From 265c1151a440de778a7359ca357d4d79c284b537 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 18 Jan 2025 01:57:59 -0600 Subject: [PATCH 01/28] quick_jibri_installer.sh: update and fix for newer release (2025) --- patches/jigasi/001-jigasi-meet-config.patch | 8 ++++---- quick_jibri_installer.sh | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/patches/jigasi/001-jigasi-meet-config.patch b/patches/jigasi/001-jigasi-meet-config.patch index 41f5b8f..af6f8d0 100644 --- a/patches/jigasi/001-jigasi-meet-config.patch +++ b/patches/jigasi/001-jigasi-meet-config.patch @@ -29,10 +29,10 @@ index f412891..f704157 100644 // // Transcriber language. This settings will only work if "useAppLanguage" // // is explicitly set to false. -@@ -453,7 +453,7 @@ var config = { - - // // Enables automatic turning on transcribing when recording is started - // autoTranscribeOnRecord: false, +@@ -484,7 +484,7 @@ var config = { + // // Enables automatic request of subtitles when transcriber is present in the meeting, uses the default + // // language that is set + // autoCaptionOnTranscribe: false, - // }, + }, diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index a5176ba..f93447e 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -1050,7 +1050,7 @@ sed -i "s|// startAudioMuted: 10,|startAudioMuted: 2,|" "$MEET_CONF" [ "$ENABLE_WELCP" = "yes" ] && ENABLE_WELCP_BOL=true [ "$ENABLE_WELCP" = "no" ] && ENABLE_WELCP_BOL=false export ENABLE_WELCP_BOL -echo "> Patching config.js to modify welcompage behavior..." +echo "> Patching config.js to modify welcome page behavior..." echo " Read more about patches at the patches folder." envsubst < \ patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch | \ -- 2.34.1 From 22957eddf4ce114fd3973cc2c28d1e94ba186c97 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 18 Jan 2025 02:13:55 -0600 Subject: [PATCH 02/28] quick_jibri_installer.sh: add 24.04 support for Ubuntu and Trisquel. --- quick_jibri_installer.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index f93447e..aa5d8bd 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -68,8 +68,9 @@ rename_distro() { fi } #Trisquel distro upstream referencing. -rename_distro nabia focal -rename_distro aramo jammy +rename_distro nabia focal +rename_distro aramo jammy +rename_distro ecne noble install_ifnot() { if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then @@ -189,7 +190,8 @@ fi printf "\nOS: %s" "$(lsb_release -sd)" if [ "$DIST" = "focal" ] || \ - [ "$DIST" = "jammy" ]; then + [ "$DIST" = "jammy" ] || \ + [ "$DIST" = "noble" ]; then printf "\nGood, this is a supported platform!" else printf "\nSorry, this platform is not supported... exiting" -- 2.34.1 From 44c21e174ab3218358a9ca9a8bbe1c00c4230375 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jan 2025 01:23:49 -0600 Subject: [PATCH 03/28] fix bad apt call --- etherpad-docker.sh | 2 +- tools/jibri-conf-upgrade.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index 81ab2c3..5788d37 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -70,7 +70,7 @@ else /etc/apt/sources.list.d/docker-ce.list wget -qO - https://download.docker.com/linux/ubuntu/gpg | \ gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg >/dev/null - apt -q2 update + apt-get -q2 update fi read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS diff --git a/tools/jibri-conf-upgrade.sh b/tools/jibri-conf-upgrade.sh index d899ff3..527876c 100644 --- a/tools/jibri-conf-upgrade.sh +++ b/tools/jibri-conf-upgrade.sh @@ -31,7 +31,7 @@ if ! [ "$(id -u)" = 0 ]; then fi echo "Checking for updates...." -apt -q2 update +apt-get -q2 update apt install -y \ apt-show-versions \ jq -- 2.34.1 From 3ba587fc4fa6c3efed4ef4f5b21e23b155f6db90 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jan 2025 01:50:09 -0600 Subject: [PATCH 04/28] standardize on docker.io as distro package. --- etherpad-docker.sh | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index 5788d37..b7f6f7c 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -59,20 +59,8 @@ PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{pri ETHERPAD_DB_USER="dockerpad" ETHERPAD_DB_NAME="etherpad" ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" -DOCKER_CE_REPO="$(check_apt_policy docker)" WS_CONF_MATCH1="# ensure all static content can always be found first" -echo "Add Docker repo" -if [ "$DOCKER_CE_REPO" = "stable" ]; then - echo "Docker repository already installed" -else - echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > \ - /etc/apt/sources.list.d/docker-ce.list - wget -qO - https://download.docker.com/linux/ubuntu/gpg | \ - gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg >/dev/null - apt-get -q2 update -fi - read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS # Make sure we can rely on the match strings. @@ -80,7 +68,7 @@ printf "> Testing match strings on config files.\n" test_match "$WS_MATCH1" "$WS_CONF" # Install required packages -install_ifnot docker-ce +install_ifnot docker.io install_ifnot postgresql-"$PSGVER" # Create DB -- 2.34.1 From 60c4641c570ef14de2647dbb6066c9c5e10dc59a Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jan 2025 02:36:44 -0600 Subject: [PATCH 05/28] remove possible duplication of wasm definition --- quick_jibri_installer.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index aa5d8bd..e823aa4 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -989,6 +989,9 @@ else echo -n "No condition meet, please report to:" echo "https://forge.switnet.net/switnet/quick-jibri-installer/issues" fi +# Remove possible duplication of wasm definition. +grep -q wasm /etc/nginx/mime.types && sed -i '/types {/,/}/ {/wasm/d}' "$WS_CONF" + sleep .1 #================== Setup prosody conf file ================= -- 2.34.1 From 031eb1cac634ccf665f5c0b2baba1d66940c0824 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jan 2025 02:54:04 -0600 Subject: [PATCH 06/28] replace htop in favor of btop --- quick_jibri_installer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index e823aa4..17c81fe 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -388,7 +388,7 @@ apt-get -y install \ curl \ ffmpeg \ git \ - htop \ + btop \ jq \ net-tools \ rsync \ -- 2.34.1 From b1e8a058547b60dc1f75eec415720a10bf69d0a9 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jan 2025 05:00:48 -0600 Subject: [PATCH 07/28] replace docker container with docker-compose --- etherpad-docker.sh | 58 +++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index b7f6f7c..4bd1053 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -13,9 +13,8 @@ do esac done -#DEBUG if [ "$MODE" = "debug" ]; then -set -x + set -x fi if ! [ "$(id -u)" = 0 ]; then @@ -32,7 +31,9 @@ echo ' ' FORGE_REPO="https://forge.switnet.net/switnet/quick-jibri-installer" check_apt_policy() { -apt-cache policy 2>/dev/null| awk "/$1/{print \$3}" | awk -F '/' 'NR==1{print$2}' + apt-cache policy 2>/dev/null| \ + awk "/$1/{print \$3}" | \ + awk -F '/' 'NR==1{print$2}' } install_ifnot() { if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then @@ -69,6 +70,7 @@ test_match "$WS_MATCH1" "$WS_CONF" # Install required packages install_ifnot docker.io +install_ifnot docker-compose install_ifnot postgresql-"$PSGVER" # Create DB @@ -78,29 +80,27 @@ CREATE DATABASE ${ETHERPAD_DB_NAME}; CREATE USER ${ETHERPAD_DB_USER} WITH ENCRYPTED PASSWORD '${ETHERPAD_DB_PASS}'; GRANT ALL PRIVILEGES ON DATABASE ${ETHERPAD_DB_NAME} TO ${ETHERPAD_DB_USER}; DB -echo " -- Your etherpad db password is: $ETHERPAD_DB_PASS" -echo -e " Please save it somewhere safe.\n" -# Check fot docker if not running then execute -if [ ! "$(docker ps -q -f name=etherpad)" ]; then - if [ "$(docker ps -aq -f status=exited -f name=etherpad)" ]; then - # cleanup - docker rm etherpad - fi - # run your container - docker run -d --restart always \ - --network=host \ - --name etherpad \ - -p 127.0.0.1:9001:9001 \ - -e "ADMIN_PASSWORD=$ETHERPAD_ADMIN_PASS" \ - -e "DB_TYPE=postgres" \ - -e "DB_HOST=localhost" \ - -e "DB_PORT=5432" \ - -e "DB_NAME=$ETHERPAD_DB_NAME" \ - -e "DB_USER=$ETHERPAD_DB_USER" \ - -e "DB_PASS=$ETHERPAD_DB_PASS" \ - -i -t etherpad/etherpad -fi +# Set environment varibales for docker +mkdir /opt/etherpat +cat << EOF > /opt/etherpat/.env +DOCKER_COMPOSE_APP_ADMIN_PASSWORD="$ETHERPAD_ADMIN_PASS" +DOCKER_COMPOSE_APP_DB_CHARSET="utf8mb4" +DOCKER_COMPOSE_POSTGRES_HOST="localhost" +DOCKER_COMPOSE_POSTGRES_USER="$ETHERPAD_DB_USER" +DOCKER_COMPOSE_POSTGRES_DATABASE="$ETHERPAD_DB_NAME" +DOCKER_COMPOSE_POSTGRES_PASSWORD="$ETHERPAD_DB_PASS" +DOCKER_COMPOSE_POSTGRES_PORT="5432" +#DOCKER_COMPOSE_APP_DEFAULT_PAD_TEXT= +DOCKER_COMPOSE_APP_DISABLE_IP_LOGGING="false" +DOCKER_COMPOSE_APP_SOFFICE="null" +DOCKER_COMPOSE_APP_TRUST_PROXY="true" +EOF +chmod 600 /opt/etherpat/.env +cp files/etherpad/docker-compose.yml /opt/etherpat/ +chmod 644 /opt/etherpat/docker-compose.yml + +docker-compose -f /opt/etherpat/docker-compose.yml up -d # Tune webserver for Jitsi App control @@ -121,8 +121,8 @@ elif [ -f "$WS_CONF" ]; then sed -i "/$WS_CONF_MATCH1/i \ \ \ \ }" "$WS_CONF" sed -i "/$WS_CONF_MATCH1/i \\\n" "$WS_CONF" else - echo "> No etherpad config done to server file, please report to: - -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" + echo "> No etherpad config done to server file, please report to:" + echo " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" fi # Configure config.js @@ -140,6 +140,6 @@ if nginx -t 2>/dev/null ; then # systemctl reload nginx else echo "Please check your configuration, something may be wrong." - echo "Will not try to enable etherpad nginx configuration, please report to: - -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" + echo "Will not try to enable etherpad nginx configuration, please report to:" + echo " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" fi -- 2.34.1 From 09f8f4ccec745a2d391788afb95ef3ef6428d07f Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jan 2025 05:02:23 -0600 Subject: [PATCH 08/28] add custom docker-compose file --- files/etherpad/docker-compose.yml | 37 +++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 files/etherpad/docker-compose.yml diff --git a/files/etherpad/docker-compose.yml b/files/etherpad/docker-compose.yml new file mode 100644 index 0000000..b7610a8 --- /dev/null +++ b/files/etherpad/docker-compose.yml @@ -0,0 +1,37 @@ +version: '3.8' + +services: + app: + user: "0:0" + image: etherpad/etherpad:latest + tty: true + stdin_open: true + volumes: + - plugins:/opt/etherpad-lite/src/plugin_packages + - etherpad-var:/opt/etherpad-lite/var + env_file: + - .env + environment: + NODE_ENV: production + ADMIN_PASSWORD: ${DOCKER_COMPOSE_APP_ADMIN_PASSWORD:-admin} + DB_CHARSET: ${DOCKER_COMPOSE_APP_DB_CHARSET:-utf8mb4} + DB_HOST: ${DOCKER_COMPOSE_POSTGRES_HOST:-localhost} + DB_NAME: ${DOCKER_COMPOSE_POSTGRES_DATABASE:-etherpad} + DB_PASS: ${DOCKER_COMPOSE_POSTGRES_PASSWORD:-admin} + DB_PORT: ${DOCKER_COMPOSE_POSTGRES_PORT:-5432} + DB_TYPE: "postgres" + DB_USER: ${DOCKER_COMPOSE_POSTGRES_USER:-admin} + DEFAULT_PAD_TEXT: ${DOCKER_COMPOSE_APP_DEFAULT_PAD_TEXT:- } + DISABLE_IP_LOGGING: ${DOCKER_COMPOSE_APP_DISABLE_IP_LOGGING:-false} + SOFFICE: ${DOCKER_COMPOSE_APP_SOFFICE:-null} + TRUST_PROXY: ${DOCKER_COMPOSE_APP_TRUST_PROXY:-true} + restart: always + ports: + - "${DOCKER_COMPOSE_APP_PORT:-9001}:9001" + +volumes: + plugins: + driver: local + etherpad-var: + driver: local + -- 2.34.1 From c4ea620a73077c43701f437db6df511b95922246 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jan 2025 05:03:34 -0600 Subject: [PATCH 09/28] add missing debug modes and standardize initial checks. --- add-jibri-node.sh | 14 ++++++-------- add-jvb2-node.sh | 15 ++++++--------- excalidraw-backend.sh | 36 ++++++++++++++++++------------------ grafana.sh | 3 +-- jigasi-vosk-backend.sh | 15 ++++++++++++++- jitsi-updater.sh | 14 +++++++------- jm-bm.sh | 8 ++++++-- jra_nextcloud.sh | 2 +- quick_jibri_installer.sh | 1 - 9 files changed, 59 insertions(+), 49 deletions(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index b548bba..86aa17d 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -16,9 +16,13 @@ do esac done -#DEBUG if [ "$MODE" = "debug" ]; then -set -x + set -x +fi + +if ! [ "$(id -u)" = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 fi #Make sure the file name is the required one @@ -28,12 +32,6 @@ if [ ! "$(basename "$0")" = "add-jibri-node.sh" ]; then exit fi -#Check admin rights -if ! [ "$(id -u)" = 0 ]; then - echo "You need to be root or have sudo privileges!" - exit 0 -fi - ### 0_VAR_DEF MAIN_SRV_DIST=TBD MAIN_SRV_REPO=TBD diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index 7cf37d0..1afe811 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -16,9 +16,13 @@ do esac done -#DEBUG if [ "$MODE" = "debug" ]; then -set -x + set -x +fi + +if ! [ "$(id -u)" = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 fi #Make sure the file name is the required one @@ -28,13 +32,6 @@ if [ ! "$(basename "$0")" = "add-jvb2-node.sh" ]; then exit fi - -#Check admin rights -if ! [ "$(id -u)" = 0 ]; then - echo "You need to be root or have sudo privileges!" - exit 0 -fi - ### 0_VAR_DEF MAIN_SRV_DIST=TBD MAIN_SRV_REPO=TBD diff --git a/excalidraw-backend.sh b/excalidraw-backend.sh index 0dc4a03..fa29c3b 100644 --- a/excalidraw-backend.sh +++ b/excalidraw-backend.sh @@ -7,6 +7,24 @@ # SwITNet Ltd © - 2024, https://switnet.net/ # GPLv3 or later. +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac +done + +if [ "$MODE" = "debug" ]; then + set -x +fi + +if ! [ "$(id -u)" = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 +fi + # Reset Color_Off='\e[0m' # Text Reset # Regular Colors @@ -52,24 +70,6 @@ else fi } -while getopts m: option -do - case "${option}" - in - m) MODE=${OPTARG};; - \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; - esac -done - -#DEBUG -if [ "$MODE" = "debug" ]; then -set -x -fi - -if ! [ "$(id -u)" = 0 ]; then - echo "You need to be root or have sudo privileges!" - exit 0 -fi clear echo -e '\n ######################################################################## diff --git a/grafana.sh b/grafana.sh index 4e1e896..54c7954 100644 --- a/grafana.sh +++ b/grafana.sh @@ -21,9 +21,8 @@ do esac done -#DEBUG if [ "$MODE" = "debug" ]; then -set -x + set -x fi if ! [ "$(id -u)" = 0 ]; then diff --git a/jigasi-vosk-backend.sh b/jigasi-vosk-backend.sh index 293bb25..3e3b3c1 100644 --- a/jigasi-vosk-backend.sh +++ b/jigasi-vosk-backend.sh @@ -3,11 +3,24 @@ # SwITNet Ltd © - 2024, https://switnet.net/ # GPLv3 or later. -#Check if user is root +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac +done + +if [ "$MODE" = "debug" ]; then + set -x +fi + if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi + exit_if_not_installed() { if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then echo " This instance doesn't have $1 installed, exiting..." diff --git a/jitsi-updater.sh b/jitsi-updater.sh index 0e04af2..92f399b 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -13,9 +13,13 @@ do esac done -#DEBUG if [ "$MODE" = "debug" ]; then -set -x + set -x +fi + +if ! [ "$(id -u)" = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 fi Blue='\e[0;34m' @@ -27,11 +31,7 @@ Color_Off='\e[0m' printwc() { printf "%b$2%b" "$1" "${Color_Off}" } -#Check if user is root -if ! [ "$(id -u)" = 0 ]; then - echo "You need to be root or have sudo privileges!" - exit 0 -fi + if [ ! -f jm-bm.sh ]; then echo "Please check that you are running the jitsi updater while being on the project folder" echo "other wise the updater might have errors or be incomplete. Exiting..." diff --git a/jm-bm.sh b/jm-bm.sh index 58b5c10..3c81c55 100644 --- a/jm-bm.sh +++ b/jm-bm.sh @@ -13,9 +13,13 @@ do esac done -#DEBUG if [ "$MODE" = "debug" ]; then -set -x + set -x +fi + +if ! [ "$(id -u)" = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 fi DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index ccedcdd..c6e5b60 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -12,7 +12,6 @@ do esac done -#DEBUG if [ "$MODE" = "debug" ]; then set -x fi @@ -21,6 +20,7 @@ if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi + exit_if_not_installed() { if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then echo " This instance doesn't have $1 installed, exiting..." diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 17c81fe..54073ae 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -14,7 +14,6 @@ do esac done -#DEBUG if [ "$MODE" = "debug" ]; then set -x fi -- 2.34.1 From 4a432785d64a270430e55fba258882e4a6e5558d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jan 2025 14:46:10 -0600 Subject: [PATCH 10/28] fix path and loosen permissions for testing --- etherpad-docker.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index 4bd1053..323e48c 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -82,8 +82,8 @@ GRANT ALL PRIVILEGES ON DATABASE ${ETHERPAD_DB_NAME} TO ${ETHERPAD_DB_USER}; DB # Set environment varibales for docker -mkdir /opt/etherpat -cat << EOF > /opt/etherpat/.env +mkdir /opt/etherpad +cat << EOF > /opt/etherpad/.env DOCKER_COMPOSE_APP_ADMIN_PASSWORD="$ETHERPAD_ADMIN_PASS" DOCKER_COMPOSE_APP_DB_CHARSET="utf8mb4" DOCKER_COMPOSE_POSTGRES_HOST="localhost" @@ -96,11 +96,11 @@ DOCKER_COMPOSE_APP_DISABLE_IP_LOGGING="false" DOCKER_COMPOSE_APP_SOFFICE="null" DOCKER_COMPOSE_APP_TRUST_PROXY="true" EOF -chmod 600 /opt/etherpat/.env -cp files/etherpad/docker-compose.yml /opt/etherpat/ -chmod 644 /opt/etherpat/docker-compose.yml +chmod 644 /opt/etherpad/.env +cp files/etherpad/docker-compose.yml /opt/etherpad/ +chmod 644 /opt/etherpad/docker-compose.yml -docker-compose -f /opt/etherpat/docker-compose.yml up -d +docker-compose -f /opt/etherpad/docker-compose.yml up -d # Tune webserver for Jitsi App control -- 2.34.1 From d3bd56e45ce5f12a0a479fc95195762a208378ff Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jan 2025 22:13:26 -0600 Subject: [PATCH 11/28] update year --- README.md | 2 +- add-jibri-node.sh | 2 +- add-jvb2-node.sh | 2 +- etherpad-docker.sh | 2 +- excalidraw-backend.sh | 2 +- grafana.sh | 2 +- jigasi-vosk-backend.sh | 2 +- jitsi-updater.sh | 2 +- jm-bm.sh | 2 +- jra_nextcloud.sh | 2 +- mode/chp-mode.sh | 2 +- mode/grid/selenium-grid-docker.sh | 2 +- mode/jms-stu.sh | 2 +- mode/jwt.sh | 2 +- patches/jigasi/001-jigasi-meet-config.patch | 2 +- patches/jigasi/002-jigasi-sip-properties.patch | 2 +- .../001-jitsi-meet-enable-livestreaming-and-recording.patch | 2 +- patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch | 2 +- quick_jibri_installer.sh | 2 +- tools/aws-grub-setup.sh | 2 +- tools/fail2ban_ssh.sh | 2 +- tools/jibri-conf-upgrade.sh | 2 +- tools/jibri-resolution-enhancer.sh | 2 +- tools/prepare_php.sh | 2 +- tools/start-over.sh | 2 +- tools/test-jibri-env.sh | 2 +- 26 files changed, 26 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 07104ed..d65c750 100644 --- a/README.md +++ b/README.md @@ -118,4 +118,4 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. -SwITNet Ltd © - 2024, https://switnet.net/ +SwITNet Ltd © - 2025, https://switnet.net/ diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 86aa17d..f821a11 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -1,6 +1,6 @@ #!/bin/bash # Jibri Node Aggregator -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. ### 0_LAST EDITION TIME STAMP ### diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index 1afe811..eb255e4 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -1,6 +1,6 @@ #!/bin/bash # JVB2 Node Aggregator -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. ### 0_LAST EDITION TIME STAMP ### diff --git a/etherpad-docker.sh b/etherpad-docker.sh index 323e48c..cc97857 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -1,6 +1,6 @@ #!/bin/bash # Etherpad Installer for Jitsi Meet -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # # GPLv3 or later. diff --git a/excalidraw-backend.sh b/excalidraw-backend.sh index fa29c3b..42410ec 100644 --- a/excalidraw-backend.sh +++ b/excalidraw-backend.sh @@ -4,7 +4,7 @@ # Based on: # - https://community.jitsi.org/t/118883 # -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. while getopts m: option diff --git a/grafana.sh b/grafana.sh index 54c7954..76e9ede 100644 --- a/grafana.sh +++ b/grafana.sh @@ -8,7 +8,7 @@ # by "mephisto" # # Igor Kerstges © - 2021 -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # # GPLv3 or later. diff --git a/jigasi-vosk-backend.sh b/jigasi-vosk-backend.sh index 3e3b3c1..8349c12 100644 --- a/jigasi-vosk-backend.sh +++ b/jigasi-vosk-backend.sh @@ -1,6 +1,6 @@ #!/bin/bash # Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems. -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. while getopts m: option diff --git a/jitsi-updater.sh b/jitsi-updater.sh index 92f399b..e72c0df 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -1,7 +1,7 @@ #!/bin/bash # Jitsi Meet recurring upgrader and customization keeper # for Debian/*buntu binaries. -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GNU GPLv3 or later. while getopts m: option diff --git a/jm-bm.sh b/jm-bm.sh index 3c81c55..01123fa 100644 --- a/jm-bm.sh +++ b/jm-bm.sh @@ -1,7 +1,7 @@ #!/bin/bash # Jitsi Meet brandless mode # for Debian/*buntu binaries. -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GNU GPLv3 or later. while getopts m: option diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index c6e5b60..f6de6ef 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -1,6 +1,6 @@ #!/bin/bash # JRA (Jibri Recordings Access) via Nextcloud -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. while getopts m: option diff --git a/mode/chp-mode.sh b/mode/chp-mode.sh index 80708d9..b0dd37a 100644 --- a/mode/chp-mode.sh +++ b/mode/chp-mode.sh @@ -1,6 +1,6 @@ #!/bin/bash # Custom High Performance Jitsi conf -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. while getopts m: option diff --git a/mode/grid/selenium-grid-docker.sh b/mode/grid/selenium-grid-docker.sh index 98f7189..6291450 100644 --- a/mode/grid/selenium-grid-docker.sh +++ b/mode/grid/selenium-grid-docker.sh @@ -1,7 +1,7 @@ #!/bin/bash # Custom Selenium Grid-Node fro Jitsi Meet # Pandian © - https://community.jitsi.org/u/Pandian -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. while getopts m: option diff --git a/mode/jms-stu.sh b/mode/jms-stu.sh index 49a06ea..1e753f2 100644 --- a/mode/jms-stu.sh +++ b/mode/jms-stu.sh @@ -2,7 +2,7 @@ # System-tune-up to remove system software restrictions on a huge load of connections. # Be aware that hardware/infrastructure resources are the most common limiters. # -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. while getopts m: option diff --git a/mode/jwt.sh b/mode/jwt.sh index b6ffccb..58eb82f 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -1,6 +1,6 @@ #!/bin/bash # JWT Mode Setup -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. while getopts m: option diff --git a/patches/jigasi/001-jigasi-meet-config.patch b/patches/jigasi/001-jigasi-meet-config.patch index af6f8d0..8a121e8 100644 --- a/patches/jigasi/001-jigasi-meet-config.patch +++ b/patches/jigasi/001-jigasi-meet-config.patch @@ -1,5 +1,5 @@ # Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems. -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. Enable transcription on jitsi meet config.js file. diff --git a/patches/jigasi/002-jigasi-sip-properties.patch b/patches/jigasi/002-jigasi-sip-properties.patch index 886cc76..cd1bce7 100644 --- a/patches/jigasi/002-jigasi-sip-properties.patch +++ b/patches/jigasi/002-jigasi-sip-properties.patch @@ -1,5 +1,5 @@ # Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems. -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. Modify sip-communicator.properties to run Jigasi along with VOSK Models. diff --git a/patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch b/patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch index 51b5f9e..77091a8 100644 --- a/patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch +++ b/patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch @@ -1,5 +1,5 @@ # Quick Jibri Installer - *buntu (LTS) based systems. -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. Patch jitsi-meet config.js to enable recording and livestreaming by default. diff --git a/patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch b/patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch index fab6e3f..e26073b 100644 --- a/patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch +++ b/patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch @@ -1,5 +1,5 @@ # Quick Jibri Installer - *buntu (LTS) based systems. -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. Patch jitsi-meet config.js to enable/disable welcome page. diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 54073ae..50625ed 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -1,6 +1,6 @@ #!/bin/bash # Quick Jibri Installer - *buntu (LTS) based systems. -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. { echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log diff --git a/tools/aws-grub-setup.sh b/tools/aws-grub-setup.sh index d3f1eef..d2fdaa5 100644 --- a/tools/aws-grub-setup.sh +++ b/tools/aws-grub-setup.sh @@ -1,6 +1,6 @@ #!/bin/bash # Automated AWS generic kernel setup for jibri. -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. while getopts m: option diff --git a/tools/fail2ban_ssh.sh b/tools/fail2ban_ssh.sh index 35487b8..6e24e7f 100644 --- a/tools/fail2ban_ssh.sh +++ b/tools/fail2ban_ssh.sh @@ -1,6 +1,6 @@ #!/bin/bash # Simple Fail2ban configuration -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GNU GPLv3 or later. while getopts m: option diff --git a/tools/jibri-conf-upgrade.sh b/tools/jibri-conf-upgrade.sh index 527876c..ad74c6d 100644 --- a/tools/jibri-conf-upgrade.sh +++ b/tools/jibri-conf-upgrade.sh @@ -1,6 +1,6 @@ #!/bin/bash # Simple Jibri conf updater -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GNU GPLv3 or later. while getopts m: option diff --git a/tools/jibri-resolution-enhancer.sh b/tools/jibri-resolution-enhancer.sh index d671d12..2e90a9c 100644 --- a/tools/jibri-resolution-enhancer.sh +++ b/tools/jibri-resolution-enhancer.sh @@ -1,6 +1,6 @@ #!/bin/bash # Simple Jibri resolution enhancer -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GNU GPLv3 or later. while getopts m: option diff --git a/tools/prepare_php.sh b/tools/prepare_php.sh index a1f890a..ba73638 100644 --- a/tools/prepare_php.sh +++ b/tools/prepare_php.sh @@ -1,6 +1,6 @@ #!/bin/bash # Automated PHP environment build for Nextcloud. -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. PHPVER=$1 diff --git a/tools/start-over.sh b/tools/start-over.sh index 31d04a1..84c754a 100644 --- a/tools/start-over.sh +++ b/tools/start-over.sh @@ -1,6 +1,6 @@ #!/bin/bash #Start over -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GPLv3 or later. while getopts m: option diff --git a/tools/test-jibri-env.sh b/tools/test-jibri-env.sh index 321b446..fe651e1 100644 --- a/tools/test-jibri-env.sh +++ b/tools/test-jibri-env.sh @@ -1,6 +1,6 @@ #!/bin/bash # Simple Jibri Env tester -# SwITNet Ltd © - 2024, https://switnet.net/ +# SwITNet Ltd © - 2025, https://switnet.net/ # GNU GPLv3 or later. while getopts m: option -- 2.34.1 From fab9c4abeb856e7645e34104d3096d6214c69c34 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jan 2025 22:50:29 -0600 Subject: [PATCH 12/28] replace RSA in favor of ED25519 and increase strenght --- quick_jibri_installer.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 50625ed..f108e49 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -913,10 +913,11 @@ useradd -m -g jibri "$MJS_USER" echo "$MJS_USER:$MJS_USER_PASS" | chpasswd #Create ssh key and restrict connections -sudo su "$MJS_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +sudo su "$MJS_USER" -c "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -o -a 200 -q -N ''" #Allow password authentication sed -i "s|PasswordAuthentication .*|PasswordAuthentication yes|" /etc/ssh/sshd_config -systemctl restart sshd +systemctl daemon-reload +systemctl restart ssh.service ssh.socket #Setting varibales for add-jibri-node.sh sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jibri-node.sh -- 2.34.1 From 39d1890ee896e2dcad56873238e30e4c4bcab2b1 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 21 Jan 2025 00:44:42 -0600 Subject: [PATCH 13/28] return to user docker container store credentials for later revision --- etherpad-docker.sh | 49 ++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index cc97857..559d9f8 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -64,13 +64,20 @@ WS_CONF_MATCH1="# ensure all static content can always be found first" read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS +install -m 600 /dev/null /var/opt/etherpad_details.txt +cat << EOF > /var/opt/etherpad_details.txt +ETHERPAD_ADMIN_PASS=$ETHERPAD_ADMIN_PASS +ETHERPAD_DB_USER=$ETHERPAD_DB_USER +ETHERPAD_DB_NAME=$ETHERPAD_DB_NAME +ETHERPAD_DB_PASS=$ETHERPAD_DB_PASS +EOF + # Make sure we can rely on the match strings. printf "> Testing match strings on config files.\n" test_match "$WS_MATCH1" "$WS_CONF" # Install required packages install_ifnot docker.io -install_ifnot docker-compose install_ifnot postgresql-"$PSGVER" # Create DB @@ -81,26 +88,26 @@ CREATE USER ${ETHERPAD_DB_USER} WITH ENCRYPTED PASSWORD '${ETHERPAD_DB_PASS}'; GRANT ALL PRIVILEGES ON DATABASE ${ETHERPAD_DB_NAME} TO ${ETHERPAD_DB_USER}; DB -# Set environment varibales for docker -mkdir /opt/etherpad -cat << EOF > /opt/etherpad/.env -DOCKER_COMPOSE_APP_ADMIN_PASSWORD="$ETHERPAD_ADMIN_PASS" -DOCKER_COMPOSE_APP_DB_CHARSET="utf8mb4" -DOCKER_COMPOSE_POSTGRES_HOST="localhost" -DOCKER_COMPOSE_POSTGRES_USER="$ETHERPAD_DB_USER" -DOCKER_COMPOSE_POSTGRES_DATABASE="$ETHERPAD_DB_NAME" -DOCKER_COMPOSE_POSTGRES_PASSWORD="$ETHERPAD_DB_PASS" -DOCKER_COMPOSE_POSTGRES_PORT="5432" -#DOCKER_COMPOSE_APP_DEFAULT_PAD_TEXT= -DOCKER_COMPOSE_APP_DISABLE_IP_LOGGING="false" -DOCKER_COMPOSE_APP_SOFFICE="null" -DOCKER_COMPOSE_APP_TRUST_PROXY="true" -EOF -chmod 644 /opt/etherpad/.env -cp files/etherpad/docker-compose.yml /opt/etherpad/ -chmod 644 /opt/etherpad/docker-compose.yml - -docker-compose -f /opt/etherpad/docker-compose.yml up -d +# Check fot docker if not running then execute +if [ ! "$(docker ps -q -f name=etherpad)" ]; then + if [ "$(docker ps -aq -f status=exited -f name=etherpad)" ]; then + # cleanup + docker rm etherpad + fi + # run your container + docker run -d --restart always \ + --network=host \ + --name etherpad \ + -p 127.0.0.1:9001:9001 \ + -e "ADMIN_PASSWORD=$ETHERPAD_ADMIN_PASS" \ + -e "DB_TYPE=postgres" \ + -e "DB_HOST=localhost" \ + -e "DB_PORT=5432" \ + -e "DB_NAME=$ETHERPAD_DB_NAME" \ + -e "DB_USER=$ETHERPAD_DB_USER" \ + -e "DB_PASS=$ETHERPAD_DB_PASS" \ + -i -t etherpad/etherpad +fi # Tune webserver for Jitsi App control -- 2.34.1 From 79fc0de403c1764d8705eb8aae88e566f58b414a Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 21 Jan 2025 00:46:18 -0600 Subject: [PATCH 14/28] fix bad usage of interactive shell docker --- etherpad-docker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index 559d9f8..fc44530 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -106,7 +106,7 @@ if [ ! "$(docker ps -q -f name=etherpad)" ]; then -e "DB_NAME=$ETHERPAD_DB_NAME" \ -e "DB_USER=$ETHERPAD_DB_USER" \ -e "DB_PASS=$ETHERPAD_DB_PASS" \ - -i -t etherpad/etherpad + etherpad/etherpad fi # Tune webserver for Jitsi App control -- 2.34.1 From ab5a180fd6377dd47c893400349a9fd04bad64d0 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 21 Jan 2025 02:31:30 -0600 Subject: [PATCH 15/28] make sure to set all necessary permissions for public table --- etherpad-docker.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index fc44530..fe38da3 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -86,13 +86,19 @@ sudo -u postgres psql < Date: Tue, 21 Jan 2025 03:27:18 -0600 Subject: [PATCH 16/28] set mapping for nginx connection upgrade --- etherpad-docker.sh | 9 +++++++++ grafana.sh | 13 ++++++++----- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index fe38da3..186c5b8 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -61,6 +61,7 @@ ETHERPAD_DB_USER="dockerpad" ETHERPAD_DB_NAME="etherpad" ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" WS_CONF_MATCH1="# ensure all static content can always be found first" +WS_MATCH2="upstream prosody {" read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS @@ -75,6 +76,7 @@ EOF # Make sure we can rely on the match strings. printf "> Testing match strings on config files.\n" test_match "$WS_MATCH1" "$WS_CONF" +test_match "$WS_MATCH2" "$WS_CONF" # Install required packages install_ifnot docker.io @@ -120,6 +122,13 @@ fi if [ "$(grep -c etherpad "$WS_CONF")" != 0 ]; then echo "> Webserver seems configured, skipping..." elif [ -f "$WS_CONF" ]; then + if ! grep -q 'map $http_upgrade $connection_upgrade' "$WS_CONF"; then + sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections or Etherpad" "$WS_CONF" + sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF" + sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF" + sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF" + sed -i "/$WS_MATCH2/i }" "$WS_CONF" + fi echo "> Setting up webserver configuration file..." sed -i "/$WS_CONF_MATCH1/i \ \ \ \ #Etherpad block" "$WS_CONF" sed -i "/$WS_CONF_MATCH1/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF" diff --git a/grafana.sh b/grafana.sh index 76e9ede..8e18001 100644 --- a/grafana.sh +++ b/grafana.sh @@ -194,11 +194,14 @@ if [ -f "$WS_CONF" ]; then sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF" sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF" - sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections." "$WS_CONF" - sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF" - sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF" - sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF" - sed -i "/$WS_MATCH2/i }" "$WS_CONF" + if ! grep -q 'map $http_upgrade $connection_upgrade' "$WS_CONF"; then + sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections or Etherpad" "$WS_CONF" + sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF" + sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF" + sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF" + sed -i "/$WS_MATCH2/i }" "$WS_CONF" + fi + sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF" sed -i "/$WS_MATCH2/i upstream grafana {" "$WS_CONF" sed -i "/$WS_MATCH2/i \ \ server localhost:3000;" "$WS_CONF" -- 2.34.1 From 7a93ca19055323f5c09911fa289c0a190548df9c Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 21 Jan 2025 17:27:32 -0600 Subject: [PATCH 17/28] fix and minimize required db permissions --- etherpad-docker.sh | 12 +++++------- jra_nextcloud.sh | 1 + 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index 186c5b8..994d6c6 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -88,12 +88,7 @@ sudo -u postgres psql < Webserver seems configured, skipping..." elif [ -f "$WS_CONF" ]; then + echo "> Setting up webserver configuration file..." if ! grep -q 'map $http_upgrade $connection_upgrade' "$WS_CONF"; then + echo " > Setting mapping upgrade connection." sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections or Etherpad" "$WS_CONF" sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF" sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF" sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF" sed -i "/$WS_MATCH2/i }" "$WS_CONF" + else + echo " > Upgrade connection mapping already setup." fi - echo "> Setting up webserver configuration file..." sed -i "/$WS_CONF_MATCH1/i \ \ \ \ #Etherpad block" "$WS_CONF" sed -i "/$WS_CONF_MATCH1/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF" sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF" diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index f6de6ef..2a4c85b 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -196,6 +196,7 @@ sudo -u postgres psql < Date: Tue, 21 Jan 2025 17:28:42 -0600 Subject: [PATCH 18/28] announce if mapping is being set or applied. --- grafana.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/grafana.sh b/grafana.sh index 8e18001..bab3763 100644 --- a/grafana.sh +++ b/grafana.sh @@ -179,6 +179,7 @@ while [ $secs -gt 0 ]; do done if [ -f "$WS_CONF" ]; then + echo "> Setting up webserver configuration file..." sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana." "$WS_CONF" sed -i "/$WS_MATCH1/i \ \ \ \ location ~ ^/(grafana/|grafana/login) {" "$WS_CONF" sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF" @@ -193,15 +194,16 @@ if [ -f "$WS_CONF" ]; then sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF" sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF" sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF" - if ! grep -q 'map $http_upgrade $connection_upgrade' "$WS_CONF"; then + echo " > Setting mapping upgrade connection." sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections or Etherpad" "$WS_CONF" sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF" sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF" sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF" sed -i "/$WS_MATCH2/i }" "$WS_CONF" + else + echo " > Upgrade connection mapping already setup." fi - sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF" sed -i "/$WS_MATCH2/i upstream grafana {" "$WS_CONF" sed -i "/$WS_MATCH2/i \ \ server localhost:3000;" "$WS_CONF" -- 2.34.1 From 4f8a0884e62ce7e2d0fb44ca90c7aab0e9845f71 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 21 Jan 2025 20:10:07 -0600 Subject: [PATCH 19/28] yet again more db tweaking --- etherpad-docker.sh | 2 ++ jra_nextcloud.sh | 3 +++ 2 files changed, 5 insertions(+) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index 994d6c6..eac8302 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -88,6 +88,8 @@ sudo -u postgres psql < Date: Tue, 21 Jan 2025 21:55:01 -0600 Subject: [PATCH 20/28] slim redundant set --- etherpad-docker.sh | 1 - jra_nextcloud.sh | 1 - 2 files changed, 2 deletions(-) diff --git a/etherpad-docker.sh b/etherpad-docker.sh index eac8302..c0b40af 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -90,7 +90,6 @@ CREATE USER ${ETHERPAD_DB_USER} WITH ENCRYPTED PASSWORD '${ETHERPAD_DB_PASS}'; GRANT ALL PRIVILEGES ON DATABASE ${ETHERPAD_DB_NAME} TO ${ETHERPAD_DB_USER}; \c ${ETHERPAD_DB_NAME} ALTER SCHEMA public OWNER TO ${ETHERPAD_DB_USER}; -GRANT CREATE, USAGE ON SCHEMA public TO ${ETHERPAD_DB_USER}; DB # Check fot docker if not running then execute diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 47f986f..b6b56e0 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -198,7 +198,6 @@ CREATE USER ${NC_DB_USER} WITH ENCRYPTED PASSWORD '${NC_DB_PASSWD}'; GRANT ALL PRIVILEGES ON DATABASE ${NC_DB} TO ${NC_DB_USER}; \c nextcloud_db ALTER SCHEMA public OWNER TO ${NC_DB_USER}; -GRANT CREATE, USAGE ON SCHEMA public TO ${NC_DB_USER}; DB echo -e "\nDone!\n" -- 2.34.1 From 7ebd6e5d38a0e56df0d9d69186cf5546d5ea90da Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 21 Jan 2025 23:42:35 -0600 Subject: [PATCH 21/28] remove droppped file approach --- files/etherpad/docker-compose.yml | 37 ------------------------------- 1 file changed, 37 deletions(-) delete mode 100644 files/etherpad/docker-compose.yml diff --git a/files/etherpad/docker-compose.yml b/files/etherpad/docker-compose.yml deleted file mode 100644 index b7610a8..0000000 --- a/files/etherpad/docker-compose.yml +++ /dev/null @@ -1,37 +0,0 @@ -version: '3.8' - -services: - app: - user: "0:0" - image: etherpad/etherpad:latest - tty: true - stdin_open: true - volumes: - - plugins:/opt/etherpad-lite/src/plugin_packages - - etherpad-var:/opt/etherpad-lite/var - env_file: - - .env - environment: - NODE_ENV: production - ADMIN_PASSWORD: ${DOCKER_COMPOSE_APP_ADMIN_PASSWORD:-admin} - DB_CHARSET: ${DOCKER_COMPOSE_APP_DB_CHARSET:-utf8mb4} - DB_HOST: ${DOCKER_COMPOSE_POSTGRES_HOST:-localhost} - DB_NAME: ${DOCKER_COMPOSE_POSTGRES_DATABASE:-etherpad} - DB_PASS: ${DOCKER_COMPOSE_POSTGRES_PASSWORD:-admin} - DB_PORT: ${DOCKER_COMPOSE_POSTGRES_PORT:-5432} - DB_TYPE: "postgres" - DB_USER: ${DOCKER_COMPOSE_POSTGRES_USER:-admin} - DEFAULT_PAD_TEXT: ${DOCKER_COMPOSE_APP_DEFAULT_PAD_TEXT:- } - DISABLE_IP_LOGGING: ${DOCKER_COMPOSE_APP_DISABLE_IP_LOGGING:-false} - SOFFICE: ${DOCKER_COMPOSE_APP_SOFFICE:-null} - TRUST_PROXY: ${DOCKER_COMPOSE_APP_TRUST_PROXY:-true} - restart: always - ports: - - "${DOCKER_COMPOSE_APP_PORT:-9001}:9001" - -volumes: - plugins: - driver: local - etherpad-var: - driver: local - -- 2.34.1 From 383ad969787e01364b968ef04dea36eb03f883df Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 22 Jan 2025 01:54:14 -0600 Subject: [PATCH 22/28] set debug mode export & add titles format --- quick_jibri_installer.sh | 66 ++++++++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 26 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index f108e49..f33a9b4 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -7,14 +7,15 @@ echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log while getopts m: option do - case "${option}" - in - m) MODE=${OPTARG};; - \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; - esac + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; + esac done if [ "$MODE" = "debug" ]; then + export MODE=debug set -x fi @@ -51,13 +52,13 @@ printwc() { printf "%b$2%b" "$1" "${Color_Off}" } exit_ifinstalled() { - if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then + if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo -e "\nThis instance already has $1 installed, exiting..." echo -e "Please try again on a clean system." echo -e " If you think this is an error, please report to:" echo -e " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" - exit - fi + exit + fi } exit_ifinstalled jitsi-meet @@ -405,6 +406,7 @@ apt-get -y install \ fi fi +###FIXME: Trisquel support broken by lsb_release usage### echo "# Check and Install HWE kernel if possible..." HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" \ 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)")" @@ -420,11 +422,9 @@ fi check_serv -echo " #-------------------------------------------------- -# Install Jitsi Framework +print_title "Install Jitsi Framework" #-------------------------------------------------- -" if [ "$LE_SSL" = "yes" ]; then echo "set jitsi-meet/cert-choice select $CERT_CHOICE_DEBCONF" \ | debconf-set-selections @@ -469,7 +469,9 @@ elif [ "$(npm list -g esprima 2>/dev/null | grep -c "esprima")" == "1" ]; then echo "Good. Esprima package is already installed" fi -echo "# Installing Google Chrome / ChromeDriver" +#-------------------------------------------------- +print_title "Installing Google Chrome / ChromeDriver" +#-------------------------------------------------- if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then echo "Google repository already set." else @@ -484,7 +486,10 @@ rm -rf "$GOOGL_REPO" G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3) CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing" -CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | grep linux64 | grep "$G_CHROME" | tail -1) +CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \ + jq -r ".versions[].downloads.chromedriver | \ + select(. != null) | .[].url" | grep linux64 | \ + grep "$G_CHROME" | tail -1) CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL") GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" @@ -582,15 +587,17 @@ sleep .1 read -p "Leave empty to use the default one (English):$NL" -r L10N_ME #Drop unsecure TLS -while [ "$DROP_TLS1" != "yes" ] && [ "$DROP_TLS1" != "no" ] -do - read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)$NL" -r DROP_TLS1 - if [ "$DROP_TLS1" = "no" ]; then - printf " - TLSv1.0/1.1 will remain.\n\n" - elif [ "$DROP_TLS1" = "yes" ]; then - printf " - TLSv1.0/1.1 will be dropped\n\n" - fi -done +if grep -qE 'TLSv1(\.1)?' /etc/nginx/nginx.conf; then + while [ "$DROP_TLS1" != "yes" ] && [ "$DROP_TLS1" != "no" ] + do + read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)$NL" -r DROP_TLS1 + if [ "$DROP_TLS1" = "no" ]; then + printf " - TLSv1.0/1.1 will remain.\n\n" + elif [ "$DROP_TLS1" = "yes" ]; then + printf " - TLSv1.0/1.1 will be dropped\n\n" + fi + done +fi sleep .1 #Brandless Mode while [ "$ENABLE_BLESSM" != "yes" ] && [ "$ENABLE_BLESSM" != "no" ] @@ -795,7 +802,9 @@ restart_services() { # Configure Jvb2 sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" "$JVB2_SIP" -# Configure Jibri +#-------------------------------------------------- +print_title "Configure Jibri" +#-------------------------------------------------- if [ "$ENABLE_SC" = "yes" ]; then if [ ! -f "$MOD_LIST_FILE" ]; then printf "\n-> Adding external module to list prosody users...\n" @@ -993,7 +1002,9 @@ fi grep -q wasm /etc/nginx/mime.types && sed -i '/types {/,/}/ {/wasm/d}' "$WS_CONF" sleep .1 -#================== Setup prosody conf file ================= +#-------------------------------------------------- +print_title "Setup prosody conf file" +#-------------------------------------------------- ###Setup secure rooms if [ "$ENABLE_SC" = "yes" ]; then @@ -1043,8 +1054,11 @@ VirtualHost "guest.$DOMAIN" P_SR fi -#====================== -# Custom settings + +#-------------------------------------------------- +print_title "Custom settings" +#-------------------------------------------------- + #Start with video muted by default sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" "$MEET_CONF" -- 2.34.1 From a6ac1bfd4d1652056d08072b5476ff2fcbe361c9 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 22 Jan 2025 01:55:04 -0600 Subject: [PATCH 23/28] set default option for HSTS version --- jra_nextcloud.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index b6b56e0..c5414da 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -132,9 +132,10 @@ sleep .1 #Enable HSTS while [ "$ENABLE_HSTS" != "yes" ] && [ "$ENABLE_HSTS" != "no" ] do - read -p "> Do you want to enable HSTS for this domain?: (yes or no) - Be aware this option apply mid-term effects on the domain, choose \"no\" + read -p "> Do you want to enable HSTS for this domain? (yes or no) [default: no]: + Be aware this option apply mid-term effects on the domain, choose \"no\" or leave empty in case you don't know what you are doing. More at https://hstspreload.org/$NL" -r ENABLE_HSTS + ENABLE_HSTS=${ENABLE_HSTS:-no} if [ "$ENABLE_HSTS" = "no" ]; then echo " - HSTS won't be enabled." elif [ "$ENABLE_HSTS" = "yes" ]; then @@ -163,7 +164,7 @@ if [ "$(dpkg-query -W -f='${Status}' jibri 2>/dev/null | grep -c "ok installed") echo "jitsi meet/jibri is installed, checking version:" apt-show-versions jibri else - echo "Wait!, jitsi-meet/jibri is not installed on this system using apt, exiting..." + echo "Wait!, jitsi-meet/jibri is not installed on this system via apt, exiting..." exit fi -- 2.34.1 From 682e3e904483e3cfb9a3f21e07cafef8903232bb Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 22 Jan 2025 01:56:49 -0600 Subject: [PATCH 24/28] (WIP)update add-jibri-node for latest changes. --- add-jibri-node.sh | 253 ++++++++++++++-------------------------------- 1 file changed, 75 insertions(+), 178 deletions(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index f821a11..6d56389 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -49,17 +49,17 @@ JITSI_REPO=$(apt-cache policy | awk '/jitsi/&&/stable/{print$3}' | awk -F / 'NR= JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" DIR_RECORD="/var/jbrecord" REC_DIR="/home/jibri/finalize_recording.sh" -CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" -#PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" +#PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)" +JITSI_GPG_KEY="/etc/apt/trusted.gpg.d/jitsi-key.gpg.key" NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}" NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" -GITHUB_RAW="https://raw.githubusercontent.com" -GIT_REPO="switnet-ltd/quick-jibri-installer" -TEST_JIBRI_ENV="$GITHUB_RAW/$GIT_REPO/unstable/tools/test-jibri-env.sh" +GIT_FORGE="https://forge.switnet.net" +GIT_REPO="switnet/quick-jibri-installer" +TEST_JIBRI_ENV="$GIT_FORGE/$GIT_REPO/raw/branch/master/tools/test-jibri-env.sh" SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)" JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" ### 1_VAR_DEF @@ -186,18 +186,19 @@ hostnamectl set-hostname "jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" sed -i "1i 127.0.0.1 jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts # Jitsi-Meet Repo -echo "Add Jitsi repo" -if [ -z "$JITSI_REPO" ]; then - echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-"$MAIN_SRV_REPO".list - wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - -elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then - echo "Main and node servers repository don't match, extiting.." - exit -elif [ "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then - echo "Main and node servers repository match, continuing..." +printf "\nAdd Jitsi repo\n" +if [ "$JITSI_REPO" = "stable" ]; then + printf " - Jitsi stable repository already installed\n\n" else - echo "Jitsi $JITSI_REPO repository already installed" + echo "deb [signed-by=$JITSI_GPG_KEY] http://download.jitsi.org stable/" \ + > /etc/apt/sources.list.d/jitsi-stable.list + curl -s https://download.jitsi.org/jitsi-key.gpg.key \ + > "$JITSI_GPG_KEY" + apt-get update -q2 + JITSI_REPO="stable" fi +sleep .1 + # Requirements echo "We'll start by installing system requirements this may take a while please be patient..." @@ -210,7 +211,7 @@ apt-get -y install \ curl \ ffmpeg \ git \ - htop \ + btop \ inotify-tools \ jq \ rsync \ @@ -219,32 +220,30 @@ apt-get -y install \ wget check_snd_driver() { -echo -e "\n# Checking ALSA - Loopback module..." -echo "snd-aloop" | tee -a /etc/modules -modprobe snd-aloop -if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then - echo " -#----------------------------------------------------------------------- -# Audio driver seems - OK. -#-----------------------------------------------------------------------" -else - echo " -#----------------------------------------------------------------------- -# Your audio driver might not be able to load. -# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool. -#-----------------------------------------------------------------------" -curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh -#Test tool - if [ "$MODE" = "debug" ]; then - bash /tmp/test-jibri-env.sh -m debug - else - bash /tmp/test-jibri-env.sh - fi -rm /tmp/test-jibri-env.sh -read -n 1 -s -r -p "Press any key to continue..."$'\n' -fi + printf "\n# Checking ALSA - Loopback module..." + echo "snd-aloop" | tee -a /etc/modules + modprobe snd-aloop + if [ "$(lsmod|awk '/snd_aloop/{print$1}'|awk 'NR==1')" = "snd_aloop" ]; then + echo -e "\n#-----------------------------------------------------------------------" + echo "# Audio driver seems - OK." + echo -e "#-----------------------------------------------------------------------\n" + else + echo -e "\n#-----------------------------------------------------------------------" + echo "# Your audio driver might not be able to load." + echo "# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool." + echo -e "#-----------------------------------------------------------------------\n" + curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh + #Test tool + if [ "$MODE" = "debug" ]; then + bash /tmp/test-jibri-env.sh -m debug + else + bash /tmp/test-jibri-env.sh + fi + read -n 1 -s -r -p "Press any key to continue..."$'\n' + fi } +###FIXME: Trisquel support broken by lsb_release usage### echo "# Check and Install HWE kernel if possible..." HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")" if [ "$HWE_VIR_MOD" = "1" ]; then @@ -270,27 +269,37 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then echo "Google repository already set." else echo "Installing Google Chrome Stable" - wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - + curl -s https://dl.google.com/linux/linux_signing_key.pub | \ + gpg --dearmor | tee /etc/apt/trusted.gpg.d/google-chrome-key.gpg >/dev/null echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" fi apt-get -q2 update -apt-get install -y google-chrome-stable -rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list +apt-get install -yq2 google-chrome-stable +rm -rf "$GOOGL_REPO" + +G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3) +CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing" +CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \ + jq -r ".versions[].downloads.chromedriver | \ + select(. != null) | .[].url" | grep linux64 | \ + grep "$G_CHROME" | tail -1) +CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL") +GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" if [ -f /usr/local/bin/chromedriver ]; then echo "Chromedriver already installed." else echo "Installing Chromedriver" - wget -q https://chromedriver.storage.googleapis.com/"$CHD_VER"/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip - unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/ + wget -q "$CHD_LTST_DWNL" \ + -O /tmp/chromedriver_linux64.zip + unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/ + mv /usr/local/bin/chromedriver-linux64/chromedriver /usr/local/bin/chromedriver chown root:root /usr/local/bin/chromedriver chmod 0755 /usr/local/bin/chromedriver - rm -rf /tpm/chromedriver_linux64.zip + rm -rf /tmp/chromedriver_linux64.zip fi -echo " -Check Google Software Working... -" +printf "\nCheck Google Software Working...\n" /usr/bin/google-chrome --version /usr/local/bin/chromedriver --version | awk '{print$1,$2}' @@ -299,15 +308,13 @@ echo ' Start Jibri configuration ######################################################################## ' -echo " -Remove Chrome warning... -" +printf "\nRemove Chrome warning...\n" mkdir -p /etc/opt/chrome/policies/managed echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON" # Recording directory if [ ! -d "$DIR_RECORD" ]; then -mkdir "$DIR_RECORD" + mkdir "$DIR_RECORD" fi chown -R jibri:jibri "$DIR_RECORD" @@ -323,19 +330,10 @@ echo "or storage provider, etc.) in this script" >> /tmp/finalize.out chmod -R 770 \$RECORDINGS_DIR -#Rename folder. -LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -n -r|awk '{print\$2}'| grep -v "meta\|-" | head -n1)" -NJF_NAME="\$(find \$LJF_PATH |grep -e "-"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)" +LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -nr|sed 1d|awk '{print\$2}'| grep -v "meta\|_" | head -n1)" +NJF_NAME="\$(find \$LJF_PATH |grep "mp4"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)" NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME" - -##Prevent empty recording directory failsafe -if [ "\$LJF_PATH" != "\$RECORDINGS_DIR" ]; then - mv \$LJF_PATH \$NJF_PATH - #Workaround for jibri to do cleaning. - ssh -i /home/jibri/jbsync.pem $MJS_USER@$MAIN_SRV_DOMAIN "rm -r \$LJF_PATH" -else - echo "No new folder recorded, not removing anything." -fi +mv \$LJF_PATH \$NJF_PATH exit 0 REC_DIR @@ -344,117 +342,15 @@ chmod +x "$REC_DIR" ## New Jibri Config (2020) mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file -cat << NEW_CONF > "$JIBRI_CONF" -// New XMPP environment config. -jibri { - streaming { - // A list of regex patterns for allowed RTMP URLs. The RTMP URL used - // when starting a stream must match at least one of the patterns in - // this list. - rtmp-allow-list = [ - // By default, all services are allowed - ".*" - ] - } - ffmpeg { - resolution = "$JIBRI_RES_CONF" - } - chrome { - // The flags which will be passed to chromium when launching - flags = [ - "--use-fake-ui-for-media-stream", - "--start-maximized", - "--kiosk", - "--enabled", - "--disable-infobars", - "--autoplay-policy=no-user-gesture-required", - "--ignore-certificate-errors", - "--disable-dev-shm-usage" - ] - } - stats { - enable-stats-d = true - } - call-status-checks { - // If all clients have their audio and video muted and if Jibri does not - // detect any data stream (audio or video) comming in, it will stop - // recording after NO_MEDIA_TIMEOUT expires. - no-media-timeout = 30 seconds - - // If all clients have their audio and video muted, Jibri consideres this - // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires. - all-muted-timeout = 10 minutes - - // When detecting if a call is empty, Jibri takes into consideration for how - // long the call has been empty already. If it has been empty for more than - // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording. - default-call-empty-timeout = 30 seconds - } - recording { - recordings-directory = $DIR_RECORD - finalize-script = $REC_DIR - } - api { - xmpp { - environments = [ - { - // A user-friendly name for this environment - name = "$JB_NAME" - - // A list of XMPP server hosts to which we'll connect - xmpp-server-hosts = [ "$MAIN_SRV_DOMAIN" ] - - // The base XMPP domain - xmpp-domain = "$MAIN_SRV_DOMAIN" - - // The MUC we'll join to announce our presence for - // recording and streaming services - control-muc { - domain = "internal.auth.$MAIN_SRV_DOMAIN" - room-name = "$JibriBrewery" - nickname = "machine-id" - } - - // The login information for the control MUC - control-login { - domain = "auth.$MAIN_SRV_DOMAIN" - username = "jibri" - password = "$JB_AUTH_PASS" - } - - // An (optional) MUC configuration where we'll - // join to announce SIP gateway services - // sip-control-muc { - // domain = "domain" - // room-name = "room-name" - // nickname = "nickname" - // } - - // The login information the selenium web client will use - call-login { - domain = "recorder.$MAIN_SRV_DOMAIN" - username = "recorder" - password = "$JB_REC_PASS" - } - - // The value we'll strip from the room JID domain to derive - // the call URL - strip-from-room-domain = "conference." - - // How long Jibri sessions will be allowed to last before - // they are stopped. A value of 0 allows them to go on - // indefinitely - usage-timeout = 0 hour - - // Whether or not we'll automatically trust any cert on - // this XMPP domain - trust-all-xmpp-certs = true - } - ] - } - } -} -NEW_CONF +cp files/jibri.conf "$JIBRI_CONF" +sed -i "s|JIBRI_RES_CONF|$JIBRI_RES_CONF|g" "$JIBRI_CONF" +sed -i "s|DIR_RECORD|$DIR_RECORD|g" "$JIBRI_CONF" +sed -i "s|REC_DIR|$REC_DIR|g" "$JIBRI_CONF" +sed -i "s|JB_NAME|$JB_NAME|g" "$JIBRI_CONF" +sed -i "s|DOMAIN|$DOMAIN|g" "$JIBRI_CONF" +sed -i "s|JibriBrewery|$JibriBrewery|g" "$JIBRI_CONF" +sed -i "s|JB_AUTH_PASS|$JB_AUTH_PASS|g" "$JIBRI_CONF" +sed -i "s|JB_REC_PASS|$JB_REC_PASS|g" "$JIBRI_CONF" #Jibri xorg resolution sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF" @@ -465,15 +361,16 @@ echo "$NJN_USER:$NJN_USER_PASS" | chpasswd echo -e "\n---- We'll connect to main server ----" read -n 1 -s -r -p "Press any key to continue..."$'\n' -sudo su "$NJN_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +sudo su "$NJN_USER" -c "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -o -a 200 -q -N ''" -#Workaround for jibri to do cleaning. install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_rsa /home/jibri/jbsync.pem sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts" sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" +sudo su jibri -c "ssh-keyscan -t ed25519 $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n" ssh-keyscan -t rsa "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts +ssh-keyscan -t ed25519 "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub sudo su "$NJN_USER" -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" -- 2.34.1 From cdda1df69ba1792eeb6a5e5f6d7d32f843eb75f7 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 22 Jan 2025 02:33:39 -0600 Subject: [PATCH 25/28] simplify and remove unused function --- add-jibri-node.sh | 2 +- jra_nextcloud.sh | 2 +- quick_jibri_installer.sh | 9 +-------- 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 6d56389..5b53d5f 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -52,7 +52,7 @@ REC_DIR="/home/jibri/finalize_recording.sh" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" -#PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)" +#PUBLIC_IP="$(wget -qO- https://api.ipify.org)" JITSI_GPG_KEY="/etc/apt/trusted.gpg.d/jitsi-key.gpg.key" NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}" diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index c5414da..3703a35 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -59,7 +59,7 @@ DIR_RECORD="$(awk -F '"' '/RECORDING/{print$2}' /home/jibri/finalize_recording REDIS_CONF="/etc/redis/redis.conf" JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" [ -f "$JITSI_MEET_PROXY" ] && PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1) -PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)" +PUBLIC_IP="$(wget -qO- https://api.ipify.org)" ISO3166_CODE=TBD NL="$(printf '\n ')" diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index f33a9b4..4cf3ea7 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -38,7 +38,7 @@ DIST=$(lsb_release -sc) GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') PROSODY_REPO="$(apt-cache policy | awk '/prosody/{print$3}' | awk -F "/" 'NR==1{print$2}')" -PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)" +PUBLIC_IP="$(wget -qO- https://api.ipify.org)" NL="$(printf '\n ')" NODEJS_VER="18" JITSI_GPG_KEY="/etc/apt/trusted.gpg.d/jitsi-key.gpg.key" @@ -117,12 +117,6 @@ check_snd_driver() { var_dlim() { grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1 } -add_gpg_keyring() { - apt-key adv --recv-keys --keyserver keyserver.ubuntu.com \$1 - apt-key export \$1 | gpg --dearmour | tee /tmp/\$1.gpg >/dev/null - apt-key del \$1 - mv /tmp/\$1.gpg /etc/apt/trusted.gpg.d/ -} add_prosody_repo() { echo "Add Prosody repo" if [ "$PROSODY_REPO" = "main" ]; then @@ -1054,7 +1048,6 @@ VirtualHost "guest.$DOMAIN" P_SR fi - #-------------------------------------------------- print_title "Custom settings" #-------------------------------------------------- -- 2.34.1 From 3b1a774ee6b79c8eb2783c2774786b6bfd9cd084 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 20 Feb 2025 01:20:21 -0600 Subject: [PATCH 26/28] continue migration to ed25519 --- add-jibri-node.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 5b53d5f..1190511 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -59,6 +59,7 @@ NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}" NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" GIT_FORGE="https://forge.switnet.net" GIT_REPO="switnet/quick-jibri-installer" +JIBRI_CONF_ONLINE="$GIT_FORGE/$GIT_REPO/raw/branch/master/files/jibri.conf" TEST_JIBRI_ENV="$GIT_FORGE/$GIT_REPO/raw/branch/master/tools/test-jibri-env.sh" SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)" JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" @@ -342,12 +343,12 @@ chmod +x "$REC_DIR" ## New Jibri Config (2020) mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file -cp files/jibri.conf "$JIBRI_CONF" +curl -s "$JIBRI_CONF_ONLINE" > "$JIBRI_CONF" sed -i "s|JIBRI_RES_CONF|$JIBRI_RES_CONF|g" "$JIBRI_CONF" sed -i "s|DIR_RECORD|$DIR_RECORD|g" "$JIBRI_CONF" sed -i "s|REC_DIR|$REC_DIR|g" "$JIBRI_CONF" sed -i "s|JB_NAME|$JB_NAME|g" "$JIBRI_CONF" -sed -i "s|DOMAIN|$DOMAIN|g" "$JIBRI_CONF" +sed -i "s|DOMAIN|$MAIN_SRV_DOMAIN|g" "$JIBRI_CONF" sed -i "s|JibriBrewery|$JibriBrewery|g" "$JIBRI_CONF" sed -i "s|JB_AUTH_PASS|$JB_AUTH_PASS|g" "$JIBRI_CONF" sed -i "s|JB_REC_PASS|$JB_REC_PASS|g" "$JIBRI_CONF" @@ -363,7 +364,7 @@ echo -e "\n---- We'll connect to main server ----" read -n 1 -s -r -p "Press any key to continue..."$'\n' sudo su "$NJN_USER" -c "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -o -a 200 -q -N ''" -install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_rsa /home/jibri/jbsync.pem +install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_ed25519 /home/jibri/jbsync.pem sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts" sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" sudo su jibri -c "ssh-keyscan -t ed25519 $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" @@ -371,7 +372,10 @@ sudo su jibri -c "ssh-keyscan -t ed25519 $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/kn echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n" ssh-keyscan -t rsa "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts ssh-keyscan -t ed25519 "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts -ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub +[ -f /home/"$NJN_USER"/.ssh/id_rsa.pub ] && \ + ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub +[ -f /home/"$NJN_USER"/.ssh/id_ed25519.pub ] && \ + ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_ed25519.pub sudo su "$NJN_USER" -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" echo -e "\n---- Setup Log system ----" -- 2.34.1 From 0db355c5c5dbc176259d42cc8d1d221652121f13 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 20 Feb 2025 01:20:57 -0600 Subject: [PATCH 27/28] yet some more style details --- quick_jibri_installer.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 4cf3ea7..a9388f8 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -859,8 +859,8 @@ BREWERY sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" "$MEET_CONF" #Enable recording & livestreaming by default. -echo "> Patching config.js to enable recording and livestreaming by default..." -echo " Read more about patches at the patches folder." +echo -e "\n> Patching config.js to enable recording and livestreaming by default..." +echo -e " Read more about patches at the patches folder.\n" envsubst < \ patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch | \ patch --no-backup-if-mismatch -d / -p1 -- 2.34.1 From 778c98bb595c9a9e22cac66b67fb124d2bb8c950 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 20 Feb 2025 03:15:29 -0600 Subject: [PATCH 28/28] fix permissions on sync script --- add-jibri-node.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 1190511..70cebf3 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -390,7 +390,7 @@ exec 1>/var/log/"$NJN_USER"/remote_jnsync.log 2>&1 # Run sync while true; do inotifywait -t 60 -r -e modify,attrib,close_write,move,delete "$DIR_RECORD" - sudo su "$NJN_USER" -c "rsync -Aax --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD" + sudo su "$NJN_USER" -c "rsync -Aax --chmod=Dg+rwx,Fg+rw --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD" find "$DIR_RECORD" -depth -type d -empty -not -path "$DIR_RECORD" -delete done INOT_RSYNC -- 2.34.1