npm - @drumee/setup-infra - Versions diffs - 1.0.0 - Mend

@drumee/setup-infra 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (97) hide show

package/LICENSE +661 -0
package/README.md +3 -0
package/configs/etc/cron.d/drumee +6 -0
package/configs/etc/postfix/master.cf +137 -0
package/congigure/init/acme +69 -0
package/congigure/init/mail +16 -0
package/congigure/init/named +27 -0
package/congigure/menu/menu -tmp +144 -0
package/congigure/menu/menu-install +147 -0
package/congigure/menu/menu-reinstall +15 -0
package/congigure/prepare +10 -0
package/congigure/preset/jitsi +9 -0
package/congigure/setup-infra +58 -0
package/congigure/setup-schemas +57 -0
package/congigure/start +29 -0
package/congigure/utils/configure +56 -0
package/congigure/utils/dependencies +90 -0
package/congigure/utils/jitsi +122 -0
package/congigure/utils/misc +77 -0
package/congigure/utils/prompt.sh +35 -0
package/congigure/utils/setup-versions +7 -0
package/index.js +572 -0
package/package.json +30 -0
package/template.js +453 -0
package/templates/env/application.json.tpl +0 -0
package/templates/env/logrotate.tpl +7 -0
package/templates/etc/bind/named.conf.local +13 -0
package/templates/etc/bind/named.conf.log +105 -0
package/templates/etc/bind/named.conf.options +33 -0
package/templates/etc/dkimkeys/dkim.key +1 -0
package/templates/etc/drumee/conf.d/conference.json.tpl +9 -0
package/templates/etc/drumee/conf.d/drumee.json.tpl +7 -0
package/templates/etc/drumee/conf.d/exchange.json.tpl +4 -0
package/templates/etc/drumee/conf.d/myDrumee.json.tpl +16 -0
package/templates/etc/drumee/credential/db.json.tpl +6 -0
package/templates/etc/drumee/credential/email.json.tpl +12 -0
package/templates/etc/drumee/credential/ovh/dns.json.tpl +6 -0
package/templates/etc/drumee/credential/ovh/dns.sh.tpl +7 -0
package/templates/etc/drumee/credential/redis.json.tpl +6 -0
package/templates/etc/drumee/credential/sms.json.tpl +6 -0
package/templates/etc/drumee/dnsapi.sh.tpl +28 -0
package/templates/etc/drumee/drumee.sh.tpl +43 -0
package/templates/etc/drumee/env.json +29 -0
package/templates/etc/drumee/infrastructure/internals/accel.conf.tpl +47 -0
package/templates/etc/drumee/infrastructure/mfs.conf.tpl +16 -0
package/templates/etc/drumee/infrastructure/platform.json.tpl +16 -0
package/templates/etc/drumee/infrastructure/routes/main.conf.tpl +143 -0
package/templates/etc/drumee/infrastructure/servers/tt.conf +199 -0
package/templates/etc/drumee/ssl/main.conf.tpl +10 -0
package/templates/etc/jitsi/jicofo/config +2 -0
package/templates/etc/jitsi/jicofo/defaults/jicofo.conf +225 -0
package/templates/etc/jitsi/jicofo/defaults/logging.properties +15 -0
package/templates/etc/jitsi/jicofo/jicofo.conf.tpl +46 -0
package/templates/etc/jitsi/jicofo/logging.properties.tpl +12 -0
package/templates/etc/jitsi/meet.conf.tpl +131 -0
package/templates/etc/jitsi/ssl.conf.tpl +25 -0
package/templates/etc/jitsi/videobridge/config +2 -0
package/templates/etc/jitsi/videobridge/defaults/jvb.conf +129 -0
package/templates/etc/jitsi/videobridge/defaults/logging.properties +12 -0
package/templates/etc/jitsi/videobridge/jvb.conf +67 -0
package/templates/etc/jitsi/videobridge/logging.properties.tpl +12 -0
package/templates/etc/jitsi/web/config.js.tpl +208 -0
package/templates/etc/jitsi/web/defaults/default +26 -0
package/templates/etc/jitsi/web/defaults/ffdhe2048.txt +8 -0
package/templates/etc/jitsi/web/defaults/interface_config.js +273 -0
package/templates/etc/jitsi/web/defaults/meet.conf +193 -0
package/templates/etc/jitsi/web/defaults/nginx.conf +73 -0
package/templates/etc/jitsi/web/defaults/settings-config.js +480 -0
package/templates/etc/jitsi/web/defaults/ssl.conf +28 -0
package/templates/etc/jitsi/web/defaults/system-config.js +60 -0
package/templates/etc/jitsi/web/interface_config.js +273 -0
package/templates/etc/mail/dkim.key +1 -0
package/templates/etc/mailname +1 -0
package/templates/etc/mysql/mariadb.conf.d/50-server.cnf +120 -0
package/templates/etc/nginx/modules-enabled/90-turn-relay.conf +27 -0
package/templates/etc/nginx/modules-enabled/90-turn-relay.conf.tpl +27 -0
package/templates/etc/nginx/nginx.conf +65 -0
package/templates/etc/nginx/sites-enabled/drumee.conf.tpl +33 -0
package/templates/etc/nginx/sites-enabled/jitsi.conf.tpl +28 -0
package/templates/etc/nginx/sites-enabled/turnrelay.conf.tpl +9 -0
package/templates/etc/opendkim/KeyTable +1 -0
package/templates/etc/postfix/main.cf +76 -0
package/templates/etc/postfix/mysql-virtual-alias-maps.cf +5 -0
package/templates/etc/postfix/mysql-virtual-mailbox-domains.cf +5 -0
package/templates/etc/postfix/mysql-virtual-mailbox-maps.cf +5 -0
package/templates/etc/prosody/conf.d/vhost.cfg.lua.tpl +162 -0
package/templates/etc/prosody/defaults/conf.d/jitsi-meet.cfg.lua +406 -0
package/templates/etc/prosody/defaults/credentials.sh +10 -0
package/templates/etc/prosody/defaults/prosody.cfg.lua +225 -0
package/templates/etc/prosody/defaults/saslauthd.conf +30 -0
package/templates/etc/prosody/prosody.cfg.lua.tpl +203 -0
package/templates/etc/turnserver.conf.tpl +46 -0
package/templates/index.js +102 -0
package/templates/schema/utils/configs.init.sql.tpl +20 -0
package/templates/schema/utils/configs.update.sql.tpl +19 -0
package/templates/server/ecosystem.config.js.tpl +8 -0
package/templates/var/lib/bind/domain.tpl +70 -0

package/templates/etc/prosody/conf.d/vhost.cfg.lua.tpl ADDED Viewed

@@ -0,0 +1,162 @@
+admins = {
+    "jigasi@auth.<%= jitsi_domain %>",
+    "jibri@auth.<%= jitsi_domain %>",
+    "focus@auth.<%= jitsi_domain %>",
+    "jvb@auth.<%= jitsi_domain %>"
+}
+unlimited_jids = {
+    "focus@auth.<%= jitsi_domain %>",
+    "jvb@auth.<%= jitsi_domain %>"
+}
+plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/", "/prosody-plugins-custom" }
+muc_mapper_domain_base = "<%= jitsi_domain %>";
+muc_mapper_domain_prefix = "muc";
+http_default_host = "<%= jitsi_domain %>"
+consider_bosh_secure = true;
+consider_websocket_secure = true;
+VirtualHost "<%= jitsi_domain %>"
+    authentication = "internal_hashed"
+    ssl = {
+        key = "<%= certs_dir %>/<%= jitsi_domain %>_ecc/<%= jitsi_domain %>.key";
+        certificate = "<%= certs_dir %>/<%= jitsi_domain %>_ecc/<%= jitsi_domain %>.cer";
+    }
+    modules_enabled = {
+        "bosh";
+        "websocket";
+        "smacks"; -- XEP-0198: Stream Management
+        "pubsub";
+        "ping";
+        "speakerstats";
+        "conference_duration";
+        "room_metadata";
+        "end_conference";
+        "muc_lobby_rooms";
+        "muc_breakout_rooms";
+        "av_moderation";
+        "turncredentials";
+    }
+    main_muc = "muc.<%= jitsi_domain %>"
+    lobby_muc = "lobby.<%= jitsi_domain %>"
+    breakout_rooms_muc = "breakout.<%= jitsi_domain %>"
+    speakerstats_component = "speakerstats.<%= jitsi_domain %>"
+    conference_duration_component = "conferenceduration.<%= jitsi_domain %>"
+    end_conference_component = "endconference.<%= jitsi_domain %>"
+    av_moderation_component = "avmoderation.<%= jitsi_domain %>"
+    turncredentials_secret = "<%= turn_sercret %>"
+    c2s_require_encryption = false
+VirtualHost "guest.<%= jitsi_domain %>"
+    authentication = "anonymous"
+    ssl = {
+        key = "/usr/share/acme/certs/jit.drumee.io_ecc/jit.drumee.io.key";
+        certificate = "/usr/share/acme/certs/jit.drumee.io_ecc/jit.drumee.io.cer";
+    }
+    modules_enabled = {
+        "bosh";
+        "websocket";
+        "smacks"; -- XEP-0198: Stream Management
+        "pubsub";
+        "ping";
+        "speakerstats";
+        "conference_duration";
+        "room_metadata";
+        "end_conference";
+        "muc_lobby_rooms";
+        "muc_breakout_rooms";
+        "av_moderation";
+ 	    "turncredentials";
+    }
+    main_muc = "muc.jit.drumee.io"
+    lobby_muc = "lobby.jit.drumee.io"
+    breakout_rooms_muc = "breakout.jit.drumee.io"
+    speakerstats_component = "speakerstats.jit.drumee.io"
+    conference_duration_component = "conferenceduration.jit.drumee.io"
+    end_conference_component = "endconference.jit.drumee.io"
+    av_moderation_component = "avmoderation.jit.drumee.io"
+    turncredentials_secret = "<%= turn_sercret %>"
+    c2s_require_encryption = false
+VirtualHost "auth.<%= jitsi_domain %>"
+    ssl = {
+        key = "<%= certs_dir %>/<%= jitsi_domain %>_ecc/<%= jitsi_domain %>.key";
+        certificate = "<%= certs_dir %>/<%= jitsi_domain %>_ecc/fullchain.cer";
+    }
+    modules_enabled = {
+        "limits_exception";
+    }
+    authentication = "internal_hashed"
+Component "internal-muc.<%= jitsi_domain %>" "muc"
+    storage = "memory"
+    modules_enabled = {
+        "ping";
+    }
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+Component "muc.<%= jitsi_domain %>" "muc"
+    restrict_room_creation = true
+    storage = "memory"
+    modules_enabled = {
+        "muc_meeting_id";
+        "polls";
+        "muc_domain_mapper";
+        "muc_password_whitelist";
+    }
+    -- The size of the cache that saves state for IP addresses
+	rate_limit_cache_size = 10000;
+    muc_room_cache_size = 1000
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    muc_password_whitelist = {
+        "focus@<no value>"
+    }
+Component "focus.<%= jitsi_domain %>" "client_proxy"
+    target_address = "focus@auth.<%= jitsi_domain %>"
+Component "speakerstats.<%= jitsi_domain %>" "speakerstats_component"
+    muc_component = "muc.<%= jitsi_domain %>"
+Component "conferenceduration.<%= jitsi_domain %>" "conference_duration_component"
+    muc_component = "muc.<%= jitsi_domain %>"
+Component "endconference.<%= jitsi_domain %>" "end_conference"
+    muc_component = "muc.<%= jitsi_domain %>"
+Component "lobby.<%= jitsi_domain %>" "muc"
+    storage = "memory"
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    modules_enabled = {
+    }
+Component "breakout.<%= jitsi_domain %>" "muc"
+    storage = "memory"
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    modules_enabled = {
+        "muc_meeting_id";
+        "muc_domain_mapper";
+        "polls";
+    }
+Component "metadata.<%= jitsi_domain %>" "room_metadata_component"
+    muc_component = "muc.<%= jitsi_domain %>"
+    breakout_rooms_component = "breakout.<%= jitsi_domain %>"

package/templates/etc/prosody/defaults/conf.d/jitsi-meet.cfg.lua ADDED Viewed

@@ -0,0 +1,406 @@
+{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
+{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
+{{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}}
+{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
+{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}}
+{{ $JIBRI_XMPP_USER := .Env.JIBRI_XMPP_USER | default "jibri" -}}
+{{ $JIGASI_XMPP_USER := .Env.JIGASI_XMPP_USER | default "jigasi" -}}
+{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
+{{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" -}}
+{{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool -}}
+{{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" -}}
+{{ $JWT_ENABLE_DOMAIN_VERIFICATION := .Env.JWT_ENABLE_DOMAIN_VERIFICATION | default "false" | toBool -}}
+{{ $MATRIX_UVS_ISSUER := .Env.MATRIX_UVS_ISSUER | default "issuer" -}}
+{{ $MATRIX_UVS_SYNC_POWER_LEVELS := .Env.MATRIX_UVS_SYNC_POWER_LEVELS | default "0" | toBool -}}
+{{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" -}}
+{{ $ENABLE_LOBBY := .Env.ENABLE_LOBBY | default "true" | toBool -}}
+{{ $ENABLE_AV_MODERATION := .Env.ENABLE_AV_MODERATION | default "true" | toBool -}}
+{{ $ENABLE_BREAKOUT_ROOMS := .Env.ENABLE_BREAKOUT_ROOMS | default "true" | toBool -}}
+{{ $ENABLE_END_CONFERENCE := .Env.ENABLE_END_CONFERENCE | default "true" | toBool -}}
+{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}}
+{{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool -}}
+{{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool -}}
+{{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}}
+{{ $PUBLIC_URL_DOMAIN := $PUBLIC_URL | trimPrefix "https://" | trimSuffix "/" -}}
+{{ $TURN_HOST := .Env.TURN_HOST | default "" -}}
+{{ $TURN_HOSTS := splitList "," $TURN_HOST -}}
+{{ $TURN_PORT := .Env.TURN_PORT | default "443" -}}
+{{ $TURN_TRANSPORT := .Env.TURN_TRANSPORT | default "tcp" -}}
+{{ $TURN_TRANSPORTS := splitList "," $TURN_TRANSPORT -}}
+{{ $TURNS_HOST := .Env.TURNS_HOST | default "" -}}
+{{ $TURNS_HOSTS := splitList "," $TURNS_HOST -}}
+{{ $TURNS_PORT := .Env.TURNS_PORT | default "443" -}}
+{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
+{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
+{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
+{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}}
+{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
+{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}}
+{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}}
+{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}}
+{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}}
+{{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}}
+{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
+{{ $PROSODY_RESERVATION_ENABLED := .Env.PROSODY_RESERVATION_ENABLED | default "false" | toBool -}}
+{{ $PROSODY_RESERVATION_REST_BASE_URL := .Env.PROSODY_RESERVATION_REST_BASE_URL | default "" -}}
+{{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" -}}
+{{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" -}}
+{{ $RATE_LIMIT_TIMEOUT := .Env.PROSODY_RATE_LIMIT_TIMEOUT | default "60" -}}
+{{ $RATE_LIMIT_ALLOW_RANGES := .Env.PROSODY_RATE_LIMIT_ALLOW_RANGES | default "10.0.0.0/8" -}}
+{{ $RATE_LIMIT_CACHE_SIZE := .Env.PROSODY_RATE_LIMIT_CACHE_SIZE | default "10000" -}}
+{{ $ENV := .Env -}}
+admins = {
+    {{ if .Env.JIGASI_XMPP_PASSWORD }}
+    "{{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }}",
+    {{ end }}
+    {{ if .Env.JIBRI_XMPP_PASSWORD }}
+    "{{ $JIBRI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }}",
+    {{ end }}
+    "focus@{{ $XMPP_AUTH_DOMAIN }}",
+    "{{ $JVB_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}"
+}
+unlimited_jids = {
+    "focus@{{ $XMPP_AUTH_DOMAIN }}",
+    "{{ $JVB_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}"
+}
+plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
+muc_mapper_domain_base = "{{ $XMPP_DOMAIN }}";
+muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}";
+http_default_host = "{{ $XMPP_DOMAIN }}"
+{{ if .Env.TURN_CREDENTIALS -}}
+external_service_secret = "{{.Env.TURN_CREDENTIALS}}";
+{{- end }}
+{{ if or .Env.TURN_HOST .Env.TURNS_HOST -}}
+external_services = {
+  {{ if $TURN_HOST -}}
+    {{- range $idx1, $host := $TURN_HOSTS -}}
+      {{- range $idx2, $transport := $TURN_TRANSPORTS -}}
+        {{- if or $idx1 $idx2 -}},{{- end }}
+        { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" }
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+  {{- if $TURNS_HOST -}}
+    {{- range $idx, $host := $TURNS_HOSTS -}}
+        {{- if or $TURN_HOST $idx -}},{{- end }}
+        { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
+    {{- end }}
+  {{- end }}
+};
+{{- end }}
+{{ if and $ENABLE_AUTH (or (eq $PROSODY_AUTH_TYPE "jwt") (eq $PROSODY_AUTH_TYPE "hybrid_matrix_token")) .Env.JWT_ACCEPTED_ISSUERS }}
+asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" }
+{{ end }}
+{{ if and $ENABLE_AUTH (or (eq $PROSODY_AUTH_TYPE "jwt") (eq $PROSODY_AUTH_TYPE "hybrid_matrix_token")) .Env.JWT_ACCEPTED_AUDIENCES }}
+asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" }
+{{ end }}
+consider_bosh_secure = true;
+consider_websocket_secure = true;
+{{ if $ENABLE_JAAS_COMPONENTS }}
+VirtualHost "jigasi.meet.jitsi"
+    modules_enabled = {
+      "ping";
+      "bosh";
+      "muc_password_check";
+    }
+    authentication = "token"
+    app_id = "jitsi";
+    asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
+    asap_accepted_issuers = { "jaas-components" }
+    asap_accepted_audiences = { "jigasi.{{ $PUBLIC_URL_DOMAIN }}" }
+{{ end }}
+VirtualHost "{{ $XMPP_DOMAIN }}"
+{{ if $ENABLE_AUTH }}
+  {{ if eq $PROSODY_AUTH_TYPE "jwt" }}
+    authentication = "{{ $JWT_AUTH_TYPE }}"
+    app_id = "{{ .Env.JWT_APP_ID }}"
+    app_secret = "{{ .Env.JWT_APP_SECRET }}"
+    allow_empty_token = {{ $JWT_ALLOW_EMPTY }}
+    {{ if $JWT_ASAP_KEYSERVER }}
+    asap_key_server = "{{ .Env.JWT_ASAP_KEYSERVER }}"
+    {{ end }}
+    enable_domain_verification = {{ $JWT_ENABLE_DOMAIN_VERIFICATION }}
+  {{ else if eq $PROSODY_AUTH_TYPE "ldap" }}
+    authentication = "cyrus"
+    cyrus_application_name = "xmpp"
+    allow_unencrypted_plain_auth = true
+  {{ else if eq $PROSODY_AUTH_TYPE "matrix" }}
+    authentication = "matrix_user_verification"
+    app_id = "{{ $MATRIX_UVS_ISSUER }}"
+    uvs_base_url = "{{ .Env.MATRIX_UVS_URL }}"
+    {{ if .Env.MATRIX_UVS_AUTH_TOKEN }}
+    uvs_auth_token = "{{ .Env.MATRIX_UVS_AUTH_TOKEN }}"
+    {{ end }}
+    {{ if $MATRIX_UVS_SYNC_POWER_LEVELS }}
+    uvs_sync_power_levels = true
+    {{ end }}
+  {{ else if eq $PROSODY_AUTH_TYPE "hybrid_matrix_token" }}
+    authentication = "hybrid_matrix_token"
+    app_id = "{{ .Env.JWT_APP_ID }}"
+    app_secret = "{{ .Env.JWT_APP_SECRET }}"
+    allow_empty_token = {{ $JWT_ALLOW_EMPTY }}
+    enable_domain_verification = {{ $JWT_ENABLE_DOMAIN_VERIFICATION }}
+    uvs_base_url = "{{ .Env.MATRIX_UVS_URL }}"
+    {{ if .Env.MATRIX_UVS_ISSUER }}
+    uvs_issuer = "{{ .Env.MATRIX_UVS_ISSUER }}"
+    {{ end }}
+    {{ if .Env.MATRIX_UVS_AUTH_TOKEN }}
+    uvs_auth_token = "{{ .Env.MATRIX_UVS_AUTH_TOKEN }}"
+    {{ end }}
+  {{ else if eq $PROSODY_AUTH_TYPE "internal" }}
+    authentication = "internal_hashed"
+  {{ end }}
+{{ else }}
+    authentication = "jitsi-anonymous"
+{{ end }}
+    ssl = {
+        key = "/config/certs/{{ $XMPP_DOMAIN }}.key";
+        certificate = "/config/certs/{{ $XMPP_DOMAIN }}.crt";
+    }
+    modules_enabled = {
+        "bosh";
+        {{ if $ENABLE_XMPP_WEBSOCKET }}
+        "websocket";
+        "smacks"; -- XEP-0198: Stream Management
+        {{ end }}
+        "pubsub";
+        "ping";
+        "speakerstats";
+        "conference_duration";
+        "room_metadata";
+        {{ if $ENABLE_END_CONFERENCE }}
+        "end_conference";
+        {{ end }}
+        {{ if or .Env.TURN_HOST .Env.TURNS_HOST }}
+        "external_services";
+        {{ end }}
+        {{ if $ENABLE_LOBBY }}
+        "muc_lobby_rooms";
+        {{ end }}
+        {{ if $ENABLE_BREAKOUT_ROOMS }}
+        "muc_breakout_rooms";
+        {{ end }}
+        {{ if $ENABLE_AV_MODERATION }}
+        "av_moderation";
+        {{ end }}
+        {{ if .Env.XMPP_MODULES }}
+        "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}";
+        {{ end }}
+        {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "ldap") }}
+        "auth_cyrus";
+        {{end}}
+        {{ if $PROSODY_RESERVATION_ENABLED }}
+        "reservations";
+        {{ end }}
+    }
+    main_muc = "{{ $XMPP_MUC_DOMAIN }}"
+    {{ if $ENABLE_LOBBY }}
+    lobby_muc = "lobby.{{ $XMPP_DOMAIN }}"
+    {{ if $ENABLE_RECORDING }}
+    muc_lobby_whitelist = { "{{ $XMPP_RECORDER_DOMAIN }}" }
+    {{ end }}
+    {{ end }}
+    {{ if $PROSODY_RESERVATION_ENABLED }}
+    reservations_api_prefix = "{{ $PROSODY_RESERVATION_REST_BASE_URL }}"
+    {{ end }}
+    {{ if $ENABLE_BREAKOUT_ROOMS }}
+    breakout_rooms_muc = "breakout.{{ $XMPP_DOMAIN }}"
+    {{ end }}
+    speakerstats_component = "speakerstats.{{ $XMPP_DOMAIN }}"
+    conference_duration_component = "conferenceduration.{{ $XMPP_DOMAIN }}"
+    {{ if $ENABLE_END_CONFERENCE }}
+    end_conference_component = "endconference.{{ $XMPP_DOMAIN }}"
+    {{ end }}
+    {{ if $ENABLE_AV_MODERATION }}
+    av_moderation_component = "avmoderation.{{ $XMPP_DOMAIN }}"
+    {{ end }}
+    c2s_require_encryption = false
+{{ if $ENABLE_GUEST_DOMAIN }}
+VirtualHost "{{ $XMPP_GUEST_DOMAIN }}"
+    authentication = "jitsi-anonymous"
+    c2s_require_encryption = false
+{{ end }}
+VirtualHost "{{ $XMPP_AUTH_DOMAIN }}"
+    ssl = {
+        key = "/config/certs/{{ $XMPP_AUTH_DOMAIN }}.key";
+        certificate = "/config/certs/{{ $XMPP_AUTH_DOMAIN }}.crt";
+    }
+    modules_enabled = {
+        "limits_exception";
+    }
+    authentication = "internal_hashed"
+{{ if $ENABLE_RECORDING }}
+VirtualHost "{{ $XMPP_RECORDER_DOMAIN }}"
+    modules_enabled = {
+      "ping";
+    }
+    authentication = "internal_hashed"
+{{ end }}
+Component "{{ $XMPP_INTERNAL_MUC_DOMAIN }}" "muc"
+    storage = "memory"
+    modules_enabled = {
+        "ping";
+        {{ if .Env.XMPP_INTERNAL_MUC_MODULES -}}
+        "{{ join "\";\n\"" (splitList "," .Env.XMPP_INTERNAL_MUC_MODULES) }}";
+        {{ end -}}
+    }
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+Component "{{ $XMPP_MUC_DOMAIN }}" "muc"
+    restrict_room_creation = true
+    storage = "memory"
+    modules_enabled = {
+        "muc_meeting_id";
+        {{ if .Env.XMPP_MUC_MODULES -}}
+        "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}";
+        {{ end -}}
+        {{ if and $ENABLE_AUTH (or (eq $PROSODY_AUTH_TYPE "jwt") (eq $PROSODY_AUTH_TYPE "hybrid_matrix_token")) -}}
+        "{{ $JWT_TOKEN_AUTH_MODULE }}";
+        {{ end }}
+        {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "matrix") $MATRIX_UVS_SYNC_POWER_LEVELS -}}
+        "matrix_power_sync";
+        {{ end -}}
+        {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "hybrid_matrix_token") $MATRIX_UVS_SYNC_POWER_LEVELS -}}
+        "matrix_affiliation";
+        {{ end -}}
+        {{ if not $DISABLE_POLLS -}}
+        "polls";
+        {{ end -}}
+        {{ if $ENABLE_SUBDOMAINS -}}
+        "muc_domain_mapper";
+        {{ end -}}
+        {{ if $ENABLE_RATE_LIMITS -}}
+        "muc_rate_limit";
+        "rate_limit";
+        {{ end -}}
+        {{ if .Env.MAX_PARTICIPANTS }}
+        "muc_max_occupants";
+        {{ end }}
+        "muc_password_whitelist";
+    }
+    {{ if $ENABLE_RATE_LIMITS -}}
+    -- Max allowed join/login rate in events per second.
+	rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }};
+	-- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second.
+	rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }};
+	-- The time in seconds, after which the limit for an IP address is lifted.
+	rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }};
+	-- List of regular expressions for IP addresses that are not limited by this module.
+	rate_limit_whitelist = {
+      "127.0.0.1";
+      {{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) -}}
+      "{{ $cidr }}";
+      {{ end -}}
+    };
+    rate_limit_whitelist_jids = {
+        "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}",
+        "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}"
+    }
+    {{ end -}}
+	-- The size of the cache that saves state for IP addresses
+	rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }};
+    muc_room_cache_size = 1000
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    {{ if .Env.XMPP_MUC_CONFIGURATION -}}
+    {{ join "\n" (splitList "," .Env.XMPP_MUC_CONFIGURATION) }}
+    {{ end -}}
+    {{ if .Env.MAX_PARTICIPANTS }}
+    muc_access_whitelist = { "focus@{{ .Env.XMPP_AUTH_DOMAIN }}" }
+    muc_max_occupants = "{{ .Env.MAX_PARTICIPANTS }}"
+    {{ end }}
+    muc_password_whitelist = {
+        "focus@{{ .Env.XMPP_AUTH_DOMAIN }}"
+    }
+Component "focus.{{ $XMPP_DOMAIN }}" "client_proxy"
+    target_address = "focus@{{ $XMPP_AUTH_DOMAIN }}"
+Component "speakerstats.{{ $XMPP_DOMAIN }}" "speakerstats_component"
+    muc_component = "{{ $XMPP_MUC_DOMAIN }}"
+Component "conferenceduration.{{ $XMPP_DOMAIN }}" "conference_duration_component"
+    muc_component = "{{ $XMPP_MUC_DOMAIN }}"
+{{ if $ENABLE_END_CONFERENCE }}
+Component "endconference.{{ $XMPP_DOMAIN }}" "end_conference"
+    muc_component = "{{ $XMPP_MUC_DOMAIN }}"
+{{ end }}
+{{ if $ENABLE_AV_MODERATION }}
+Component "avmoderation.{{ $XMPP_DOMAIN }}" "av_moderation_component"
+    muc_component = "{{ $XMPP_MUC_DOMAIN }}"
+{{ end }}
+{{ if $ENABLE_LOBBY }}
+Component "lobby.{{ $XMPP_DOMAIN }}" "muc"
+    storage = "memory"
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    modules_enabled = {
+        {{ if $ENABLE_RATE_LIMITS -}}
+        "muc_rate_limit";
+        {{ end -}}
+    }
+    {{ end }}
+{{ if $ENABLE_BREAKOUT_ROOMS }}
+Component "breakout.{{ $XMPP_DOMAIN }}" "muc"
+    storage = "memory"
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    modules_enabled = {
+        "muc_meeting_id";
+        {{ if $ENABLE_SUBDOMAINS -}}
+        "muc_domain_mapper";
+        {{ end -}}
+        {{ if not $DISABLE_POLLS -}}
+        "polls";
+        {{ end -}}
+        {{ if $ENABLE_RATE_LIMITS -}}
+        "muc_rate_limit";
+        {{ end -}}
+    }
+{{ end }}
+Component "metadata.{{ $XMPP_DOMAIN }}" "room_metadata_component"
+    muc_component = "{{ $XMPP_MUC_DOMAIN }}"
+    breakout_rooms_component = "breakout.{{ $XMPP_DOMAIN }}"

package/templates/etc/prosody/defaults/credentials.sh ADDED Viewed

@@ -0,0 +1,10 @@
+# -------------------------------------------------------------
+# ! DO NOT EDIT !
+# Config file automatically generated by <infra-setup>
+# Date : <%= date %>
+# -------------------------------------------------------------
+export JICOFO_PASSWORD=<%= jicofo_password %>
+export JVB_PASSWORD=<%= jvb_password %>
+export APP_ID=<%= app_id %>
+export APP_PASSWORD=<%= app_password %>