@drumee/setup-infra 1.0.28 → 1.0.29

package/bin/init-private

@@ -0,0 +1,40 @@
+#!/bin/bash
+set -e
+source /etc/drumee/drumee.sh
+
+echo "Configuring private domain name..."
+
+if [ "$DRUMEE_PRIVATE_DOMAIN" = "" ]; then
+  if [ "$DRUMEE_DOMAIN_NAME" = "" ]; then
+    export DRUMEE_PRIVATE_DOMAIN=drumee.local
+  else
+    echo "Private domain name not found. Will run only on public mode."
+    exit 0
+  fi
+fi
+
+mydomain=$DRUMEE_PRIVATE_DOMAIN
+outdir=${CERTS_DIR}/${mydomain}_ecc
+
+key=${outdir}/${mydomain}.key
+csr=${outdir}/${mydomain}.csr
+cer=${outdir}/${mydomain}.cer
+
+mkir -p $outdir
+
+C=$(locale --all | grep utf8 | tail -1 | sed  -E "s/^(.+_)|(\..+)$//g")
+if [ "$C" = "" ]; then
+  C=XX
+fi
+
+openssl genpkey -algorithm RSA -out $key
+
+openssl req -new -key $key -out $csr -subj "/C=${C}/ST= /L=Local Domain /O=${DRUMEE_DESCRIPTION} /OU=${DRUMEE_DESCRIPTION} /CN=*.${mydomain} /emailAddress=${ADMIN_EMAIL}"
+
+openssl x509 -req -in $csr -signkey $key -out $cer
+
+openssl x509 -in $cer -noout -text
+
+cp $cer /etc/ssl/certs/
+
+exit 0

package/bin/set-jitsi-conf

@@ -0,0 +1,14 @@
+#!/bin/sh
+if [ -e /etc/drumee/drumee.sh ]; then
+  if [ -e /etc/prosody/defaults/credentials.sh ]; then
+    . /etc/drumee/drumee.sh
+    . /etc/prosody/defaults/credentials.sh
+    . /usr/share/debconf/confmodule
+    turn_secret=$(grep static-auth-secret /etc/turnserver.conf | sed -E "s/^.+=//")
+    db_set jitsi-videobridge/jvb-hostname $JITSI_DOMAIN
+    db_set jitsi-videobridge/jvbsecret $JVB_PASSWORD
+    db_set jicofo/jicofo-authpassword $JICOFO_PASSWORD
+    db_set jitsi-meet-prosody/jvb-hostname $JITSI_DOMAIN
+    db_set jitsi-meet-prosody/turn-secret $turn_secret
+  fi
+fi

package/index.js

@@ -324,7 +324,7 @@ function loadEnvFile(file, opt) {
  */
 function getSysConfigs() {
   let {
-    public_domain, private_domain, private_ip4, public_ip4, public_ip6, backup_storage
+    public_domain, private_domain, private_ip4, public_ip4, public_ip6, backup_storage, ui_plugins_home,
   } = sysEnv();
   if (hasExistingSettings(Template.chroot('etc/drumee/drumee.json'))) {
     exit(0)
@@ -364,6 +364,7 @@ function getSysConfigs() {
     ["public_https_port", DRUMEE_HTTPS_PORT],
     ["public_ip4", public_ip4],
     ["public_ip6", public_ip6],
+    ["ui_plugins_home", ui_plugins_home],
     ["storage_backup", backup_storage], /** Legacy */
   ]
   let data = makeData(opt);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@drumee/setup-infra",
-  "version": "1.0.28",
+  "version": "1.0.29",
   "description": "Drumee Infrastructure Setup Utilities",
   "main": "index.js",
   "scripts": {

package/template.js

@@ -0,0 +1,453 @@
+#!/usr/bin/env node
+
+// ======================================================
+//
+// ======================================================
+const Template = require("./templates");
+const { writeFileSync, readFileSync } = require(`jsonfile`);
+const { exec } = require("shelljs");
+const { join } = require("path");
+const { isString } = require("lodash");
+const { exit } = process;
+const { sysEnv } = require("@drumee/server-essentials");
+const { totalmem } = require('os');
+const ARGV = require('minimist')(process.argv.slice(2));
+const { existsSync } = require("fs");
+
+const {
+  ACME_DIR,
+  ACME_EMAIL_ACCOUNT,
+  ADMIN_EMAIL,
+  DRUMEE_DESCRIPTION,
+  DRUMEE_DOMAIN_NAME,
+  FORCE_INSTALL,
+  NSUPDATE_KEY,
+  PUBLIC_IP4,
+  PUBLIC_IP6,
+} = process.env;
+
+let Dns = require("dns");
+/**
+ *
+ * @param {*} l
+ * @returns
+ */
+function randomString(l = 16) {
+  let crypto = require("crypto");
+  return crypto
+    .randomBytes(16)
+    .toString("base64")
+    .replace(/[\+\/=]+/g, "");
+}
+
+/**
+ *
+ * @param {*} data
+ * @returns
+ */
+function copyFields(data, keys) {
+  let r = {};
+  for (let key of keys) {
+    if (data[key] !== null) {
+      r[key] = data[key];
+    }
+  }
+  return r;
+}
+
+/**
+ *
+ * @param {*} data
+ * @returns
+ */
+function factory(data) {
+  let route = "main";
+  let mode = "dist";
+  let base = `${data.server_dir}/${mode}/${route}/`;
+  return {
+    name: "factory",
+    script: `./index.js`,
+    autorestart: false,
+    cwd: `${base}/offline/factory`,
+    env: copyFields(data, [
+      "domain_name",
+      "domain_desc",
+      "data_dir",
+      "system_user",
+      "system_group",
+      "drumee_root",
+      "cache_dir",
+      "acme_dir",
+      "acme_dns",
+      "acme_email_account",
+      "static_dir",
+      "runtime_dir",
+      "credential_dir",
+    ]),
+    dependencies: [`pm2-logrotate`],
+  };
+}
+
+/**
+ *
+ * @param {*} data
+ * @returns
+ */
+function worker(data, instances = 1, exec_mode = 'fork_mode') {
+  let {
+    script,
+    pushPort,
+    route,
+    restPort,
+    name,
+    server_dir,
+    runtime_dir,
+    mode,
+  } = data;
+  if (!server_dir) server_dir = join(runtime_dir, 'server');
+  let base = `${server_dir}/${mode}/${route}`;
+  return {
+    name,
+    script,
+    cwd: base,
+    args: `--pushPort=${pushPort} --restPort=${restPort}`,
+    route,
+    env: {
+      cwd: base,
+      route,
+      server_home: base,
+    },
+    dependencies: [`pm2-logrotate`],
+    exec_mode,
+    instances
+  };
+}
+
+/***
+ * 
+ */
+function writeTemplates(data, targets) {
+  if (ARGV.readonly || ARGV.noCheck) {
+    console.log("Readonly", targets, data);
+    return
+  }
+  for (let target of targets) {
+    if (isString(target)) {
+      Template.write(data, target, target);
+    } else {
+      let { out, tpl } = target;
+      Template.write(data, out, tpl);
+    }
+  }
+}
+
+/**
+ *
+ */
+function writeEcoSystem(data) {
+  const ports = {
+    pushPort: 23000,
+    restPort: 24000,
+    mode: "dist",
+    route: "main",
+  };
+
+  let main = worker({
+    ...data,
+    ...ports,
+    name: "main",
+    script: "./index.js",
+  });
+
+  let instances = 4;
+  if ((totalmem() / (1024 * 1024 * 1024)) < 2) {
+    instances = 2;
+  } else if ((totalmem() / (1024 * 1024 * 1024) < 6)) {
+    instances = 3;
+  }
+
+  let main_service = worker({
+    ...data,
+    ...ports,
+    name: "main/service",
+    script: "./service.js"
+  }, instances, 'cluster_mode');
+
+  let f = factory(data);
+  let routes = [main, main_service, f];
+  let ecosystem = "/etc/drumee/infrastructure/ecosystem.json";
+  if (ARGV.readonly) {
+    console.log("Readonly", ecosystem, routes);
+    return
+  }
+  writeFileSync(ecosystem, routes, { spaces: 2, EOL: "\r\n" });
+  let targets = [
+    {
+      out: `${data.server_dir}/ecosystem.config.js`,
+      tpl: "server/ecosystem.config.js",
+    },
+  ];
+  writeTemplates({ ecosystem, chroot: Template.chroot }, targets);
+}
+
+/**
+ *
+ */
+function getSysConfigs() {
+  let { domain_name } = sysEnv();
+  if (existsSync('/etc/drumee/drumee.sh') && !FORCE_INSTALL) {
+    console.log(
+      `There is already a domain name configured on this server (${domain_name})\n`, `Use FORCE_INSTALL=yes to override`);
+    exit(0)
+  }
+  domain_name = domain_name || ARGV.domain || DRUMEE_DOMAIN_NAME;
+  if (!domain_name) {
+    console.log("There no domain name defined for the installation");
+    exit(0)
+  }
+
+  let data = { ...sysEnv(), domain_name, domain: domain_name };
+
+  data.chroot = Template.chroot();
+  data.acme_store = join(data.certs_dir, `${data.domain_name}_ecc`);
+  data.ca_server = data.ca_server || data.acme_ssl;
+  if (data.own_ssl && data.certs_dir) {
+    data.own_certs_dir = data.certs_dir;
+  }
+
+  if (!data.acme_dir) {
+    data.acme_dir = ACME_DIR || '/usr/share/acme';
+  }
+
+
+  if (!data.jitsi_domain) {
+    data.jitsi_domain = `jit.${data.domain_name}`;
+  }
+
+  if (!data.nsupdate_key) {
+    data.nsupdate_key = NSUPDATE_KEY || "/etc/bind/keys/update.key";
+  }
+
+  if (!data.domain_desc) {
+    data.domain_desc = DRUMEE_DESCRIPTION || 'My Drumee Box';
+  }
+
+  if (!data.admin_email) {
+    data.admin_email = ADMIN_EMAIL || `admin@${data.domain_name}`;
+  }
+
+  if (!data.acme_email_account) {
+    data.acme_email_account = ACME_EMAIL_ACCOUNT || data.admin_email;
+  }
+
+  if (!data.public_ip4) {
+    data.public_ip4 = PUBLIC_IP4;
+  }
+
+  if (!data.public_ip6) {
+    data.public_ip6 = PUBLIC_IP6;
+  }
+  let d = new Date().toISOString();
+  let [day, hour] = d.split('T')
+  day = day.replace(/\-/g, '');
+  hour = hour.split(':')[0];
+  data.serial = `${day}${hour}`;
+  let target = [
+    "etc/drumee/drumee.sh",
+    {
+      tpl: "etc/bind/db.domain",
+      out: `etc/bind/db.${domain_name}`
+    },
+    "etc/bind/named.conf.local",
+    "etc/bind/named.conf.log",
+    "etc/bind/named.conf.options"
+  ];
+
+  writeTemplates(data, target);
+
+  let args = { ...data };
+  let keys = ["myConf", "chroot", "date"];
+
+  for (let key of keys) {
+    delete args[key];
+  }
+
+  if (ARGV.readonly) {
+    return args;
+  }
+  console.log("Writing main conf into drumee.json");
+  writeFileSync(Template.chroot("etc/drumee/drumee.json"), args, {
+    spaces: 2,
+    EOL: "\r\n",
+  });
+  return args;
+}
+
+/**
+ *
+ */
+function writeInfraConf(data) {
+  writeEcoSystem(data);
+  const etc = 'etc';
+  const nginx = join(etc, 'nginx');
+  const drumee = join(etc, 'drumee');
+  const infra = join(drumee, 'infrastructure');
+  let targets = [
+
+    // Nginx 
+    `${nginx}/sites-enabled/drumee.conf`,
+
+    // Drumee 
+    `${drumee}/ssl/main.conf`,
+    `${drumee}/conf.d/conference.json`,
+    `${drumee}/conf.d/drumee.json`,
+    `${drumee}/conf.d/exchange.json`,
+    `${drumee}/conf.d/myDrumee.json`,
+    `${drumee}/conf.d/conference.json`,
+    `${drumee}/conf.d/drumee.json`,
+    `${drumee}/conf.d/exchange.json`,
+    `${drumee}/conf.d/myDrumee.json`,
+
+    `${infra}/mfs.conf`,
+    `${infra}/routes/main.conf`,
+    `${infra}/internals/accel.conf`
+  ];
+  writeTemplates(data, targets);
+
+}
+
+/**
+ *
+ */
+function writeJitsiConf(data) {
+  const etc = 'etc';
+  const jitsi = join(etc, 'jitsi');
+  const nginx = join(etc, 'nginx');
+  const prosody = join(etc, 'prosody');
+  const drumee = join(etc, 'drumee');
+  let targets = [
+    // Jicofo
+    `${jitsi}/jicofo/config`,
+    `${jitsi}/jicofo/jicofo.conf`,
+    `${jitsi}/jicofo/logging.properties`,
+
+    // Jitsi Video Bridge 
+    `${jitsi}/videobridge/config`,
+    `${jitsi}/videobridge/jvb.conf`,
+    `${jitsi}/videobridge/logging.properties`,
+
+    // Jitsi meet
+    `${jitsi}/ssl.conf`,
+    `${jitsi}/meet.conf`,
+    `${jitsi}/web/config.js`,
+    `${jitsi}/web/interface_config.js`,
+    `${jitsi}/web/defaults/ffdhe2048.txt`,
+
+    // Nginx 
+    `${nginx}/sites-enabled/jitsi.conf`,
+    `${nginx}/modules-enabled/90-turn-relay.conf`,
+    //`${nginx}/sites-enabled/turnrelay.conf`,
+
+    // Prosody 
+    `${prosody}/prosody.cfg.lua`,
+    `${prosody}/defaults/credentials.sh`,
+    {
+      out: `${prosody}/conf.d/${data.jitsi_domain}.cfg.lua`,
+      tpl: `${prosody}/conf.d/vhost.cfg.lua`
+    },
+    // `${prosody}/migrator.cfg.lua`,
+
+    // Turnserver 
+    `${etc}/turnserver.conf`,
+
+    `${drumee}/conf.d/conference.json`,
+
+  ];
+  writeTemplates(data, targets);
+
+}
+
+/**
+ *
+ */
+function makeConfData(data) {
+  const routes = join('etc', 'drumee', 'infrastructure', 'routes');
+  //let jitsi_domain = `jit.${data.domain}`;
+  data = {
+    ...data,
+    turn_sercret: randomString(),
+    prosody_plugins: "/usr/share/jitsi-meet/prosody-plugins/",
+    xmpp_password: randomString(),
+    public_port: 9090,
+    ice_port: 10000,
+    jicofo_password: randomString(),
+    jvb_password: randomString(),
+    app_id: randomString(),
+    app_password: randomString(),
+    //jitsi_domain,
+    ui_base: join(data.ui_base, 'dist', 'main'),
+    location: '/-/',
+    pushPort: 23000,
+    restPort: 24000,
+  };
+  if (!data.export_dir) data.export_dir = null;
+  if (!data.import_dir) data.import_dir = null;
+  return data
+}
+
+/**
+ * 
+ */
+function privateIp() {
+  return new Promise(async (res, rej) => {
+    import("private-ip").then(module => { res(module.default) });
+  })
+}
+
+/**
+ *
+ * @returns
+ */
+function configure() {
+  return new Promise(async (res, rej) => {
+    let data = getSysConfigs();
+    data.chroot = Template.chroot();
+    const isPrivate = await privateIp();
+    let os = require("os");
+    let interfaces = os.networkInterfaces();
+    for (let name in interfaces) {
+      for (let dev of interfaces[name]) {
+        if (dev.family == 'IPv4' && !dev.internal) {
+          if (isPrivate(dev.address)) {
+            data.local_address = dev.address;
+            break;
+          }
+        }
+      }
+      if (data.local_address) break;
+    }
+    //console.log(addr, service);
+    data = makeConfData(data);
+    let func = [];
+    if (!ARGV.infra && !ARGV.jitsi) {
+      func = [writeInfraConf, writeJitsiConf];
+    } else {
+      if (ARGV.infra) func.push(writeInfraConf)
+      if (ARGV.jitsi) func.push(writeJitsiConf)
+    }
+    func.map(function (f) {
+      f(data);
+    })
+    res();
+
+  });
+}
+
+configure()
+  .then(() => {
+    exit(0);
+  })
+  .catch((e) => {
+    console.error("Failed to setup Drumee infra", e);
+    exit(0);
+  });

package/templates/etc/bind/named.conf.private

@@ -0,0 +1,21 @@
+//
+// Configs setup by Drumee setup-infra utility
+//
+
+include "/etc/bind/named.conf.log";
+include "<%= nsupdate_key %>";
+zone "<%= private_domain %>" {
+    type master;
+    file "/var/lib/bind/<%= private_domain %>";
+    allow-query { any; };
+    allow-update { key "update"; };
+    allow-transfer { <%= private_ip4 %>; };
+};
+
+<% if (typeof(private_reverse_ip4) !== "undefined" && private_reverse_ip4 != "" ) { %>
+zone "<%= private_reverse_ip4 %>" {
+    type master;
+    file "/var/lib/bind/<%= private_ip4 %>";
+    allow-query { any; };
+};
+<% } %>

package/templates/etc/bind/named.conf.public

@@ -0,0 +1,21 @@
+//
+// Configs setup by Drumee setup-infra utility
+//
+
+include "/etc/bind/named.conf.log";
+include "<%= nsupdate_key %>";
+zone "<%= public_domain %>" {
+    type master;
+    file "/var/lib/bind/<%= public_domain %>";
+    allow-query { any; };
+    allow-update { key "update"; };
+    allow-transfer { <%= public_ip4 %>; };
+};
+
+<% if (typeof(reverse_ip4) !== "undefined" && reverse_ip4 != "" ) { %>
+zone "<%= reverse_ip4 %>" {
+    type master;
+    file "/var/lib/bind/<%= public_ip4 %>";
+    allow-query { any; };
+};
+<% } %>

package/templates/etc/drumee/conf.d/conference.json.tpl

@@ -0,0 +1,9 @@
+{
+  "domain": "<%= jitsi_domain %>",
+  "hosts": {
+    "domain": "<%= jitsi_domain %>",
+    "muc": "conference.<%= jitsi_domain %>"
+  },
+  "bosh": "https://<%= jitsi_domain %>/http-bind",
+  "auth": ["<%= app_id %>", "<%= app_password %>"]
+}

package/templates/etc/drumee/dnsapi.sh.tpl

@@ -0,0 +1,28 @@
+# -------------------------------------------------------------
+# ! DO NOT EDIT !
+# Config file automatically generated by <setup-infra>
+# Date : <%= date %>
+# -------------------------------------------------------------
+
+export CERTS_DIR=<%= certs_dir %>
+export ACME_DIR=<%= acme_dir %>
+export ACME_DNS=<%= acme_dns %>
+export ACME_EMAIL_ACCOUNT=<%= acme_email_account %>
+export DRUMEE_CACHE_DIR=<%= cache_dir %>
+export DRUMEE_DATA_DIR=<%= data_dir %>
+export DRUMEE_DOMAIN_NAME=<%= domain_name %>
+export DRUMEE_LOG_DIR=<%= log_dir %>
+export DRUMEE_MFS_DIR=<%= data_dir %>/mfs
+export DRUMEE_RUNTIME_DIR=<%= runtime_dir %>
+export DRUMEE_SCHEMAS_DIR=<%= runtime_dir %>/server/schemas
+export DRUMEE_SERVER_HOME=<%= server_dir %>
+export DRUMEE_SERVER_NODE=<%= runtime_dir %>/dist/main/node_modules
+export DRUMEE_STATIC_DIR=<%= static_dir %>
+export DRUMEE_SYSTEM_GROUP=<%= system_group %>
+export DRUMEE_SYSTEM_USER=<%= system_user %>
+export DRUMEE_TMP_DIR=<%= runtime_dir %>/tmp
+export DRUMEE_UI_HOME=<%= runtime_dir %>/ui
+export LE_WORKING_DIR=<%= acme_dir %>
+export OWN_SSL_CERTS_DIR=<%= own_certs_dir %>
+export OWN_SSL=<%= own_ssl %>
+export PUBLIC_UI_ROOT=<%= public_ui_root %>

package/templates/etc/drumee/env.json

@@ -0,0 +1,29 @@
+{
+  "ACME_CA_SERVER":"<%= ca_server %>",
+  "CERTS_DIR":"<%= certs_dir %>",
+  "ACME_DIR":"<%= acme_dir %>",
+  "ACME_DNS":"<%= acme_dns %>",
+  "ACME_EMAIL_ACCOUNT":"<%= acme_email_account %>",
+  "ACME_STORE":"<%= certs_dir %>/<%= domain_name %>_ecc",
+  "APP_ROUTING_MARK":"<%= public_ui_root %>",
+  "CREDENTIAL_DIR": "/etc/drumee/credential",
+  "DOMAIN_DESC": "My Drumee Box",
+  "CACHE_DIR":"<%= cache_dir %>",
+  "DATA_DIR":"<%= data_dir %>",
+  "DOMAIN_NAME":"<%= domain_name %>",
+  "EXPORT_DIR":"<%= export_dir %>",
+  "IMPORT_DIR":"<%= import_dir %>",
+  "LOG_DIR":"<%= log_dir %>",
+  "MFS_DIR":"<%= data_dir %>/mfs",
+  "RUNTIME_DIR":"<%= runtime_dir %>",
+  "SCHEMAS_DIR":"/opt/drumee/schemas",
+  "SERVER_HOME":"<%= server_dir %>",
+  "SERVER_NODE":"<%= runtime_dir %>/dist/main/node_modules",
+  "STATIC_DIR":"<%= static_dir %>",
+  "SYSTEM_GROUP":"<%= system_group %>",
+  "SYSTEM_USER":"<%= system_user %>",
+  "TMP_DIR":"<%= runtime_dir %>/tmp",
+  "UI_HOME":"<%= runtime_dir %>/ui",
+  "JITSI_DOMAIN":"<%= jitsi_domain %>",
+  "PUBLIC_UI_ROOT":"/-"
+}

package/templates/etc/drumee/infrastructure/internals/accel.conf.tpl

@@ -0,0 +1,47 @@
+# -------------------------------------------------------------
+# ! DO NOT EDIT !
+# Config file automatically generated by <setup-infra>
+# Date : <%= date %>
+# -------------------------------------------------------------
+
+location /mfs/ {
+  gzip off;
+  internal;
+  add_header Cache-Control max-age=31536000;
+  add_header Content-Encoding $upstream_http_content_encoding;
+  add_header Access-Control-Allow-Origin <%= domain %>;
+  alias <%= data_dir %>/mfs/;
+}
+
+location /accel/ {
+  gzip off;
+  internal;
+  add_header Cache-Control max-age=31536000;
+  add_header Content-Encoding $upstream_http_content_encoding;
+  add_header Access-Control-Allow-Origin *;
+  alias <%= static_dir %>/;
+}
+
+location /-/static/ {
+  gzip off;
+  add_header Cache-Control max-age=31536000;
+  add_header Content-Encoding $upstream_http_content_encoding;
+  add_header Access-Control-Allow-Origin *;
+  alias <%= static_dir %>/;
+}
+
+location /-/images/ {
+  gzip off;
+  add_header Cache-Control max-age=31536000;
+  add_header Content-Encoding $upstream_http_content_encoding;
+  add_header Access-Control-Allow-Origin *;
+  alias <%= static_dir %>/images/;
+}
+
+location /-/fonts/ {
+  gzip off;
+  add_header Cache-Control max-age=31536000;
+  add_header Content-Encoding $upstream_http_content_encoding;
+  add_header Access-Control-Allow-Origin *;
+  alias <%= static_dir %>/fonts/;
+}