@drumee/setup-infra 1.0.13 → 1.0.14

package/templates/etc/prosody/conf.d/public.cfg.lua.tpl

@@ -0,0 +1,162 @@
+admins = {
+    "jigasi@auth.<%= public_jitsi %>",
+    "jibri@auth.<%= public_jitsi %>",
+    "focus@auth.<%= public_jitsi %>",
+    "jvb@auth.<%= public_jitsi %>"
+}
+
+unlimited_jids = {
+    "focus@auth.<%= public_jitsi %>",
+    "jvb@auth.<%= public_jitsi %>"
+}
+
+plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/", "/prosody-plugins-custom" }
+
+muc_mapper_domain_base = "<%= public_jitsi %>";
+muc_mapper_domain_prefix = "muc";
+http_default_host = "<%= public_jitsi %>"
+consider_bosh_secure = true;
+consider_websocket_secure = true;
+
+VirtualHost "<%= public_jitsi %>"
+    authentication = "internal_hashed"
+    ssl = {
+        key = "<%= certs_dir %>/<%= public_jitsi %>_ecc/<%= public_jitsi %>.key";
+        certificate = "<%= certs_dir %>/<%= public_jitsi %>_ecc/<%= public_jitsi %>.cer";
+    }
+    modules_enabled = {
+        "bosh";
+        "websocket";
+        "smacks"; -- XEP-0198: Stream Management
+        "pubsub";
+        "ping";
+        "speakerstats";
+        "conference_duration";
+        "room_metadata";
+        "end_conference";
+        "muc_lobby_rooms";
+        "muc_breakout_rooms";
+        "av_moderation";
+        "turncredentials";
+    }
+    main_muc = "muc.<%= public_jitsi %>"
+    lobby_muc = "lobby.<%= public_jitsi %>"
+    breakout_rooms_muc = "breakout.<%= public_jitsi %>"
+    speakerstats_component = "speakerstats.<%= public_jitsi %>"
+    conference_duration_component = "conferenceduration.<%= public_jitsi %>"
+    end_conference_component = "endconference.<%= public_jitsi %>"
+    av_moderation_component = "avmoderation.<%= public_jitsi %>"
+    turncredentials_secret = "<%= turn_sercret %>"
+    c2s_require_encryption = false
+
+
+VirtualHost "guest.<%= public_jitsi %>"
+    authentication = "anonymous"
+    ssl = {
+        key = "/usr/share/acme/certs/<%= public_jitsi %>_ecc/<%= public_jitsi %>.key";
+        certificate = "/usr/share/acme/certs/<%= public_jitsi %>_ecc/<%= public_jitsi %>.cer";
+    }
+    modules_enabled = {
+        "bosh";
+        "websocket";
+        "smacks"; -- XEP-0198: Stream Management
+        "pubsub";
+        "ping";
+        "speakerstats";
+        "conference_duration";
+        "room_metadata";
+        "end_conference";
+        "muc_lobby_rooms";
+        "muc_breakout_rooms";
+        "av_moderation";
+ 	    "turncredentials";
+    }
+    main_muc = "muc.<%= public_jitsi %>"
+    lobby_muc = "lobby.<%= public_jitsi %>"
+    breakout_rooms_muc = "breakout.<%= public_jitsi %>"
+    speakerstats_component = "speakerstats.<%= public_jitsi %>"
+    conference_duration_component = "conferenceduration.<%= public_jitsi %>"
+    end_conference_component = "endconference.<%= public_jitsi %>"
+    av_moderation_component = "avmoderation.<%= public_jitsi %>"
+    turncredentials_secret = "<%= turn_sercret %>"
+    c2s_require_encryption = false
+
+
+VirtualHost "auth.<%= public_jitsi %>"
+    ssl = {
+        key = "<%= certs_dir %>/<%= public_jitsi %>_ecc/<%= public_jitsi %>.key";
+        certificate = "<%= certs_dir %>/<%= public_jitsi %>_ecc/fullchain.cer";
+    }
+    modules_enabled = {
+        "limits_exception";
+    }
+    authentication = "internal_hashed"
+
+
+
+Component "internal-muc.<%= public_jitsi %>" "muc"
+    storage = "memory"
+    modules_enabled = {
+        "ping";
+    }
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+
+Component "muc.<%= public_jitsi %>" "muc"
+    restrict_room_creation = true
+    storage = "memory"
+    modules_enabled = {
+        "muc_meeting_id";
+        "polls";
+        "muc_domain_mapper";
+        "muc_password_whitelist";
+    }
+
+    -- The size of the cache that saves state for IP addresses
+	rate_limit_cache_size = 10000;
+    muc_room_cache_size = 1000
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    muc_password_whitelist = {
+        "focus@<no value>"
+    }
+
+Component "focus.<%= public_jitsi %>" "client_proxy"
+    target_address = "focus@auth.<%= public_jitsi %>"
+
+Component "speakerstats.<%= public_jitsi %>" "speakerstats_component"
+    muc_component = "muc.<%= public_jitsi %>"
+
+Component "conferenceduration.<%= public_jitsi %>" "conference_duration_component"
+    muc_component = "muc.<%= public_jitsi %>"
+
+
+Component "endconference.<%= public_jitsi %>" "end_conference"
+    muc_component = "muc.<%= public_jitsi %>"
+
+
+Component "lobby.<%= public_jitsi %>" "muc"
+    storage = "memory"
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    modules_enabled = {
+    }
+
+
+Component "breakout.<%= public_jitsi %>" "muc"
+    storage = "memory"
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    modules_enabled = {
+        "muc_meeting_id";
+        "muc_domain_mapper";
+        "polls";
+    }
+
+
+Component "metadata.<%= public_jitsi %>" "room_metadata_component"
+    muc_component = "muc.<%= public_jitsi %>"
+    breakout_rooms_component = "breakout.<%= public_jitsi %>"

package/templates/index.js

@@ -1,17 +1,18 @@
-_ = require("lodash");
-Shell = require("shelljs");
-const { mkdirSync, existsSync, writeSync, openSync, close, readFileSync } = require("fs");
+const {
+  mkdirSync, existsSync, writeSync, openSync, close, readFileSync
+} = require("fs");
 const { env } = process;
-const { resolve, join, dirname } = require("path");
-const ARGV = require('minimist')(process.argv.slice(2));
+const { template, isEmpty } = require("lodash");
 
+const { resolve, join, dirname } = require("path");
+const { args} = require('./utils')
 /**
  * 
  * @param {*} p 
  * @returns 
  */
 function chroot(p) {
-  let root = ARGV.chroot || env.dev_root;
+  let root = args.outdir || args.chroot || env.DRUMEE_CONF_BASE;
   if (root) {
     if (p) return join(root, p);
     return join(root);
@@ -25,7 +26,6 @@ function chroot(p) {
  */
 function makedir(dname) {
   if (!existsSync(dname)) {
-    //console.log(`Should make dir ${dname}`);
     mkdirSync(dname, { recursive: true });
   }
 };
@@ -53,8 +53,9 @@ function render(data, name, parse) {
   }
   //console.log("RENDERING", __dirname, name, tpl);
   let str = readFileSync(tpl);
+
   try {
-    let res = _.template(String(str).toString())(data);
+    let res = template(String(str).toString())(data);
     if (parse && typeof res === "string") {
       return JSON.parse(res);
     }
@@ -79,14 +80,18 @@ function write(data, fn, tpl_name, chr) {
   let d = new Date();
   data.date = d.toISOString().split('T')[0];
 
-  console.log("Writing config into " + filename);
   let fd = openSync(filename, "w+");
-  if (ARGV.readonly) {
-    console.log("Readonly", fn, tpl_name);
+  if (args.readonly) {
+    console.log(`READ ONLY using template ${tpl_name}, fn=${fn}`);
+    if (args.readonly > 1) {
+      console.log(data);
+      console.log("END OF FILE", filename);
+    }
     return
   }
 
-  if (_.isEmpty(tpl_name)) {
+  console.log("Writing config into " + filename);
+  if (isEmpty(tpl_name)) {
     writeSync(fd, data);
   } else {
     writeSync(fd, render(data, tpl_name));
@@ -98,5 +103,6 @@ function write(data, fn, tpl_name, chr) {
 module.exports = {
   write,
   chroot,
-  render
+  render,
+  makedir,
 };

package/templates/utils.js

@@ -0,0 +1,192 @@
+const argparse = require("argparse");
+const { existsSync } = require("fs");
+const { readFileSync } = require(`jsonfile`);
+const {
+  BACKUP_STORAGE,
+  DRUMEE_DATA_DIR,
+  DRUMEE_DB_DIR,
+  MAX_BODY_SIZE,
+  PRIVATE_DOMAIN,
+  PRIVATE_IP4,
+  PUBLIC_DOMAIN,
+  PUBLIC_IP4,
+  PUBLIC_IP6,
+  DRUMEE_ROOT,
+  HTTP_PORT,
+  HTTPS_PORT,
+  FORCE_INSTALL,
+  ADMIN_EMAIL,
+  DRUMEE_DESCRIPTION
+} = process.env;
+
+const parser = new argparse.ArgumentParser({
+  description: "Drumee Infrastructure Helper",
+  add_help: true,
+});
+
+parser.add_argument("--admin_email", {
+  type: String,
+  default: ADMIN_EMAIL || "admin@localhost",
+  help: "Drumee Instance Admin User Email",
+});
+
+parser.add_argument("--description", {
+  type: String,
+  default: DRUMEE_DESCRIPTION || "My Drumee Team Server",
+  help: "Drumee Instance Description",
+});
+
+parser.add_argument("--readonly", {
+  type: "int",
+  default: 0,
+  help: "Print content instead of actually writing to files",
+});
+
+parser.add_argument("--chroot", {
+  type: String,
+  default: '/',
+  help: "Output root. Defaulted to /",
+});
+
+parser.add_argument("--reconfigure", {
+  type: "int",
+  default: FORCE_INSTALL || 0,
+  help: "Override existing configs",
+});
+
+parser.add_argument("--outdir", {
+  type: String,
+  default: '/',
+  help: "If set, takes precedent on chroot. Output root. Defaulted to /",
+});
+
+parser.add_argument("--public-domain", {
+  type: String,
+  default: PUBLIC_DOMAIN,
+  help: "Public domain name",
+});
+
+parser.add_argument("--private-domain", {
+  type: String,
+  default: PRIVATE_DOMAIN,
+  help: "Private domain name",
+});
+
+parser.add_argument("--local-domain", {
+  type: String,
+  default: PRIVATE_DOMAIN,
+  help: "",
+});
+
+parser.add_argument("--public-ip4", {
+  type: String,
+  default: PUBLIC_IP4,
+  help: "Public IPV4",
+});
+
+parser.add_argument("--public-ip6", {
+  type: String,
+  default: PUBLIC_IP6,
+  help: "Public IPV6",
+});
+
+parser.add_argument("--private-ip4", {
+  type: String,
+  default: PRIVATE_IP4,
+  help: "Private IPV4",
+});
+
+parser.add_argument("--envfile", {
+  type: String,
+  help: "Dataset required to install Drumee",
+});
+
+parser.add_argument("--only-infra", {
+  type: "int",
+  default: 0,
+  help: "If set, write only configs related to infra. Same as no-jitsi",
+});
+
+parser.add_argument("--localhost", {
+  type: "int",
+  default: 0,
+  help: "If set, write minimal configs, no jitsi, no bind",
+});
+
+parser.add_argument("--http-port", {
+  type: "int",
+  default: HTTP_PORT || 80,
+  help: "If set, write minimal configs, no jitsi, no bind",
+});
+
+parser.add_argument("--https-port", {
+  type: "int",
+  default: HTTPS_PORT || 443,
+  help: "If set, write minimal configs, no jitsi, no bind",
+});
+
+parser.add_argument("--data-dir", {
+  type: String,
+  default: DRUMEE_DATA_DIR || "/var/lib/drumee/data",
+  help: "Partition or directory dedicated to store drumee data",
+});
+
+parser.add_argument("--db-dir", {
+  type: String,
+  default: DRUMEE_DB_DIR || "/var/lib/mysql",
+  help: "Partition or directory dedicated to store drumee database",
+});
+
+parser.add_argument("--drumee-root", {
+  type: String,
+  default: DRUMEE_ROOT || "/var/lib/drumee",
+  help: "Drumee main base",
+});
+
+
+parser.add_argument("--no-jitsi", {
+  type: "int",
+  default: 0,
+  help: "If set, won't write configs related to jisit. Same as only-infra",
+});
+
+parser.add_argument("--max-body-size", {
+  type: String,
+  default: MAX_BODY_SIZE || '10G',
+  help: "If set, won't write configs related to jisit. Same as only-infra",
+});
+
+parser.add_argument("--backup-storage", {
+  type: String,
+  default: BACKUP_STORAGE || '10G',
+  help: "If set, the partition or directiry will used to backup Drumee data",
+});
+
+const args = parser.parse_args();
+
+/**
+ * 
+ */
+function hasExistingSettings(envfile = '/etc/drumee/drumee.json') {
+  if (!existsSync(envfile)) return false;
+  const { domain_name } = readFileSync(envfile);
+  if (!domain_name) return false;
+  if (args.reconfigure == 1) {
+    console.log(
+      `There is already a Drumee instance installed on this server but you selected reconfigure\n`,
+      `ALL EXISTING DATA related to ${domain_name} WILL BE LOST\n`,
+    );
+    return false;
+  }
+  console.log(
+    `There is already a Drumee instance installed on this server\n`,
+    `domain name = ${domain_name}\n`,
+    `Use --reconfigure=1 \n`,
+    `********************************************\n`,
+    `* WARNING : ALL EXISTING DATA WILL BE LOST *\n`,
+    `********************************************\n`,
+  );
+  return true;
+}
+
+module.exports = { args, parser, hasExistingSettings };

package/templates/var/lib/bind/private-reverse.tpl

@@ -0,0 +1,17 @@
+$TTL 3D
+$ORIGIN <%= private_reverse_ip4 %>.
+;
+@       IN      SOA     ns1.<%= private_domain %>. master.<%= private_domain %>. (
+                        <%= serial %>   ; serial, today date + today serial
+                        1H              ; refresh, seconds
+                        2H              ; retry, seconds
+                        4W              ; expire, seconds
+                        1D )            ; minimum, seconds
+;
+;
+@			IN  NS      ns1.<%= private_domain %>.
+@			IN  NS      ns2.<%= private_domain %>.
+
+2           IN  PTR     ns1.<%= private_domain %>.
+3           IN  PTR     ns2.<%= private_domain %>.
+3           IN  PTR     smtp.<%= private_domain %>.

package/templates/var/lib/bind/prvate.tpl

@@ -0,0 +1,70 @@
+$TTL 3D
+$ORIGIN <%= private_domain %>.
+;
+@       IN      SOA     ns1.<%= private_domain %>. master.<%= private_domain %>. (
+                        <%= serial %>   ; serial, today date + today serial
+                        1H              ; refresh, seconds
+                        2H              ; retry, seconds
+                        4W              ; expire, seconds
+                        1D )            ; minimum, seconds
+;
+;
+@		60	IN  NS      ns1.<%= private_domain %>.
+@		60	IN  NS      ns2.<%= private_domain %>.
+;
+<% if (typeof(private_ip4) !== "undefined" && private_ip4 != "" ) { %>
+; A records
+@		60	IN	A	    <%= private_ip4 %>
+ns1		60	IN	A	    <%= private_ip4 %>
+ns2		60	IN	A	    <%= private_ip4 %>
+smtp	60	IN	A	    <%= private_ip4 %>
+jit		60	IN	A	    <%= private_ip4 %>
+*		60	IN	A	    <%= private_ip4 %>
+;
+<% } %>
+<% if (typeof(private_ip6) !== "undefined" && private_ip6 != "" ) { %>
+; AAAA records
+@		60	IN	AAAA	<%= private_ip6 %>
+ns1		60	IN	AAAA	<%= private_ip6 %>
+ns2		60	IN	AAAA	<%= private_ip6 %>
+smtp	60	IN	AAAA	<%= private_ip6 %>
+jit		60	IN	AAAA	<%= private_ip6 %>
+*		60	IN	AAAA	<%= private_ip6 %>
+<% } %>
+;
+; CNAME
+;
+www             IN   CNAME  <%= private_domain %>.
+;
+; MX records 
+;
+@               60  IN   MX 10  smtp.<%= private_domain %>.
+
+; TXT records 
+_acme-challenge 60	IN	TXT "acme-challenge"
+@               60	IN	TXT "v=spf1 a ~all"
+@               60	IN	TXT (<%= dkim_key %>)
+;
+;
+; DKIM 
+smtp._domainkey 60  IN  TXT (<%= dkim_key %>)
+dkim._domainkey 60  IN  TXT (<%= dkim_key %>)
+;
+;
+; DMARC 
+_dmarc          60  IN  TXT "v=DMARC1; p=quarantine;  sp=quarantine; aspf=s"
+;
+;
+; Jitsi subdomain
+$ORIGIN <%= jitsi_domain %>.
+;
+<% if (typeof(private_ip4) !== "undefined" && private_ip4 != "" ) { %>
+*		60	IN	A	    <%= private_ip4 %>
+<% } %>
+<% if (typeof(private_ip6) !== "undefined" && private_ip6 != "" ) { %>
+*		60	IN	AAAA	<%= private_ip6 %>
+<% } %>
+;
+; TXT records 
+_acme-challenge 60	IN	TXT	"jit-acme-challenge"
+