-" ]; then
CONFIG_FILE_SOURCE="${__object}/stdin"
fi
if [ -n "${CONFIG_FILE_SOURCE}" ] && [ "${STATE}" = "present" ]; then
require="${require} __user/${USER}" __file \
"${CONFIG_FILE_DEST}" \
--owner "${USER}" \
--group "${GROUP}" \
--mode "0440" \
--source "${CONFIG_FILE_SOURCE}"
service_require="${service_require} __file${CONFIG_FILE_DEST}"
fi
# This should setup the object in $service_definition_require
# See above.
case "${INIT}" in
systemd)
if [ -z "${SERVICE_DEFINITION}" ]; then
SERVICE_DEFINITION="$(cat <<EOF
[Unit]
Description=${SERVICE_DESCRIPTION}
After=network.target
[Service]
Type=simple
User=${USER}
Group=${GROUP}
ExecStart=${SERVICE_EXEC}
Restart=always
${WORKING_DIRECTORY_SYSTEMD}
[Install]
WantedBy=multi-user.target
EOF
)"
fi
__systemd_unit "${SERVICE_NAME}.service" \
--source "-" \
--state "${STATE}" \
--enablement-state "enabled" <<EOF
${SERVICE_DEFINITION}
EOF
;;
runit|sysvinit)
if [ -z "${SERVICE_DEFINITION}" ]; then
SERVICE_DEFINITION="$(cat <<EOF
#!/bin/sh -e
${WORKING_DIRECTORY_RUNIT}
export HOME="\$(getent passwd '${USER}' | cut -d: -f6)"
export USER="${USER}"
export GROUP="${GROUP}"
exec chpst -u "${USER}:${GROUP}" ${SERVICE_EXEC}
EOF
)"
fi
__runit_service "${SERVICE_NAME}" \
--state "${STATE}" \
--log \
--source - <<EOF
${SERVICE_DEFINITION}
EOF
;;
esac
service_require="${service_require} ${service_definition_require}"
# Proceed after user and service description have been prepared
export require="${require} ${service_require}"
VERSION_FILE="${BIN_DIR}/.${SERVICE_NAME}.cdist.version"
IS_VERSION="$(cat "${__object}/explorer/explorer-version")"
if [ "${STATE}" = "absent" ]; then
# Perform cleanup of generated files
for bin_file in ${BINARY} ${EXTRA_BINARIES}; do
__file "${BIN_DIR}/${bin_file}" --state "absent"
done
__file "${VERSION_FILE}" --state "absent"
__file "${CONFIG_FILE_DEST}" --state "absent"
fi
if [ "${STATE}" != "present" ]; then
exit
fi
sv_cmd() {
# This is intentional
# shellcheck disable=SC2059
printf "${service_command}" "$1"
}
if [ "${SHOULD_VERSION}" != "${IS_VERSION}" ]; then
# We are installing the service and there has been a version change
# (or it is first-time install)
TMP_PATH="/tmp/${SERVICE_NAME}-${SHOULD_VERSION}"
# This is what will stop the service, replace the binaries and
# start the service again
perform_service_upgrade="$(cat <<EOF
$(sv_cmd stop) || true
if [ -f '${TMP_PATH}' ]; then
chown root:${SUPER_USER_GROUP} '${TMP_PATH}'
chmod 0555 '${TMP_PATH}'
cp -af '${TMP_PATH}' '${BIN_DIR}/${BINARY}'
else
for bin_file in ${BINARY} ${EXTRA_BINARIES}; do
bin_path="${TMP_PATH}/\${bin_file}"
chown root:${SUPER_USER_GROUP} "\${bin_path}"
chmod 0555 "\${bin_path}"
cp -af "\${bin_path}" "${BIN_DIR}/\${bin_file}"
done
fi
$(sv_cmd start) || true
EOF
)"
if [ -f "${__object}/parameter/unpack" ]; then
UNPACK_EXTENSION="$(cat "${__object}/parameter/unpack-extension")"
UNPACK_ARGS="$(cat "${__object}/parameter/unpack-args" \
2>/dev/null || true)"
# Download packed file
__download "${TMP_PATH}${UNPACK_EXTENSION}" \
--url "${DOWNLOAD_URL}" \
--download remote \
--sum "${CHECKSUM}"
# Unpack file and also perform service upgrade
# shellcheck disable=SC2086
require="__download${TMP_PATH}${UNPACK_EXTENSION}" \
__unpack "${TMP_PATH}${UNPACK_EXTENSION}" \
${UNPACK_ARGS} \
--destination "${TMP_PATH}"
version_bump_require="__unpack${TMP_PATH}${UNPACK_EXTENSION}"
else
# Create temp directory
__directory "${TMP_PATH}"
# Download binary directoy to the temp directory with the
# specified binary name
require="__directory${TMP_PATH}" __download \
"${TMP_PATH}/${BINARY}" \
--url "${DOWNLOAD_URL}" \
--download remote \
--sum "${CHECKSUM}"
version_bump_require="__download${TMP_PATH}/${BINARY}"
fi
# Perform update of cdist-managed version file
# And also perform service upgrade
# This is a bug if service_upgrade fails >,<
printf "%s" "${SHOULD_VERSION}" | \
require="${version_bump_require}" __file \
"${VERSION_FILE}" \
--onchange "${perform_service_upgrade}" \
--source "-"
else
# We only restart here if there was a config change
# but there was not a version change
require="${service_require}" __check_messages \
"single_binary_service_${__object_id}" \
--pattern "^__file${CONFIG_FILE_DEST}" \
--execute "$(sv_cmd restart)"
fi

View file

@ -0,0 +1,2 @@
do-not-manage-user
unpack

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1 @@
.tar.gz

View file

@ -0,0 +1 @@
root

View file

@ -0,0 +1 @@
/nonexistent

View file

@ -0,0 +1,13 @@
config-file-source
user
group
state
binary
service-args
service-exec
service-description
service-definition
unpack-extension
unpack-args
user-home-dir
working-directory

View file

@ -0,0 +1 @@
extra-binary

View file

@ -0,0 +1,3 @@
url
checksum
version

View file

@ -38,7 +38,8 @@ install-key-to
Installation path of the certificate's private key. Installation path of the certificate's private key.
renew-hook renew-hook
Renew hook executed on certificate renewal (e.g. `service nginx reload`). Renew hook executed on certificate renewal (e.g. `service nginx reload`, `-`
for the standard input).
force-cert-ownership-to force-cert-ownership-to
Override default ownership for TLS certificate, passed as argument to chown. Override default ownership for TLS certificate, passed as argument to chown.

View file

@ -109,7 +109,11 @@ export CERT_TARGET
RENEW_HOOK= RENEW_HOOK=
if [ -f "${__object:?}/parameter/renew-hook" ]; if [ -f "${__object:?}/parameter/renew-hook" ];
then then
RENEW_HOOK="$(cat "${__object:?}/parameter/renew-hook")" if [ "$(cat "${__object:?}/parameter/renew-hook")" = "-" ]; then
RENEW_HOOK="$(cat ${__object:?}/stdin)"
else
RENEW_HOOK="$(cat "${__object:?}/parameter/renew-hook")"
fi
fi fi
export RENEW_HOOK export RENEW_HOOK