* changelog: add changelog

* quick_jibri_installer.sh: increase support to 22.04
fix key aggregation and remove deprecated letsencrypt ppa

* etherpad-docker.sh: fix key aggregation and variable collection.

* grafana.sh: fix gpg key aggregation

* jm-bm.sh: tweak sed

* jra_nextcloud.sh: fix key aggregation and variable collection.

* jra_nextcloud.sh: fix add gpg key function and add install available version package

* jra_nextcloud.sh: small fix for install_aval_package function
This commit is contained in:
Luis Guzman 2023-02-22 05:56:20 -06:00 committed by GitHub
parent 1bfa6b90a2
commit 5a143d4c25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 56 additions and 66 deletions

View File

@ -45,7 +45,7 @@ fi
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
PSGVER="$(apt-cache madison postgresql|awk -F'[ +]' 'NR==1{print $3}')" PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')"
ETHERPAD_DB_USER="dockerpad" ETHERPAD_DB_USER="dockerpad"
ETHERPAD_DB_NAME="etherpad" ETHERPAD_DB_NAME="etherpad"
ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
@ -56,7 +56,8 @@ if [ "$DOCKER_CE_REPO" = "stable" ]; then
echo "Docker repository already installed" echo "Docker repository already installed"
else else
echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker-ce.list echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker-ce.list
wget -qO - https://download.docker.com/linux/ubuntu/gpg | apt-key add - wget -qO - https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg >/dev/null
apt -q2 update apt -q2 update
fi fi

View File

@ -60,15 +60,16 @@ apt-get install -y gnupg2 \
echo " echo "
# Setup InfluxDB Packages # Setup InfluxDB Packages
" "
wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - curl -s https://repos.influxdata.com/influxdata-archive.key > /etc/apt/trusted.gpg.d/influxdata-archive.key
echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
apt-get update && apt-get install influxdb -y apt-get update && apt-get install influxdb -y
run_service influxdb run_service influxdb
echo " echo "
# Setup Grafana Packages # Setup Grafana Packages
" "
curl -s https://packages.grafana.com/gpg.key | sudo apt-key add - curl -s https://apt.grafana.com/gpg-full.key | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/grafana-full-key.gpg >/dev/null
add-apt-repository "deb https://packages.grafana.com/oss/deb stable main" add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
apt-get update && apt-get install grafana -y apt-get update && apt-get install grafana -y
run_service grafana-server run_service grafana-server
@ -76,8 +77,6 @@ run_service grafana-server
echo " echo "
# Setup Telegraf Packages # Setup Telegraf Packages
" "
wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add -
echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
apt-get update && apt-get install telegraf -y apt-get update && apt-get install telegraf -y
mv /etc/telegraf/telegraf.conf /etc/telegraf/telegraf.conf.original mv /etc/telegraf/telegraf.conf /etc/telegraf/telegraf.conf.original
@ -134,7 +133,7 @@ JITSI_TELEGRAF
run_service telegraf run_service telegraf
echo -n "\n# Setup videobridge options\n" echo -e "\n# Setup videobridge options\n"
echo ' echo '
# extra options to pass to the JVB daemon # extra options to pass to the JVB daemon
JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config

View File

@ -74,7 +74,7 @@ fi
#Customize room title #Customize room title
sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE" sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE"
sed -i "s| powered by the Jitsi Videobridge||g" "$TITLE_FILE" sed -i "s| powered by the Jitsi Videobridge||g" "$TITLE_FILE"
sed -i "/appNotInstalled/ s|{{app}}|$MOVILE_APP_NAME|" /usr/share/jitsi-meet/lang/* sed -i "/appNotInstalled/ s|{{app}}|$MOVILE_APP_NAME|g" /usr/share/jitsi-meet/lang/*
#Custom UI changes #Custom UI changes
if [ -f "$INT_CONF_ETC" ]; then if [ -f "$INT_CONF_ETC" ]; then

View File

@ -41,8 +41,8 @@ exit_if_not_installed jitsi-meet
DISTRO_RELEASE="$(lsb_release -sc)" DISTRO_RELEASE="$(lsb_release -sc)"
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')" PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
PHPVER="7.4" PHPVER="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
PSGVER="$(apt-cache madison postgresql|awk -F'[ +]' 'NR==1{print $3}')" PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')"
PHP_FPM_DIR="/etc/php/$PHPVER/fpm" PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
PHP_INI="$PHP_FPM_DIR/php.ini" PHP_INI="$PHP_FPM_DIR/php.ini"
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf" PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
@ -58,12 +58,33 @@ NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
DIR_RECORD="$(awk -F '"' '/RECORDING/{print$2}' /home/jibri/finalize_recording.sh|awk 'NR==1{print$1}')" DIR_RECORD="$(awk -F '"' '/RECORDING/{print$2}' /home/jibri/finalize_recording.sh|awk 'NR==1{print$1}')"
REDIS_CONF="/etc/redis/redis.conf" REDIS_CONF="/etc/redis/redis.conf"
JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf"
if [ -f $JITSI_MEET_PROXY ];then if [ -f "$JITSI_MEET_PROXY" ];then
PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1)
fi fi
PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
ISO3166_CODE=TBD ISO3166_CODE=TBD
NL="$(printf '\n ')" NL="$(printf '\n ')"
TMP_GPG_REPO="$(mktemp -d)"
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
apt-key del "$1"
mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
}
install_aval_package() {
for i in $1
do
if [ -z "$(apt-cache madison $i 2>/dev/null)" ]; then
echo " > Package $i not available on repo."
else
echo " > Add package $i to the install list"
packages="$packages $i"
fi
done
echo "$packages"
apt-get -y install $packages
packages=""
}
while [[ "$ANS_NCD" != "yes" ]] while [[ "$ANS_NCD" != "yes" ]]
do do
@ -164,15 +185,15 @@ else
apt-get -yq2 install "$1" apt-get -yq2 install "$1"
fi fi
} }
add_php74() { add_php() {
if [ "$PHP_REPO" = "php" ]; then if [ "$PHP_REPO" = "php" ]; then
echo "PHP $PHPVER already installed" echo "PHP $PHPVER already installed"
apt-get -q2 update apt-get -q2 update
apt-get -yq2 dist-upgrade apt-get -yq2 dist-upgrade
else else
echo "# Adding Ondrej PHP $PHPVER PPA Repository" echo "# Adding Ondrej PHP $PHPVER PPA Repository"
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com E5267A6C add_gpg_keyring E5267A6C
echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php7x.list echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php"$PHPVER".list
apt-get update -q2 apt-get update -q2
fi fi
} }
@ -186,8 +207,8 @@ exit_ifinstalled postgresql-"$PSGVER"
install_ifnot postgresql-"$PSGVER" install_ifnot postgresql-"$PSGVER"
# PHP 7.4 # PHP 7.4
add_php74 add_php
apt-get install -y \ install_aval_package " \
imagemagick \ imagemagick \
php"$PHPVER"-fpm \ php"$PHPVER"-fpm \
php"$PHPVER"-bcmath \ php"$PHPVER"-bcmath \
@ -207,7 +228,8 @@ apt-get install -y \
php"$PHPVER"-xmlrpc \ php"$PHPVER"-xmlrpc \
php"$PHPVER"-zip \ php"$PHPVER"-zip \
redis-server \ redis-server \
unzip unzip \
"
#System related #System related
install_ifnot smbclient install_ifnot smbclient

View File

@ -108,8 +108,8 @@ echo "Add Prosody repo"
if [ "$PROSODY_REPO" = "main" ]; then if [ "$PROSODY_REPO" = "main" ]; then
echo "Prosody repository already installed" echo "Prosody repository already installed"
else else
echo "deb http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list echo "deb [signed-by=/etc/apt/trusted.gpg.d/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list
wget -qO - https://prosody.im/files/prosody-debian-packages.key | apt-key add - curl -s https://prosody.im/files/prosody-debian-packages.key > /etc/apt/trusted.gpg.d/prosody-debian-packages.key
fi fi
} }
dpkg-compare() { dpkg-compare() {
@ -150,24 +150,24 @@ if ! [ "$(id -u)" = 0 ]; then
fi fi
printf "\nOS: %s" "$(lsb_release -sd)" printf "\nOS: %s" "$(lsb_release -sd)"
if [ "$DIST" = "bionic" ] || \ if [ "$DIST" = "focal" ] || \
[ "$DIST" = "focal" ]; then [ "$DIST" = "jammy" ]; then
printf "\nGood, this is a supported platform!" printf "\nGood, this is a supported platform!"
else else
printf "\nSorry, this platform is not supported... exiting" printf "\nSorry, this platform is not supported... exiting"
exit exit
fi fi
#Suggest 20.04 LTS release over 18.04 in April 2022 #Suggest 22.04 LTS release over 20.04 in April 2024
TODAY=$(date +%s) TODAY=$(date +%s)
NEXT_LTS_DATE=$(date -d 2022-04-01 +%s) NEXT_LTS_DATE=$(date -d 2024-04-01 +%s)
if [ "$DIST" = "bionic" ]; then if [ "$DIST" = "focal" ]; then
if [ "$TODAY" -gt "$NEXT_LTS_DATE" ]; then if [ "$TODAY" -gt "$NEXT_LTS_DATE" ]; then
echo " > $(lsb_release -sc), even when it's compatible and functional. echo " > $(lsb_release -sc), even when it's compatible and functional.
We suggest to use the next (LTS) release, for longer support and security reasons." We suggest to use the next (LTS) release, for longer support and security reasons."
read -n 1 -s -r -p "Press any key to continue..."$'\n' read -n 1 -s -r -p "Press any key to continue..."$'\n'
else else
echo "Bionic is supported." echo "Focal is supported."
fi fi
fi fi
@ -266,8 +266,8 @@ printf "\nAdd Jitsi repo\n"
if [ "$JITSI_REPO" = "stable" ]; then if [ "$JITSI_REPO" = "stable" ]; then
printf " - Jitsi stable repository already installed\n\n" printf " - Jitsi stable repository already installed\n\n"
else else
echo 'deb http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list echo 'deb [signed-by=/etc/apt/trusted.gpg.d/jitsi-key.gpg.key] http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - curl -s https://download.jitsi.org/jitsi-key.gpg.key > /etc/apt/trusted.gpg.d/jitsi-key.gpg.key
JITSI_REPO="stable" JITSI_REPO="stable"
fi fi
sleep .1 sleep .1
@ -341,7 +341,7 @@ apt-get -y install \
if [ "$LE_SSL" = "yes" ]; then if [ "$LE_SSL" = "yes" ]; then
apt-get -y install \ apt-get -y install \
letsencrypt certbot
if [ "$(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo "# Disable pre-installed ufw, more on firewall see: echo "# Disable pre-installed ufw, more on firewall see:
> https://github.com/switnet-ltd/quick-jibri-installer/wiki/Firewall" > https://github.com/switnet-ltd/quick-jibri-installer/wiki/Firewall"
@ -412,7 +412,8 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then
echo "Google repository already set." echo "Google repository already set."
else else
echo "Installing Google Chrome Stable" echo "Installing Google Chrome Stable"
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - curl -s https://dl.google.com/linux/linux_signing_key.pub | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/google-chrome-key.gpg >/dev/null
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO"
fi fi
apt-get -q2 update apt-get -q2 update
@ -470,8 +471,6 @@ LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
MOD_LISTU="https://prosody.im/files/mod_listusers.lua" MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua" MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua"
ENABLE_SA="yes" ENABLE_SA="yes"
CERTBOT_REPO="$(apt-cache policy | awk '/certbot/{print$2}' | awk -F '/' 'NR==1{print$4}')"
CERTBOT_REL_FILE="http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/$(lsb_release -sc)/Release"
GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release" GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release"
MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
MJS_USER="jbsync_$MJS_RAND_TAIL" MJS_USER="jbsync_$MJS_RAND_TAIL"
@ -686,7 +685,7 @@ INT_CONF_ETC="/etc/jitsi/meet/$DOMAIN-interface_config.js"
ssl_wa() { ssl_wa() {
if [ "$LE_SSL" = "yes" ]; then if [ "$LE_SSL" = "yes" ]; then
systemctl stop "$1" systemctl stop "$1"
letsencrypt certonly --standalone --renew-by-default --agree-tos --email "$5" -d "$6" certbot certonly --standalone --renew-by-default --agree-tos --email "$5" -d "$6"
sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" "$4" sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" "$4"
sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" "$4" sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" "$4"
systemctl restart "$1" systemctl restart "$1"
@ -700,35 +699,6 @@ if [ "$LE_SSL" = "yes" ]; then
fi fi
} }
enable_letsencrypt() {
if [ "$LE_SSL" = "yes" ]; then
echo '
#--------------------------------------------------
# Starting LetsEncrypt configuration
#--------------------------------------------------
'
#Disabled 'til fixed upstream
#bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
echo "#Set and upgrade certbot PPA if posssible..."
if [ "$CERTBOT_REPO" = "certbot" ]; then
printf "\nCertbot repository already on the system!\nChecking for updates...\n"
apt-get -q2 update
apt-get -yq2 dist-upgrade
elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$CERTBOT_REL_FILE" )" == "200" ]; then
printf "\nAdding cerbot (formerly letsencrypt) PPA repository for latest updates\n"
echo "deb http://ppa.launchpad.net/certbot/certbot/ubuntu $DIST main" > /etc/apt/sources.list.d/certbot.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 75BCA694
apt-get -q2 update
apt-get -yq2 dist-upgrade
elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$CERTBOT_REL_FILE" )" == "404" ]; then
printf "\nCertbot PPA is not available for %s just yet, it won't be installed...\n" "$(lsb_release -sc)"
fi
else
echo "SSL setup will be skipped."
fi
}
check_jibri() { check_jibri() {
if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ] if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
then then
@ -1194,8 +1164,6 @@ if [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then
chmod -R 770 "$DIR_RECORD" chmod -R 770 "$DIR_RECORD"
fi fi
enable_letsencrypt
# Fix prosody not able to read SSL Certs # Fix prosody not able to read SSL Certs
chown -R root:prosody /etc/prosody/certs/ chown -R root:prosody /etc/prosody/certs/
chmod -R 650 /etc/prosody/certs/ chmod -R 650 /etc/prosody/certs/