@drumee/setup-infra 1.0.6 → 1.0.8

package/bin/init-acme

@@ -6,8 +6,8 @@ function make_certs(){
   sum=0
   dom=$1
   echo Generating "${dom}" cetificates...
-  ./acme.sh 
-  OPTIONS=--issue -d $dom -d "*.${dom}" --home $ACME_DIR --config-home $ACME_DIR/configs --cert-home $ACME_CERTS_DIR --dns dns_nsupdate
+  OPTIONS="--issue -d $dom -d "*.${dom}" --home $ACME_DIR --config-home $ACME_DIR/configs --cert-home $ACME_CERTS_DIR --dns dns_nsupdate"
+  ./acme.sh $OPTIONS
   while [ ! -f ${ACME_CERTS_DIR}/${dom}_ecc/fullchain.cer ]; do
     ./acme.sh $OPTIONS
     if [ $? = "0" ]; then
@@ -19,6 +19,7 @@ function make_certs(){
     if [ "$sum" -gt "10" ]; then
       echo Failed to create certifiicates. Please run manually
       echo $ACME_DIR/acme.sh  $OPTIONS
+      return
     fi
     sum=$(expr 1 + $sum)
   done

package/bin/install

@@ -4,8 +4,8 @@ set -e
 echo "Configuring Drumee Infrastructure"
 script_dir=$(dirname $(readlink -f $0))
 
-export base=$(dirname $script_dir)
 
+export base=$(dirname $script_dir)
 $base/bin/init-mail $DRUMEE_DOMAIN_NAME
 
 # Write configs 
@@ -16,15 +16,10 @@ if [ -d /etc/cron.d/drumee ]; then
   crontab /etc/cron.d/drumee
 fi 
 
-
-
 source $base/bin/env
-source $base/bin/jitsi
+source $base/bin/prosody
 
-debconf-set-selections $base/bin/preset-jitsi
-if [ "$SKIP_JITSI" = "" ];  then
-  install_jitsi
-fi
+clean_vendor_files
 
 protect_dir $DRUMEE_RUNTIME_DIR "no" "mkdir"
 protect_dir $DRUMEE_DATA_DIR "yes" "mkdir"
@@ -52,10 +47,8 @@ protect_dir $DRUMEE_IMPORT_DIR
 $base/bin/init-named
 $base/bin/init-acme
 
-clean_vendor_files
 setup_dirs
 setup_prosody
-write_version
 
 crontab  < /etc/cron.d/drumee
 echo "Drumee infrastructure done !"

package/bin/{jitsi → prosody}

@@ -43,18 +43,34 @@ function addUser() {
   prosodyctl register ${user} ${host} $secret
 }
 
+#-------------------
+# Sometime service prosody restart is not working
+function restart_prosody() {
+  if [ -f /var/run/prosody/prosody.pid ]; then
+    set +e
+    ppid=$(cat /var/run/prosody/prosody.pid)
+    echo "Prosody PID =$ppid"
+    if [ "$ppid" != "" ]; then
+      kill $ppid;
+      sleep 3
+      service prosody start
+    else
+      service prosody restart
+    fi
+  else
+    service prosody restart
+  fi
+}
 
 #-------------------
 function setup_prosody() {
   echo Configuring prosody creadentials
 
   # Ensure prosody start before using prosodyctl
-  service prosody restart
-  host="auth.${JITSI_DOMAIN}"
-  #jic_pw=$(grep password /etc/jitsi/jicofo/jicofo.conf | awk '{print $3}' | sed -e s/\"//g)
-  #jvb_pw=$(grep PASSWORD /etc/jitsi/videobridge/jvb.conf | awk '{print $3}' | sed -e s/\"//g)
-  addUser focus $JICOFO_PASSWORD $host
-  addUser jvb $JVB_PASSWORD $host
+  restart_prosody
+  auth_host="auth.${JITSI_DOMAIN}"
+  addUser focus $JICOFO_PASSWORD $auth_host
+  addUser jvb $JVB_PASSWORD $auth_host
   addUser $APP_ID $APP_PASSWORD $JITSI_DOMAIN
 
   pub_ip=$(grep public-address /etc/jitsi/videobridge/jvb.conf | awk '{print $3}' | sed -e s/\"//g)
@@ -64,9 +80,8 @@ function setup_prosody() {
       echo "${pub_ip} ${JITSI_DOMAIN}" >>/etc/hosts
     fi
   fi
-  echo Subscribing roster command for focus."${JITSI_DOMAIN}" focus@${host}
-  prosodyctl mod_roster_command subscribe focus."${JITSI_DOMAIN}" focus@${host}
-  #echo prosodyctl mod_roster_command subscribe focus."${JITSI_DOMAIN}" focus@${host}
+  echo prosodyctl mod_roster_command subscribe "focus.${JITSI_DOMAIN}" "focus@${auth_host}"
+  prosodyctl mod_roster_command subscribe "focus.${JITSI_DOMAIN}" "focus@${auth_host}"
   echo Prosody creadentials done
 }
 
@@ -80,46 +95,7 @@ function clean_vendor_files() {
   rm -f /etc/prosody/conf.avail/jaas.cfg.lua
   rm -f /etc/prosody/conf.avail/jitsi.meet.cfg.lua
   rm -rf /etc/prosody/certs/*
+  rm -rf /var/lib/prosody/*jitsi.meet.*
 }
 
-#-------------------
-function restart_prosody() {
-  if [ -f /var/run/prosody/prosody.pid ]; then
-    set +e
-    ppid=$(cat /var/run/prosody/prosody.pid)
-    echo "Prosody PID =$ppid"
-  fi
-}
-
-#-------------------
-function write_version() {
-  echo Creating versions file
-  mkdir -p /etc/jitsi
-  dest=/etc/jitsi/versions.js
-  echo "module.exports={" >$dest
-  dpkg -l | egrep "ii +jitsi" | awk '{print  "\"", $2, "\"", ":", "\"", $3, "\"", ","}' | sed -E "s/ +//g" >>$dest
-  echo "}" >>$dest
-  echo Versions file created
-}
-
-#-------------------
-function install_jitsi() {
-  # Jitsi package
-  echo Checking jitsi-meet packages
-  installed=$(dpkg -l | egrep "^ii +jitsi-meet ")
-  if [ "$installed" = "" -o "$FORCE_INSTALL" = "yes" ]; then
-    key=/etc/apt/trusted.gpg.d/jitsi-key.gpg
-    if [ ! -f $key ]; then
-      curl -sS https://download.jitsi.org/jitsi-key.gpg.key | gpg --dearmor | tee j$key >/dev/null 2>&1
-    fi
 
-    source=/etc/apt/sources.list.d/jitsi-stable.list
-    if [ ! -f $jitsi_source ]; then
-      echo "deb https://download.jitsi.org stable/" | tee $source
-      apt update
-    fi
-    DEBIAN_FRONTEND="noninteractive" apt install -y jitsi-meet
-  else
-    echo "Jitsi package alreay installed. Skipped."
-  fi
-}

package/bin/set-jitsi-conf

@@ -0,0 +1,14 @@
+#!/bin/sh
+if [ -e /etc/drumee/drumee.sh ]; then
+  if [ -e /etc/prosody/defaults/credentials.sh ]; then
+    . /etc/drumee/drumee.sh
+    . /etc/prosody/defaults/credentials.sh
+    . /usr/share/debconf/confmodule
+    turn_secret=$(grep static-auth-secret /etc/turnserver.conf | sed -E "s/^.+=//")
+    db_set jitsi-videobridge/jvb-hostname $JITSI_DOMAIN
+    db_set jitsi-videobridge/jvbsecret $JVB_PASSWORD
+    db_set jicofo/jicofo-authpassword $JICOFO_PASSWORD
+    db_set jitsi-meet-prosody/jvb-hostname $JITSI_DOMAIN
+    db_set jitsi-meet-prosody/turn-secret $turn_secret
+  fi
+fi

package/index.js

@@ -227,7 +227,7 @@ function makeData(opt) {
       if (/.+\+$/.test(value)) {
         value = value.replace(/\+$/, data[key]);
       }
-      data[key] = value || fallback;
+      data[key] = value.trim() || fallback;
     }
   }
   return data;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@drumee/setup-infra",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "description": "Drumee Infrastructure Setup Utilities",
   "main": "index.js",
   "scripts": {

package/templates/etc/drumee/infrastructure/mfs.conf.tpl

@@ -7,10 +7,10 @@
 location / {
   index /-/;
 
-  location ~ (.+)\.(.+)$ {
+  location ~ (.+)$ {
     add_header Cache-Control max-age=31536000;
     fastcgi_hide_header Set-Cookie;
     add_header Access-Control-Allow-Origin <%= domain %>;
-    rewrite /(.+)$ <%= public_ui_root %>/svc/media.raw?p=$1&d=inline;
+    rewrite /(.+)$ <%= public_ui_root %>/svc/media.raw?p=/$1&d=inline;
   }
 }

package/templates/etc/jitsi/meet.conf.tpl

@@ -4,7 +4,9 @@ charset utf8;
 
 client_max_body_size 0;
 
-root /usr/share/jitsi-meet;
+# Disable direct access to jitsi UI
+# root /usr/share/jitsi-meet;
+root <%= static_dir %>;
 
 # ssi on with javascript for multidomain variables in config.js
 ssi on;

package/templates/etc/nginx/sites-enabled/drumee.conf.tpl

@@ -24,6 +24,13 @@ server {
 	root <%= server_dir %>;
 	server_name <%= domain %>; 
 	client_max_body_size <%= max_body_size %>;
+
+	# Security headers
+	add_header X-Content-Type-Options nosniff;
+	add_header X-XSS-Protection "1; mode=block";
+
+	set $prefix "";
+
 	include /etc/drumee/ssl/main.conf;
 	include /etc/drumee/infrastructure/routes/*.conf;
 	include /etc/drumee/infrastructure/internals/*.conf;

package/templates/etc/nginx/sites-enabled/loopback.tpl

@@ -0,0 +1,32 @@
+
+# -------------------------------------------------------------
+# !!!!!!! DO NOT EDIT !!!!!!!!
+# Config file automatically generated by <setup-infra>
+# Purpose     : Provide Nginx config to a specific server
+# Server name : loopback
+# Date        : <%= date %>
+# -------------------------------------------------------------
+
+
+proxy_cache_path <%= cache_dir %>/loopback levels=1:2 keys_zone=loopback_keys_zone:10m max_size=10g inactive=60m;
+server {
+	listen 127.0.0.1:80;
+	server_name _; 
+	#
+	root <%= server_dir %>;
+	server_name _; 
+	client_max_body_size <%= max_body_size %>;
+
+	# Security headers
+	add_header X-Content-Type-Options nosniff;
+	add_header X-XSS-Protection "1; mode=block";
+
+	set $prefix "";
+
+	include /etc/drumee/ssl/main.conf;
+	include /etc/drumee/infrastructure/routes/*.conf;
+	include /etc/drumee/infrastructure/internals/*.conf;
+	include /etc/drumee/infrastructure/mfs.conf;
+}
+
+

package/thidima.sh

@@ -0,0 +1,44 @@
+# Change below values accordingly to you setup
+
+# This text will be shown on the login page
+export DRUMEE_DESCRIPTION="My Drumee Box"
+
+# This is the URL base to access your Drumee Instance
+# It's recommanded not to share the domain name 
+# with any oher applications
+export DRUMEE_DOMAIN_NAME="thidima.org"
+
+# Fix IPV4 address bound to your doamain_name
+export PUBLIC_IP4="51.195.89.55"
+
+# IPV6 address bound to your doamain_name
+export PUBLIC_IP6="2001:41d0:700:4837::"
+
+# This email will be use as the admin account
+export ADMIN_EMAIL="somanos@drumee.com"
+
+# Dedicated to data base server. Do not share with any
+# other application. Default value is /srv/db. 
+# At least 100GB should be allocated 
+export DRUMEE_DB_DIR="/db" 
+
+# Dedicated to Drumee Filesystem Management. 
+# Do not share with any # other application. 
+# Default value is /data 
+# At least 100GB should be allocated 
+export DRUMEE_DATA_DIR="/data" # defaulted to /data 
+
+# Optional setting
+# Drumee use rsync to backup data (FMS, DB and configs)
+# If you plan to make a backup on a remote host, ensure
+# ssh keys are properly setup
+export STORAGE_BACKUP="/backup" # [user@host-or-ip:]/path/
+
+# If not set, will be defaulted to ADMIN_EMAIL.
+# SSL certificates are generated using zerossl.com ACME server
+# This requires an emal to be provided.
+export ACME_EMAIL_ACCOUNT="" 
+
+mkdir -p $DRUMEE_DB_DIR
+mkdir -p $DRUMEE_DATA_DIR
+mkdir -p $STORAGE_BACKUP