diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2021-01-18 16:46:21 +0100 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2021-01-18 16:46:21 +0100 |
commit | 2c2efdc27684c1382a4949cff8fe06ee36c0f4c0 (patch) | |
tree | c01dd9454deeec6f43ce5ccd94d12138e6f9ea18 /app/build | |
parent | 6c8c861dd50aebf4a12232ecc1fab12c5f83bf03 (diff) | |
parent | ad6017eea058f7cb6fdf078783f992a4f45a3e15 (diff) | |
download | infrastructure-2c2efdc27684c1382a4949cff8fe06ee36c0f4c0.tar.gz infrastructure-2c2efdc27684c1382a4949cff8fe06ee36c0f4c0.zip |
Merge branch 'master' of git.deuxfleurs.fr:Deuxfleurs/infrastructure
Diffstat (limited to 'app/build')
77 files changed, 0 insertions, 2110 deletions
diff --git a/app/build/README.md b/app/build/README.md deleted file mode 100644 index a877cfa..0000000 --- a/app/build/README.md +++ /dev/null @@ -1,8 +0,0 @@ -## How to upgrade our packaged apps to a new version? - - 1. Edit `docker-compose.yml` - 2. Change the `VERSION` variable to the desired version - 3. Increment the docker image tag by 1 (eg: superboum/riot:v13 -> superboum/riot:v14) - 4. Run `docker-compose build` - 5. Run `docker-compose push` - 6. Done diff --git a/app/build/alps/Dockerfile b/app/build/alps/Dockerfile deleted file mode 100644 index 647d90d..0000000 --- a/app/build/alps/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -FROM golang:1.15.6-buster as builder - -ARG VERSION - -ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64 -WORKDIR /tmp/alps - -RUN git init && \ - git remote add origin https://git.sr.ht/~migadu/alps && \ - git fetch --depth 1 origin ${VERSION} && \ - git checkout FETCH_HEAD - -COPY skipverify.patch skipverify.patch - -RUN git apply skipverify.patch && \ - go build -a -o /usr/local/bin/alps ./cmd/alps - -FROM scratch -COPY --from=builder /usr/local/bin/alps /alps -COPY --from=builder /tmp/alps/themes /themes -ENTRYPOINT ["/alps"] diff --git a/app/build/alps/skipverify.patch b/app/build/alps/skipverify.patch deleted file mode 100644 index 14e14cb..0000000 --- a/app/build/alps/skipverify.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 47765c10f1af2013556f76dc63dfa056167ae5e8 Mon Sep 17 00:00:00 2001 -From: Quentin <quentin@deuxfleurs.fr> -Date: Fri, 4 Dec 2020 13:19:24 +0100 -Subject: [PATCH] Skip CA verification - ---- - imap.go | 3 ++- - smtp.go | 3 ++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/imap.go b/imap.go -index 7554331..1a4931d 100644 ---- a/imap.go -+++ b/imap.go -@@ -3,6 +3,7 @@ package alps - import ( - "fmt" - -+ "crypto/tls" - "github.com/emersion/go-imap" - imapclient "github.com/emersion/go-imap/client" - "github.com/emersion/go-message/charset" -@@ -16,7 +17,7 @@ func (s *Server) dialIMAP() (*imapclient.Client, error) { - var c *imapclient.Client - var err error - if s.imap.tls { -- c, err = imapclient.DialTLS(s.imap.host, nil) -+ c, err = imapclient.DialTLS(s.imap.host, &tls.Config{InsecureSkipVerify: true}) - if err != nil { - return nil, fmt.Errorf("failed to connect to IMAPS server: %v", err) - } -diff --git a/smtp.go b/smtp.go -index 5e178f2..8d22f1d 100644 ---- a/smtp.go -+++ b/smtp.go -@@ -3,6 +3,7 @@ package alps - import ( - "fmt" - -+ "crypto/tls" - "github.com/emersion/go-smtp" - ) - -@@ -14,7 +15,7 @@ func (s *Server) dialSMTP() (*smtp.Client, error) { - var c *smtp.Client - var err error - if s.smtp.tls { -- c, err = smtp.DialTLS(s.smtp.host, nil) -+ c, err = smtp.DialTLS(s.smtp.host, &tls.Config{InsecureSkipVerify: true}) - if err != nil { - return nil, fmt.Errorf("failed to connect to SMTPS server: %v", err) - } --- -2.28.0 - diff --git a/app/build/backup-consul/Dockerfile b/app/build/backup-consul/Dockerfile deleted file mode 100644 index 0a5c38f..0000000 --- a/app/build/backup-consul/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -FROM golang:buster as builder - -WORKDIR /root -RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age . - -FROM amd64/debian:buster - -COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age - -RUN apt-get update && \ - apt-get -qq -y full-upgrade && \ - apt-get install -y rsync wget openssh-client unzip && \ - apt-get clean && \ - rm -f /var/lib/apt/lists/*_* - -RUN mkdir -p /root/.ssh -WORKDIR /root - -RUN wget https://releases.hashicorp.com/consul/1.8.5/consul_1.8.5_linux_amd64.zip && \ - unzip consul_1.8.5_linux_amd64.zip && \ - chmod +x consul && \ - mv consul /usr/local/bin && \ - rm consul_1.8.5_linux_amd64.zip - -COPY do_backup.sh /root/do_backup.sh - -CMD "/root/do_backup.sh" - diff --git a/app/build/backup-consul/do_backup.sh b/app/build/backup-consul/do_backup.sh deleted file mode 100755 index a34e7b7..0000000 --- a/app/build/backup-consul/do_backup.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -set -x -e - -cd /root - -chmod 0600 .ssh/id_ed25519 - -cat > .ssh/config <<EOF -Host backuphost - HostName $TARGET_SSH_HOST - Port $TARGET_SSH_PORT - User $TARGET_SSH_USER -EOF - -consul kv export | \ - gzip | \ - age -r "$(cat /root/.ssh/id_ed25519.pub)" | \ - ssh backuphost "cat > $TARGET_SSH_DIR/consul/$(date --iso-8601=minute)_consul_kv_export.gz.age" - diff --git a/app/build/blog-quentin/.dockerenv b/app/build/blog-quentin/.dockerenv deleted file mode 100755 index e69de29..0000000 --- a/app/build/blog-quentin/.dockerenv +++ /dev/null diff --git a/app/build/blog-quentin/Dockerfile b/app/build/blog-quentin/Dockerfile deleted file mode 100644 index 61f5c40..0000000 --- a/app/build/blog-quentin/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -FROM amd64/debian:stretch as builder - -COPY ./quentin.dufour.io/Gemfile /root/quentin.dufour.io/Gemfile - -WORKDIR /root/quentin.dufour.io - -RUN apt-get update && \ - apt-get install -y ruby-dev gem build-essential bundler zlib1g-dev libxml2-dev && \ - bundle install - -COPY ./quentin.dufour.io/ /root/quentin.dufour.io/ -RUN bundle exec jekyll build - -FROM superboum/amd64_webserver:v2 -COPY --from=builder /root/quentin.dufour.io/_site /srv/http - diff --git a/app/build/blog-quentin/README.md b/app/build/blog-quentin/README.md deleted file mode 100644 index 25ac463..0000000 --- a/app/build/blog-quentin/README.md +++ /dev/null @@ -1 +0,0 @@ -sudo docker build -t superboum/amd64_blog:v19 . diff --git a/app/build/coturn/Dockerfile b/app/build/coturn/Dockerfile deleted file mode 100644 index 0d23161..0000000 --- a/app/build/coturn/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -FROM amd64/debian:buster - -RUN apt-get update && \ - apt-get dist-upgrade -y && \ - apt-get install -y \ - coturn - -CMD ["/usr/bin/turnserver"] diff --git a/app/build/coturn/README.md b/app/build/coturn/README.md deleted file mode 100644 index e882146..0000000 --- a/app/build/coturn/README.md +++ /dev/null @@ -1,17 +0,0 @@ - -## Génère l'image -``` -sudo docker build -t registry.gitlab.com/superboum/ankh-morpork/amd64_coturn:v1 . -``` - -## Run bash dans le container -``` -sudo docker run --rm -t -i registry.gitlab.com/superboum/ankh-morpork/amd64_coturn:v1 bash -sudo docker run --rm -t -i -p 3478:3478/udp -p 3479:3479/udp -p 3478:3478/tcp -p 3479:3479/tcp registry.gitlab.com/superboum/ankh-morpork/amd64_coturn:v1 -``` - -## Used ports -- udp/tcp 3478 3479 - -## Publish -sudo docker push registry.gitlab.com/superboum/ankh-morpork/amd64_coturn:v1 diff --git a/app/build/docker-compose.yml b/app/build/docker-compose.yml deleted file mode 100644 index f58bf1f..0000000 --- a/app/build/docker-compose.yml +++ /dev/null @@ -1,92 +0,0 @@ -version: '3.4' -services: - - mariadb: - build: - context: ./mariadb - args: - VERSION: 4 # fake for now - image: superboum/amd64_mariadb:v4 - - # Instant Messaging - riot: - build: - context: ./riotweb - args: - # https://github.com/vector-im/riot-web/releases - VERSION: 1.7.16 - image: superboum/amd64_riotweb:v19 - - synapse: - build: - context: ./matrix-synapse - args: - # https://github.com/matrix-org/synapse/releases - VERSION: 1.25.0 - image: superboum/amd64_synapse:v40 - - # Email - sogo: - build: - context: ./sogo - args: - # fake for now - VERSION: 5.0.0 - image: superboum/amd64_sogo:v7 - - alps: - build: - context: ./alps - args: - VERSION: 5cef0aaff2b8b6ee3e00b566123517e241d8cfb8 - image: superboum/amd64_alps:v1 - - # VoIP - jitsi-meet: - build: - context: ./jitsi-meet - args: - # https://github.com/jitsi/jitsi-meet - PREFIXV: stable/jitsi-meet_ - VERSION: 5390 - image: superboum/amd64_jitsi_meet:v3 - - jitsi-conference-focus: - build: - context: ./jitsi-conference-focus - args: - # https://github.com/jitsi/jicofo - PREFIXV: stable/jitsi-meet_ - VERSION: 5390 - image: superboum/amd64_jitsi_conference_focus:v6 - - jitsi-videobridge: - build: - context: ./jitsi-videobridge - args: - # https://github.com/jitsi/jitsi-videobridge - PREFIXV: stable/jitsi-meet_ - VERSION: 5390 - image: superboum/amd64_jitsi_videobridge:v16 - - jitsi-xmpp: - build: - context: ./jitsi-xmpp - args: - VERSION: 0.11.2-1 - image: superboum/amd64_jitsi_xmpp:v8 - - plume: - build: - context: ./plume - args: - VERSION: 0.6.0 - image: superboum/plume:v2 - - postfix: - build: - context: ./postfix - args: - # https://packages.debian.org/fr/buster/postfix - VERSION: 3.4.14-0+deb10u1 - image: superboum/amd64_postfix:v3 diff --git a/app/build/dovecot/.gitignore b/app/build/dovecot/.gitignore deleted file mode 100644 index 71a04e2..0000000 --- a/app/build/dovecot/.gitignore +++ /dev/null @@ -1 +0,0 @@ -dovecot-ldap.conf diff --git a/app/build/dovecot/Dockerfile b/app/build/dovecot/Dockerfile deleted file mode 100644 index 9b87627..0000000 --- a/app/build/dovecot/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM amd64/debian:stretch - -RUN apt-get update && \ - apt-get install -y \ - dovecot-antispam \ - dovecot-core \ - dovecot-imapd \ - dovecot-ldap \ - dovecot-managesieved \ - dovecot-sieve \ - dovecot-lmtpd && \ - rm -rf /etc/dovecot/* -RUN useradd mailstore -COPY ./conf/* /etc/dovecot/ -COPY entrypoint.sh /usr/local/bin/entrypoint - -ENTRYPOINT ["/usr/local/bin/entrypoint"] diff --git a/app/build/dovecot/README.md b/app/build/dovecot/README.md deleted file mode 100644 index 8c9f372..0000000 --- a/app/build/dovecot/README.md +++ /dev/null @@ -1,18 +0,0 @@ -``` -sudo docker build -t superboum/amd64_dovecot:v2 . -``` - - -``` -sudo docker run -t -i \ - -e TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=www.deuxfleurs.fr" \ - -p 993:993 \ - -p 143:143 \ - -p 24:24 \ - -p 1337:1337 \ - -v /mnt/glusterfs/email/ssl:/etc/ssl/ \ - -v /mnt/glusterfs/email/mail:/var/mail \ - -v `pwd`/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf \ - superboum/amd64_dovecot:v1 \ - dovecot -F -``` diff --git a/app/build/dovecot/conf/all_before.sieve b/app/build/dovecot/conf/all_before.sieve deleted file mode 100644 index 7d2e57e..0000000 --- a/app/build/dovecot/conf/all_before.sieve +++ /dev/null @@ -1,5 +0,0 @@ -require ["fileinto", "mailbox"]; -if header :contains "X-Spam-Flag" "YES" { - fileinto :create "Junk"; -} - diff --git a/app/build/dovecot/conf/dovecot-ldap.sample.conf b/app/build/dovecot/conf/dovecot-ldap.sample.conf deleted file mode 100644 index 472d5e8..0000000 --- a/app/build/dovecot/conf/dovecot-ldap.sample.conf +++ /dev/null @@ -1,8 +0,0 @@ -hosts = ldap.example.com -dn = cn=admin,dc=example,dc=com -dnpass = s3cr3t -base = dc=example,dc=com -scope = subtree -user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=example,dc=com))) -pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=example,dc=com))) -user_attrs = mail=/var/mail/%{ldap:mail} diff --git a/app/build/dovecot/conf/dovecot.conf b/app/build/dovecot/conf/dovecot.conf deleted file mode 100644 index 0d5068c..0000000 --- a/app/build/dovecot/conf/dovecot.conf +++ /dev/null @@ -1,79 +0,0 @@ -auth_mechanisms = plain login -auth_username_format = %u -log_timestamp = "%Y-%m-%d %H:%M:%S " -mail_location = maildir:/var/mail/%u -mail_privileged_group = mail - -log_path = /dev/stderr -info_log_path = /dev/stdout -debug_log_path = /dev/stdout - -protocols = imap sieve lmtp - -ssl_cert = < /etc/ssl/certs/dovecot.crt -ssl_key = < /etc/ssl/private/dovecot.key - -service auth { - inet_listener { - port = 1337 - } -} - -passdb { - args = /etc/dovecot/dovecot-ldap.conf - driver = ldap -} - -service lmtp { - inet_listener lmtp { - address = 0.0.0.0 - port = 24 - } -} - -service imap-login { - inet_listener imap { - port = 143 - } - inet_listener imaps { - port = 993 - } -} - -userdb { - args = uid=mailstore gid=mailstore home=/var/mail/%u - driver = static -} - -protocol imap { - mail_plugins = $mail_plugins imap_sieve -} - -protocol lda { - auth_socket_path = /var/run/dovecot/auth-master - info_log_path = /var/log/dovecot-deliver.log - log_path = /var/log/dovecot-deliver-errors.log - postmaster_address = postmaster@deuxfleurs.fr - mail_plugins = $mail_plugins sieve -} - -plugin { - sieve = file:~/sieve;active=~/dovecot.sieve - sieve_before = /etc/dovecot/all_before.sieve - - # antispam learn - sieve_plugins = sieve_imapsieve sieve_extprograms - sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug - sieve_pipe_bin_dir = /usr/bin - - imapsieve_mailbox1_name = Junk - imapsieve_mailbox1_causes = COPY FLAG APPEND - imapsieve_mailbox1_before = file:/etc/dovecot/report-spam.sieve - - imapsieve_mailbox2_name = * - imapsieve_mailbox2_from = Spam - imapsieve_mailbox2_causes = COPY APPEND - imapsieve_mailbox2_before = file:/etc/dovecot/report-ham.sieve - -} - diff --git a/app/build/dovecot/conf/report-ham.sieve b/app/build/dovecot/conf/report-ham.sieve deleted file mode 100644 index c5a994a..0000000 --- a/app/build/dovecot/conf/report-ham.sieve +++ /dev/null @@ -1,17 +0,0 @@ -require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables", "vnd.dovecot.debug"]; - -if environment :matches "imap.mailbox" "*" { - set "mailbox" "${1}"; -} - -if string "${mailbox}" "Trash" { - stop; -} - -if environment :matches "imap.user" "*" { - set "username" "${1}"; -} - -pipe :copy "sa-learn" [ "--ham", "-u", "debian-spamd" ]; -debug_log "ham reported by ${username}"; - diff --git a/app/build/dovecot/conf/report-spam.sieve b/app/build/dovecot/conf/report-spam.sieve deleted file mode 100644 index 1be7389..0000000 --- a/app/build/dovecot/conf/report-spam.sieve +++ /dev/null @@ -1,9 +0,0 @@ -require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables", "vnd.dovecot.debug"]; - -if environment :matches "imap.user" "*" { - set "username" "${1}"; -} - -pipe :copy "sa-learn" [ "--spam", "-u", "debian-spamd"]; -debug_log "spam reported by ${username}"; - diff --git a/app/build/dovecot/entrypoint.sh b/app/build/dovecot/entrypoint.sh deleted file mode 100755 index 2165d8f..0000000 --- a/app/build/dovecot/entrypoint.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -if [[ ! -f /etc/ssl/certs/dovecot.crt || ! -f /etc/ssl/private/dovecot.key ]]; then - cd /root - openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout dovecot.key \ - -out dovecot.crt - - mkdir -p /etc/ssl/{certs,private}/ - - cp dovecot.crt /etc/ssl/certs/dovecot.crt - cp dovecot.key /etc/ssl/private/dovecot.key - chmod 400 /etc/ssl/certs/dovecot.crt - chmod 400 /etc/ssl/private/dovecot.key -fi - -if [[ $(stat -c '%U' /var/mail/) != "mailstore" ]]; then - chown -R mailstore /var/mail -fi - -exec "$@" diff --git a/app/build/jitsi-conference-focus/Dockerfile b/app/build/jitsi-conference-focus/Dockerfile deleted file mode 100644 index e2c459c..0000000 --- a/app/build/jitsi-conference-focus/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM debian:buster AS builder - -ARG PREFIXV -ARG VERSION -RUN apt-get update && \ - apt-get install -y openjdk-11-jdk maven wget unzip && \ - wget https://github.com/jitsi/jicofo/archive/${PREFIXV}${VERSION}.zip -O jicofo.zip - -RUN unzip jicofo.zip && \ - mv jicofo*${VERSION} jicofo && \ - cd jicofo && \ - mvn package -DskipTests -Dassembly.skipAssembly=false && \ - unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \ - mv jicofo-1.1-SNAPSHOT /srv/build - -FROM debian:buster - -RUN apt-get update && \ - apt-get install -y openjdk-11-jre-headless ca-certificates - -ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi" - -COPY --from=builder /srv/build /srv/jicofo -COPY jicofo /usr/local/bin/jicofo -COPY sip-communicator.properties /root/.sip-communicator/sip-communicator.properties - -CMD ["/usr/local/bin/jicofo"] diff --git a/app/build/jitsi-conference-focus/jicofo b/app/build/jitsi-conference-focus/jicofo deleted file mode 100755 index 2bc6e3f..0000000 --- a/app/build/jitsi-conference-focus/jicofo +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -cp ${JITSI_CERTS_FOLDER}/auth.jitsi.deuxfleurs.fr.crt /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt -update-ca-certificates -f - -cat >> /etc/hosts <<EOF -${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr -127.0.0.1 `hostname` -EOF - -/srv/jicofo/jicofo.sh \ - --host=${JITSI_PROSODY_HOST} \ - --domain=jitsi.deuxfleurs.fr \ - --secret=${JITSI_SECRET_JICOFO_COMPONENT} \ - --user_domain=auth.jitsi.deuxfleurs.fr \ - --user_password=${JITSI_SECRET_JICOFO_USER} diff --git a/app/build/jitsi-conference-focus/sip-communicator.properties b/app/build/jitsi-conference-focus/sip-communicator.properties deleted file mode 100644 index 53c32e2..0000000 --- a/app/build/jitsi-conference-focus/sip-communicator.properties +++ /dev/null @@ -1,2 +0,0 @@ -org.jitsi.jicofo.SHORT_ID=1 -org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr diff --git a/app/build/jitsi-meet/Dockerfile b/app/build/jitsi-meet/Dockerfile deleted file mode 100644 index feef115..0000000 --- a/app/build/jitsi-meet/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -FROM debian:buster AS builder - -ARG PREFIXV -ARG VERSION - -RUN apt-get update && \ - apt-get install -y curl && \ - curl -sL https://deb.nodesource.com/setup_14.x | bash - && \ - apt-get install -y git nodejs make wget unzip && \ - wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${VERSION}.zip -O jitsi-meet.zip - -RUN unzip jitsi-meet.zip && \ - mv jitsi-meet-*${VERSION} jitsi-meet && \ - cd jitsi-meet && \ - npm install && \ - make - -FROM debian:buster - -COPY --from=builder /jitsi-meet /srv/jitsi-meet -RUN apt-get update && \ - apt-get install -y nginx && \ - rm /etc/nginx/sites-enabled/* - -COPY config.js /srv/jitsi-meet/config.js -COPY entrypoint.sh /usr/local/bin/entrypoint -ENTRYPOINT ["/usr/local/bin/entrypoint"] -CMD ["/usr/sbin/nginx", "-g", "daemon off;"] diff --git a/app/build/jitsi-meet/config.js b/app/build/jitsi-meet/config.js deleted file mode 100644 index 18ff319..0000000 --- a/app/build/jitsi-meet/config.js +++ /dev/null @@ -1,517 +0,0 @@ -/* eslint-disable no-unused-vars, no-var */ - -var config = { - // Connection - // - - hosts: { - // XMPP domain. - domain: 'jitsi.deuxfleurs.fr', - - // When using authentication, domain for guest users. - // anonymousdomain: 'guest.example.com', - - // Domain for authenticated users. Defaults to <domain>. - // authdomain: 'jitsi-meet.example.com', - - // Jirecon recording component domain. - // jirecon: 'jirecon.jitsi-meet.example.com', - - // Call control component (Jigasi). - // call_control: 'callcontrol.jitsi-meet.example.com', - - // Focus component domain. Defaults to focus.<domain>. - // focus: 'focus.jitsi-meet.example.com', - - // XMPP MUC domain. FIXME: use XEP-0030 to discover it. - muc: 'conference.jitsi.deuxfleurs.fr' - }, - - // BOSH URL. FIXME: use XEP-0156 to discover it. - bosh: '//jitsi.deuxfleurs.fr/http-bind', - - // Websocket URL - // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket', - - // The name of client node advertised in XEP-0115 'c' stanza - clientNode: 'http://jitsi.org/jitsimeet', - - // The real JID of focus participant - can be overridden here - // focusUserJid: 'focus@auth.jitsi-meet.example.com', - - - // Testing / experimental features. - // - - testing: { - // Enables experimental simulcast support on Firefox. - enableFirefoxSimulcast: false, - - // P2P test mode disables automatic switching to P2P when there are 2 - // participants in the conference. - p2pTestMode: false - - // Enables the test specific features consumed by jitsi-meet-torture - // testMode: false - - // Disables the auto-play behavior of *all* newly created video element. - // This is useful when the client runs on a host with limited resources. - // noAutoPlayVideo: false - }, - - // Disables ICE/UDP by filtering out local and remote UDP candidates in - // signalling. - // webrtcIceUdpDisable: false, - - // Disables ICE/TCP by filtering out local and remote TCP candidates in - // signalling. - // webrtcIceTcpDisable: false, - - - // Media - // - - // Audio - - // Disable measuring of audio levels. - // disableAudioLevels: false, - // audioLevelsInterval: 200, - - // Enabling this will run the lib-jitsi-meet no audio detection module which - // will notify the user if the current selected microphone has no audio - // input and will suggest another valid device if one is present. - enableNoAudioDetection: true, - - // Enabling this will run the lib-jitsi-meet noise detection module which will - // notify the user if there is noise, other than voice, coming from the current - // selected microphone. The purpose it to let the user know that the input could - // be potentially unpleasant for other meeting participants. - enableNoisyMicDetection: true, - - // Start the conference in audio only mode (no video is being received nor - // sent). - // startAudioOnly: false, - - // Every participant after the Nth will start audio muted. - // startAudioMuted: 10, - - // Start calls with audio muted. Unlike the option above, this one is only - // applied locally. FIXME: having these 2 options is confusing. - // startWithAudioMuted: false, - - // Enabling it (with #params) will disable local audio output of remote - // participants and to enable it back a reload is needed. - // startSilent: false - - // Video - - // Sets the preferred resolution (height) for local video. Defaults to 720. - resolution: 480, - - // w3c spec-compliant video constraints to use for video capture. Currently - // used by browsers that return true from lib-jitsi-meet's - // util#browser#usesNewGumFlow. The constraints are independency from - // this config's resolution value. Defaults to requesting an ideal aspect - // ratio of 16:9 with an ideal resolution of 720. - constraints: { - video: { - aspectRatio: 16 / 9, - height: { - ideal: 480, - max: 720, - min: 240 - } - } - }, - - // Enable / disable simulcast support. - // disableSimulcast: false, - - // Enable / disable layer suspension. If enabled, endpoints whose HD - // layers are not in use will be suspended (no longer sent) until they - // are requested again. - // enableLayerSuspension: false, - - // Every participant after the Nth will start video muted. - // startVideoMuted: 10, - - // Start calls with video muted. Unlike the option above, this one is only - // applied locally. FIXME: having these 2 options is confusing. - // startWithVideoMuted: false, - - // If set to true, prefer to use the H.264 video codec (if supported). - // Note that it's not recommended to do this because simulcast is not - // supported when using H.264. For 1-to-1 calls this setting is enabled by - // default and can be toggled in the p2p section. - // preferH264: true, - - // If set to true, disable H.264 video codec by stripping it out of the - // SDP. - // disableH264: false, - - // Desktop sharing - - // The ID of the jidesha extension for Chrome. - desktopSharingChromeExtId: null, - - // Whether desktop sharing should be disabled on Chrome. - // desktopSharingChromeDisabled: false, - - // The media sources to use when using screen sharing with the Chrome - // extension. - desktopSharingChromeSources: [ 'screen', 'window', 'tab' ], - - // Required version of Chrome extension - desktopSharingChromeMinExtVersion: '0.1', - - // Whether desktop sharing should be disabled on Firefox. - // desktopSharingFirefoxDisabled: false, - - // Optional desktop sharing frame rate options. Default value: min:5, max:5. - // desktopSharingFrameRate: { - // min: 5, - // max: 5 - // }, - - // Try to start calls with screen-sharing instead of camera video. - // startScreenSharing: false, - - // Recording - - // Whether to enable file recording or not. - // fileRecordingsEnabled: false, - // Enable the dropbox integration. - // dropbox: { - // appKey: '<APP_KEY>' // Specify your app key here. - // // A URL to redirect the user to, after authenticating - // // by default uses: - // // 'https://jitsi-meet.example.com/static/oauth.html' - // redirectURI: - // 'https://jitsi-meet.example.com/subfolder/static/oauth.html' - // }, - // When integrations like dropbox are enabled only that will be shown, - // by enabling fileRecordingsServiceEnabled, we show both the integrations - // and the generic recording service (its configuration and storage type - // depends on jibri configuration) - // fileRecordingsServiceEnabled: false, - // Whether to show the possibility to share file recording with other people - // (e.g. meeting participants), based on the actual implementation - // on the backend. - // fileRecordingsServiceSharingEnabled: false, - - // Whether to enable live streaming or not. - // liveStreamingEnabled: false, - - // Transcription (in interface_config, - // subtitles and buttons can be configured) - // transcribingEnabled: false, - - // Enables automatic turning on captions when recording is started - // autoCaptionOnRecord: false, - - // Misc - - // Default value for the channel "last N" attribute. -1 for unlimited. - channelLastN: -1, - - // Disables or enables RTX (RFC 4588) (defaults to false). - // disableRtx: false, - - // Disables or enables TCC (the default is in Jicofo and set to true) - // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting - // affects congestion control, it practically enables send-side bandwidth - // estimations. - // enableTcc: true, - - // Disables or enables REMB (the default is in Jicofo and set to false) - // (draft-alvestrand-rmcat-remb-03). This setting affects congestion - // control, it practically enables recv-side bandwidth estimations. When - // both TCC and REMB are enabled, TCC takes precedence. When both are - // disabled, then bandwidth estimations are disabled. - // enableRemb: false, - - // Defines the minimum number of participants to start a call (the default - // is set in Jicofo and set to 2). - // minParticipants: 2, - - // Use XEP-0215 to fetch STUN and TURN servers. - // useStunTurn: true, - - // Enable IPv6 support. - // useIPv6: true, - - // Enables / disables a data communication channel with the Videobridge. - // Values can be 'datachannel', 'websocket', true (treat it as - // 'datachannel'), undefined (treat it as 'datachannel') and false (don't - // open any channel). - // openBridgeChannel: true, - - - // UI - // - - // Use display name as XMPP nickname. - // useNicks: false, - - // Require users to always specify a display name. - // requireDisplayName: true, - - // Whether to use a welcome page or not. In case it's false a random room - // will be joined when no room is specified. - enableWelcomePage: true, - - // Enabling the close page will ignore the welcome page redirection when - // a call is hangup. - // enableClosePage: false, - - // Disable hiding of remote thumbnails when in a 1-on-1 conference call. - // disable1On1Mode: false, - - // Default language for the user interface. - defaultLanguage: 'fr', - - // If true all users without a token will be considered guests and all users - // with token will be considered non-guests. Only guests will be allowed to - // edit their profile. - enableUserRolesBasedOnToken: false, - - // Whether or not some features are checked based on token. - // enableFeaturesBasedOnToken: false, - - // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests. - // lockRoomGuestEnabled: false, - - // When enabled the password used for locking a room is restricted to up to the number of digits specified - // roomPasswordNumberOfDigits: 10, - // default: roomPasswordNumberOfDigits: false, - - // Message to show the users. Example: 'The service will be down for - // maintenance at 01:00 AM GMT, - // noticeMessage: '', - - // Enables calendar integration, depends on googleApiApplicationClientID - // and microsoftApiApplicationClientID - // enableCalendarIntegration: false, - - // Stats - // - - // Whether to enable stats collection or not in the TraceablePeerConnection. - // This can be useful for debugging purposes (post-processing/analysis of - // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth - // estimation tests. - // gatherStats: false, - - // The interval at which PeerConnection.getStats() is called. Defaults to 10000 - // pcStatsInterval: 10000, - - // To enable sending statistics to callstats.io you must provide the - // Application ID and Secret. - // callStatsID: '', - // callStatsSecret: '', - - // enables sending participants display name to callstats - // enableDisplayNameInStats: false - - // enables sending participants email if available to callstats and other analytics - // enableEmailInStats: false - - // Privacy - // - - // If third party requests are disabled, no other server will be contacted. - // This means avatars will be locally generated and callstats integration - // will not function. - // disableThirdPartyRequests: false, - - - // Peer-To-Peer mode: used (if enabled) when there are just 2 participants. - // - - p2p: { - // Enables peer to peer mode. When enabled the system will try to - // establish a direct connection when there are exactly 2 participants - // in the room. If that succeeds the conference will stop sending data - // through the JVB and use the peer to peer connection instead. When a - // 3rd participant joins the conference will be moved back to the JVB - // connection. - enabled: true, - - // Use XEP-0215 to fetch STUN and TURN servers. - // useStunTurn: true, - - // The STUN servers that will be used in the peer to peer connections - stunServers: [ - - // { urls: 'stun:jitsi-meet.example.com:443' }, - { urls: 'stun:stun.l.google.com:19302' }, - { urls: 'stun:stun1.l.google.com:19302' }, - { urls: 'stun:stun2.l.google.com:19302' } - ], - - // Sets the ICE transport policy for the p2p connection. At the time - // of this writing the list of possible values are 'all' and 'relay', - // but that is subject to change in the future. The enum is defined in - // the WebRTC standard: - // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum. - // If not set, the effective value is 'all'. - // iceTransportPolicy: 'all', - - // If set to true, it will prefer to use H.264 for P2P calls (if H.264 - // is supported). - preferH264: true, - - // If set to true, disable H.264 video codec by stripping it out of the - // SDP. - // disableH264: false, - - // How long we're going to wait, before going back to P2P after the 3rd - // participant has left the conference (to filter out page reload). - backToP2PDelay: 60 - }, - - analytics: { - // The Google Analytics Tracking ID: - // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' - - // The Amplitude APP Key: - // amplitudeAPPKey: '<APP_KEY>' - - // Array of script URLs to load as lib-jitsi-meet "analytics handlers". - // scriptURLs: [ - // "libs/analytics-ga.min.js", // google-analytics - // "https://example.com/my-custom-analytics.js" - // ], - }, - - // Information about the jitsi-meet instance we are connecting to, including - // the user region as seen by the server. - deploymentInfo: { - // shard: "shard1", - // region: "europe", - // userRegion: "asia" - } - - // Information for the chrome extension banner - // chromeExtensionBanner: { - // // The chrome extension to be installed address - // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', - - // // Extensions info which allows checking if they are installed or not - // chromeExtensionsInfo: [ - // { - // id: 'kglhbbefdnlheedjiejgomgmfplipfeb', - // path: 'jitsi-logo-48x48.png' - // } - // ] - // } - - // Local Recording - // - - // localRecording: { - // Enables local recording. - // Additionally, 'localrecording' (all lowercase) needs to be added to - // TOOLBAR_BUTTONS in interface_config.js for the Local Recording - // button to show up on the toolbar. - // - // enabled: true, - // - - // The recording format, can be one of 'ogg', 'flac' or 'wav'. - // format: 'flac' - // - - // } - - // Options related to end-to-end (participant to participant) ping. - // e2eping: { - // // The interval in milliseconds at which pings will be sent. - // // Defaults to 10000, set to <= 0 to disable. - // pingInterval: 10000, - // - // // The interval in milliseconds at which analytics events - // // with the measured RTT will be sent. Defaults to 60000, set - // // to <= 0 to disable. - // analyticsInterval: 60000, - // } - - // If set, will attempt to use the provided video input device label when - // triggering a screenshare, instead of proceeding through the normal flow - // for obtaining a desktop stream. - // NOTE: This option is experimental and is currently intended for internal - // use only. - // _desktopSharingSourceDevice: 'sample-id-or-label' - - // If true, any checks to handoff to another application will be prevented - // and instead the app will continue to display in the current browser. - // disableDeepLinking: false - - // A property to disable the right click context menu for localVideo - // the menu has option to flip the locally seen video for local presentations - // disableLocalVideoFlip: false - - // Deployment specific URLs. - // deploymentUrls: { - // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for - // // user documentation. - // userDocumentationURL: 'https://docs.example.com/video-meetings.html', - // // If specified a 'Download our apps' button will be displayed in the overflow menu with a link - // // to the specified URL for an app download page. - // downloadAppsUrl: 'https://docs.example.com/our-apps.html' - // } - - // List of undocumented settings used in jitsi-meet - /** - _immediateReloadThreshold - autoRecord - autoRecordToken - debug - debugAudioLevels - deploymentInfo - dialInConfCodeUrl - dialInNumbersUrl - dialOutAuthUrl - dialOutCodesUrl - disableRemoteControl - displayJids - etherpad_base - externalConnectUrl - firefox_fake_device - googleApiApplicationClientID - iAmRecorder - iAmSipGateway - microsoftApiApplicationClientID - peopleSearchQueryTypes - peopleSearchUrl - requireDisplayName - tokenAuthUrl - */ - - // List of undocumented settings used in lib-jitsi-meet - /** - _peerConnStatusOutOfLastNTimeout - _peerConnStatusRtcMuteTimeout - abTesting - avgRtpStatsN - callStatsConfIDNamespace - callStatsCustomScriptUrl - desktopSharingSources - disableAEC - disableAGC - disableAP - disableHPF - disableNS - enableLipSync - enableTalkWhileMuted - forceJVB121Ratio - hiddenDomain - ignoreStartMuted - nick - startBitrate - */ - -}; - -/* eslint-enable no-unused-vars, no-var */ - diff --git a/app/build/jitsi-meet/entrypoint.sh b/app/build/jitsi-meet/entrypoint.sh deleted file mode 100755 index 1cd96dc..0000000 --- a/app/build/jitsi-meet/entrypoint.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -cat > /etc/nginx/sites-available/jitsi <<EOF -server_names_hash_bucket_size 64; - -server { - listen 0.0.0.0:${NGINX_PORT} ssl http2 default_server; - listen [::]:${NGINX_PORT} ssl http2 default_server; - server_name _; - ssl_certificate ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.crt; - ssl_certificate_key ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.key; - root /srv/jitsi-meet; - index index.html; - location ~ ^/([a-zA-Z0-9=\?]+)$ { - rewrite ^/(.*)$ / break; - } - location / { - ssi on; - } - # BOSH, Bidirectional-streams Over Synchronous HTTP - # https://en.wikipedia.org/wiki/BOSH_(protocol) - location /http-bind { - proxy_pass http://${JITSI_PROSODY_BOSH_HOST}:${JITSI_PROSODY_BOSH_PORT}/http-bind; - proxy_set_header X-Forwarded-For \$remote_addr; - proxy_set_header Host \$http_host; - } - # external_api.js must be accessible from the root of the - # installation for the electron version of Jitsi Meet to work - # https://github.com/jitsi/jitsi-meet-electron - location /external_api.js { - alias /srv/jitsi-meet/libs/external_api.min.js; - } -} -EOF - -ln -sf /etc/nginx/sites-available/jitsi /etc/nginx/sites-enabled/jitsi - -exec "$@" diff --git a/app/build/jitsi-videobridge/Dockerfile b/app/build/jitsi-videobridge/Dockerfile deleted file mode 100644 index c17fb4f..0000000 --- a/app/build/jitsi-videobridge/Dockerfile +++ /dev/null @@ -1,30 +0,0 @@ -FROM debian:buster AS builder - -ARG PREFIXV -ARG VERSION - -RUN apt-get update && \ - apt-get install -y wget unzip maven openjdk-11-jdk && \ - wget https://github.com/jitsi/jitsi-videobridge/archive/${PREFIXV}${VERSION}.zip -O jvb.zip - -RUN unzip jvb.zip && \ - mv jitsi-videobridge*${VERSION} jvb && \ - cd jvb && \ - mvn package -DskipTests && \ - ls jvb/target && \ - unzip jvb/target/jitsi-videobridge*.zip && \ - mv jitsi-videobridge-*-SNAPSHOT build - -FROM debian:buster - -RUN apt-get update && \ - apt-get install -y openjdk-11-jre-headless - -COPY --from=builder /jvb/build /srv/jvb -ENV HOME=/root -WORKDIR /root -COPY jvb_run /usr/local/bin/jvb_run - -ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi" - -CMD ["/usr/local/bin/jvb_run"] diff --git a/app/build/jitsi-videobridge/jvb_run b/app/build/jitsi-videobridge/jvb_run deleted file mode 100755 index b86c911..0000000 --- a/app/build/jitsi-videobridge/jvb_run +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash - -cat >> /etc/hosts <<EOF -${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr -127.0.0.1 `hostname` -EOF - -mkdir -p /root/.sip-communicator - -cat > /root/.sip-communicator/sip-communicator.properties <<EOF -# Enable broadcasting stats/presence in a MUC -org.jitsi.videobridge.ENABLE_STATISTICS=true -org.jitsi.videobridge.STATISTICS_TRANSPORT=muc - -# Connect to the first XMPP server -org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=jitsi.deuxfleurs.fr -org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi.deuxfleurs.fr -org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb -org.jitsi.videobridge.xmpp.user.shard.PASSWORD=${JITSI_SECRET_VIDEOBRIDGE} -org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr -org.jitsi.videobridge.xmpp.user.shard.MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr -org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=singleton -org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true - -# Do we need it? @FIXME -org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false - -# NAT things, two times just in case... -org.ice4j.ice.harvest.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP} -org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP} -org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP} -org.jitsi.videobridge.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP} -org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP} -org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP} -org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false -EOF - -[ -v JITSI_DEBUG ] && cat >> /root/.sip-communicator/sip-communicator.properties <<EOF -net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=true -net.java.sip.communicator.packetlogging.PACKET_LOGGING_ARBITRARY_ENABLED=true -net.java.sip.communicator.packetlogging.PACKET_LOGGING_SIP_ENABLED=true -net.java.sip.communicator.packetlogging.PACKET_LOGGING_JABBER_ENABLED=true -net.java.sip.communicator.packetlogging.PACKET_LOGGING_RTP_ENABLED=true -net.java.sip.communicator.packetlogging.PACKET_LOGGING_ICE4j_ENABLED=true -net.java.sip.communicator.packetlogging.PACKET_LOGGING_FILE_COUNT=1 -net.java.sip.communicator.packetlogging.PACKET_LOGGING_FILE_SIZE=-1 -EOF - -/srv/jvb/jvb.sh \ - --host=${JITSI_PROSODY_HOST} \ - --domain=jitsi.deuxfleurs.fr \ - --port=5347 \ - --secret=${JITSI_SECRET_VIDEOBRIDGE} \ - --apis=xmpp,rest diff --git a/app/build/jitsi-xmpp/Dockerfile b/app/build/jitsi-xmpp/Dockerfile deleted file mode 100644 index f3dcd36..0000000 --- a/app/build/jitsi-xmpp/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM debian:buster - -ARG VERSION - -RUN apt-get update && \ - apt-get install -y prosody=${VERSION} - -COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua -COPY xmpp_conf /usr/local/bin/xmpp_conf -COPY xmpp_gen /usr/local/bin/xmpp_gen -COPY xmpp_run /usr/local/bin/xmpp_run - -CMD ["/usr/local/bin/xmpp_run"] diff --git a/app/build/jitsi-xmpp/external_components.cfg.lua b/app/build/jitsi-xmpp/external_components.cfg.lua deleted file mode 100644 index beaaa87..0000000 --- a/app/build/jitsi-xmpp/external_components.cfg.lua +++ /dev/null @@ -1,2 +0,0 @@ -component_ports = { 5347 } -component_interface = "0.0.0.0" diff --git a/app/build/jitsi-xmpp/xmpp_conf b/app/build/jitsi-xmpp/xmpp_conf deleted file mode 100755 index 34b2cb3..0000000 --- a/app/build/jitsi-xmpp/xmpp_conf +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -cat >> /etc/hosts <<EOF -${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr -127.0.0.1 `hostname` -EOF - -mkdir -p /etc/prosody/conf.{d,avail}/ -cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF -http_ports = { ${JITSI_PROSODY_BOSH_PORT} } - -VirtualHost "jitsi.deuxfleurs.fr" - authentication = "anonymous" - ssl = { - key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key"; - certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt"; - } - modules_enabled = { - "bosh"; - "pubsub"; - } - c2s_require_encryption = false - -VirtualHost "auth.jitsi.deuxfleurs.fr" - ssl = { - key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key"; - certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt"; - } - authentication = "internal_plain" - admins = { "focus@auth.jitsi.deuxfleurs.fr"} - -Component "conference.jitsi.deuxfleurs.fr" "muc" -Component "internal.auth.jitsi.deuxfleurs.fr" "muc" - storage = "memory" - modules_enabled = { "ping"; } - admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" } - -Component "jitsi-videobridge.jitsi.deuxfleurs.fr" - component_secret = "${JITSI_SECRET_VIDEOBRIDGE}" -Component "focus.jitsi.deuxfleurs.fr" - component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}" - -EOF - -ln -sf \ - /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \ - /etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua - - diff --git a/app/build/jitsi-xmpp/xmpp_gen b/app/build/jitsi-xmpp/xmpp_gen deleted file mode 100755 index 3a2e04a..0000000 --- a/app/build/jitsi-xmpp/xmpp_gen +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -/usr/local/bin/xmpp_conf - -prosodyctl cert generate jitsi.deuxfleurs.fr -prosodyctl cert generate auth.jitsi.deuxfleurs.fr - -cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER} -cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER} diff --git a/app/build/jitsi-xmpp/xmpp_run b/app/build/jitsi-xmpp/xmpp_run deleted file mode 100755 index 6383b65..0000000 --- a/app/build/jitsi-xmpp/xmpp_run +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -/usr/local/bin/xmpp_conf -cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/ -chown -R prosody:prosody /var/lib/prosody - -mkdir -p /usr/local/share/ca-certificates/ -ln -sf \ - /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \ - /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt - -prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} -prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE} - -mkdir /run/prosody -touch /run/prosody/prosody.pid -chown -R prosody:prosody /run/prosody - -cd /var/lib/prosody -su - prosody -s /bin/bash -c prosody diff --git a/app/build/landing/README.md b/app/build/landing/README.md deleted file mode 100644 index 5d2cb2b..0000000 --- a/app/build/landing/README.md +++ /dev/null @@ -1,3 +0,0 @@ -``` -docker build -t superboum/amd64_landing:v8 . -``` diff --git a/app/build/mariadb/60-disable-dialog.cnf b/app/build/mariadb/60-disable-dialog.cnf deleted file mode 100644 index d41731a..0000000 --- a/app/build/mariadb/60-disable-dialog.cnf +++ /dev/null @@ -1,3 +0,0 @@ -[mariadb] -pam_use_cleartext_plugin -bind-address = 0.0.0.0 diff --git a/app/build/mariadb/60-ldap.cnf b/app/build/mariadb/60-ldap.cnf deleted file mode 100644 index 72ffb9f..0000000 --- a/app/build/mariadb/60-ldap.cnf +++ /dev/null @@ -1,3 +0,0 @@ -[mariadb] -plugin-load=auth_pam.so - diff --git a/app/build/mariadb/60-remote.cnf b/app/build/mariadb/60-remote.cnf deleted file mode 100644 index acf8f9b..0000000 --- a/app/build/mariadb/60-remote.cnf +++ /dev/null @@ -1,2 +0,0 @@ -[mysqld] -bind-address = * diff --git a/app/build/mariadb/Dockerfile b/app/build/mariadb/Dockerfile deleted file mode 100644 index 15ef954..0000000 --- a/app/build/mariadb/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM debian:stretch - -RUN apt-get update && \ - apt-get dist-upgrade -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server mariadb-client libnss-ldapd - -COPY 60-ldap.cnf /etc/mysql/mariadb.conf.d/60-ldap.cnf -COPY 60-remote.cnf /etc/mysql/mariadb.conf.d/60-remote.cnf -COPY 60-disable-dialog.cnf /etc/mysql/mariadb.conf.d/60-disable-dialog.cnf -COPY pam-mariadb /etc/pam.d/mariadb -COPY nsswitch.conf /etc/nsswitch.conf -COPY entrypoint.sh /usr/local/bin/entrypoint - -ENTRYPOINT ["/usr/local/bin/entrypoint"] diff --git a/app/build/mariadb/README.md b/app/build/mariadb/README.md deleted file mode 100644 index 1a3b8aa..0000000 --- a/app/build/mariadb/README.md +++ /dev/null @@ -1,19 +0,0 @@ -``` -sudo docker build -t superboum/amd64_mariadb:v3 . - -sudo docker run \ - -t -i \ - -p 3306:3306 \ - -v /tmp/mysql:/var/lib/mysql \ - -e LDAP_URI='ldap://bottin.service.2.cluster.deuxfleurs.fr' \ - -e LDAP_BASE='ou=users,dc=deuxfleurs,dc=fr' \ - -e LDAP_VERSION=3 \ - -e LDAP_BIND_DN='cn=admin,dc=deuxfleurs,dc=fr' \ - -e LDAP_BIND_PW='xxxx' \ - -e MYSQL_PASSWORD='xxxx' \ - superboum/amd64_mariadb:v1 \ - tail -f /var/log/mysql/error.log - -CREATE USER quentin@localhost IDENTIFIED VIA pam USING 'mariadb'; - -``` diff --git a/app/build/mariadb/entrypoint.sh b/app/build/mariadb/entrypoint.sh deleted file mode 100755 index 7ebf049..0000000 --- a/app/build/mariadb/entrypoint.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -set -e - -cat > /etc/nslcd.conf <<EOF -# /etc/nslcd.conf -# nslcd configuration file. See nslcd.conf(5) -# for details. - -# The user and group nslcd should run as. -uid nslcd -gid nslcd - -# The location at which the LDAP server(s) should be reachable. -uri ${LDAP_URI} - -# The search base that will be used for all queries. -base ${LDAP_BASE} - -# The LDAP protocol version to use. -ldap_version ${LDAP_VERSION} - -# The DN to bind with for normal lookups. -binddn ${LDAP_BIND_DN} -bindpw ${LDAP_BIND_PW} - -# The DN used for password modifications by root. -#rootpwmoddn cn=admin,dc=example,dc=com - -# SSL options -#ssl off -#tls_reqcert never -tls_cacertfile /etc/ssl/certs/ca-certificates.crt - -# The search scope. -#scope sub -EOF - -/usr/sbin/nslcd - -chown mysql:mysql /var/lib/mysql -[ -z "$(ls -A /var/lib/mysql)" ] && mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql - -/usr/bin/mysqld_safe & - -until ls /var/run/mysqld/mysqld.sock; do sleep 1; done -/usr/bin/mysqladmin -u root password ${MYSQL_PASSWORD} || true - -exec "$@" - diff --git a/app/build/mariadb/nsswitch.conf b/app/build/mariadb/nsswitch.conf deleted file mode 100644 index 853348e..0000000 --- a/app/build/mariadb/nsswitch.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/nsswitch.conf -# -# Example configuration of GNU Name Service Switch functionality. -# If you have the `glibc-doc-reference' and `info' packages installed, try: -# `info libc "Name Service Switch"' for information about this file. - -passwd: files ldap -group: files ldap -shadow: files ldap -gshadow: files - -hosts: files dns -networks: files - -protocols: db files -services: db files -ethers: db files -rpc: db files - -netgroup: nis - diff --git a/app/build/mariadb/pam-mariadb b/app/build/mariadb/pam-mariadb deleted file mode 100644 index e1bb814..0000000 --- a/app/build/mariadb/pam-mariadb +++ /dev/null @@ -1,2 +0,0 @@ -auth required pam_ldap.so -account required pam_ldap.so diff --git a/app/build/matrix-synapse/Dockerfile b/app/build/matrix-synapse/Dockerfile deleted file mode 100644 index b8480d5..0000000 --- a/app/build/matrix-synapse/Dockerfile +++ /dev/null @@ -1,47 +0,0 @@ -FROM amd64/debian:buster as builder - -ARG VERSION -RUN apt-get update && \ - apt-get -qq -y full-upgrade && \ - apt-get install -y \ - python3 \ - python3-pip \ - python3-dev \ - python3-setuptools \ - libffi-dev \ - build-essential \ - libssl-dev \ - libjpeg-dev \ - libjpeg62-turbo-dev \ - libxml2-dev \ - zlib1g-dev \ - # postgresql-dev \ - libpq-dev \ - virtualenv \ - libxslt1-dev && \ - virtualenv /root/matrix-env -p /usr/bin/python3 && \ - . /root/matrix-env/bin/activate && \ - pip3 install \ - https://github.com/matrix-org/synapse/archive/v${VERSION}.tar.gz#egg=matrix-synapse[matrix-synapse-ldap3,postgres,resources.consent,saml2,url_preview] - -FROM amd64/debian:buster - -RUN apt-get update && \ - apt-get -qq -y full-upgrade && \ - apt-get install -y \ - python3 \ - python3-distutils \ - libffi6 \ - libjpeg62-turbo \ - libssl1.1 \ - libxslt1.1 \ - libpq5 \ - zlib1g \ - libjemalloc2 \ - ca-certificates - -ENV LD_PRELOAD /usr/lib/x86_64-linux-gnu/libjemalloc.so.2 -COPY --from=builder /root/matrix-env /root/matrix-env -COPY entrypoint.sh /usr/local/bin/entrypoint - -ENTRYPOINT ["/usr/local/bin/entrypoint"] diff --git a/app/build/matrix-synapse/entrypoint.sh b/app/build/matrix-synapse/entrypoint.sh deleted file mode 100755 index b93a702..0000000 --- a/app/build/matrix-synapse/entrypoint.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -. /root/matrix-env/bin/activate -exec "$@" diff --git a/app/build/nextcloud/Dockerfile b/app/build/nextcloud/Dockerfile deleted file mode 100644 index 9f817f6..0000000 --- a/app/build/nextcloud/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM debian:10 - -RUN apt-get update && \ - apt-get -qq -y full-upgrade - -RUN apt-get install -y apache2 php php-gd php-mbstring php-pgsql php-curl php-dom php-xml php-zip \ - php-intl php-ldap php-fileinfo php-exif php-apcu php-redis php-imagick unzip curl wget && \ - phpenmod gd && \ - phpenmod curl && \ - phpenmod mbstring && \ - phpenmod pgsql && \ - phpenmod dom && \ - phpenmod zip && \ - phpenmod intl && \ - phpenmod ldap && \ - phpenmod fileinfo && \ - phpenmod exif && \ - phpenmod apcu && \ - phpenmod redis && \ - phpenmod imagick && \ - phpenmod xml - -COPY container-setup.sh /tmp -RUN /tmp/container-setup.sh - -COPY entrypoint.sh / -CMD /entrypoint.sh diff --git a/app/build/nextcloud/container-setup.sh b/app/build/nextcloud/container-setup.sh deleted file mode 100755 index 8330291..0000000 --- a/app/build/nextcloud/container-setup.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh - -set -ex - -curl https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip > /tmp/nextcloud.zip -cd /var/www -unzip /tmp/nextcloud.zip -rm /tmp/nextcloud.zip -mv html html.old -mv nextcloud html - -cd html -mkdir data - -cd apps -wget https://github.com/nextcloud/tasks/releases/download/v0.13.1/tasks.tar.gz -tar xf tasks.tar.gz -wget https://github.com/nextcloud/maps/releases/download/v0.1.6/maps-0.1.6.tar.gz -tar xf maps-0.1.6.tar.gz -wget https://github.com/nextcloud/calendar/releases/download/v2.0.3/calendar.tar.gz -tar xf calendar.tar.gz -wget https://github.com/nextcloud/news/releases/download/14.1.11/news.tar.gz -tar xf news.tar.gz -wget https://github.com/nextcloud/notes/releases/download/v3.6.0/notes.tar.gz -tar xf notes.tar.gz -wget https://github.com/nextcloud/contacts/releases/download/v3.3.0/contacts.tar.gz -tar xf contacts.tar.gz -wget https://github.com/nextcloud/mail/releases/download/v1.4.0/mail.tar.gz -tar xf mail.tar.gz -wget https://github.com/nextcloud/groupfolders/releases/download/v6.0.6/groupfolders.tar.gz -tar xf groupfolders.tar.gz -rm *.tar.gz - -chown -R www-data:www-data /var/www/html - -cd /var/www/html -php occ diff --git a/app/build/nextcloud/entrypoint.sh b/app/build/nextcloud/entrypoint.sh deleted file mode 100755 index 72b4f94..0000000 --- a/app/build/nextcloud/entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -set -xe - -chown www-data:www-data /var/www/html/config/config.php -touch /var/www/html/data/.ocdata - -exec apachectl -DFOREGROUND diff --git a/app/build/opendkim/Dockerfile b/app/build/opendkim/Dockerfile deleted file mode 100644 index 70a39e4..0000000 --- a/app/build/opendkim/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -FROM amd64/debian:buster - -RUN apt-get update && \ - apt-get dist-upgrade -y && \ - apt-get install -y opendkim opendkim-tools - -COPY ./opendkim.conf /etc/opendkim.conf -CMD opendkim -f -v -x /etc/opendkim.conf diff --git a/app/build/opendkim/README.md b/app/build/opendkim/README.md deleted file mode 100644 index e146125..0000000 --- a/app/build/opendkim/README.md +++ /dev/null @@ -1,12 +0,0 @@ -``` -sudo docker build -t superboum/amd64_opendkim:v1 . -``` - -``` -sudo docker run -t -i \ - -v `pwd`/conf:/etc/dkim \ - -v /dev/log:/dev/log \ - -p 8999:8999 - superboum/amd64_opendkim:v1 - opendkim -f -v -x /etc/opendkim.conf -``` diff --git a/app/build/opendkim/opendkim.conf b/app/build/opendkim/opendkim.conf deleted file mode 100644 index 0d6465f..0000000 --- a/app/build/opendkim/opendkim.conf +++ /dev/null @@ -1,12 +0,0 @@ -Syslog yes -SyslogSuccess yes -LogWhy yes -UMask 007 -Mode sv -OversignHeaders From -TrustAnchorFile /usr/share/dns/root.key -KeyTable refile:/etc/dkim/keytable -SigningTable refile:/etc/dkim/signingtable -ExternalIgnoreList refile:/etc/dkim/trusted -InternalHosts refile:/etc/dkim/trusted -Socket inet:8999 diff --git a/app/build/plume/Dockerfile b/app/build/plume/Dockerfile deleted file mode 100644 index 4e05424..0000000 --- a/app/build/plume/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -FROM rust:1.47.0-slim-buster as builder - -RUN apt-get update && \ - apt-get install -y \ - pkg-config \ - git \ - curl \ - postgresql \ - postgresql-contrib \ - libpq-dev \ - gettext \ - git \ - curl \ - gcc \ - make \ - openssl \ - libssl-dev \ - libclang-dev - -ARG VERSION -WORKDIR /opt -RUN git clone -n https://git.joinplu.me/Plume/Plume.git plume - -WORKDIR /opt/plume -RUN git checkout ${VERSION} - -RUN cargo install diesel_cli --no-default-features --features postgres --version '=1.3.0' - -# frontend -RUN cargo install cargo-web -RUN cargo web deploy -p plume-front --release -# backend -RUN cargo install --no-default-features --features postgres -f --path . -# cli -RUN cargo install --no-default-features --features postgres --path plume-cli -RUN cargo clean - -#----------------------------- -FROM debian:bullseye-slim - -RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates \ - libpq5 \ - libssl1.1 - -WORKDIR /app - -COPY --from=builder /opt/plume /app -COPY --from=builder /usr/local/cargo/bin/diesel /usr/local/bin/ -COPY --from=builder /usr/local/cargo/bin/plm /usr/local/bin/ -COPY --from=builder /usr/local/cargo/bin/plume /usr/local/bin/ -COPY plm-start /usr/local/bin/ - -CMD ["plm-start"] diff --git a/app/build/plume/README.md b/app/build/plume/README.md deleted file mode 100644 index 6d86d81..0000000 --- a/app/build/plume/README.md +++ /dev/null @@ -1,3 +0,0 @@ -Try build: - -sudo docker build -t superboum/plume:v1 --build-arg VERSION=003dcf861a9f55720b03d52f2f95f5f59e338809 . diff --git a/app/build/plume/plm-start b/app/build/plume/plm-start deleted file mode 100755 index da9d288..0000000 --- a/app/build/plume/plm-start +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -until plm migration run; - do sleep 2; -done -plm search init -plm instance new --domain "$DOMAIN_NAME" --name "$INSTANCE_NAME" --private - -plume diff --git a/app/build/postfix/Dockerfile b/app/build/postfix/Dockerfile deleted file mode 100644 index 0c74fdc..0000000 --- a/app/build/postfix/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM amd64/debian:buster - -ARG VERSION - -RUN apt-get update && \ - apt-get install -y \ - postfix=$VERSION \ - postfix-ldap - -COPY entrypoint.sh /usr/local/bin/entrypoint - -ENTRYPOINT ["/usr/local/bin/entrypoint"] -CMD ["postfix", "start-fg"] diff --git a/app/build/postfix/README.md b/app/build/postfix/README.md deleted file mode 100644 index ac44fc0..0000000 --- a/app/build/postfix/README.md +++ /dev/null @@ -1,18 +0,0 @@ -``` -sudo docker build -t superboum/amd64_postfix:v1 . -``` - -``` -sudo docker run -t -i \ - -e TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" \ - -e MAILNAME="smtp.deuxfleurs.fr" \ - -p 25:25 \ - -p 465:465 \ - -p 587:587 \ - -v `pwd`/../../ansible/roles/container_conf/files/email/postfix-conf:/etc/postfix-conf \ - -v /mnt/glusterfs/email/postfix-ssl/private:/etc/ssl/private \ - -v /mnt/glusterfs/email/postfix-ssl/certs:/etc/ssl/certs \ - superboum/amd64_postfix:v1 \ - bash -``` - diff --git a/app/build/postfix/entrypoint.sh b/app/build/postfix/entrypoint.sh deleted file mode 100755 index fcf1a66..0000000 --- a/app/build/postfix/entrypoint.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -if [[ ! -f /etc/ssl/certs/postfix.crt || ! -f /etc/ssl/private/postfix.key ]]; then - cd /root - openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout postfix.key \ - -out postfix.crt - - mkdir -p /etc/ssl/{certs,private}/ - - cp postfix.crt /etc/ssl/certs/postfix.crt - cp postfix.key /etc/ssl/private/postfix.key - chmod 400 /etc/ssl/certs/postfix.crt - chmod 400 /etc/ssl/private/postfix.key -fi - -# A way to map files inside the postfix folder :s -for file in $(ls /etc/postfix-conf); do - cp /etc/postfix-conf/${file} /etc/postfix/${file} -done - -echo ${MAILNAME} > /etc/mailname -postmap /etc/postfix/transport - -exec "$@" diff --git a/app/build/postgres/Dockerfile b/app/build/postgres/Dockerfile deleted file mode 100644 index bb018b8..0000000 --- a/app/build/postgres/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM amd64/debian:stretch - -RUN echo "deb http://deb.debian.org/debian stretch-backports main contrib non-free # available after stretch release" > /etc/apt/sources.list.d/stretch-backports.list && \ - apt-get update && \ - apt-get -qq -y full-upgrade && \ - apt-get install -y postgresql-all golang-1.11 git && \ - export GOPATH=/usr/local/go && \ - mkdir -p /usr/local/go/src/github.com/sorintlab && \ - cd /usr/local/go/src/github.com/sorintlab && \ - git clone --depth=1 https://github.com/sorintlab/stolon && \ - ln -s /usr/lib/go-1.11/bin/go /usr/bin/go && \ - ln -s /usr/lib/go-1.11/bin/gofmt /usr/bin/gofmt && \ - cd ./stolon && \ - ./build && \ - mv /usr/local/go/src/github.com/sorintlab/stolon/bin/* /usr/local/bin/ && \ - rm -rf /usr/local/go - -USER postgres - diff --git a/app/build/postgres/README.md b/app/build/postgres/README.md deleted file mode 100644 index d2f7a12..0000000 --- a/app/build/postgres/README.md +++ /dev/null @@ -1,4 +0,0 @@ -``` -docker build -t superboum/arm32v7_postgres . -docker build -t superboum/amd64_postgres:v2 . -``` diff --git a/app/build/postgres/postgresql.conf b/app/build/postgres/postgresql.conf deleted file mode 100644 index 8e0af2b..0000000 --- a/app/build/postgres/postgresql.conf +++ /dev/null @@ -1,25 +0,0 @@ -data_directory = '/var/lib/postgresql/9.6/main' # use data in another directory -hba_file = '/etc/postgresql/9.6/main/pg_hba.conf' # host-based authentication file -ident_file = '/etc/postgresql/9.6/main/pg_ident.conf' # ident configuration file -external_pid_file = '/var/run/postgresql/9.6-main.pid' # write an extra PID file -listen_addresses = '*' #listen on every ip / interfaces -port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) -unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories -ssl = true # (change requires restart) -ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart) -ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' # (change requires restart) -shared_buffers = 128MB # min 128kB -dynamic_shared_memory_type = posix # the default is the first option -log_line_prefix = '%m [%p] %q%u@%d ' # special values: -log_timezone = 'UTC' -cluster_name = '9.6/main' # added to process titles if nonempty -stats_temp_directory = '/var/run/postgresql/9.6-main.pg_stat_tmp' -datestyle = 'iso, mdy' -timezone = 'UTC' -lc_messages = 'C.UTF-8' # locale for system error message -lc_monetary = 'C.UTF-8' # locale for monetary formatting -lc_numeric = 'C.UTF-8' # locale for number formatting -lc_time = 'C.UTF-8' # locale for time formatting -default_text_search_config = 'pg_catalog.english' - diff --git a/app/build/postgres/start.sh b/app/build/postgres/start.sh deleted file mode 100755 index f1d493f..0000000 --- a/app/build/postgres/start.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -if [ -f /local/pg_hba.conf ]; then - echo "Copying Nomad configuration..." - cp /local/pg_hba.conf /etc/postgresql/9.6/main/ - echo "Done" -fi - - -if [ -z "$(ls -A /var/lib/postgresql/9.6/main)" ]; then - echo "Copying base" - cp -r /var/lib/postgresql/9.6/base/* /var/lib/postgresql/9.6/main - echo "Done" -fi - -chmod -R 700 /var/lib/postgresql/9.6/main -chown -R postgres /var/lib/postgresql/9.6/main - -echo "Starting postgres..." -. /usr/share/postgresql-common/init.d-functions -start 9.6 -tail -f /var/log/postgresql/postgresql-9.6-main.log diff --git a/app/build/riotweb/Dockerfile b/app/build/riotweb/Dockerfile deleted file mode 100644 index c768e87..0000000 --- a/app/build/riotweb/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM amd64/debian:buster as builder - -ARG VERSION -WORKDIR /root - -RUN apt-get update && \ - apt-get install -y wget && \ - wget https://github.com/vector-im/element-web/releases/download/v${VERSION}/element-v${VERSION}.tar.gz && \ - tar xf element-v${VERSION}.tar.gz && \ - mv element-v${VERSION}/ riot/ - -FROM superboum/amd64_webserver:v3 -COPY --from=builder /root/riot /srv/http diff --git a/app/build/seafile/Dockerfile b/app/build/seafile/Dockerfile deleted file mode 100644 index 88dee4f..0000000 --- a/app/build/seafile/Dockerfile +++ /dev/null @@ -1,46 +0,0 @@ -FROM amd64/debian:buster as builder - -ENV VERSION 7.0.5 - -RUN apt-get update && \ - apt-get dist-upgrade -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y wget tar && \ - wget https://download.seadrive.org/seafile-server_${VERSION}_x86-64.tar.gz -O ./seafile.tar.gz && \ - tar xf ./seafile.tar.gz && \ - mv seafile-server-${VERSION} seafile-server - -FROM amd64/debian:buster - -COPY --from=builder ./seafile-server /srv/webstore/seafile-server - -RUN apt-get update && \ - apt-get dist-upgrade -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y \ - python \ - mariadb-client \ - python2.7 \ - libpython2.7 \ - python-setuptools \ - python-ldap \ - python-urllib3 \ - ffmpeg \ - python-pip \ - python-mysqldb \ - python-memcache \ - procps \ - python-requests && \ - pip install Pillow==4.3.0 && \ - pip install moviepy && \ - useradd -u 1000 -d /srv/webstore seauser && \ - chown -R seauser:1000 /srv/webstore/ - -RUN mkdir -p /usr/local/lib/mariadb/plugin/ && \ - ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/mysql_clear_password.so /usr/local/lib/mariadb/plugin/ && \ - ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/dialog.so /usr/local/lib/mariadb/plugin/ - -WORKDIR /srv/webstore/seafile-server -COPY seadocker /usr/local/bin/seadocker -COPY seaenv /usr/local/bin/seaenv - -ENTRYPOINT ["/usr/local/bin/seaenv"] -CMD ["/usr/local/bin/seadocker"] diff --git a/app/build/seafile/README.md b/app/build/seafile/README.md deleted file mode 100644 index 26d04e0..0000000 --- a/app/build/seafile/README.md +++ /dev/null @@ -1,27 +0,0 @@ - -```bash -sudo docker build -t superboum/amd64_seafile:v5 . -``` - -When upgrading, connect on a production server and run: - -```bash -nomad stop seafile -sudo docker build -t superboum/amd64_seafile:v6 . - -sudo docker run -t -i \ - -v /mnt/glusterfs/seafile:/mnt/seafile-data \ - -v /mnt/glusterfs/seaconf/conf:/srv/webstore/conf \ - -v /mnt/glusterfs/seaconf/ccnet:/srv/webstore/ccnet \ - superboum/amd64_seafile:v5 - -# See: -# * https://download.seafile.com/published/seafile-manual/deploy/upgrade.md -# * https://download.seafile.com/published/seafile-manual/changelog/server-changelog.md - - - -nomad start seafile.hcl -``` - -when upgrading, change the command on start diff --git a/app/build/seafile/seadocker b/app/build/seafile/seadocker deleted file mode 100755 index 5b5982b..0000000 --- a/app/build/seafile/seadocker +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -/srv/webstore/seafile-server/seafile.sh start -/srv/webstore/seafile-server/seahub.sh start -tail -f /srv/webstore/logs/* diff --git a/app/build/seafile/seaenv b/app/build/seafile/seaenv deleted file mode 100755 index 3b0e0bb..0000000 --- a/app/build/seafile/seaenv +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -chown seauser /srv/webstore -chown seauser -R /srv/webstore/ccnet -chown seauser -R /srv/webstore/conf - -runuser -u seauser -- "$@" diff --git a/app/build/sogo/Dockerfile b/app/build/sogo/Dockerfile deleted file mode 100644 index 46880dd..0000000 --- a/app/build/sogo/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -#FROM amd64/debian:stretch as builder - -FROM amd64/debian:buster - -RUN mkdir ~/.gnupg && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf - -RUN apt-get update && \ - apt-get install -y apt-transport-https gnupg2 sudo nginx && \ - rm -rf /etc/nginx/sites-enabled/* && \ - apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 && \ - echo "deb http://packages.inverse.ca/SOGo/nightly/5/debian/ buster buster" > /etc/apt/sources.list.d/sogo.list && \ - apt-get update && \ - apt-get install -y sogo sogo-activesync sope4.9-gdl1-postgresql postgresql-client - -COPY sogo.nginx.conf /etc/nginx/sites-enabled/sogo.conf -COPY entrypoint /usr/sbin/entrypoint -ENTRYPOINT ["/usr/sbin/entrypoint"] diff --git a/app/build/sogo/README.md b/app/build/sogo/README.md deleted file mode 100644 index ea12245..0000000 --- a/app/build/sogo/README.md +++ /dev/null @@ -1,20 +0,0 @@ -``` -docker build -t superboum/amd64_sogo:v6 . - -# privileged is only for debug -docker run --rm -ti \ - --privileged \ - -p 8080:8080 \ - -v /tmp/sogo/log:/var/log/sogo \ - -v /tmp/sogo/run:/var/run/sogo \ - -v /tmp/sogo/spool:/var/spool/sogo \ - -v /tmp/sogo/tmp:/tmp \ - -v `pwd`/sogo:/etc/sogo:ro \ - superboum/amd64_sogo:v1 -``` - -Password must be url encoded in sogo.conf for postgres -Will need a nginx instance: http://wiki.sogo.nu/nginxSettings - -Might (or might not) be needed: -traefik.frontend.headers.customRequestHeaders=x-webobjects-server-port:443||x-webobjects-server-name=sogo.deuxfleurs.fr||x-webobjects-server-url:https://sogo.deuxfleurs.fr diff --git a/app/build/sogo/entrypoint b/app/build/sogo/entrypoint deleted file mode 100755 index 8b39def..0000000 --- a/app/build/sogo/entrypoint +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -mkdir -p /var/log/sogo -mkdir -p /var/run/sogo -mkdir -p /var/spool/sogo -chown sogo /var/log/sogo -chown sogo /var/run/sogo -chown sogo /var/spool/sogo - -nginx -g 'daemon on; master_process on;' -sudo -u sogo memcached -d -sudo -u sogo sogod -sleep 10 -tail -n200 -f /var/log/sogo/sogo.log diff --git a/app/build/sogo/sogo.nginx.conf b/app/build/sogo/sogo.nginx.conf deleted file mode 100644 index ad920a5..0000000 --- a/app/build/sogo/sogo.nginx.conf +++ /dev/null @@ -1,83 +0,0 @@ -server { - listen 8080; - server_name default_server; - root /usr/lib/GNUstep/SOGo/WebServerResources/; - - ## requirement to create new calendars in Thunderbird ## - proxy_http_version 1.1; - - # Message size limit - client_max_body_size 50m; - client_body_buffer_size 128k; - - location = / { - rewrite ^ '/SOGo'; - allow all; - } - - location = /principals/ { - rewrite ^ '/SOGo/dav'; - allow all; - } - - location ^~/SOGo { - proxy_pass 'http://127.0.0.1:20000'; - proxy_redirect 'http://127.0.0.1:20000' default; - # forward user's IP address - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_set_header x-webobjects-server-protocol HTTP/1.0; - proxy_set_header x-webobjects-remote-host 127.0.0.1; - proxy_set_header x-webobjects-server-name $server_name; - proxy_set_header x-webobjects-server-url $scheme://$host; - proxy_set_header x-webobjects-server-port $server_port; - proxy_connect_timeout 90; - proxy_send_timeout 90; - proxy_read_timeout 90; - proxy_buffer_size 4k; - proxy_buffers 4 32k; - proxy_busy_buffers_size 64k; - proxy_temp_file_write_size 64k; - break; - } - - location /SOGo.woa/WebServerResources/ { - alias /usr/lib/GNUstep/SOGo/WebServerResources/; - allow all; - expires max; - } - - location /SOGo/WebServerResources/ { - alias /usr/lib/GNUstep/SOGo/WebServerResources/; - allow all; - expires max; - } - - location (^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$) { - alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; - expires max; - } - - location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) { - alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; - expires max; - } - - location ^~ /Microsoft-Server-ActiveSync { - access_log /var/log/nginx/activesync.log; - error_log /var/log/nginx/activesync-error.log; - - proxy_connect_timeout 75; - proxy_send_timeout 3600; - proxy_read_timeout 3600; - proxy_buffers 64 256k; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync; - proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /; - } -} diff --git a/app/build/static/Dockerfile b/app/build/static/Dockerfile deleted file mode 100644 index cdba59a..0000000 --- a/app/build/static/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM golang:1.11.1-stretch as builder - -COPY ./goStatic /goStatic -WORKDIR /goStatic -RUN CGO_ENABLED=0 go build -a -o web-server . - -FROM scratch -COPY --from=builder /goStatic/web-server / -ENTRYPOINT ["/web-server"] diff --git a/app/build/static/README.md b/app/build/static/README.md deleted file mode 100644 index d50390c..0000000 --- a/app/build/static/README.md +++ /dev/null @@ -1,5 +0,0 @@ - -``` -sudo docker build -t superboum/amd64_webserver:v3 . -sudo docker push superboum/amd64_webserver:v3 -``` diff --git a/app/build/static/goStatic b/app/build/static/goStatic deleted file mode 160000 -Subproject 3f97f57aaee09a142afe3ca0f1a5d51acd85643 diff --git a/app/build/webpull/.gitignore b/app/build/webpull/.gitignore deleted file mode 100644 index ba2906d..0000000 --- a/app/build/webpull/.gitignore +++ /dev/null @@ -1 +0,0 @@ -main diff --git a/app/build/webpull/Dockerfile.nodejs b/app/build/webpull/Dockerfile.nodejs deleted file mode 100644 index acc7e74..0000000 --- a/app/build/webpull/Dockerfile.nodejs +++ /dev/null @@ -1,9 +0,0 @@ -FROM node:13.8-buster - -RUN apt-get update && \ - apt-get install -y git - -COPY ./main /srv/httpd -WORKDIR /srv -CMD ["/srv/httpd"] - diff --git a/app/build/webpull/Dockerfile.ruby b/app/build/webpull/Dockerfile.ruby deleted file mode 100644 index 7578cca..0000000 --- a/app/build/webpull/Dockerfile.ruby +++ /dev/null @@ -1,12 +0,0 @@ -FROM fedora:32 - -ENV LC_ALL=C.UTF-8 -ENV LANG=C.UTF-8 -ENV LANGUAGE=en_US.UTF-8 -ENV RUBYOPT --disable-did_you_mean - -RUN dnf install -y git ruby ruby-devel rubygems rubygem-bundler @development-tools redhat-rpm-config gcc-c++ zlib-devel - -COPY ./main /srv/httpd -WORKDIR /srv -CMD ["/srv/httpd"] diff --git a/app/build/webpull/README.md b/app/build/webpull/README.md deleted file mode 100644 index 5d17d17..0000000 --- a/app/build/webpull/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# webpull - -Webpull allows you to update your live website without deploying a new docker container but by simply calling an URL - -You need to specify a secret token at boot: - -``` -WEBPULL_TOKEN=s3cr3et ./webpull -``` - -## Node.js version - -``` -go build ./main.go -sudo docker build -f ./Dockerfile.nodejs -t superboum/amd64_webpull_pug:v1 . -``` - -## Ruby version - -``` -go build ./main.go -sudo docker build -f ./Dockerfile.ruby -t superboum/amd64_webpull_ruby:v1 . -``` diff --git a/app/build/webpull/main.go b/app/build/webpull/main.go deleted file mode 100644 index 46c90b9..0000000 --- a/app/build/webpull/main.go +++ /dev/null @@ -1,100 +0,0 @@ -package main - -import ( - "fmt" - "errors" - "io" - "os/exec" - "os" - "log" - "net/http" - "strings" -) - -func myexec(w io.Writer, main string, params ...string) error { - cmd := exec.Command(main, params...) - cmd.Stdout = w - cmd.Stderr = w - err := cmd.Run() - if err != nil { - fmt.Fprintf(w, "Failed to run: %s %s\n", main, strings.Join(params, " ")) - } - return err -} - -func update(w io.Writer) error { - fmt.Fprintf(w, "Start update...\n") - _, err := os.Stat("./.git") - if err != nil { - fmt.Fprintf(w, ".git folder does not exist, creating it...\n") - err := myexec(w, "git", "init") - if err != nil { - return err - } - } - - err = myexec(w, "git", "remote", "get-url", "origin") - if err != nil { - repo, exists := os.LookupEnv("WEBPULL_REPO") - if !exists { - fmt.Fprintf(w, "You must define WEBPULL_REPO env variable...\n") - return errors.New("Missing environment variable WEBPULL_REPO") - } - fmt.Fprintf(w, "git remote is not yet set...\n") - err := myexec(w, "git", "remote", "add", "origin", repo) - if err != nil { - return err - } - } - - err = myexec(w, "git", "pull", "origin", "master") - if err != nil { - fmt.Fprintf(w, "Failed to pull...\n") - return err - } - - _, err = os.Stat("./.webpull") - if err != nil { - fmt.Fprintf(w, "You must create an executable file named '.webpull' at the root of your repository.\nIf you have nothing to run, just create an empty bash script...\n") - return err - } - - err = myexec(w, "./.webpull") - if err != nil { - fmt.Fprintf(w, "An error occured during script execution\n") - return err - } - - fmt.Fprintf(w, "Success.\n") - return nil -} - -func main() { - token, exists := os.LookupEnv("WEBPULL_TOKEN") - if !exists { - log.Fatal("Environment variable 'WEBPULL_TOKEN' must be defined") - } - - if update(os.Stdout) != nil { - log.Fatal("Initial 'update' failed") - } - - fs := http.FileServer(http.Dir("./static")) - http.HandleFunc("/update", func(w http.ResponseWriter, r *http.Request) { - keys, ok := r.URL.Query()["token"] - if !ok || len(keys[0]) < 1 { - http.Error(w, "Missing 'token' query parameter", 401) - return - } - - if keys[0] != token { - http.Error(w, "Wrong token", 401) - return - } - - update(w) - }) - http.Handle("/", fs) - - log.Fatal(http.ListenAndServe(":8080", nil)) -} |