YunoHost-Apps/galene_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/galene_ynh.git synced 2024-09-03 18:36:31 +02:00
Code Issues Activity Actions

Add coturn server

Browse source
This commit is contained in:
ericgaspar 2021-01-12 15:44:47 +01:00
parent c884499dfa
commit d3ec02497a
No known key found for this signature in database
GPG key ID: 574F281483054D44
6 changed files with 318 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
conf/coturn-galene.service Normal file
View file

@ -0,0 +1,27 @@
[Unit]
Description=coturn
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=syslog.target network.target
[Service]
User=turnserver
Group=turnserver
Type=forking
EnvironmentFile=/etc/default/coturn-__APP__
PIDFile=/run/coturn-__APP__/turnserver.pid
RuntimeDirectory=coturn-__APP__
RuntimeDirectoryMode=0755
ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS
ExecStopPost=/bin/rm -f /run/coturn-__APP__/turnserver.pid
Restart=on-abort
LimitCORE=infinity
LimitNOFILE=999999
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
CPUSchedulingPolicy=other
UMask=0007
[Install]
WantedBy=multi-user.target

5
conf/coturn/default_coturn Normal file
View file

@ -0,0 +1,5 @@
#
# Uncomment it if you want to have the turnserver running as
# an automatic system service daemon
#
TURNSERVER_ENABLED=1

28
conf/coturn/turnserver.conf Normal file
View file

@ -0,0 +1,28 @@
lt-cred-mech
use-auth-secret
static-auth-secret=__TURNPWD__
realm=__DOMAIN__
tls-listening-port=__TLS_PORT__
alt-tls-listening-port=__TLS_ALT_PORT__
min-port=49153
max-port=49193
cli-port=__CLI_PORT__
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
dh-file=/etc/ssl/private/dh2048.pem
no-sslv2
no-sslv3
no-tlsv1
no-tlsv1_1
no-loopback-peers
no-multicast-peers
no-cli
log-file=/var/log/matrix-__APP__/turnserver.log
pidfile=/run/coturn-__APP__/turnserver.pid
simple-log

139
scripts/_common.sh
View file

@ -15,6 +15,145 @@ pkg_dependencies="coturn"
# EXPERIMENTAL HELPERS
#=================================================
# Send an email to inform the administrator
#
# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
# | arg: -m --app_message= - The file with the content to send to the administrator.
# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
# example: "root admin@domain"
# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
# example: "root admin@domain user1 user2"
# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
ynh_send_readme_to_admin() {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
local app_message
local recipients
local type
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
app_message="${app_message:-}"
recipients="${recipients:-root}"
type="${type:-install}"
# Get the value of admin_mail_html
admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
admin_mail_html="${admin_mail_html:-0}"
# Retrieve the email of users
find_mails () {
local list_mails="$1"
local mail
local recipients=" "
# Read each mail in argument
for mail in $list_mails
do
# Keep root or a real email address as it is
if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
then
recipients="$recipients $mail"
else
# But replace an user name without a domain after by its email
if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
then
recipients="$recipients $mail"
fi
fi
done
echo "$recipients"
}
recipients=$(find_mails "$recipients")
# Subject base
local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
# Adapt the subject according to the type of mail required.
if [ "$type" = "backup" ]; then
mail_subject="$mail_subject has just been backup."
elif [ "$type" = "change_url" ]; then
mail_subject="$mail_subject has just been moved to a new URL!"
elif [ "$type" = "remove" ]; then
mail_subject="$mail_subject has just been removed!"
elif [ "$type" = "restore" ]; then
mail_subject="$mail_subject has just been restored!"
elif [ "$type" = "upgrade" ]; then
mail_subject="$mail_subject has just been upgraded!"
else # install
mail_subject="$mail_subject has just been installed!"
fi
local mail_message="This is an automated message from your beloved YunoHost server.
Specific information for the application $app.
$(if [ -n "$app_message" ]
then
cat "$app_message"
else
echo "...No specific information..."
fi)
---
Automatic diagnosis data from YunoHost
__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__"
# Store the message into a file for further modifications.
echo "$mail_message" > mail_to_send
# If a html email is required. Apply html tags to the message.
if [ "$admin_mail_html" -eq 1 ]
then
# Insert 'br' tags at each ending of lines.
ynh_replace_string "$" "<br>" mail_to_send
# Insert starting HTML tags
sed --in-place '1s@^@<!DOCTYPE html>\n<html>\n<head></head>\n<body>\n@' mail_to_send
# Keep tabulations
ynh_replace_string " " "\&#160;\&#160;" mail_to_send
ynh_replace_string "\t" "\&#160;\&#160;" mail_to_send
# Insert url links tags
ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "<a href=\"\2\">\1</a>" mail_to_send
# Insert pre tags
ynh_replace_string "__PRE_TAG1__" "<pre>" mail_to_send
ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
# Insert finishing HTML tags
echo -e "\n</body>\n</html>" >> mail_to_send
# Otherwise, remove tags to keep a plain text.
else
# Remove URL tags
ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
ynh_replace_string "__URL_TAG2__" ": " mail_to_send
# Remove PRE tags
ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
fi
# Define binary to use for mail command
if [ -e /usr/bin/bsd-mailx ]
then
local mail_bin=/usr/bin/bsd-mailx
else
local mail_bin=/usr/bin/mail.mailutils
fi
if [ "$admin_mail_html" -eq 1 ]
then
content_type="text/html"
else
content_type="text/plain"
fi
# Send the email to the recipients
cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
}
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

98
scripts/install
View file

@ -64,17 +64,29 @@ ynh_script_progression --message="Finding an available port..." --weight=3
# Find an available port
port=$(ynh_find_port --port=8443)
turnserver_tls_port=$(ynh_find_port --port=5349)
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port --port=5766)
ynh_app_setting_set --app=$app --key=port --value=$port
# Open the port
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
# Store opened ports
ynh_app_setting_set --app=$app --key=port --value=$port
ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
#ynh_script_progression --message="Installing dependencies..." --time --weight=1
ynh_script_progression --message="Installing dependencies..." --weight=5
#ynh_install_app_dependencies $pkg_dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -119,6 +131,10 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
# Create a dedicated systemd config
ynh_add_systemd_config
# Create systemd service for turnserver
cp ../conf/coturn/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config --service=coturn-$app --template=coturn-galene.service
#=================================================
# MODIFY A CONFIG FILE
#=================================================
@ -141,6 +157,67 @@ ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --
ynh_store_file_checksum --file="$final_path/data/passwd"
ynh_store_file_checksum --file="$final_path/groups/$group_name.json"
#=================================================
# SET COTURN CONFIG
#=================================================
ynh_script_progression --message="Configuring coturn..." --weight=1
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
# Find password for turnserver
ynh_print_OFF
turnserver_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
ynh_print_ON
coturn_config_path="/etc/$app/coturn.conf"
cp ../conf/coturn/turnserver.conf "$coturn_config_path"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_print_ON
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
echo "external-ip=$public_ip4" >> "$coturn_config_path"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
echo "external-ip=$public_ip6" >> "$coturn_config_path"
fi
ynh_store_file_checksum --file="$coturn_config_path"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
ynh_use_logrotate --logfile "/var/log/$app"
#=================================================
# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -150,14 +227,9 @@ ynh_store_file_checksum --file="$final_path/groups/$group_name.json"
# Set permissions to app files
chown -R $app: $final_path
chmod -R 755 $final_path
#=================================================
# SETUP LOGROTATE
#=================================================
#ynh_script_progression --message="Configuring log rotation..." --time --weight=1
# Use logrotate to manage application logfile(s)
#ynh_use_logrotate
chmod 770 $final_path/Coturn_config_rotate.sh
setfacl -R -m user:turnserver:rX /etc/$app
setfacl -R -m user:turnserver:rwX /var/log/$app
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
@ -165,6 +237,7 @@ chmod -R 755 $final_path
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# START SYSTEMD SERVICE
@ -172,7 +245,8 @@ yunohost service add $app --description="Videoconferencing server" --log="/var/l
ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
#=================================================
# SETUP SSOWAT

33
sources/Coturn_config_rotate.sh Normal file
View file

@ -0,0 +1,33 @@
#!/bin/bash
app_instance=__APP__
source /usr/share/yunohost/helpers
external_IP_line="external-ip=__IPV4__,__IPV6__"
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
echo "external-ip=$public_ip4" >> "$coturn_config_path"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
echo "external-ip=$public_ip6" >> "$coturn_config_path"
fi
old_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf")
ynh_replace_string "^external-ip=.*\$" "$external_IP_line" "/etc/matrix-$app_instance/coturn.conf"
new_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf")
setfacl -R -m user:turnserver:rX /etc/matrix-$app_instance
if [ "$old_config_line" != "$new_config_line" ]
then
systemctl restart coturn-$app_instance.service
fi
exit 0