[__jitsi_meet] Unconfuse jitsi-version and secured domains
Closes #14 by committing to keeping the package up to date as promptly as possible; else weird things happen and there are no real good solutions for this. E.g. we have seen in the past that due to security issues, a jitsi dependency needs to be upgraded, but some package that jitsi-meet depends upon also has an upper limit on that package's version. A note was added to the manpage in order make it explicit that maintenance of this type can be sponsored to ensure its proper functioning. Closes #15 by using `__file`. This will also allow us to have more control over jicofo's settings, which might be important when we start doing recordings. Sponsored by: lafede.cat
This commit is contained in:
parent
af04f7464b
commit
fa37ede84f
6 changed files with 67 additions and 29 deletions
34
type/__jitsi_meet/files/jicofo.conf.sh
Executable file
34
type/__jitsi_meet/files/jicofo.conf.sh
Executable file
|
@ -0,0 +1,34 @@
|
|||
#!/bin/sh -eu
|
||||
|
||||
# Start
|
||||
cat <<EOF
|
||||
# Managed remotely, changes will be lost
|
||||
|
||||
# Jicofo HOCON configuration. See /usr/share/jicofo/jicofo.jar/reference.conf for
|
||||
#available options, syntax, and default values.
|
||||
jicofo {
|
||||
xmpp: {
|
||||
client: {
|
||||
client-proxy: focus.${JITSI_HOST:?}
|
||||
}
|
||||
trusted-domains: [ "recorder.${JITSI_HOST:?}" ]
|
||||
}
|
||||
bridge: {
|
||||
brewery-jid: "JvbBrewery@internal.auth.${JITSI_HOST:?}"
|
||||
}
|
||||
EOF
|
||||
|
||||
# Secured domains if needed
|
||||
if [ "${SECURED_DOMAINS_STATE:?}" = "present" ]; then
|
||||
cat <<EOF
|
||||
|
||||
authentication: {
|
||||
enabled: true
|
||||
type: XMPP
|
||||
login-url: ${JITSI_HOST:?}
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
|
||||
# End
|
||||
echo '}'
|
|
@ -5,7 +5,7 @@ if grep -qE "^__file/etc/nginx" "${__messages_in}"; then
|
|||
fi
|
||||
|
||||
JITSI_HOST="${__object_id}"
|
||||
if grep -qE "^(__line/jitsi_jicofo_secured_domains|__file/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua)" "${__messages_in}"; then
|
||||
if grep -qE "^(__line/jitsi_jicofo_secured_domains|__file/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua|__file/etc/jitsi/jicofo/jicofo.conf)" "${__messages_in}"; then
|
||||
echo "systemctl restart prosody"
|
||||
echo "systemctl restart jicofo"
|
||||
echo "systemctl restart jitsi-videobridge2"
|
||||
|
|
|
@ -28,6 +28,15 @@ You should apply your own rules here.
|
|||
|
||||
This type only works on De{bi,vu}an systems.
|
||||
|
||||
It is very important for this type to stay up to date with the software, as
|
||||
otherwise new deployments or maintenance of existing instances might be
|
||||
negatively affected.
|
||||
If you can, please contribute updates to `__jitsi_meet` and
|
||||
`__jitsi_meet_domain` promptly and regularly.
|
||||
Alternatively, you can help finance that work; get in touch with the type
|
||||
authors for that (see below).
|
||||
|
||||
|
||||
NOTE: This type currently does not deal with setting up coturn.
|
||||
For that, you might want to check `__coturn` in
|
||||
https://code.ungleich.ch/ungleich-public/cdist-contrib
|
||||
|
@ -43,11 +52,6 @@ turn-server
|
|||
The hostname of the TURN server.
|
||||
This will assume that it is listening with TLS on port 443.
|
||||
|
||||
jitsi-version
|
||||
The jitsi-meet version of the Debian package to be installed.
|
||||
While this can be specified, only the default value is known to work
|
||||
properly with this type.
|
||||
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
|
@ -70,7 +74,7 @@ EXAMPLES
|
|||
|
||||
.. code-block:: sh
|
||||
|
||||
# Setup the firewall
|
||||
# Setup the firewall
|
||||
. "${__global}/type/__jitsi_meet/files/ufw"
|
||||
export require="__ufw"
|
||||
# Setup Jitsi on this host
|
||||
|
@ -92,4 +96,4 @@ Evilham <contact@evilham.com>
|
|||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2021 Evilham.
|
||||
Copyright \(C) 2022 Evilham.
|
||||
|
|
|
@ -13,8 +13,13 @@ esac
|
|||
|
||||
|
||||
JITSI_HOST="${__target_host}"
|
||||
# Currently unused, see below
|
||||
# JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
|
||||
if [ -f "${__object}/parameter/jitsi-version" ]; then
|
||||
# This has been deprecated and will be removed 'soon'
|
||||
JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
|
||||
else
|
||||
# Note this won't be a parameter anymore, we won't let users stay behind
|
||||
JITSI_VERSION="$(cat "${__type}/files/jitsi-version")"
|
||||
fi
|
||||
TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
|
||||
TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"
|
||||
|
||||
|
@ -55,11 +60,12 @@ __debconf_set_selections jitsi_meet --line "${DEBCONF_SETTINGS}"
|
|||
export require="${require} __debconf_set_selections/jitsi_meet"
|
||||
|
||||
# Install and upgrade packages as needed
|
||||
__package_apt jitsi-meet
|
||||
# We are not doing version pinning anymore because it breaks when
|
||||
# the version is not the latest.
|
||||
# This happens because dependencies cannot be properly resolved.
|
||||
# --version "${JITSI_VERSION}"
|
||||
# NOTE: we are doing version pinning again, but it breaks sometimes when
|
||||
# the version is not the latest.
|
||||
# This happens because dependencies might not be properly resolved.
|
||||
# To avoid this, this type must be maintained up to date.
|
||||
# If we don't use this, keeping Jitsi's up to date is very difficult.
|
||||
__package_apt jitsi-meet --version "${JITSI_VERSION}"
|
||||
|
||||
# Proceed only after installation/upgrade has finished
|
||||
export require="__package_apt/jitsi-meet"
|
||||
|
@ -151,10 +157,8 @@ EOF
|
|||
|
||||
if [ -f "${__object}/parameter/secured-domains" ]; then
|
||||
SECURED_DOMAINS_STATE='present'
|
||||
SECURED_DOMAINS_STATE_JICOFO='present'
|
||||
else
|
||||
SECURED_DOMAINS_STATE='absent'
|
||||
SECURED_DOMAINS_STATE_JICOFO='absent'
|
||||
fi
|
||||
|
||||
__file "/etc/prosody/conf.d/${JITSI_HOST}.zauth.cfg.lua" \
|
||||
|
@ -169,18 +173,10 @@ VirtualHost "guest.${JITSI_HOST}"
|
|||
c2s_require_encryption = false
|
||||
EOF
|
||||
|
||||
__block jitsi_jicofo_secured_domains \
|
||||
--prefix "// begin cdist: jicofo_secured_domains" \
|
||||
--suffix "// end cdist: jicofo_secured_domains" \
|
||||
--file /etc/jitsi/jicofo/jicofo.conf \
|
||||
--state "${SECURED_DOMAINS_STATE_JICOFO}" \
|
||||
--text '-' <<EOF
|
||||
authentication: {
|
||||
enabled: true
|
||||
type: XMPP
|
||||
login-url: ${JITSI_HOST}
|
||||
}
|
||||
EOF
|
||||
export SECURED_DOMAINS_STATE
|
||||
export JITSI_HOST
|
||||
"${__type}/files/jicofo.conf.sh" | \
|
||||
__file /etc/jitsi/jicofo/jicofo.conf --mode 0444 --source '-'
|
||||
|
||||
# These two should be changed on new release
|
||||
PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.5"
|
||||
|
|
4
type/__jitsi_meet/parameter/deprecated/jitsi-version
Normal file
4
type/__jitsi_meet/parameter/deprecated/jitsi-version
Normal file
|
@ -0,0 +1,4 @@
|
|||
Supporting different versions lead to strange issues in the life-time of a
|
||||
Jitsi instance. Chiefly: difficulties upgrading.
|
||||
|
||||
If you are specifying this for a valid reason, please get in touch.
|
Loading…
Reference in a new issue