Inital commit

JMS/conf.sh

@@ -0,0 +1,65 @@
+#module setup
+mrepo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer
+mbranch=main/JMS
+
+#config ssh
+sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
+systemctl restart sshd > $OUTPUT 2>&1
+
+if [ "$lecert" = "1" ] ; then
+    bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
+fi
+
+##config ufw
+ufw limit 4242/tcp > $OUTPUT 2>&1
+ufw allow 80/tcp > $OUTPUT 2>&1
+ufw allow 443/tcp > $OUTPUT 2>&1
+ufw allow 4443/tcp > $OUTPUT 2>&1
+ufw allow 10000/udp > $OUTPUT 2>&1
+
+#allow other server(s) to connect
+if [ "$extcon" = "1" ] ; then
+    ufw allow in on "$innetworkif" to any port 53
+    ufw allow in on "$innetworkif" to any port 5222
+fi
+echo "y" | ufw enable > $OUTPUT 2>&1
+
+#config dnsmasq
+if [ "$extcon" = "1" ] ; then
+    systemctl stop dnsmasq
+    curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/dnsmasq.conf -o /etc/dnsmasq.d/main.conf 
+    sed -i  -e 's/DOMAINname/'$domain'/g' -e 's/HOSTname/'${domain%%.*}'/g' -e 's/INTif/'$innetworkif'/g'  -e 's/INTip/''/g'  /etc/dnsmasq.d/main.conf
+fi
+
+
+#config Prosody
+systemctl stop prosody jicofo
+compsec=$(sed -n 's/component_secret = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua| head -1| tr -d '"; ')
+turnsec=$(sed -n 's/turncredentials_secret = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua | head -1| tr -d '"; ')
+sslcer=$(sed -n ' s/certificate = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua | head -1| tr -d '"; ')
+sslkey=$(sed -n ' s/key = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua | head -1| tr -d '"; ')
+mv /etc/prosody/conf.avail/$domain.cfg.lua /etc/prosody/conf.avail/$domain.cfg.lua.orig
+curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/prosody-Unconfigured -o /etc/prosody/conf.avail/$domain.cfg.lua
+sed -i  -e 's/DOMAINname/'$domain'/g' -e 's/SSLKEY/'$sslcer'/g' -e 's/SSLKEY/'$sslkey'/g' -e 's/TURNSEC/'$turnsec'/g' -e 's/COMPSEC/'$compsec'/g' /etc/prosody/conf.avail/$domain.cfg.lua
+
+#webappli-config
+sed -i -e "/anonymousdomain:/c\anonymousdomain: 'guest.$domain'," -e '/startWithAudioMuted/c\startWithAudioMuted: true,' -e '/startWithVideoMuted/c\startWithVideoMuted: true,' -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: false,' -e '/liveStreamingEnabled/c\liveStreamingEnabled: false,' -e "/^liveStreamingEnabled:.*/a\ hiddenDomain: 'recorder.$domain'," /etc/jitsi/meet/"$domain"-config.js
+#Jicofo
+echo "org.jitsi.jicofo.auth.URL=XMPP:$domain" >>/etc/jitsi/jicofo/sip-communicator.properties
+
+## jibri prep
+echo "org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.$domain" >>/etc/jitsi/jicofo/sip-communicator.properties
+echo "org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90" >>/etc/jitsi/jicofo/sip-communicator.properties
+
+if [ "$extcon" = "1" ] ; then
+echo 'sed -i -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: true,' /etc/jitsi/meet/"$domain"-config.js' > /opt/EnableJitsiRecordButton.sh
+echo 'sed -i -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: false,' /etc/jitsi/meet/"$domain"-config.js' > /opt/DisableJitsiRecordButton.sh
+fi
+
+#start services
+systemctl enable --now prosody jicofo dnsmasq
+
+#Create users
+prosodyctl register jibri auth.$domain $jibsec
+prosodyctl register recorder recorder.$domain $jibrsec
+prosodyctl register $jituser $domain $jitpasswd

JMS/conf/dnsmasq.conf

@@ -0,0 +1,4 @@
+address=/HOSTname/INTip
+address=/DOMAINname/INTip
+interface=INTif
+no-hosts

JMS/conf/prosody-Unconfigured

@@ -0,0 +1,113 @@
+plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
+
+
+muc_mapper_domain_base = "DOMAINname";
+
+turncredentials_secret = "TURNSEC";
+
+turncredentials = {
+  { type = "stun", host = "DOMAINname", port = "3478" },
+  { type = "turn", host = "DOMAINname", port = "3478", transport = "udp" },
+  { type = "turns", host = "DOMAINname", port = "443", transport = "tcp" }
+};
+
+cross_domain_bosh = false;
+consider_bosh_secure = true;
+
+ssl = {
+  protocol = "tlsv1_2+";
+  ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
+}
+
+
+VirtualHost "guest.DOMAINname"
+    authentication = "anonymous"
+    c2s_require_encryption = false
+    modules_enabled = {
+            "muc_lobby_rooms";
+            "conference_duration";
+        }
+
+    lobby_muc = "lobby.DOMAINname"
+    main_muc = "conference.DOMAINname"
+    muc_lobby_whitelist = { "recorder.DOMAINname" }
+
+VirtualHost "DOMAINname"
+        ssl = {
+                key = "SSLKEY";
+                certificate = "SSLCERT";
+        }
+        speakerstats_component = "speakerstats.DOMAINname"
+        conference_duration_component = "conferenceduration.DOMAINname"
+        -- we need bosh
+        modules_enabled = {
+            "bosh";
+            "pubsub";
+            "ping";
+            "speakerstats";
+            "turncredentials";
+            "conference_duration";
+        }
+        c2s_require_encryption = false
+        lobby_muc = "lobby.DOMAINname"
+        main_muc = "conference.DOMAINname"
+        muc_lobby_whitelist = { "recorder.DOMAINname" } 
+
+Component "conference.DOMAINname" "muc"
+    storage = "memory"
+    modules_enabled = {
+        "muc_meeting_id";
+        "muc_domain_mapper";
+    }
+    admins = { "focus@auth.DOMAINname" }
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+
+Component "internal.auth.DOMAINname" "muc"
+    storage = "memory"
+    modules_enabled = {
+      "ping";
+    }
+    admins = { "focus@auth.DOMAINname", "jvb@auth.DOMAINname" }
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+
+VirtualHost "auth.DOMAINname"
+    ssl = {
+        key = "SSLKEY";
+        certificate = "SSLCERT";
+    }
+    authentication = "internal_plain"
+
+Component "focus.DOMAINname"
+    component_secret = "COMPSEC"
+
+Component "speakerstats.DOMAINname" "speakerstats_component"
+    muc_component = "conference.DOMAINname"
+
+Component "conferenceduration.DOMAINname" "conference_duration_component"
+    muc_component = "conference.DOMAINname"
+
+Component "lobby.DOMAINname" "muc"
+    storage = "memory"
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true        
+    
+    Component "internal.auth.DOMAINname" "muc"
+modules_enabled = { "muc_mam" }
+
+
+Component "internal.auth.DOMAINname" "muc"
+        modules_enabled = {
+                "ping";
+        }
+        storage = "internal"
+        muc_room_cache_size = 1000
+
+
+VirtualHost "recorder.DOMAINname"
+        modules_enabled = {
+                "ping";
+        }
+        authentication = "internal_plain

JMS/generic.pkg.list

@@ -0,0 +1 @@
+ufw

JMS/preconf.sh

@@ -0,0 +1,27 @@
+#module setup
+mrepo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer
+mbranch=main/JMS
+
+#setup repo
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=jitsi osrel=$shortdist bash > $OUTPUT 2>&1
+
+#preconf jitsi
+debconf-set-selections <<< "jitsi-videobridge2 jitsi-videobridge/jvb-hostname string $domain"
+debconf-set-selections <<< "jitsi-meet-web-config jitsi-meet/cert-choice select Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
+
+# Package list for Scalable
+if [ "$jitsipack" = "sc" ] ; then
+    jvbsec=${cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 16}
+    debconf-set-selections <<< "jitsi-meet-prosody jitsi-videobridge/jvbsecret	password $jvbsec"
+    echo "jitsi-meet-web jitsi-meet-web-config jitsi-meet-prosody jicofo jitsi-meet-turnserver prosody" >>  /tmp/pkg.list
+fi
+
+# Package list for standalone
+if [ "$jitsipack" = "sa" ] ; then
+    echo "jitsi-meet jitsi-meet-turnserver " >>  /tmp/pkg.list
+fi
+
+# Packge list to allow for external connections
+if [ "$extcon" = "1" ] ; then
+    echo "dnsmasq" >>  /tmp/pkg.list
+fi