@drumee/setup-infra 1.0.0

package/template.js

@@ -0,0 +1,453 @@
+#!/usr/bin/env node
+
+// ======================================================
+//
+// ======================================================
+const Template = require("./templates");
+const { writeFileSync, readFileSync } = require(`jsonfile`);
+const { exec } = require("shelljs");
+const { join } = require("path");
+const { isString } = require("lodash");
+const { exit } = process;
+const { sysEnv } = require("@drumee/server-essentials");
+const { totalmem } = require('os');
+const ARGV = require('minimist')(process.argv.slice(2));
+const { existsSync } = require("fs");
+
+const {
+  ACME_DIR,
+  ACME_EMAIL_ACCOUNT,
+  ADMIN_EMAIL,
+  DRUMEE_DESCRIPTION,
+  DRUMEE_DOMAIN_NAME,
+  FORCE_INSTALL,
+  NSUPDATE_KEY,
+  PUBLIC_IP4,
+  PUBLIC_IP6,
+} = process.env;
+
+let Dns = require("dns");
+/**
+ *
+ * @param {*} l
+ * @returns
+ */
+function randomString(l = 16) {
+  let crypto = require("crypto");
+  return crypto
+    .randomBytes(16)
+    .toString("base64")
+    .replace(/[\+\/=]+/g, "");
+}
+
+/**
+ *
+ * @param {*} data
+ * @returns
+ */
+function copyFields(data, keys) {
+  let r = {};
+  for (let key of keys) {
+    if (data[key] !== null) {
+      r[key] = data[key];
+    }
+  }
+  return r;
+}
+
+/**
+ *
+ * @param {*} data
+ * @returns
+ */
+function factory(data) {
+  let route = "main";
+  let mode = "dist";
+  let base = `${data.server_dir}/${mode}/${route}/`;
+  return {
+    name: "factory",
+    script: `./index.js`,
+    autorestart: false,
+    cwd: `${base}/offline/factory`,
+    env: copyFields(data, [
+      "domain_name",
+      "domain_desc",
+      "data_dir",
+      "system_user",
+      "system_group",
+      "drumee_root",
+      "cache_dir",
+      "acme_dir",
+      "acme_dns",
+      "acme_email_account",
+      "static_dir",
+      "runtime_dir",
+      "credential_dir",
+    ]),
+    dependencies: [`pm2-logrotate`],
+  };
+}
+
+/**
+ *
+ * @param {*} data
+ * @returns
+ */
+function worker(data, instances = 1, exec_mode = 'fork_mode') {
+  let {
+    script,
+    pushPort,
+    route,
+    restPort,
+    name,
+    server_dir,
+    runtime_dir,
+    mode,
+  } = data;
+  if (!server_dir) server_dir = join(runtime_dir, 'server');
+  let base = `${server_dir}/${mode}/${route}`;
+  return {
+    name,
+    script,
+    cwd: base,
+    args: `--pushPort=${pushPort} --restPort=${restPort}`,
+    route,
+    env: {
+      cwd: base,
+      route,
+      server_home: base,
+    },
+    dependencies: [`pm2-logrotate`],
+    exec_mode,
+    instances
+  };
+}
+
+/***
+ * 
+ */
+function writeTemplates(data, targets) {
+  if (ARGV.readonly || ARGV.noCheck) {
+    console.log("Readonly", targets, data);
+    return
+  }
+  for (let target of targets) {
+    if (isString(target)) {
+      Template.write(data, target, target);
+    } else {
+      let { out, tpl } = target;
+      Template.write(data, out, tpl);
+    }
+  }
+}
+
+/**
+ *
+ */
+function writeEcoSystem(data) {
+  const ports = {
+    pushPort: 23000,
+    restPort: 24000,
+    mode: "dist",
+    route: "main",
+  };
+
+  let main = worker({
+    ...data,
+    ...ports,
+    name: "main",
+    script: "./index.js",
+  });
+
+  let instances = 4;
+  if ((totalmem() / (1024 * 1024 * 1024)) < 2) {
+    instances = 2;
+  } else if ((totalmem() / (1024 * 1024 * 1024) < 6)) {
+    instances = 3;
+  }
+
+  let main_service = worker({
+    ...data,
+    ...ports,
+    name: "main/service",
+    script: "./service.js"
+  }, instances, 'cluster_mode');
+
+  let f = factory(data);
+  let routes = [main, main_service, f];
+  let ecosystem = "/etc/drumee/infrastructure/ecosystem.json";
+  if (ARGV.readonly) {
+    console.log("Readonly", ecosystem, routes);
+    return
+  }
+  writeFileSync(ecosystem, routes, { spaces: 2, EOL: "\r\n" });
+  let targets = [
+    {
+      out: `${data.server_dir}/ecosystem.config.js`,
+      tpl: "server/ecosystem.config.js",
+    },
+  ];
+  writeTemplates({ ecosystem, chroot: Template.chroot }, targets);
+}
+
+/**
+ *
+ */
+function getSysConfigs() {
+  let { domain_name } = sysEnv();
+  if (existsSync('/etc/drumee/drumee.sh') && !FORCE_INSTALL) {
+    console.log(
+      `There is already a domain name configured on this server (${domain_name})\n`, `Use FORCE_INSTALL=yes to override`);
+    exit(0)
+  }
+  domain_name = domain_name || ARGV.domain || DRUMEE_DOMAIN_NAME;
+  if (!domain_name) {
+    console.log("There no domain name defined for the installation");
+    exit(0)
+  }
+
+  let data = { ...sysEnv(), domain_name, domain: domain_name };
+
+  data.chroot = Template.chroot();
+  data.acme_store = join(data.certs_dir, `${data.domain_name}_ecc`);
+  data.ca_server = data.ca_server || data.acme_ssl;
+  if (data.own_ssl && data.certs_dir) {
+    data.own_certs_dir = data.certs_dir;
+  }
+
+  if (!data.acme_dir) {
+    data.acme_dir = ACME_DIR || '/usr/share/acme';
+  }
+
+
+  if (!data.jitsi_domain) {
+    data.jitsi_domain = `jit.${data.domain_name}`;
+  }
+
+  if (!data.nsupdate_key) {
+    data.nsupdate_key = NSUPDATE_KEY || "/etc/bind/keys/update.key";
+  }
+
+  if (!data.domain_desc) {
+    data.domain_desc = DRUMEE_DESCRIPTION || 'My Drumee Box';
+  }
+
+  if (!data.admin_email) {
+    data.admin_email = ADMIN_EMAIL || `admin@${data.domain_name}`;
+  }
+
+  if (!data.acme_email_account) {
+    data.acme_email_account = ACME_EMAIL_ACCOUNT || data.admin_email;
+  }
+
+  if (!data.public_ip4) {
+    data.public_ip4 = PUBLIC_IP4;
+  }
+
+  if (!data.public_ip6) {
+    data.public_ip6 = PUBLIC_IP6;
+  }
+  let d = new Date().toISOString();
+  let [day, hour] = d.split('T')
+  day = day.replace(/\-/g, '');
+  hour = hour.split(':')[0];
+  data.serial = `${day}${hour}`;
+  let target = [
+    "etc/drumee/drumee.sh",
+    {
+      tpl: "etc/bind/db.domain",
+      out: `etc/bind/db.${domain_name}`
+    },
+    "etc/bind/named.conf.local",
+    "etc/bind/named.conf.log",
+    "etc/bind/named.conf.options"
+  ];
+
+  writeTemplates(data, target);
+
+  let args = { ...data };
+  let keys = ["myConf", "chroot", "date"];
+
+  for (let key of keys) {
+    delete args[key];
+  }
+
+  if (ARGV.readonly) {
+    return args;
+  }
+  console.log("Writing main conf into drumee.json");
+  writeFileSync(Template.chroot("etc/drumee/drumee.json"), args, {
+    spaces: 2,
+    EOL: "\r\n",
+  });
+  return args;
+}
+
+/**
+ *
+ */
+function writeInfraConf(data) {
+  writeEcoSystem(data);
+  const etc = 'etc';
+  const nginx = join(etc, 'nginx');
+  const drumee = join(etc, 'drumee');
+  const infra = join(drumee, 'infrastructure');
+  let targets = [
+
+    // Nginx 
+    `${nginx}/sites-enabled/drumee.conf`,
+
+    // Drumee 
+    `${drumee}/ssl/main.conf`,
+    `${drumee}/conf.d/conference.json`,
+    `${drumee}/conf.d/drumee.json`,
+    `${drumee}/conf.d/exchange.json`,
+    `${drumee}/conf.d/myDrumee.json`,
+    `${drumee}/conf.d/conference.json`,
+    `${drumee}/conf.d/drumee.json`,
+    `${drumee}/conf.d/exchange.json`,
+    `${drumee}/conf.d/myDrumee.json`,
+
+    `${infra}/mfs.conf`,
+    `${infra}/routes/main.conf`,
+    `${infra}/internals/accel.conf`
+  ];
+  writeTemplates(data, targets);
+
+}
+
+/**
+ *
+ */
+function writeJitsiConf(data) {
+  const etc = 'etc';
+  const jitsi = join(etc, 'jitsi');
+  const nginx = join(etc, 'nginx');
+  const prosody = join(etc, 'prosody');
+  const drumee = join(etc, 'drumee');
+  let targets = [
+    // Jicofo
+    `${jitsi}/jicofo/config`,
+    `${jitsi}/jicofo/jicofo.conf`,
+    `${jitsi}/jicofo/logging.properties`,
+
+    // Jitsi Video Bridge 
+    `${jitsi}/videobridge/config`,
+    `${jitsi}/videobridge/jvb.conf`,
+    `${jitsi}/videobridge/logging.properties`,
+
+    // Jitsi meet
+    `${jitsi}/ssl.conf`,
+    `${jitsi}/meet.conf`,
+    `${jitsi}/web/config.js`,
+    `${jitsi}/web/interface_config.js`,
+    `${jitsi}/web/defaults/ffdhe2048.txt`,
+
+    // Nginx 
+    `${nginx}/sites-enabled/jitsi.conf`,
+    `${nginx}/modules-enabled/90-turn-relay.conf`,
+    //`${nginx}/sites-enabled/turnrelay.conf`,
+
+    // Prosody 
+    `${prosody}/prosody.cfg.lua`,
+    `${prosody}/defaults/credentials.sh`,
+    {
+      out: `${prosody}/conf.d/${data.jitsi_domain}.cfg.lua`,
+      tpl: `${prosody}/conf.d/vhost.cfg.lua`
+    },
+    // `${prosody}/migrator.cfg.lua`,
+
+    // Turnserver 
+    `${etc}/turnserver.conf`,
+
+    `${drumee}/conf.d/conference.json`,
+
+  ];
+  writeTemplates(data, targets);
+
+}
+
+/**
+ *
+ */
+function makeConfData(data) {
+  const routes = join('etc', 'drumee', 'infrastructure', 'routes');
+  //let jitsi_domain = `jit.${data.domain}`;
+  data = {
+    ...data,
+    turn_sercret: randomString(),
+    prosody_plugins: "/usr/share/jitsi-meet/prosody-plugins/",
+    xmpp_password: randomString(),
+    public_port: 9090,
+    ice_port: 10000,
+    jicofo_password: randomString(),
+    jvb_password: randomString(),
+    app_id: randomString(),
+    app_password: randomString(),
+    //jitsi_domain,
+    ui_base: join(data.ui_base, 'dist', 'main'),
+    location: '/-/',
+    pushPort: 23000,
+    restPort: 24000,
+  };
+  if (!data.export_dir) data.export_dir = null;
+  if (!data.import_dir) data.import_dir = null;
+  return data
+}
+
+/**
+ * 
+ */
+function privateIp() {
+  return new Promise(async (res, rej) => {
+    import("private-ip").then(module => { res(module.default) });
+  })
+}
+
+/**
+ *
+ * @returns
+ */
+function configure() {
+  return new Promise(async (res, rej) => {
+    let data = getSysConfigs();
+    data.chroot = Template.chroot();
+    const isPrivate = await privateIp();
+    let os = require("os");
+    let interfaces = os.networkInterfaces();
+    for (let name in interfaces) {
+      for (let dev of interfaces[name]) {
+        if (dev.family == 'IPv4' && !dev.internal) {
+          if (isPrivate(dev.address)) {
+            data.local_address = dev.address;
+            break;
+          }
+        }
+      }
+      if (data.local_address) break;
+    }
+    //console.log(addr, service);
+    data = makeConfData(data);
+    let func = [];
+    if (!ARGV.infra && !ARGV.jitsi) {
+      func = [writeInfraConf, writeJitsiConf];
+    } else {
+      if (ARGV.infra) func.push(writeInfraConf)
+      if (ARGV.jitsi) func.push(writeJitsiConf)
+    }
+    func.map(function (f) {
+      f(data);
+    })
+    res();
+
+  });
+}
+
+configure()
+  .then(() => {
+    exit(0);
+  })
+  .catch((e) => {
+    console.error("Failed to setup Drumee infra", e);
+    exit(0);
+  });

package/templates/env/logrotate.tpl

@@ -0,0 +1,7 @@
+<%= runtime_dir %>/backend/.pm2/logs/* {
+    daily
+    rotate 2
+    olddir <%= runtime_dir %>/backend/.pm2/logs.old/
+    missingok
+}
+/srv/drumee/runtime/backend/.pm2/logs/

package/templates/etc/bind/named.conf.local

@@ -0,0 +1,13 @@
+//
+// Configs setup by Drumee infra-setup utility
+//
+
+include "/etc/bind/named.conf.log";
+include "<%= nsupdate_key %>";
+zone "<%= domain %>" {
+    type master;
+    file "/var/lib/bind/<%= domain %>";
+    allow-query { any; };
+    allow-update { key "update"; };
+    allow-transfer { <%= public_ip4 %>; };
+};

package/templates/etc/bind/named.conf.log

@@ -0,0 +1,105 @@
+logging {
+    channel default_file {
+        file "/var/log/named/default.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel general_file {
+        file "/var/log/named/general.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel database_file {
+        file "/var/log/named/database.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel security_file {
+        file "/var/log/named/security.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel config_file {
+        file "/var/log/named/config.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel resolver_file {
+        file "/var/log/named/resolver.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel xfer-in_file {
+        file "/var/log/named/xfer-in.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel xfer-out_file {
+        file "/var/log/named/xfer-out.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel notify_file {
+        file "/var/log/named/notify.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel client_file {
+        file "/var/log/named/client.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel unmatched_file {
+        file "/var/log/named/unmatched.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel queries_file {
+        file "/var/log/named/queries.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel network_file {
+        file "/var/log/named/network.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel update_file {
+        file "/var/log/named/update.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel dispatch_file {
+        file "/var/log/named/dispatch.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel dnssec_file {
+        file "/var/log/named/dnssec.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel lame-servers_file {
+        file "/var/log/named/lame-servers.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+
+    category default { default_file; };
+    category general { general_file; };
+    category database { database_file; };
+    category security { security_file; };
+    category config { config_file; };
+    category resolver { resolver_file; };
+    category xfer-in { xfer-in_file; };
+    category xfer-out { xfer-out_file; };
+    category notify { notify_file; };
+    category client { client_file; };
+    category unmatched { unmatched_file; };
+    category queries { queries_file; };
+    category network { network_file; };
+    category update { update_file; };
+    category dispatch { dispatch_file; };
+    category dnssec { dnssec_file; };
+    category lame-servers { lame-servers_file; };
+};

package/templates/etc/bind/named.conf.options

@@ -0,0 +1,33 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	//============================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//============================================================
+	dnssec-validation auto;
+
+	listen-on-v6 { any; };
+
+	// hide version number from clients for security reasons.
+	version "not currently available";
+
+    // allow recursion for trusted clients only.
+    recursion yes;
+    allow-query { localhost; <%= public_ip4 %>; };
+
+	// enable the query log
+	querylog yes;
+
+	// disallow zone transfer
+	allow-transfer { none; };
+};

package/templates/etc/dkimkeys/dkim.key

@@ -0,0 +1 @@
+*@<%= domain %>:<%= domain %>:/etc/opendkim/keys/<%= domain %>/private.pem

package/templates/etc/drumee/conf.d/conference.json.tpl

@@ -0,0 +1,9 @@
+{
+  "domain": "<%= jitsi_domain %>",
+  "hosts": {
+    "domain": "<%= jitsi_domain %>",
+    "muc": "conference.<%= jitsi_domain %>"
+  },
+  "bosh": "https://<%= jitsi_domain %>/http-bind",
+  "auth": ["<%= app_id %>", "<%= app_password %>"]
+}

package/templates/etc/drumee/conf.d/drumee.json.tpl

@@ -0,0 +1,7 @@
+{
+	"arch":"pod",
+	"sys_languages":["en", "fr", "km", "ru", "zh"],
+    "quota":{
+        "watermark": "<%= quota_watermark %>"
+    }
+}

package/templates/etc/drumee/conf.d/exchange.json.tpl

@@ -0,0 +1,4 @@
+{
+  "exportFolder":"<%= export_dir %>",
+	"importFolder":"<%= import_dir %>"
+}

package/templates/etc/drumee/conf.d/myDrumee.json.tpl

@@ -0,0 +1,16 @@
+{
+  "arch": "pod",
+  "sys_languages": [
+    "en",
+    "es",
+    "fr",
+    "km",
+    "ru",
+    "zh"
+  ],
+  "verbosity": 2,
+  "useEmail":1,
+  "quota": {
+    "watermark": "<%= quota_watermark %>"
+  }
+}

package/templates/etc/drumee/credential/db.json.tpl

@@ -0,0 +1,6 @@
+{
+  "host": "<%= host %>",
+  "port": <%= port %>,
+  "user": "<%= user %>",
+  "password": "<%= password %>"
+}

package/templates/etc/drumee/credential/email.json.tpl

@@ -0,0 +1,12 @@
+{
+  "host": "<%= email_host %>",
+  "port": <%= email_port %>,
+  "secure": false,
+  "auth": { 
+    "user": "<%= email_user %>@<%= domain_name %>",
+    "pass": "<%= email_pass %>" 
+  },
+  "tls": { 
+      "rejectUnauthorized": false
+  }
+}

package/templates/etc/drumee/credential/ovh/dns.json.tpl

@@ -0,0 +1,6 @@
+{
+  "appKey": "<%= appKey %>",
+  "consumerKey": <%= consumerKey %>,
+  "appSecret": "<%= appSecret %>",
+  "endpoint": "<%= endpoint %>"
+}

package/templates/etc/drumee/credential/ovh/dns.sh.tpl

@@ -0,0 +1,7 @@
+# -------------------------------------------------------------
+# ! DO NOT EDIT !
+# Config file automatically generated by <infra-setup>
+# -------------------------------------------------------------
+export OVH_AK=<%= appKey %>
+export OVH_CK=<%= consumerKey %>
+export OVH_AS=<%= appSecret %>