Compare commits
No commits in common. "master" and "root-mail-dma" have entirely different histories.
master
...
root-mail-
440 changed files with 349 additions and 21409 deletions
|
@ -1,29 +1,14 @@
|
||||||
stages:
|
stages:
|
||||||
- test
|
- test
|
||||||
- doc
|
|
||||||
|
|
||||||
image: code.ungleich.ch:5050/ungleich-public/cdist-contrib/ci-container:latest
|
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
|
||||||
|
|
||||||
shellcheck:
|
shellcheck:
|
||||||
stage: test
|
stage: test
|
||||||
script:
|
script:
|
||||||
- make lint
|
- ./scripts/run-shellcheck.sh
|
||||||
|
|
||||||
manpages:
|
manpages:
|
||||||
stage: test
|
stage: test
|
||||||
script:
|
script:
|
||||||
- make check-manpages
|
- ./scripts/run-manpage-checks.sh
|
||||||
|
|
||||||
docs:
|
|
||||||
stage: doc
|
|
||||||
only:
|
|
||||||
- master@ungleich-public/cdist-contrib
|
|
||||||
before_script:
|
|
||||||
- eval $(ssh-agent -s)
|
|
||||||
- echo "$CD_SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
|
|
||||||
- mkdir -p ~/.ssh
|
|
||||||
- echo "$CD_SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
|
|
||||||
- chmod 644 ~/.ssh/known_hosts
|
|
||||||
script:
|
|
||||||
- make html
|
|
||||||
- sftp fnux@staticwebhosting.ungleich.ch:public_html/cdist-contrib <<< "put -r docs/dist/html/*"
|
|
||||||
|
|
3
CHANGELOG.md
Normal file
3
CHANGELOG.md
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# cdist-contrib changes
|
||||||
|
|
||||||
|
* 2020-04-28: New type: __find_exec (Ander Punnar)
|
70
Makefile
70
Makefile
|
@ -1,70 +0,0 @@
|
||||||
.PHONY: help
|
|
||||||
help:
|
|
||||||
@echo "Please use \`make <target>' where <target> is one of"
|
|
||||||
@echo "man build only man user documentation"
|
|
||||||
@echo "html build only html user documentation"
|
|
||||||
@echo "docs build both man and html user documentation"
|
|
||||||
@echo "check-manpages check for manpage in types"
|
|
||||||
@echo "lint run shellcheck on types"
|
|
||||||
@echo "check run both type manpage checks and linting"
|
|
||||||
@echo "clean clean"
|
|
||||||
|
|
||||||
DOCS_SRC_DIR=./docs/src
|
|
||||||
TYPEDIR=./type
|
|
||||||
|
|
||||||
SPHINXM=make -C $(DOCS_SRC_DIR) man
|
|
||||||
SPHINXH=make -C $(DOCS_SRC_DIR) html
|
|
||||||
SPHINXC=make -C $(DOCS_SRC_DIR) clean
|
|
||||||
|
|
||||||
################################################################################
|
|
||||||
# Manpages
|
|
||||||
#
|
|
||||||
MAN7DSTDIR=$(DOCS_SRC_DIR)/man7
|
|
||||||
|
|
||||||
# Use shell / ls to get complete list - $(TYPEDIR)/*/man.rst does not work
|
|
||||||
# Using ls does not work if no file with given pattern exist, so use wildcard
|
|
||||||
MANTYPESRC=$(wildcard $(TYPEDIR)/*/man.rst)
|
|
||||||
MANTYPEPREFIX=$(subst $(TYPEDIR)/,$(MAN7DSTDIR)/cdist-type,$(MANTYPESRC))
|
|
||||||
MANTYPES=$(subst /man.rst,.rst,$(MANTYPEPREFIX))
|
|
||||||
|
|
||||||
# Link manpage: do not create man.html but correct named file
|
|
||||||
$(MAN7DSTDIR)/cdist-type%.rst: $(TYPEDIR)/%/man.rst
|
|
||||||
mkdir -p $(MAN7DSTDIR)
|
|
||||||
ln -sf "../../../$^" $@
|
|
||||||
|
|
||||||
DOCSINDEX=$(MAN7DSTDIR)/index.rst
|
|
||||||
DOCSINDEXH=$(DOCS_SRC_DIR)/index.rst.sh
|
|
||||||
|
|
||||||
$(DOCSINDEX): $(DOCSINDEXH)
|
|
||||||
$(DOCSINDEXH)
|
|
||||||
|
|
||||||
# Manpages: .cdist Types
|
|
||||||
DOT_CDIST_PATH=${HOME}/.cdist
|
|
||||||
DOTMAN7DSTDIR=$(MAN7DSTDIR)
|
|
||||||
DOTTYPEDIR=$(DOT_CDIST_PATH)/type
|
|
||||||
|
|
||||||
# Link manpage: do not create man.html but correct named file
|
|
||||||
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
|
|
||||||
ln -sf "$^" $@
|
|
||||||
|
|
||||||
man: $(MANTYPES) $(DOCSINDEX)
|
|
||||||
$(SPHINXM)
|
|
||||||
|
|
||||||
html: $(MANTYPES) $(DOCSINDEX)
|
|
||||||
$(SPHINXH)
|
|
||||||
|
|
||||||
docs: man html
|
|
||||||
|
|
||||||
check-manpages:
|
|
||||||
./scripts/run-manpage-checks.sh
|
|
||||||
|
|
||||||
lint:
|
|
||||||
./scripts/run-shellcheck.sh
|
|
||||||
|
|
||||||
check: check-manpages lint
|
|
||||||
|
|
||||||
clean:
|
|
||||||
$(SPHINXC)
|
|
||||||
rm -f docs/src/index.rst
|
|
||||||
rm -rf docs/src/man7/
|
|
||||||
rm -rf docs/src/__pycache__/
|
|
19
README.md
19
README.md
|
@ -5,9 +5,8 @@ tool with community-maitained types which are either too specific to fit/be
|
||||||
maintained in cdist itself or were not accepted in code cdist but could still
|
maintained in cdist itself or were not accepted in code cdist but could still
|
||||||
be useful.
|
be useful.
|
||||||
|
|
||||||
This project does not have releases and is continously updated: see git history
|
This project does not have releases and is continously updated: see
|
||||||
for change log. You will find HTML documentation at
|
`CHANGELOG.md` for details.
|
||||||
[contrib.cdi.st](https://contrib.cdi.st).
|
|
||||||
|
|
||||||
## Using cdist-contrib
|
## Using cdist-contrib
|
||||||
|
|
||||||
|
@ -33,11 +32,14 @@ And you would run [cdist][cdist] from the same directory as follows:
|
||||||
|
|
||||||
## Participating in the [cdist][cdist] community
|
## Participating in the [cdist][cdist] community
|
||||||
|
|
||||||
Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix!
|
Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix or on
|
||||||
|
[#cdist over mattermost][cdistmattermost].
|
||||||
|
|
||||||
|
|
||||||
[cdist]: https://www.cdi.st/
|
[cdist]: https://www.cdi.st/
|
||||||
[cdistconfig]: https://www.cdi.st/manual/latest/cdist-configuration.html
|
[cdistconfig]: https://www.cdi.st/manual/latest/cdist-configuration.html
|
||||||
[cdistmatrix]: https://matrix.to/#/#cdist:ungleich.ch
|
[cdistmatrix]: https://matrix.to/#/#cdist:ungleich.ch
|
||||||
|
[cdistmattermost]: https://chat.ungleich.ch/ungleich/channels/cdist
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
|
@ -51,12 +53,3 @@ Every type in cdist-contrib must:
|
||||||
|
|
||||||
* Have a `man.rst` documentation page.
|
* Have a `man.rst` documentation page.
|
||||||
* Pass [shellcheck](http://shellcheck.net/) without errors.
|
* Pass [shellcheck](http://shellcheck.net/) without errors.
|
||||||
|
|
||||||
## Other resources
|
|
||||||
|
|
||||||
Some people/organizations are known to keep some cdist types that might be of
|
|
||||||
interest to others:
|
|
||||||
|
|
||||||
* [cdist-evilham](https://git.sr.ht/~evilham/cdist-evilham): Evilham's cdist-types
|
|
||||||
* [cdist-recycledcloud](https://code.recycled.cloud/RecycledCloud/cdist-recycledcloud): e-Durable SA / Recycled Cloud public types
|
|
||||||
* [cdist-ungleich](https://code.ungleich.ch/ungleich-public/cdist-ungleich): ungleich public types
|
|
||||||
|
|
|
@ -1,235 +0,0 @@
|
||||||
# Makefile for Sphinx documentation
|
|
||||||
#
|
|
||||||
|
|
||||||
# You can set these variables from the command line.
|
|
||||||
SPHINXOPTS ?=
|
|
||||||
SPHINXBUILD ?= sphinx-build
|
|
||||||
PAPER ?=
|
|
||||||
BUILDDIR ?= ../dist
|
|
||||||
# for cache, etc.
|
|
||||||
_BUILDDIR = _build
|
|
||||||
|
|
||||||
# User-friendly check for sphinx-build
|
|
||||||
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
|
|
||||||
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don\'t have Sphinx installed, grab it from http://sphinx-doc.org/)
|
|
||||||
endif
|
|
||||||
|
|
||||||
# Internal variables.
|
|
||||||
PAPEROPT_a4 = -D latex_paper_size=a4
|
|
||||||
PAPEROPT_letter = -D latex_paper_size=letter
|
|
||||||
ALLSPHINXOPTS = -d $(_BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
|
|
||||||
# the i18n builder cannot share the environment and doctrees with the others
|
|
||||||
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
|
|
||||||
|
|
||||||
.PHONY: help
|
|
||||||
help:
|
|
||||||
@echo "Please use \`make <target>' where <target> is one of"
|
|
||||||
@echo " html to make standalone HTML files"
|
|
||||||
@echo " dirhtml to make HTML files named index.html in directories"
|
|
||||||
@echo " singlehtml to make a single large HTML file"
|
|
||||||
@echo " pickle to make pickle files"
|
|
||||||
@echo " json to make JSON files"
|
|
||||||
@echo " htmlhelp to make HTML files and a HTML help project"
|
|
||||||
@echo " qthelp to make HTML files and a qthelp project"
|
|
||||||
@echo " applehelp to make an Apple Help Book"
|
|
||||||
@echo " devhelp to make HTML files and a Devhelp project"
|
|
||||||
@echo " epub to make an epub"
|
|
||||||
@echo " epub3 to make an epub3"
|
|
||||||
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
|
|
||||||
@echo " latexpdf to make LaTeX files and run them through pdflatex"
|
|
||||||
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
|
|
||||||
@echo " text to make text files"
|
|
||||||
@echo " man to make manual pages"
|
|
||||||
@echo " texinfo to make Texinfo files"
|
|
||||||
@echo " info to make Texinfo files and run them through makeinfo"
|
|
||||||
@echo " gettext to make PO message catalogs"
|
|
||||||
@echo " changes to make an overview of all changed/added/deprecated items"
|
|
||||||
@echo " xml to make Docutils-native XML files"
|
|
||||||
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
|
|
||||||
@echo " linkcheck to check all external links for integrity"
|
|
||||||
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
|
|
||||||
@echo " coverage to run coverage check of the documentation (if enabled)"
|
|
||||||
@echo " dummy to check syntax errors of document sources"
|
|
||||||
|
|
||||||
.PHONY: clean
|
|
||||||
clean:
|
|
||||||
rm -rf $(BUILDDIR)/*
|
|
||||||
rm -rf $(_BUILDDIR)/*
|
|
||||||
|
|
||||||
.PHONY: html
|
|
||||||
html:
|
|
||||||
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
|
|
||||||
|
|
||||||
.PHONY: dirhtml
|
|
||||||
dirhtml:
|
|
||||||
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
|
|
||||||
|
|
||||||
.PHONY: singlehtml
|
|
||||||
singlehtml:
|
|
||||||
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
|
|
||||||
|
|
||||||
.PHONY: pickle
|
|
||||||
pickle:
|
|
||||||
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
|
|
||||||
@echo
|
|
||||||
@echo "Build finished; now you can process the pickle files."
|
|
||||||
|
|
||||||
.PHONY: json
|
|
||||||
json:
|
|
||||||
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
|
|
||||||
@echo
|
|
||||||
@echo "Build finished; now you can process the JSON files."
|
|
||||||
|
|
||||||
.PHONY: htmlhelp
|
|
||||||
htmlhelp:
|
|
||||||
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
|
|
||||||
@echo
|
|
||||||
@echo "Build finished; now you can run HTML Help Workshop with the" \
|
|
||||||
".hhp project file in $(BUILDDIR)/htmlhelp."
|
|
||||||
|
|
||||||
.PHONY: qthelp
|
|
||||||
qthelp:
|
|
||||||
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
|
|
||||||
@echo
|
|
||||||
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
|
|
||||||
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
|
|
||||||
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/cdist-docs.qhcp"
|
|
||||||
@echo "To view the help file:"
|
|
||||||
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/cdist-docs.qhc"
|
|
||||||
|
|
||||||
.PHONY: applehelp
|
|
||||||
applehelp:
|
|
||||||
$(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The help book is in $(BUILDDIR)/applehelp."
|
|
||||||
@echo "N.B. You won't be able to view it unless you put it in" \
|
|
||||||
"~/Library/Documentation/Help or install it in your application" \
|
|
||||||
"bundle."
|
|
||||||
|
|
||||||
.PHONY: devhelp
|
|
||||||
devhelp:
|
|
||||||
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
|
|
||||||
@echo
|
|
||||||
@echo "Build finished."
|
|
||||||
@echo "To view the help file:"
|
|
||||||
@echo "# mkdir -p $$HOME/.local/share/devhelp/cdist-docs"
|
|
||||||
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/cdist-docs"
|
|
||||||
@echo "# devhelp"
|
|
||||||
|
|
||||||
.PHONY: epub
|
|
||||||
epub:
|
|
||||||
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
|
|
||||||
|
|
||||||
.PHONY: epub3
|
|
||||||
epub3:
|
|
||||||
$(SPHINXBUILD) -b epub3 $(ALLSPHINXOPTS) $(BUILDDIR)/epub3
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3."
|
|
||||||
|
|
||||||
.PHONY: latex
|
|
||||||
latex:
|
|
||||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
|
||||||
@echo
|
|
||||||
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
|
|
||||||
@echo "Run \`make' in that directory to run these through (pdf)latex" \
|
|
||||||
"(use \`make latexpdf' here to do that automatically)."
|
|
||||||
|
|
||||||
.PHONY: latexpdf
|
|
||||||
latexpdf:
|
|
||||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
|
||||||
@echo "Running LaTeX files through pdflatex..."
|
|
||||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf
|
|
||||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
|
||||||
|
|
||||||
.PHONY: latexpdfja
|
|
||||||
latexpdfja:
|
|
||||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
|
||||||
@echo "Running LaTeX files through platex and dvipdfmx..."
|
|
||||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
|
|
||||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
|
||||||
|
|
||||||
.PHONY: text
|
|
||||||
text:
|
|
||||||
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The text files are in $(BUILDDIR)/text."
|
|
||||||
|
|
||||||
.PHONY: man
|
|
||||||
man:
|
|
||||||
$(SPHINXBUILD) -b cman $(ALLSPHINXOPTS) $(BUILDDIR)/man
|
|
||||||
mkdir -p $(BUILDDIR)/man/man7
|
|
||||||
mv -f $(BUILDDIR)/man/*.7 $(BUILDDIR)/man/man7/
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
|
|
||||||
|
|
||||||
.PHONY: texinfo
|
|
||||||
texinfo:
|
|
||||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
|
|
||||||
@echo "Run \`make' in that directory to run these through makeinfo" \
|
|
||||||
"(use \`make info' here to do that automatically)."
|
|
||||||
|
|
||||||
.PHONY: info
|
|
||||||
info:
|
|
||||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
|
||||||
@echo "Running Texinfo files through makeinfo..."
|
|
||||||
make -C $(BUILDDIR)/texinfo info
|
|
||||||
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
|
|
||||||
|
|
||||||
.PHONY: gettext
|
|
||||||
gettext:
|
|
||||||
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
|
|
||||||
|
|
||||||
.PHONY: changes
|
|
||||||
changes:
|
|
||||||
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
|
|
||||||
@echo
|
|
||||||
@echo "The overview file is in $(BUILDDIR)/changes."
|
|
||||||
|
|
||||||
.PHONY: linkcheck
|
|
||||||
linkcheck:
|
|
||||||
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
|
|
||||||
@echo
|
|
||||||
@echo "Link check complete; look for any errors in the above output " \
|
|
||||||
"or in $(BUILDDIR)/linkcheck/output.txt."
|
|
||||||
|
|
||||||
.PHONY: doctest
|
|
||||||
doctest:
|
|
||||||
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
|
|
||||||
@echo "Testing of doctests in the sources finished, look at the " \
|
|
||||||
"results in $(BUILDDIR)/doctest/output.txt."
|
|
||||||
|
|
||||||
.PHONY: coverage
|
|
||||||
coverage:
|
|
||||||
$(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage
|
|
||||||
@echo "Testing of coverage in the sources finished, look at the " \
|
|
||||||
"results in $(BUILDDIR)/coverage/python.txt."
|
|
||||||
|
|
||||||
.PHONY: xml
|
|
||||||
xml:
|
|
||||||
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
|
|
||||||
|
|
||||||
.PHONY: pseudoxml
|
|
||||||
pseudoxml:
|
|
||||||
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
|
|
||||||
|
|
||||||
.PHONY: dummy
|
|
||||||
dummy:
|
|
||||||
$(SPHINXBUILD) -b dummy $(ALLSPHINXOPTS) $(BUILDDIR)/dummy
|
|
||||||
@echo
|
|
||||||
@echo "Build finished. Dummy builder generates no files."
|
|
101
docs/src/conf.py
101
docs/src/conf.py
|
@ -1,101 +0,0 @@
|
||||||
#!/usr/bin/env python3
|
|
||||||
|
|
||||||
import sys
|
|
||||||
import os
|
|
||||||
import sphinx_rtd_theme
|
|
||||||
|
|
||||||
from datetime import date
|
|
||||||
|
|
||||||
# If extensions (or modules to document with autodoc) are in another directory,
|
|
||||||
# add these directories to sys.path here. If the directory is relative to the
|
|
||||||
# documentation root, use os.path.abspath to make it absolute, like shown here.
|
|
||||||
# sys.path.insert(0, os.path.abspath('.'))
|
|
||||||
sys.path.insert(0, os.path.abspath(os.path.join(
|
|
||||||
os.path.dirname(os.path.realpath(__file__)), "..", "..")))
|
|
||||||
|
|
||||||
# -- General configuration ------------------------------------------------
|
|
||||||
|
|
||||||
# If your documentation needs a minimal Sphinx version, state it here.
|
|
||||||
# needs_sphinx = '1.0'
|
|
||||||
|
|
||||||
# Add any Sphinx extension module names here, as strings. They can be
|
|
||||||
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
|
|
||||||
# ones.
|
|
||||||
extensions = [
|
|
||||||
'docs.src.manpage',
|
|
||||||
'sphinx.ext.extlinks',
|
|
||||||
]
|
|
||||||
|
|
||||||
# The suffix(es) of source filenames.
|
|
||||||
# You can specify multiple suffix as a list of string:
|
|
||||||
source_suffix = ['.rst']
|
|
||||||
|
|
||||||
# The encoding of source files.
|
|
||||||
# source_encoding = 'utf-8-sig'
|
|
||||||
|
|
||||||
# The master toctree document.
|
|
||||||
master_doc = 'index'
|
|
||||||
|
|
||||||
# General information about the project.
|
|
||||||
project = 'cdist-contrib'
|
|
||||||
copyright = 'cdist-contrib contributors'
|
|
||||||
|
|
||||||
# The version info for the project you're documenting, acts as replacement for
|
|
||||||
# |version| and |release|, also used in various other places throughout the
|
|
||||||
# built documents.
|
|
||||||
|
|
||||||
version = str(date.today())
|
|
||||||
release = os.popen('git rev-parse HEAD').read()
|
|
||||||
|
|
||||||
# The language for content autogenerated by Sphinx. Refer to documentation
|
|
||||||
# for a list of supported languages.
|
|
||||||
#
|
|
||||||
# This is also used if you do content translation via gettext catalogs.
|
|
||||||
# Usually you set "language" from the command line for these cases.
|
|
||||||
language = None
|
|
||||||
|
|
||||||
# The name of the Pygments (syntax highlighting) style to use.
|
|
||||||
pygments_style = 'sphinx'
|
|
||||||
|
|
||||||
# If true, `todo` and `todoList` produce output, else they produce nothing.
|
|
||||||
todo_include_todos = False
|
|
||||||
|
|
||||||
# -- Options for HTML output ----------------------------------------------
|
|
||||||
|
|
||||||
# The theme to use for HTML and HTML Help pages. See the documentation for
|
|
||||||
# a list of builtin themes.
|
|
||||||
html_theme = 'sphinx_rtd_theme'
|
|
||||||
html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
|
|
||||||
|
|
||||||
# Output file base name for HTML help builder.
|
|
||||||
htmlhelp_basename = 'cdistcontribdoc'
|
|
||||||
|
|
||||||
# -- Options for manual page output ---------------------------------------
|
|
||||||
|
|
||||||
# One entry per manual page. List of tuples
|
|
||||||
# (source start file, name, description, authors, manual section).
|
|
||||||
root_mandir = os.path.dirname(os.path.realpath(__file__))
|
|
||||||
mandirs = []
|
|
||||||
for mansubdir in ('man7',):
|
|
||||||
mandirs.append((os.path.join(root_mandir, mansubdir), mansubdir[-1]))
|
|
||||||
man_pages = []
|
|
||||||
for mandir, section in mandirs:
|
|
||||||
for root, dirs, files in os.walk(mandir):
|
|
||||||
for fname in files:
|
|
||||||
froot, fext = os.path.splitext(fname)
|
|
||||||
if fext == '.rst':
|
|
||||||
man_page = (os.path.join('man' + str(section), froot),
|
|
||||||
froot, '', [], section)
|
|
||||||
man_pages.append(man_page)
|
|
||||||
|
|
||||||
# man_pages = [
|
|
||||||
# ('cdist-type', 'cdist-type', 'cdist-type documentation',
|
|
||||||
# [author], 1),
|
|
||||||
# ('man7/cdist-type__file', 'cdist-type__file',
|
|
||||||
# '', [], 1),
|
|
||||||
# ('cdist-type__directory', 'cdist-type__directory',
|
|
||||||
# 'cdist-type__directory documentation', [author], 1),
|
|
||||||
# ]
|
|
||||||
|
|
||||||
# If true, show URL addresses after external links.
|
|
||||||
# man_show_urls = False
|
|
|
@ -1,40 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
__cdist_pwd="$(pwd -P)"
|
|
||||||
__cdist_mydir="${0%/*}";
|
|
||||||
__cdist_abs_mydir="$(cd "$__cdist_mydir" && pwd -P)"
|
|
||||||
__cdist_myname=${0##*/};
|
|
||||||
__cdist_abs_myname="$__cdist_abs_mydir/$__cdist_myname"
|
|
||||||
|
|
||||||
filename="${__cdist_myname%.sh}"
|
|
||||||
dest="$__cdist_abs_mydir/$filename"
|
|
||||||
|
|
||||||
if ! command -v pandoc > /dev/null; then
|
|
||||||
echo "Pandoc is required to generate HTML index from README." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
cd "$__cdist_abs_mydir"
|
|
||||||
|
|
||||||
exec > "$dest"
|
|
||||||
|
|
||||||
pandoc -f markdown -t rst ../../README.md
|
|
||||||
|
|
||||||
cat << EOF
|
|
||||||
|
|
||||||
.. toctree::
|
|
||||||
:hidden:
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# If there is no such file then ls prints error to stderr,
|
|
||||||
# so redirect stderr to /dev/null.
|
|
||||||
for type in $(ls man7/cdist-type__*.rst 2>/dev/null | LC_ALL=C sort); do
|
|
||||||
no_dir="${type#man7/}";
|
|
||||||
no_type="${no_dir#cdist-type}";
|
|
||||||
name="${no_type%.rst}";
|
|
||||||
manref="${no_dir%.rst}"
|
|
||||||
man="${manref}(7)"
|
|
||||||
|
|
||||||
echo " $name" "<man7/${manref}>"
|
|
||||||
done
|
|
|
@ -1,87 +0,0 @@
|
||||||
import sphinx.builders.manpage
|
|
||||||
import sphinx.writers.manpage
|
|
||||||
from docutils.frontend import OptionParser
|
|
||||||
from sphinx.util.console import bold, darkgreen
|
|
||||||
from six import string_types
|
|
||||||
from docutils.io import FileOutput
|
|
||||||
from os import path
|
|
||||||
from sphinx.util.nodes import inline_all_toctrees
|
|
||||||
from sphinx import addnodes
|
|
||||||
from sphinx.util import logging
|
|
||||||
|
|
||||||
"""
|
|
||||||
Extension based on sphinx builtin manpage.
|
|
||||||
It does not write its own .SH NAME based on config,
|
|
||||||
but leaves everything to actual reStructuredText file content.
|
|
||||||
"""
|
|
||||||
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
class ManualPageTranslator(sphinx.writers.manpage.ManualPageTranslator):
|
|
||||||
|
|
||||||
def header(self):
|
|
||||||
tmpl = (".TH \"%(title_upper)s\" \"%(manual_section)s\""
|
|
||||||
" \"%(date)s\" \"%(version)s\" \"%(manual_group)s\"\n")
|
|
||||||
return tmpl % self._docinfo
|
|
||||||
|
|
||||||
|
|
||||||
class ManualPageWriter(sphinx.writers.manpage.ManualPageWriter):
|
|
||||||
|
|
||||||
def __init__(self, builder):
|
|
||||||
super().__init__(builder)
|
|
||||||
self.translator_class = (
|
|
||||||
self.builder.get_translator_class() or ManualPageTranslator)
|
|
||||||
|
|
||||||
|
|
||||||
class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder):
|
|
||||||
|
|
||||||
name = 'cman'
|
|
||||||
default_translator_class = ManualPageTranslator
|
|
||||||
|
|
||||||
def write(self, *ignored):
|
|
||||||
docwriter = ManualPageWriter(self)
|
|
||||||
docsettings = OptionParser(
|
|
||||||
defaults=self.env.settings,
|
|
||||||
components=(docwriter,),
|
|
||||||
read_config_files=True).get_default_values()
|
|
||||||
|
|
||||||
logger.info(bold('writing... '), nonl=True)
|
|
||||||
|
|
||||||
for info in self.config.man_pages:
|
|
||||||
docname, name, description, authors, section = info
|
|
||||||
if isinstance(authors, string_types):
|
|
||||||
if authors:
|
|
||||||
authors = [authors]
|
|
||||||
else:
|
|
||||||
authors = []
|
|
||||||
|
|
||||||
targetname = '%s.%s' % (name, section)
|
|
||||||
logger.info(darkgreen(targetname) + ' { ', nonl=True)
|
|
||||||
destination = FileOutput(
|
|
||||||
destination_path=path.join(self.outdir, targetname),
|
|
||||||
encoding='utf-8')
|
|
||||||
|
|
||||||
tree = self.env.get_doctree(docname)
|
|
||||||
docnames = set()
|
|
||||||
largetree = inline_all_toctrees(self, docnames, docname, tree,
|
|
||||||
darkgreen, [docname])
|
|
||||||
logger.info('} ', nonl=True)
|
|
||||||
self.env.resolve_references(largetree, docname, self)
|
|
||||||
# remove pending_xref nodes
|
|
||||||
for pendingnode in largetree.traverse(addnodes.pending_xref):
|
|
||||||
pendingnode.replace_self(pendingnode.children)
|
|
||||||
|
|
||||||
largetree.settings = docsettings
|
|
||||||
largetree.settings.title = name
|
|
||||||
largetree.settings.subtitle = description
|
|
||||||
largetree.settings.authors = authors
|
|
||||||
largetree.settings.section = section
|
|
||||||
|
|
||||||
docwriter.write(largetree, destination)
|
|
||||||
logger.info("")
|
|
||||||
|
|
||||||
|
|
||||||
def setup(app):
|
|
||||||
app.add_builder(ManualPageBuilder)
|
|
|
@ -1,7 +0,0 @@
|
||||||
# This image is used in the cdist-contrib CI for linting and generating the
|
|
||||||
# documentation.
|
|
||||||
FROM fedora:latest
|
|
||||||
MAINTAINER Timothée Floure <fnux@ungleich.ch>
|
|
||||||
|
|
||||||
RUN dnf install -y git findutils make python3-sphinx python3-sphinx_rtd_theme \
|
|
||||||
ShellCheck openssh-clients pandoc
|
|
|
@ -1,29 +1,21 @@
|
||||||
#!/bin/sh -eu
|
#!/bin/sh
|
||||||
|
|
||||||
SHELLCHECKCMD='shellcheck -s sh -f gcc -x'
|
SHELLCHECKCMD="shellcheck -s sh -f gcc -x"
|
||||||
# Skip SC2154 for variables starting with __ since such variables are cdist
|
# Skip SC2154 for variables starting with __ since such variables are cdist
|
||||||
# environment variables.
|
# environment variables.
|
||||||
SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]'
|
SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]'
|
||||||
SHELLCHECKTMP='.shellcheck.tmp'
|
SHELLCHECKTMP=".shellcheck.tmp"
|
||||||
|
|
||||||
# Move to top-level cdist-contrib directory.
|
# Move to top-level cdist-contrib directory.
|
||||||
cd "$(dirname $0)"/..
|
cd $(dirname $0)/..
|
||||||
|
|
||||||
check() {
|
check () {
|
||||||
find type/ -type f "$@" -exec ${SHELLCHECKCMD} {} + \
|
find type/ -type f $1 $2 -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
|
||||||
| grep -v "${SHELLCHECK_SKIP}" >>"${SHELLCHECKTMP}" || true
|
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
|
||||||
}
|
}
|
||||||
|
|
||||||
rm -f "${SHELLCHECKTMP}"
|
check -path "*/explorer/*"
|
||||||
|
check -path "*/files/*"
|
||||||
check -path '*/explorer/*'
|
|
||||||
check -path '*/files/*' -name '*.sh'
|
|
||||||
check -name manifest
|
check -name manifest
|
||||||
check -name gencode-local
|
check -name gencode-local
|
||||||
check -name gencode-remote
|
check -name gencode-remote
|
||||||
|
|
||||||
if test -s "${SHELLCHECKTMP}"
|
|
||||||
then
|
|
||||||
cat "${SHELLCHECKTMP}" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
|
@ -1,45 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
# Template to generate a bgp protocol configuration file for bird(1).
|
|
||||||
# Required non-empty variables:
|
|
||||||
# __object_id, local_{ip,as}, neighbor_{ip,as}
|
|
||||||
#
|
|
||||||
# Required defined variables:
|
|
||||||
# description, password, ipv{4,6}_{import,export}
|
|
||||||
|
|
||||||
# Header
|
|
||||||
echo "protocol bgp ${__object_id:?} {"
|
|
||||||
|
|
||||||
# Optional description
|
|
||||||
[ -n "${description?}" ] && printf "\tdescription \"%s\";\n" "${description?}"
|
|
||||||
|
|
||||||
# Mandatory session information
|
|
||||||
cat << EOF
|
|
||||||
local ${local_ip?} as ${local_as:?};
|
|
||||||
neighbor ${neighbor_ip:?} as ${neighbor_as:?};
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Direct connection ?
|
|
||||||
[ -n "${direct?}" ] && printf "\tdirect;\n"
|
|
||||||
|
|
||||||
# Password-protected session ?
|
|
||||||
[ -n "${password?}" ] && printf "\tpassword \"%s\";\n" "${password?}"
|
|
||||||
|
|
||||||
if [ -n "${ipv4_import?}" ] || [ -n "${ipv4_export?}" ] || "${ipv4_extended_next_hop?}";
|
|
||||||
then
|
|
||||||
printf "\tipv4 {\n"
|
|
||||||
[ -n "${ipv4_import?}" ] && printf "\t\timport %s;\n" "${ipv4_import:?}"
|
|
||||||
[ -n "${ipv4_export?}" ] && printf "\t\texport %s;\n" "${ipv4_export:?}"
|
|
||||||
[ -n "${ipv4_extended_next_hop?}" ] && printf "\t\textended next hop;\n"
|
|
||||||
printf "\t};\n"
|
|
||||||
fi
|
|
||||||
if [ -n "${ipv6_import?}" ] || [ -n "${ipv6_export?}" ] || "${ipv6_extended_next_hop?}";
|
|
||||||
then
|
|
||||||
printf "\tipv6 {\n"
|
|
||||||
[ -n "${ipv6_import?}" ] && printf "\t\timport %s;\n" "${ipv6_import:?}"
|
|
||||||
[ -n "${ipv6_export?}" ] && printf "\t\texport %s;\n" "${ipv6_export:?}"
|
|
||||||
[ -n "${ipv6_extended_next_hop?}" ] && printf "\t\textended next hop;\n"
|
|
||||||
printf "\t};\n"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Header close
|
|
||||||
echo "}"
|
|
|
@ -1,105 +0,0 @@
|
||||||
cdist-type__bird_bgp(7)
|
|
||||||
=======================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__bird_bgp - configure an instance of the BGP protocol.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
This type writes the configuration for an instance of the BGP protocol to be
|
|
||||||
ran by the bird internet routing daemon. It **expects** to depend on the
|
|
||||||
`cdist-type__bird_core(7)` type.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
local-as
|
|
||||||
The number for the AS in which the daemon is running.
|
|
||||||
|
|
||||||
neighbor-as
|
|
||||||
The number of the AS with which we are peering.
|
|
||||||
|
|
||||||
neighbor-ip
|
|
||||||
The IP address of the peer we are opening a session with.
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
description
|
|
||||||
An instance desciption to be printed when `birdc show protocols` is called.
|
|
||||||
|
|
||||||
local-ip
|
|
||||||
The IP address used as a source address for the BGP session.
|
|
||||||
|
|
||||||
password
|
|
||||||
A password for the BGP session.
|
|
||||||
|
|
||||||
ipv4-import
|
|
||||||
A string suitable for the bird `import` directive. Usually `all`, `none` or
|
|
||||||
a filter definition.
|
|
||||||
|
|
||||||
ipv4-export
|
|
||||||
See ipv4-import.
|
|
||||||
|
|
||||||
ipv4-extended-next-hop
|
|
||||||
Allow IPv6 next hop in IPv4 NLRI.
|
|
||||||
|
|
||||||
ipv6-import
|
|
||||||
See ipv4-import.
|
|
||||||
|
|
||||||
ipv6-export
|
|
||||||
See ipv4-import.
|
|
||||||
|
|
||||||
ipv6-extended-next-hop
|
|
||||||
Allow IPv4 next hop in IPv6 NLRI.
|
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
|
||||||
------------------
|
|
||||||
direct
|
|
||||||
Specify that the two routers are directly connected.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# Setup bird and open a BGP session.
|
|
||||||
__bird_core --router-id 198.51.100.4
|
|
||||||
|
|
||||||
require='__bird_core' __bird_bgp bgp4 \
|
|
||||||
--description "a test IPv4 BGP instance" \
|
|
||||||
--ipv4-export all \
|
|
||||||
--ipv4-import all \
|
|
||||||
--ipv6-export none \
|
|
||||||
--ipv6-import none \
|
|
||||||
--local-as 1234 \
|
|
||||||
--local-ip 198.51.100.4 \
|
|
||||||
--neighbor-as 4321 \
|
|
||||||
--neighbor-ip 198.51.100.3 \
|
|
||||||
--password hunter01
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
cdist-type__bird_core(7)
|
|
||||||
cdist-type__bird_filter(7)
|
|
||||||
cdist-type__bird_kernel(7)
|
|
||||||
cdist-type__bird_ospf(7)
|
|
||||||
cdist-type__bird_static(7)
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,122 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Joachim Desroches (joachim.desroches@epfl.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
"alpine"|"debian"|"ubuntu")
|
|
||||||
confdir="/etc/bird.d"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
printf "Your operating system (%s) is currently not supported by __bird_bgp\n" "$os" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Required parameters
|
|
||||||
local_as="$(cat "${__object:?}"/parameter/local-as)"
|
|
||||||
export local_as
|
|
||||||
|
|
||||||
neighbor_as="$(cat "${__object:?}"/parameter/neighbor-as)"
|
|
||||||
export neighbor_as
|
|
||||||
|
|
||||||
neighbor_ip="$(cat "${__object:?}"/parameter/neighbor-ip)"
|
|
||||||
export neighbor_ip
|
|
||||||
|
|
||||||
# Optional parameters
|
|
||||||
description=
|
|
||||||
if [ -f "${__object:?}"/parameter/description ];
|
|
||||||
then
|
|
||||||
description="$(cat "${__object:?}"/parameter/description)"
|
|
||||||
fi
|
|
||||||
export description
|
|
||||||
|
|
||||||
direct=
|
|
||||||
if [ -f "${__object:?}"/parameter/direct ];
|
|
||||||
then
|
|
||||||
direct="true"
|
|
||||||
fi
|
|
||||||
export direct
|
|
||||||
|
|
||||||
ipv4_extended_next_hop=
|
|
||||||
if [ -f "${__object:?}"/parameter/ipv4-extended-next-hop ];
|
|
||||||
then
|
|
||||||
ipv4_extended_next_hop="true"
|
|
||||||
fi
|
|
||||||
export ipv4_extended_next_hop
|
|
||||||
|
|
||||||
ipv6_extended_next_hop=
|
|
||||||
if [ -f "${__object:?}"/parameter/ipv6-extended-next-hop ];
|
|
||||||
then
|
|
||||||
ipv6_extended_next_hop="true"
|
|
||||||
fi
|
|
||||||
export ipv6_extended_next_hop
|
|
||||||
|
|
||||||
local_ip=
|
|
||||||
if [ -f "${__object:?}"/parameter/local-ip ];
|
|
||||||
then
|
|
||||||
local_ip="$(cat "${__object:?}"/parameter/local-ip)"
|
|
||||||
fi
|
|
||||||
export local_ip
|
|
||||||
|
|
||||||
password=
|
|
||||||
if [ -f "${__object:?}"/parameter/password ];
|
|
||||||
then
|
|
||||||
password="$(cat "${__object:?}"/parameter/password)"
|
|
||||||
fi
|
|
||||||
export password
|
|
||||||
|
|
||||||
ipv4_import=
|
|
||||||
if [ -f "${__object:?}"/parameter/ipv4-import ];
|
|
||||||
then
|
|
||||||
ipv4_import="$(cat "${__object:?}"/parameter/ipv4-import)"
|
|
||||||
fi
|
|
||||||
export ipv4_import
|
|
||||||
|
|
||||||
ipv4_export=
|
|
||||||
if [ -f "${__object:?}"/parameter/ipv4-export ];
|
|
||||||
then
|
|
||||||
ipv4_export="$(cat "${__object:?}"/parameter/ipv4-export)"
|
|
||||||
fi
|
|
||||||
export ipv4_export
|
|
||||||
|
|
||||||
ipv6_import=
|
|
||||||
if [ -f "${__object:?}"/parameter/ipv6-import ];
|
|
||||||
then
|
|
||||||
ipv6_import="$(cat "${__object:?}"/parameter/ipv6-import)"
|
|
||||||
fi
|
|
||||||
export ipv6_import
|
|
||||||
|
|
||||||
ipv6_export=
|
|
||||||
if [ -f "${__object:?}"/parameter/ipv6-export ];
|
|
||||||
then
|
|
||||||
ipv6_export="$(cat "${__object:?}"/parameter/ipv6-export)"
|
|
||||||
fi
|
|
||||||
export ipv6_export
|
|
||||||
|
|
||||||
# Run template
|
|
||||||
"${__type:?}"/files/template.sh > "${__files:?}/bgp-${__object_id:?}.conf"
|
|
||||||
|
|
||||||
# Install resulting configuration
|
|
||||||
__file "${confdir:?}"/bgp-"${__object_id:?}".conf \
|
|
||||||
--mode 0640 --owner root --group bird \
|
|
||||||
--source "${__files:?}/bgp-${__object_id:?}.conf"
|
|
|
@ -1,3 +0,0 @@
|
||||||
direct
|
|
||||||
ipv4-extended-next-hop
|
|
||||||
ipv6-extended-next-hop
|
|
|
@ -1,7 +0,0 @@
|
||||||
description
|
|
||||||
ipv4-export
|
|
||||||
ipv4-import
|
|
||||||
ipv6-export
|
|
||||||
ipv6-import
|
|
||||||
local-ip
|
|
||||||
password
|
|
|
@ -1,3 +0,0 @@
|
||||||
local-as
|
|
||||||
neighbor-as
|
|
||||||
neighbor-ip
|
|
|
@ -1,65 +0,0 @@
|
||||||
cdist-type__bird-core(7)
|
|
||||||
========================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__bird-core - setup a skeleton bird configuration.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
The `bird`_ daemon is an internet routing daemon, running protocols such as
|
|
||||||
OSPF and BGP. This type creates a skeleton configuration file suitable for
|
|
||||||
running a no-op bird. It is then intended to be combined - and depended on - by
|
|
||||||
types specific to the instances of the various protocols that bird should run.
|
|
||||||
|
|
||||||
.. _bird: https://bird.network.cz/
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
router-id
|
|
||||||
This parameter follows the format of an IPv4 address, and will be used by
|
|
||||||
bird as its router id. See `the documentation for router id`_.
|
|
||||||
|
|
||||||
.. _the documentation for router id: https://bird.network.cz/?get_doc&v=20&f=bird-3.html#opt-router-id
|
|
||||||
|
|
||||||
log-params
|
|
||||||
|
|
||||||
This parameter expects a string suitable to follow the `log` bird
|
|
||||||
configuration key. If this parameter is not include, the value `syslog all`
|
|
||||||
is used. See `the documentation for log`_.
|
|
||||||
|
|
||||||
.. _the documentation for log: https://bird.network.cz/?get_doc&v=20&f=bird-3.html#opt-log
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
__bird-core --router-id 198.51.100.4
|
|
||||||
|
|
||||||
require='__bird-core' __bird_bgp <...>
|
|
||||||
require='__bird-core' __bird_ospf <...>
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
cdist-type__bird_bgp(7)
|
|
||||||
cdist-type__bird_filter(7)
|
|
||||||
cdist-type__bird_kernel(7)
|
|
||||||
cdist-type__bird_ospf(7)
|
|
||||||
cdist-type__bird_static(7)
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,72 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Joachim Desroches (joachim.desroches@epfl.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
|
||||||
|
|
||||||
package=
|
|
||||||
conffile=
|
|
||||||
confdir=
|
|
||||||
case "$os" in
|
|
||||||
"alpine")
|
|
||||||
package=bird
|
|
||||||
conffile=/etc/bird.conf
|
|
||||||
confdir=/etc/bird.d
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
printf "Your operating system (%s) is currently not supported by __bird_core\n" "$os" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
router_id=
|
|
||||||
if [ -f "${__object:?}/parameter/router-id" ];
|
|
||||||
then
|
|
||||||
router_id="router id $(cat "${__object:?}"/parameter/router-id);"
|
|
||||||
fi
|
|
||||||
|
|
||||||
log_params="syslog all"
|
|
||||||
if [ -f "${__object:?}/parameter/log-params" ];
|
|
||||||
then
|
|
||||||
log_params="$(cat "${__object:?}"/parameter/log-params)"
|
|
||||||
fi
|
|
||||||
|
|
||||||
__package "$package"
|
|
||||||
|
|
||||||
export require="__package/$package"
|
|
||||||
__directory "$confdir"
|
|
||||||
__file "$conffile" \
|
|
||||||
--mode 0640 --owner root --group bird \
|
|
||||||
--source - << EOF
|
|
||||||
# $conffile - bird(1) configuration file.
|
|
||||||
# Managed by cdist. Do not edit by hand.
|
|
||||||
|
|
||||||
${router_id}
|
|
||||||
log ${log_params};
|
|
||||||
|
|
||||||
# Always include this "protocol": all it does is expose the available
|
|
||||||
# interfaces to bird.
|
|
||||||
protocol device {
|
|
||||||
description "Obtain a list of device interfaces.";
|
|
||||||
}
|
|
||||||
|
|
||||||
include "$confdir/*.conf";
|
|
||||||
EOF
|
|
|
@ -1 +0,0 @@
|
||||||
log-params
|
|
|
@ -1 +0,0 @@
|
||||||
router-id
|
|
|
@ -1,63 +0,0 @@
|
||||||
cdist-type__bird_filter(7)
|
|
||||||
==========================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__bird_filter - Create a named filter to use in configuring bird.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
This type writes a configuration file defining a filter named `__object_id` for
|
|
||||||
the bird internet routing daemon. It is guaranteed that all filters defined
|
|
||||||
through this type will be loaded before any other protocol defined using the
|
|
||||||
cdist __bird_xxx types, except functions. However, note that if two filters
|
|
||||||
have a dependency, they will be loaded in alphabetical order, so some care may
|
|
||||||
need to be taken in the naming.
|
|
||||||
|
|
||||||
This type takes it's input through stdin, expecting valid filter statements as
|
|
||||||
per the bird configuration file syntax. The standard input will be printed out
|
|
||||||
between a `filter __object_id {\n ... \n}`, so only the inner statements are
|
|
||||||
needed.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# Setup bird, a filter and open a BGP session.
|
|
||||||
__bird_core --router-id 198.51.100.4
|
|
||||||
|
|
||||||
require='__bird_core' __bird_filter bgp_export <<- EOF
|
|
||||||
if (source = RTS_DEVICE) then accept;
|
|
||||||
reject;
|
|
||||||
EOF
|
|
||||||
|
|
||||||
require='__bird_core' __bird_bgp bgp4 \
|
|
||||||
--description "a test IPv4 BGP instance" \
|
|
||||||
--ipv4-export "filter bgp_export" \
|
|
||||||
--[...]
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
cdist-type__bird_core(7)
|
|
||||||
cdist-type__bird_bgp(7)
|
|
||||||
cdist-type__bird_function(7)
|
|
||||||
cdist-type__bird_kernel(7)
|
|
||||||
cdist-type__bird_ospf(7)
|
|
||||||
cdist-type__bird_static(7)
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,44 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Joachim Desroches (joachim.desroches@epfl.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
'alpine'|'debian'|'ubuntu')
|
|
||||||
confdir=/etc/bird.d
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
printf "Your operating system (%s) is currently not supported by __bird_filter\n" "$os" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Filters start with 1 because bird loads the config in alphanumerical order
|
|
||||||
# and we need them to be defined to be used in the rest of the stuff, but after
|
|
||||||
# functions.
|
|
||||||
__file "$confdir/1-filter-${__object_id:?}.conf" \
|
|
||||||
--owner root --group bird --mode 0640 \
|
|
||||||
--source - << EOF
|
|
||||||
filter ${__object_id:?} {
|
|
||||||
$(cat "${__object:?}"/stdin)
|
|
||||||
}
|
|
||||||
EOF
|
|
|
@ -1,58 +0,0 @@
|
||||||
cdist-type__bird_function(7)
|
|
||||||
============================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__bird_function - Create a named function to use in configuring bird.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
|
|
||||||
This type writes a configuration file for the bird internet routing daemon. It
|
|
||||||
is guaranteed that all functions defined through this type will be loaded
|
|
||||||
before any other protocol defined using the cdist __bird_xxx types. However,
|
|
||||||
note that if two functions have a dependency, they will be loaded in
|
|
||||||
alphabetical order, so some care may need to be taken in the naming.
|
|
||||||
|
|
||||||
This type takes it's input through stdin, expecting a valid function definition
|
|
||||||
as per the bird configuration file syntax.
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# Setup bird, a function and open a BGP session.
|
|
||||||
__bird_core --router-id 198.51.100.4
|
|
||||||
|
|
||||||
require='__bird_core' __bird_function is_device <<- EOF
|
|
||||||
function is_device (enum source)
|
|
||||||
{
|
|
||||||
if (source = RTS_DEVICE) then return true;
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
cdist-type__bird_core(7)
|
|
||||||
cdist-type__bird_bgp(7)
|
|
||||||
cdist-type__bird_filter(7)
|
|
||||||
cdist-type__bird_kernel(7)
|
|
||||||
cdist-type__bird_ospf(7)
|
|
||||||
cdist-type__bird_static(7)
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,41 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Joachim Desroches (joachim.desroches@epfl.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
'alpine'|'debian'|'ubuntu')
|
|
||||||
confdir=/etc/bird.d
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
printf "Your operating system (%s) is currently not supported by __bird_filter\n" "$os" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Functions start with 0 because bird loads the config in alphanumerical order
|
|
||||||
# and we need them to be defined to be used in the rest of the stuff.
|
|
||||||
__file "$confdir/0-function-${__object_id:?}.conf" \
|
|
||||||
--owner root --group bird --mode 0640 \
|
|
||||||
--source - << EOF
|
|
||||||
$(cat "${__object:?}"/stdin)
|
|
||||||
EOF
|
|
|
@ -1,73 +0,0 @@
|
||||||
cdist-type__bird_kernel(7)
|
|
||||||
==========================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__bird_kernel - configure syncing of routes with the kernel.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
|
|
||||||
This type writes the configuration for an instance of the kernel protocol to be
|
|
||||||
ran by the bird internet routing daemon. It **expects** to depend on the
|
|
||||||
`cdist-type__bird_core(7)` type.
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
description
|
|
||||||
An instance desciption to be printed when `birdc show protocols` is called.
|
|
||||||
|
|
||||||
persist
|
|
||||||
Instruct bird to leave routes in kernel table after exiting. See the bird
|
|
||||||
`persist` keyword.
|
|
||||||
|
|
||||||
learn
|
|
||||||
Learn routes added externally to the kernel routing table. See the bird
|
|
||||||
`learn` keyword.
|
|
||||||
|
|
||||||
channel
|
|
||||||
The channel to connect the protocol to. Usually `ipv4` or `ipv6`.
|
|
||||||
|
|
||||||
import
|
|
||||||
A string suitable for the bird `import` directive. Usually `all`, `none` or
|
|
||||||
a filter definition.
|
|
||||||
|
|
||||||
export
|
|
||||||
See import.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# Setup bird and open a BGP session.
|
|
||||||
__bird_core --router-id 198.51.100.4
|
|
||||||
|
|
||||||
require='__bird_core' __bird_kernel k4 \
|
|
||||||
--learn --persist --channel ipv4 \
|
|
||||||
--import all \
|
|
||||||
--export all
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
cdist-type__bird_bgp(7)
|
|
||||||
cdist-type__bird_core(7)
|
|
||||||
cdist-type__bird_filter(7)
|
|
||||||
cdist-type__bird_ospf(7)
|
|
||||||
cdist-type__bird_static(7)
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,83 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Joachim Desroches (joachim.desroches@epfl.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
"alpine"|"debian"|"ubuntu")
|
|
||||||
confdir="/etc/bird.d"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
printf "Your operating system (%s) is currently not supported by __bird_kernel\n" "$os" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Required parameters
|
|
||||||
channel="$(cat "${__object:?}/parameter/channel")"
|
|
||||||
|
|
||||||
# Boolean switches
|
|
||||||
persist=
|
|
||||||
if [ -f "${__object:?}"/parameter/persist ];
|
|
||||||
then
|
|
||||||
persist=true
|
|
||||||
fi
|
|
||||||
|
|
||||||
learn=
|
|
||||||
if [ -f "${__object:?}"/parameter/learn ];
|
|
||||||
then
|
|
||||||
learn=true
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Optional parameters
|
|
||||||
description=
|
|
||||||
if [ -f "${__object:?}"/parameter/description ];
|
|
||||||
then
|
|
||||||
description="$(cat "${__object:?}/parameter/description")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
import=
|
|
||||||
if [ -f "${__object:?}"/parameter/import ];
|
|
||||||
then
|
|
||||||
import="$(cat "${__object:?}/parameter/import")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
_export=
|
|
||||||
if [ -f "${__object:?}"/parameter/export ];
|
|
||||||
then
|
|
||||||
_export="$(cat "${__object:?}/parameter/export")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Install resulting configuration
|
|
||||||
__file "${confdir:?}"/kernel-"${__object_id:?}".conf \
|
|
||||||
--mode 0640 --owner root --group bird \
|
|
||||||
--source - << EOF
|
|
||||||
protocol kernel ${__object_id:?} {
|
|
||||||
$([ -n "${description?}" ] && printf "\tdescription \"%s\";\n" "${description?}")
|
|
||||||
$([ -n "${persist?}" ] && printf "\tpersist;\n")
|
|
||||||
$([ -n "${learn?}" ] && printf "\tlearn;\n")
|
|
||||||
${channel:?} {
|
|
||||||
import ${import:?};
|
|
||||||
export ${_export:?};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
EOF
|
|
|
@ -1,2 +0,0 @@
|
||||||
learn
|
|
||||||
persist
|
|
|
@ -1 +0,0 @@
|
||||||
description
|
|
|
@ -1,3 +0,0 @@
|
||||||
channel
|
|
||||||
import
|
|
||||||
export
|
|
|
@ -1,63 +0,0 @@
|
||||||
cdist-type__bird-ospf(7)
|
|
||||||
========================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__bird-ospf - Configure an instance of the OSPF protocol
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
|
|
||||||
This type is an *extremely rudimentary* method to configure a simple OSPF
|
|
||||||
protocol instance for bird, the internet routing daemon. Even this manpage is
|
|
||||||
pretty crude and will be fixed and expanded.
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
channel
|
|
||||||
The channel the protocol should connect to. Usually `ipv4` or `ipv6`.
|
|
||||||
|
|
||||||
import
|
|
||||||
The keyword or filter to decide what to import in the above channel.
|
|
||||||
|
|
||||||
export
|
|
||||||
The keyword or filter to decide what to export in the above channel.
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
description
|
|
||||||
A description given with `show protocol all`
|
|
||||||
|
|
||||||
instance-id
|
|
||||||
An OSPF instance ID, allowing several OSPF instances to run on the same
|
|
||||||
links.
|
|
||||||
|
|
||||||
extra-area-configuration
|
|
||||||
Configuration string added to the `area` section of the OSPF configuration.
|
|
||||||
|
|
||||||
OPTIONAL MULTIPLE PARAMETERS
|
|
||||||
----------------------------
|
|
||||||
|
|
||||||
stubnet
|
|
||||||
Add an optionless stubnet definition to the configuration.
|
|
||||||
|
|
||||||
interface
|
|
||||||
An interface to include in OSPF area 0. Is required unless
|
|
||||||
extra-area-configuration is set.
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
cdist-type__bird_core(7)
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,81 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Joachim Desroches (joachim.desroches@epfl.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
'alpine'|'debian'|'ubuntu')
|
|
||||||
confdir='/etc/bird.d'
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
printf "Your operating system (%s) is currently not supported by this __bird_ospf\n" "$os" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
description=
|
|
||||||
if [ -f "${__object:?}/parameter/description" ];
|
|
||||||
then
|
|
||||||
description="$(cat "${__object:?}/parameter/description")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
instance_id=
|
|
||||||
if [ -f "${__object:?}/parameter/instance-id" ];
|
|
||||||
then
|
|
||||||
instance_id="$(cat "${__object:?}/parameter/instance-id")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
extra_area_configuration=
|
|
||||||
if [ -f "${__object:?}/parameter/extra-area-configuration" ];
|
|
||||||
then
|
|
||||||
extra_area_configuration="$(cat "${__object:?}/parameter/extra-area-configuration")"
|
|
||||||
|
|
||||||
if [ "$extra_area_configuration" = "-" ]; then
|
|
||||||
extra_area_configuration=$(cat "$__object/stdin")
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f "${__object:?}/parameter/interface" ] && [ -z "$extra_area_configuration" ]; then
|
|
||||||
echo "Either --interface or --extra-area-configuration must be set." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
__file "${confdir:?}/ospf-${__object_id:?}.conf" \
|
|
||||||
--mode 0640 --owner root --group bird \
|
|
||||||
--source - << EOF
|
|
||||||
protocol ospf v3 ${__object_id:?} {
|
|
||||||
$([ -n "${description?}" ] && printf "\tdescription \"%s\";\n" "${description?}")
|
|
||||||
$([ -n "${instance_id?}" ] && printf "\tinstance id %s;\n" "${instance_id?}")
|
|
||||||
|
|
||||||
$(cat "${__object:?}/parameter/channel") {
|
|
||||||
import $(cat "${__object:?}/parameter/import");
|
|
||||||
export $(cat "${__object:?}/parameter/export");
|
|
||||||
};
|
|
||||||
|
|
||||||
area 0 {
|
|
||||||
$(sed -e 's/^/\t\tinterface "/' -e 's/$/";/' "${__object:?}/parameter/interface")
|
|
||||||
$(sed -e 's/^/\t\tsubnet /' -e 's/$/;/' "${__object:?}/parameter/subnet")
|
|
||||||
|
|
||||||
$extra_area_configuration
|
|
||||||
};
|
|
||||||
}
|
|
||||||
EOF
|
|
|
@ -1,3 +0,0 @@
|
||||||
description
|
|
||||||
instance-id
|
|
||||||
extra-area-configuration
|
|
|
@ -1,2 +0,0 @@
|
||||||
stubnet
|
|
||||||
interface
|
|
|
@ -1,3 +0,0 @@
|
||||||
channel
|
|
||||||
import
|
|
||||||
export
|
|
|
@ -1,71 +0,0 @@
|
||||||
cdist-type__bird_radv(7)
|
|
||||||
========================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__bird_radv - Configure the Bird Internet Router Daemon to send RAdvs.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
|
|
||||||
The Bird Internet Router Daemon knows about a bunch of internet routing
|
|
||||||
protocols. In particular, it can send Router Advertisements to help
|
|
||||||
autoconfigure IPv6 hosts, this type is a rudimentary implementation to generate
|
|
||||||
configuration for Bird to do so.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
interface
|
|
||||||
The interfaces to activate the protocol on. RAs will be sent using the
|
|
||||||
prefixes configured on these interfaces.
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
mtu
|
|
||||||
An optional MTU setting to include in the router advertisements.
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL MULTIPLE PARAMETERS
|
|
||||||
----------------------------
|
|
||||||
route
|
|
||||||
Routes to be added to the RA for hosts.
|
|
||||||
|
|
||||||
ns
|
|
||||||
Recursive DNS servers given to the hosts through RAs.
|
|
||||||
|
|
||||||
dnssl
|
|
||||||
Search domain to be given to the hosts through RAs.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
__bird_radv datacenter \
|
|
||||||
--interface eth1 \
|
|
||||||
--mtu 9000 \
|
|
||||||
--route ::/0 \
|
|
||||||
--ns 2001:DB8:cafe::4 \
|
|
||||||
--ns 2001:DB8:cafe::14 \
|
|
||||||
--dnssl "example.com"
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
`__bird_core(7)`
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,89 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Joachim Desroches (joachim.desroches@epfl.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
'alpine'|'debian'|'ubuntu')
|
|
||||||
confdir='/etc/bird.d'
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
printf "Your operating system (%s) is currently not supported by __bird_radv\n" "$os" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
have_routes=no
|
|
||||||
if [ -f "${__object:?}/parameter/route" ];
|
|
||||||
then
|
|
||||||
have_routes=yes
|
|
||||||
fi
|
|
||||||
|
|
||||||
RDNS=
|
|
||||||
if [ -f "${__object:?}/parameter/ns" ];
|
|
||||||
then
|
|
||||||
RDNS=$(cat << EOF
|
|
||||||
rdnss {
|
|
||||||
$(sed -e 's/^/\t\tns /' -e 's/$/;/' "${__object:?}/parameter/ns")
|
|
||||||
};
|
|
||||||
|
|
||||||
EOF
|
|
||||||
)
|
|
||||||
fi
|
|
||||||
|
|
||||||
DNSSL=
|
|
||||||
if [ -f "${__object:?}/parameter/dnssl" ];
|
|
||||||
then
|
|
||||||
DNSSL=$(sed -e 's/^/\tdnssl "/' -e 's/$/";/' "${__object:?}/parameter/dnssl")
|
|
||||||
fi
|
|
||||||
|
|
||||||
MTU=
|
|
||||||
if [ -f "${__object:?}/parameter/mtu" ];
|
|
||||||
then
|
|
||||||
MTU="link mtu $(cat "${__object:?}/parameter/mtu")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
__file "${confdir:?}/radv-${__object_id:?}.conf" \
|
|
||||||
--mode 0640 --owner root --group bird \
|
|
||||||
--source - << EOF
|
|
||||||
ipv6 table radv_routes;
|
|
||||||
|
|
||||||
protocol static {
|
|
||||||
description "Routes advertised via RAs";
|
|
||||||
ipv6 { table radv_routes; };
|
|
||||||
|
|
||||||
$(sed -e 's/^/\troute /' -e 's/$/ unreachable;/' "${__object:?}/parameter/route")
|
|
||||||
}
|
|
||||||
|
|
||||||
protocol radv ${__object_id:?} {
|
|
||||||
propagate routes ${have_routes:?};
|
|
||||||
ipv6 { table radv_routes; export all; };
|
|
||||||
|
|
||||||
interface "$(cat "${__object:?}/parameter/interface")" {
|
|
||||||
$MTU
|
|
||||||
};
|
|
||||||
|
|
||||||
$RDNS
|
|
||||||
|
|
||||||
$DNSSL
|
|
||||||
|
|
||||||
}
|
|
||||||
EOF
|
|
|
@ -1 +0,0 @@
|
||||||
mtu
|
|
|
@ -1,3 +0,0 @@
|
||||||
dnssl
|
|
||||||
ns
|
|
||||||
route
|
|
|
@ -1 +0,0 @@
|
||||||
interface
|
|
|
@ -1,25 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
# Template to generate a static protocol configuration file for bird(1).
|
|
||||||
# Required non-empty variables:
|
|
||||||
# __object_id, object
|
|
||||||
#
|
|
||||||
# Required defined variables:
|
|
||||||
# description
|
|
||||||
|
|
||||||
# Header
|
|
||||||
printf "protocol static %s {\n" "${__object_id:?}"
|
|
||||||
|
|
||||||
# Optional description
|
|
||||||
[ -n "${description?}" ] && printf "\tdescription \"%s\";\n" "${description:?}"
|
|
||||||
|
|
||||||
# Channel choice
|
|
||||||
printf "\t%s;\n" "$(cat "${__object:?}/parameter/channel")"
|
|
||||||
|
|
||||||
# Routes
|
|
||||||
while read -r route
|
|
||||||
do
|
|
||||||
printf "\troute %s;\n" "${route?}"
|
|
||||||
done < "${__object:?}/parameter/route"
|
|
||||||
|
|
||||||
# Header close
|
|
||||||
printf "}\n"
|
|
|
@ -1,69 +0,0 @@
|
||||||
cdist-type__bird_static(7)
|
|
||||||
==========================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__bird_static - configure an instance of the bird static protocol.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
This type write the configuration file for an instance of the static protocl to
|
|
||||||
be ran bu the bird internet routing daemon, allowing an administrator to inject
|
|
||||||
static routes into the daemon's routing tables. This protocol allows for only
|
|
||||||
one of two channels to be used, either `ipv4` or `ipv6`, by default `ipv6` is
|
|
||||||
used unless the `ipv4` flag is passed. This type **expects** to depend on the
|
|
||||||
`cdist-type__bird_core(7)` type.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
channel
|
|
||||||
The channel to use between the protocol and the table.
|
|
||||||
|
|
||||||
REQUIRED MULTIPLE PARAMETERS
|
|
||||||
----------------------------
|
|
||||||
route
|
|
||||||
This flag expects a valid route to be inserted between the bird `route`
|
|
||||||
keyword and the end of line. It may be specified as many times as necessary.
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
description
|
|
||||||
An instance desciption to be printed when `birdc show protocols` is called.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# Setup bird and open a BGP session.
|
|
||||||
__bird_core --router-id 198.51.100.4
|
|
||||||
|
|
||||||
require='__bird_core' __bird_static static4 \
|
|
||||||
--description "static ipv4 routes plugged into bird" \
|
|
||||||
--route "198.51.0.0/16 via 192.51.100.1" \
|
|
||||||
--route "192.52.0.0/16 via 192.51.100.1"
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
cdist-type__bird_core(7)
|
|
||||||
cdist-type__bird_bgp(7)
|
|
||||||
cdist-type__bird_kernel(7)
|
|
||||||
cdist-type__bird_ospf(7)
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,51 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Joachim Desroches (joachim.desroches@epfl.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
'alpine'|'debian'|'ubuntu')
|
|
||||||
confdir=/etc/bird.d
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
printf "Your operating system (%s) is currently not supported by __bird_static\n" "$os" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Required parameter route is directly accessed in template.
|
|
||||||
# Boolean parameter ipv4 is directly accessed in template.
|
|
||||||
# Optional parameter description
|
|
||||||
description=
|
|
||||||
if [ -f "${__object:?}/parameter/description" ];
|
|
||||||
then
|
|
||||||
description="$(cat "${__object:?}/parameter/description")"
|
|
||||||
fi
|
|
||||||
export description
|
|
||||||
|
|
||||||
# Run template
|
|
||||||
"${__type:?}"/files/template.sh > "${__files:?}/static-${__object_id:?}.conf"
|
|
||||||
|
|
||||||
# Install resulting configuration
|
|
||||||
__file "${confdir:?}"/static-"${__object_id:?}".conf \
|
|
||||||
--mode 0640 --owner root --group bird \
|
|
||||||
--source "${__files:?}/static-${__object_id:?}.conf"
|
|
|
@ -1 +0,0 @@
|
||||||
description
|
|
|
@ -1 +0,0 @@
|
||||||
channel
|
|
|
@ -1 +0,0 @@
|
||||||
route
|
|
|
@ -1,41 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
passphrase=
|
|
||||||
appendonly=
|
|
||||||
|
|
||||||
case "$(cat "${__object:?}/parameter/encryption")" in
|
|
||||||
none)
|
|
||||||
enc=none
|
|
||||||
;;
|
|
||||||
repokey)
|
|
||||||
enc=repokey
|
|
||||||
if [ -f "${__object:?}/parameter/passphrase" ];
|
|
||||||
then
|
|
||||||
passphrase="$(cat "${__object:?}/parameter/passphrase")"
|
|
||||||
else
|
|
||||||
echo "__borg_repo cannot use repokey encryption with no passphrase. Aborting." >&2;
|
|
||||||
exit 1;
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "$enc is not a known encryption mode for __borg_repo. Aborting." >&2
|
|
||||||
exit 1;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if [ -f "${__object:?}/parameter/append-only" ];
|
|
||||||
then
|
|
||||||
appendonly='--append-only'
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "${__object:?}/parameter/owner" ];
|
|
||||||
then
|
|
||||||
doas="sudo -u '$(cat "${__object:?}/parameter/owner")'"
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat <<- EOF
|
|
||||||
set -x
|
|
||||||
if [ ! -d "/${__object_id:?}" ]; then
|
|
||||||
$doas BORG_NEW_PASSPHRASE=$passphrase borg init -e ${enc:?} $appendonly /${__object_id:?}
|
|
||||||
fi
|
|
||||||
EOF
|
|
||||||
|
|
|
@ -1,46 +0,0 @@
|
||||||
cdist-type__borg_repo(7)
|
|
||||||
========================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__borg_repo - Configure a borg repository on host
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
|
|
||||||
Initializes a borg repository at the location specified in the
|
|
||||||
`${__object_id}`. Nothing is done if the repository already exists.
|
|
||||||
|
|
||||||
Currently, only `none` and `repokey` are supported as encryption modes;
|
|
||||||
`repokey` requires the `passphrase` argument to be given. The default is
|
|
||||||
`none`.
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
encryption
|
|
||||||
The encryption to use.
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
passphrase
|
|
||||||
The passphrase to encrypt the keyfile with.
|
|
||||||
|
|
||||||
owner
|
|
||||||
Remote user owning the repository.
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
|
||||||
------------------
|
|
||||||
append-only
|
|
||||||
If the repository is append-only
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2020 Joachim Desroches. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,20 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
os="$(cat "${__global:?}"/explorer/os)"
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
"alpine"|"ubuntu")
|
|
||||||
borg_package=borgbackup
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "__borg_repo is not yet implemented for os $os. Aborting." >&2;
|
|
||||||
exit 1;
|
|
||||||
esac
|
|
||||||
|
|
||||||
__package "$borg_package"
|
|
||||||
|
|
||||||
if [ -f "${__object:?}/parameter/owner" ];
|
|
||||||
then
|
|
||||||
__package sudo
|
|
||||||
fi
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
append-only
|
|
|
@ -1 +0,0 @@
|
||||||
none
|
|
|
@ -1,2 +0,0 @@
|
||||||
passphrase
|
|
||||||
owner
|
|
|
@ -1 +0,0 @@
|
||||||
encryption
|
|
|
@ -1,49 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
# This explorer determines the path of dma's auth.conf file
|
|
||||||
|
|
||||||
# No dma.conf -> use default
|
|
||||||
test -f /etc/dma/dma.conf || {
|
|
||||||
echo /etc/dma/auth.conf
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
test -r /etc/dma/dma.conf || {
|
|
||||||
echo 'Cannot read /etc/dma/dma.conf' >&2
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
# Get AUTHPATH from dma.conf
|
|
||||||
awk -F'[ \t]' '
|
|
||||||
{
|
|
||||||
sub(/#.*$/, "", $0) # remove comments
|
|
||||||
if (!$0) next # ignore empty lines
|
|
||||||
}
|
|
||||||
$1 == "AUTHPATH" {
|
|
||||||
# Store authpath. In dma conf parsing last wins.
|
|
||||||
if ($2) authpath = substr($0, index($0, " ") + 1)
|
|
||||||
}
|
|
||||||
END {
|
|
||||||
if (authpath) {
|
|
||||||
print authpath
|
|
||||||
exit 0
|
|
||||||
} else exit 1
|
|
||||||
}
|
|
||||||
' /etc/dma/dma.conf \
|
|
||||||
|| echo /etc/dma/auth.conf # default
|
|
|
@ -1,34 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
# This explorer returns a sorted list of "active" (= non-commented) lines
|
|
||||||
# in the dma.conf file.
|
|
||||||
# "Trailing" line comments are stripped off.
|
|
||||||
#
|
|
||||||
# NOTE: This explorer assumes that the sort(1) utility supports the non-POXIX
|
|
||||||
# -s (stable sort) option.
|
|
||||||
|
|
||||||
CONF_PATH=/etc/dma # set in Makefile
|
|
||||||
dma_conf="${CONF_PATH:?}/dma.conf"
|
|
||||||
|
|
||||||
test -f "${dma_conf}" || exit 0
|
|
||||||
|
|
||||||
grep -v -e '^[ \t]*#\|^$' "${dma_conf}" \
|
|
||||||
| sed -e 's/[ \t]*#.*$//' \
|
|
||||||
| sort -s -k 1,1
|
|
|
@ -1,178 +0,0 @@
|
||||||
#!/usr/bin/awk -f
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
function comment_line(line) {
|
|
||||||
# returns the position in line at which the comment's text starts
|
|
||||||
# (0 if the line is not a comment)
|
|
||||||
match(line, /^[ \t]*\#+[ \t]*/)
|
|
||||||
return RSTART ? (RLENGTH + 1) : 0
|
|
||||||
}
|
|
||||||
function empty_line(line) { return line ~ /^[ \t]*$/ }
|
|
||||||
function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word"
|
|
||||||
|
|
||||||
function first(line, sep_re) {
|
|
||||||
# returns the part of the line until sep is found
|
|
||||||
# (or the whole line if sep is not found)
|
|
||||||
if (!sep_re) sep_re = "[" SUBSEP "]"
|
|
||||||
match(line, sep_re)
|
|
||||||
return RSTART ? substr(line, 1, RSTART - 1) : line
|
|
||||||
}
|
|
||||||
|
|
||||||
function rest(line, sep_re) {
|
|
||||||
# returns the part of the line after the first occurrence of sep is found.
|
|
||||||
# (or nothing if sep is not found)
|
|
||||||
if (!sep_re) sep_re = "[" SUBSEP "]"
|
|
||||||
if (match(line, sep_re))
|
|
||||||
return substr(line, RSTART + RLENGTH)
|
|
||||||
}
|
|
||||||
|
|
||||||
function conf_pop(word, value) {
|
|
||||||
# returns the next value for the config `word` and delete it from the list.
|
|
||||||
# if value is set, this function will only return value if it is the first
|
|
||||||
# option in the list, otherwise it returns 0.
|
|
||||||
|
|
||||||
if (!(word in conf)) return 0
|
|
||||||
if (!value) {
|
|
||||||
if (index(conf[word], SUBSEP)) # more than one element?
|
|
||||||
value = substr(conf[word], 1, index(conf[word], SUBSEP) - 1)
|
|
||||||
else
|
|
||||||
value = conf[word]
|
|
||||||
}
|
|
||||||
|
|
||||||
if (index(conf[word], SUBSEP)) {
|
|
||||||
if (index(conf[word], value SUBSEP) != 1) return 0
|
|
||||||
conf[word] = substr(conf[word], length(value) + 2)
|
|
||||||
} else {
|
|
||||||
if (conf[word] != value) return 0
|
|
||||||
delete conf[word]
|
|
||||||
}
|
|
||||||
return value
|
|
||||||
}
|
|
||||||
|
|
||||||
function print_conf(word, value) {
|
|
||||||
# print a config line with the given parameters
|
|
||||||
printf "%s", word
|
|
||||||
if (value) printf " %s", value
|
|
||||||
printf "\n"
|
|
||||||
}
|
|
||||||
|
|
||||||
function print_confs(word, value) {
|
|
||||||
# print config lines for all values stored in conf[word].
|
|
||||||
if (!(word in conf)) return
|
|
||||||
if (conf[word]) {
|
|
||||||
while (value = conf_pop(word))
|
|
||||||
print_conf(word, value)
|
|
||||||
} else {
|
|
||||||
print_conf(word)
|
|
||||||
delete conf[word]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
BEGIN {
|
|
||||||
FS = "\n"
|
|
||||||
EQS = "[ \t]" # copied from dma/conf.c
|
|
||||||
|
|
||||||
if (ARGV[2]) exit (e=1)
|
|
||||||
|
|
||||||
# Loop over file twice!
|
|
||||||
ARGV[2] = ARGV[1]
|
|
||||||
ARGC++
|
|
||||||
|
|
||||||
# read the "should" state into the `conf` array.
|
|
||||||
while (getline < "/dev/stdin") {
|
|
||||||
word = first($0, EQS)
|
|
||||||
if ((word in conf))
|
|
||||||
conf[word] = conf[word] SUBSEP rest($0, EQS)
|
|
||||||
else
|
|
||||||
conf[word] = rest($0, EQS)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# first pass, gather information about where which information is stored in the
|
|
||||||
# current config file. This information will be used in the second pass.
|
|
||||||
NR == FNR {
|
|
||||||
if (comment_line($0)) {
|
|
||||||
# comment line
|
|
||||||
word = first(substr($0, comment_line($0)), " ")
|
|
||||||
if (is_word(word)) last_occ["#" word] = FNR
|
|
||||||
} else {
|
|
||||||
word = first($0, EQS)
|
|
||||||
if (is_word(word)) last_occ[word] = FNR
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# before second pass prepare hashes containing location information to be used
|
|
||||||
# in the second pass.
|
|
||||||
NR > FNR && FNR == 1 {
|
|
||||||
# First we drop the locations of commented-out options if a non-commented
|
|
||||||
# option is available. If a non-commented option is available, we will
|
|
||||||
# append new config options there to have them all at one place.
|
|
||||||
for (k in last_occ)
|
|
||||||
if (k ~ /^\#/ && (substr(k, 2) in last_occ))
|
|
||||||
delete last_occ[k]
|
|
||||||
|
|
||||||
# Reverse the option => line mapping. The line_map allows for easier lookups
|
|
||||||
# in the second pass.
|
|
||||||
for (k in last_occ) line_map[last_occ[k]] = k
|
|
||||||
}
|
|
||||||
|
|
||||||
# second pass, generate and output new config
|
|
||||||
NR > FNR {
|
|
||||||
if (comment_line($0) || empty_line($0)) {
|
|
||||||
# comment or empty line
|
|
||||||
print
|
|
||||||
|
|
||||||
if ((FNR in line_map)) {
|
|
||||||
if (line_map[FNR] ~ /^\#/) {
|
|
||||||
# This line contains a commented config option. If the conf hash
|
|
||||||
# contains options to be set, we output them here because this
|
|
||||||
# option is not used in the current config.
|
|
||||||
k = substr(line_map[FNR], 2)
|
|
||||||
if ((k in conf)) print_confs(k)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) {
|
|
||||||
# INSECURE goes where SECURE comment is.
|
|
||||||
print_confs("INSECURE")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
word = first($0, EQS)
|
|
||||||
value = rest($0, EQS)
|
|
||||||
sub(/[ \t]*\#.*$/, "", value) # ignore comments in value
|
|
||||||
|
|
||||||
if ((word in conf) && value == first(conf[word])) {
|
|
||||||
# keep config options we want
|
|
||||||
conf_pop(word)
|
|
||||||
print
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((FNR in line_map) && line_map[FNR] == word) {
|
|
||||||
# rest of config options should be here
|
|
||||||
print_confs(word)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
END {
|
|
||||||
if (e) exit
|
|
||||||
|
|
||||||
# print rest of config options (
|
|
||||||
for (word in conf) print_confs(word)
|
|
||||||
}
|
|
|
@ -1,177 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
|
|
||||||
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
|
|
||||||
|
|
||||||
CONF_PATH=/etc/dma # set in Makefile
|
|
||||||
|
|
||||||
# Determine mailname
|
|
||||||
if test -f "${__object:?}/parameter/mailname"
|
|
||||||
then
|
|
||||||
mailname=$(cat "${__object:?}/parameter/mailname")
|
|
||||||
else
|
|
||||||
case $(cat "${__global:?}/explorer/os")
|
|
||||||
in
|
|
||||||
(debian|devuan|ubuntu)
|
|
||||||
# On Debian-like systems use /etc/mailname unless --mailname is used
|
|
||||||
mailname='/etc/mailname'
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
mailname=${__target_fqdn:?}
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Generate "should" values for config
|
|
||||||
conf_should=$(
|
|
||||||
if test -s "${__object:?}/parameter/smarthost"
|
|
||||||
then
|
|
||||||
printf 'SMARTHOST %s\n' "$(cat "${__object:?}/parameter/smarthost")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
printf 'MAILNAME %s\n' "${mailname}"
|
|
||||||
|
|
||||||
if test -s "${__object:?}/explorer/auth_conf"
|
|
||||||
then
|
|
||||||
printf "AUTHPATH %s\n" "$(cat "${__object:?}/explorer/auth_conf")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
case $(cat "${__object:?}/parameter/security")
|
|
||||||
in
|
|
||||||
(ssl|tls)
|
|
||||||
default_smtp_port=465
|
|
||||||
echo 'SECURETRANSFER'
|
|
||||||
;;
|
|
||||||
(starttls)
|
|
||||||
default_smtp_port=587
|
|
||||||
echo 'SECURETRANSFER'
|
|
||||||
echo 'STARTTLS'
|
|
||||||
;;
|
|
||||||
(opportunistic)
|
|
||||||
default_smtp_port=25
|
|
||||||
echo 'SECURETRANSFER'
|
|
||||||
echo 'STARTTLS'
|
|
||||||
echo 'OPPORTUNISTIC_TLS'
|
|
||||||
;;
|
|
||||||
(insecure)
|
|
||||||
default_smtp_port=25
|
|
||||||
echo 'INSECURE'
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if test -s "${__object:?}/parameter/port"
|
|
||||||
then
|
|
||||||
printf 'PORT %u\n' "$(cat "${__object:?}/parameter/port")"
|
|
||||||
elif test "${default_smtp_port}" -ne 25 # DMA uses port 25 by default
|
|
||||||
then
|
|
||||||
printf 'PORT %u\n' "${default_smtp_port}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -f "${__object:?}/parameter/masquerade"
|
|
||||||
then
|
|
||||||
while read -r line
|
|
||||||
do
|
|
||||||
printf 'MASQUERADE %s\n' "${line}"
|
|
||||||
done <"${__object:?}/parameter/masquerade"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -f "${__object:?}/parameter/defer"
|
|
||||||
then
|
|
||||||
echo 'DEFER'
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -f "${__object:?}/parameter/fullbounce"
|
|
||||||
then
|
|
||||||
echo 'FULLBOUNCE'
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -f "${__object:?}/parameter/nullclient"
|
|
||||||
then
|
|
||||||
test -s "${__object:?}/parameter/smarthost" || {
|
|
||||||
echo '--nullclient requires a --smarthost to be defined' >&2
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
echo 'NULLCLIENT'
|
|
||||||
fi
|
|
||||||
)
|
|
||||||
# Sort conf_should to compare against "conf_is"
|
|
||||||
conf_should=$(echo "${conf_should}" | sort -s -k 1,1)
|
|
||||||
|
|
||||||
config_updated=false
|
|
||||||
if ! echo "${conf_should}" | cmp -s "${__object:?}/explorer/conf" -
|
|
||||||
then
|
|
||||||
# config needs to be updated
|
|
||||||
dma_conf="${CONF_PATH:?}/dma.conf"
|
|
||||||
|
|
||||||
# The following AWK script will output the new config file to be stored on
|
|
||||||
# disk. To do so it reads the current dma.conf file and the config options
|
|
||||||
# that should be set (from stdin).
|
|
||||||
# Note that the path to the current dma.conf is passed to AWK twice, because
|
|
||||||
# the new file cannot be generated in one pass.
|
|
||||||
|
|
||||||
# The logic tries to place options at a sensible location, that is:
|
|
||||||
# a) if the option is already used in the config file:
|
|
||||||
# group all similar options (e.g. MASQUERADE) at one place in the order
|
|
||||||
# they are listed in stdin.
|
|
||||||
# b) if it is a new option and a "default comment" (e.g. "#PORT 25") exists:
|
|
||||||
# place options grouped directly after the comment (the comment is left
|
|
||||||
# alone)
|
|
||||||
# c) otherwise:
|
|
||||||
# options are grouped by word (the first word in the line) and appended
|
|
||||||
# at the end of the file.
|
|
||||||
|
|
||||||
cat <<-CODE
|
|
||||||
awk $(drop_awk_comments "${__type:?}/files/update_dma_conf.awk") $(quote "${dma_conf}") <<'EOF' >$(quote "${dma_conf}.tmp") \
|
|
||||||
&& cat $(quote "${dma_conf}.tmp") >$(quote "${dma_conf}")
|
|
||||||
${conf_should}
|
|
||||||
EOF
|
|
||||||
rm $(quote "${dma_conf}.tmp")
|
|
||||||
CODE
|
|
||||||
|
|
||||||
config_updated=true
|
|
||||||
echo 'config updated' >>"${__messages_out:?}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Send a test email if enabled and necessary (=configuration changed)
|
|
||||||
if test -f "${__object:?}/parameter/send-test-mail"
|
|
||||||
then
|
|
||||||
if grep -q '^__mail_alias/root:' "${__messages_in:?}" \
|
|
||||||
|| grep -q '^__dma_auth/' "${__messages_in:?}" \
|
|
||||||
|| ${config_updated}
|
|
||||||
then
|
|
||||||
cat <<-CODE
|
|
||||||
sendmail root <<'EOF'
|
|
||||||
Subject: [cdist] Test mail from '${__target_fqdn:?}'
|
|
||||||
|
|
||||||
Hi,
|
|
||||||
|
|
||||||
you can ignore this message.
|
|
||||||
Its sole purpose is to notify you that root mail on ${__target_fqdn:?}
|
|
||||||
will be redirected to you.
|
|
||||||
|
|
||||||
Enjoy!
|
|
||||||
EOF
|
|
||||||
CODE
|
|
||||||
fi
|
|
||||||
fi
|
|
|
@ -1,112 +0,0 @@
|
||||||
cdist-type__dma(7)
|
|
||||||
============================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__dma - Setup the DragonFly Mail Agent as the MTA.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
This (singleton) type uses DMA, a small Mail Transport Agent (MTA), to accept
|
|
||||||
mails from locally installed Mail User Agents (MUA) and either deliver the mails
|
|
||||||
to a remote smart host for delivery or communicate with remote SMTP servers
|
|
||||||
directly.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
None.
|
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
|
||||||
------------------
|
|
||||||
defer
|
|
||||||
If enabled, mail will not be sent immediately, but stored in a queue.
|
|
||||||
To flush the queue and send the mails, ```dma -q`` has to be run
|
|
||||||
periodically (e.g. using a cron job.)
|
|
||||||
This type does not manage such a cron job, but some operating systems ship
|
|
||||||
such a cron job with the package.
|
|
||||||
fullbounce
|
|
||||||
Enable if bounce messages should include the complete original message,
|
|
||||||
not just the headers.
|
|
||||||
nullclient
|
|
||||||
Enable to bypass aliases and local delivery, and instead forward all mails
|
|
||||||
to the defined ``--smarthost``.
|
|
||||||
send-test-mail
|
|
||||||
If set, this type will send a test email to root after setup, to check if
|
|
||||||
the configured settings work.
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
mailname
|
|
||||||
If present, this will be the hostname used to identify this host and the
|
|
||||||
remote part of the sender addresses.
|
|
||||||
If not defined, it defaults to ``/etc/mailname`` on Debian derivatives and
|
|
||||||
to ``__target_fqdn`` otherwise.
|
|
||||||
See `dma(8)` for more information.
|
|
||||||
|
|
||||||
Note: on Debian derivatives the ``/etc/mailname`` file should be updated
|
|
||||||
instead of using this parameter.
|
|
||||||
masquerade
|
|
||||||
Masquerade the envelope-from addresses with this address/hostname.
|
|
||||||
Use this setting if mails are not accepted by destination mail servers
|
|
||||||
because your sender domain is invalid.
|
|
||||||
This option can be used multiple times.
|
|
||||||
For more information see the `dma(8)` man page.
|
|
||||||
port
|
|
||||||
The port on which to deliver email.
|
|
||||||
If not provided, a sensible default port will be used based on the
|
|
||||||
``--security`` argument.
|
|
||||||
security
|
|
||||||
Configures whether and how DMA should use secure connections.
|
|
||||||
|
|
||||||
ssl/tls
|
|
||||||
Enable TLS/SSL secured transfer.
|
|
||||||
starttls
|
|
||||||
Use STARTTLS to establish a secure connection.
|
|
||||||
opportunistic (default)
|
|
||||||
Will try to establish a secure connection using STARTTLS, but allow
|
|
||||||
unencrypted transfer if STARTTLS fails.
|
|
||||||
Most useful when dma is used without a smarthost, delivering remote
|
|
||||||
messages directly to the outside mail exchangers.
|
|
||||||
insecure
|
|
||||||
allow plain text SMTP login over an insecure connection.
|
|
||||||
Should really *not* be used anymore!
|
|
||||||
smarthost
|
|
||||||
The mail server used to send email.
|
|
||||||
It must be configured to act as a relay for the host being configured by
|
|
||||||
this type so that mail can be sent to users non-local to the smarthost.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# Install DMA and use the smarthost mx1.domain.tld to send mail.
|
|
||||||
__dma --smarthost mx1.domain.tld --send-test-mail
|
|
||||||
|
|
||||||
# Install DMA in a default configuration.
|
|
||||||
__dma
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
- `DragonFly Mail Agent <https://github.com/corecode/dma>`_
|
|
||||||
- `DragonFly Handbook MTA <https://www.dragonflybsd.org/handbook/mta/>`_
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Evilham <contact@evilham.com>
|
|
||||||
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2020 Evilham and Dennis Camera. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,66 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
|
||||||
|
|
||||||
# Install DMA
|
|
||||||
case ${os}
|
|
||||||
in
|
|
||||||
(alpine)
|
|
||||||
__package dma --state present
|
|
||||||
export require='__package/dma'
|
|
||||||
;;
|
|
||||||
(debian|devuan|ubuntu)
|
|
||||||
__package dma --state present
|
|
||||||
export require='__package/dma'
|
|
||||||
;;
|
|
||||||
(freebsd)
|
|
||||||
# Stop sendmail if necessary
|
|
||||||
__process 'sendmail' --name 'sendmail.*' --state absent \
|
|
||||||
--stop '/etc/rc.d/sendmail onestop'
|
|
||||||
|
|
||||||
# ... and disable it
|
|
||||||
__key_value 'rcconf-sendmail-enable' --file '/etc/rc.conf' \
|
|
||||||
--key 'sendmail_enable' --delimiter '=' --value '"NONE"' \
|
|
||||||
--exact_delimiter
|
|
||||||
|
|
||||||
# Setup mailwrapper accordingly
|
|
||||||
__file '/etc/mail/mailer.conf' --mode 0644 --source - <<-'EOF'
|
|
||||||
#
|
|
||||||
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
|
|
||||||
#
|
|
||||||
sendmail /usr/libexec/dma
|
|
||||||
send-mail /usr/libexec/dma
|
|
||||||
mailq /usr/libexec/dma
|
|
||||||
newaliases /usr/libexec/dma
|
|
||||||
rmail /usr/libexec/dma
|
|
||||||
EOF
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
cat <<EOF >&2
|
|
||||||
Your OS (${os}) is not supported yet.
|
|
||||||
|
|
||||||
Maybe adding support is as simple as adapting the packages or allowing it,
|
|
||||||
we highly encourage you to open a PR with the necessary changes.
|
|
||||||
See: https://code.ungleich.ch/ungleich-public/cdist-contrib/
|
|
||||||
EOF
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
|
@ -1,4 +0,0 @@
|
||||||
defer
|
|
||||||
fullbounce
|
|
||||||
nullclient
|
|
||||||
send-test-mail
|
|
|
@ -1 +0,0 @@
|
||||||
opportunistic
|
|
|
@ -1,4 +0,0 @@
|
||||||
mailname
|
|
||||||
port
|
|
||||||
security
|
|
||||||
smarthost
|
|
|
@ -1 +0,0 @@
|
||||||
masquerade
|
|
|
@ -1 +0,0 @@
|
||||||
../../__dma/explorer/auth_conf
|
|
|
@ -1,91 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
# This explorer looks for a line matching the server parameter
|
|
||||||
# in dma's auth.conf and reports:
|
|
||||||
# present: a line matching login + host + password exists
|
|
||||||
# absent: no line matching login + host exists
|
|
||||||
# different_login: a line exists but with a different login user
|
|
||||||
# different_password: a line exists but with a different password
|
|
||||||
# multiple: multiple lines matching host exist (should not happen)
|
|
||||||
|
|
||||||
auth_conf=$("${__type_explorer:?}/auth_conf")
|
|
||||||
test -r "${auth_conf}" || exit 0
|
|
||||||
|
|
||||||
awk -F'\n' '
|
|
||||||
function getvalue(path) {
|
|
||||||
# Reads the first line of the file located at path and returns it.
|
|
||||||
getline < path
|
|
||||||
close(path)
|
|
||||||
return $0
|
|
||||||
}
|
|
||||||
|
|
||||||
BEGIN {
|
|
||||||
DP = "[: \t]" # copied from dma/conf.c
|
|
||||||
|
|
||||||
parameter_dir = ENVIRON["__object"] "/parameter/"
|
|
||||||
|
|
||||||
# Read the parameters of this object
|
|
||||||
host_param = ENVIRON["__object_id"]
|
|
||||||
login_param = getvalue(parameter_dir "login")
|
|
||||||
passwd_param = getvalue(parameter_dir "password")
|
|
||||||
|
|
||||||
state = "absent"
|
|
||||||
}
|
|
||||||
|
|
||||||
/^#/ || /^$/ {
|
|
||||||
# skip comments and empty lines
|
|
||||||
next
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
|
||||||
# parse line
|
|
||||||
|
|
||||||
login = substr($0, 1, index($0, "|") - 1)
|
|
||||||
if (!login) { login = $0 } # if no "|" found
|
|
||||||
|
|
||||||
host = substr($0, length(login) + 2)
|
|
||||||
|
|
||||||
if (match(host, DP)) {
|
|
||||||
passwd = substr(host, RSTART + 1)
|
|
||||||
host = substr(host, 1, RSTART - 1)
|
|
||||||
} else {
|
|
||||||
passwd = ""
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
host == host_param {
|
|
||||||
# a match…
|
|
||||||
if (state == "absent") {
|
|
||||||
if (login != login_param)
|
|
||||||
state = "different_login"
|
|
||||||
else if (passwd != passwd_param)
|
|
||||||
state = "different_password"
|
|
||||||
else
|
|
||||||
state = "present"
|
|
||||||
} else {
|
|
||||||
# report "multiple" to that the type can remove the duplicates.
|
|
||||||
state = "multiple"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
END {
|
|
||||||
print state
|
|
||||||
}
|
|
||||||
' "${auth_conf}"
|
|
|
@ -1,93 +0,0 @@
|
||||||
#!/usr/bin/awk -f
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
function getvalue(path) {
|
|
||||||
# Reads the first line of the file located at path and returns it.
|
|
||||||
getline < path
|
|
||||||
close(path)
|
|
||||||
return $0
|
|
||||||
}
|
|
||||||
|
|
||||||
function print_should() {
|
|
||||||
printf "%s|%s:%s\n", login_param, host_param, passwd_param
|
|
||||||
}
|
|
||||||
|
|
||||||
BEGIN {
|
|
||||||
FS = "\n"
|
|
||||||
DP = "[: \t]" # copied from dma/conf.c
|
|
||||||
|
|
||||||
parameter_dir = ENVIRON["__object"] "/parameter/"
|
|
||||||
|
|
||||||
mode = (getvalue(parameter_dir "state") != "absent")
|
|
||||||
|
|
||||||
host_param = ENVIRON["__object_id"]
|
|
||||||
login_param = getvalue(parameter_dir "login")
|
|
||||||
passwd_param = getvalue(parameter_dir "password")
|
|
||||||
}
|
|
||||||
|
|
||||||
# skip comments and empty lines
|
|
||||||
/^#/ || /^$/ {
|
|
||||||
print
|
|
||||||
next
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
|
||||||
# parse line (like dma/conf.c would)
|
|
||||||
|
|
||||||
login = substr($0, 1, index($0, "|") - 1)
|
|
||||||
if (!login) { login = $0 } # if no "|" found
|
|
||||||
|
|
||||||
host = substr($0, length(login) + 2)
|
|
||||||
|
|
||||||
if (match(host, DP)) {
|
|
||||||
passwd = substr(host, RSTART + 1)
|
|
||||||
host = substr(host, 1, RSTART - 1)
|
|
||||||
} else {
|
|
||||||
passwd = ""
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
host == host_param {
|
|
||||||
if (mode) {
|
|
||||||
# state_should == present
|
|
||||||
if (!written) {
|
|
||||||
# replace first line if host matches (but only if no line has
|
|
||||||
# been written already -> no duplicates)
|
|
||||||
print_should()
|
|
||||||
written = 1
|
|
||||||
}
|
|
||||||
next
|
|
||||||
} else {
|
|
||||||
# state_should == absent
|
|
||||||
next
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# leave other lines alone
|
|
||||||
{
|
|
||||||
print
|
|
||||||
}
|
|
||||||
|
|
||||||
END {
|
|
||||||
if (mode && !written) {
|
|
||||||
# append line if no match to replace was found
|
|
||||||
print_should()
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,72 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
|
|
||||||
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
|
|
||||||
|
|
||||||
state_is=$(cat "${__object:?}/explorer/state")
|
|
||||||
state_should=$(cat "${__object:?}/parameter/state")
|
|
||||||
|
|
||||||
server=${__object_id:?}
|
|
||||||
login=$(cat "${__object:?}/parameter/login")
|
|
||||||
|
|
||||||
|
|
||||||
auth_conf=$(cat "${__object:?}/explorer/auth_conf")
|
|
||||||
test -n "${auth_conf}" || {
|
|
||||||
echo 'Cannot determine path of dma auth.conf' >&2
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
if test "${state_is}" = "${state_should}"
|
|
||||||
then
|
|
||||||
# state is as it should
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
case ${state_should}
|
|
||||||
in
|
|
||||||
(present)
|
|
||||||
test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; }
|
|
||||||
|
|
||||||
if test "${state_is}" = 'absent'
|
|
||||||
then
|
|
||||||
printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
|
|
||||||
else
|
|
||||||
printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
(absent)
|
|
||||||
printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
printf 'Invalid --state: %s.\n' "${state_should}" >&2
|
|
||||||
printf 'Acceptable values are: present, absent.\n' >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
cat <<EOF
|
|
||||||
test -f $(quote "${auth_conf}") || touch $(quote "${auth_conf}")
|
|
||||||
|
|
||||||
awk $(drop_awk_comments "${__type:?}/files/update_dma_auth.awk") <$(quote "${auth_conf}") >$(quote "${auth_conf}.tmp") \
|
|
||||||
&& cat $(quote "${auth_conf}.tmp") >$(quote "${auth_conf}")
|
|
||||||
rm -f $(quote "${auth_conf}.tmp")
|
|
||||||
EOF
|
|
|
@ -1,66 +0,0 @@
|
||||||
cdist-type__dma_auth(7)
|
|
||||||
=======================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__dma_auth - Configure SMTP logins for the DragonFly Mail Agent MTA.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
This cdist type allows you to set up credentials to log in to remote SMTP
|
|
||||||
servers.
|
|
||||||
|
|
||||||
NB: dma currently (v0.13) does not differentiate between users on a host.
|
|
||||||
It will use whatever user it finds in the ``auth.conf`` first.
|
|
||||||
Thus, this type will use the ``__object_id`` as the host specifier.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
login
|
|
||||||
The user's LOGIN name on the SMTP server.
|
|
||||||
password
|
|
||||||
The user's password (in plain text.)
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
state
|
|
||||||
Either ``present`` or ``absent``. Defaults to ``present``.
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
|
||||||
------------------
|
|
||||||
None.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# Set the password for smarthost
|
|
||||||
__dma_auth smarthost.example.com --login joe --password hunter2
|
|
||||||
|
|
||||||
# Set credentials for user at an external provider
|
|
||||||
__dma_auth mail.provider.com --login paul@example.com --password letmein
|
|
||||||
|
|
||||||
# Delete credentials for example.com (for all users)
|
|
||||||
__dma_auth example.com --login '' --password '' --state absent
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
:strong:`cdist-type__dma`\ (7), :strong:`dma`\ (8)
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2020 Dennis Camera. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1 +0,0 @@
|
||||||
present
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -1,2 +0,0 @@
|
||||||
login
|
|
||||||
password
|
|
|
@ -1,15 +0,0 @@
|
||||||
#!/bin/sh -eu
|
|
||||||
|
|
||||||
JICOFO="/usr/share/jicofo/jicofo.sh"
|
|
||||||
VIDEOBRIDGE="/usr/share/jitsi-videobridge/lib/videobridge.rc"
|
|
||||||
|
|
||||||
if [ -f "${JICOFO:?}" ]; then
|
|
||||||
jicofo_memory="$(grep JICOFO_MAX_MEMORY= "${JICOFO:?}" | cut -d= -f 2 | cut -d ";" -f 1)"
|
|
||||||
fi
|
|
||||||
if [ -f "${VIDEOBRIDGE:?}" ]; then
|
|
||||||
vb_memory="$(grep VIDEOBRIDGE_MAX_MEMORY= "${VIDEOBRIDGE:?}" | cut -d= -f 2)"
|
|
||||||
fi
|
|
||||||
cat <<EOF
|
|
||||||
jicofo ${jicofo_memory:-n/a}
|
|
||||||
videobridge ${vb_memory:-n/a}
|
|
||||||
EOF
|
|
|
@ -1,6 +0,0 @@
|
||||||
#!/bin/sh -eu
|
|
||||||
|
|
||||||
if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then
|
|
||||||
# TODO: detect curl / depend on it?
|
|
||||||
curl -s localhost:9888/metrics
|
|
||||||
fi
|
|
|
@ -1,51 +0,0 @@
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
|
|
||||||
mQINBGB4bEkBEADffHELs6RBZEEgme2L6KXyO5XThI5ROFCMZ+4X1mZTKPyihuMX
|
|
||||||
u1IQeaLQhUKEw60NZH1HyvH11L33LYcimlyLDG7N6s/MjWtLAI+wkgb6iYY2mArM
|
|
||||||
3TqPTzVgZUcJl5Strft2U8QNq9N2qslbF7hm3g35M78r5CJmlVQYO298rz6ybovO
|
|
||||||
9TTB/C3KbDMHohEXIdVlAIKAtu+/5dWQtP7NR3RZHpfMoOvf65NiZRsudZ5SZcd1
|
|
||||||
8G7n0nv6NF5Ul+cuLsOMh7r2KiPjpHuQwobwEJpc8Nags6xTqQ8riyJsv8KXJNZh
|
|
||||||
51OQWYyQhMz/O3mVSbfdfmS4u4HUb3pheUmjq2Lx4vTlSzyCRniRC4VIhViRawTL
|
|
||||||
QyIpdw85CN7iJPN+2ZYOU4knZgSv9CDmuKFqxGSd/j4QHtL/K4e3wFE/kwD+4SWL
|
|
||||||
+xAsCZQPnZu9RNdmTfaSfsPqSwQFErTGWyuGJBzN0EFGRFIMI3m3AJSC6OOFycDV
|
|
||||||
4KPJHBQKcTH4oVF3opAJj3X45oa6886TAjwAsPG1R5FapqhWRzWsq8Cn3rr6EKJ/
|
|
||||||
8xf9Ep/KIMNJtZoout7f2AEmP/oQTNft+wWEejprd0aJMX4O6NOSG4UNxRbm32gf
|
|
||||||
rBEajiLUA0cJW+se40ACZXri36Ea8HnKnYsCaXZba9FMy9Te0OkySJpQYwARAQAB
|
|
||||||
tBVKaXRzaSA8ZGV2QGppdHNpLm9yZz6JAk4EEwEIADgWIQT/1loNor6963PUTIu0
|
|
||||||
0tIW8f14BgUCYHhsSQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC00tIW
|
|
||||||
8f14Bt8eEADPmi1X9ycjevFR82sGo0qTUEgndu9tWiGQzS3E7SG1wIkRqiwSk7X2
|
|
||||||
J1Mrxa5kIEkl0KctpYQjhEJWV8TfATOekKhoxtanZef9q9EvpNLBJGifXAHt9b2o
|
|
||||||
Dzk7437cytW71jlByrbjUe7tVQtaEJZuOczjZGnHw70Yv6H0DUQuRDlJmocHzzU3
|
|
||||||
AgpXJ+XoS1p8gI64OgIzXVOhvyZVyNqbn0PyqeroRbxC0DPwGsTA8MYgf3ujowAI
|
|
||||||
ntVtSv0kzbZP0xU/3zpmuD+Lw0Msq4idnE0e+nApfThF28w+MAF4EikXovwr+FEh
|
|
||||||
6Czt3KGrUuoCUY1YmLqSpLQaHYvF1oRsnZIVEecXBY/sRxxOvLk4HsJtIV6jJ3qS
|
|
||||||
XAGPsxAJJBlsT0nvPC+x46wvOxBYv2WgmVRrnrz7vpp1C8yRYAaab10lUq+PufYr
|
|
||||||
S4wQXvbTKAelpOZhR00qJ1Ati7y1TFv3xFhlhEjg/r2TUc2oFEYdlIPpfkiCPeCz
|
|
||||||
kcTXB6iwuUn59Qm6ksGCL/ITo3sWZSDbOQIG63hb0FRZkF8mWnmPcGoPmR5kmvr7
|
|
||||||
QzHKmfomaORyLofXqrXf3zfhDpe5kSxfLbTsRnHCx46XJWXMFh70T19j4ILnWaGj
|
|
||||||
bnA9OWWtEyMCp9GeJPtmWKsBhP8ywt0jbbfHzczBfWRO06n47/BLSLkCDQRgeGxJ
|
|
||||||
ARAA1pi0AZ0kcW1aW9sKZNYJ2JXjsefqnqtUUDI0xOSSl5+Lzjtj1lPA1Xr2L9V4
|
|
||||||
FyUGG6N8BeQcyfl7ZAFp6EWS/RATaOze/rKxImArHdY0L48rEQNBCg6lDsvvPJYd
|
|
||||||
cMFuNFm9e+2vggKU+o0zpDiV0WIjar/I5aVyObQ77EBOJlEPDSjz2essTbZZ5Bpr
|
|
||||||
w6pRSQ8CjpOpSrNwoDDhNfHPEcokkccmPlE8xdmXn1oM5Zj/LKOEKBqJUh1Ucykh
|
|
||||||
EE9g/Mch6GV6AnuFrtAeWYzx5kfNlBvz1Y7w3TXnboQP8b9IeQwNyZTWaMMstn8z
|
|
||||||
nt8RKnrTA2eOGO61ySgtMU3fEJSN0mqH3cjpAzPX9rcdipMLe3ZDGYlixFAXpctc
|
|
||||||
dhKvEqxd+bxtvFTQlSsSSQe9DvXQOfb9pp+6SjejhTvsWhWwhPzWIOLX4IBiX13q
|
|
||||||
D5ct/IxsLwhk23+r9zpk74xwRplX4FTc3o1m+NpoWXRRAekcKd5AgnlAhY9O7Tv+
|
|
||||||
31ORR6X/hCYcs1vnxbHJgWrzv01Gx8mcOj/+7aCctsQ32oQWM6FQY/vcpSxTjJsb
|
|
||||||
npiS3ZIUYNXf32UnAuZUyCaqrpLAVAwNGBxmpwQb1SUx7HBA8e2lHbEqKW/qnUQG
|
|
||||||
bnRv0g/oSkkimADazkwojNcVdgkrF91zkUtzIya+NOiGO7cAEQEAAYkCNgQYAQgA
|
|
||||||
IBYhBP/WWg2ivr3rc9RMi7TS0hbx/XgGBQJgeGxJAhsMAAoJELTS0hbx/XgGEyQQ
|
|
||||||
ALAHIiRoFkhypGpFt3+bt3ZLQf6OD+H0ZiOcy43DlBAUz7PbNlW4bDvINkgTaGRa
|
|
||||||
+cIMwdW5lWO9fsChsEoDVnjl9rcNcTJcN5Fc/L+XnW6k9RzW1nK+mj3NiGfR7OI1
|
|
||||||
V6eNM346+EpA2ZnqVTfr14+Vu49TV7vSsfnZg6brl+t1qNzJLHcsnVxxACw95OOK
|
|
||||||
joGu56ozuxEWjsGwnvvkH7dR/HLGtk+XP0NWSBOoEpHj7bF+6h81MpcMcj4BYoaZ
|
|
||||||
AJfQyfx8rP2JQC/HNrY0bAW0ahN2x+fE9Vd6iPkrPGSGibWRv6Db/KLk1R8/8W4B
|
|
||||||
YKti313EXV8g0gc0TdwqbhLWOinCjtLW+anXsqxmVFNG1cS1CvsFi2WDRtjHP3eY
|
|
||||||
aEdnXHcnPL4gKPTeXlHf3HGDCeboGOWFeim2bHwOzbzg9Kp+lGYyi/qJW496n+Yp
|
|
||||||
wBWDVHgVlS51Y8hS7xB4FY71S4OY4W9S8XX0KUQihqoh3E44eow+Z8OE1g0CosPz
|
|
||||||
2cRioAiEeVPNra0IgD2iD7LKuEVd6zJ7RbxzWCWko+sOgCm0lqz87R5IQibEFbRV
|
|
||||||
ATvmI/B3DPYHjk7toPT5+jgcgY0QPq9JYSORbgXvoWG0f83TFIfFV6yGgmaG1DMX
|
|
||||||
YPNx6EOVTWjMMoXNbskDkw3HdcVdVz41ZnW/1lJZejvW
|
|
||||||
=uIZN
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
|
@ -1,56 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
# This can be obtained with debconf-get-selections on a host with jitsi
|
|
||||||
# (and also analysing the deb-src)
|
|
||||||
if false; then
|
|
||||||
# We are currently not using these, just here as documentation
|
|
||||||
DEBCONF_SETTINGS="$(cat <<EOF
|
|
||||||
# Jicofo user password:
|
|
||||||
jicofo jicofo/jicofo-authpassword password STH
|
|
||||||
jitsi-meet-prosody jicofo/jicofo-authpassword password STH
|
|
||||||
# The secret used to connect to xmpp server as component
|
|
||||||
jitsi-meet-prosody jitsi-videobridge/jvbsecret password STH
|
|
||||||
jitsi-videobridge jitsi-videobridge/jvbsecret password STH
|
|
||||||
jitsi-videobridge2 jitsi-videobridge/jvbsecret password STH
|
|
||||||
# Jicofo Component secret:
|
|
||||||
jicofo jicofo/jicofosecret password STH
|
|
||||||
jitsi-meet-prosody jicofo/jicofosecret password STH
|
|
||||||
# Jicofo username:
|
|
||||||
jicofo jicofo/jicofo-authuser string focus
|
|
||||||
jitsi-meet-prosody jicofo/jicofo-authuser string focus
|
|
||||||
# The hostname of the current installation:
|
|
||||||
jitsi-meet-turnserver jitsi-meet-turnserver/jvb-hostname string ${JITSI_HOST}
|
|
||||||
# Full local server path to the SSL certificate file:
|
|
||||||
jitsi-meet-web-config jitsi-meet/cert-path-crt string
|
|
||||||
# Full local server path to the SSL key file:
|
|
||||||
jitsi-meet-web-config jitsi-meet/cert-path-key string
|
|
||||||
EOF
|
|
||||||
)"
|
|
||||||
fi
|
|
||||||
|
|
||||||
DEBCONF_SETTINGS="$(cat <<EOF
|
|
||||||
# The hostname of the current installation:
|
|
||||||
jitsi-meet-web-config jitsi-meet/jvb-hostname string ${JITSI_HOST}
|
|
||||||
# Hostname:
|
|
||||||
jicofo jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
|
|
||||||
jitsi-meet-prosody jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
|
|
||||||
jitsi-meet-turnserver jitsi-videobridge/jvb-hostname string ${TURN_SERVER}
|
|
||||||
jitsi-meet-web-config jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
|
|
||||||
jitsi-videobridge jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
|
|
||||||
jitsi-videobridge2 jitsi-videobridge/jvb-hostname string ${JITSI_HOST}
|
|
||||||
# The hostname of the current installation:
|
|
||||||
jitsi-meet-prosody jitsi-meet-prosody/jvb-hostname string ${JITSI_HOST}
|
|
||||||
# SSL certificate for the Jitsi Meet instance
|
|
||||||
# Choices: Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate), I want to use my own certificate
|
|
||||||
jitsi-meet-web-config jitsi-meet/cert-choice select Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)
|
|
||||||
EOF
|
|
||||||
)"
|
|
||||||
|
|
||||||
if [ -n "${TURN_SECRET}" ]; then
|
|
||||||
DEBCONF_SETTINGS="$(cat <<EOF
|
|
||||||
${DEBCONF_SETTINGS}
|
|
||||||
# The turn server secret
|
|
||||||
jitsi-meet-prosody jitsi-meet-prosody/turn-secret string ${TURN_SECRET}
|
|
||||||
EOF
|
|
||||||
)"
|
|
||||||
fi
|
|
|
@ -1,34 +0,0 @@
|
||||||
#!/bin/sh -eu
|
|
||||||
|
|
||||||
# Start
|
|
||||||
cat <<EOF
|
|
||||||
# Managed remotely, changes will be lost
|
|
||||||
|
|
||||||
# Jicofo HOCON configuration. See /usr/share/jicofo/jicofo.jar/reference.conf for
|
|
||||||
#available options, syntax, and default values.
|
|
||||||
jicofo {
|
|
||||||
xmpp: {
|
|
||||||
client: {
|
|
||||||
client-proxy: focus.${JITSI_HOST:?}
|
|
||||||
}
|
|
||||||
trusted-domains: [ "recorder.${JITSI_HOST:?}" ]
|
|
||||||
}
|
|
||||||
bridge: {
|
|
||||||
brewery-jid: "JvbBrewery@internal.auth.${JITSI_HOST:?}"
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Secured domains if needed
|
|
||||||
if [ "${SECURED_DOMAINS_STATE:?}" = "present" ]; then
|
|
||||||
cat <<EOF
|
|
||||||
|
|
||||||
authentication: {
|
|
||||||
enabled: true
|
|
||||||
type: XMPP
|
|
||||||
login-url: ${JITSI_HOST:?}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
# End
|
|
||||||
echo '}'
|
|
|
@ -1 +0,0 @@
|
||||||
../../__jitsi_meet_domain/files/jitsi-version
|
|
|
@ -1 +0,0 @@
|
||||||
../../__jitsi_meet_domain/files/prosody.cfg.lua.sh
|
|
|
@ -1,10 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
# Setup firewall
|
|
||||||
__ufw
|
|
||||||
# Allow jitsi ports
|
|
||||||
require="__ufw" __ufw_rule http --rule 'allow 80/tcp'
|
|
||||||
require="__ufw" __ufw_rule https --rule 'allow 443/tcp'
|
|
||||||
require="__ufw" __ufw_rule jitsi_prom --rule 'allow 9888/tcp'
|
|
||||||
require="__ufw" __ufw_rule avfallback --rule 'allow 4443/tcp'
|
|
||||||
require="__ufw" __ufw_rule avdefault --rule 'allow 10000/udp'
|
|
|
@ -1,44 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
memory="$(cat "${__global}/explorer/memory")"
|
|
||||||
G="000000" # Will totally eff up the zero-count otherwise
|
|
||||||
# MAX_MEMORY will affect jicofo and videobridge
|
|
||||||
# As a rule of thumb, the machine's RAM should be more than 2.5 * MAX_MEMORY
|
|
||||||
if [ "${memory}" -lt "3${G}" ]; then
|
|
||||||
# If you use this, let us know how it works!
|
|
||||||
MAX_MEMORY="768m"
|
|
||||||
elif [ "${memory}" -lt "5${G}" ]; then
|
|
||||||
MAX_MEMORY="1024m"
|
|
||||||
elif [ "${memory}" -lt "8${G}" ]; then
|
|
||||||
MAX_MEMORY="2048m"
|
|
||||||
else
|
|
||||||
# Jitsi recommends running on 8G RAM and these are the defaults
|
|
||||||
MAX_MEMORY="3072m"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if cut -f 2 "${__object}/explorer/configured-memory" | grep -qvE "^${MAX_MEMORY}$"; then
|
|
||||||
# At least one service has different memory settings
|
|
||||||
RESTART_SERVICES="YES"
|
|
||||||
cat <<-EOF
|
|
||||||
sed -i.tmp -E \
|
|
||||||
-e 's!^(#[[:space:]]*)?(VIDEOBRIDGE_MAX_MEMORY)=.*\$!\2=${MAX_MEMORY}!' \
|
|
||||||
/usr/share/jitsi-videobridge/lib/videobridge.rc
|
|
||||||
sed -i.tmp -E \
|
|
||||||
-e 's!(JICOFO_MAX_MEMORY)[^";]+;!\1=${MAX_MEMORY};!' \
|
|
||||||
/usr/share/jicofo/jicofo.sh
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
|
|
||||||
echo "service nginx reload"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if grep -qE "^(__line/jitsi_jicofo_secured_domains|(__file|__link)/etc/prosody/conf.d/|__file/etc/jitsi/(jicofo/jicofo.conf|videobridge/jvb.conf))" "${__messages_in}"; then
|
|
||||||
RESTART_SERVICES="YES"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "${RESTART_SERVICES}" ]; then
|
|
||||||
echo "systemctl restart prosody"
|
|
||||||
echo "systemctl restart jicofo"
|
|
||||||
echo "systemctl restart jitsi-videobridge2"
|
|
||||||
fi
|
|
|
@ -1,111 +0,0 @@
|
||||||
cdist-type__jitsi_meet(7)
|
|
||||||
=========================
|
|
||||||
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__jitsi_meet - Setup the server-side of Jitsi-Meet.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
This (singleton) type installs and configures jitsi-meet automatically.
|
|
||||||
|
|
||||||
It does so by following loosely the official quick-install instructions and
|
|
||||||
eXO's notes for installing and managing Jitsi Meet instances.
|
|
||||||
|
|
||||||
This type also sets up nginx in a way that is compatible with
|
|
||||||
`__letsencrypt_cert` and assumes that it will only serve Jitsi instances.
|
|
||||||
|
|
||||||
You will also need the `__jitsi_meet_domain` type in order to finish setting up
|
|
||||||
the web frontend (including TLS certificates) and its settings.
|
|
||||||
|
|
||||||
You may want to use the `files/ufw` example manifest for a `__ufw`-based
|
|
||||||
firewall compatible with this type that allows all ports needed by Jitsi-Meet.
|
|
||||||
Note however that this will not deal with rules for SSH or for TCP port 9888,
|
|
||||||
which exposes the prometheus exporter if not disabled.
|
|
||||||
Remember to apply your own rules here, particularly regarding SSH.
|
|
||||||
|
|
||||||
This type only works on De{bi,vu}an systems.
|
|
||||||
|
|
||||||
It is very important for this type to stay up to date with the software, as
|
|
||||||
otherwise new deployments or maintenance of existing instances might be
|
|
||||||
negatively affected.
|
|
||||||
If you can, please contribute updates to `__jitsi_meet` and
|
|
||||||
`__jitsi_meet_domain` promptly and regularly.
|
|
||||||
Alternatively, you can help finance that work; get in touch with the type
|
|
||||||
authors for that (see below).
|
|
||||||
|
|
||||||
This type takes care of adapting the maximum memory used by jicofo and
|
|
||||||
videobridge in function of the hosts installed memory.
|
|
||||||
|
|
||||||
NOTE: This type currently does not deal with setting up coturn.
|
|
||||||
For that, you might want to check `__coturn` in
|
|
||||||
https://code.ungleich.ch/ungleich-public/cdist-contrib
|
|
||||||
In that case, this type should run *after* `__coturn`.
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
abort-conference-count
|
|
||||||
Only has an effect if the prometheus exporter is enabled and if it is not
|
|
||||||
empty (default).
|
|
||||||
If at least this many conferences are active on the server, the type will
|
|
||||||
bail out before making any changes.
|
|
||||||
This is useful if you want to avoid service disruptions due to e.g. an SLA.
|
|
||||||
|
|
||||||
|
|
||||||
turn-secret
|
|
||||||
The shared secret for the TURN server.
|
|
||||||
|
|
||||||
turn-server
|
|
||||||
The hostname of the TURN server.
|
|
||||||
This will assume that it is listening with TLS on port 443.
|
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
|
||||||
------------------
|
|
||||||
disable-prometheus-exporter
|
|
||||||
This type enables a prometheus exporter for jitsi by default, if you would
|
|
||||||
rather not have that, pass this parameter.
|
|
||||||
The explorer is based on:
|
|
||||||
https://github.com/systemli/prometheus-jitsi-meet-exporter
|
|
||||||
|
|
||||||
secured-domains
|
|
||||||
If this flag is present, all domains that use this Jitsi instance will
|
|
||||||
require that an authenticated user starts a meeting.
|
|
||||||
For information on how this is achieved, see
|
|
||||||
https://jitsi.github.io/handbook/docs/devops-guide/secure-domain .
|
|
||||||
You will need to create the users with `__jitsi_meet_user(7)`.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# Setup the firewall for Jitsi-Meet
|
|
||||||
. "${__global}/type/__jitsi_meet/files/ufw"
|
|
||||||
export require="__ufw"
|
|
||||||
# Setup firewall SSH rules as necessary
|
|
||||||
__ufw_rule ssh --rule 'allow 22/tcp from 10.0.0.0/24'
|
|
||||||
# Setup Jitsi on this host
|
|
||||||
__jitsi_meet \
|
|
||||||
--turn-server "turn.exo.cat" \
|
|
||||||
--turn-secret "WeNeedGoodSecurity"
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
- `__jitsi_meet_domain(7)`
|
|
||||||
- `__jitsi_meet_user(7)`
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Evilham <contact@evilham.com>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2022 Evilham.
|
|
|
@ -1,309 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
os="$(cat "${__global}/explorer/os")"
|
|
||||||
case "${os}" in
|
|
||||||
devuan|debian)
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Your OS '${os}' is currently not supported." > /dev/stderr
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
current_conferences="$(cat "${__object}/explorer/jitsi-status" | grep -E "^jitsi_conferences[[:space:]]" | cut -d ' ' -f 2)"
|
|
||||||
|
|
||||||
ABORT_CONFERENCE_COUNT="$(cat "${__object}/parameter/abort-conference-count")"
|
|
||||||
|
|
||||||
if [ -n "${current_conferences}" ] && [ -n "${ABORT_CONFERENCE_COUNT}" ] && \
|
|
||||||
[ "${ABORT_CONFERENCE_COUNT}" -le "${current_conferences}" ]; then
|
|
||||||
cat <<-EOF
|
|
||||||
Early bail out was requested when at least ${ABORT_CONFERENCE_COUNT} conferences are taking place.
|
|
||||||
There are currently ${current_conferences} active conferences.
|
|
||||||
|
|
||||||
Try again at a later time or remove or increase --abort-conference-count
|
|
||||||
EOF
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
JITSI_HOST="${__target_host}"
|
|
||||||
if [ -f "${__object}/parameter/jitsi-version" ]; then
|
|
||||||
# This has been deprecated and will be removed 'soon'
|
|
||||||
JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
|
|
||||||
else
|
|
||||||
# Note this won't be a parameter anymore, we won't let users stay behind
|
|
||||||
JITSI_VERSION="$(cat "${__type}/files/jitsi-version")"
|
|
||||||
fi
|
|
||||||
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
|
|
||||||
TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
|
|
||||||
|
|
||||||
if [ -z "${TURN_SERVER}" ]; then
|
|
||||||
TURN_SERVER="${JITSI_HOST}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# The rest is loosely based on Jitsi's documentation
|
|
||||||
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
|
|
||||||
|
|
||||||
# Setup repositories
|
|
||||||
## First the signing keys
|
|
||||||
### Remove old signing key
|
|
||||||
__apt_key "jitsi_meet_2016" \
|
|
||||||
--keyid "66A9 CD05 95D6 AFA2 4729 0D3B EF8B 479E 2DC1 389C" \
|
|
||||||
--use-deprecated-apt-key \
|
|
||||||
--state "absent"
|
|
||||||
### Add new signing key
|
|
||||||
require="__apt_key/jitsi_meet_2016" __apt_key jitsi_meet_2021 \
|
|
||||||
--source "${__type}/files/apt_2021.gpg" \
|
|
||||||
--state "present"
|
|
||||||
## Now the repositories (they are a tad weird, so distribution is 'stable/')
|
|
||||||
require="__apt_key/jitsi_meet_2021" __apt_source jitsi_meet \
|
|
||||||
--uri 'https://download.jitsi.org' \
|
|
||||||
--distribution 'stable/' \
|
|
||||||
--state present
|
|
||||||
## Ensure apt cache is up-to-date
|
|
||||||
require="__apt_source/jitsi_meet" __apt_update_index
|
|
||||||
|
|
||||||
export require="${require} __apt_source/jitsi_meet __apt_update_index"
|
|
||||||
|
|
||||||
# Pre-feed debconf settings, so Jitsi's installation has a good config
|
|
||||||
# shellcheck source=type/__jitsi_meet/files/debconf_settings.sh
|
|
||||||
. "${__type}/files/debconf_settings.sh" # This defines DEBCONF_SETTINGS
|
|
||||||
__debconf_set_selections jitsi_meet --line "${DEBCONF_SETTINGS}"
|
|
||||||
export require="${require} __debconf_set_selections/jitsi_meet"
|
|
||||||
|
|
||||||
# Install and upgrade packages as needed
|
|
||||||
# NOTE: we are doing version pinning again, but it breaks sometimes when
|
|
||||||
# the version is not the latest.
|
|
||||||
# This happens because dependencies might not be properly resolved.
|
|
||||||
# To avoid this, this type must be maintained up to date.
|
|
||||||
# If we don't use this, keeping Jitsi's up to date is very difficult.
|
|
||||||
__package_apt jitsi-meet --version "${JITSI_VERSION}"
|
|
||||||
|
|
||||||
# Proceed only after installation/upgrade has finished
|
|
||||||
export require="__package_apt/jitsi-meet"
|
|
||||||
|
|
||||||
# TODO: generalise and move out
|
|
||||||
# Prep nginx for acme settings
|
|
||||||
|
|
||||||
NGINX_ETC="/etc/nginx"
|
|
||||||
|
|
||||||
#
|
|
||||||
# Setup the acme-challenge snippet
|
|
||||||
#
|
|
||||||
__directory "${NGINX_ETC}/snippets" --state present
|
|
||||||
require="__directory${NGINX_ETC}/snippets" __file "${NGINX_ETC}/snippets/acme-challenge.conf" \
|
|
||||||
--mode 644 \
|
|
||||||
--source - << EOF
|
|
||||||
# This file is managed remotely, all changes will be lost
|
|
||||||
|
|
||||||
# This was heavily inspired by debops.org.
|
|
||||||
|
|
||||||
# Automatic Certificate Management Environment (ACME) support.
|
|
||||||
# https://tools.ietf.org/html/draft-ietf-acme-acme-01
|
|
||||||
# https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment
|
|
||||||
|
|
||||||
|
|
||||||
# Return the ACME challenge present in the server public root.
|
|
||||||
# If not found, switch to global web server root.
|
|
||||||
location ^~ /.well-known/acme-challenge/ {
|
|
||||||
default_type "text/plain";
|
|
||||||
try_files \$uri @well-known-acme-challenge;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Return the ACME challenge present in the global server public root.
|
|
||||||
# If not present, redirect request to a specified domain.
|
|
||||||
location @well-known-acme-challenge {
|
|
||||||
root /usr/share/jitsi-meet;
|
|
||||||
default_type "text/plain";
|
|
||||||
try_files \$uri @redirect-acme-challenge;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Redirect the ACME challenge to a different host. If a redirect loop is
|
|
||||||
# detected, return 404.
|
|
||||||
location @redirect-acme-challenge {
|
|
||||||
if (\$arg_redirect) {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
return 307 \$scheme://${ACME_DOMAIN}\$request_uri?redirect=yes;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Return 404 if ACME challenge well known path is accessed directly.
|
|
||||||
location = /.well-known/acme-challenge/ {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
__directory "${NGINX_ETC}/sites-available" --state present
|
|
||||||
require="__directory${NGINX_ETC}/sites-available" __file "${NGINX_ETC}/sites-available/default" \
|
|
||||||
--mode 644 \
|
|
||||||
--source - << EOF
|
|
||||||
# This file is managed remotely, all changes will be lost
|
|
||||||
|
|
||||||
server_names_hash_bucket_size 64;
|
|
||||||
|
|
||||||
types {
|
|
||||||
# nginx's default mime.types doesn't include a mapping for wasm
|
|
||||||
application/wasm wasm;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
|
|
||||||
# Listen on IPv4
|
|
||||||
listen 80;
|
|
||||||
# Note: there is an ipv6only=off flag, but it is Linux-only
|
|
||||||
# incidentally, that defaults to "on", which is what causes
|
|
||||||
# not having the double listen to listen on IPv6-only
|
|
||||||
listen [::]:80;
|
|
||||||
|
|
||||||
server_name welcome;
|
|
||||||
|
|
||||||
root /srv/www/sites/welcome/public;
|
|
||||||
|
|
||||||
include snippets/acme-challenge.conf;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
return 301 https://\$host\$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Starting from 2.0.7210, jitsi defines following nginx upstreams
|
|
||||||
__directory "${NGINX_ETC}/conf.d" --state present
|
|
||||||
require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/prosody.conf" \
|
|
||||||
--mode 644 \
|
|
||||||
--source - << EOF
|
|
||||||
upstream prosody {
|
|
||||||
zone upstreams 64K;
|
|
||||||
server 127.0.0.1:5280;
|
|
||||||
keepalive 2;
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/jvb1.conf" \
|
|
||||||
--mode 644 \
|
|
||||||
--source - << EOF
|
|
||||||
upstream jvb1 {
|
|
||||||
zone upstreams 64K;
|
|
||||||
server 127.0.0.1:9090;
|
|
||||||
keepalive 2;
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
if [ -f "${__object}/parameter/secured-domains" ]; then
|
|
||||||
SECURED_DOMAINS_STATE='present'
|
|
||||||
else
|
|
||||||
SECURED_DOMAINS_STATE='absent'
|
|
||||||
fi
|
|
||||||
|
|
||||||
# This is the main host config
|
|
||||||
PROSODY_MAIN_CONFIG="YES"
|
|
||||||
# Prosody settings for common components (jvb, focus, ...)
|
|
||||||
# shellcheck source=type/__jitsi_meet/files/prosody.cfg.lua.sh
|
|
||||||
. "${__type}/files/prosody.cfg.lua.sh" # This defines PROSODY_CONFIG
|
|
||||||
__file "/etc/prosody/conf.d/00_jitsi_base.cfg.lua" \
|
|
||||||
--group prosody \
|
|
||||||
--mode 0440 \
|
|
||||||
--source - <<EOF
|
|
||||||
${PROSODY_CONFIG}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Clean up zauth.cfg.lua file, which we don't use now
|
|
||||||
__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \
|
|
||||||
--state absent
|
|
||||||
|
|
||||||
export SECURED_DOMAINS_STATE
|
|
||||||
export JITSI_HOST
|
|
||||||
"${__type}/files/jicofo.conf.sh" | \
|
|
||||||
__file /etc/jitsi/jicofo/jicofo.conf --mode 0444 --source '-'
|
|
||||||
|
|
||||||
# Enable the private colibri REST API end point for better stats
|
|
||||||
__file "/etc/jitsi/videobridge/jvb.conf" --mode 0444 --source '-' <<EOFJVB
|
|
||||||
videobridge {
|
|
||||||
http-servers {
|
|
||||||
public {
|
|
||||||
port = 9090
|
|
||||||
}
|
|
||||||
private {
|
|
||||||
port = 8080
|
|
||||||
}
|
|
||||||
}
|
|
||||||
websockets {
|
|
||||||
enabled = true
|
|
||||||
domain = "${JITSI_HOST}:443"
|
|
||||||
tls = true
|
|
||||||
}
|
|
||||||
apis {
|
|
||||||
rest {
|
|
||||||
enabled = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOFJVB
|
|
||||||
|
|
||||||
# Enable simple per-domain body customisation
|
|
||||||
__file "/usr/share/jitsi-meet/body.html" \
|
|
||||||
--mode 0644 \
|
|
||||||
--source '-' <<EOF
|
|
||||||
<!--#include virtual="body-\${host}.html" -->
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# These two should be changed on new release
|
|
||||||
EXPORTER_VERSION="1.2.0"
|
|
||||||
EXPORTER_CHECKSUM="sha256:6377ffa7be0c7deb66545616add7245da96f8b7746d6712f41cfa9fe72c935ce"
|
|
||||||
EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${EXPORTER_VERSION}/prometheus-jitsi-meet-exporter_${EXPORTER_VERSION}_linux_amd64.tar.gz"
|
|
||||||
if [ -f "${__object}/parameter/disable-prometheus-exporter" ]; then
|
|
||||||
EXPORTER_STATE="absent"
|
|
||||||
else
|
|
||||||
EXPORTER_STATE="present"
|
|
||||||
fi
|
|
||||||
__evilham_single_binary_service prometheus-jitsi-meet-exporter \
|
|
||||||
--state "${EXPORTER_STATE}" \
|
|
||||||
--do-not-manage-user \
|
|
||||||
--user "nobody" \
|
|
||||||
--group "nogroup" \
|
|
||||||
--version "${EXPORTER_VERSION}" \
|
|
||||||
--checksum "${EXPORTER_CHECKSUM}" \
|
|
||||||
--url "${EXPORTER_URL}" \
|
|
||||||
--unpack \
|
|
||||||
--service-args "-videobridge-url 'http://localhost:8080/colibri/stats' -web.listen-address ':9888'"
|
|
||||||
|
|
||||||
#
|
|
||||||
# Setup interpreter assets if requested
|
|
||||||
# See: https://gitlab.com/mfmt/jsi/
|
|
||||||
#
|
|
||||||
jsi_updated_on="2022-04-21"
|
|
||||||
__link "/usr/share/jitsi-meet/interpreters.html" \
|
|
||||||
--type symbolic \
|
|
||||||
--source "/opt/jsi/static/index.html.sample"
|
|
||||||
__directory /opt/jsi --mode 0755
|
|
||||||
export require="__directory/opt/jsi"
|
|
||||||
__download /opt/jsi/jsi.tar.gz \
|
|
||||||
--url 'https://gitlab.com/mfmt/jsi/-/archive/1d2cceaf615ee61c0bba80e5bddc61c5d1018303/jsi-1d2cceaf615ee61c0bba80e5bddc61c5d1018303.tar.gz' \
|
|
||||||
--sum "sha256:b020141093daa9937507b098f358d0be994834c3e23866a457fc5140415a0c53"
|
|
||||||
export require="__download/opt/jsi/jsi.tar.gz"
|
|
||||||
__unpack /opt/jsi/jsi.tar.gz \
|
|
||||||
--preserve-archive \
|
|
||||||
--tar-strip 1 \
|
|
||||||
--destination /opt/jsi/static \
|
|
||||||
--onchange "$(cat <<EOF
|
|
||||||
# Patch style.css to be served on /i/
|
|
||||||
sed -i.tmp -E \
|
|
||||||
-e 's!url[(]/img/welcome-background.png[)]!url(/i/img/welcome-background.png)!' \
|
|
||||||
/opt/jsi/static/style.css
|
|
||||||
# Patch jsi.js to be served on /i/
|
|
||||||
# and so it always uses the domain it's served from
|
|
||||||
# and so it uses /i/ROOM for the form
|
|
||||||
sed -i.tmp -E \
|
|
||||||
-e 's!substr[(][0-9]+[)]!substr(3)!' \
|
|
||||||
-e 's!config[.]jitsimeet_url!url.host!' \
|
|
||||||
-e 's!(window[.]location[.]href)[[:space:]]*=[[:space:]]*"/"!\1 = "/i/"!' \
|
|
||||||
/opt/jsi/static/jsi.js
|
|
||||||
# Patch the sample index.html, so it loads external_api.js from same host
|
|
||||||
# and to easen up on the branding
|
|
||||||
# and to enable browser cache
|
|
||||||
sed -i.tmp -E \
|
|
||||||
-e "s!src=[^>]*(/external_api.js).!src='\1'!" \
|
|
||||||
-e "s!<h1>[^<]*</h1>!<h1>Jitsi Meetings with interpreter</h1>!" \
|
|
||||||
-e "s!https://meet.mayfirst.org!/!" \
|
|
||||||
-e "s!(style.css|jsi.js)([^?])!\1?v=${jsi_updated_on:?}\2!" \
|
|
||||||
/opt/jsi/static/index.html.sample
|
|
||||||
EOF
|
|
||||||
)"
|
|
|
@ -1,2 +0,0 @@
|
||||||
disable-prometheus-exporter
|
|
||||||
secured-domains
|
|
|
@ -1,4 +0,0 @@
|
||||||
Supporting different versions lead to strange issues in the life-time of a
|
|
||||||
Jitsi instance. Chiefly: difficulties upgrading.
|
|
||||||
|
|
||||||
If you are specifying this for a valid reason, please get in touch.
|
|
|
@ -1,4 +0,0 @@
|
||||||
abort-conference-count
|
|
||||||
jitsi-version
|
|
||||||
turn-secret
|
|
||||||
turn-server
|
|
|
@ -1 +0,0 @@
|
||||||
secured-domains
|
|
|
@ -1,35 +0,0 @@
|
||||||
#!/bin/sh -eu
|
|
||||||
|
|
||||||
# This is a helper to update the '.sh.orig' files for jitsi's
|
|
||||||
# configuration files.
|
|
||||||
# Then the changes must be propagated to their corresponding .sh
|
|
||||||
# files by the type maintainer or a contributor
|
|
||||||
|
|
||||||
# We could automate this, but are using it as an indicator for the
|
|
||||||
# latest branch with which we conciliated changes.
|
|
||||||
BRANCH="jitsi-meet_7439"
|
|
||||||
REPO="https://github.com/jitsi/jitsi-meet"
|
|
||||||
|
|
||||||
get_url() {
|
|
||||||
file="${1}"
|
|
||||||
printf "%s/raw/stable/%s/%s" "${REPO}" "${BRANCH}" "${file}"
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
download_file() {
|
|
||||||
file="${1}"
|
|
||||||
destination="${2:-${file}.sh.orig}"
|
|
||||||
url="$(get_url "${file}")"
|
|
||||||
echo "Downloading ${destination}"
|
|
||||||
curl -L "${url}" > "${destination}"
|
|
||||||
echo
|
|
||||||
}
|
|
||||||
|
|
||||||
download_file config.js
|
|
||||||
download_file interface_config.js
|
|
||||||
download_file doc/debian/jitsi-meet/jitsi-meet.example nginx.sh.orig
|
|
||||||
download_file doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example prosody.cfg.lua.sh.orig
|
|
||||||
|
|
||||||
# Change the version file, maintainers should check that it matches
|
|
||||||
# the deb version
|
|
||||||
printf "2.0.%s-1" "${BRANCH#*_}" > jitsi-version
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -1,281 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
# default jitsi logo in svg
|
|
||||||
BRANDING_WATERMARK_PATH='images/watermark.svg'
|
|
||||||
# overrides default jitsi logo with the provided custom png logo
|
|
||||||
if [ -n "${BRANDING_WATERMARK}" ]; then
|
|
||||||
BRANDING_WATERMARK_PATH='images/watermark.png'
|
|
||||||
fi
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034 # This is intended to be included
|
|
||||||
JITSI_INTERFACE_CONFIG_JS="$(cat <<EOF
|
|
||||||
/* eslint-disable no-unused-vars, no-var, max-len */
|
|
||||||
/* eslint sort-keys: ["error", "asc", {"caseSensitive": false}] */
|
|
||||||
|
|
||||||
/**
|
|
||||||
* !!!IMPORTANT!!!
|
|
||||||
*
|
|
||||||
* This file is considered deprecated. All options will eventually be moved to
|
|
||||||
* config.js, and no new options should be added here.
|
|
||||||
*/
|
|
||||||
|
|
||||||
var interfaceConfig = {
|
|
||||||
APP_NAME: '${BRANDING_APP_NAME}',
|
|
||||||
AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
|
|
||||||
AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* A UX mode where the last screen share participant is automatically
|
|
||||||
* pinned. Valid values are the string "remote-only" so remote participants
|
|
||||||
* get pinned but not local, otherwise any truthy value for all participants,
|
|
||||||
* and any falsy value to disable the feature.
|
|
||||||
*
|
|
||||||
* Note: this mode is experimental and subject to breakage.
|
|
||||||
*/
|
|
||||||
AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only',
|
|
||||||
BRAND_WATERMARK_LINK: '',
|
|
||||||
|
|
||||||
CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
|
|
||||||
|
|
||||||
DEFAULT_BACKGROUND: '#040404',
|
|
||||||
DEFAULT_LOGO_URL: '${BRANDING_WATERMARK_PATH}',
|
|
||||||
DEFAULT_WELCOME_PAGE_LOGO_URL: '${BRANDING_WATERMARK_PATH}',
|
|
||||||
|
|
||||||
DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If true, notifications regarding joining/leaving are no longer displayed.
|
|
||||||
*/
|
|
||||||
DISABLE_JOIN_LEAVE_NOTIFICATIONS: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If true, presence status: busy, calling, connected etc. is not displayed.
|
|
||||||
*/
|
|
||||||
DISABLE_PRESENCE_STATUS: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether the ringing sound in the call/ring overlay is disabled. If
|
|
||||||
* {@code undefined}, defaults to {@code false}.
|
|
||||||
*
|
|
||||||
* @type {boolean}
|
|
||||||
*/
|
|
||||||
DISABLE_RINGING: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether the speech to text transcription subtitles panel is disabled.
|
|
||||||
* If {@code undefined}, defaults to {@code false}.
|
|
||||||
*
|
|
||||||
* @type {boolean}
|
|
||||||
*/
|
|
||||||
DISABLE_TRANSCRIPTION_SUBTITLES: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether or not the blurred video background for large video should be
|
|
||||||
* displayed on browsers that can support it.
|
|
||||||
*/
|
|
||||||
DISABLE_VIDEO_BACKGROUND: false,
|
|
||||||
|
|
||||||
DISPLAY_WELCOME_FOOTER: true,
|
|
||||||
DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
|
|
||||||
DISPLAY_WELCOME_PAGE_CONTENT: false,
|
|
||||||
DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
|
|
||||||
|
|
||||||
ENABLE_DIAL_OUT: true,
|
|
||||||
|
|
||||||
ENABLE_FEEDBACK_ANIMATION: false, // Enables feedback star animation.
|
|
||||||
|
|
||||||
FILM_STRIP_MAX_HEIGHT: 120,
|
|
||||||
|
|
||||||
GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Hide the logo on the deep linking pages.
|
|
||||||
*/
|
|
||||||
HIDE_DEEP_LINKING_LOGO: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Hide the invite prompt in the header when alone in the meeting.
|
|
||||||
*/
|
|
||||||
HIDE_INVITE_MORE_HEADER: false,
|
|
||||||
|
|
||||||
JITSI_WATERMARK_LINK: 'https://jitsi.org',
|
|
||||||
|
|
||||||
LANG_DETECTION: true, // Allow i18n to detect the system language
|
|
||||||
LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', // Documentation reference for the live streaming feature.
|
|
||||||
LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Maximum coefficient of the ratio of the large video to the visible area
|
|
||||||
* after the large video is scaled to fit the window.
|
|
||||||
*
|
|
||||||
* @type {number}
|
|
||||||
*/
|
|
||||||
MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether the mobile app Jitsi Meet is to be promoted to participants
|
|
||||||
* attempting to join a conference in a mobile Web browser. If
|
|
||||||
* {@code undefined}, defaults to {@code true}.
|
|
||||||
*
|
|
||||||
* @type {boolean}
|
|
||||||
*/
|
|
||||||
MOBILE_APP_PROMO: true,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify custom URL for downloading android mobile app.
|
|
||||||
*/
|
|
||||||
MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify custom URL for downloading f droid app.
|
|
||||||
*/
|
|
||||||
MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/en/packages/org.jitsi.meet/',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify URL for downloading ios mobile app.
|
|
||||||
*/
|
|
||||||
MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
|
|
||||||
|
|
||||||
NATIVE_APP_NAME: 'Jitsi Meet',
|
|
||||||
|
|
||||||
// Names of browsers which should show a warning stating the current browser
|
|
||||||
// has a suboptimal experience. Browsers which are not listed as optimal or
|
|
||||||
// unsupported are considered suboptimal. Valid values are:
|
|
||||||
// chrome, chromium, edge, electron, firefox, nwjs, opera, safari
|
|
||||||
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],
|
|
||||||
|
|
||||||
POLICY_LOGO: null,
|
|
||||||
PROVIDER_NAME: 'Jitsi',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If true, will display recent list
|
|
||||||
*
|
|
||||||
* @type {boolean}
|
|
||||||
*/
|
|
||||||
RECENT_LIST_ENABLED: true,
|
|
||||||
REMOTE_THUMBNAIL_RATIO: 1, // 1:1
|
|
||||||
|
|
||||||
SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds' ],
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify which sharing features should be displayed. If the value is not set
|
|
||||||
* all sharing features will be shown. You can set [] to disable all.
|
|
||||||
*/
|
|
||||||
// SHARING_FEATURES: ['email', 'url', 'dial-in', 'embed'],
|
|
||||||
|
|
||||||
SHOW_BRAND_WATERMARK: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
|
|
||||||
* If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
|
|
||||||
* being already installed is done before rendering.
|
|
||||||
*/
|
|
||||||
SHOW_CHROME_EXTENSION_BANNER: false,
|
|
||||||
|
|
||||||
SHOW_DEEP_LINKING_IMAGE: false,
|
|
||||||
SHOW_JITSI_WATERMARK: true,
|
|
||||||
SHOW_POWERED_BY: false,
|
|
||||||
SHOW_PROMOTIONAL_CLOSE_PAGE: false,
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If indicated some of the error dialogs may point to the support URL for
|
|
||||||
* help.
|
|
||||||
*/
|
|
||||||
SUPPORT_URL: 'https://community.jitsi.org/',
|
|
||||||
|
|
||||||
// Browsers, in addition to those which do not fully support WebRTC, that
|
|
||||||
// are not supported and should show the unsupported browser page.
|
|
||||||
UNSUPPORTED_BROWSERS: [],
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether to show thumbnails in filmstrip as a column instead of as a row.
|
|
||||||
*/
|
|
||||||
VERTICAL_FILMSTRIP: true,
|
|
||||||
|
|
||||||
// Determines how the video would fit the screen. 'both' would fit the whole
|
|
||||||
// screen, 'height' would fit the original video height to the height of the
|
|
||||||
// screen, 'width' would fit the original video width to the width of the
|
|
||||||
// screen respecting ratio, 'nocrop' would make the video as large as
|
|
||||||
// possible and preserve aspect ratio without cropping.
|
|
||||||
VIDEO_LAYOUT_FIT: 'both',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If true, hides the video quality label indicating the resolution status
|
|
||||||
* of the current large video.
|
|
||||||
*
|
|
||||||
* @type {boolean}
|
|
||||||
*/
|
|
||||||
VIDEO_QUALITY_LABEL_DISABLED: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* How many columns the tile view can expand to. The respected range is
|
|
||||||
* between 1 and 5.
|
|
||||||
*/
|
|
||||||
// TILE_VIEW_MAX_COLUMNS: 5,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify Firebase dynamic link properties for the mobile apps.
|
|
||||||
*/
|
|
||||||
// MOBILE_DYNAMIC_LINK: {
|
|
||||||
// APN: 'org.jitsi.meet',
|
|
||||||
// APP_CODE: 'w2atb',
|
|
||||||
// CUSTOM_DOMAIN: undefined,
|
|
||||||
// IBI: 'com.atlassian.JitsiMeet.ios',
|
|
||||||
// ISI: '1165103905'
|
|
||||||
// },
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify mobile app scheme for opening the app from the mobile browser.
|
|
||||||
*/
|
|
||||||
// APP_SCHEME: 'org.jitsi.meet',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify the Android app package name.
|
|
||||||
*/
|
|
||||||
// ANDROID_APP_PACKAGE: 'org.jitsi.meet',
|
|
||||||
|
|
||||||
// List of undocumented settings
|
|
||||||
/**
|
|
||||||
INDICATOR_FONT_SIZES
|
|
||||||
PHONE_NUMBER_REGEX
|
|
||||||
*/
|
|
||||||
|
|
||||||
// -----------------DEPRECATED CONFIGS BELOW THIS LINE-----------------------------
|
|
||||||
|
|
||||||
// Connection indicators (
|
|
||||||
// CONNECTION_INDICATOR_AUTO_HIDE_ENABLED,
|
|
||||||
// CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT,
|
|
||||||
// CONNECTION_INDICATOR_DISABLED) got moved to config.js.
|
|
||||||
|
|
||||||
// Please use disableModeratorIndicator from config.js
|
|
||||||
// DISABLE_FOCUS_INDICATOR: false,
|
|
||||||
|
|
||||||
// Please use defaultLocalDisplayName from config.js
|
|
||||||
// DEFAULT_LOCAL_DISPLAY_NAME: 'me',
|
|
||||||
|
|
||||||
// Please use defaultRemoteDisplayName from config.js
|
|
||||||
// DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
|
|
||||||
|
|
||||||
// Moved to config.js as \`toolbarConfig.initialTimeout\`.
|
|
||||||
// INITIAL_TOOLBAR_TIMEOUT: 20000,
|
|
||||||
|
|
||||||
// Moved to config.js as \`toolbarConfig.alwaysVisible\`.
|
|
||||||
// TOOLBAR_ALWAYS_VISIBLE: false,
|
|
||||||
|
|
||||||
// This config was moved to config.js as \`toolbarButtons\`.
|
|
||||||
// TOOLBAR_BUTTONS: [],
|
|
||||||
|
|
||||||
// Moved to config.js as \`toolbarConfig.timeout\`.
|
|
||||||
// TOOLBAR_TIMEOUT: 4000,
|
|
||||||
|
|
||||||
// Allow all above example options to include a trailing comma and
|
|
||||||
// prevent fear when commenting out the last value.
|
|
||||||
// eslint-disable-next-line sort-keys
|
|
||||||
makeJsonParserHappy: 'even if last key had a trailing comma'
|
|
||||||
|
|
||||||
// No configuration value should follow this line.
|
|
||||||
};
|
|
||||||
|
|
||||||
/* eslint-enable no-unused-vars, no-var, max-len */
|
|
||||||
EOF
|
|
||||||
)"
|
|
|
@ -1,268 +0,0 @@
|
||||||
/* eslint-disable no-unused-vars, no-var, max-len */
|
|
||||||
/* eslint sort-keys: ["error", "asc", {"caseSensitive": false}] */
|
|
||||||
|
|
||||||
/**
|
|
||||||
* !!!IMPORTANT!!!
|
|
||||||
*
|
|
||||||
* This file is considered deprecated. All options will eventually be moved to
|
|
||||||
* config.js, and no new options should be added here.
|
|
||||||
*/
|
|
||||||
|
|
||||||
var interfaceConfig = {
|
|
||||||
APP_NAME: 'Jitsi Meet',
|
|
||||||
AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
|
|
||||||
AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* A UX mode where the last screen share participant is automatically
|
|
||||||
* pinned. Valid values are the string "remote-only" so remote participants
|
|
||||||
* get pinned but not local, otherwise any truthy value for all participants,
|
|
||||||
* and any falsy value to disable the feature.
|
|
||||||
*
|
|
||||||
* Note: this mode is experimental and subject to breakage.
|
|
||||||
*/
|
|
||||||
AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only',
|
|
||||||
BRAND_WATERMARK_LINK: '',
|
|
||||||
|
|
||||||
CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
|
|
||||||
|
|
||||||
DEFAULT_BACKGROUND: '#040404',
|
|
||||||
DEFAULT_LOGO_URL: 'images/watermark.svg',
|
|
||||||
DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg',
|
|
||||||
|
|
||||||
DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If true, notifications regarding joining/leaving are no longer displayed.
|
|
||||||
*/
|
|
||||||
DISABLE_JOIN_LEAVE_NOTIFICATIONS: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If true, presence status: busy, calling, connected etc. is not displayed.
|
|
||||||
*/
|
|
||||||
DISABLE_PRESENCE_STATUS: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether the ringing sound in the call/ring overlay is disabled. If
|
|
||||||
* {@code undefined}, defaults to {@code false}.
|
|
||||||
*
|
|
||||||
* @type {boolean}
|
|
||||||
*/
|
|
||||||
DISABLE_RINGING: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether the speech to text transcription subtitles panel is disabled.
|
|
||||||
* If {@code undefined}, defaults to {@code false}.
|
|
||||||
*
|
|
||||||
* @type {boolean}
|
|
||||||
*/
|
|
||||||
DISABLE_TRANSCRIPTION_SUBTITLES: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether or not the blurred video background for large video should be
|
|
||||||
* displayed on browsers that can support it.
|
|
||||||
*/
|
|
||||||
DISABLE_VIDEO_BACKGROUND: false,
|
|
||||||
|
|
||||||
DISPLAY_WELCOME_FOOTER: true,
|
|
||||||
DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
|
|
||||||
DISPLAY_WELCOME_PAGE_CONTENT: false,
|
|
||||||
DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
|
|
||||||
|
|
||||||
ENABLE_DIAL_OUT: true,
|
|
||||||
|
|
||||||
ENABLE_FEEDBACK_ANIMATION: false, // Enables feedback star animation.
|
|
||||||
|
|
||||||
FILM_STRIP_MAX_HEIGHT: 120,
|
|
||||||
|
|
||||||
GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Hide the logo on the deep linking pages.
|
|
||||||
*/
|
|
||||||
HIDE_DEEP_LINKING_LOGO: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Hide the invite prompt in the header when alone in the meeting.
|
|
||||||
*/
|
|
||||||
HIDE_INVITE_MORE_HEADER: false,
|
|
||||||
|
|
||||||
JITSI_WATERMARK_LINK: 'https://jitsi.org',
|
|
||||||
|
|
||||||
LANG_DETECTION: true, // Allow i18n to detect the system language
|
|
||||||
LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', // Documentation reference for the live streaming feature.
|
|
||||||
LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Maximum coefficient of the ratio of the large video to the visible area
|
|
||||||
* after the large video is scaled to fit the window.
|
|
||||||
*
|
|
||||||
* @type {number}
|
|
||||||
*/
|
|
||||||
MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether the mobile app Jitsi Meet is to be promoted to participants
|
|
||||||
* attempting to join a conference in a mobile Web browser. If
|
|
||||||
* {@code undefined}, defaults to {@code true}.
|
|
||||||
*
|
|
||||||
* @type {boolean}
|
|
||||||
*/
|
|
||||||
MOBILE_APP_PROMO: true,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify custom URL for downloading android mobile app.
|
|
||||||
*/
|
|
||||||
MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify custom URL for downloading f droid app.
|
|
||||||
*/
|
|
||||||
MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/en/packages/org.jitsi.meet/',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify URL for downloading ios mobile app.
|
|
||||||
*/
|
|
||||||
MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
|
|
||||||
|
|
||||||
NATIVE_APP_NAME: 'Jitsi Meet',
|
|
||||||
|
|
||||||
// Names of browsers which should show a warning stating the current browser
|
|
||||||
// has a suboptimal experience. Browsers which are not listed as optimal or
|
|
||||||
// unsupported are considered suboptimal. Valid values are:
|
|
||||||
// chrome, chromium, edge, electron, firefox, nwjs, opera, safari
|
|
||||||
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],
|
|
||||||
|
|
||||||
POLICY_LOGO: null,
|
|
||||||
PROVIDER_NAME: 'Jitsi',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If true, will display recent list
|
|
||||||
*
|
|
||||||
* @type {boolean}
|
|
||||||
*/
|
|
||||||
RECENT_LIST_ENABLED: true,
|
|
||||||
REMOTE_THUMBNAIL_RATIO: 1, // 1:1
|
|
||||||
|
|
||||||
SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds' ],
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify which sharing features should be displayed. If the value is not set
|
|
||||||
* all sharing features will be shown. You can set [] to disable all.
|
|
||||||
*/
|
|
||||||
// SHARING_FEATURES: ['email', 'url', 'dial-in', 'embed'],
|
|
||||||
|
|
||||||
SHOW_BRAND_WATERMARK: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
|
|
||||||
* If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
|
|
||||||
* being already installed is done before rendering.
|
|
||||||
*/
|
|
||||||
SHOW_CHROME_EXTENSION_BANNER: false,
|
|
||||||
|
|
||||||
SHOW_DEEP_LINKING_IMAGE: false,
|
|
||||||
SHOW_JITSI_WATERMARK: true,
|
|
||||||
SHOW_POWERED_BY: false,
|
|
||||||
SHOW_PROMOTIONAL_CLOSE_PAGE: false,
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If indicated some of the error dialogs may point to the support URL for
|
|
||||||
* help.
|
|
||||||
*/
|
|
||||||
SUPPORT_URL: 'https://community.jitsi.org/',
|
|
||||||
|
|
||||||
// Browsers, in addition to those which do not fully support WebRTC, that
|
|
||||||
// are not supported and should show the unsupported browser page.
|
|
||||||
UNSUPPORTED_BROWSERS: [],
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether to show thumbnails in filmstrip as a column instead of as a row.
|
|
||||||
*/
|
|
||||||
VERTICAL_FILMSTRIP: true,
|
|
||||||
|
|
||||||
// Determines how the video would fit the screen. 'both' would fit the whole
|
|
||||||
// screen, 'height' would fit the original video height to the height of the
|
|
||||||
// screen, 'width' would fit the original video width to the width of the
|
|
||||||
// screen respecting ratio, 'nocrop' would make the video as large as
|
|
||||||
// possible and preserve aspect ratio without cropping.
|
|
||||||
VIDEO_LAYOUT_FIT: 'both',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If true, hides the video quality label indicating the resolution status
|
|
||||||
* of the current large video.
|
|
||||||
*
|
|
||||||
* @type {boolean}
|
|
||||||
*/
|
|
||||||
VIDEO_QUALITY_LABEL_DISABLED: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* How many columns the tile view can expand to. The respected range is
|
|
||||||
* between 1 and 5.
|
|
||||||
*/
|
|
||||||
// TILE_VIEW_MAX_COLUMNS: 5,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify Firebase dynamic link properties for the mobile apps.
|
|
||||||
*/
|
|
||||||
// MOBILE_DYNAMIC_LINK: {
|
|
||||||
// APN: 'org.jitsi.meet',
|
|
||||||
// APP_CODE: 'w2atb',
|
|
||||||
// CUSTOM_DOMAIN: undefined,
|
|
||||||
// IBI: 'com.atlassian.JitsiMeet.ios',
|
|
||||||
// ISI: '1165103905'
|
|
||||||
// },
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify mobile app scheme for opening the app from the mobile browser.
|
|
||||||
*/
|
|
||||||
// APP_SCHEME: 'org.jitsi.meet',
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Specify the Android app package name.
|
|
||||||
*/
|
|
||||||
// ANDROID_APP_PACKAGE: 'org.jitsi.meet',
|
|
||||||
|
|
||||||
// List of undocumented settings
|
|
||||||
/**
|
|
||||||
INDICATOR_FONT_SIZES
|
|
||||||
PHONE_NUMBER_REGEX
|
|
||||||
*/
|
|
||||||
|
|
||||||
// -----------------DEPRECATED CONFIGS BELOW THIS LINE-----------------------------
|
|
||||||
|
|
||||||
// Connection indicators (
|
|
||||||
// CONNECTION_INDICATOR_AUTO_HIDE_ENABLED,
|
|
||||||
// CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT,
|
|
||||||
// CONNECTION_INDICATOR_DISABLED) got moved to config.js.
|
|
||||||
|
|
||||||
// Please use disableModeratorIndicator from config.js
|
|
||||||
// DISABLE_FOCUS_INDICATOR: false,
|
|
||||||
|
|
||||||
// Please use defaultLocalDisplayName from config.js
|
|
||||||
// DEFAULT_LOCAL_DISPLAY_NAME: 'me',
|
|
||||||
|
|
||||||
// Please use defaultRemoteDisplayName from config.js
|
|
||||||
// DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
|
|
||||||
|
|
||||||
// Moved to config.js as `toolbarConfig.initialTimeout`.
|
|
||||||
// INITIAL_TOOLBAR_TIMEOUT: 20000,
|
|
||||||
|
|
||||||
// Moved to config.js as `toolbarConfig.alwaysVisible`.
|
|
||||||
// TOOLBAR_ALWAYS_VISIBLE: false,
|
|
||||||
|
|
||||||
// This config was moved to config.js as `toolbarButtons`.
|
|
||||||
// TOOLBAR_BUTTONS: [],
|
|
||||||
|
|
||||||
// Moved to config.js as `toolbarConfig.timeout`.
|
|
||||||
// TOOLBAR_TIMEOUT: 4000,
|
|
||||||
|
|
||||||
// Allow all above example options to include a trailing comma and
|
|
||||||
// prevent fear when commenting out the last value.
|
|
||||||
// eslint-disable-next-line sort-keys
|
|
||||||
makeJsonParserHappy: 'even if last key had a trailing comma'
|
|
||||||
|
|
||||||
// No configuration value should follow this line.
|
|
||||||
};
|
|
||||||
|
|
||||||
/* eslint-enable no-unused-vars, no-var, max-len */
|
|
|
@ -1 +0,0 @@
|
||||||
2.0.7439-1
|
|
|
@ -1,204 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034 # This is intended to be included
|
|
||||||
JITSI_NGINX_CONFIG="$(cat <<EOF
|
|
||||||
# Jitsi uses following lines by default, in our cdist types they must be commented
|
|
||||||
# out as we already set it with __jitsi_meet in the default server config.
|
|
||||||
#server_names_hash_bucket_size 64;
|
|
||||||
#
|
|
||||||
#types {
|
|
||||||
## nginx's default mime.types doesn't include a mapping for wasm
|
|
||||||
# application/wasm wasm;
|
|
||||||
#}
|
|
||||||
# These upstreams are managed by __jitsi_meet
|
|
||||||
#upstream prosody {
|
|
||||||
# zone upstreams 64K;
|
|
||||||
# server 127.0.0.1:5280;
|
|
||||||
# keepalive 2;
|
|
||||||
#}
|
|
||||||
#upstream jvb1 {
|
|
||||||
# zone upstreams 64K;
|
|
||||||
# server 127.0.0.1:9090;
|
|
||||||
# keepalive 2;
|
|
||||||
#}
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name ${DOMAIN};
|
|
||||||
|
|
||||||
include snippets/acme-challenge.conf;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
return 301 https://\$host\$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name ${DOMAIN};
|
|
||||||
|
|
||||||
include snippets/acme-challenge.conf;
|
|
||||||
|
|
||||||
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
||||||
ssl_prefer_server_ciphers off;
|
|
||||||
|
|
||||||
ssl_session_timeout 1d;
|
|
||||||
ssl_session_cache shared:SSL:10m; # about 40000 sessions
|
|
||||||
ssl_session_tickets off;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
||||||
set \$prefix "";
|
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
|
|
||||||
|
|
||||||
root /usr/share/jitsi-meet;
|
|
||||||
|
|
||||||
# ssi on with javascript for multidomain variables in config.js
|
|
||||||
ssi on;
|
|
||||||
ssi_types application/x-javascript application/javascript;
|
|
||||||
|
|
||||||
# Try the custom page for this domain, fallback to default page
|
|
||||||
index index-${DOMAIN}.html index.html index.htm;
|
|
||||||
error_page 404 /static/404.html;
|
|
||||||
|
|
||||||
gzip on;
|
|
||||||
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
|
|
||||||
gzip_vary on;
|
|
||||||
gzip_proxied no-cache no-store private expired auth;
|
|
||||||
gzip_min_length 512;
|
|
||||||
|
|
||||||
# We expect this domain to be properly configured, the file should exist
|
|
||||||
location = /config.js {
|
|
||||||
alias /etc/jitsi/meet/${DOMAIN}-config.js;
|
|
||||||
}
|
|
||||||
# We expect this domain to be properly configured, the file should exist
|
|
||||||
location = /interface_config.js {
|
|
||||||
alias /etc/jitsi/meet/${DOMAIN}-interface_config.js;
|
|
||||||
}
|
|
||||||
# This may or may not exist; it will be set up in config.js if needed
|
|
||||||
location = /branding.json {
|
|
||||||
alias /etc/jitsi/meet/${DOMAIN}-branding.json;
|
|
||||||
}
|
|
||||||
# Try custom image and fallback to default
|
|
||||||
location = /images/watermark.png {
|
|
||||||
try_files /images/watermark-${DOMAIN}.png \$uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
location = /external_api.js {
|
|
||||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
|
||||||
}
|
|
||||||
|
|
||||||
# ensure all static content can always be found first
|
|
||||||
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)\$
|
|
||||||
{
|
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
|
||||||
alias /usr/share/jitsi-meet/\$1/\$2;
|
|
||||||
|
|
||||||
# cache all versioned files
|
|
||||||
if (\$arg_v) {
|
|
||||||
expires 1y;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# Paths for jsi / interpreters
|
|
||||||
location ~ ^/i/(img/[^./]*.png|jsi.js|style.css)$
|
|
||||||
{
|
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
|
||||||
alias /opt/jsi/static/\$1;
|
|
||||||
|
|
||||||
# cache all versioned files
|
|
||||||
if (\$arg_v) {
|
|
||||||
expires 1y;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
location ~ ^/i/
|
|
||||||
{
|
|
||||||
try_files /${DOMAIN}-interpreters.html /interpreters.html \$uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
# BOSH
|
|
||||||
location = /http-bind {
|
|
||||||
proxy_pass http://prosody/http-bind?prefix=\$prefix&\$args;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
|
||||||
# Prevision for 'multi-domain' jitsi instances
|
|
||||||
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
|
|
||||||
proxy_set_header Host ${DOMAIN};
|
|
||||||
proxy_set_header Connection "";
|
|
||||||
}
|
|
||||||
|
|
||||||
# xmpp websockets
|
|
||||||
location = /xmpp-websocket {
|
|
||||||
proxy_pass http://prosody/xmpp-websocket?prefix=\$prefix&\$args;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade \$http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
# Prevision for 'multi-domain' jitsi instances
|
|
||||||
# https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391
|
|
||||||
proxy_set_header Host ${DOMAIN};
|
|
||||||
tcp_nodelay on;
|
|
||||||
}
|
|
||||||
|
|
||||||
# colibri (JVB) websockets for jvb1
|
|
||||||
location ~ ^/colibri-ws/default-id/(.*) {
|
|
||||||
proxy_pass http://jvb1/colibri-ws/default-id/\$1\$is_args\$args;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade \$http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
tcp_nodelay on;
|
|
||||||
}
|
|
||||||
|
|
||||||
# load test minimal client, uncomment when used
|
|
||||||
#location ~ ^/_load-test/([^/?&:'"]+)\$ {
|
|
||||||
# rewrite ^/_load-test/(.*)\$ /load-test/index.html break;
|
|
||||||
#}
|
|
||||||
#location ~ ^/_load-test/libs/(.*)\$ {
|
|
||||||
# add_header 'Access-Control-Allow-Origin' '*';
|
|
||||||
# alias /usr/share/jitsi-meet/load-test/libs/\$1;
|
|
||||||
#}
|
|
||||||
|
|
||||||
location ~ ^/([^/?&:'"]+)\$ {
|
|
||||||
try_files \$uri @root_path;
|
|
||||||
}
|
|
||||||
|
|
||||||
location @root_path {
|
|
||||||
rewrite ^/(.*)\$ / break;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ ^/([^/?&:'"]+)/config.js\$
|
|
||||||
{
|
|
||||||
set \$subdomain "\$1.";
|
|
||||||
set \$subdir "\$1/";
|
|
||||||
|
|
||||||
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
|
|
||||||
}
|
|
||||||
|
|
||||||
# BOSH for subdomains
|
|
||||||
location ~ ^/([^/?&:'"]+)/http-bind {
|
|
||||||
set \$subdomain "\$1.";
|
|
||||||
set \$subdir "\$1/";
|
|
||||||
set \$prefix "\$1";
|
|
||||||
|
|
||||||
rewrite ^/(.*)\$ /http-bind;
|
|
||||||
}
|
|
||||||
|
|
||||||
# websockets for subdomains
|
|
||||||
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
|
|
||||||
set \$subdomain "\$1.";
|
|
||||||
set \$subdir "\$1/";
|
|
||||||
set \$prefix "\$1";
|
|
||||||
|
|
||||||
rewrite ^/(.*)\$ /xmpp-websocket;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
|
|
||||||
location ~ ^/([^/?&:'"]+)/(.*)\$ {
|
|
||||||
set \$subdomain "\$1.";
|
|
||||||
set \$subdir "\$1/";
|
|
||||||
rewrite ^/([^/?&:'"]+)/(.*)\$ /\$2;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
)"
|
|
|
@ -1,165 +0,0 @@
|
||||||
server_names_hash_bucket_size 64;
|
|
||||||
|
|
||||||
types {
|
|
||||||
# nginx's default mime.types doesn't include a mapping for wasm
|
|
||||||
application/wasm wasm;
|
|
||||||
}
|
|
||||||
upstream prosody {
|
|
||||||
zone upstreams 64K;
|
|
||||||
server 127.0.0.1:5280;
|
|
||||||
keepalive 2;
|
|
||||||
}
|
|
||||||
upstream jvb1 {
|
|
||||||
zone upstreams 64K;
|
|
||||||
server 127.0.0.1:9090;
|
|
||||||
keepalive 2;
|
|
||||||
}
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name jitsi-meet.example.com;
|
|
||||||
|
|
||||||
location ^~ /.well-known/acme-challenge/ {
|
|
||||||
default_type "text/plain";
|
|
||||||
root /usr/share/jitsi-meet;
|
|
||||||
}
|
|
||||||
location = /.well-known/acme-challenge/ {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
location / {
|
|
||||||
return 301 https://$host$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name jitsi-meet.example.com;
|
|
||||||
|
|
||||||
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
||||||
ssl_prefer_server_ciphers off;
|
|
||||||
|
|
||||||
ssl_session_timeout 1d;
|
|
||||||
ssl_session_cache shared:SSL:10m; # about 40000 sessions
|
|
||||||
ssl_session_tickets off;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
||||||
set $prefix "";
|
|
||||||
|
|
||||||
ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt;
|
|
||||||
ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key;
|
|
||||||
|
|
||||||
root /usr/share/jitsi-meet;
|
|
||||||
|
|
||||||
# ssi on with javascript for multidomain variables in config.js
|
|
||||||
ssi on;
|
|
||||||
ssi_types application/x-javascript application/javascript;
|
|
||||||
|
|
||||||
index index.html index.htm;
|
|
||||||
error_page 404 /static/404.html;
|
|
||||||
|
|
||||||
gzip on;
|
|
||||||
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
|
|
||||||
gzip_vary on;
|
|
||||||
gzip_proxied no-cache no-store private expired auth;
|
|
||||||
gzip_min_length 512;
|
|
||||||
|
|
||||||
location = /config.js {
|
|
||||||
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
|
|
||||||
}
|
|
||||||
|
|
||||||
location = /external_api.js {
|
|
||||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
|
||||||
}
|
|
||||||
|
|
||||||
# ensure all static content can always be found first
|
|
||||||
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
|
|
||||||
{
|
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
|
||||||
alias /usr/share/jitsi-meet/$1/$2;
|
|
||||||
|
|
||||||
# cache all versioned files
|
|
||||||
if ($arg_v) {
|
|
||||||
expires 1y;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# BOSH
|
|
||||||
location = /http-bind {
|
|
||||||
proxy_pass http://prosody/http-bind?prefix=$prefix&$args;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_set_header Connection "";
|
|
||||||
}
|
|
||||||
|
|
||||||
# xmpp websockets
|
|
||||||
location = /xmpp-websocket {
|
|
||||||
proxy_pass http://prosody/xmpp-websocket?prefix=$prefix&$args;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
tcp_nodelay on;
|
|
||||||
}
|
|
||||||
|
|
||||||
# colibri (JVB) websockets for jvb1
|
|
||||||
location ~ ^/colibri-ws/default-id/(.*) {
|
|
||||||
proxy_pass http://jvb1/colibri-ws/default-id/$1$is_args$args;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
tcp_nodelay on;
|
|
||||||
}
|
|
||||||
|
|
||||||
# load test minimal client, uncomment when used
|
|
||||||
#location ~ ^/_load-test/([^/?&:'"]+)$ {
|
|
||||||
# rewrite ^/_load-test/(.*)$ /load-test/index.html break;
|
|
||||||
#}
|
|
||||||
#location ~ ^/_load-test/libs/(.*)$ {
|
|
||||||
# add_header 'Access-Control-Allow-Origin' '*';
|
|
||||||
# alias /usr/share/jitsi-meet/load-test/libs/$1;
|
|
||||||
#}
|
|
||||||
|
|
||||||
location ~ ^/([^/?&:'"]+)$ {
|
|
||||||
try_files $uri @root_path;
|
|
||||||
}
|
|
||||||
|
|
||||||
location @root_path {
|
|
||||||
rewrite ^/(.*)$ / break;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ ^/([^/?&:'"]+)/config.js$
|
|
||||||
{
|
|
||||||
set $subdomain "$1.";
|
|
||||||
set $subdir "$1/";
|
|
||||||
|
|
||||||
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
|
|
||||||
}
|
|
||||||
|
|
||||||
# BOSH for subdomains
|
|
||||||
location ~ ^/([^/?&:'"]+)/http-bind {
|
|
||||||
set $subdomain "$1.";
|
|
||||||
set $subdir "$1/";
|
|
||||||
set $prefix "$1";
|
|
||||||
|
|
||||||
rewrite ^/(.*)$ /http-bind;
|
|
||||||
}
|
|
||||||
|
|
||||||
# websockets for subdomains
|
|
||||||
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
|
|
||||||
set $subdomain "$1.";
|
|
||||||
set $subdir "$1/";
|
|
||||||
set $prefix "$1";
|
|
||||||
|
|
||||||
rewrite ^/(.*)$ /xmpp-websocket;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
|
|
||||||
location ~ ^/([^/?&:'"]+)/(.*)$ {
|
|
||||||
set $subdomain "$1.";
|
|
||||||
set $subdir "$1/";
|
|
||||||
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,228 +0,0 @@
|
||||||
#!/bin/sh -eu
|
|
||||||
|
|
||||||
# Source:
|
|
||||||
# https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example
|
|
||||||
FOCUS_USER="focus"
|
|
||||||
JITSI_DOMAIN="${JITSI_DOMAIN:-${JITSI_HOST:?}}"
|
|
||||||
# PROSODY_MAIN_CONFIG: defined in __jitsi_meet, empty in __jitsi_meet_domain
|
|
||||||
PROSODY_SECUREDOMAIN_START="--[["
|
|
||||||
PROSODY_SECUREDOMAIN_END="--]]"
|
|
||||||
if [ -n "${PROSODY_MAIN_CONFIG}" ]; then
|
|
||||||
PROSODY_MAIN_START=""
|
|
||||||
PROSODY_MAIN_END=""
|
|
||||||
PROSODY_DOMAIN_START="--[["
|
|
||||||
PROSODY_DOMAIN_END="--]]"
|
|
||||||
else
|
|
||||||
PROSODY_MAIN_START="--[["
|
|
||||||
PROSODY_MAIN_END="--]]"
|
|
||||||
PROSODY_DOMAIN_START=""
|
|
||||||
PROSODY_DOMAIN_END=""
|
|
||||||
if [ -n "${SECURED_DOMAINS}" ]; then
|
|
||||||
PROSODY_SECUREDOMAIN_START=""
|
|
||||||
PROSODY_SECUREDOMAIN_END=""
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
# Websockets haven't been fully tested in this type and don't work reliably
|
|
||||||
PROSODY_WEBSOCKET="-- "
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034 # This is intended to be included
|
|
||||||
PROSODY_CONFIG="$(cat <<EOFPROSODY
|
|
||||||
-- Managed remotely, changes will be lost
|
|
||||||
${PROSODY_MAIN_START}
|
|
||||||
-- This will be managed by __jitsi_meet
|
|
||||||
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
|
||||||
|
|
||||||
-- domain mapper options, must at least have domain base set to use the mapper
|
|
||||||
muc_mapper_domain_base = "${JITSI_HOST:?}";
|
|
||||||
|
|
||||||
external_service_secret = "${TURN_SECRET:-TurnSecret}";
|
|
||||||
external_services = {
|
|
||||||
{ type = "stun", host = "${JITSI_HOST:?}", port = 3478 },
|
|
||||||
{ type = "turn", host = "${JITSI_HOST:?}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
|
|
||||||
{ type = "turns", host = "${JITSI_HOST:?}", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
|
|
||||||
};
|
|
||||||
|
|
||||||
cross_domain_bosh = false;
|
|
||||||
consider_bosh_secure = true;
|
|
||||||
-- Use websockets
|
|
||||||
-- https://community.jitsi.org/t/how-to-how-to-enable-websockets-xmpp-websocket-and-smacks-for-prosody/87920
|
|
||||||
${PROSODY_WEBSOCKET}consider_websocket_secure = true;
|
|
||||||
|
|
||||||
-- https_ports = { }; -- Remove this line to prevent listening on port 5284
|
|
||||||
|
|
||||||
-- by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1)
|
|
||||||
--http_cors_override = {
|
|
||||||
-- bosh = {
|
|
||||||
-- enabled = false;
|
|
||||||
-- };
|
|
||||||
-- websocket = {
|
|
||||||
-- enabled = false;
|
|
||||||
-- };
|
|
||||||
--}
|
|
||||||
|
|
||||||
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
|
||||||
ssl = {
|
|
||||||
protocol = "tlsv1_2+";
|
|
||||||
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
|
|
||||||
}
|
|
||||||
|
|
||||||
unlimited_jids = {
|
|
||||||
"${FOCUS_USER:?}@auth.${JITSI_HOST:?}",
|
|
||||||
"jvb@auth.${JITSI_HOST:?}"
|
|
||||||
}
|
|
||||||
${PROSODY_MAIN_END}
|
|
||||||
|
|
||||||
${PROSODY_DOMAIN_START}
|
|
||||||
-- This will be managed by __jitsi_meet_domain
|
|
||||||
VirtualHost "${JITSI_DOMAIN:?}"
|
|
||||||
-- enabled = false -- Remove this line to enable this host
|
|
||||||
authentication = "anonymous"
|
|
||||||
-- Properties below are modified by jitsi-meet-tokens package config
|
|
||||||
-- and authentication above is switched to "token"
|
|
||||||
--app_id="example_app_id"
|
|
||||||
--app_secret="example_app_secret"
|
|
||||||
-- Assign this host a certificate for TLS, otherwise it would use the one
|
|
||||||
-- set in the global section (if any).
|
|
||||||
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
|
||||||
-- use the global one.
|
|
||||||
ssl = {
|
|
||||||
key = "/etc/prosody/certs/${JITSI_DOMAIN:?}.key";
|
|
||||||
certificate = "/etc/prosody/certs/${JITSI_DOMAIN:?}.crt";
|
|
||||||
}
|
|
||||||
av_moderation_component = "avmoderation.${JITSI_DOMAIN:?}"
|
|
||||||
speakerstats_component = "speakerstats.${JITSI_DOMAIN:?}"
|
|
||||||
conference_duration_component = "conferenceduration.${JITSI_DOMAIN:?}"
|
|
||||||
-- we need bosh
|
|
||||||
modules_enabled = {
|
|
||||||
"bosh";
|
|
||||||
"pubsub";
|
|
||||||
"ping"; -- Enable mod_ping
|
|
||||||
"speakerstats";
|
|
||||||
"external_services";
|
|
||||||
"conference_duration";
|
|
||||||
"muc_lobby_rooms";
|
|
||||||
"muc_breakout_rooms";
|
|
||||||
"av_moderation";
|
|
||||||
${PROSODY_WEBSOCKET} "websocket";
|
|
||||||
${PROSODY_WEBSOCKET} "smacks";
|
|
||||||
}
|
|
||||||
smacks_max_unacked_stanzas = 5;
|
|
||||||
smacks_hibernation_time = 60;
|
|
||||||
smacks_max_hibernated_sessions = 1;
|
|
||||||
smacks_max_old_sessions = 1;
|
|
||||||
c2s_require_encryption = false
|
|
||||||
lobby_muc = "lobby.${JITSI_DOMAIN:?}"
|
|
||||||
breakout_rooms_muc = "breakout.${JITSI_DOMAIN:?}"
|
|
||||||
main_muc = "conference.${JITSI_DOMAIN:?}"
|
|
||||||
-- muc_lobby_whitelist = { "recorder.${JITSI_DOMAIN:?}" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
|
||||||
|
|
||||||
Component "conference.${JITSI_DOMAIN:?}" "muc"
|
|
||||||
restrict_room_creation = true
|
|
||||||
storage = "memory"
|
|
||||||
modules_enabled = {
|
|
||||||
"muc_meeting_id";
|
|
||||||
"muc_domain_mapper";
|
|
||||||
"polls";
|
|
||||||
--"token_verification";
|
|
||||||
"muc_rate_limit";
|
|
||||||
}
|
|
||||||
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}" }
|
|
||||||
muc_room_locking = false
|
|
||||||
muc_room_default_public_jids = true
|
|
||||||
|
|
||||||
Component "breakout.${JITSI_DOMAIN:?}" "muc"
|
|
||||||
restrict_room_creation = true
|
|
||||||
storage = "memory"
|
|
||||||
modules_enabled = {
|
|
||||||
"muc_meeting_id";
|
|
||||||
"muc_domain_mapper";
|
|
||||||
--"token_verification";
|
|
||||||
"muc_rate_limit";
|
|
||||||
"polls";
|
|
||||||
}
|
|
||||||
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}" }
|
|
||||||
muc_room_locking = false
|
|
||||||
muc_room_default_public_jids = true
|
|
||||||
|
|
||||||
-- internal muc component
|
|
||||||
Component "internal.auth.${JITSI_DOMAIN:?}" "muc"
|
|
||||||
storage = "memory"
|
|
||||||
modules_enabled = {
|
|
||||||
"ping";
|
|
||||||
}
|
|
||||||
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}", "jvb@auth.${JITSI_HOST:?}" }
|
|
||||||
muc_room_locking = false
|
|
||||||
muc_room_default_public_jids = true
|
|
||||||
-- https://prosody.im/doc/modules/mod_muc
|
|
||||||
muc_room_cache_size = 1000
|
|
||||||
${PROSODY_DOMAIN_END}
|
|
||||||
${PROSODY_MAIN_START}
|
|
||||||
-- This will be managed by __jitsi_meet
|
|
||||||
|
|
||||||
VirtualHost "auth.${JITSI_DOMAIN:?}"
|
|
||||||
ssl = {
|
|
||||||
key = "/etc/prosody/certs/auth.${JITSI_DOMAIN:?}.key";
|
|
||||||
certificate = "/etc/prosody/certs/auth.${JITSI_DOMAIN:?}.crt";
|
|
||||||
}
|
|
||||||
|
|
||||||
modules_enabled = {
|
|
||||||
"limits_exception";
|
|
||||||
}
|
|
||||||
authentication = "internal_hashed"
|
|
||||||
${PROSODY_MAIN_END}
|
|
||||||
${PROSODY_DOMAIN_START}
|
|
||||||
-- This will be managed by __jitsi_meet_domain
|
|
||||||
|
|
||||||
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
|
|
||||||
Component "focus.${JITSI_DOMAIN:?}" "client_proxy"
|
|
||||||
-- Single focus user for the whole instance
|
|
||||||
target_address = "${FOCUS_USER:?}@auth.${JITSI_HOST:?}"
|
|
||||||
|
|
||||||
Component "speakerstats.${JITSI_DOMAIN:?}" "speakerstats_component"
|
|
||||||
muc_component = "conference.${JITSI_DOMAIN:?}"
|
|
||||||
|
|
||||||
Component "conferenceduration.${JITSI_DOMAIN:?}" "conference_duration_component"
|
|
||||||
muc_component = "conference.${JITSI_DOMAIN:?}"
|
|
||||||
|
|
||||||
Component "avmoderation.${JITSI_DOMAIN:?}" "av_moderation_component"
|
|
||||||
muc_component = "conference.${JITSI_DOMAIN:?}"
|
|
||||||
|
|
||||||
Component "lobby.${JITSI_DOMAIN:?}" "muc"
|
|
||||||
storage = "memory"
|
|
||||||
restrict_room_creation = true
|
|
||||||
muc_room_locking = false
|
|
||||||
muc_room_default_public_jids = true
|
|
||||||
modules_enabled = {
|
|
||||||
"muc_rate_limit";
|
|
||||||
"polls";
|
|
||||||
}
|
|
||||||
${PROSODY_DOMAIN_END}
|
|
||||||
|
|
||||||
--[[
|
|
||||||
-- Enables dial-in for Jitsi meet components customers
|
|
||||||
-- Note: make sure you have the following packages installed: lua-basexx, liblua5.3-dev, libssl-dev, luarocks
|
|
||||||
-- and execute $ sudo luarocks install luajwtjitsi 3.0-0
|
|
||||||
VirtualHost "jigasi.meet.jitsi"
|
|
||||||
enabled = false -- Jitsi meet components customers remove this line
|
|
||||||
modules_enabled = {
|
|
||||||
"ping";
|
|
||||||
"bosh";
|
|
||||||
}
|
|
||||||
authentication = "token"
|
|
||||||
app_id = "jitsi";
|
|
||||||
asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
|
|
||||||
asap_accepted_issuers = { "jaas-components" }
|
|
||||||
asap_accepted_audiences = { "jigasi.jitmeet.example.com" }
|
|
||||||
--]]
|
|
||||||
|
|
||||||
${PROSODY_SECUREDOMAIN_START}
|
|
||||||
-- Only used on secured domains
|
|
||||||
VirtualHost "${JITSI_DOMAIN}"
|
|
||||||
authentication = "internal_plain"
|
|
||||||
|
|
||||||
VirtualHost "guest.${JITSI_DOMAIN}"
|
|
||||||
authentication = "anonymous"
|
|
||||||
c2s_require_encryption = false
|
|
||||||
${PROSODY_SECUREDOMAIN_END}
|
|
||||||
EOFPROSODY
|
|
||||||
)"
|
|
|
@ -1,154 +0,0 @@
|
||||||
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
|
||||||
|
|
||||||
-- domain mapper options, must at least have domain base set to use the mapper
|
|
||||||
muc_mapper_domain_base = "jitmeet.example.com";
|
|
||||||
|
|
||||||
external_service_secret = "__turnSecret__";
|
|
||||||
external_services = {
|
|
||||||
{ type = "stun", host = "jitmeet.example.com", port = 3478 },
|
|
||||||
{ type = "turn", host = "jitmeet.example.com", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
|
|
||||||
{ type = "turns", host = "jitmeet.example.com", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
|
|
||||||
};
|
|
||||||
|
|
||||||
cross_domain_bosh = false;
|
|
||||||
consider_bosh_secure = true;
|
|
||||||
-- https_ports = { }; -- Remove this line to prevent listening on port 5284
|
|
||||||
|
|
||||||
-- by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1)
|
|
||||||
--http_cors_override = {
|
|
||||||
-- bosh = {
|
|
||||||
-- enabled = false;
|
|
||||||
-- };
|
|
||||||
-- websocket = {
|
|
||||||
-- enabled = false;
|
|
||||||
-- };
|
|
||||||
--}
|
|
||||||
|
|
||||||
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
|
||||||
ssl = {
|
|
||||||
protocol = "tlsv1_2+";
|
|
||||||
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
|
|
||||||
}
|
|
||||||
|
|
||||||
unlimited_jids = {
|
|
||||||
"focusUser@auth.jitmeet.example.com",
|
|
||||||
"jvb@auth.jitmeet.example.com"
|
|
||||||
}
|
|
||||||
|
|
||||||
VirtualHost "jitmeet.example.com"
|
|
||||||
-- enabled = false -- Remove this line to enable this host
|
|
||||||
authentication = "anonymous"
|
|
||||||
-- Properties below are modified by jitsi-meet-tokens package config
|
|
||||||
-- and authentication above is switched to "token"
|
|
||||||
--app_id="example_app_id"
|
|
||||||
--app_secret="example_app_secret"
|
|
||||||
-- Assign this host a certificate for TLS, otherwise it would use the one
|
|
||||||
-- set in the global section (if any).
|
|
||||||
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
|
||||||
-- use the global one.
|
|
||||||
ssl = {
|
|
||||||
key = "/etc/prosody/certs/jitmeet.example.com.key";
|
|
||||||
certificate = "/etc/prosody/certs/jitmeet.example.com.crt";
|
|
||||||
}
|
|
||||||
av_moderation_component = "avmoderation.jitmeet.example.com"
|
|
||||||
speakerstats_component = "speakerstats.jitmeet.example.com"
|
|
||||||
conference_duration_component = "conferenceduration.jitmeet.example.com"
|
|
||||||
-- we need bosh
|
|
||||||
modules_enabled = {
|
|
||||||
"bosh";
|
|
||||||
"pubsub";
|
|
||||||
"ping"; -- Enable mod_ping
|
|
||||||
"speakerstats";
|
|
||||||
"external_services";
|
|
||||||
"conference_duration";
|
|
||||||
"muc_lobby_rooms";
|
|
||||||
"muc_breakout_rooms";
|
|
||||||
"av_moderation";
|
|
||||||
}
|
|
||||||
c2s_require_encryption = false
|
|
||||||
lobby_muc = "lobby.jitmeet.example.com"
|
|
||||||
breakout_rooms_muc = "breakout.jitmeet.example.com"
|
|
||||||
main_muc = "conference.jitmeet.example.com"
|
|
||||||
-- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
|
||||||
|
|
||||||
Component "conference.jitmeet.example.com" "muc"
|
|
||||||
restrict_room_creation = true
|
|
||||||
storage = "memory"
|
|
||||||
modules_enabled = {
|
|
||||||
"muc_meeting_id";
|
|
||||||
"muc_domain_mapper";
|
|
||||||
"polls";
|
|
||||||
--"token_verification";
|
|
||||||
"muc_rate_limit";
|
|
||||||
}
|
|
||||||
admins = { "focusUser@auth.jitmeet.example.com" }
|
|
||||||
muc_room_locking = false
|
|
||||||
muc_room_default_public_jids = true
|
|
||||||
|
|
||||||
Component "breakout.jitmeet.example.com" "muc"
|
|
||||||
restrict_room_creation = true
|
|
||||||
storage = "memory"
|
|
||||||
modules_enabled = {
|
|
||||||
"muc_meeting_id";
|
|
||||||
"muc_domain_mapper";
|
|
||||||
--"token_verification";
|
|
||||||
"muc_rate_limit";
|
|
||||||
"polls";
|
|
||||||
}
|
|
||||||
admins = { "focusUser@auth.jitmeet.example.com" }
|
|
||||||
muc_room_locking = false
|
|
||||||
muc_room_default_public_jids = true
|
|
||||||
|
|
||||||
-- internal muc component
|
|
||||||
Component "internal.auth.jitmeet.example.com" "muc"
|
|
||||||
storage = "memory"
|
|
||||||
modules_enabled = {
|
|
||||||
"ping";
|
|
||||||
}
|
|
||||||
admins = { "focusUser@auth.jitmeet.example.com", "jvb@auth.jitmeet.example.com" }
|
|
||||||
muc_room_locking = false
|
|
||||||
muc_room_default_public_jids = true
|
|
||||||
|
|
||||||
VirtualHost "auth.jitmeet.example.com"
|
|
||||||
modules_enabled = {
|
|
||||||
"limits_exception";
|
|
||||||
}
|
|
||||||
authentication = "internal_hashed"
|
|
||||||
|
|
||||||
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
|
|
||||||
Component "focus.jitmeet.example.com" "client_proxy"
|
|
||||||
target_address = "focusUser@auth.jitmeet.example.com"
|
|
||||||
|
|
||||||
Component "speakerstats.jitmeet.example.com" "speakerstats_component"
|
|
||||||
muc_component = "conference.jitmeet.example.com"
|
|
||||||
|
|
||||||
Component "conferenceduration.jitmeet.example.com" "conference_duration_component"
|
|
||||||
muc_component = "conference.jitmeet.example.com"
|
|
||||||
|
|
||||||
Component "avmoderation.jitmeet.example.com" "av_moderation_component"
|
|
||||||
muc_component = "conference.jitmeet.example.com"
|
|
||||||
|
|
||||||
Component "lobby.jitmeet.example.com" "muc"
|
|
||||||
storage = "memory"
|
|
||||||
restrict_room_creation = true
|
|
||||||
muc_room_locking = false
|
|
||||||
muc_room_default_public_jids = true
|
|
||||||
modules_enabled = {
|
|
||||||
"muc_rate_limit";
|
|
||||||
"polls";
|
|
||||||
}
|
|
||||||
|
|
||||||
-- Enables dial-in for Jitsi meet components customers
|
|
||||||
-- Note: make sure you have the following packages installed: lua-basexx, liblua5.3-dev, libssl-dev, luarocks
|
|
||||||
-- and execute $ sudo luarocks install luajwtjitsi 3.0-0
|
|
||||||
VirtualHost "jigasi.meet.jitsi"
|
|
||||||
enabled = false -- Jitsi meet components customers remove this line
|
|
||||||
modules_enabled = {
|
|
||||||
"ping";
|
|
||||||
"bosh";
|
|
||||||
}
|
|
||||||
authentication = "token"
|
|
||||||
app_id = "jitsi";
|
|
||||||
asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
|
|
||||||
asap_accepted_issuers = { "jaas-components" }
|
|
||||||
asap_accepted_audiences = { "jigasi.jitmeet.example.com" }
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue