From aa15e59a05c6c9a19f4105ebeaae0f5479731225 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Fri, 20 May 2022 20:07:02 -0500 Subject: [PATCH] 7.0 (#80) * Major rework, comply with shellcheck ## Add * Add experimental tool for AWS grub setup. ## Fix * Fix grafana configuration * Actually apply changes to nginx conf instead of symlink. * Actually require to run with admin rights. * Improve comments. * Rename and fix set_once function. * Fix jibri domain. ## Improve * Comply mode section with shellcheck recommendations. * Comply tools section with shellcheck recommendations. * Comply main scripts with shellcheck recommendations. * Improve shell quality * Change JDK version to 11 * Make warning visible. * Change email position, and small fixes * Several indenting changes * Set warning instead of "note". * Yet again more fixes on echo and printf * Standarize jra_nextcloud * Add comment on debconf state * Update SwITNet copyright and standarize debug option for scripts. ## Remove * Rename deprecated scripts folder * Remove old * Remove unused code * Finally remove jigasi deprecated script. --- README.md | 2 +- add-jibri-node.sh | 120 ++--- add-jvb2-node.sh | 51 +-- {old => deprecated}/jigasi.sh | 90 ++-- etherpad-docker.sh | 49 +- grafana.sh | 48 +- jitsi-updater.sh | 112 +++-- jm-bm.sh | 26 +- jra_nextcloud.sh | 265 ++++++----- mode/chp-mode.sh | 247 ++++++----- mode/grid/selenium-grid-docker.sh | 36 +- mode/jms-stu.sh | 58 +-- mode/jwt.sh | 55 ++- quick_jibri_installer.sh | 688 ++++++++++++++--------------- tools/aws-grub-setup.sh | 51 ++- tools/fail2ban_ssh.sh | 10 +- tools/jibri-conf-upgrade.sh | 72 +-- tools/jibri-resolution-enhancer.sh | 46 +- tools/start-over.sh | 36 +- tools/test-jibri-env.sh | 67 ++- 20 files changed, 1078 insertions(+), 1051 deletions(-) rename {old => deprecated}/jigasi.sh (81%) diff --git a/README.md b/README.md index 5a041c3..41af906 100644 --- a/README.md +++ b/README.md @@ -119,4 +119,4 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. -SwITNet Ltd © - 2021, https://switnet.net/ +SwITNet Ltd © - 2022, https://switnet.net/ diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 6d72e56..6ae2fc5 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -1,26 +1,19 @@ #!/bin/bash # Jibri Node Aggregator -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GPLv3 or later. ### 0_LAST EDITION TIME STAMP ### # LETS: AUTOMATED_EDITION_TIME ### 1_LAST EDITION ### -#Make sure the file name is the required one -if [ ! "$(basename $0)" = "add-jibri-node.sh" ]; then - echo "For most cases naming won't matter, for this one it does." - echo "Please use the original name for this script: \`add-jibri-node.sh', and run again." - exit -fi - while getopts m: option do - case "${option}" - in - m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./add_jibri_node.sh [-m debug]" && exit;; - esac + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac done #DEBUG @@ -28,6 +21,13 @@ if [ "$MODE" = "debug" ]; then set -x fi +#Make sure the file name is the required one +if [ ! "$(basename "$0")" = "add-jibri-node.sh" ]; then + echo "For most cases naming won't matter, for this one it does." + echo "Please use the original name for this script: \`add-jibri-node.sh', and run again." + exit +fi + #Check admin rights if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" @@ -55,7 +55,7 @@ CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" -PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" +#PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}" NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" @@ -68,7 +68,7 @@ JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" # sed limiters for add-jibri-node.sh variables var_dlim() { - grep -n $1 add-jibri-node.sh|head -n1|cut -d ":" -f1 + grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1 } check_var() { @@ -89,19 +89,19 @@ echo " # Checking initial necessary variables... #-----------------------------------------------------------------------" -JMS_DATA=($MAIN_SRV_DIST \ - $MAIN_SRV_REPO \ - $MAIN_SRV_DOMAIN \ - $JibriBrewery \ - $JB_NAME \ - $JB_AUTH_PASS \ - $JB_REC_PASS \ - $MJS_USER \ - $MJS_USER_PASS \ - $JIBRI_RES_CONF \ - $JIBRI_RES_XORG_CONF) +JMS_DATA=("$MAIN_SRV_DIST" \ + "$MAIN_SRV_REPO" \ + "$MAIN_SRV_DOMAIN" \ + "$JibriBrewery" \ + "$JB_NAME" \ + "$JB_AUTH_PASS" \ + "$JB_REC_PASS" \ + "$MJS_USER" \ + "$MJS_USER_PASS" \ + "$JIBRI_RES_CONF" \ + "$JIBRI_RES_XORG_CONF") -JMS_EVAL=${JMS_DATA[0]} +JMS_EVAL="${JMS_DATA[0]}" for i in "${JMS_DATA[@]}"; do if [[ "$JMS_EVAL" != "$i" ]]; then ALL_TBD="no" @@ -152,7 +152,7 @@ else fi ### Test RAM size (8GB min) ### mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') -if [ ${mem_available} -lt 7700000 ]; then +if [ "${mem_available}" -lt 7700000 ]; then echo " Warning!: The system do not meet the minimum RAM requirements for Jibri to run. >> We recommend 8GB RAM for Jibri! @@ -190,7 +190,7 @@ sed -i "1i 127.0.0.1 jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts # Jitsi-Meet Repo echo "Add Jitsi repo" if [ -z "$JITSI_REPO" ]; then - echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-$MAIN_SRV_REPO.list + echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-"$MAIN_SRV_REPO".list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then echo "Main and node servers repository don't match, extiting.." @@ -235,7 +235,7 @@ else # Your audio driver might not be able to load. # We'll check the state of this Jibri with our 'test-jibri-env.sh' tool. #-----------------------------------------------------------------------" -curl -s $TEST_JIBRI_ENV > /tmp/test-jibri-env.sh +curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh #Test tool if [ "$MODE" = "debug" ]; then bash /tmp/test-jibri-env.sh -m debug @@ -248,14 +248,14 @@ fi } echo "# Check and Install HWE kernel if possible..." -HWE_VIR_MOD=$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)") +HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")" if [ "$HWE_VIR_MOD" = "1" ]; then apt-get -y install \ - linux-image-generic-hwe-$(lsb_release -sr) + linux-image-generic-hwe-"$(lsb_release -sr)" else apt-get -y install \ linux-image-generic \ - linux-modules-extra-$(uname -r) + linux-modules-extra-"$(uname -r)" fi echo " @@ -273,7 +273,7 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then else echo "Installing Google Chrome Stable" wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - - echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO + echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" fi apt-get -q2 update apt-get install -y google-chrome-stable @@ -283,7 +283,7 @@ if [ -f /usr/local/bin/chromedriver ]; then echo "Chromedriver already installed." else echo "Installing Chromedriver" - wget -q https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip + wget -q https://chromedriver.storage.googleapis.com/"$CHD_VER"/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/ chown root:root /usr/local/bin/chromedriver chmod 0755 /usr/local/bin/chromedriver @@ -305,18 +305,18 @@ echo " Remove Chrome warning... " mkdir -p /etc/opt/chrome/policies/managed -echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON +echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON" # Recording directory -if [ ! -d $DIR_RECORD ]; then -mkdir $DIR_RECORD +if [ ! -d "$DIR_RECORD" ]; then +mkdir "$DIR_RECORD" fi -chown -R jibri:jibri $DIR_RECORD +chown -R jibri:jibri "$DIR_RECORD" -cat << REC_DIR > $REC_DIR +cat << REC_DIR > "$REC_DIR" #!/bin/bash -RECORDINGS_DIR=$DIR_RECORD +RECORDINGS_DIR="$DIR_RECORD" echo "This is a dummy finalize script" > /tmp/finalize.out echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out @@ -341,12 +341,12 @@ fi exit 0 REC_DIR -chown jibri:jibri $REC_DIR -chmod +x $REC_DIR +chown jibri:jibri "$REC_DIR" +chmod +x "$REC_DIR" ## New Jibri Config (2020) -mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file -cat << NEW_CONF > $JIBRI_CONF +mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file +cat << NEW_CONF > "$JIBRI_CONF" // New XMPP environment config. jibri { streaming { @@ -459,25 +459,25 @@ jibri { NEW_CONF #Jibri xorg resolution -sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" $JIBRI_XORG_CONF +sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF" echo -e "\n---- Create random nodesync user ----" -useradd -m -g jibri $NJN_USER +useradd -m -g jibri "$NJN_USER" echo "$NJN_USER:$NJN_USER_PASS" | chpasswd echo -e "\n---- We'll connect to main server ----" read -n 1 -s -r -p "Press any key to continue..."$'\n' -sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +sudo su "$NJN_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" #Workaround for jibri to do cleaning. -install -m 0600 -o jibri /home/$NJN_USER/.ssh/id_rsa /home/jibri/jbsync.pem +install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_rsa /home/jibri/jbsync.pem sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts" sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n" -ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts -ssh $MJS_USER@$MAIN_SRV_DOMAIN sh -c "'cat >> .ssh/authorized_keys'" < /home/$NJN_USER/.ssh/id_rsa.pub -sudo su $NJN_USER -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" +ssh-keyscan -t rsa "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts +ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub +sudo su "$NJN_USER" -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" echo -e "\n---- Setup Log system ----" cat << INOT_RSYNC > /etc/jitsi/jibri/remote-jbsync.sh @@ -486,21 +486,21 @@ cat << INOT_RSYNC > /etc/jitsi/jibri/remote-jbsync.sh # Log process exec 3>&1 4>&2 trap 'exec 2>&4 1>&3' 0 1 2 3 -exec 1>/var/log/$NJN_USER/remote_jnsync.log 2>&1 +exec 1>/var/log/"$NJN_USER"/remote_jnsync.log 2>&1 # Run sync while true; do - inotifywait -t 60 -r -e modify,attrib,close_write,move,delete $DIR_RECORD - sudo su $NJN_USER -c "rsync -Aax --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD" - find $DIR_RECORD -depth -type d -empty -not -path $DIR_RECORD -delete + inotifywait -t 60 -r -e modify,attrib,close_write,move,delete "$DIR_RECORD" + sudo su "$NJN_USER" -c "rsync -Aax --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD" + find "$DIR_RECORD" -depth -type d -empty -not -path "$DIR_RECORD" -delete done INOT_RSYNC -mkdir /var/log/$NJN_USER +mkdir /var/log/"$NJN_USER" -cat << LOG_ROT > /etc/logrotate.d/$NJN_USER -/var/log/$NJN_USER/*.log { +cat << LOG_ROT > /etc/logrotate.d/"$NJN_USER" +/var/log/"$NJN_USER"/*.log { monthly missingok rotate 12 @@ -561,7 +561,7 @@ echo " echo "Make sure to reboot, it's necessary before *any* usage. Rebooting in..." secs=$((15)) -while [ $secs -gt 0 ]; do +while [ "$secs" -gt 0 ]; do echo -ne "$secs\033[0K\r" sleep 1 : $((secs--)) diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index 34fdb46..d94ab67 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -1,26 +1,19 @@ #!/bin/bash # JVB2 Node Aggregator -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GPLv3 or later. ### 0_LAST EDITION TIME STAMP ### # LETS: AUTOMATED_EDITION_TIME ### 1_LAST EDITION ### -#Make sure the file name is the required one -if [ ! "$(basename $0)" = "add-jvb2-node.sh" ]; then - echo "For most cases naming won't matter, for this one it does." - echo "Please use the original name for this script: \`add-jvb2-node.sh', and run again." - exit -fi - while getopts m: option do - case "${option}" - in - m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./add-jvb2-node.sh [-m debug]" && exit;; - esac + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac done #DEBUG @@ -28,6 +21,14 @@ if [ "$MODE" = "debug" ]; then set -x fi +#Make sure the file name is the required one +if [ ! "$(basename "$0")" = "add-jvb2-node.sh" ]; then + echo "For most cases naming won't matter, for this one it does." + echo "Please use the original name for this script: \`add-jvb2-node.sh', and run again." + exit +fi + + #Check admin rights if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" @@ -53,10 +54,10 @@ SHARD_DOMAIN=TBD SHARD_PASS=TBD MUC_JID=TBD -MJS_USER=TBD -MJS_USER_PASS=TBD -START=0 -LAST=TBD +#MJS_USER=TBD +#MJS_USER_PASS=TBD +#START=0 +#LAST=TBD THIS_SRV_DIST=$(lsb_release -sc) JITSI_REPO=$(apt-cache policy | awk '/jitsi/&&/stable/{print$3}' | awk -F / 'NR==1{print$1}') @@ -71,7 +72,7 @@ SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)" # sed limiters for add-jvb2-node.sh variables var_dlim() { - grep -n $1 add-jvb2-node.sh|head -n1|cut -d ":" -f1 + grep -n "$1" add-jvb2-node.sh|head -n1|cut -d ":" -f1 } check_var() { @@ -105,7 +106,7 @@ else fi ### Test RAM size (8GB min) ### mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') -if [ ${mem_available} -lt 7700000 ]; then +if [ "${mem_available}" -lt 7700000 ]; then echo " Warning!: The system do not meet the CPU recomendations for a JVB node for heavy loads. >> We recommend 8GB RAM or above for JVB2! @@ -141,7 +142,7 @@ echo " #-----------------------------------------------------------------------" check_var JVB_HOSTNNAME "$JVB_HOSTNAME" -if [ -z $JVB_HOST ]; then +if [ -z "$JVB_HOST" ]; then echo "JVB_HOST is empty, but it may be ok for it to be empty, skipping empty test." else check_var JVB_HOST "$JVB_HOST" @@ -166,7 +167,7 @@ sed -i "1i 127.0.0.1 jvb_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts # Jitsi-Meet Repo echo "Add Jitsi repo" if [ -z "$JITSI_REPO" ]; then - echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-$MAIN_SRV_REPO.list + echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-"$MAIN_SRV_REPO".list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then echo "Main and node servers repository don't match, extiting.." @@ -193,14 +194,14 @@ apt-get -y install \ wget echo "# Check and Install HWE kernel if possible..." -HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe") +HWE_VIR_MOD="$(apt-cache madison linux-modules-extra-virtual-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c "extra-virtual-hwe")" if [ "$HWE_VIR_MOD" == "1" ]; then apt-get -y install \ - linux-image-generic-hwe-$(lsb_release -sr) \ - linux-modules-extra-virtual-hwe-$(lsb_release -sr) + linux-image-generic-hwe-"$(lsb_release -sr)" \ + linux-modules-extra-virtual-hwe-"$(lsb_release -sr)" else apt-get -y install \ - linux-modules-extra-$(uname -r) + linux-modules-extra-"$(uname -r)" fi echo " diff --git a/old/jigasi.sh b/deprecated/jigasi.sh similarity index 81% rename from old/jigasi.sh rename to deprecated/jigasi.sh index ee43517..ed5d7b1 100644 --- a/old/jigasi.sh +++ b/deprecated/jigasi.sh @@ -9,7 +9,7 @@ ####################################################### #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -22,17 +22,17 @@ echo ' by Software, IT & Networks Ltd ' -JIGASI_CONFIG=/etc/jitsi/jigasi/config -GC_API_JSON=/opt/gc-sdk/GCTranscriptAPI.json -DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') -MEET_CONF=/etc/jitsi/meet/${DOMAIN}-config.js -JIG_SIP_CONF=/etc/jitsi/jigasi/config -JIG_SIP_PROP=/etc/jitsi/jigasi/sip-communicator.properties -JIC_SIP_PROP=/etc/jitsi/jicofo/sip-communicator.properties +JIGASI_CONFIG="/etc/jitsi/jigasi/config" +GC_API_JSON="/opt/gc-sdk/GCTranscriptAPI.json" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" +MEET_CONF="/etc/jitsi/meet/${DOMAIN}-config.js" +JIG_SIP_CONF="/etc/jitsi/jigasi/config" +JIG_SIP_PROP="/etc/jitsi/jigasi/sip-communicator.properties" +JIC_SIP_PROP="/etc/jitsi/jicofo/sip-communicator.properties" JIG_TRANSC_PASWD="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 8 | head -n1)" JIG_TRANSC_PASWD_B64="$(echo -n "$JIG_TRANSC_PASWD" | base64)" -DIST=$(lsb_release -sc) -CHECK_GC_REPO=$(apt-cache policy | grep http | grep cloud-sdk | head -n1 | awk '{print $3}' | awk -F '/' '{print $1}') +DIST="$(lsb_release -sc)" +CHECK_GC_REPO="$(apt-cache policy | grep http | grep cloud-sdk | head -n1 | awk '{print $3}' | awk -F '/' '{print $1}')" install_gc_repo() { if [ "$CHECK_GC_REPO" = "cloud-sdk-$DIST" ]; then @@ -66,7 +66,7 @@ do fi done -if [ $SETUP_TYPE = 1 ]; then +if [ "$SETUP_TYPE" = 1 ]; then ### Start of new project configuration - Google SDK #Setup option 1 - Google Cloud SDK echo "Once logged on Google Cloud SDK, please create a new project (last option)." @@ -79,14 +79,14 @@ gcloud auth application-default login # Start Google Cloud Configuration - Application Service GC_MEMBER=transcript echo "Checking if project exist..." -PROJECT_GC_ID=$(gcloud projects list | grep $GC_PROJECT_NAME | awk '{print$3}') -while [ -z $PROJECT_GC_ID ] +PROJECT_GC_ID="$(gcloud projects list | grep "$GC_PROJECT_NAME" | awk '{print$3}')" +while [ -z "$PROJECT_GC_ID" ] do read -p "Enter the project name you just created for Jigasi Speech-to-Text"$'\n' -r GC_PROJECT_NAME -if [ -z PROJECT_GC_ID ]; then +if [ -z "$PROJECT_GC_ID" ]; then echo "Please check your project name," echo "There is no project listed with the provided name: $GC_PROJECT_NAME" - PROJECT_GC_ID=$(gcloud projects list | grep $GC_PROJECT_NAME | awk '{print$3}') + PROJECT_GC_ID="$(gcloud projects list | grep "$GC_PROJECT_NAME" | awk '{print$3}')" fi done echo "Your $GC_PROJECT_NAME ID's project is: $PROJECT_GC_ID" @@ -102,18 +102,18 @@ do CHECK_BILLING="$(gcloud services enable speech.googleapis.com 2>/dev/null)" if [[ $? -eq 1 ]]; then echo "Seems you haven't enabled billing for this project: $GC_PROJECT_NAME" - exho " For that go to: https://console.developers.google.com/project/$PROJECT_GC_ID/settings + echo " For that go to: https://console.developers.google.com/project/$PROJECT_GC_ID/settings " - read -p "Press Enter to continue" + read -rp "Press Enter to continue" CHECK_BILLING="$(gcloud services enable speech.googleapis.com 2>/dev/null)" fi done echo "Billing account seems setup, continuing..." -gcloud iam service-accounts create $GC_MEMBER +gcloud iam service-accounts create "$GC_MEMBER" -gcloud projects add-iam-policy-binding $GC_PROJECT_NAME \ - --member serviceAccount:$GC_MEMBER@$GC_PROJECT_NAME.iam.gserviceaccount.com \ +gcloud projects add-iam-policy-binding "$GC_PROJECT_NAME" \ + --member serviceAccount:"$GC_MEMBER"@"$GC_PROJECT_NAME".iam.gserviceaccount.com \ --role roles/editor echo "Setup credentials:" @@ -133,7 +133,7 @@ fi echo "Setting up JSON key file..." sleep 2 mkdir /opt/gc-sdk/ -cat << KEY_JSON > $GC_API_JSON +cat << KEY_JSON > "$GC_API_JSON" # # Paste below this comment your GC JSON key for the service account: # $GC_MEMBER@$GC_PROJECT_NAME.iam.gserviceaccount.com @@ -143,11 +143,11 @@ cat << KEY_JSON > $GC_API_JSON # These comment lines will be deleted afterwards. # KEY_JSON -chmod 644 $GC_API_JSON -nano $GC_API_JSON -sed -i '/^#/d' $GC_API_JSON +chmod 644 "$GC_API_JSON" +nano "$GC_API_JSON" +sed -i '/^#/d' "$GC_API_JSON" -CHECK_JSON_KEY="$(cat $GC_API_JSON | python -m json.tool 2>/dev/null)" +CHECK_JSON_KEY="$(cat "$GC_API_JSON" | python -m json.tool 2>/dev/null)" while [[ $? -eq 1 ]] do CHECK_JSON_KEY="$(cat $GC_API_JSON | python -m json.tool 2>/dev/null)" @@ -169,7 +169,7 @@ echo "Installing Jigasi, your SIP credentials will be asked. (mandatory)" apt-get -y install jigasi #apt-mark hold jigasi -cat << JIGASI_CONF >> $JIGASI_CONFIG +cat << JIGASI_CONF >> "$JIGASI_CONFIG" GOOGLE_APPLICATION_CREDENTIALS=$GC_API_JSON @@ -179,24 +179,24 @@ echo "Your Google Cloud credentials are at $GC_API_JSON" echo "Setting up Jigasi transcript with current platform..." #Connect callcontrol -sed -i "s|// call_control:|call_control:|" $MEET_CONF -sed -i "s|// transcribingEnabled|transcribingEnabled|" $MEET_CONF -sed -i "/transcribingEnabled/ s|false|true|" $MEET_CONF +sed -i "s|// call_control:|call_control:|" "$MEET_CONF" +sed -i "s|// transcribingEnabled|transcribingEnabled|" "$MEET_CONF" +sed -i "/transcribingEnabled/ s|false|true|" "$MEET_CONF" #siptest2siptest@domain.con #changed from conference to internal.auth from jibri -sed -i "s|siptest|siptest@internal.auth.$DOMAIN|" $JIG_SIP_PROP +sed -i "s|siptest|siptest@internal.auth.$DOMAIN|" "$JIG_SIP_PROP" #Disable component in favor of MUC -if [ $(grep -c nocomponent $JIG_SIP_CONF) != 0 ]; then +if [ "$(grep -c nocomponent "$JIG_SIP_CONF")" != 0 ]; then echo "Jigasi component is already disabled." else echo "Disabling jigasi component in favor of MUC" - sed -i "s|JIGASI_OPTS=.*|JIGASI_OPTS=\"--nocomponent=true\"|" $JIG_SIP_CONF + sed -i "s|JIGASI_OPTS=.*|JIGASI_OPTS=\"--nocomponent=true\"|" "$JIG_SIP_CONF" fi #Setup XMPP -cat << ACC1_XMPP >> $JIG_SIP_PROP +cat << ACC1_XMPP >> "$JIG_SIP_PROP" # XMPP account used for control net.java.sip.communicator.impl.protocol.jabber.acc1=acc1 @@ -265,30 +265,30 @@ org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true ACC1_XMPP #Enable transcription config -sed -i "/ENABLE_TRANSCRIPTION/ s|#||" $JIG_SIP_PROP -sed -i "/ENABLE_TRANSCRIPTION/ s|false|true|" $JIG_SIP_PROP -sed -i "/ENABLE_SIP/ s|#||" $JIG_SIP_PROP -sed -i "/ENABLE_SIP/ s|true|false|" $JIG_SIP_PROP +sed -i "/ENABLE_TRANSCRIPTION/ s|#||" "$JIG_SIP_PROP" +sed -i "/ENABLE_TRANSCRIPTION/ s|false|true|" "$JIG_SIP_PROP" +sed -i "/ENABLE_SIP/ s|#||" "$JIG_SIP_PROP" +sed -i "/ENABLE_SIP/ s|true|false|" "$JIG_SIP_PROP" #Transcript format -sed -i "/SAVE_JSON/ s|# ||" $JIG_SIP_PROP -sed -i "/SEND_JSON/ s|# ||" $JIG_SIP_PROP -sed -i "/SAVE_TXT/ s|# ||" $JIG_SIP_PROP -sed -i "/SEND_TXT/ s|# ||" $JIG_SIP_PROP +sed -i "/SAVE_JSON/ s|# ||" "$JIG_SIP_PROP" +sed -i "/SEND_JSON/ s|# ||" "$JIG_SIP_PROP" +sed -i "/SAVE_TXT/ s|# ||" "$JIG_SIP_PROP" +sed -i "/SEND_TXT/ s|# ||" "$JIG_SIP_PROP" #sed -i "/SEND_TXT/ s|false|true|" $JIG_SIP_PROP #Allow to connect other than same server only. sed -i \ "/xmpp.acc.SERVER_ADDRESS/ s|org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=.*|org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=$DOMAIN|" \ -$JIG_SIP_PROP +"$JIG_SIP_PROP" #Remember to study how to use LE or what's needed #ToDo -sed -i "/ALWAYS_TRUST_MODE_ENABLED/ s|# ||" $JIG_SIP_PROP +sed -i "/ALWAYS_TRUST_MODE_ENABLED/ s|# ||" "$JIG_SIP_PROP" -prosodyctl register jigasi auth.$DOMAIN $JIG_TRANSC_PASWD +prosodyctl register jigasi auth."$DOMAIN" "$JIG_TRANSC_PASWD" #Set Brewery -cat << JIG_JIC >> $JIC_SIP_PROP +cat << JIG_JIC >> "$JIC_SIP_PROP" org.jitsi.jicofo.jigasi.BREWERY=JigasiBreweryRoom@internal.auth.$DOMAIN JIG_JIC diff --git a/etherpad-docker.sh b/etherpad-docker.sh index c9568ff..e78be9c 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -6,11 +6,11 @@ while getopts m: option do - case "${option}" - in - m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./etherpad-docker.sh [-m debug]" && exit;; - esac + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac done #DEBUG @@ -18,7 +18,7 @@ if [ "$MODE" = "debug" ]; then set -x fi -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -35,14 +35,14 @@ check_apt_policy() { apt-cache policy 2>/dev/null| awk "/$1/{print \$3}" | awk -F '/' 'NR==1{print$2}' } install_ifnot() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." else echo -e "\n---- Installing $1 ----" - apt-get -yq2 install $1 + apt-get -yq2 install "$1" fi } -DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" PSGVER="$(apt-cache madison postgresql|awk -F'[ +]' 'NR==1{print $3}')" @@ -65,7 +65,7 @@ read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS # Install required packages install_ifnot docker-ce -install_ifnot postgresql-$PSGVER +install_ifnot postgresql-"$PSGVER" # Create DB echo -e "> Creating postgresql database for container...\n" @@ -100,37 +100,36 @@ fi # Tune webserver for Jitsi App control -if [ $(grep -c "etherpad" $WS_CONF) != 0 ]; then +if [ "$(grep -c etherpad "$WS_CONF")" != 0 ]; then echo "> Webserver seems configured, skipping..." -elif [ -f $WS_CONF ]; then +elif [ -f "$WS_CONF" ]; then echo "> Setting up webserver configuration file..." - sed -i "/# ensure all static content can always be found first/i \ \ \ \ #Etherpad block" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \^\~\ \/etherpad\/ {" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_buffering off;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \\\n" $WS_CONF + sed -i "/# ensure all static content can always be found first/i \ \ \ \ #Etherpad block" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF" else echo "> No etherpad config done to server file, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues" fi # Configure config.js -if [ $(grep -c "etherpad_base" $WS_CONF) != 0 ]; then +if [ "$(grep -c "etherpad_base" "$WS_CONF")" != 0 ]; then echo -e "> $MEET_CONF seems configured, skipping...\n" else echo -e "> Setting etherpad domain at $MEET_CONF...\n" - sed -i "/ openSharedDocumentOnJoin:/a\ \ \ \ etherpad_base: \'https://$DOMAIN/etherpad/p/\'," $MEET_CONF + sed -i "/ openSharedDocumentOnJoin:/a\ \ \ \ etherpad_base: \'https://$DOMAIN/etherpad/p/\'," "$MEET_CONF" fi echo "> Checking nginx configuration..." -nginx -t 2>/dev/null -if [ $? = 0 ]; then +if nginx -t 2>/dev/null ; then echo -e " -- Docker configuration seems fine, enabling it." - systemctl reload nginx +# systemctl reload nginx else echo "Please check your configuration, something may be wrong." echo "Will not try to enable etherpad nginx configuration, please report to: diff --git a/grafana.sh b/grafana.sh index 093b4db..029a9a8 100644 --- a/grafana.sh +++ b/grafana.sh @@ -8,17 +8,17 @@ # by "mephisto" # # Igor Kerstges © - 2021 -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # # GPLv3 or later. while getopts m: option do - case "${option}" - in - m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./grafana.sh [-m debug]" && exit;; - esac + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac done #DEBUG @@ -26,7 +26,7 @@ if [ "$MODE" = "debug" ]; then set -x fi -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -39,14 +39,14 @@ echo ' by Software, IT & Networks Ltd ' run_service() { -systemctl enable $1 -systemctl restart $1 -systemctl status $1 +systemctl enable "$1" +systemctl restart "$1" +systemctl status "$1" } MAIN_TEL="/etc/telegraf/telegraf.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" GRAFANA_INI="/etc/grafana/grafana.ini" -DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" @@ -134,16 +134,14 @@ JITSI_TELEGRAF run_service telegraf -echo " -# Setup videobridge options -" -sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"|" /etc/jitsi/videobridge/config +echo -n "\n# Setup videobridge options\n" +echo ' +# extra options to pass to the JVB daemon +JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties systemctl restart jitsi-videobridge2 -echo " -# Setup Grafana nginx domain -" +echo -e "\n# Setup Grafana nginx domain\n" sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI @@ -162,11 +160,11 @@ while [ $secs -gt 0 ]; do : $((secs--)) done -if [ -f $WS_CONF ]; then - sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \\\n" $WS_CONF +if [ -f "$WS_CONF" ]; then + sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF" systemctl restart nginx else echo "No app configuration done to server file, please report to: @@ -206,8 +204,8 @@ grafana_cred="admin:$GRAFANA_PASS" grafana_datasource="InfluxDB" ds=(11969); for d in "${ds[@]}"; do - echo -n "Processing $d: " - j=$(curl -s -k -u "$grafana_cred" $grafana_host/api/gnet/dashboards/$d | jq .json) + echo "Processing $d: " + j="$(curl -s -k -u "$grafana_cred" "$grafana_host"/api/gnet/dashboards/"$d" | jq .json)" curl -s -k -u "$grafana_cred" -XPOST -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d "{ diff --git a/jitsi-updater.sh b/jitsi-updater.sh index 241ad31..faefc4a 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -1,16 +1,33 @@ #!/bin/bash # Jitsi Meet recurring upgrader and customization keeper # for Debian/*buntu binaries. -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GNU GPLv3 or later. +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + Blue='\e[0;34m' Purple='\e[0;35m' Green='\e[0;32m' Yellow='\e[0;33m' Color_Off='\e[0m' +printwc() { + printf "%b$2%b" "$1" "${Color_Off}" +} #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -23,28 +40,32 @@ support="https://switnet.net/support" apt_repo="/etc/apt/sources.list.d" ENABLE_BLESSM="TBD" CHD_LTST="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" -CHD_LTST_2D="$(echo $CHD_LTST|cut -d "." -f 1,2)" +CHD_LTST_2D="$(echo "$CHD_LTST"|cut -d "." -f 1,2)" CHDB="$(whereis chromedriver | awk '{print$2}')" -DOMAIN="$(ls /etc/prosody/conf.d|awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua | \ + awk -F'.cfg' '!/localhost/{print $1}' | xargs basename)" NC_DOMAIN="TBD" JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" -if [ -f $JITSI_MEET_PROXY ];then -PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) +if [ -f "$JITSI_MEET_PROXY" ];then +PREAD_PROXY="$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1)" fi INT_CONF="/usr/share/jitsi-meet/interface_config.js" INT_CONF_ETC="/etc/jitsi/meet/$DOMAIN-interface_config.js" -jibri_packages="$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages |sort -u|awk '{print $2}'|sed 's|jigasi||')" +read -r -a jibri_packages < <(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages | \ + sort -u | awk '{print $2}' | sed '/jigasi/d' | \ + xargs) AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)" -if [ -f $apt_repo/google-chrome.list ]; then - google_package=$(grep Package /var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages | sort -u | cut -d ' ' -f2) +if [ -f "$apt_repo"/google-chrome.list ]; then +read -r -a google_package < <(grep Package /var/lib/apt/lists/dl.google.com_*_Packages | \ + sort -u | awk '{print $2}' | xargs) else echo "Seems no Google repo installed" fi -if [ -z $CHDB ]; then +if [ -z "$CHDB" ]; then echo "Seems no chromedriver installed" else CHD_VER_LOCAL="$($CHDB -v | awk '{print $2}')" - CHD_VER_2D="$(echo $CHD_VER_LOCAL|awk '{printf "%.1f\n", $NF}')" + CHD_VER_2D="$(echo "$CHD_VER_LOCAL"|awk '{printf "%.1f\n", $NF}')" fi # True if $1 is greater than $2 @@ -72,21 +93,21 @@ restart_services() { update_jitsi_repo() { apt-get update -o Dir::Etc::sourcelist="sources.list.d/jitsi-$1.list" \ -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" - apt-get install -qq --only-upgrade $jibri_packages + apt-get install -q2 --only-upgrade <<< printf "${jibri_packages[@]}" } update_google_repo() { - if [ -f $apt_repo/google-chrome.list ]; then + if [ -f "$apt_repo"/google-chrome.list ]; then apt-get update -o Dir::Etc::sourcelist="sources.list.d/google-chrome.list" \ -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" - apt-get install -qq --only-upgrade $google_package + apt-get install -q2 --only-upgrade <<< printf "${google_package[@]}" else echo "No Google repository found" fi } GOOGL_VER_2D="$(/usr/bin/google-chrome --version|awk '{printf "%.1f\n", $NF}')" upgrade_cd() { -if [ ! -z "$GOOGL_VER_2D" ]; then +if [ -n "$GOOGL_VER_2D" ]; then if version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" ; then echo "Upgrading Chromedriver to Google Chromes version" wget -q https://chromedriver.storage.googleapis.com/"$CHD_LTST"/chromedriver_linux64.zip \ @@ -95,33 +116,38 @@ if [ ! -z "$GOOGL_VER_2D" ]; then chown root:root "$CHDB" chmod 0755 "$CHDB" rm -rf /tpm/chromedriver_linux64.zip - printf "Current version: ${Green} "$($CHDB -v |awk '{print $2}'|awk '{printf "%.1f\n", $NF}')" ${Color_Off} (latest available)\n" + printf "Current version: " + printwc "$Green" "$($CHDB -v |awk '{print $2}'|awk '{printf "%.1f\n", $NF}')" + echo -e " (latest available)\n" elif [ "$GOOGL_VER_2D" = "$CHD_LTST_2D" ]; then echo "No need to upgrade Chromedriver" - printf "Current version: ${Green} $CHD_VER_2D ${Color_Off}\n" + printf "Current version: " + printwc "$Green" "$CHD_VER_2D\n" fi else - printf "${Yellow} -> No Google Chrome versión to match, leaving untouched.${Color_Off}\n" + printwc "${Yellow}" " -> No Google Chrome versión to match, leaving untouched.\n" fi } check_lst_cd() { -printf "${Purple}Checking for the latest Chromedriver${Color_Off}\n" -if [ -f $CHDB ]; then - printf "Current installed Chromedriver: ${Yellow} $CHD_VER_2D ${Color_Off}\n" - printf "Current installed Google Chrome: ${Green} $GOOGL_VER_2D ${Color_Off}\n" +printwc "${Purple}" "Checking for the latest Chromedriver\n" +if [ -f "$CHDB" ]; then + printf "Current installed Chromedriver: " + printwc "${Yellow}" "$CHD_VER_2D\n" + printf "Current installed Google Chrome: " + printwc "${Green}" "$GOOGL_VER_2D\n" upgrade_cd else - printf "${Yellow} -> Seems there is no Chromedriver installed${Color_Off}\n" + printwc "${Yellow}" " -> Seems there is no Chromedriver installed\n" fi } -printf "${Blue}Update & upgrade Jitsi and components${Color_Off}\n" -if [ -f $apt_repo/jitsi-unstable.list ]; then +printwc "${Blue}" "Update & upgrade Jitsi and components\n" +if [ -f "$apt_repo"/jitsi-unstable.list ]; then update_jitsi_repo unstable update_google_repo check_lst_cd -elif [ -f $apt_repo/jitsi-stable.list ]; then +elif [ -f "$apt_repo"/jitsi-stable.list ]; then update_jitsi_repo stable update_google_repo check_lst_cd @@ -144,35 +170,33 @@ if [ -f "$INT_CONF_ETC" ]; then echo "Static interface_config.js exists, skipping modification..." else echo "This setup doesn't have a static interface_config.js, checking changes..." - printf "${Purple}========== Setting Static Avatar ==========${Color_Off}\n" + printwc "${Purple}" "========== Setting Static Avatar ==========\n" if [[ -z "$AVATAR" ]]; then echo "Moving on..." else echo "Setting Static Avatar" - sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'http://$DOMAIN/avatar/\'|" $INT_CONF - sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF + sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'http://$DOMAIN/avatar/\'|" "$INT_CONF" + sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" "$INT_CONF" fi - printf "${Purple}========== Setting Support Link ==========${Color_Off}\n" - if [[ -z $support ]]; then + printwc "${Purple}" "========== Setting Support Link ==========\n" + if [[ -z "$support" ]]; then echo "Moving on..." else echo "Setting Support custom link" - sed -i "s|https://jitsi.org/live|$support|g" $INT_CONF + sed -i "s|https://jitsi.org/live|$support|g" "$INT_CONF" fi - printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n" - sed -i "s|'videobackgroundblur', ||" $INT_CONF + printwc "${Purple}" "========== Disable Blur my background ==========\n" + sed -i "s|'videobackgroundblur', ||" "$INT_CONF" fi if [ "$NC_DOMAIN" != "TBD" ]; then -printf "${Purple}========== Enable $NC_DOMAIN for sync client ==========${Color_Off}\n" +printwc "${Purple}" "========== Enable $NC_DOMAIN for sync client ==========\n" if [ -z "$PREAD_PROXY" ]; then - echo " - Setting up Nextcloud domain on Jitsi Meet turn proxy -" - sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ }" $JITSI_MEET_PROXY + printf "\n Setting up Nextcloud domain on Jitsi Meet turn proxy\n\n" + sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ }" "$JITSI_MEET_PROXY" else echo "$NC_DOMAIN seems to be on place, skipping..." fi @@ -183,6 +207,6 @@ restart_services # Brandless mode # ######################################################################## if [ "$ENABLE_BLESSM" = "on" ]; then - bash $PWD/jm-bm.sh + bash "$PWD"/jm-bm.sh fi -printf "${Blue}Script completed \o/! ${Color_Off}\n" +printwc "${Blue}" "Script completed \o/!\n" diff --git a/jm-bm.sh b/jm-bm.sh index 6a0d68c..d5bc4dc 100644 --- a/jm-bm.sh +++ b/jm-bm.sh @@ -1,10 +1,24 @@ #!/bin/bash # Jitsi Meet brandless mode # for Debian/*buntu binaries. -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GNU GPLv3 or later. -DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" CSS_FILE="/usr/share/jitsi-meet/css/all.css" TITLE_FILE="/usr/share/jitsi-meet/title.html" INT_CONF="/usr/share/jitsi-meet/interface_config.js" @@ -21,7 +35,7 @@ MOVILE_APP_NAME="Jitsi Meet" PART_USER="Participant" LOCAL_USER="me" # -SEC_ROOM="TBD" +#SEC_ROOM="TBD" echo ' #-------------------------------------------------- # Applying Brandless mode @@ -43,7 +57,7 @@ fi if [ ! -f "$REC_ICON_PATH" ];then cp images/gnome_record.png "$REC_ICON_PATH" else - echo "recording icon exists, skipping copying..." + echo "recording icon exists, skipping copying..." fi #Custom / Remove icons @@ -53,8 +67,8 @@ sed -i "s|jitsilogo.png|watermark2.png|g" "$TITLE_FILE" sed -i "s|logo-deep-linking.png|watermark2.png|g" "$BUNDLE_JS" sed -i "s|jitsiLogo_square.png|gnome_record.png|g" "$BUNDLE_JS" #Disable logo and url -if [ -z "$(grep -nr ".leftwatermark{display:none" "$CSS_FILE")" ]; then -sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE" +if ! grep -nr ".leftwatermark{display:none" "$CSS_FILE" ; then + sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE" fi #Customize room title diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index a366440..e21e8a8 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -1,14 +1,15 @@ #!/bin/bash # JRA (Jibri Recordings Access) via Nextcloud -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GPLv3 or later. + while getopts m: option do - case "${option}" - in - m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./jra_nextcloud.sh [-m debug]" && exit;; - esac + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac done #DEBUG @@ -16,12 +17,12 @@ if [ "$MODE" = "debug" ]; then set -x fi -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi exit_if_not_installed() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" != "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then echo " This instance doesn't have $1 installed, exiting..." echo " If you think this is an error, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues " @@ -38,14 +39,14 @@ echo -e '\n exit_if_not_installed jitsi-meet DISTRO_RELEASE="$(lsb_release -sc)" -DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')" PHPVER="7.4" PSGVER="$(apt-cache madison postgresql|awk -F'[ +]' 'NR==1{print $3}')" PHP_FPM_DIR="/etc/php/$PHPVER/fpm" PHP_INI="$PHP_FPM_DIR/php.ini" PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf" -NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/$DOMAIN.conf | awk '{print$2}')" +NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/"$DOMAIN".conf | awk '{print$2}')" NC_REPO="https://download.nextcloud.com/server/releases" NCVERSION="$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)" STABLEVERSION="nextcloud-$NCVERSION" @@ -54,7 +55,7 @@ NC_CONFIG="$NC_PATH/config/config.php" NC_DB_USER="nextcloud_user" NC_DB="nextcloud_db" NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" -DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)" +DIR_RECORD="$(awk -F '"' '/RECORDING/{print$2}' /home/jibri/finalize_recording.sh|awk 'NR==1{print$1}')" REDIS_CONF="/etc/redis/redis.conf" JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" if [ -f $JITSI_MEET_PROXY ];then @@ -62,30 +63,30 @@ PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) fi PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" ISO3166_CODE=TBD +NL="$(printf '\n ')" while [[ "$ANS_NCD" != "yes" ]] do - read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)"$'\n' -r NC_DOMAIN + read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)$NL" -r NC_DOMAIN if [ -z "$NC_DOMAIN" ];then - echo "-- This field is mandatory." + echo " - This field is mandatory." elif [ "$NC_DOMAIN" = "$DOMAIN" ]; then - echo "-- You can not use the same domain for both, Jitsi Meet and JRA via Nextcloud." + echo " - You can not use the same domain for both, Jitsi Meet and JRA via Nextcloud." fi - read -p "> Did you mean?: $NC_DOMAIN (yes or no)"$'\n' -r ANS_NCD + read -p " > Did you mean?: $NC_DOMAIN (yes or no)$NL" -r ANS_NCD if [ "$ANS_NCD" = "yes" ]; then - echo "Alright, let's use $NC_DOMAIN." + echo " - Alright, let's use $NC_DOMAIN." else - echo "Please try again." + echo " - Please try again." fi done #Simple DNS test -if [ "$PUBLIC_IP" = "$(dig -4 +short $NC_DOMAIN|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then - echo "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing... -" +if [ "$PUBLIC_IP" = "$(dig -4 +short "$NC_DOMAIN"|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then + echo -e "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing...\n\n" else echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match." echo " > Please check your dns records are applied and updated, otherwise Nextcloud may fail." - read -p " > Do you want to continue?: (yes or no)"$'\n' -r DNS_CONTINUE + read -p " > Do you want to continue?: (yes or no)$NL" -r DNS_CONTINUE if [ "$DNS_CONTINUE" = "yes" ]; then echo " - We'll continue anyway..." else @@ -95,49 +96,51 @@ else fi NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf" -while [[ -z "$NC_USER" ]] +while [ -z "$NC_USER" ] do read -p "Nextcloud user: " -r NC_USER if [ -z "$NC_USER" ]; then - echo "-- This field is mandatory." + echo " - This field is mandatory." fi done while [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 6 ] do read -p "Nextcloud user password: " -r NC_PASS if [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 6 ]; then - echo -e "-- This field is mandatory. \nPlease make sure it's at least 6 characters.\n" + echo -e " - This field is mandatory. \nPlease make sure it's at least 6 characters.\n" fi done #Enable HSTS -while [[ "$ENABLE_HSTS" != "yes" && "$ENABLE_HSTS" != "no" ]] +while [ "$ENABLE_HSTS" != "yes" ] && [ "$ENABLE_HSTS" != "no" ] do read -p "> Do you want to enable HSTS for this domain?: (yes or no) Be aware this option apply mid-term effects on the domain, choose \"no\" - in case you don't know what you are doing. More at https://hstspreload.org/"$'\n' -r ENABLE_HSTS + in case you don't know what you are doing. More at https://hstspreload.org/$NL" -r ENABLE_HSTS if [ "$ENABLE_HSTS" = "no" ]; then - echo "-- HSTS won't be enabled." + echo " - HSTS won't be enabled." elif [ "$ENABLE_HSTS" = "yes" ]; then - echo "-- HSTS will be enabled." + echo " - HSTS will be enabled." fi done echo -e "#Default country phone code\n > Starting at Nextcloud 21.x it's required to set a default country phone ISO 3166-1 alpha-2 code.\n >>> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements <<<\n" +sleep .1 while [ ${#ISO3166_CODE} -gt 2 ]; do echo -e "Some examples might be: Germany > DE | Mexico > MX | Spain > ES | USA > US\n -Do you want to set such code for your installation?" && \ -read -p "Leave empty if you don't want to set any: "$'\n' ISO3166_CODE +Do you want to set such code for your installation?" +sleep .1 +read -p "Leave empty if you don't want to set any: " -r ISO3166_CODE if [ ${#ISO3166_CODE} -gt 2 ]; then echo -e "\n-- This code is only 2 characters long, please check your input.\n" fi done - +sleep .1 echo -e "\n# Check for jitsi-meet/jibri\n" if [ "$(dpkg-query -W -f='${Status}' jibri 2>/dev/null | grep -c "ok installed")" == "1" ] || \ - [ -f /etc/prosody/conf.d/$DOMAIN.conf ]; then + [ -f /etc/prosody/conf.d/"$DOMAIN".conf ]; then echo "jitsi meet/jibri is installed, checking version:" apt-show-versions jibri else @@ -146,7 +149,7 @@ else fi exit_ifinstalled() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " This instance already has $1 installed, exiting..." echo " If you think this is an error, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues " @@ -154,11 +157,11 @@ if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" = fi } install_ifnot() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." else echo -e "\n---- Installing $1 ----" - apt-get -yq2 install $1 + apt-get -yq2 install "$1" fi } add_php74() { @@ -174,46 +177,46 @@ else fi } #Prevent root folder permission issues -cp $PWD/files/jra-nc-app-ef.json /tmp +cp "$PWD"/files/jra-nc-app-ef.json /tmp -exit_ifinstalled postgresql-$PSGVER +exit_ifinstalled postgresql-"$PSGVER" ## Install software requirements # PostgresSQL -install_ifnot postgresql-$PSGVER +install_ifnot postgresql-"$PSGVER" # PHP 7.4 add_php74 apt-get install -y \ imagemagick \ - php$PHPVER-fpm \ - php$PHPVER-bcmath \ - php$PHPVER-bz2 \ - php$PHPVER-curl \ - php$PHPVER-gd \ - php$PHPVER-gmp \ - php$PHPVER-imagick \ - php$PHPVER-intl \ - php$PHPVER-json \ - php$PHPVER-ldap \ - php$PHPVER-mbstring \ - php$PHPVER-pgsql \ - php$PHPVER-redis \ - php$PHPVER-soap \ - php$PHPVER-xml \ - php$PHPVER-xmlrpc \ - php$PHPVER-zip \ + php"$PHPVER"-fpm \ + php"$PHPVER"-bcmath \ + php"$PHPVER"-bz2 \ + php"$PHPVER"-curl \ + php"$PHPVER"-gd \ + php"$PHPVER"-gmp \ + php"$PHPVER"-imagick \ + php"$PHPVER"-intl \ + php"$PHPVER"-json \ + php"$PHPVER"-ldap \ + php"$PHPVER"-mbstring \ + php"$PHPVER"-pgsql \ + php"$PHPVER"-redis \ + php"$PHPVER"-soap \ + php"$PHPVER"-xml \ + php"$PHPVER"-xmlrpc \ + php"$PHPVER"-zip \ redis-server \ unzip #System related install_ifnot smbclient -sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" $PHP_CONF -sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" $PHP_CONF -sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" $PHP_CONF -sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" $PHP_CONF -sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" $PHP_CONF -sed -i "s|;clear_env = no|clear_env = no|" $PHP_CONF +sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF" +sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF" +sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF" +sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF" +sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF" +sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF" echo " Tunning PHP.ini... @@ -244,14 +247,14 @@ echo "opcache.revalidate_freq=1" echo "opcache.validate_timestamps=1" } >> "$PHP_INI" -systemctl restart php$PHPVER-fpm.service +systemctl restart php"$PHPVER"-fpm.service #-------------------------------------------------- # Create DB user #-------------------------------------------------- echo -e "\n---- Creating the PgSQL DB & User ----" -cd /tmp +cd /tmp || return sudo -u postgres psql < $NC_NGINX_CONF +cat << NC_NGINX > "$NC_NGINX_CONF" #nextcloud config upstream php-handler { #server 127.0.0.1:9000; @@ -417,9 +420,9 @@ server { } NC_NGINX systemctl stop nginx -letsencrypt certonly --standalone --renew-by-default --agree-tos -d $NC_DOMAIN -if [ -f /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem ];then - ln -s $NC_NGINX_CONF /etc/nginx/sites-available/ +letsencrypt certonly --standalone --renew-by-default --agree-tos -d "$NC_DOMAIN" +if [ -f /etc/letsencrypt/live/"$NC_DOMAIN"/fullchain.pem ];then + ln -s "$NC_NGINX_CONF" /etc/nginx/sites-enabled/ else echo "There are issues on getting the SSL certs..." read -n 1 -s -r -p "Press any key to continue" @@ -428,34 +431,30 @@ nginx -t systemctl restart nginx if [ "$ENABLE_HSTS" = "yes" ]; then - sed -i "s|#add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF + sed -i "s|#add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" "$NC_NGINX_CONF" fi -if [ ! -z "$PREAD_PROXY" ]; then +if [ -n "$PREAD_PROXY" ]; then echo " Setting up Nextcloud domain on Jitsi Meet turn proxy " - sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ }" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ }" "$JITSI_MEET_PROXY" fi -echo " - Latest version to be installed: $STABLEVERSION - (This might take sometime, please be patient...) -" -curl -s $NC_REPO/$STABLEVERSION.zip > /tmp/$STABLEVERSION.zip -unzip -q /tmp/$STABLEVERSION.zip -mv nextcloud $NC_PATH +echo -e "\n Latest version to be installed: $STABLEVERSION + (This might take sometime, please be patient...)\n" +curl -s "$NC_REPO"/"$STABLEVERSION".zip > /tmp/"$STABLEVERSION".zip +unzip -q /tmp/"$STABLEVERSION".zip +mv nextcloud "$NC_PATH" -chown -R www-data:www-data $NC_PATH -chmod -R 755 $NC_PATH +chown -R www-data:www-data "$NC_PATH" +chmod -R 755 "$NC_PATH" -echo " -Database installation... -" -sudo -u www-data php $NC_PATH/occ maintenance:install \ +echo -e "\nDatabase installation...\n" +sudo -u www-data php "$NC_PATH"/occ maintenance:install \ --database=pgsql \ --database-name="$NC_DB" \ --database-user="$NC_DB_USER" \ @@ -463,68 +462,58 @@ sudo -u www-data php $NC_PATH/occ maintenance:install \ --admin-user="$NC_USER" \ --admin-pass="$NC_PASS" -echo " -Apply custom mods... -" -sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," $NC_CONFIG -sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," $NC_CONFIG -sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," $NC_CONFIG -sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG +echo -e "\nApply custom mods...\n" +sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," "$NC_CONFIG" +sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," "$NC_CONFIG" +sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," "$NC_CONFIG" +sed -i "s|http://localhost|http://$NC_DOMAIN|" "$NC_CONFIG" -echo "Add crontab..." +echo -e "\nAdd crontab...\n" crontab -u www-data -l | { cat; echo "*/5 * * * * php -f $NC_PATH/cron.php"; } | crontab -u www-data - -echo " -Add memcache support... -" -sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" $REDIS_CONF -sed -i "s|# unixsocketperm .*|unixsocketperm 777|g" $REDIS_CONF -sed -i "s|port 6379|port 0|" $REDIS_CONF +echo -e "\nAdd memcache support...\n" +sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" "$REDIS_CONF" +sed -i "s|# unixsocketperm .*|unixsocketperm 777|g" "$REDIS_CONF" +sed -i "s|port 6379|port 0|" "$REDIS_CONF" systemctl restart redis-server -echo "--> Setting config.php..." -if [ ! -z "$ISO3166_CODE" ]; then - sed -i "/);/i \ \ 'default_phone_region' => '$ISO3166_CODE'," $NC_CONFIG +echo -e "\n--> Setting config.php...\n" +if [ -n "$ISO3166_CODE" ]; then + sed -i "/);/i \ \ 'default_phone_region' => '$ISO3166_CODE'," "$NC_CONFIG" fi -sed -i "/);/i \ \ 'filelocking.enabled' => 'true'," $NC_CONFIG -sed -i "/);/i \ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG -sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG -sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG -sed -i "/);/i \ \ 'memcache.distributed' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG -sed -i "/);/i \ \ 'redis' =>" $NC_CONFIG -sed -i "/);/i \ \ \ \ array (" $NC_CONFIG -sed -i "/);/i \ \ \ \ \ 'host' => '/var/run/redis/redis.sock'," $NC_CONFIG -sed -i "/);/i \ \ \ \ \ 'port' => 0," $NC_CONFIG -sed -i "/);/i \ \ \ \ \ 'timeout' => 0," $NC_CONFIG -sed -i "/);/i \ \ )," $NC_CONFIG -echo "Done -" -echo " -Addding & Setting up Files External App for Local storage... -" -sudo -u www-data php $NC_PATH/occ app:install files_external -sudo -u www-data php $NC_PATH/occ app:enable files_external -sudo -u www-data php $NC_PATH/occ app:disable support -sudo -u www-data php $NC_PATH/occ files_external:import /tmp/jra-nc-app-ef.json +sed -i "/);/i \ \ 'filelocking.enabled' => 'true'," "$NC_CONFIG" +sed -i "/);/i \ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG" +sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG" +sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG" +sed -i "/);/i \ \ 'memcache.distributed' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG" +sed -i "/);/i \ \ 'redis' =>" "$NC_CONFIG" +sed -i "/);/i \ \ \ \ array (" "$NC_CONFIG" +sed -i "/);/i \ \ \ \ \ 'host' => '/var/run/redis/redis.sock'," "$NC_CONFIG" +sed -i "/);/i \ \ \ \ \ 'port' => 0," "$NC_CONFIG" +sed -i "/);/i \ \ \ \ \ 'timeout' => 0," "$NC_CONFIG" +sed -i "/);/i \ \ )," "$NC_CONFIG" +echo -e "Done\n" + +echo -e "\nAddding & Setting up Files External App for Local storage...\n" +sudo -u www-data php "$NC_PATH"/occ app:install files_external +sudo -u www-data php "$NC_PATH"/occ app:enable files_external +sudo -u www-data php "$NC_PATH"/occ app:disable support +sudo -u www-data php "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json usermod -a -G jibri www-data -chmod -R 770 $DIR_RECORD -chmod -R g+s $DIR_RECORD +chmod -R 770 "$DIR_RECORD" +chmod -R g+s "$DIR_RECORD" -echo " -Fixing possible missing tables... -" -echo "y"|sudo -u www-data php $NC_PATH/occ db:convert-filecache-bigint -sudo -u www-data php $NC_PATH/occ db:add-missing-indices -sudo -u www-data php $NC_PATH/occ db:add-missing-columns +echo -e "\nFixing possible missing tables...\n\n" +echo "y"|sudo -u www-data php "$NC_PATH"/occ db:convert-filecache-bigint +sudo -u www-data php "$NC_PATH"/occ db:add-missing-indices +sudo -u www-data php "$NC_PATH"/occ db:add-missing-columns -echo " -Adding trusted domain... -" -sudo -u www-data php $NC_PATH/occ config:system:set trusted_domains 0 --value=$NC_DOMAIN +echo -e "\nAdding trusted domain...\n" +sudo -u www-data php "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN" -echo "Setting JRA domain on jitsi-updater.sh" -cd ~/quick-jibri-installer +echo -e "\nSetting JRA domain on jitsi-updater.sh\n" +cd ~/quick-jibri-installer || return sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh -echo "Quick Nextcloud installation complete!" +echo -e "\nQuick Nextcloud installation complete!\n" diff --git a/mode/chp-mode.sh b/mode/chp-mode.sh index d2e6dde..8c7f829 100644 --- a/mode/chp-mode.sh +++ b/mode/chp-mode.sh @@ -1,20 +1,14 @@ #!/bin/bash # Custom High Performance Jitsi conf -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GPLv3 or later. -#Check if user is root -if ! [ $(id -u) = 0 ]; then - echo "You need to be root or have privileges!" - exit 0 -fi - while getopts m: option do case "${option}" in m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./chp-mode.sh [-m debug]" && exit;; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; esac done @@ -23,6 +17,12 @@ if [ "$MODE" = "debug" ]; then set -x fi +#Check if user is root +if ! [ "$(id -u)" = 0 ]; then + echo "You need to be root or have privileges!" + exit 0 +fi + wait_seconds() { secs=$(($1)) while [ $secs -gt 0 ]; do @@ -32,11 +32,11 @@ while [ $secs -gt 0 ]; do done } set_once() { -if [ -z "$(awk '!/^ *#/ && NF {print}' "$2"|grep $(echo $1|awk -F '=' '{print$1}'))" ]; then - echo "Setting "$1" on "$2"..." +if ! grep -q "$(awk '!/^ *#/ && NF {print}' "$2"|grep "$(awk -F '=' '{print$1}' <<< "$1")")" ; then + echo "Setting $1 on $2..." echo "$1" | tee -a "$2" else - echo " \"$(echo $1|awk -F '=' '{print$1}')\" seems present, skipping setting this variable" + echo " \"$(echo "$1"|awk -F '=' '{print$1}')\" seems present, skipping setting this variable" fi } # True if $1 is greater than $2 @@ -44,7 +44,7 @@ version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; } LTS_REL="$(lsb_release -d | awk '{print$4}')" -DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" JVB_LOG_POP="/etc/jitsi/videobridge/logging.properties" JVB_RC="/usr/share/jitsi-videobridge/lib/videobridge.rc" JICOFO_LOG_POP="/etc/jitsi/videobridge/logging.properties" @@ -54,17 +54,16 @@ MEET_CONF_HP="/etc/jitsi/meet/${DOMAIN}-chp-config.js" INT_CONF_JS="/etc/jitsi/meet/${DOMAIN}-interface_config.js" INT_CONF_JS_HP="/etc/jitsi/meet/${DOMAIN}-chp-interface_config.js" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" -FSTAB="/etc/fstab" CHAT_DISABLED="TBD" -if [ -f $MEET_CONF_HP ] || [ -f $INT_CONF_JS_HP ]; then +if [ -f "$MEET_CONF_HP" ] || [ -f "$INT_CONF_JS_HP" ]; then echo " This script can't be run multiple times on the same system, idempotence not guaranteed, exiting..." exit fi -if [ -z $LTS_REL ] || [ -z $DOMAIN ];then +if [ -z "$LTS_REL" ] || [ -z "$DOMAIN" ];then echo "This system isn't suitable to configure." exit else @@ -122,7 +121,7 @@ PS3='Select the desired resolution for high performance mode: ' options=("nHD - 640x360" "qHD - 960x540" "HD - 1280x720") select opt in "${options[@]}" do - case $opt in + case "$opt" in "nHD - 640x360") echo -e "\n > Setting 640x360 resolution.\n" VID_RES="360" @@ -152,7 +151,7 @@ while [[ "$CHAT_DISABLED" != "yes" && \ "$CHAT_DISABLED" != "" ]] do echo "> Do you want to disable jitsi's built-in chat?: (yes or no)" -read -p "(Also you can leave empty to disable)"$'\n' CHAT_DISABLED +read -p "(Also you can leave empty to disable)"$'\n' -r CHAT_DISABLED if [ "$CHAT_DISABLED" = "no" ]; then echo -e "-- Jitsi's built-in chat will be kept active.\n" elif [ "$CHAT_DISABLED" = "yes" ] || [ -z "$CHAT_DISABLED" ]; then @@ -162,149 +161,149 @@ done ## JMS system tune up if [ "$MODE" = "debug" ]; then - bash $PWD/jms-stu.sh -m debug + bash "$PWD"/jms-stu.sh -m debug else - bash $PWD/jms-stu.sh + bash "$PWD"/jms-stu.sh fi #JVB2 ##Loose up logging # https://community.jitsi.org/t/23641/13 -sed -i "/java.util.logging.FileHandler.level/s|ALL|WARNING|g" $JVB_LOG_POP -sed -i "s|^.level=INFO|.level=WARNING|" $JVB_LOG_POP -sed -i "/VIDEOBRIDGE_MAX_MEMORY=/i \ VIDEOBRIDGE_MAX_MEMORY=8192m" $JVB_RC +sed -i "/java.util.logging.FileHandler.level/s|ALL|WARNING|g" "$JVB_LOG_POP" +sed -i "s|^.level=INFO|.level=WARNING|" "$JVB_LOG_POP" +sed -i "/VIDEOBRIDGE_MAX_MEMORY=/i \ VIDEOBRIDGE_MAX_MEMORY=8192m" "$JVB_RC" #JICOFO -sed -i "/java.util.logging.FileHandler.level/s|ALL|OFF|g" $JICOFO_LOG_POP -sed -i "s|^.level=INFO|.level=WARNING|" $JICOFO_LOG_POP +sed -i "/java.util.logging.FileHandler.level/s|ALL|OFF|g" "$JICOFO_LOG_POP" +sed -i "s|^.level=INFO|.level=WARNING|" "$JICOFO_LOG_POP" #MEET -sed -i "s|defaultLogLevel:.*|defaultLogLevel: 'error',|" $MEET_LOG_CONF -sed -i "/TraceablePeerConnection.js/s|info|error|" $MEET_LOG_CONF -sed -i "/CallStats.js/s|info|error|" $MEET_LOG_CONF -sed -i "/strophe.util.js/s|log|error|" $MEET_LOG_CONF +sed -i "s|defaultLogLevel:.*|defaultLogLevel: 'error',|" "$MEET_LOG_CONF" +sed -i "/TraceablePeerConnection.js/s|info|error|" "$MEET_LOG_CONF" +sed -i "/CallStats.js/s|info|error|" "$MEET_LOG_CONF" +sed -i "/strophe.util.js/s|log|error|" "$MEET_LOG_CONF" #UX - Room settings and interface ## config.js -cp $MEET_CONF $MEET_CONF_HP -sed -i "s|// disableAudioLevels:.*|disableAudioLevels: true,|" $MEET_CONF_HP -sed -i "s|enableNoAudioDetection:.*|enableNoAudioDetection: false,|" $MEET_CONF_HP -sed -i "s|enableNoisyMicDetection:.*|enableNoisyMicDetection: false,|" $MEET_CONF_HP -sed -i "s|startAudioMuted:.*|startAudioMuted: 5,|" $MEET_CONF_HP -sed -i "s|// startVideoMuted:.*|startVideoMuted: 5,|" $MEET_CONF_HP -sed -i "s|startWithVideoMuted: true,|startWithVideoMuted: false,|" $MEET_CONF_HP -sed -i "s|channelLastN:.*|channelLastN: 10,|" $MEET_CONF_HP -sed -i "s|// enableLayerSuspension:.*|enableLayerSuspension: true,|" $MEET_CONF_HP -sed -i "s|// apiLogLevels:.*|apiLogLevels: \['warn', 'error'],|" $MEET_CONF_HP +cp "$MEET_CONF" "$MEET_CONF_HP" +sed -i "s|// disableAudioLevels:.*|disableAudioLevels: true,|" "$MEET_CONF_HP" +sed -i "s|enableNoAudioDetection:.*|enableNoAudioDetection: false,|" "$MEET_CONF_HP" +sed -i "s|enableNoisyMicDetection:.*|enableNoisyMicDetection: false,|" "$MEET_CONF_HP" +sed -i "s|startAudioMuted:.*|startAudioMuted: 5,|" "$MEET_CONF_HP" +sed -i "s|// startVideoMuted:.*|startVideoMuted: 5,|" "$MEET_CONF_HP" +sed -i "s|startWithVideoMuted: true,|startWithVideoMuted: false,|" "$MEET_CONF_HP" +sed -i "s|channelLastN:.*|channelLastN: 10,|" "$MEET_CONF_HP" +sed -i "s|// enableLayerSuspension:.*|enableLayerSuspension: true,|" "$MEET_CONF_HP" +sed -i "s|// apiLogLevels:.*|apiLogLevels: \['warn', 'error'],|" "$MEET_CONF_HP" if [ "$VID_RES" = "360" ]; then -sed -i "/Start QJI/,/End QJI/d" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 360," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 360," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 360," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 640," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 640," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" $MEET_CONF_HP +sed -i "/Start QJI/,/End QJI/d" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 360," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 360," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 360," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 640," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 640," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" "$MEET_CONF_HP" fi if [ "$VID_RES" = "540" ]; then -sed -i "/Start QJI/,/End QJI/d" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 540," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 540," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 540," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 960," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 960," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" $MEET_CONF_HP +sed -i "/Start QJI/,/End QJI/d" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 540," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 540," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 540," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 960," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 960," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" "$MEET_CONF_HP" fi if [ "$VID_RES" = "720" ]; then -sed -i "/Start QJI/,/End QJI/d" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 720," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 720," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 720," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 1280," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 1280," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," $MEET_CONF_HP -sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" $MEET_CONF_HP +sed -i "/Start QJI/,/End QJI/d" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 720," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 720," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 720," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 1280," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 1280," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," "$MEET_CONF_HP" +sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" "$MEET_CONF_HP" fi ## interface_config.js -cp $INT_CONF_JS $INT_CONF_JS_HP -sed -i "s|CONNECTION_INDICATOR_DISABLED:.*|CONNECTION_INDICATOR_DISABLED: true,|" $INT_CONF_JS_HP -sed -i "s|DISABLE_DOMINANT_SPEAKER_INDICATOR:.*|DISABLE_DOMINANT_SPEAKER_INDICATOR: true,|" $INT_CONF_JS_HP -sed -i "s|DISABLE_FOCUS_INDICATOR:.*|DISABLE_FOCUS_INDICATOR: false,|" $INT_CONF_JS_HP -sed -i "s|DISABLE_JOIN_LEAVE_NOTIFICATIONS:.*|DISABLE_JOIN_LEAVE_NOTIFICATIONS: true,|" $INT_CONF_JS_HP -sed -i "s|DISABLE_VIDEO_BACKGROUND:.*|DISABLE_VIDEO_BACKGROUND: true,|" $INT_CONF_JS_HP -sed -i "s|OPTIMAL_BROWSERS: \[.*|OPTIMAL_BROWSERS: \[ 'chrome', 'chromium', 'electron' \],|" $INT_CONF_JS_HP -sed -i "s|UNSUPPORTED_BROWSERS: .*|UNSUPPORTED_BROWSERS: \[ 'nwjs', 'safari', 'firefox' \],|" $INT_CONF_JS_HP +cp "$INT_CONF_JS" "$INT_CONF_JS_HP" +sed -i "s|CONNECTION_INDICATOR_DISABLED:.*|CONNECTION_INDICATOR_DISABLED: true,|" "$INT_CONF_JS_HP" +sed -i "s|DISABLE_DOMINANT_SPEAKER_INDICATOR:.*|DISABLE_DOMINANT_SPEAKER_INDICATOR: true,|" "$INT_CONF_JS_HP" +sed -i "s|DISABLE_FOCUS_INDICATOR:.*|DISABLE_FOCUS_INDICATOR: false,|" "$INT_CONF_JS_HP" +sed -i "s|DISABLE_JOIN_LEAVE_NOTIFICATIONS:.*|DISABLE_JOIN_LEAVE_NOTIFICATIONS: true,|" "$INT_CONF_JS_HP" +sed -i "s|DISABLE_VIDEO_BACKGROUND:.*|DISABLE_VIDEO_BACKGROUND: true,|" "$INT_CONF_JS_HP" +sed -i "s|OPTIMAL_BROWSERS: \[.*|OPTIMAL_BROWSERS: \[ 'chrome', 'chromium', 'electron' \],|" "$INT_CONF_JS_HP" +sed -i "s|UNSUPPORTED_BROWSERS: .*|UNSUPPORTED_BROWSERS: \[ 'nwjs', 'safari', 'firefox' \],|" "$INT_CONF_JS_HP" ### Toolbars if version_gt "$(apt-show-versions jitsi-meet|awk '{print$2}')" "2.0.5390-3" ; then #New toolbar in config.js - sed -i "/\/\/ toolbarButtons:/i \ \ \ \ toolbarButtons:: \[" $MEET_CONF_HP - sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," $MEET_CONF_HP + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ toolbarButtons:: \[" "$MEET_CONF_HP" + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," "$MEET_CONF_HP" if [ -z "$CHAT_DISABLED" ] || [ "$CHAT_DISABLED" = "yes" ]; then - sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," $MEET_CONF_HP + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," "$MEET_CONF_HP" else - sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording'," $MEET_CONF_HP + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording'," "$MEET_CONF_HP" fi - sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'livestreaming', 'etherpad', 'settings', 'raisehand'," $MEET_CONF_HP - sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," $MEET_CONF_HP - sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'" $MEET_CONF_HP - sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \]," $MEET_CONF_HP + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'livestreaming', 'etherpad', 'settings', 'raisehand'," "$MEET_CONF_HP" + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," "$MEET_CONF_HP" + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'" "$MEET_CONF_HP" + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \]," "$MEET_CONF_HP" else #Old toolbar in interface.js (soon deprecated on newer versions) - sed -i "/^\s*TOOLBAR_BUTTONS*\]$/ s|^|//|; /^\s*TOOLBAR_BUTTONS/, /\],$/ s|^|//|" $INT_CONF_JS_HP + sed -i "/^\s*TOOLBAR_BUTTONS*\]$/ s|^|//|; /^\s*TOOLBAR_BUTTONS/, /\],$/ s|^|//|" "$INT_CONF_JS_HP" - sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ TOOLBAR_BUTTONS: \[" $INT_CONF_JS_HP - sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," $INT_CONF_JS_HP + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ TOOLBAR_BUTTONS: \[" "$INT_CONF_JS_HP" + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," "$INT_CONF_JS_HP" if [ -z "$CHAT_DISABLED" ] || [ "$CHAT_DISABLED" = "yes" ]; then - sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," $INT_CONF_JS_HP + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," "$INT_CONF_JS_HP" else - sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording'," $INT_CONF_JS_HP + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording'," "$INT_CONF_JS_HP" fi - sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'livestreaming', 'etherpad', 'settings', 'raisehand'," $INT_CONF_JS_HP - sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," $INT_CONF_JS_HP - sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'" $INT_CONF_JS_HP - sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \]," $INT_CONF_JS_HP + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'livestreaming', 'etherpad', 'settings', 'raisehand'," "$INT_CONF_JS_HP" + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," "$INT_CONF_JS_HP" + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'" "$INT_CONF_JS_HP" + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \]," "$INT_CONF_JS_HP" fi #Check config file echo -e "\n# Checking $MEET_CONF file for errors\n" -CHECKJS_MEET_CHP=$(esvalidate $MEET_CONF_HP| cut -d ":" -f2) +CHECKJS_MEET_CHP="$(esvalidate "$MEET_CONF_HP"| cut -d ":" -f2)" if [ -z "$CHECKJS_MEET_CHP" ]; then echo -e "\n# The $MEET_CONF_HP configuration seems correct. =)\n" else @@ -313,7 +312,7 @@ echo -e "\n Watch out!, there seems to be an issue on $MEET_CONF_HP line: Most of the times this is due upstream changes, please report to https://github.com/switnet-ltd/quick-jibri-installer/issues\n" fi -CHECKJS_INT_CHP=$(esvalidate $INT_CONF_JS_HP| cut -d ":" -f2) +CHECKJS_INT_CHP="$(esvalidate "$INT_CONF_JS_HP"| cut -d ":" -f2)" if [ -z "$CHECKJS_INT_CHP" ]; then echo -e "\n# The $INT_CONF_JS_HP configuration seems correct. =)\n" else @@ -323,8 +322,8 @@ echo -e "\n Watch out!, there seems to be an issue on $INT_CONF_JS_HP line: https://github.com/switnet-ltd/quick-jibri-installer/issues\n" fi -sed -i "s|$MEET_CONF|$MEET_CONF_HP|g" $WS_CONF -sed -i "s|$INT_CONF_JS|$INT_CONF_JS_HP|" $WS_CONF +sed -i "s|$MEET_CONF|$MEET_CONF_HP|g" "$WS_CONF" +sed -i "s|$INT_CONF_JS|$INT_CONF_JS_HP|" "$WS_CONF" nginx -t #systemctl restart nginx diff --git a/mode/grid/selenium-grid-docker.sh b/mode/grid/selenium-grid-docker.sh index 6acb471..868efd4 100644 --- a/mode/grid/selenium-grid-docker.sh +++ b/mode/grid/selenium-grid-docker.sh @@ -1,11 +1,25 @@ #!/bin/bash # Custom Selenium Grid-Node fro Jitsi Meet # Pandian © - https://community.jitsi.org/u/Pandian -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GPLv3 or later. +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -14,7 +28,7 @@ WAN_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" AV_SPACE="$(df -h .|grep -v File|awk '{print$4}'|sed -e 's|G||')" echo -e "\n-- Make sure you have at least 10GB of disk space available.\n" -if [ $(echo "$AV_SPACE > 9" | bc) -ne 0 ]; then +if [ "$(echo "$AV_SPACE > 9" | bc)" -ne 0 ]; then echo "> Seems we have enough disk space." else echo "> Please meet the minimum required disk space for this installer, exiting..." @@ -30,7 +44,7 @@ apt-get install -y \ wget \ unzip \ maven \ - openjdk-8-jdk + openjdk-11-jdk # Docker curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh @@ -40,17 +54,17 @@ chmod +x /usr/local/bin/docker-compose ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose # Jitsi Meet Torture -cd /opt +cd /opt || exit git clone https://github.com/jitsi/jitsi-meet-torture -cd jitsi-meet-torture/resources -if [ -f FourPeople_1280x720_30.y4m ] ; then +cd jitsi-meet-torture/ || exit +if [ -f resources/FourPeople_1280x720_30.y4m ] ; then echo "FourPeople_1280x720_30.y4m exists" else echo "FourPeople_1280x720_30.y4m doesn't exists, getting a copy..." wget -c https://media.xiph.org/video/derf/y4m/FourPeople_1280x720_60.y4m - cp FourPeople_1280x720_60.y4m FourPeople_1280x720_30.y4m + mv FourPeople_1280x720_60.y4m resources/ + cp resources/FourPeople_1280x720_60.y4m resources/FourPeople_1280x720_30.y4m fi -cd .. #150 "participants" available ## Tested up to 120 with AWS c5.24xlarge @@ -145,8 +159,8 @@ sudo bash /opt/jitsi-meet-torture/scripts/malleus.sh \\ --hub-url=http://localhost:4444/wd/hub \\ --instance-url=https://YOUR.JITSI-MEET-INSTANCE.DOMAIN " -echo -e "\n-- If using 'hamertesting' as prefix name you can join the room -hamertesting0, hamertesting1, hamertestingN +echo -e "\n-- If using 'hamertesting' as prefix name you can join the room +hamertesting0, hamertesting1, hamertestingN according to the 'N' number of conferences you have set to watch the test. *Beware* for 120 \"participants\" to join video-muted it was necessary at least a c5.24xlarge AWS instance. diff --git a/mode/jms-stu.sh b/mode/jms-stu.sh index 2fb45ba..2eb4e2d 100644 --- a/mode/jms-stu.sh +++ b/mode/jms-stu.sh @@ -2,49 +2,49 @@ # System-tune-up to remove system software restrictions on a huge load of connections. # Be aware that hardware/infrastructure resources are the most common limiters. # -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GPLv3 or later. -#Check if user is root -if ! [ $(id -u) = 0 ]; then - echo "You need to be root or have privileges!" - exit 0 -fi - while getopts m: option do case "${option}" in m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./jms-stu.sh [-m debug]" && exit;; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; esac done -echo ' -#-------------------------------------------------- -# Starting system tune up configuration -# for high performance -#-------------------------------------------------- -' - #DEBUG if [ "$MODE" = "debug" ]; then set -x fi -set_once() { -if [ -z "$(awk '!/^ *#/ && NF {print}' "$2"|grep $(echo $1|awk -F '=' '{print$1}'))" ]; then - echo "Setting "$1" on "$2"..." +#Check if user is root +if ! [ "$(id -u)" = 0 ]; then + echo "You need to be root or have privileges!" + exit 0 +fi + +echo ' +#-------------------------------------------------- +# Starting system tune up configuration +# for high performance +#-------------------------------------------------- +' + +set_once_hash_comment() { +if ! awk '!/^ *#/ && NF {print}' "$2"|grep -q "$(awk -F '=' '{print$1}' <<< "$1")" ; then + echo "Setting $1 on $2..." echo "$1" | tee -a "$2" else - echo " \"$(echo $1|awk -F '=' '{print$1}')\" seems present, skipping setting this variable" + echo "\"$(awk -F '=' '{print$1}' <<< "$1")\" seems already present, skipping setting this variable" fi } FSTAB=/etc/fstab ##Disable swap swapoff -a -sed -r '/\sswap\s/s/^#?/#/' -i $FSTAB +sed -r '/\sswap\s/s/^#?/#/' -i "$FSTAB" ##Alternative swap tuning (need more documentation). #vm.swappiness=5 @@ -56,24 +56,24 @@ sysctl -w net.core.rmem_default=262144 sysctl -w net.core.wmem_default=262144 sysctl -w net.core.rmem_max=262144 sysctl -w net.core.wmem_max=262144 -set_once "net.core.rmem_default=262144" "/etc/sysctl.conf" -set_once "net.core.wmem_default=262144" "/etc/sysctl.conf" -set_once "net.core.rmem_max=262144" "/etc/sysctl.conf" -set_once "net.core.wmem_max=262144" "/etc/sysctl.conf" +set_once_hash_comment "net.core.rmem_default=262144" "/etc/sysctl.conf" +set_once_hash_comment "net.core.wmem_default=262144" "/etc/sysctl.conf" +set_once_hash_comment "net.core.rmem_max=262144" "/etc/sysctl.conf" +set_once_hash_comment "net.core.wmem_max=262144" "/etc/sysctl.conf" #system #https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart -set_once "DefaultLimitNOFILE=65000" "/etc/sysctl.conf" -set_once "DefaultLimitNPROC=65000" "/etc/sysctl.conf" -set_once "DefaultTasksMax=65000" "/etc/sysctl.conf" +set_once_hash_comment "DefaultLimitNOFILE=65000" "/etc/sysctl.conf" +set_once_hash_comment "DefaultLimitNPROC=65000" "/etc/sysctl.conf" +set_once_hash_comment "DefaultTasksMax=65000" "/etc/sysctl.conf" #https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reduce_tcp_performance_spikes sysctl -w net.ipv4.tcp_timestamps=0 -set_once "net.ipv4.tcp_timestamps=0" "/etc/sysctl.conf" +set_once_hash_comment "net.ipv4.tcp_timestamps=0" "/etc/sysctl.conf" #https://bugzilla.redhat.com/show_bug.cgi?id=1283676 sysctl -w net.core.netdev_max_backlog=100000 -set_once "net.core.netdev_max_backlog=100000" "/etc/sysctl.conf" +set_once_hash_comment "net.core.netdev_max_backlog=100000" "/etc/sysctl.conf" ##nginx sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf diff --git a/mode/jwt.sh b/mode/jwt.sh index a19aa41..73dc381 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -1,16 +1,31 @@ #!/bin/bash # JWT Mode Setup -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GPLv3 or later. -DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') + +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties" PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua" PROSODY_SYS="/etc/prosody/prosody.cfg.lua" APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)" SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)" -SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1) -SRP_END=$((SRP_STR + 10)) +SRP_STR="$(grep -n "VirtualHost \"$DOMAIN\"" "$PROSODY_FILE" | head -n1 | cut -d ":" -f1)" +SRP_END="$((SRP_STR + 10))" ## Required openssl for Focal 20.04 if [ "$(lsb_release -sc)" = "focal" ]; then @@ -37,26 +52,26 @@ echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-select apt-get install -y jitsi-meet-tokens #Setting up -sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" $PROSODY_SYS +sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" "$PROSODY_SYS" #- -sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"token\"|}" $PROSODY_FILE -sed -i "s|--app_id=\"example_app_id\"|app_id=\"$APP_ID\"|" $PROSODY_FILE -sed -i "s|--app_secret=\"example_app_secret\"|app_secret=\"$SECRET_APP\"|" $PROSODY_FILE -sed -i "/app_secret/a \\\\" $PROSODY_FILE -sed -i "/app_secret/a \ \ \ \ allow_empty_token = false" $PROSODY_FILE -sed -i "/app_secret/a \\\\" $PROSODY_FILE -sed -i "/app_secret/a \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" $PROSODY_FILE -sed -i "/app_secret/a \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \"RocketChat\" }" $PROSODY_FILE -sed -i "/app_secret/a \\\\" $PROSODY_FILE -sed -i "s|--allow_empty_token =.*|allow_empty_token = false|" $PROSODY_FILE -sed -i 's|--"token_verification"|"token_verification"|' $PROSODY_FILE +sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"token\"|}" "$PROSODY_FILE" +sed -i "s|--app_id=\"example_app_id\"|app_id=\"$APP_ID\"|" "$PROSODY_FILE" +sed -i "s|--app_secret=\"example_app_secret\"|app_secret=\"$SECRET_APP\"|" "$PROSODY_FILE" +sed -i "/app_secret/a \\\\" "$PROSODY_FILE" +sed -i "/app_secret/a \ \ \ \ allow_empty_token = false" "$PROSODY_FILE" +sed -i "/app_secret/a \\\\" "$PROSODY_FILE" +sed -i "/app_secret/a \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" "$PROSODY_FILE" +sed -i "/app_secret/a \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \"RocketChat\" }" "$PROSODY_FILE" +sed -i "/app_secret/a \\\\" "$PROSODY_FILE" +sed -i "s|--allow_empty_token =.*|allow_empty_token = false|" "$PROSODY_FILE" +sed -i 's|--"token_verification"|"token_verification"|' "$PROSODY_FILE" #Request auth -sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" $JICOFO_SIP -sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF +sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" "$JICOFO_SIP" +sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" "$MEET_CONF" #Enable jibri recording -cat << REC-JIBRI >> $PROSODY_FILE +cat << REC-JIBRI >> "$PROSODY_FILE" VirtualHost "recorder.$DOMAIN" modules_enabled = { @@ -67,7 +82,7 @@ VirtualHost "recorder.$DOMAIN" REC-JIBRI #Setup guests and lobby -cat << P_SR >> $PROSODY_FILE +cat << P_SR >> "$PROSODY_FILE" -- #Change back lobby - https://community.jitsi.org/t/64769/136 VirtualHost "guest.$DOMAIN" authentication = "token" diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index dd077f7..0aff27c 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -1,17 +1,17 @@ #!/bin/bash # Quick Jibri Installer - *buntu (LTS) based systems. -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GPLv3 or later. { echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log while getopts m: option do - case "${option}" - in - m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./quick_jibri_installer.sh [-m debug]" && exit;; - esac + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac done #DEBUG @@ -26,12 +26,12 @@ NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") DIST=$(lsb_release -sc) GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') -PROSODY_REPO=$(apt-cache policy | awk '/prosody/{print$3}' | awk -F "/" 'NR==1{print$2}') +PROSODY_REPO="$(apt-cache policy | awk '/prosody/{print$3}' | awk -F "/" 'NR==1{print$2}')" PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" -CR=`echo $'\n> '` +NL="$(printf '\n ')" exit_ifinstalled() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " This instance already has $1 installed, exiting... Please try again on a clean system. @@ -53,11 +53,11 @@ rename_distro etiona bionic rename_distro nabia focal install_ifnot() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." else - echo -e "\n---- Installing $1 ----" - apt-get -yq2 install $1 + printf "\n---- Installing %s ----" "$1" + apt-get -yq2 install "$1" fi } check_serv() { @@ -68,19 +68,15 @@ The recommended setup is using NGINX, exiting... exit elif [ "$NGINX" -eq 1 ]; then -echo " -Webserver already installed! -" +printf "\nWebserver already installed!\n" else - echo " -Installing nginx webserver! -" + printf "\nInstalling nginx webserver!\n" install_ifnot nginx fi } check_snd_driver() { -echo -e "\n# Checking ALSA - Loopback module..." +printf "\n# Checking ALSA - Loopback module..." echo "snd-aloop" | tee -a /etc/modules modprobe snd-aloop if [ "$(lsmod|awk '/snd_aloop/{print$1}'|awk 'NR==1')" = "snd_aloop" ]; then @@ -96,16 +92,16 @@ else #-----------------------------------------------------------------------" #Test tool if [ "$MODE" = "debug" ]; then - bash $PWD/tools/test-jibri-env.sh -m debug + bash "$PWD"/tools/test-jibri-env.sh -m debug else - bash $PWD/tools/test-jibri-env.sh + bash "$PWD"/tools/test-jibri-env.sh fi read -n 1 -s -r -p "Press any key to continue..."$'\n' fi } # sed limiters for add-jibri-node.sh variables var_dlim() { - grep -n $1 add-jibri-node.sh|head -n1|cut -d ":" -f1 + grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1 } add_prosody_repo() { echo "Add Prosody repo" @@ -117,7 +113,7 @@ else fi } dpkg-compare() { -dpkg --compare-versions $(dpkg-query -f='${Version}' --show $1) $2 $3 +dpkg --compare-versions "$(dpkg-query -f='${Version}' --show "$1")" "$2" "$3" } wait_seconds() { secs=$(($1)) @@ -128,7 +124,7 @@ while [ $secs -gt 0 ]; do done } clear -echo -e ' +printf ' ######################################################################## Welcome to Jitsi/Jibri Installer ######################################################################## @@ -148,17 +144,17 @@ Wiki and documentation: https://github.com/switnet-ltd/quick-jibri-installer/wik read -n 1 -s -r -p "Press any key to continue..."$'\n' #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi + + printf "\nOS: %s" "$(lsb_release -sd)" if [ "$DIST" = "bionic" ] || \ [ "$DIST" = "focal" ]; then - echo "OS: $(lsb_release -sd)" - echo "Good, this is a supported platform!" + printf "\nGood, this is a supported platform!" else - echo "OS: $(lsb_release -sd)" - echo "Sorry, this platform is not supported... exiting" + printf "\nSorry, this platform is not supported... exiting" exit fi #Suggest 20.04 LTS release over 18.04 in April 2022 @@ -178,50 +174,46 @@ fi #Check system resources echo "Verifying System Resources:" if [ "$(nproc --all)" -lt 4 ];then - echo " -Warning!: The system do not meet the minimum CPU requirements for Jibri to run. ->> We recommend 4 cores/threads for Jibri! -" - CPU_MIN="N" + printf "\nWarning!: The system do not meet the minimum CPU requirements for Jibri to run." + printf "\n>> We recommend 4 cores/threads for Jibri!\n\n" + CPU_MIN="N" else - echo "CPU Cores/Threads: OK ($(nproc --all))" - CPU_MIN="Y" + printf "\nCPU Cores/Threads: OK (%s)\n\n" "$(nproc --all)" + CPU_MIN="Y" fi +sleep .1 ### Test RAM size (8GB min) ### -mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') -if [ ${mem_available} -lt 7700000 ]; then - echo " -Warning!: The system do not meet the minimum RAM requirements for Jibri to run. ->> We recommend 8GB RAM for Jibri! -" - MEM_MIN="N" +mem_available="$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+')" +if [ "$mem_available" -lt 7700000 ]; then + printf "\nWarning!: The system do not meet the minimum RAM requirements for Jibri to run." + printf "\n>> We recommend 8GB RAM for Jibri!\n\n" + MEM_MIN="N" else - echo "Memory: OK ($((mem_available/1024)) MiB)" - MEM_MIN="Y" + printf "\nMemory: OK (%s) MiB)\n\n" "$(mem_available/1024)" + MEM_MIN="Y" fi +sleep .1 if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then echo "All requirements seems meet!" - echo " - - We hope you have a nice recording/streaming session - " + printf "\n - We hope you have a nice recording/streaming session\n" else - echo "CPU ($(nproc --all))/RAM ($((mem_available/1024)) MiB) does NOT meet minimum recommended requirements!" - echo "Even when you can use the videoconferencing sessions, we advice to increase the resources in order to user Jibri." - while [[ "$CONTINUE_LOW_RES" != "yes" && "$CONTINUE_LOW_RES" != "no" ]] + printf "CPU (%s)/RAM (%s MiB) does NOT meet minimum recommended requirements!" "$(nproc --all)" "$((mem_available/1024))" + printf "\nEven when you can use the videoconferencing sessions, we advice to increase the resources in order to user Jibri.\n\n" + while [ "$CONTINUE_LOW_RES" != "yes" ] && [ "$CONTINUE_LOW_RES" != "no" ] do - read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_LOW_RES + read -p "> Do you want to continue?: (yes or no)$NL" -r CONTINUE_LOW_RES if [ "$CONTINUE_LOW_RES" = "no" ]; then - echo "See you next time with more resources!..." + echo " - See you next time with more resources!..." exit elif [ "$CONTINUE_LOW_RES" = "yes" ]; then - echo "We highly recommend to increase the server resources." - echo "Otherwise, please think about adding dedicated jibri nodes instead." + printf " - We highly recommend to increase the server resources." + printf " - Otherwise, please think about adding dedicated jibri nodes instead.\n" fi done fi - +sleep .1 if [ "$CONTINUE_LOW_RES" = "yes" ]; then -echo -e "\nThis server will likely have issues due the lack of resources. +echo 'This server will likely have issues due the lack of resources. If you plan to enable other components such as, - JRA via Nextcloud @@ -229,97 +221,106 @@ If you plan to enable other components such as, - Additional Jibri Nodes - others. -We higly recommend to increase resources of this server. +>>> We higly recommend to increase resources of this server. <<< For now we advice to disable the Jibri service locally and add an external Jibri node once this installation has finished, using our script: - >> add-jibri-node.sh - -So you can add a Jibri server on a instance with enough resources.\n" - - while [[ "$DISABLE_LOCAL_JIBRI" != "yes" && "$DISABLE_LOCAL_JIBRI" != "no" ]] + >> add-jibri-node.sh' +printf "\nSo you can add a Jibri server on a instance with enough resources.\n\n" +sleep .1 + while [ "$DISABLE_LOCAL_JIBRI" != "yes" ] && [ "$DISABLE_LOCAL_JIBRI" != "no" ] do - read -p "> Do you want to disable local jibri service?: (yes or no)"$'\n' -r DISABLE_LOCAL_JIBRI - if [ "$DISABLE_LOCAL_JIBRI" = "no" ]; then - echo -e "Please keep in mind that we might not support underpowered servers.\n" - elif [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then - echo -e "You can add dedicated jibri nodes later, see more at the wiki.\n" - fi + read -p "> Do you want to disable local jibri service?: (yes or no)$NL" -r DISABLE_LOCAL_JIBRI + if [ "$DISABLE_LOCAL_JIBRI" = "no" ]; then + printf " - Please keep in mind that we might not support underpowered servers.\n" + elif [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then + printf " - You can add dedicated jibri nodes later, see more at the wiki.\n" + fi done fi - +sleep .1 #Check system oriented porpuse -echo "Checking system oriented purpose.... -" apt-get -yq2 update SYSTEM_DE="$(apt-cache search "ubuntu-(desktop|mate-desktop)"|awk '{print$1}'|xargs|sed 's|$| trisquel triskel trisquel-mini|')" -SYSTEM_DE_ARRAY=( $SYSTEM_DE ) +SYSTEM_DE_ARRAY=( "$SYSTEM_DE" ) +printf "\nChecking for common desktop system oriented purpose....\n" for de in "${SYSTEM_DE_ARRAY[@]}" do - if [ "$(dpkg-query -W -f='${Status}' $de 2>/dev/null | grep -c "ok installed")" == "1" ]; then - echo -e "\n > This instance has $de installed, exiting... + if [ "$(dpkg-query -W -f='${Status}' "$de" 2>/dev/null | grep -c "ok installed")" == "1" ]; then + printf "\n > This instance has %s installed, exiting... \nPlease avoid using this installer on a desktop-user oriented GNU/Linux system. - This is an unsupported use, as it will likely BREAK YOUR SYSTEM, so please don't." + This is an unsupported use, as it will likely BREAK YOUR SYSTEM, so please don't." "$de" exit else - echo -e " > No standard desktop environment '$de' for user oriented porpuse detected, continuing..." + printf " > No standard desktop environment for user oriented porpuse detected, continuing...\n\n" fi done - +sleep .1 #Prosody repository add_prosody_repo - +sleep .1 # Jitsi-Meet Repo -echo -e "\nAdd Jitsi repo\n" +printf "\nAdd Jitsi repo\n" if [ "$JITSI_REPO" = "stable" ]; then - echo "Jitsi stable repository already installed" + printf " - Jitsi stable repository already installed\n\n" else echo 'deb http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - JITSI_REPO="stable" fi +sleep .1 #Default to LE SSL? -while [[ "$LE_SSL" != "yes" && "$LE_SSL" != "no" ]] +while [ "$LE_SSL" != "yes" ] && [ "$LE_SSL" != "no" ] do -read -p "> Do you plan to use Let's Encrypt SSL certs?: (yes or no)"$'\n' -r LE_SSL -if [ $LE_SSL = yes ]; then - echo "We'll default to Let's Encrypt SSL certs." +read -p "> Do you plan to use Let's Encrypt SSL certs?: (yes or no)$NL" -r LE_SSL +if [ "$LE_SSL" = yes ]; then + printf " - We'll setup Let's Encrypt SSL certs.\n\n" else - echo "We'll let you choose later on for it. - Please be aware that a valid SSL cert is required for some features to work properly." + printf " - We'll let you choose later on for it." + printf" Please be aware that a valid SSL cert is required for some features to work properly.\n\n" fi done +sleep .1 #Set domain -if [ "$LE_SSL" = "yes" ]; then - while [[ "$ANS_JD" != "yes" ]] +if [ "$LE_SSL" = "yes" ] +then + while [ "$ANS_JD" != "yes" ] do - read -p "> Please set your domain (or subdomain) here: (e.g.: jitsi.domain.com)"$'\n' -r JITSI_DOMAIN - read -p "> Did you mean?: $JITSI_DOMAIN (yes or no)"$'\n' -r ANS_JD - if [ "$ANS_JD" = "yes" ]; then - echo "Alright, let's use $JITSI_DOMAIN." + read -p "> Please set your domain (or subdomain) here: (e.g.: jitsi.domain.com)$NL" -r JITSI_DOMAIN + read -p " > Did you mean?: $JITSI_DOMAIN (yes or no)$NL" -r ANS_JD + if [ "$ANS_JD" = "yes" ] + then + echo " - Alright, let's use $JITSI_DOMAIN." else - echo "Please try again." + echo " - Please try again." fi done +sleep .1 + #Sysadmin email + while [ -z "$SYSADMIN_EMAIL" ] + do + read -p " > Set sysadmin email (this is a mandatory field):$NL" -r SYSADMIN_EMAIL + done +sleep .1 #Simple DNS test - if [ "$PUBLIC_IP" = "$(dig -4 +short $JITSI_DOMAIN||awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then - echo "Server public IP & DNS record for $JITSI_DOMAIN seems to match, continuing... -" + if [ "$PUBLIC_IP" = "$(dig -4 +short "$JITSI_DOMAIN"||awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then + printf "\nServer public IP & DNS record for %s seems to match, continuing..." "$JITSI_DOMAIN" else echo "Server public IP ($PUBLIC_IP) & DNS record for $JITSI_DOMAIN don't seem to match." echo " > Please check your dns records are applied and updated, otherwise components may fail." - read -p " > Do you want to continue?: (yes or no)"$'\n' -r DNS_CONTINUE + read -p " > Do you want to continue?: (yes or no)$NL" -r DNS_CONTINUE if [ "$DNS_CONTINUE" = "yes" ]; then echo " - We'll continue anyway..." else echo " - Exiting for now..." exit fi - fi + fi fi +sleep .1 # Requirements -echo -e "\nWe'll start by installing system requirements this may take a while please be patient...\n" +printf "\nWe'll start by installing system requirements this may take a while please be patient...\n" apt-get update -q2 apt-get dist-upgrade -yq2 @@ -348,15 +349,15 @@ apt-get -y install \ fi echo "# Check and Install HWE kernel if possible..." -HWE_VIR_MOD=$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)") +HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)")" if [ "$HWE_VIR_MOD" = "1" ]; then apt-get -y install \ - linux-image-generic-hwe-$(lsb_release -sr) \ - linux-tools-generic-hwe-$(lsb_release -sr) + linux-image-generic-hwe-"$(lsb_release -sr)" \ + linux-tools-generic-hwe-"$(lsb_release -sr)" else apt-get -y install \ linux-image-generic \ - linux-modules-extra-$(uname -r) + linux-modules-extra-"$(uname -r)" fi check_serv @@ -373,7 +374,7 @@ fi apt-get -y install \ jitsi-meet \ jibri \ - openjdk-8-jre-headless + openjdk-11-jre-headless # Fix RAND_load_file error #https://github.com/openssl/openssl/issues/7754#issuecomment-444063355 @@ -409,7 +410,7 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then else echo "Installing Google Chrome Stable" wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - - echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO + echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" fi apt-get -q2 update apt-get install -yq2 google-chrome-stable @@ -419,7 +420,7 @@ if [ -f /usr/local/bin/chromedriver ]; then echo "Chromedriver already installed." else echo "Installing Chromedriver" - wget -q https://chromedriver.storage.googleapis.com/$CHD_LTST/chromedriver_linux64.zip \ + wget -q https://chromedriver.storage.googleapis.com/"$CHD_LTST"/chromedriver_linux64.zip \ -O /tmp/chromedriver_linux64.zip unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/ chown root:root /usr/local/bin/chromedriver @@ -427,23 +428,19 @@ else rm -rf /tpm/chromedriver_linux64.zip fi -echo " -Check Google Software Working... -" +printf "\nCheck Google Software Working...\n" /usr/bin/google-chrome --version /usr/local/bin/chromedriver --version | awk '{print$1,$2}' -echo " -Remove Chrome warning... -" +printf "\nRemove Chrome warning...\n" mkdir -p /etc/opt/chrome/policies/managed -echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON +echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON" ## JMS system tune up if [ "$MODE" = "debug" ]; then - bash $PWD/mode/jms-stu.sh -m debug + bash "$PWD"/mode/jms-stu.sh -m debug else - bash $PWD/mode/jms-stu.sh + bash "$PWD"/mode/jms-stu.sh fi echo ' @@ -452,7 +449,7 @@ echo ' ######################################################################## ' # MEET / JIBRI SETUP -DOMAIN="$(find /etc/prosody/conf.d/ -name *.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" @@ -463,7 +460,7 @@ MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" JVB2_CONF="/etc/jitsi/videobridge/config" JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties" -DIR_RECORD=/var/jbrecord +DIR_RECORD="/var/jbrecord" REC_DIR="/home/jibri/finalize_recording.sh" JB_NAME="Jibri Sessions" LE_RENEW_LOG="/var/log/letsencrypt/renew.log" @@ -480,156 +477,134 @@ FQDN_HOST="fqdn" JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" # Rename hostname for jitsi server -while [[ "$FQDN_HOST" != "yes" && "$FQDN_HOST" != "no" && ! -z "$FQDN_HOST" ]] +while [ "$FQDN_HOST" != "yes" ] && [ "$FQDN_HOST" != "no" ] && [ -n "$FQDN_HOST" ] do - echo -e "> Set $DOMAIN as a fqdn hostname?: (yes or no)\n" && \ - read -p "Leave empty to default to your current one ($(hostname -f)): "$'\n' FQDN_HOST + printf "> Set %s as a fqdn hostname?: (yes or no)\n" "$DOMAIN" && \ + read -p "Leave empty to default to your current one ($(hostname -f)):$NL" -r FQDN_HOST if [ "$FQDN_HOST" = "yes" ]; then - echo "$DOMAIN will be used as fqdn hostname, changes will show on reboot." + printf " - %s will be used as fqdn hostname, changes will show on reboot.\n\n" "$DOMAIN" hostnamectl set-hostname "${DOMAIN}" sed -i "1i ${PUBLIC_IP} ${DOMAIN}" /etc/hosts else - echo "$(hostname -f) will be keep." + printf " - %s will be keep.\n\n" "$(hostname -f)" fi done - -#Sysadmin email -if [ "$LE_SSL" = "yes" ]; then - while [[ -z $SYSADMIN_EMAIL ]] - do - read -p "Set sysadmin email (this is a mandatory field):"$'\n' -r SYSADMIN_EMAIL - done -fi +sleep .1 #Language echo "## Setting up Jitsi Meet language ## You can define the language, for a complete list of the supported languages See here: -https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json - -Jitsi Meet web interface will be set to use such language." -read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r JB_LANG -echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n" +https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json" +printf "Jitsi Meet web interface will be set to use such language.\n\n" +sleep .1 +read -p "Please set your language (Press enter to default to 'en'):$NL" -r JB_LANG +sleep .1 +printf "\nWe'll take a minute to localize some UI excerpts if you need.\n\n" +sleep .1 #Participant -echo -e "> Do you want to translate 'Participant' to your own language?" && \ -read -p "Leave empty to use the default one (English): "$'\n' L10N_PARTICIPANT +printf "> Do you want to translate 'Participant' to your own language?\n" +sleep .1 +read -p "Leave empty to use the default one (English):$NL" -r L10N_PARTICIPANT +sleep .1 #Me -echo -e "\n> Do you want to translate 'me' to your own language? +printf "\n> Do you want to translate 'me' to your own language? This must be a really small word to present one self. -Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" && \ -read -p "Leave empty to use the default one (English): "$'\n' L10N_ME +Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" +sleep .1 +read -p "Leave empty to use the default one (English):$NL" -r L10N_ME #Drop unsecure TLS -while [[ "$DROP_TLS1" != "yes" && "$DROP_TLS1" != "no" ]] +while [ "$DROP_TLS1" != "yes" ] && [ "$DROP_TLS1" != "no" ] do - read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1 + read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)$NL" -r DROP_TLS1 if [ "$DROP_TLS1" = "no" ]; then - echo "TLSv1.0/1.1 will remain." + printf " - TLSv1.0/1.1 will remain.\n\n" elif [ "$DROP_TLS1" = "yes" ]; then - echo "TLSv1.0/1.1 will be dropped" + printf " - TLSv1.0/1.1 will be dropped\n\n" fi done -#Dropbox -- no longer requirement for localrecording -#while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]] -#do -#read -p "> Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB -#if [ $ENABLE_DB = no ]; then -# echo "Dropbox won't be enable" -#elif [ $ENABLE_DB = yes ]; then -# read -p "Please set your Dropbox App key: "$'\n' -r DB_CID -#fi -#done +sleep .1 #Brandless Mode -while [[ "$ENABLE_BLESSM" != "yes" && "$ENABLE_BLESSM" != "no" ]] +while [ "$ENABLE_BLESSM" != "yes" ] && [ "$ENABLE_BLESSM" != "no" ] do - read -p "> Do you want to install customized \"brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM + read -p "> Do you want to install customized \"brandless mode\"?: (yes or no)$NL" -r ENABLE_BLESSM if [ "$ENABLE_BLESSM" = "no" ]; then - echo "Brandless mode won't be set." + printf " - Brandless mode won't be set.\n\n" elif [ "$ENABLE_BLESSM" = "yes" ]; then - echo "Brandless mode will be set." + printf " - Brandless mode will be set.\n\n" fi done +sleep .1 #Welcome Page -while [[ "$ENABLE_WELCP" != "yes" && "$ENABLE_WELCP" != "no" ]] +while [ "$ENABLE_WELCP" != "yes" ] && [ "$ENABLE_WELCP" != "no" ] do - read -p "> Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP + read -p "> Do you want to disable the Welcome page: (yes or no)$NL" -r ENABLE_WELCP if [ "$ENABLE_WELCP" = "yes" ]; then - echo "Welcome page will be disabled." + printf " - Welcome page will be disabled.\n\n" elif [ "$ENABLE_WELCP" = "no" ]; then - echo "Welcome page will be enabled." + printf " - Welcome page will be enabled.\n\n" fi done +sleep .1 #Close page -while [[ "$ENABLE_CLOCP" != "yes" && "$ENABLE_CLOCP" != "no" ]] +while [ "$ENABLE_CLOCP" != "yes" ] && [ "$ENABLE_CLOCP" != "no" ] do - read -p "> Do you want to enable the close page on room exit: (yes or no)"$'\n' -r ENABLE_CLOCP + read -p "> Do you want to enable the close page on room exit: (yes or no)$NL" -r ENABLE_CLOCP if [ "$ENABLE_CLOCP" = "yes" ]; then - echo "Close page will be enabled." + printf " - Close page will be enabled.\n\n" elif [ "$ENABLE_CLOCP" = "no" ]; then - echo "Close page will be kept disabled." + printf " - Close page will be kept disabled.\n\n" fi done -#Enable static avatar -while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] -do - read -p "> (Legacy) Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA - if [ "$ENABLE_SA" = "no" ]; then - echo "Static avatar won't be enabled" - elif [ "$ENABLE_SA" = "yes" ]; then - echo "Static avatar will be enabled" - fi -done - +sleep .1 # Set authentication method -echo " -> Jitsi Meet Auth Method selection. -" +printf "\n> Jitsi Meet Auth Method selection.\n" PS3='Select the authentication method for your Jitsi Meet instance: ' options=("Local" "JWT" "None") select opt in "${options[@]}" do case $opt in "Local") - echo -e "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording.\n" + printf "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording.\n" ENABLE_SC="yes" break ;; "JWT") - echo -e "\n > A external app manage the token usage/creation, like RocketChat does.\n" + printf "\n > A external app manage the token usage/creation, like RocketChat does.\n" ENABLE_JWT="yes" break ;; "None") - echo -e "\n > Everyone can access the room as moderators as there is no auth mechanism.\n" + printf "\n > Everyone can access the room as moderators as there is no auth mechanism.\n" break ;; *) echo "Invalid option $REPLY, choose 1, 2 or 3";; esac done - +sleep .1 # Set jibris default resolution -echo " -> What jibri resolution should be the default for this and all the following jibri nodes? -" +printf "\n> What jibri resolution should be the default for this and all the following jibri nodes?\n" PS3='The more resolution the more resources jibri will require to record properly: ' jib_res=("HD 720" "FHD 1080") select res in "${jib_res[@]}" do case $res in "HD 720") - echo -e "\n > HD (1280x720) is good enough for most cases, and requires a moderate high hw requirements.\n" + printf "\n > HD (1280x720) is good enough for most cases, and requires a moderate high hw requirements.\n\n" JIBRI_RES="720" break ;; "FHD 1080") - echo -e "\n > Full HD (1920x1080) is the best resolution available, it also requires high hw requirements.\n" + printf "\n > Full HD (1920x1080) is the best resolution available, it also requires high hw requirements.\n\n" JIBRI_RES="1080" break ;; - *) echo "Invalid option «$REPLY», choose 1 or 2";; + *) printf "\nInvalid option «%s», choose 1 or 2\n\n" "$REPLY" + ;; esac done - +sleep .1 if [ "$JIBRI_RES" = "720" ]; then JIBRI_RES_CONF="\"1280x720\"" JIBRI_RES_XORG_CONF="1280 720" @@ -641,57 +616,60 @@ if [ "$JIBRI_RES" = "1080" ]; then fi #Jibri Records Access (JRA) via Nextcloud -while [[ "$ENABLE_NC_ACCESS" != "yes" && "$ENABLE_NC_ACCESS" != "no" ]] +while [ "$ENABLE_NC_ACCESS" != "yes" ] && [ "$ENABLE_NC_ACCESS" != "no" ] do read -p "> Do you want to setup Jibri Records Access via Nextcloud: (yes or no) -( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_NC_ACCESS +( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )$NL" -r ENABLE_NC_ACCESS if [ "$ENABLE_NC_ACCESS" = "no" ]; then - echo -e "-- JRA via Nextcloud won't be enabled.\n" + printf " - JRA via Nextcloud won't be enabled.\n\n" elif [ "$ENABLE_NC_ACCESS" = "yes" ]; then - echo -e "-- JRA via Nextcloud will be enabled.\n" + printf " - JRA via Nextcloud will be enabled.\n\n" fi done +sleep .1 #Jigasi -if [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "404" ]; then - echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd), - thus, Jigasi Transcript can't be enable. -" -elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; then - while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] +if [ "$(curl -s -o /dev/null -w "%{http_code}" "$GC_SDK_REL_FILE" )" == "404" ]; then + printf "> Sorry Google SDK doesn't have support yet for %s, + thus, Jigasi Transcript can't be enable.\n\n" "$(lsb_release -sd)" +elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$GC_SDK_REL_FILE" )" == "200" ]; then + while [ "$ENABLE_TRANSCRIPT" != "yes" ] && [ "$ENABLE_TRANSCRIPT" != "no" ] do read -p "> Do you want to setup Jigasi Transcription: (yes or no) -( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_TRANSCRIPT +( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )$NL" -r ENABLE_TRANSCRIPT if [ "$ENABLE_TRANSCRIPT" = "no" ]; then - echo -e "-- Jigasi Transcription won't be enabled.\n" + printf " - Jigasi Transcription won't be enabled.\n\n" elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then - echo -e "-- Jigasi Transcription will be enabled.\n" + printf " - Jigasi Transcription will be enabled.\n\n" fi done else echo "No valid option for Jigasi. Please report this to -https://github.com/switnet-ltd/quick-jibri-installer/issues " +https://github.com/switnet-ltd/quick-jibri-installer/issues" fi +sleep .1 #Grafana -while [[ "$ENABLE_GRAFANA_DSH" != "yes" && "$ENABLE_GRAFANA_DSH" != "no" ]] +while [ "$ENABLE_GRAFANA_DSH" != "yes" ] && [ "$ENABLE_GRAFANA_DSH" != "no" ] do read -p "> Do you want to setup Grafana Dashboard: (yes or no) -( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_GRAFANA_DSH +( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )$NL" -r ENABLE_GRAFANA_DSH if [ "$ENABLE_GRAFANA_DSH" = "no" ]; then - echo -e "-- Grafana Dashboard won't be enabled.\n" + printf " - Grafana Dashboard won't be enabled.\n\n" elif [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then - echo -e "-- Grafana Dashboard will be enabled. \n" + printf " - Grafana Dashboard will be enabled.\n\n" fi done +sleep .1 #Docker Etherpad -while [[ "$ENABLE_DOCKERPAD" != "yes" && "$ENABLE_DOCKERPAD" != "no" ]] +while [ "$ENABLE_DOCKERPAD" != "yes" ] && [ "$ENABLE_DOCKERPAD" != "no" ] do -read -p "> Do you want to setup Docker Etherpad: (yes or no)"$'\n' -r ENABLE_DOCKERPAD +read -p "> Do you want to setup Docker Etherpad: (yes or no)$NL" -r ENABLE_DOCKERPAD if [ "$ENABLE_DOCKERPAD" = "no" ]; then - echo -e "-- Docker Etherpad won't be enabled.\n" + printf " - Docker Etherpad won't be enabled.\n" elif [ "$ENABLE_DOCKERPAD" = "yes" ]; then - echo -e "-- Docker Etherpad will be enabled.\n" + printf " - Docker Etherpad will be enabled.\n" fi done +sleep .1 #Start configuration echo ' ######################################################################## @@ -701,17 +679,16 @@ echo ' JibriBrewery=JibriBrewery INT_CONF="/usr/share/jitsi-meet/interface_config.js" INT_CONF_ETC="/etc/jitsi/meet/$DOMAIN-interface_config.js" -WAN_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) ssl_wa() { if [ "$LE_SSL" = "yes" ]; then - systemctl stop $1 - letsencrypt certonly --standalone --renew-by-default --agree-tos --email $5 -d $6 - sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" $4 - sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" $4 - systemctl restart $1 + systemctl stop "$1" + letsencrypt certonly --standalone --renew-by-default --agree-tos --email "$5" -d "$6" + sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" "$4" + sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" "$4" + systemctl restart "$1" #Add cron - if [ $(crontab -l|sed 's|#.*$||g'|grep -c 'weekly certbot renew') = 0 ];then + if [ "$(crontab -l|sed 's|#.*$||g'|grep -c 'weekly certbot renew')" = 0 ];then crontab -l | { cat; echo "@weekly certbot renew --${2} > $LE_RENEW_LOG 2>&1"; } | crontab - else echo "Crontab seems to be already in place, skipping." @@ -732,17 +709,17 @@ if [ "$LE_SSL" = "yes" ]; then echo "#Set and upgrade certbot PPA if posssible..." if [ "$CERTBOT_REPO" = "certbot" ]; then - echo -e "\nCertbot repository already on the system!\nChecking for updates...\n" + printf "\nCertbot repository already on the system!\nChecking for updates...\n" apt-get -q2 update apt-get -yq2 dist-upgrade - elif [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "200" ]; then - echo -e "\nAdding cerbot (formerly letsencrypt) PPA repository for latest updates\n" + elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$CERTBOT_REL_FILE" )" == "200" ]; then + printf "\nAdding cerbot (formerly letsencrypt) PPA repository for latest updates\n" echo "deb http://ppa.launchpad.net/certbot/certbot/ubuntu $DIST main" > /etc/apt/sources.list.d/certbot.list apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 75BCA694 apt-get -q2 update apt-get -yq2 dist-upgrade - elif [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "404" ]; then - echo -e "\nCertbot PPA is not available for $(lsb_release -sc) just yet, it won't be installed...\n" + elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$CERTBOT_REL_FILE" )" == "404" ]; then + printf "\nCertbot PPA is not available for %s just yet, it won't be installed...\n" "$(lsb_release -sc)" fi else echo "SSL setup will be skipped." @@ -773,18 +750,19 @@ sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communi # Configure Jibri if [ "$ENABLE_SC" = "yes" ]; then - if [ ! -f $MOD_LIST_FILE ]; then - echo -e "\n-> Adding external module to list prosody users...\n" - curl -s $MOD_LISTU > $MOD_LIST_FILE + if [ ! -f "$MOD_LIST_FILE" ]; then + printf "\n-> Adding external module to list prosody users...\n" + curl -s "$MOD_LISTU" > "$MOD_LIST_FILE" - echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" + printf "Now you can check registered users with:\nprosodyctl mod_listusers\n" else - echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" + printf "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" fi fi +sleep .1 #Enable jibri recording -cat << REC-JIBRI >> $PROSODY_FILE +cat << REC-JIBRI >> "$PROSODY_FILE" VirtualHost "recorder.$DOMAIN" modules_enabled = { @@ -795,29 +773,29 @@ VirtualHost "recorder.$DOMAIN" REC-JIBRI #Enable Jibri withelist -sed -i "s|-- muc_lobby_whitelist|muc_lobby_whitelist|" $PROSODY_FILE +sed -i "s|-- muc_lobby_whitelist|muc_lobby_whitelist|" "$PROSODY_FILE" #Fix Jibri conectivity issues -sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS +sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" "$PROSODY_SYS" sed -i "/c2s_require_encryption = false/a \\ \\ -consider_bosh_secure = true" $PROSODY_SYS +consider_bosh_secure = true" "$PROSODY_SYS" -if [ ! -z $L10N_PARTICIPANT ]; then +if [ -n "$L10N_PARTICIPANT" ]; then sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh fi -if [ ! -z $L10N_ME ]; then +if [ -n "$L10N_ME" ]; then sed -i "s|LOCAL_USER=.*|LOCAL_USER=\"$L10N_ME\"|" jm-bm.sh fi ### Prosody users -prosodyctl register jibri auth.$DOMAIN $JB_AUTH_PASS -prosodyctl register recorder recorder.$DOMAIN $JB_REC_PASS +prosodyctl register jibri auth."$DOMAIN" "$JB_AUTH_PASS" +prosodyctl register recorder recorder."$DOMAIN" "$JB_REC_PASS" ## JICOFO # /etc/jitsi/jicofo/sip-communicator.properties -cat << BREWERY >> $JICOFO_SIP +cat << BREWERY >> "$JICOFO_SIP" #org.jitsi.jicofo.auth.URL=XMPP:$DOMAIN #org.jitsi.jicofo.auth.URL=EXT_JWT:$DOMAIN org.jitsi.jicofo.jibri.BREWERY=$JibriBrewery@internal.auth.$DOMAIN @@ -826,40 +804,31 @@ org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90 BREWERY # Jibri tweaks for /etc/jitsi/meet/$DOMAIN-config.js -sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" $MEET_CONF -sed -i "s|// fileRecordingsEnabled: false,|fileRecordingsEnabled: true,| " $MEET_CONF +sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" "$MEET_CONF" +sed -i "s|// fileRecordingsEnabled: false,|fileRecordingsEnabled: true,| " "$MEET_CONF" sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\ \\ - hiddenDomain: \'recorder.$DOMAIN\',|" $MEET_CONF - -#Dropbox feature -#if [ "$ENABLE_DB" = "yes" ]; then -#DB_STR=$(grep -n "dropbox:" $MEET_CONF | cut -d ":" -f1) -#DB_END=$((DB_STR + 10)) -#sed -i "$DB_STR,$DB_END{s|// dropbox: {|dropbox: {|}" $MEET_CONF -#sed -i "$DB_STR,$DB_END{s|// appKey: ''|appKey: \'$DB_CID\'|}" $MEET_CONF -#sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF -#fi + hiddenDomain: \'recorder.$DOMAIN\',|" "$MEET_CONF" #Setup main language -if [ -z $JB_LANG ] || [ "$JB_LANG" = "en" ]; then +if [ -z "$JB_LANG" ] || [ "$JB_LANG" = "en" ]; then echo "Leaving English (en) as default language..." - sed -i "s|// defaultLanguage: 'en',|defaultLanguage: 'en',|" $MEET_CONF + sed -i "s|// defaultLanguage: 'en',|defaultLanguage: 'en',|" "$MEET_CONF" else echo "Changing default language to: $JB_LANG" - sed -i "s|// defaultLanguage: 'en',|defaultLanguage: \'$JB_LANG\',|" $MEET_CONF + sed -i "s|// defaultLanguage: 'en',|defaultLanguage: \'$JB_LANG\',|" "$MEET_CONF" fi # Recording directory -if [ ! -d $DIR_RECORD ]; then - mkdir $DIR_RECORD +if [ ! -d "$DIR_RECORD" ]; then + mkdir "$DIR_RECORD" fi -chown -R jibri:jibri $DIR_RECORD +chown -R jibri:jibri "$DIR_RECORD" -cat << REC_DIR > $REC_DIR +cat << REC_DIR > "$REC_DIR" #!/bin/bash -RECORDINGS_DIR=$DIR_RECORD +RECORDINGS_DIR="$DIR_RECORD" echo "This is a dummy finalize script" > /tmp/finalize.out echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out @@ -875,12 +844,12 @@ mv \$LJF_PATH \$NJF_PATH exit 0 REC_DIR -chown jibri:jibri $REC_DIR -chmod +x $REC_DIR +chown jibri:jibri "$REC_DIR" +chmod +x "$REC_DIR" ## New Jibri Config (2020) -mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file -cat << NEW_CONF > $JIBRI_CONF +mv "$JIBRI_CONF" ${JIBRI_CONF}-dpkg-file +cat << NEW_CONF > "$JIBRI_CONF" // New XMPP environment config. jibri { streaming { @@ -927,8 +896,8 @@ jibri { default-call-empty-timeout = 30 seconds } recording { - recordings-directory = $DIR_RECORD - finalize-script = $REC_DIR + recordings-directory = "$DIR_RECORD" + finalize-script = "$REC_DIR" } api { xmpp { @@ -993,14 +962,14 @@ jibri { NEW_CONF #Jibri xorg resolution -sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" $JIBRI_XORG_CONF +sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF" #Create receiver user -useradd -m -g jibri $MJS_USER +useradd -m -g jibri "$MJS_USER" echo "$MJS_USER:$MJS_USER_PASS" | chpasswd #Create ssh key and restrict connections -sudo su $MJS_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +sudo su "$MJS_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" #Allow password authentication sed -i "s|PasswordAuthentication .*|PasswordAuthentication yes|" /etc/ssh/sshd_config systemctl restart sshd @@ -1022,7 +991,7 @@ echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LET #-- Setting variables for add-jvb2-node.sh g_conf_value() { - grep "$1" $JVB2_CONF|sed "s|$1||" + grep "$1" "$JVB2_CONF"|sed "s|$1||" } JVB_HOSTNAME=$(g_conf_value JVB_HOSTNAME=) JVB_HOST=$(g_conf_value JVB_HOST=) @@ -1032,7 +1001,7 @@ JVB_OPTS=$(g_conf_value JVB_OPTS=) JAVA_SYS_PROPS=$(g_conf_value JAVA_SYS_PROPS=) g_sip_value() { - grep "$1" $JVB2_SIP |cut -d "=" -f2 + grep "$1" "$JVB2_SIP" |cut -d "=" -f2 } DISABLE_AWS_HARVESTER=$(g_sip_value DISABLE_AWS_HARVESTER=) STUN_MAPPING_HARVESTER_ADDRESSES=$(g_sip_value STUN_MAPPING_HARVESTER_ADDRESSES=) @@ -1066,70 +1035,70 @@ sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jvb2-node.sh ##-- #Tune webserver for Jitsi App control -if [ -f $WS_CONF ]; then - sed -i "/# ensure all static content can always be found first/i \\\n" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ location = \/external_api.min.js {" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \\\n" $WS_CONF +if [ -f "$WS_CONF" ]; then + sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ location = \/external_api.min.js {" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF" systemctl reload nginx else echo "No app configuration done to server file, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues" fi #Static avatar -if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then +if [ "$ENABLE_SA" = "yes" ] && [ -f "$WS_CONF" ]; then cp images/avatar2.png /usr/share/jitsi-meet/images/ - sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" $WS_CONF - sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" $WS_CONF + sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" "$WS_CONF" + sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" "$WS_CONF" sed -i "/location \/external_api.min.js/i \ \ \ \ }\\ -\ " $WS_CONF - sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF - sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF +\ " "$WS_CONF" + sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" "$INT_CONF" + sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" "$INT_CONF" fi #nginx -tlsv1/1.1 if [ "$DROP_TLS1" = "yes" ];then - echo -e "\nDropping TLSv1/1.1\n" + printf "\nDropping TLSv1/1.1\\nn" sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf elif [ "$DROP_TLS1" = "no" ];then - echo -e "\nNo TLSv1/1.1 dropping was done.\n" + printf "\nNo TLSv1/1.1 dropping was done.\n\n" else echo "No condition meet, please report to https://github.com/switnet-ltd/quick-jibri-installer/issues " fi - +sleep .1 #================== Setup prosody conf file ================= ###Setup secure rooms if [ "$ENABLE_SC" = "yes" ]; then - SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | awk -F ':' 'NR==1{print$1}') + SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" "$PROSODY_FILE" | awk -F ':' 'NR==1{print$1}') SRP_END=$((SRP_STR + 10)) - sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_hashed\"|}" $PROSODY_FILE - sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF + sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_hashed\"|}" "$PROSODY_FILE" + sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" "$MEET_CONF" #Secure room initial user - read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER - read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS - prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS - - echo -e "\nSecure rooms are being enabled..." + read -p "Set username for secure room moderator:$NL" -r SEC_ROOM_USER + read -p "Secure room moderator password:$NL" -r SEC_ROOM_PASS + prosodyctl register "$SEC_ROOM_USER" "$DOMAIN" "$SEC_ROOM_PASS" +sleep .1 + printf "\nSecure rooms are being enabled...\n" echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." - sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP + sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" "$JICOFO_SIP" sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh fi - +sleep .1 ###JWT if [ "$ENABLE_JWT" = "yes" ]; then - echo -e "\nJWT auth is being setup..." - bash $PWD/mode/jwt.sh + printf "\nJWT auth is being setup...\n" + bash "$PWD"/mode/jwt.sh fi - +sleep .1 #Guest allow #Change back lobby - https://community.jitsi.org/t/64769/136 if [ "$ENABLE_SC" = "yes" ];then - cat << P_SR >> $PROSODY_FILE + cat << P_SR >> "$PROSODY_FILE" -- #Change back lobby - https://community.jitsi.org/t/64769/136 VirtualHost "guest.$DOMAIN" authentication = "anonymous" @@ -1147,60 +1116,58 @@ fi #====================== # Custom settings #Start with video muted by default -sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF +sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" "$MEET_CONF" #Start with audio muted but admin -sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" $MEET_CONF +sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" "$MEET_CONF" #Disable/enable welcome page if [ "$ENABLE_WELCP" = "yes" ]; then - sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" $MEET_CONF + sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" "$MEET_CONF" elif [ "$ENABLE_WELCP" = "no" ]; then - sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" $MEET_CONF + sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" "$MEET_CONF" fi #Enable close page if [ "$ENABLE_CLOCP" = "yes" ]; then - sed -i "s|.*enableClosePage:.*| enableClosePage: true,|" $MEET_CONF + sed -i "s|.*enableClosePage:.*| enableClosePage: true,|" "$MEET_CONF" elif [ "$ENABLE_CLOCP" = "no" ]; then - sed -i "s|.*enableClosePage:.*| enableClosePage: false,|" $MEET_CONF + sed -i "s|.*enableClosePage:.*| enableClosePage: false,|" "$MEET_CONF" fi #Add pre-join screen by default, since it improves YouTube autoplay capabilities #pre-join screen by itself don't require autorization by moderator, don't confuse with lobby which does. -sed -i "s|// prejoinPageEnabled:.*|prejoinPageEnabled: true,|" $MEET_CONF +sed -i "s|// prejoinPageEnabled:.*|prejoinPageEnabled: true,|" "$MEET_CONF" #Set HD resolution and widescreen format -sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 720," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 720," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 720," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 1280," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 1280," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" $MEET_CONF +sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 720," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 720," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 720," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 1280," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 1280," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" "$MEET_CONF" #Check config file -echo -e "\n# Checking $MEET_CONF file for errors\n" -CHECKJS=$(esvalidate $MEET_CONF| cut -d ":" -f2) -if [[ -z "$CHECKJS" ]]; then - echo -e "\n# The $MEET_CONF configuration seems correct. =)\n" +printf "\n# Checking %s file for errors\n" "$MEET_CONF" +CHECKJS=$(esvalidate "$MEET_CONF"| cut -d ":" -f2) +if [ -z "$CHECKJS" ]; then + printf "\n# The %s configuration seems correct. =)\n" "$MEET_CONF" else - echo " -Watch out!, there seems to be an issue on $MEET_CONF line: + echo -e "\nWatch out!, there seems to be an issue on $MEET_CONF line: $CHECKJS Most of the times this is due upstream changes, please report to -https://github.com/switnet-ltd/quick-jibri-installer/issues -" +https://github.com/switnet-ltd/quick-jibri-installer/issues\n" fi #Enable jibri services @@ -1214,7 +1181,7 @@ if [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then systemctl disable jibri-xorg systemctl disable jibri-icewm # Manually apply permissions since finalize_recording.sh won't be triggered under this server options. - chmod -R 770 $DIR_RECORD + chmod -R 770 "$DIR_RECORD" fi enable_letsencrypt @@ -1225,7 +1192,7 @@ chmod -R 650 /etc/prosody/certs/ #SSL workaround if [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then - ssl_wa nginx nginx $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN + ssl_wa nginx nginx "$DOMAIN" "$WS_CONF" "$SYSADMIN_EMAIL" "$DOMAIN" install_ifnot python3-certbot-nginx else echo "No webserver found please report." @@ -1234,19 +1201,20 @@ fi if [ "$ENABLE_BLESSM" = "yes" ]; then echo "Custom brandless mode will be enabled." sed -i "s|ENABLE_BLESSM=.*|ENABLE_BLESSM=\"on\"|" jitsi-updater.sh - bash $PWD/jm-bm.sh + bash "$PWD"/jm-bm.sh fi + # Applying best practives for interface config.js -echo -e "\n> Setting up custom interface_config.js according to best practices." +printf "\n> Setting up custom interface_config.js according to best practices." cp "$INT_CONF" "$INT_CONF_ETC" #Tune webserver for interface_config.js -if [ -f $WS_CONF ]; then - sed -i "/external_api.js/i \\\n" $WS_CONF - sed -i "/external_api.js/i \ \ \ \ location = \/interface_config.js {" $WS_CONF - sed -i "/external_api.js/i \ \ \ \ \ \ \ \ alias \/etc\/jitsi\/meet\/$DOMAIN-interface_config.js;" $WS_CONF - sed -i "/external_api.js/i \ \ \ \ }" $WS_CONF - sed -i "/external_api.js/i \\\n" $WS_CONF +if [ -f "$WS_CONF" ]; then + sed -i "/external_api.js/i \\\n" "$WS_CONF" + sed -i "/external_api.js/i \ \ \ \ location = \/interface_config.js {" "$WS_CONF" + sed -i "/external_api.js/i \ \ \ \ \ \ \ \ alias \/etc\/jitsi\/meet\/$DOMAIN-interface_config.js;" "$WS_CONF" + sed -i "/external_api.js/i \ \ \ \ }" "$WS_CONF" + sed -i "/external_api.js/i \\\n" "$WS_CONF" systemctl reload nginx else echo "No interface_config.js configuration done to server file, please report to: @@ -1254,43 +1222,35 @@ else fi #JRA via Nextcloud if [ "$ENABLE_NC_ACCESS" = "yes" ]; then - echo -n "\nJRA via Nextcloud will be enabled." + printf "\nJRA via Nextcloud will be enabled." if [ "$MODE" = "debug" ]; then - bash $PWD/jra_nextcloud.sh -m debug + bash "$PWD"/jra_nextcloud.sh -m debug else - bash $PWD/jra_nextcloud.sh + bash "$PWD"/jra_nextcloud.sh fi fi -} > >(tee -a qj-installer.log) 2> >(tee -a qj-installer.log >&2) -#Jigasi Transcript -if [ "$ENABLE_TRANSCRIPT" = "yes" ]; then - echo -e "\nJigasi Transcription will be enabled." - # ToDo: Analyze behavior on debug - #if [ "$MODE" = "debug" ]; then - # bash $PWD/jigasi.sh -m debug - #else - bash $PWD/jigasi.sh - #fi -fi -{ +sleep .1 + #Grafana Dashboard if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then - echo -e "\nGrafana Dashboard will be enabled." + printf "\nGrafana Dashboard will be enabled." if [ "$MODE" = "debug" ]; then - bash $PWD/grafana.sh -m debug + bash "$PWD"/grafana.sh -m debug else - bash $PWD/grafana.sh + bash "$PWD"/grafana.sh fi fi +sleep .1 #Docker Etherpad if [ "$ENABLE_DOCKERPAD" = "yes" ]; then - echo -e "\nDocker Etherpad will be enabled." + printf "\nDocker Etherpad will be enabled." if [ "$MODE" = "debug" ]; then - bash $PWD/etherpad-docker.sh -m debug + bash "$PWD"/etherpad-docker.sh -m debug else - bash $PWD/etherpad-docker.sh + bash "$PWD"/etherpad-docker.sh fi fi +sleep .1 #Prevent JMS conecction issue if [ -z "$(awk "/127.0.0.1/&&/$DOMAIN/{print\$1}" /etc/hosts)" ];then sed -i "/127.0.0.1/a \\ diff --git a/tools/aws-grub-setup.sh b/tools/aws-grub-setup.sh index 409bb4a..f485fdb 100644 --- a/tools/aws-grub-setup.sh +++ b/tools/aws-grub-setup.sh @@ -3,12 +3,20 @@ # SwITNet Ltd © - 2022, https://switnet.net/ # GPLv3 or later. -#### -# NOTE: Only use this script if you know what you are doing. -# Under your own risk. -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY. -#### +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + wait_seconds() { secs=$(($1)) while [ $secs -gt 0 ]; do @@ -18,8 +26,15 @@ while [ $secs -gt 0 ]; do done } +echo "#### +# WARNING: Only use this script if you know what you are doing. +# Under your own risk. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY. +####" + # Check if user is root -if [ $UID != 0 ]; then +if [ "$UID" != 0 ]; then echo You need to run this script as root or sudo rights! exit 1 fi @@ -30,36 +45,36 @@ GRUB_FILE="/etc/default/grub" echo -e "# Check and update HWE kernel if possible...\n" apt-get -q2 update -HWE_VIR_MOD=$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)") +HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")" if [ "$HWE_VIR_MOD" = "1" ]; then apt-get -y install \ - linux-image-generic-hwe-$(lsb_release -sr) \ - linux-tools-generic-hwe-$(lsb_release -sr) + linux-image-generic-hwe-"$(lsb_release -sr)" \ + linux-tools-generic-hwe-"$(lsb_release -sr)" else apt-get -y install \ linux-image-generic \ - linux-modules-extra-$(uname -r) + linux-modules-extra-"$(uname -r)" fi apt-get -y autoremove apt-get autoclean #Write update-grub output -update-grub > $KERNEL_LOG 2>&1 +update-grub > "$KERNEL_LOG" 2>&1 #Get clean output -cat $KERNEL_LOG | awk -F'boot/' '{print$2}'|sed '/^[[:space:]]*$/d' | \ -tee ${KERNEL_LOG}.tmp -mv ${KERNEL_LOG}.tmp $KERNEL_LOG +awk -F'boot/' '{print$2}' < "$KERNEL_LOG"|sed '/^[[:space:]]*$/d' | \ +tee "$KERNEL_LOG".tmp +mv "$KERNEL_LOG".tmp "$KERNEL_LOG" echo -e "Check if AWS kernel is installed.\n" -[ $(grep -wc aws $KERNEL_LOG) = 0 ] && echo "No AWS kernel found, exiting..." && exit +[ "$(grep -wc aws "$KERNEL_LOG")" = 0 ] && echo "No AWS kernel found, exiting..." && exit #Get kernel number -RAW_KERNEL_NUM="$(grep -Fn generic $KERNEL_LOG|head -n1|cut -d ':' -f1)" +RAW_KERNEL_NUM="$(grep -Fn generic "$KERNEL_LOG"|head -n1|cut -d ':' -f1)" FIXED_KERNEL_NUM="$(awk "BEGIN{ print $RAW_KERNEL_NUM - 1 }")" echo -e "Set up GRUB for custom kernel.\n" -sed -i "s|GRUB_DEFAULT=.*|GRUB_DEFAULT=\"1\>$FIXED_KERNEL_NUM\"|" $GRUB_FILE +sed -i "s|GRUB_DEFAULT=.*|GRUB_DEFAULT=\"1\>$FIXED_KERNEL_NUM\"|" "$GRUB_FILE" echo -e "Saving changes...\n" update-grub diff --git a/tools/fail2ban_ssh.sh b/tools/fail2ban_ssh.sh index 84257a0..6e03f03 100644 --- a/tools/fail2ban_ssh.sh +++ b/tools/fail2ban_ssh.sh @@ -1,6 +1,6 @@ #!/bin/bash # Simple Fail2ban configuration -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GNU GPLv3 or later. while getopts m: option @@ -8,7 +8,7 @@ do case "${option}" in m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./fail2ban_ssh.sh [-m debug]" && exit;; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; esac done @@ -18,7 +18,7 @@ set -x fi #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -27,8 +27,8 @@ apt-get -y install fail2ban if \ [ -f /var/log/ssh_f2b.log ] && \ -[ $(grep -c 604800 /etc/fail2ban/jail.local) = "1" ] && \ -[ $(grep -c ssh_f2b.log /etc/fail2ban/jail.local) = "1"]; then +[ "$(grep -c 604800 /etc/fail2ban/jail.local)" = "1" ] && \ +[ "$(grep -c ssh_f2b.log /etc/fail2ban/jail.local)" = "1" ]; then echo -e "\nFail2ban seems to be already configured.\n" else echo -e "\nConfiguring Fail2ban...\n" diff --git a/tools/jibri-conf-upgrade.sh b/tools/jibri-conf-upgrade.sh index 177f676..efebb74 100644 --- a/tools/jibri-conf-upgrade.sh +++ b/tools/jibri-conf-upgrade.sh @@ -1,6 +1,6 @@ #!/bin/bash # Simple Jibri conf updater -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GNU GPLv3 or later. while getopts m: option @@ -8,7 +8,7 @@ do case "${option}" in m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./test-jibri-env.sh [-m debug]" && exit;; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; esac done @@ -25,7 +25,7 @@ echo -e ' \n' #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -46,19 +46,19 @@ else fi if [ -d /etc/prosody/ ];then -DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" fi CONF_JSON="/etc/jitsi/jibri/config.json" JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" -DIR_RECORD=/var/jbrecord -REC_DIR=/home/jibri/finalize_recording.sh -JibriBrewery=JibriBrewery +DIR_RECORD="/var/jbrecord" +REC_DIR="/home/jibri/finalize_recording.sh" +JibriBrewery="JibriBrewery" check_read_vars() { echo "Checking $1" if [ -z "$2" ];then - echo "This variable seems wrong, please check before continue" - exit 1 + echo "This variable seems wrong, please check before continue" + exit 1 fi } restart_services_jibri() { @@ -73,44 +73,44 @@ fi } #Prevent re-run on completed jibri upgraded instance -if [ -f $CONF_JSON_disabled ] && \ - [ -f $JIBRI_CONF ] && \ - [ -f $JIBRI_CONF-dpkg-file ]; then +if [ -f "$CONF_JSON"_disabled ] && \ + [ -f "$JIBRI_CONF" ] && \ + [ -f "$JIBRI_CONF"-dpkg-file ]; then echo -e "\n> This jibri config has been upgraded already, we'll exit...\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ https://github.com/switnet-ltd/quick-jibri-installer/issues\n" exit -elif [ ! -f $CONF_JSON ] && \ - [ -f $JIBRI_CONF ] && \ - [ -f $JIBRI_CONF-dpkg-file ]; then +elif [ ! -f "$CONF_JSON" ] && \ + [ -f "$JIBRI_CONF" ] && \ + [ -f "$JIBRI_CONF"-dpkg-file ]; then echo -e "\n> This jibri seems to be running the latest configuration already, we'll exit...\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ https://github.com/switnet-ltd/quick-jibri-installer/issues\n" exit -elif [ -f $CONF_JSON ] && \ - [ -f $JIBRI_CONF ]; then +elif [ -f "$CONF_JSON" ] && \ + [ -f "$JIBRI_CONF" ]; then echo -e "\n> This jibri config seems to be candidate for upgrading, we'll continue...\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ https://github.com/switnet-ltd/quick-jibri-installer/issues\n" fi #Read missing variables -if [ -f $CONF_JSON ]; then +if [ -f "$CONF_JSON" ]; then echo "Reading current config.json file..." - if [ -z $DOMAIN ]; then - DOMAIN=$(jq .xmpp_environments[0].xmpp_domain $CONF_JSON|cut -d '"' -f2) + if [ -z "$DOMAIN" ]; then + DOMAIN="$(jq .xmpp_environments[0].xmpp_domain $CONF_JSON|cut -d '"' -f2)" fi - JB_NAME=$(jq .xmpp_environments[0].name $CONF_JSON|cut -d '"' -f2) - JB_AUTH_PASS=$(jq .xmpp_environments[0].control_login.password $CONF_JSON|cut -d '"' -f2) - JB_REC_PASS=$(jq .xmpp_environments[0].call_login.password $CONF_JSON|cut -d '"' -f2) - JB_NICKN=$(jq .xmpp_environments[0].control_muc.nickname $CONF_JSON|cut -d '"' -f2) + JB_NAME="$(jq .xmpp_environments[0].name $CONF_JSON|cut -d '"' -f2)" + JB_AUTH_PASS="$(jq .xmpp_environments[0].control_login.password $CONF_JSON|cut -d '"' -f2)" + JB_REC_PASS="$(jq .xmpp_environments[0].call_login.password $CONF_JSON|cut -d '"' -f2)" + JB_NICKN="$(jq .xmpp_environments[0].control_muc.nickname $CONF_JSON|cut -d '"' -f2)" else echo "Can't find the instance config.json file, exiting..." exit fi -check_read_vars "Jibri Name" $JB_NAME -check_read_vars "(Main server) Domain" $DOMAIN -check_read_vars "Control login passwd" $JB_AUTH_PASS -check_read_vars "Call login passwd" $JB_REC_PASS -check_read_vars "Jibri Node nickname" $JB_NICKN +check_read_vars "Jibri Name" "$JB_NAME" +check_read_vars "(Main server) Domain" "$DOMAIN" +check_read_vars "Control login passwd" "$JB_AUTH_PASS" +check_read_vars "Call login passwd" "$JB_REC_PASS" +check_read_vars "Jibri Node nickname" "$JB_NICKN" if [ "$MODE" = "debug" ]; then echo "$JB_NAME" @@ -122,10 +122,10 @@ fi #Backup and setup new conf file echo -e "Backing up config.json for historical purposes at:\n ${CONF_JSON}_disabled" -mv $CONF_JSON ${CONF_JSON}_disabled +mv "$CONF_JSON" "${CONF_JSON}"_disabled -mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file -cat << NEW_CONF > $JIBRI_CONF +mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file +cat << NEW_CONF > "$JIBRI_CONF" // New XMPP environment config. jibri { recording { @@ -195,13 +195,13 @@ jibri { NEW_CONF echo "Check final jibri.conf file:" -cat $JIBRI_CONF -read -n 1 -s -r -p "Press any key to continue..."$'\n' +cat "$JIBRI_CONF" +read -n 1 -s -r -p "Press any key to continue..." restart_services_jibri systemctl status jibri if [ -f /var/log/jitsi/jicofo.log ]; then -echo -e "Checking for jicofo recognizing \"Live\" jibri node..." -tail -n 10 | grep Live + echo -e "Checking for jicofo recognizing \"Live\" jibri node..." + tail -n 10 | grep Live fi diff --git a/tools/jibri-resolution-enhancer.sh b/tools/jibri-resolution-enhancer.sh index c18e879..4503ecb 100644 --- a/tools/jibri-resolution-enhancer.sh +++ b/tools/jibri-resolution-enhancer.sh @@ -1,24 +1,24 @@ #!/bin/bash # Simple Jibri resolution enhancer -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GNU GPLv3 or later. while getopts m: option do - case "${option}" - in - m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./jibri-resolution-enhancer.sh [-m debug]" && exit;; - esac + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac done #DEBUG if [ "$MODE" = "debug" ]; then - set -x +set -x fi #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -46,15 +46,15 @@ if [ -f "$JIBRI_OPT/jibri-res_enh.jar" ] && \ fi mkdir /tmp/jibri -cd /tmp/jibri +cd /tmp/jibri || exit #Get md5sum for current jibri installed. -apt-get download jibri=$INSTALLED_JIBRI_VERSION +apt-get download jibri="$INSTALLED_JIBRI_VERSION" ar x jibri_*.deb tar xvf data.tar.xz UPSTREAM_DEB_JAR_SUM="$(md5sum 2>/dev/null /tmp/jibri/opt/jitsi/jibri/jibri.jar |awk '{print$1}')" -if [ -z $UPSTREAM_DEB_JAR_SUM ]; then +if [ -z "$UPSTREAM_DEB_JAR_SUM" ]; then echo "Not possible to continue, exiting..." exit fi @@ -63,11 +63,11 @@ fi apt-get -y install devscripts \ git \ maven \ - openjdk-8-jdk + openjdk-11-jdk #Build repository -git clone https://github.com/jitsi/jibri $JIBRI_ENH_PATH -cd $JIBRI_ENH_PATH +git clone https://github.com/jitsi/jibri "$JIBRI_ENH_PATH" +cd "$JIBRI_ENH_PATH" || exit # Default values ## videoEncodePreset - "veryfast" || h264ConstantRateFactor - 25 @@ -77,18 +77,18 @@ sed -i "/videoEncodePreset/s|String =.*|String = \"medium\",|" src/main/kotlin/ sed -i "/h264ConstantRateFactor/s|Int =.*|Int = 17,|" src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/FfmpegCapturer.kt mvn package -JIBRI_JAR="$(ls -Sh $JIBRI_ENH_PATH/target|awk '/dependencies/&&/.jar/{print}'|awk 'NR==1{print}')" -cp $JIBRI_ENH_PATH/target/$JIBRI_JAR $JIBRI_ENH_PATH/target/jibri.jar +JIBRI_JAR="$(find "$JIBRI_ENH_PATH" -name \*.jar|awk '/dependencies/{print}'|awk 'NR==1{print}')" +cp "$JIBRI_ENH_PATH"/target/"$JIBRI_JAR" "$JIBRI_ENH_PATH"/target/jibri.jar # Backing up default binaries if [ "$UPSTREAM_DEB_JAR_SUM" = "$(md5sum 2>/dev/null $JIBRI_OPT/jibri.jar|awk '{print$1}')" ]; then - cp $JIBRI_OPT/jibri.jar $JIBRI_OPT/jibri-dpkg-package.jar + cp "$JIBRI_OPT"/jibri.jar "$JIBRI_OPT"/jibri-dpkg-package.jar fi # Migrate original to enhanced jibri -cp $JIBRI_ENH_PATH/target/jibri.jar $JIBRI_OPT/jibri-res_enh.jar -if [ -f $JIBRI_OPT/jibri-dpkg-package.jar ];then - cp $JIBRI_OPT/jibri-res_enh.jar $JIBRI_OPT/jibri.jar +cp "$JIBRI_ENH_PATH"/target/jibri.jar "$JIBRI_OPT"/jibri-res_enh.jar +if [ -f "$JIBRI_OPT"/jibri-dpkg-package.jar ];then + cp "$JIBRI_OPT"/jibri-res_enh.jar "$JIBRI_OPT"/jibri.jar fi JIBRI_RES_ENH_HASH="$(md5sum 2>/dev/null $JIBRI_OPT/jibri-res_enh.jar|awk '{print$1}')" @@ -99,12 +99,12 @@ if [ "$JIBRI_RES_ENH_HASH" = "$USED_JIBRI_HASH" ]; then else echo "Something went wrong, restoring default package..." if [ "$(md5sum 2>/dev/null $JIBRI_OPT/jibri-dpkg-package.jar|awk '{print$1}')" = "$UPSTREAM_DEB_JAR_SUM" ]; then - cp $JIBRI_OPT/jibri-dpkg-package.jar $JIBRI_OPT/jibri.jar + cp "$JIBRI_OPT"/jibri-dpkg-package.jar "$JIBRI_OPT"/jibri.jar CLEAN="true" else if [ -f /tmp/jibri/opt/jitsi/jibri/jibri.jar ]; then echo "Restoring from upstream package..." - cp /tmp/jibri/opt/jitsi/jibri/jibri.jar $JIBRI_OPT/jibri.jar + cp /tmp/jibri/opt/jitsi/jibri/jibri.jar "$JIBRI_OPT"/jibri.jar CLEAN="true" else echo "Wow, someone took the time to avoid restoration, please manually review your changes." @@ -115,7 +115,7 @@ else fi if [ "$CLEAN" = "true" ]; then rm -r /tmp/jibri - rm -r $JIBRI_ENH_PATH + rm -r "$JIBRI_ENH_PATH" rm /opt/jitsi/jibri/jibri-res_enh.jar fi diff --git a/tools/start-over.sh b/tools/start-over.sh index 4db729f..256bb54 100644 --- a/tools/start-over.sh +++ b/tools/start-over.sh @@ -1,24 +1,24 @@ #!/bin/bash #Start over -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GPLv3 or later. while getopts m: option do - case "${option}" - in - m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./start-over.sh [-m debug]" && exit;; - esac + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac done #DEBUG if [ "$MODE" = "debug" ]; then - set -x +set -x fi #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -32,16 +32,16 @@ while [ $secs -gt 0 ]; do done } remove_residuals() { - if [ -d $1 ]; then - rm -r $1 + if [ -d "$1" ]; then + rm -r "$1" fi } purge_debconf() { - echo PURGE | debconf-communicate $1 + echo PURGE | debconf-communicate "$1" } remove_services() { - systemctl disable $1 - systemctl stop $1 + systemctl disable "$1" + systemctl stop "$1" } echo -e ' ######################################################################## @@ -50,8 +50,8 @@ echo -e ' by Software, IT & Networks Ltd \n' -SYNC_USER="$(ls /home|awk '/jbsync/{print}')" -DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +SYNC_USER="$(find /home -maxdepth 1 -type d |awk '/jbsync/{print}')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" echo "We are about to remove and clean all the jitsi-meet platform bits and pieces... Please make sure you have backed up anything you don't want to loose." @@ -118,7 +118,7 @@ remove_residuals /usr/share/jitsi-* #Clean /etc/hosts sed -i "/$DOMAIN/d" /etc/hosts -#Purging debconf db +echo "#Purging debconf db" purge_debconf jicofo purge_debconf jigasi purge_debconf jitsi-meet @@ -128,8 +128,8 @@ purge_debconf jitsi-meet-web-config purge_debconf jitsi-videobridge2 #Remove unused users & groups -if [ ! -z $SYNC_USER ]; then - deluser --remove-home $SYNC_USER +if [ -n "$SYNC_USER" ]; then + deluser --remove-home "$SYNC_USER" fi if [ -d /home/jibri ]; then deluser --remove-home jibri diff --git a/tools/test-jibri-env.sh b/tools/test-jibri-env.sh index ae87a22..9feffee 100644 --- a/tools/test-jibri-env.sh +++ b/tools/test-jibri-env.sh @@ -1,6 +1,6 @@ #!/bin/bash # Simple Jibri Env tester -# SwITNet Ltd © - 2021, https://switnet.net/ +# SwITNet Ltd © - 2022, https://switnet.net/ # GNU GPLv3 or later. while getopts m: option @@ -8,7 +8,7 @@ do case "${option}" in m) MODE=${OPTARG};; - \?) echo "Usage: sudo ./test-jibri-env.sh [-m debug]" && exit;; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; esac done @@ -25,7 +25,7 @@ echo -e ' \n' #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -39,30 +39,30 @@ check_google_binaries() { if [ -z "$2" ]; then echo "Warning: No $1 doesn't seem installed" else - echo $2 + echo "$2" fi } # True if $1 is greater than $2 version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; } -JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) +JITSI_REPO="$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1)" SND_AL_MODULE=$(lsmod | awk '{print$1}'| grep snd_aloop) -HWE_VIR_MOD=$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)") +HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")" CONF_JSON="/etc/jitsi/jibri/config.json" JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" -JMS_DOMAIN="$(awk -F '"' '/xmpp-domain/{print$2}' $JIBRI_CONF)" +JMS_DOMAIN="$(awk -F '"' '/xmpp-domain/{print$2}' "$JIBRI_CONF")" CHDB="$(whereis chromedriver | awk '{print$2}')" CHD_VER_LOCAL="$($CHDB --version 2>/dev/null| awk '{print$1,$2}')" GOOGL_VER_LOCAL="$(/usr/bin/google-chrome --version 2>/dev/null)" -CHD_VER_2D="$(echo $CHD_VER_LOCAL|awk '{print$2}'|cut -d "." -f 1,2)" -GOOGL_VER_2D="$(echo $GOOGL_VER_LOCAL|awk '{print$3}'|cut -d "." -f 1,2)" +CHD_VER_2D="$(echo "$CHD_VER_LOCAL"|awk '{print$2}'|cut -d "." -f 1,2)" +GOOGL_VER_2D="$(echo "$GOOGL_VER_LOCAL"|awk '{print$3}'|cut -d "." -f 1,2)" CHD_LTST="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" -CHD_LTST_2D="$(echo $CHD_LTST|cut -d "." -f 1,2)" +CHD_LTST_2D="$(echo "$CHD_LTST"|cut -d "." -f 1,2)" #T1 echo -e "\n#1 -- Check repository --\n" -if [ -z $JITSI_REPO ]; then +if [ -z "$JITSI_REPO" ]; then echo "No repository detected, wait whaaaat?..." while [[ "$CONT_TEST" != "yes" && "$CONT_TEST" != "no" ]] do @@ -103,7 +103,7 @@ echo -e "\n#3 -- Check Google Chrome/driver software. --\n" check_google_binaries "Google Chrome" "$GOOGL_VER_LOCAL" check_google_binaries "Chromedriver" "$CHD_VER_LOCAL" -if [ ! -z "$CHD_VER_LOCAL" ] && [ ! -z "$GOOGL_VER_LOCAL" ]; then +if [ -n "$CHD_VER_LOCAL" ] && [ -n "$GOOGL_VER_LOCAL" ]; then # Chrome upgrade process if [ "$(apt-show-versions google-chrome-stable | grep -c "uptodate")" = "1" ]; then echo -e "Google Chrome is already up to date: \xE2\x9C\x94" @@ -112,17 +112,17 @@ if [ ! -z "$CHD_VER_LOCAL" ] && [ ! -z "$GOOGL_VER_LOCAL" ]; then apt-get -yq install --only-upgrade google-chrome-stable fi # Only upgrade chromedriver if it's on a lower version, not just a different one. - if [ $CHD_VER_2D = $GOOGL_VER_2D ]; then + if [ "$CHD_VER_2D" = "$GOOGL_VER_2D" ]; then echo -e "\nChromedriver version seems according to Google Chrome: \xE2\x9C\x94" T3=1 elif version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" && \ [ "$GOOGL_VER_2D" = "$CHD_LTST_2D" ]; then echo -e "\nAttempting Chromedriver update!" - wget -q https://chromedriver.storage.googleapis.com/$CHD_LTST/chromedriver_linux64.zip \ + wget -q https://chromedriver.storage.googleapis.com/"$CHD_LTST"/chromedriver_linux64.zip \ -O /tmp/chromedriver_linux64.zip unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/ - chown root:root $CHDB - chmod 0755 $CHDB + chown root:root "$CHDB" + chmod 0755 "$CHDB" rm -rf /tpm/chromedriver_linux64.zip if [ "$($CHDB -v | awk '{print $2}'|cut -d "." -f 1,2)" = "$GOOGL_VER_2D" ]; then echo "Successful update" @@ -140,24 +140,24 @@ fi #T4 echo -e "\n#4 -- Test kernel modules --\n" -if [ -z $SND_AL_MODULE ]; then +if [ -z "$SND_AL_MODULE" ]; then #First make sure the recommended kernel is installed. if [ "$HWE_VIR_MOD" = "1" ]; then apt-get -y install \ - linux-image-generic-hwe-$(lsb_release -sr) + linux-image-generic-hwe-"$(lsb_release -sr)" else apt-get -y install \ linux-image-generic \ - linux-modules-extra-$(uname -r) + linux-modules-extra-"$(uname -r)" fi echo -e "\nNo module snd_aloop detected. \xE2\x9C\x96 <== IMPORTANT! \nCurrent kernel: $(uname -r)\n" echo -e "\nIf you just installed a new kernel, \ please try rebooting.\nFor now wait 'til the end of the recommended kernel installation." echo "# Check and Install HWE kernel if possible..." if uname -r | grep -q aws;then - KNL_HWE="$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr)|awk 'NR==1{print$3}'|cut -d "." -f1-4)" - KNL_MENU="$(awk -F\' '/menuentry / {print $2}' /boot/grub/grub.cfg|awk '!/recovery/&&/generic/{print$3,$4}'|grep $KNL_HWE)" - if [ ! -z "$KNL_MENU" ];then + KNL_HWE="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)"|awk 'NR==1{print$3}'|cut -d "." -f1-4)" + KNL_MENU="$(awk -F\' '/menuentry / {print $2}' /boot/grub/grub.cfg|awk '!/recovery/&&/generic/{print$3,$4}'|grep "$KNL_HWE")" + if [ -n "$KNL_MENU" ];then echo -e "\nSeems you are using an AWS kernel \xE2\x9C\x96 <== IMPORTANT! \nYou might consider modify your grub (/etc/default/grub) to use the following:" && \ echo -e "\n > $KNL_MENU" fi @@ -172,8 +172,8 @@ fi echo -e "\n#5 -- Test .asoundrc file --\n" ASRC_MASTER="https://raw.githubusercontent.com/jitsi/jibri/master/resources/debian-package/etc/jitsi/jibri/asoundrc" ASRC_INSTALLED="/home/jibri/.asoundrc" -ASRC_MASTER_MD5SUM=$(curl -sL $ASRC_MASTER | md5sum | cut -d ' ' -f 1) -ASRC_INSTALLED_MD5SUM=$(md5sum $ASRC_INSTALLED | cut -d ' ' -f 1) +ASRC_MASTER_MD5SUM="$(curl -sL "$ASRC_MASTER" | md5sum | cut -d ' ' -f 1)" +ASRC_INSTALLED_MD5SUM="$(md5sum "$ASRC_INSTALLED" | cut -d ' ' -f 1)" if [ "$ASRC_MASTER_MD5SUM" == "$ASRC_INSTALLED_MD5SUM" ]; then echo -e "Seems to be using the latest asoundrc file available. \xE2\x9C\x94" @@ -187,20 +187,20 @@ fi echo -e "\n#6 -- Old or new config --\n" echo -e "What config version is this using?" -if [ -f ${CONF_JSON}_disabled ] && \ - [ -f $JIBRI_CONF ] && \ - [ -f $JIBRI_CONF-dpkg-file ]; then +if [ -f "${CONF_JSON}"_disabled ] && \ + [ -f "$JIBRI_CONF" ] && \ + [ -f "$JIBRI_CONF"-dpkg-file ]; then echo -e "\n> This jibri config has been upgraded already. \xE2\x9C\x94 \n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ https://github.com/switnet-ltd/quick-jibri-installer/issues\n" T6=1 -elif [ ! -f $CONF_JSON ] && \ - [ -f $JIBRI_CONF ] && \ - [ -f ${JIBRI_CONF}-dpkg-file ]; then +elif [ ! -f "$CONF_JSON" ] && \ + [ -f "$JIBRI_CONF" ] && \ + [ -f "${JIBRI_CONF}"-dpkg-file ]; then echo -e "\n> This jibri seems to be running the latest configuration already. \xE2\x9C\x94 \n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ https://github.com/switnet-ltd/quick-jibri-installer/issues\n" T6=1 -elif [ -f ${CONF_JSON} ] && \ - [ -f $JIBRI_CONF ]; then +elif [ -f "${CONF_JSON}" ] && \ + [ -f "$JIBRI_CONF" ]; then echo -e "\n> This jibri config seems to be candidate for upgrading. \xE2\x9C\x96 \nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ https://github.com/switnet-ltd/quick-jibri-installer/issues\n" T6=0 @@ -220,8 +220,7 @@ fi #T7 echo -e "\n#7 -- Check for open communication port among Jibri and JMS --\n" -nc -z -v -w5 $JMS_DOMAIN 5222 -if [ "$?" -ne 0 ]; then +if ! nc -z -v -w5 "$JMS_DOMAIN" 5222 ; then echo -e "Connection failed! \xE2\x9C\x96\n > You might want to check both Jibri & JMS firewall rules (TCP 5222)." T7=0 else