ConfigLMM 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (121) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +67 -0
  3. data/Examples/Implemented.mm.yaml +75 -1
  4. data/Plugins/Apps/Authentik/Authentik-ProxyOutpost.container +14 -0
  5. data/Plugins/Apps/Authentik/Authentik-Server.container +19 -0
  6. data/Plugins/Apps/Authentik/Authentik-Worker.container +18 -0
  7. data/Plugins/Apps/Authentik/Authentik.conf.erb +42 -0
  8. data/Plugins/Apps/Authentik/Authentik.lmm.rb +95 -0
  9. data/Plugins/Apps/BookStack/BookStack.conf.erb +41 -0
  10. data/Plugins/Apps/BookStack/BookStack.container +15 -0
  11. data/Plugins/Apps/BookStack/BookStack.lmm.rb +80 -0
  12. data/Plugins/Apps/Cassandra/Cassandra.lmm.rb +41 -0
  13. data/Plugins/Apps/Discourse/Discourse-Sidekiq.container +17 -0
  14. data/Plugins/Apps/Discourse/Discourse.conf.erb +41 -0
  15. data/Plugins/Apps/Discourse/Discourse.container +17 -0
  16. data/Plugins/Apps/Discourse/Discourse.lmm.rb +95 -0
  17. data/Plugins/Apps/Dovecot/Dovecot.lmm.rb +171 -0
  18. data/Plugins/Apps/ERPNext/ERPNext-Frontend.container +19 -0
  19. data/Plugins/Apps/ERPNext/ERPNext-Queue.container +17 -0
  20. data/Plugins/Apps/ERPNext/ERPNext-Scheduler.container +17 -0
  21. data/Plugins/Apps/ERPNext/ERPNext-Websocket.container +19 -0
  22. data/Plugins/Apps/ERPNext/ERPNext.container +18 -0
  23. data/Plugins/Apps/ERPNext/ERPNext.lmm.rb +193 -0
  24. data/Plugins/Apps/ERPNext/ERPNext.network +12 -0
  25. data/Plugins/Apps/ERPNext/sites/apps.json +10 -0
  26. data/Plugins/Apps/ERPNext/sites/apps.txt +3 -0
  27. data/Plugins/Apps/ERPNext/sites/common_site_config.json +11 -0
  28. data/Plugins/Apps/GitLab/GitLab.container +18 -0
  29. data/Plugins/Apps/GitLab/GitLab.lmm.rb +100 -0
  30. data/Plugins/Apps/LetsEncrypt/LetsEncrypt.lmm.rb +57 -0
  31. data/Plugins/Apps/LetsEncrypt/hooks/dovecot.sh +2 -0
  32. data/Plugins/Apps/LetsEncrypt/hooks/nginx.sh +2 -0
  33. data/Plugins/Apps/LetsEncrypt/hooks/postfix.sh +2 -0
  34. data/Plugins/Apps/LetsEncrypt/renew-certificates.service +7 -0
  35. data/Plugins/Apps/LetsEncrypt/renew-certificates.timer +12 -0
  36. data/Plugins/Apps/LetsEncrypt/rfc2136.ini +11 -0
  37. data/Plugins/Apps/MariaDB/MariaDB.lmm.rb +115 -0
  38. data/Plugins/Apps/Matrix/Element.container +14 -0
  39. data/Plugins/Apps/Matrix/Matrix.conf.erb +49 -5
  40. data/Plugins/Apps/Matrix/Matrix.lmm.rb +86 -1
  41. data/Plugins/Apps/Matrix/Synapse.container +17 -0
  42. data/Plugins/Apps/Matrix/config.json +50 -0
  43. data/Plugins/Apps/Matrix/homeserver.yaml +70 -0
  44. data/Plugins/Apps/Matrix/log.config +30 -0
  45. data/Plugins/Apps/Nextcloud/Nextcloud.conf.erb +48 -10
  46. data/Plugins/Apps/Nextcloud/Nextcloud.lmm.rb +83 -1
  47. data/Plugins/Apps/Nextcloud/config.php +18 -0
  48. data/Plugins/Apps/Nginx/conf.d/configlmm.conf +71 -0
  49. data/Plugins/Apps/Nginx/config-lmm/errors.conf +11 -5
  50. data/Plugins/Apps/Nginx/config-lmm/proxy.conf +5 -1
  51. data/Plugins/Apps/Nginx/main.conf.erb +31 -0
  52. data/Plugins/Apps/Nginx/nginx.conf +3 -68
  53. data/Plugins/Apps/Nginx/nginx.lmm.rb +83 -22
  54. data/Plugins/Apps/Nginx/proxy.conf.erb +13 -3
  55. data/Plugins/Apps/Odoo/Odoo.conf.erb +30 -13
  56. data/Plugins/Apps/Odoo/Odoo.container +18 -0
  57. data/Plugins/Apps/Odoo/Odoo.lmm.rb +62 -2
  58. data/Plugins/Apps/Odoo/odoo.conf +37 -0
  59. data/Plugins/Apps/OpenVidu/Ingress.container +18 -0
  60. data/Plugins/Apps/OpenVidu/OpenVidu.conf.erb +34 -0
  61. data/Plugins/Apps/OpenVidu/OpenVidu.container +16 -0
  62. data/Plugins/Apps/OpenVidu/OpenVidu.lmm.rb +90 -0
  63. data/Plugins/Apps/OpenVidu/OpenViduCall.conf.erb +35 -0
  64. data/Plugins/Apps/OpenVidu/OpenViduCall.container +15 -0
  65. data/Plugins/Apps/OpenVidu/ingress.yaml +10 -0
  66. data/Plugins/Apps/OpenVidu/livekit.yaml +13 -0
  67. data/Plugins/Apps/PHP-FPM/PHP-FPM.lmm.rb +95 -0
  68. data/Plugins/Apps/Peppermint/Peppermint.conf.erb +60 -0
  69. data/Plugins/Apps/Peppermint/Peppermint.container +15 -0
  70. data/Plugins/Apps/Peppermint/Peppermint.lmm.rb +58 -0
  71. data/Plugins/Apps/Postfix/Postfix.lmm.rb +165 -31
  72. data/Plugins/Apps/Postfix/smtpd.conf +3 -0
  73. data/Plugins/Apps/PostgreSQL/PostgreSQL.lmm.rb +242 -24
  74. data/Plugins/Apps/Roundcube/Roundcube.conf.erb +75 -0
  75. data/Plugins/Apps/Roundcube/Roundcube.lmm.rb +145 -0
  76. data/Plugins/Apps/SSH/SSH.lmm.rb +51 -0
  77. data/Plugins/Apps/Tunnel/tunnel.lmm.rb +63 -0
  78. data/Plugins/Apps/Tunnel/tunnelTCP.service +9 -0
  79. data/Plugins/Apps/Tunnel/tunnelTCP.socket +9 -0
  80. data/Plugins/Apps/Tunnel/tunnelUDP.service +9 -0
  81. data/Plugins/Apps/Tunnel/tunnelUDP.socket +9 -0
  82. data/Plugins/Apps/UVdesk/UVdesk.conf.erb +52 -0
  83. data/Plugins/Apps/UVdesk/UVdesk.lmm.rb +85 -0
  84. data/Plugins/Apps/Valkey/Valkey.lmm.rb +34 -1
  85. data/Plugins/Apps/Vaultwarden/Vaultwarden.conf.erb +35 -18
  86. data/Plugins/Apps/Vaultwarden/Vaultwarden.container +16 -0
  87. data/Plugins/Apps/Vaultwarden/Vaultwarden.lmm.rb +46 -3
  88. data/Plugins/Apps/Wiki.js/Wiki.js.conf.erb +42 -0
  89. data/Plugins/Apps/Wiki.js/Wiki.js.container +15 -0
  90. data/Plugins/Apps/Wiki.js/Wiki.js.lmm.rb +61 -0
  91. data/Plugins/Apps/gollum/gollum.conf.erb +84 -19
  92. data/Plugins/Apps/gollum/gollum.container +15 -0
  93. data/Plugins/Apps/gollum/gollum.lmm.rb +48 -11
  94. data/Plugins/OS/Linux/Debian/preseed.cfg.erb +62 -0
  95. data/Plugins/OS/Linux/Distributions.yaml +42 -0
  96. data/Plugins/OS/Linux/Flavours.yaml +11 -0
  97. data/Plugins/OS/Linux/Linux.lmm.rb +362 -41
  98. data/Plugins/OS/Linux/Packages.yaml +88 -5
  99. data/Plugins/OS/Linux/Proxmox/answer.toml.erb +30 -0
  100. data/Plugins/OS/Linux/WireGuard/WireGuard.lmm.rb +137 -0
  101. data/Plugins/OS/Linux/WireGuard/wg0.conf.erb +15 -0
  102. data/Plugins/OS/Linux/systemd/systemd.lmm.rb +28 -0
  103. data/Plugins/OS/Linux/systemd/user-0.slice +9 -0
  104. data/Plugins/OS/Linux/systemd/user@.service.d/delegate.conf +3 -0
  105. data/Plugins/Platforms/GoDaddy/GoDaddy.lmm.rb +7 -3
  106. data/Plugins/Platforms/libvirt/libvirt.lmm.rb +3 -2
  107. data/Plugins/Services/DNS/PowerDNS.lmm.rb +158 -8
  108. data/README.md +6 -0
  109. data/bootstrap.sh +92 -0
  110. data/lib/ConfigLMM/Framework/plugins/dns.rb +1 -2
  111. data/lib/ConfigLMM/Framework/plugins/linuxApp.rb +249 -45
  112. data/lib/ConfigLMM/Framework/plugins/nginxApp.rb +56 -7
  113. data/lib/ConfigLMM/Framework/plugins/plugin.rb +112 -16
  114. data/lib/ConfigLMM/cli.rb +3 -1
  115. data/lib/ConfigLMM/commands/cleanup.rb +1 -0
  116. data/lib/ConfigLMM/commands/configsCommand.rb +3 -1
  117. data/lib/ConfigLMM/io/configList.rb +3 -1
  118. data/lib/ConfigLMM/state.rb +10 -2
  119. data/lib/ConfigLMM/version.rb +1 -1
  120. metadata +82 -3
  121. data/Plugins/Apps/Nginx/main.conf +0 -30
data/Plugins/Apps/Odoo/Odoo.conf.erb CHANGED
@@ -1,29 +1,46 @@
1
1
 
2
2
  upstream odoo {
3
- server 127.0.0.1:8069;
3
+ <% if config['Server'] %>
4
+ server <%= config['Server'] %>;
5
+ <% else %>
6
+ server 127.0.0.1:8069;
7
+ <% end %>
4
8
  }
5
9
 
6
10
  server {
7
11
 
8
- <% if !config['TLS'] %>
9
- listen <%= config['Port'] %>;
10
- listen [::]:<%= config['Port'] %>;
11
- <% else %>
12
- listen <%= config['Port'] %> ssl;
13
- listen [::]:<%= config['Port'] %> ssl;
12
+ <% if config['NginxVersion'] >= 1.25 %>
13
+ <% if !config['TLS'] %>
14
+ listen <%= config['Port'] %>;
15
+ listen [::]:<%= config['Port'] %>;
16
+ <% else %>
17
+ listen <%= config['Port'] %> ssl;
18
+ listen [::]:<%= config['Port'] %> ssl;
19
+
20
+ include config-lmm/ssl.conf;
21
+ <% end %>
14
22
  http2 on;
15
- include config/ssl.conf;
23
+ http3 on;
24
+ quic_retry on;
25
+ add_header Alt-Svc 'h3=":443"; ma=86400';
26
+ <% else %>
27
+ <% if !config['TLS'] %>
28
+ listen <%= config['Port'] %>;
29
+ listen [::]:<%= config['Port'] %>;
30
+ <% else %>
31
+ listen <%= config['Port'] %> ssl http2;
32
+ listen [::]:<%= config['Port'] %> ssl http2;
33
+
34
+ include config-lmm/ssl.conf;
35
+ <% end %>
16
36
  <% end %>
17
37
 
18
38
  server_name <%= config['Domain'] %>;
19
39
 
20
- root /usr/share/nginx/html;
21
- index index.html index.htm;
22
40
  access_log /var/log/nginx/odoo.access.log;
23
41
  error_log /var/log/nginx/odoo.error.log;
24
42
 
25
- include config/private.conf;
26
- include config/errors.conf;
43
+ include config-lmm/errors.conf;
27
44
 
28
45
  location / {
29
46
  proxy_pass http://odoo;
@@ -31,7 +48,7 @@ server {
31
48
  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
32
49
  proxy_redirect off;
33
50
 
34
- include config/proxy.conf;
51
+ include config-lmm/proxy.conf;
35
52
  }
36
53
 
37
54
  # cache some static data in memory for 60mins
data/Plugins/Apps/Odoo/Odoo.container ADDED
@@ -0,0 +1,18 @@
1
+
2
+ [Unit]
3
+ Description=Odoo container
4
+ After=local-fs.target
5
+
6
+ [Container]
7
+ Image=docker.io/odoo:latest
8
+ EnvironmentFile=/var/lib/odoo/.config/containers/systemd/Odoo.env
9
+ Network=slirp4netns:allow_host_loopback=true
10
+ PublishPort=0.0.0.0:8069:8069
11
+ UserNS=keep-id:uid=101,gid=101
12
+ Volume=/var/lib/odoo/config:/etc/odoo
13
+ Volume=/var/lib/odoo/data:/var/lib/odoo
14
+ Volume=/var/lib/odoo/addons:/mnt/extra-addons
15
+ AutoUpdate=registry
16
+
17
+ [Install]
18
+ WantedBy=multi-user.target default.target
data/Plugins/Apps/Odoo/Odoo.lmm.rb CHANGED
@@ -3,6 +3,9 @@ module ConfigLMM
3
3
  module LMM
4
4
  class Odoo < Framework::NginxApp
5
5
 
6
+ USER = 'odoo'
7
+ HOME_DIR = '/var/lib/odoo'
8
+
6
9
  def actionOdooBuild(id, target, state, context, options)
7
10
  writeNginxConfig(__dir__, 'Odoo', id, target, state, context, options)
8
11
  end
@@ -12,12 +15,69 @@ module ConfigLMM
12
15
  end
13
16
 
14
17
  def actionOdooDeploy(id, target, activeState, context, options)
15
- if !target['Location'] || target['Location'] == '@me'
16
- deployNginxConfig(id, target, activeState, context, options)
18
+ target['Database'] ||= {}
19
+ if target['Location'] && target['Location'] != '@me'
20
+ uri = Addressable::URI.parse(target['Location'])
21
+ raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
22
+
23
+ self.class.sshStart(uri) do |ssh|
24
+
25
+ if !target.key?('Proxy') || target['Proxy'] != 'only'
26
+ dbPassword = self.configurePostgreSQL(target['Database'], ssh)
27
+ distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
28
+ Framework::LinuxApp.configurePodmanServiceOverSSH(USER, HOME_DIR, 'Odoo', distroInfo, ssh)
29
+ self.class.sshExec!(ssh, "su --login #{USER} --shell /bin/sh --command 'mkdir -p ~/config'")
30
+ self.class.sshExec!(ssh, "su --login #{USER} --shell /bin/sh --command 'mkdir -p ~/data'")
31
+ self.class.sshExec!(ssh, "su --login #{USER} --shell /bin/sh --command 'mkdir -p ~/addons'")
32
+
33
+ path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
34
+ dbHost = '10.0.2.2'
35
+ dbHost = target['Database']['HostName'] if target['Database']['HostName']
36
+
37
+ self.class.sshExec!(ssh, " echo 'HOST=#{dbHost}' > #{path}/Odoo.env")
38
+ self.class.sshExec!(ssh, " echo 'USER=#{USER}' >> #{path}/Odoo.env")
39
+ self.class.sshExec!(ssh, " echo 'PASSWORD=#{dbPassword}' >> #{path}/Odoo.env")
40
+ self.class.sshExec!(ssh, "chown #{USER}:#{USER} #{path}/Odoo.env")
41
+ self.class.sshExec!(ssh, "chmod 600 #{path}/Odoo.env")
42
+
43
+ ssh.scp.upload!(__dir__ + '/Odoo.container', path)
44
+ ssh.scp.upload!(__dir__ + '/odoo.conf', HOME_DIR + '/config/')
45
+ self.class.sshExec!(ssh, "chown #{USER}:#{USER} #{HOME_DIR}/config/odoo.conf")
46
+ self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ daemon-reload")
47
+ self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ start Odoo")
48
+ end
49
+
50
+ if !target.key?('Proxy') || target['Proxy'] == true || target['Proxy'] == 'only'
51
+ raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
52
+
53
+ Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
54
+ Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
55
+ self.class.prepareNginxConfig(target, ssh)
56
+ self.writeNginxConfig(__dir__, 'Odoo', id, target, state, context, options)
57
+ self.deployNginxConfig(id, target, activeState, context, options)
58
+ Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
59
+ end
60
+
61
+ Framework::LinuxApp.firewallAddPortOverSSH('8069/tcp', uri)
62
+ end
63
+ else
64
+ if !target.key?('Proxy') || target['Proxy'] == true || target['Proxy'] == 'only'
65
+ deployNginxConfig(id, target, activeState, context, options)
66
+ end
17
67
  activeState['Location'] = '@me'
18
68
  end
19
69
  end
20
70
 
71
+ def configurePostgreSQL(settings, ssh)
72
+ user = USER
73
+ password = SecureRandom.alphanumeric(20)
74
+ PostgreSQL.executeRemotely(settings, ssh) do |ssh|
75
+ self.class.sshExec!(ssh, "su --login #{PostgreSQL::USER_NAME} --command 'createuser --createdb #{user}'", true)
76
+ PostgreSQL.executeSQL("ALTER USER #{user} WITH PASSWORD '#{password}'", nil, ssh)
77
+ end
78
+ password
79
+ end
80
+
21
81
  end
22
82
  end
23
83
  end
data/Plugins/Apps/Odoo/odoo.conf ADDED
@@ -0,0 +1,37 @@
1
+ [options]
2
+ addons_path = /mnt/extra-addons
3
+ data_dir = /var/lib/odoo
4
+ ; admin_passwd = admin
5
+ ; csv_internal_sep = ,
6
+ ; db_maxconn = 64
7
+ ; db_name = False
8
+ ; db_template = template1
9
+ ; dbfilter = .*
10
+ ; debug_mode = False
11
+ ; email_from = False
12
+ ; limit_memory_hard = 2684354560
13
+ ; limit_memory_soft = 2147483648
14
+ ; limit_request = 8192
15
+ ; limit_time_cpu = 60
16
+ ; limit_time_real = 120
17
+ list_db = False
18
+ ; log_db = False
19
+ ; log_handler = [':INFO']
20
+ ; log_level = info
21
+ ; logfile = None
22
+ ; longpolling_port = 8072
23
+ ; max_cron_threads = 2
24
+ ; osv_memory_age_limit = 1.0
25
+ ; osv_memory_count_limit = False
26
+ ; smtp_password = False
27
+ ; smtp_port = 25
28
+ ; smtp_server = localhost
29
+ ; smtp_ssl = False
30
+ ; smtp_user = False
31
+ ; workers = 0
32
+ ; xmlrpc = True
33
+ ; xmlrpc_interface =
34
+ ; xmlrpc_port = 8069
35
+ ; xmlrpcs = True
36
+ ; xmlrpcs_interface =
37
+ ; xmlrpcs_port = 8071
data/Plugins/Apps/OpenVidu/Ingress.container ADDED
@@ -0,0 +1,18 @@
1
+
2
+ [Unit]
3
+ Description=LiveKit Ingress container
4
+ After=local-fs.target
5
+
6
+ [Container]
7
+ Image=docker.io/livekit/ingress:latest
8
+ EnvironmentFile=/var/lib/openvidu/.config/containers/systemd/OpenVidu.env
9
+ Network=slirp4netns:allow_host_loopback=true
10
+ PublishPort=127.0.0.1:1935:1935
11
+ PublishPort=127.0.0.1:8085:8085
12
+ PublishPort=127.0.0.1:7895:7895/udp
13
+ UserNS=keep-id:uid=1000,gid=1000
14
+ Volume=/var/lib/openvidu/ingress.yaml:/etc/ingress.yaml
15
+ AutoUpdate=registry
16
+
17
+ [Install]
18
+ WantedBy=multi-user.target default.target
data/Plugins/Apps/OpenVidu/OpenVidu.conf.erb ADDED
@@ -0,0 +1,34 @@
1
+
2
+ server {
3
+ <% if config['NginxVersion'] >= 1.25 %>
4
+ listen 443 ssl;
5
+ listen [::]:443 ssl;
6
+ http2 on;
7
+ http3 on;
8
+ quic_retry on;
9
+ add_header Alt-Svc 'h3=":443"; ma=86400';
10
+ <% else %>
11
+ listen 443 ssl http2;
12
+ listen [::]:443 ssl http2;
13
+ <% end %>
14
+
15
+ include config-lmm/ssl.conf;
16
+
17
+ server_name <%= config['Domain'] %>;
18
+
19
+ <% if config['CertName'] %>
20
+ ssl_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/fullchain.pem";
21
+ ssl_certificate_key "/etc/letsencrypt/live/<%= config['CertName'] %>/privkey.pem";
22
+ ssl_trusted_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/chain.pem";
23
+ <% end %>
24
+
25
+ access_log /var/log/nginx/openvidu.access.log;
26
+ error_log /var/log/nginx/openvidu.error.log;
27
+
28
+ # Proxy site
29
+ location / {
30
+ proxy_pass http://127.0.0.1:7880;
31
+ include config-lmm/proxy.conf;
32
+ }
33
+
34
+ }
data/Plugins/Apps/OpenVidu/OpenVidu.container ADDED
@@ -0,0 +1,16 @@
1
+
2
+ [Unit]
3
+ Description=OpenVidu container
4
+ After=local-fs.target
5
+
6
+ [Container]
7
+ Image=docker.io/openvidu/openvidu-server:main
8
+ Exec=--config /etc/livekit.yaml --bind=$BindIP
9
+ EnvironmentFile=/var/lib/openvidu/.config/containers/systemd/OpenVidu.env
10
+ Network=host
11
+ UserNS=keep-id:uid=1000,gid=1000
12
+ Volume=/var/lib/openvidu/livekit.yaml:/etc/livekit.yaml
13
+ AutoUpdate=registry
14
+
15
+ [Install]
16
+ WantedBy=multi-user.target default.target
data/Plugins/Apps/OpenVidu/OpenVidu.lmm.rb ADDED
@@ -0,0 +1,90 @@
1
+
2
+ module ConfigLMM
3
+ module LMM
4
+ class OpenVidu < Framework::NginxApp
5
+
6
+ USER = 'openvidu'
7
+ HOME_DIR = '/var/lib/openvidu'
8
+ HOST_IP = '10.0.2.2'
9
+
10
+ def actionOpenViduDeploy(id, target, activeState, context, options)
11
+ raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
12
+ raise Framework::PluginProcessError.new('CallDomain field must be set!') unless target['CallDomain']
13
+
14
+ if target['Location'] && target['Location'] != '@me'
15
+ uri = Addressable::URI.parse(target['Location'])
16
+ raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
17
+
18
+ self.class.sshStart(uri) do |ssh|
19
+
20
+ distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
21
+ Framework::LinuxApp.configurePodmanServiceOverSSH(USER, HOME_DIR, 'OpenVidu', distroInfo, ssh)
22
+
23
+ secretKey = SecureRandom.alphanumeric(40)
24
+ bindIp = target['BindIP']
25
+ bindIp = '127.0.0.1' unless bindIp
26
+
27
+ path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
28
+ self.class.exec("echo 'INGRESS_CONFIG_FILE=/etc/ingress.yaml' > #{path}/OpenVidu.env", ssh)
29
+ self.class.exec("echo 'LIVEKIT_URL=wss://#{target['Domain']}' >> #{path}/OpenVidu.env", ssh)
30
+ self.class.exec("echo 'LIVEKIT_API_KEY=Main' >> #{path}/OpenVidu.env", ssh)
31
+ self.class.exec("echo 'LIVEKIT_API_SECRET=#{secretKey}' >> #{path}/OpenVidu.env", ssh)
32
+ self.class.exec("echo 'CALL_PRIVATE_ACCESS=true' >> #{path}/OpenVidu.env", ssh)
33
+ self.class.exec("echo 'CALL_USER=guest' >> #{path}/OpenVidu.env", ssh)
34
+ callSecret = SecureRandom.alphanumeric(20)
35
+ prompt.say("OpenVidu Call guest password: #{callSecret}", :color => :magenta)
36
+ self.class.exec("echo 'CALL_SECRET=#{callSecret}' >> #{path}/OpenVidu.env", ssh)
37
+ self.class.exec("echo 'CALL_ADMIN_USER=admin' >> #{path}/OpenVidu.env", ssh)
38
+ callAdminSecret = SecureRandom.alphanumeric(20)
39
+ prompt.say("OpenVidu Call admin password: #{callAdminSecret}", :color => :magenta)
40
+ self.class.exec("echo 'CALL_ADMIN_SECRET=#{callAdminSecret}' >> #{path}/OpenVidu.env", ssh)
41
+
42
+ ssh.scp.upload!(__dir__ + '/livekit.yaml', HOME_DIR)
43
+ ssh.scp.upload!(__dir__ + '/ingress.yaml', HOME_DIR)
44
+
45
+ self.class.exec("sed -i 's|$SECRET|#{secretKey}|' #{HOME_DIR}/livekit.yaml", ssh)
46
+
47
+ if target['Valkey']
48
+ self.class.exec("sed -i 's|10.0.2.2|#{target['Valkey']['Host']}|' #{HOME_DIR}/ingress.yaml", ssh) if target['Valkey']['Host']
49
+ end
50
+ if ENV['VALKEY_PASSWORD']
51
+ self.class.exec("sed -i 's|password:|password: #{ENV['VALKEY_PASSWORD']}|' #{HOME_DIR}/ingress.yaml", ssh)
52
+ end
53
+
54
+ self.class.exec("chown #{USER}:#{USER} #{path}/OpenVidu.env #{HOME_DIR}/livekit.yaml #{HOME_DIR}/ingress.yaml", ssh)
55
+ self.class.exec("chmod 600 #{path}/OpenVidu.env #{HOME_DIR}/livekit.yaml #{HOME_DIR}/ingress.yaml", ssh)
56
+
57
+ ssh.scp.upload!(__dir__ + '/OpenVidu.container', path)
58
+ ssh.scp.upload!(__dir__ + '/OpenViduCall.container', path)
59
+ ssh.scp.upload!(__dir__ + '/Ingress.container', path)
60
+
61
+ self.class.exec("sed -i 's|$BindIP|#{bindIp}|' #{path}/OpenVidu.container", ssh)
62
+
63
+ Framework::LinuxApp.firewallAddPortOverSSH('7881/tcp', ssh)
64
+ Framework::LinuxApp.firewallAddPortOverSSH('7900-7999/udp', ssh)
65
+ Framework::LinuxApp.firewallAddPortOverSSH('45000-55000/udp', ssh)
66
+
67
+ self.class.exec("systemctl --user --machine=#{USER}@ daemon-reload", ssh)
68
+ self.class.exec("systemctl --user --machine=#{USER}@ restart OpenVidu", ssh)
69
+ self.class.exec("systemctl --user --machine=#{USER}@ restart OpenViduCall", ssh)
70
+ self.class.exec("systemctl --user --machine=#{USER}@ restart Ingress", ssh)
71
+
72
+ Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
73
+ Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
74
+ self.class.prepareNginxConfig(target, ssh)
75
+ target['CallDomain'] = Addressable::IDNA.to_ascii(target['CallDomain'])
76
+ self.writeNginxConfig(__dir__, 'OpenVidu', id, target, state, context, options)
77
+ self.writeNginxConfig(__dir__, 'OpenViduCall', id, target, state, context, options)
78
+ self.deployNginxConfig(id, target, activeState, context, options)
79
+ Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
80
+
81
+ end
82
+ else
83
+ # TODO
84
+ end
85
+ end
86
+
87
+ end
88
+ end
89
+ end
90
+
data/Plugins/Apps/OpenVidu/OpenViduCall.conf.erb ADDED
@@ -0,0 +1,35 @@
1
+
2
+ server {
3
+ <% if config['NginxVersion'] >= 1.25 %>
4
+ listen 443 ssl;
5
+ listen [::]:443 ssl;
6
+ http2 on;
7
+ http3 on;
8
+ quic_retry on;
9
+ add_header Alt-Svc 'h3=":443"; ma=86400';
10
+ <% else %>
11
+ listen 443 ssl http2;
12
+ listen [::]:443 ssl http2;
13
+ <% end %>
14
+
15
+ include config-lmm/ssl.conf;
16
+
17
+ server_name <%= config['CallDomain'] %>;
18
+
19
+ <% if config['CallCertName'] %>
20
+ ssl_certificate "/etc/letsencrypt/live/<%= config['CallCertName'] %>/fullchain.pem";
21
+ ssl_certificate_key "/etc/letsencrypt/live/<%= config['CallCertName'] %>/privkey.pem";
22
+ ssl_trusted_certificate "/etc/letsencrypt/live/<%= config['CallCertName'] %>/chain.pem";
23
+ <% end %>
24
+
25
+ access_log /var/log/nginx/openvidu-call.access.log;
26
+ error_log /var/log/nginx/openvidu-call.error.log;
27
+
28
+ # Proxy site
29
+ location / {
30
+ proxy_pass http://127.0.0.1:6080;
31
+ include config-lmm/proxy.conf;
32
+ }
33
+
34
+ }
35
+
data/Plugins/Apps/OpenVidu/OpenViduCall.container ADDED
@@ -0,0 +1,15 @@
1
+
2
+
3
+ [Unit]
4
+ Description=OpenVidu Call container
5
+ After=local-fs.target
6
+
7
+ [Container]
8
+ Image=docker.io/openvidu/openvidu-call:main
9
+ EnvironmentFile=/var/lib/openvidu/.config/containers/systemd/OpenVidu.env
10
+ PublishPort=127.0.0.1:6080:6080
11
+ UserNS=keep-id:uid=1000,gid=1000
12
+ AutoUpdate=registry
13
+
14
+ [Install]
15
+ WantedBy=multi-user.target default.target
data/Plugins/Apps/OpenVidu/ingress.yaml ADDED
@@ -0,0 +1,10 @@
1
+ redis:
2
+ address: 10.0.2.2:6379
3
+ username: ""
4
+ password:
5
+
6
+ cpu_cost:
7
+ rtmp_cpu_cost: 2
8
+ whip_cpu_cost: 2
9
+ whip_bypass_transcoding_cpu_cost: 0.1
10
+ url_cpu_cost: 2
data/Plugins/Apps/OpenVidu/livekit.yaml ADDED
@@ -0,0 +1,13 @@
1
+ keys:
2
+ Main: $SECRET
3
+
4
+ rtc:
5
+ tcp_port: 7881
6
+ port_range_start: 7900
7
+ port_range_end: 7999
8
+
9
+ turn:
10
+ enabled: true
11
+ udp_port: 3478
12
+ relay_range_start: 45000
13
+ relay_range_end: 55000
data/Plugins/Apps/PHP-FPM/PHP-FPM.lmm.rb ADDED
@@ -0,0 +1,95 @@
1
+
2
+ module ConfigLMM
3
+ module LMM
4
+ class PHP_FPM < Framework::LinuxApp
5
+
6
+ PHPFPM_PACKAGE = 'PHP-FPM'
7
+ PHPFPM_SERVICE = 'php-fpm'
8
+
9
+ def self.writeConfig(name, target, distroInfo, configLines)
10
+ target['PHP-FPM'] ||= {}
11
+
12
+ configLines << "[#{name}]\n"
13
+ configLines << "user = #{target['User']}\n"
14
+ configLines << "group = #{target['User']}\n"
15
+ if target['Listen']
16
+ configLines << "listen = #{target['Listen']}\n"
17
+ else
18
+ configLines << "listen = /run/php-fpm/#{name}.sock\n"
19
+ configLines << "listen.owner = #{target['User']}\n"
20
+ group = 'http'
21
+ group = 'nginx' if distroInfo['Name'] == 'openSUSE Leap'
22
+ configLines << "listen.group = #{group}\n"
23
+ end
24
+ configLines << "pm = dynamic\n"
25
+ configLines << "pm.max_children = 5\n"
26
+ configLines << "pm.min_spare_servers = 1\n"
27
+ configLines << "pm.max_spare_servers = 3\n"
28
+ configLines << "pm.start_servers = 2\n"
29
+ configLines << "access.log = /var/log/php/$pool.access.log\n"
30
+ if target['PHP-FPM']['chdir']
31
+ configLines << "chdir = #{target['PHP-FPM']['chdir']}\n"
32
+ else
33
+ configLines << "chdir = #{self.webappsDir(distroInfo)}$pool\n"
34
+ end
35
+ configLines << "php_admin_value[error_log] = /var/log/php/$pool.errors.log\n"
36
+ configLines << "php_admin_flag[log_errors] = on\n"
37
+ configLines << "php_admin_value[memory_limit] = 1G\n"
38
+ configLines << "php_admin_value[mail.log] = /var/log/php/$pool.mail.log\n"
39
+ end
40
+
41
+ def self.phpConfig(distroInfo)
42
+ if distroInfo['Name'] == 'openSUSE Leap'
43
+ '/etc/php8/fpm/php.ini'
44
+ else
45
+ '/etc/php/php.ini'
46
+ end
47
+ end
48
+
49
+ def self.peclInstallOverSSH(name, ssh)
50
+ self.sshExec!(ssh, "printf \"\\n\" | pecl install #{name}", true)
51
+ end
52
+
53
+ def self.enableExtensionOverSSH(name, distroInfo, ssh)
54
+ phpFile = self.phpConfig(distroInfo)
55
+ if self.remoteFileContains?(phpFile, "extension=#{name}", ssh)
56
+ self.sshExec!(ssh, "sed -i 's|^;extension=#{name}|extension=#{name}|' #{phpFile}")
57
+ else
58
+ self.sshExec!(ssh, "sed -i 's|extension=zip|extension=zip\\nextension=#{name}|' #{phpFile}")
59
+ end
60
+ end
61
+
62
+ def self.configFileDir(distroInfo)
63
+ if distroInfo['Name'] == 'openSUSE Leap'
64
+ '/etc/php8/fpm/'
65
+ else
66
+ '/etc/php/'
67
+ end
68
+ end
69
+
70
+ def self.configDir(distroInfo)
71
+ if distroInfo['Name'] == 'openSUSE Leap'
72
+ '/etc/php8/fpm/php-fpm.d/'
73
+ else
74
+ '/etc/php/php-fpm.d/'
75
+ end
76
+ end
77
+
78
+ def self.webappsDir(distroInfo)
79
+ if distroInfo['Name'] == 'openSUSE Leap'
80
+ '/srv/www/htdocs/'
81
+ else
82
+ '/usr/share/webapps/'
83
+ end
84
+ end
85
+
86
+ def self.fixConfigFileOverSSH(distroInfo, ssh)
87
+ dir = self.configFileDir(distroInfo)
88
+ if !self.remoteFilePresent?(dir + 'php-fpm.conf', ssh)
89
+ self.sshExec!(ssh, "cp #{dir}php-fpm.conf.default #{dir}php-fpm.conf")
90
+ end
91
+ end
92
+
93
+ end
94
+ end
95
+ end
data/Plugins/Apps/Peppermint/Peppermint.conf.erb ADDED
@@ -0,0 +1,60 @@
1
+
2
+ server {
3
+
4
+ <% if !config['TLS'] %>
5
+ listen <%= config['Port'] %>;
6
+ listen [::]:<%= config['Port'] %>;
7
+ <% else %>
8
+ <% if config['NginxVersion'] >= 1.25 %>
9
+ listen <%= config['Port'] %> ssl;
10
+ listen [::]:<%= config['Port'] %> ssl;
11
+ http2 on;
12
+ http3 on;
13
+ quic_retry on;
14
+ add_header Alt-Svc 'h3=":<%= config['Port'] %>"; ma=86400';
15
+ <% else %>
16
+ listen <%= config['Port'] %> ssl http2;
17
+ listen [::]:<%= config['Port'] %> ssl http2;
18
+ <% end %>
19
+
20
+ include config-lmm/ssl.conf;
21
+ <% end %>
22
+
23
+ server_name <%= config['Domain'] %>;
24
+
25
+ access_log /var/log/nginx/peppermint.access.log;
26
+ error_log /var/log/nginx/peppermint.error.log;
27
+
28
+ include config-lmm/errors.conf;
29
+ include config-lmm/security.conf;
30
+
31
+ client_max_body_size 10M;
32
+
33
+ location / {
34
+ <% if config['Server'] %>
35
+ proxy_pass <%= config['Server'] %>;
36
+ <% else %>
37
+ proxy_pass http://127.0.0.1:13000;
38
+ <% end %>
39
+
40
+ proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
41
+
42
+ include config-lmm/proxy.conf;
43
+ proxy_redirect off;
44
+ proxy_read_timeout 5m;
45
+ }
46
+
47
+ location /api/ {
48
+ <% if config['Server'] %>
49
+ proxy_pass <%= config['Server'] %>;
50
+ <% else %>
51
+ proxy_pass http://127.0.0.1:15003/;
52
+ <% end %>
53
+
54
+ proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
55
+
56
+ include config-lmm/proxy.conf;
57
+ proxy_redirect off;
58
+ proxy_read_timeout 5m;
59
+ }
60
+ }
data/Plugins/Apps/Peppermint/Peppermint.container ADDED
@@ -0,0 +1,15 @@
1
+
2
+ [Unit]
3
+ Description=Peppermint Ticket Management container
4
+ After=local-fs.target
5
+
6
+ [Container]
7
+ Image=docker.io/pepperlabs/peppermint:latest
8
+ EnvironmentFile=/var/lib/peppermint/.config/containers/systemd/Peppermint.env
9
+ Network=slirp4netns:allow_host_loopback=true
10
+ PublishPort=127.0.0.1:13000:3000
11
+ PublishPort=127.0.0.1:15003:5003
12
+ AutoUpdate=registry
13
+
14
+ [Install]
15
+ WantedBy=multi-user.target default.target