From a51291b85147cc15288700092f39a0470c7f7270 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 31 Mar 2020 19:47:39 +0200 Subject: [PATCH 01/57] Closing port_component --- scripts/install | 2 -- scripts/restore | 1 - scripts/upgrade | 7 +++++++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 1c9d80b..6a22c62 100644 --- a/scripts/install +++ b/scripts/install @@ -83,8 +83,6 @@ ynh_app_setting_set --app=$app --key=port_videobridge --value=$port_videobridge # Find an available port port_component=$(ynh_find_port --port=5347) -# Open this port -ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component ynh_app_setting_set --app=$app --key=port_component --value=$port_component #================================================= diff --git a/scripts/restore b/scripts/restore index 8a1a456..a97c086 100644 --- a/scripts/restore +++ b/scripts/restore @@ -101,7 +101,6 @@ ynh_print_info --message="Configuring firewall..." # Open this port ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge -ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component #================================================= # CONFIGURE METRONOME diff --git a/scripts/upgrade b/scripts/upgrade index d39c65a..0219936 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -67,6 +67,13 @@ if ynh_version_gt "1.0.3387~ynh2" "${current_version}" ; then yunohost tools regen-conf metronome fi +# Closing port_component +if yunohost firewall list | grep -q "\- $port_component$" +then + ynh_print_info --message="Closing port $port_component..." + ynh_exec_warn_less yunohost firewall disallow TCP $port_component +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= From 85b304790e9f6646c5c2e4ed2ef1eea1e0feafe5 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 31 Mar 2020 19:56:56 +0200 Subject: [PATCH 02/57] managing behind a nat --- conf/sip-communicator.properties | 2 ++ scripts/install | 5 +++++ scripts/upgrade | 5 +++++ 3 files changed, 12 insertions(+) diff --git a/conf/sip-communicator.properties b/conf/sip-communicator.properties index 24cf4ef..2f19f54 100644 --- a/conf/sip-communicator.properties +++ b/conf/sip-communicator.properties @@ -1,2 +1,4 @@ org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__ +org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=__PRIVATE_IPV4__ +org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=__PUBLIC_IPV4__ diff --git a/scripts/install b/scripts/install index 6a22c62..32c231c 100644 --- a/scripts/install +++ b/scripts/install @@ -171,9 +171,14 @@ ynh_systemd_action --service_name=metronome --action=restart #================================================= ynh_print_info --message="Building Jitsi-Videobridge..." +public_ipv4="$(curl ip.yunohost.org)" || true +private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true + mkdir -p "$final_path/.sip-communicator" cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-communicator.properties" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/.sip-communicator/sip-communicator.properties" +ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$final_path/.sip-communicator/sip-communicator.properties" +ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$final_path/.sip-communicator/sip-communicator.properties" chown -R $app: $final_path #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 0219936..28f2e3a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -147,9 +147,14 @@ ynh_print_info --message="Building Jitsi-Videobridge..." if [ "$upgrade_type" == "UPGRADE_APP" ] then + public_ipv4="$(curl ip.yunohost.org)" || true + private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true + mkdir -p "$final_path/.sip-communicator" cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-communicator.properties" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/.sip-communicator/sip-communicator.properties" + ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$final_path/.sip-communicator/sip-communicator.properties" + ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$final_path/.sip-communicator/sip-communicator.properties" chown -R $app: $final_path fi From 28a9c22b67f7e323818a2653df3781c3b06a2839 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 10 Apr 2020 05:21:33 +0200 Subject: [PATCH 03/57] switching to .deb --- conf/config.js | 536 ++++++++++++++++- conf/jicofo.src | 7 + conf/jitsi-jicofo.service | 4 +- conf/jitsi-jicofo.src | 6 - conf/jitsi-meet-prosody.src | 7 + conf/{jitsi-meet.src => jitsi-meet-web.src} | 4 +- conf/jitsi-videobridge.service | 2 +- conf/jitsi-videobridge.src | 9 +- conf/metronome.cfg.lua | 62 +- conf/mod_carbons.lua | 119 ---- conf/mod_http_altconnect.lua | 59 -- conf/mod_smacks.lua | 613 -------------------- conf/nginx.conf | 85 ++- conf/sip-communicator.properties | 13 + manifest.json | 2 +- scripts/backup | 8 - scripts/install | 96 ++- scripts/remove | 23 +- scripts/restore | 18 +- scripts/upgrade | 40 +- 20 files changed, 766 insertions(+), 947 deletions(-) create mode 100644 conf/jicofo.src delete mode 100644 conf/jitsi-jicofo.src create mode 100644 conf/jitsi-meet-prosody.src rename conf/{jitsi-meet.src => jitsi-meet-web.src} (67%) delete mode 100644 conf/mod_carbons.lua delete mode 100644 conf/mod_http_altconnect.lua delete mode 100644 conf/mod_smacks.lua diff --git a/conf/config.js b/conf/config.js index 349a852..9c31d6b 100644 --- a/conf/config.js +++ b/conf/config.js @@ -1,12 +1,532 @@ +/* eslint-disable no-unused-vars, no-var */ + var config = { + // Connection + // + hosts: { + // XMPP domain. domain: '__DOMAIN__', - muc: 'conference.__DOMAIN__', - bridge: 'jitsi-videobridge.__DOMAIN__', - focus: 'focus.__DOMAIN__' + + // When using authentication, domain for guest users. + // anonymousdomain: 'guest.example.com', + + // Domain for authenticated users. Defaults to . + // authdomain: '__DOMAIN__', + + // Jirecon recording component domain. + // jirecon: 'jirecon.__DOMAIN__', + + // Call control component (Jigasi). + // call_control: 'callcontrol.__DOMAIN__', + + // Focus component domain. Defaults to focus.. + // focus: 'focus.__DOMAIN__', + + // XMPP MUC domain. FIXME: use XEP-0030 to discover it. + muc: 'conference.__DOMAIN__' }, - useNicks: false, - bosh: '//__DOMAIN__/http-bind', // FIXME: use xep-0156 for that - //chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension - //minChromeExtVersion: '0.1' // Required version of Chrome extension -}; \ No newline at end of file + + // BOSH URL. FIXME: use XEP-0156 to discover it. + bosh: '//__DOMAIN__/http-bind', + + // Websocket URL + // websocket: 'wss://__DOMAIN__/xmpp-websocket', + + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + + // The real JID of focus participant - can be overridden here + // focusUserJid: 'focus@auth.__DOMAIN__', + + + // Testing / experimental features. + // + + testing: { + // Enables experimental simulcast support on Firefox. + enableFirefoxSimulcast: false, + + // P2P test mode disables automatic switching to P2P when there are 2 + // participants in the conference. + p2pTestMode: false + + // Enables the test specific features consumed by jitsi-meet-torture + // testMode: false + + // Disables the auto-play behavior of *all* newly created video element. + // This is useful when the client runs on a host with limited resources. + // noAutoPlayVideo: false + }, + + // Disables ICE/UDP by filtering out local and remote UDP candidates in + // signalling. + // webrtcIceUdpDisable: false, + + // Disables ICE/TCP by filtering out local and remote TCP candidates in + // signalling. + // webrtcIceTcpDisable: false, + + + // Media + // + + // Audio + + // Disable measuring of audio levels. + // disableAudioLevels: false, + // audioLevelsInterval: 200, + + // Enabling this will run the lib-jitsi-meet no audio detection module which + // will notify the user if the current selected microphone has no audio + // input and will suggest another valid device if one is present. + enableNoAudioDetection: true, + + // Enabling this will run the lib-jitsi-meet noise detection module which will + // notify the user if there is noise, other than voice, coming from the current + // selected microphone. The purpose it to let the user know that the input could + // be potentially unpleasant for other meeting participants. + enableNoisyMicDetection: true, + + // Start the conference in audio only mode (no video is being received nor + // sent). + // startAudioOnly: false, + + // Every participant after the Nth will start audio muted. + // startAudioMuted: 10, + + // Start calls with audio muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithAudioMuted: false, + + // Enabling it (with #params) will disable local audio output of remote + // participants and to enable it back a reload is needed. + // startSilent: false + + // Video + + // Sets the preferred resolution (height) for local video. Defaults to 720. + // resolution: 720, + + // w3c spec-compliant video constraints to use for video capture. Currently + // used by browsers that return true from lib-jitsi-meet's + // util#browser#usesNewGumFlow. The constraints are independent from + // this config's resolution value. Defaults to requesting an ideal aspect + // ratio of 16:9 with an ideal resolution of 720. + // constraints: { + // video: { + // aspectRatio: 16 / 9, + // height: { + // ideal: 720, + // max: 720, + // min: 240 + // } + // } + // }, + + // Enable / disable simulcast support. + // disableSimulcast: false, + + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. + // enableLayerSuspension: false, + + // Every participant after the Nth will start video muted. + // startVideoMuted: 10, + + // Start calls with video muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithVideoMuted: false, + + // If set to true, prefer to use the H.264 video codec (if supported). + // Note that it's not recommended to do this because simulcast is not + // supported when using H.264. For 1-to-1 calls this setting is enabled by + // default and can be toggled in the p2p section. + // preferH264: true, + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // Desktop sharing + + // The ID of the jidesha extension for Chrome. + desktopSharingChromeExtId: null, + + // Whether desktop sharing should be disabled on Chrome. + // desktopSharingChromeDisabled: false, + + // The media sources to use when using screen sharing with the Chrome + // extension. + desktopSharingChromeSources: [ 'screen', 'window', 'tab' ], + + // Required version of Chrome extension + desktopSharingChromeMinExtVersion: '0.1', + + // Whether desktop sharing should be disabled on Firefox. + // desktopSharingFirefoxDisabled: false, + + // Optional desktop sharing frame rate options. Default value: min:5, max:5. + // desktopSharingFrameRate: { + // min: 5, + // max: 5 + // }, + + // Try to start calls with screen-sharing instead of camera video. + // startScreenSharing: false, + + // Recording + + // Whether to enable file recording or not. + // fileRecordingsEnabled: false, + // Enable the dropbox integration. + // dropbox: { + // appKey: '' // Specify your app key here. + // // A URL to redirect the user to, after authenticating + // // by default uses: + // // 'https://__DOMAIN__/static/oauth.html' + // redirectURI: + // 'https://__DOMAIN__/subfolder/static/oauth.html' + // }, + // When integrations like dropbox are enabled only that will be shown, + // by enabling fileRecordingsServiceEnabled, we show both the integrations + // and the generic recording service (its configuration and storage type + // depends on jibri configuration) + // fileRecordingsServiceEnabled: false, + // Whether to show the possibility to share file recording with other people + // (e.g. meeting participants), based on the actual implementation + // on the backend. + // fileRecordingsServiceSharingEnabled: false, + + // Whether to enable live streaming or not. + // liveStreamingEnabled: false, + + // Transcription (in interface_config, + // subtitles and buttons can be configured) + // transcribingEnabled: false, + + // Enables automatic turning on captions when recording is started + // autoCaptionOnRecord: false, + + // Misc + + // Default value for the channel "last N" attribute. -1 for unlimited. + channelLastN: -1, + + // Disables or enables RTX (RFC 4588) (defaults to false). + // disableRtx: false, + + // Disables or enables TCC (the default is in Jicofo and set to true) + // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting + // affects congestion control, it practically enables send-side bandwidth + // estimations. + // enableTcc: true, + + // Disables or enables REMB (the default is in Jicofo and set to false) + // (draft-alvestrand-rmcat-remb-03). This setting affects congestion + // control, it practically enables recv-side bandwidth estimations. When + // both TCC and REMB are enabled, TCC takes precedence. When both are + // disabled, then bandwidth estimations are disabled. + // enableRemb: false, + + // Defines the minimum number of participants to start a call (the default + // is set in Jicofo and set to 2). + // minParticipants: 2, + + // Use XEP-0215 to fetch STUN and TURN servers. + // useStunTurn: true, + + // Enable IPv6 support. + // useIPv6: true, + + // Enables / disables a data communication channel with the Videobridge. + // Values can be 'datachannel', 'websocket', true (treat it as + // 'datachannel'), undefined (treat it as 'datachannel') and false (don't + // open any channel). + // openBridgeChannel: true, + + + // UI + // + + // Use display name as XMPP nickname. + // useNicks: false, + + // Require users to always specify a display name. + // requireDisplayName: true, + + // Whether to use a welcome page or not. In case it's false a random room + // will be joined when no room is specified. + enableWelcomePage: true, + + // Enabling the close page will ignore the welcome page redirection when + // a call is hangup. + // enableClosePage: false, + + // Disable hiding of remote thumbnails when in a 1-on-1 conference call. + // disable1On1Mode: false, + + // Default language for the user interface. + // defaultLanguage: 'en', + + // If true all users without a token will be considered guests and all users + // with token will be considered non-guests. Only guests will be allowed to + // edit their profile. + enableUserRolesBasedOnToken: false, + + // Whether or not some features are checked based on token. + // enableFeaturesBasedOnToken: false, + + // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests. + // lockRoomGuestEnabled: false, + + // When enabled the password used for locking a room is restricted to up to the number of digits specified + // roomPasswordNumberOfDigits: 10, + // default: roomPasswordNumberOfDigits: false, + + // Message to show the users. Example: 'The service will be down for + // maintenance at 01:00 AM GMT, + // noticeMessage: '', + + // Enables calendar integration, depends on googleApiApplicationClientID + // and microsoftApiApplicationClientID + // enableCalendarIntegration: false, + + // Stats + // + + // Whether to enable stats collection or not in the TraceablePeerConnection. + // This can be useful for debugging purposes (post-processing/analysis of + // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth + // estimation tests. + // gatherStats: false, + + // The interval at which PeerConnection.getStats() is called. Defaults to 10000 + // pcStatsInterval: 10000, + + // To enable sending statistics to callstats.io you must provide the + // Application ID and Secret. + // callStatsID: '', + // callStatsSecret: '', + + // enables sending participants display name to callstats + // enableDisplayNameInStats: false, + + // enables sending participants email if available to callstats and other analytics + // enableEmailInStats: false, + + // Privacy + // + + // If third party requests are disabled, no other server will be contacted. + // This means avatars will be locally generated and callstats integration + // will not function. + // disableThirdPartyRequests: false, + + + // Peer-To-Peer mode: used (if enabled) when there are just 2 participants. + // + + p2p: { + // Enables peer to peer mode. When enabled the system will try to + // establish a direct connection when there are exactly 2 participants + // in the room. If that succeeds the conference will stop sending data + // through the JVB and use the peer to peer connection instead. When a + // 3rd participant joins the conference will be moved back to the JVB + // connection. + enabled: true, + + // Use XEP-0215 to fetch STUN and TURN servers. + // useStunTurn: true, + + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + // { urls: 'stun:__DOMAIN__:443' }, + { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } + ], + + // Sets the ICE transport policy for the p2p connection. At the time + // of this writing the list of possible values are 'all' and 'relay', + // but that is subject to change in the future. The enum is defined in + // the WebRTC standard: + // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum. + // If not set, the effective value is 'all'. + // iceTransportPolicy: 'all', + + // If set to true, it will prefer to use H.264 for P2P calls (if H.264 + // is supported). + preferH264: true + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // How long we're going to wait, before going back to P2P after the 3rd + // participant has left the conference (to filter out page reload). + // backToP2PDelay: 5 + }, + + analytics: { + // The Google Analytics Tracking ID: + // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' + + // The Amplitude APP Key: + // amplitudeAPPKey: '' + + // Array of script URLs to load as lib-jitsi-meet "analytics handlers". + // scriptURLs: [ + // "libs/analytics-ga.min.js", // google-analytics + // "https://example.com/my-custom-analytics.js" + // ], + }, + + // Information about the jitsi-meet instance we are connecting to, including + // the user region as seen by the server. + deploymentInfo: { + // shard: "shard1", + // region: "europe", + // userRegion: "asia" + }, + + // Decides whether the start/stop recording audio notifications should play on record. + // disableRecordAudioNotification: false, + + // Information for the chrome extension banner + // chromeExtensionBanner: { + // // The chrome extension to be installed address + // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', + + // // Extensions info which allows checking if they are installed or not + // chromeExtensionsInfo: [ + // { + // id: 'kglhbbefdnlheedjiejgomgmfplipfeb', + // path: 'jitsi-logo-48x48.png' + // } + // ] + // }, + + // Local Recording + // + + // localRecording: { + // Enables local recording. + // Additionally, 'localrecording' (all lowercase) needs to be added to + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. + // + // enabled: true, + // + + // The recording format, can be one of 'ogg', 'flac' or 'wav'. + // format: 'flac' + // + + // }, + + // Options related to end-to-end (participant to participant) ping. + // e2eping: { + // // The interval in milliseconds at which pings will be sent. + // // Defaults to 10000, set to <= 0 to disable. + // pingInterval: 10000, + // + // // The interval in milliseconds at which analytics events + // // with the measured RTT will be sent. Defaults to 60000, set + // // to <= 0 to disable. + // analyticsInterval: 60000, + // }, + + // If set, will attempt to use the provided video input device label when + // triggering a screenshare, instead of proceeding through the normal flow + // for obtaining a desktop stream. + // NOTE: This option is experimental and is currently intended for internal + // use only. + // _desktopSharingSourceDevice: 'sample-id-or-label', + + // If true, any checks to handoff to another application will be prevented + // and instead the app will continue to display in the current browser. + // disableDeepLinking: false, + + // A property to disable the right click context menu for localVideo + // the menu has option to flip the locally seen video for local presentations + // disableLocalVideoFlip: false, + + // Deployment specific URLs. + // deploymentUrls: { + // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for + // // user documentation. + // userDocumentationURL: 'https://docs.example.com/video-meetings.html', + // // If specified a 'Download our apps' button will be displayed in the overflow menu with a link + // // to the specified URL for an app download page. + // downloadAppsUrl: 'https://docs.example.com/our-apps.html' + // }, + + // Options related to the remote participant menu. + // remoteVideoMenu: { + // // If set to true the 'Kick out' button will be disabled. + // disableKick: true + // }, + + // If set to true all muting operations of remote participants will be disabled. + // disableRemoteMute: true, + + // List of undocumented settings used in jitsi-meet + /** + _immediateReloadThreshold + autoRecord + autoRecordToken + debug + debugAudioLevels + deploymentInfo + dialInConfCodeUrl + dialInNumbersUrl + dialOutAuthUrl + dialOutCodesUrl + disableRemoteControl + displayJids + etherpad_base + externalConnectUrl + firefox_fake_device + googleApiApplicationClientID + iAmRecorder + iAmSipGateway + microsoftApiApplicationClientID + peopleSearchQueryTypes + peopleSearchUrl + requireDisplayName + tokenAuthUrl + */ + + // List of undocumented settings used in lib-jitsi-meet + /** + _peerConnStatusOutOfLastNTimeout + _peerConnStatusRtcMuteTimeout + abTesting + avgRtpStatsN + callStatsConfIDNamespace + callStatsCustomScriptUrl + desktopSharingSources + disableAEC + disableAGC + disableAP + disableHPF + disableNS + enableLipSync + enableTalkWhileMuted + forceJVB121Ratio + hiddenDomain + ignoreStartMuted + nick + startBitrate + */ + + + // Allow all above example options to include a trailing comma and + // prevent fear when commenting out the last value. + makeJsonParserHappy: 'even if last key had a trailing comma' + + // no configuration value should follow this line. +}; + +/* eslint-enable no-unused-vars, no-var */ diff --git a/conf/jicofo.src b/conf/jicofo.src new file mode 100644 index 0000000..e033fc6 --- /dev/null +++ b/conf/jicofo.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-541-1_all.deb +SOURCE_SUM=be1fd88c63de46e5a4a1a314934d0b3b11bf1634fd89c62494d30a25b55c8568 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=deb +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME=jicofo.deb +SOURCE_EXTRACT=false \ No newline at end of file diff --git a/conf/jitsi-jicofo.service b/conf/jitsi-jicofo.service index 8c2d59a..d207c10 100644 --- a/conf/jitsi-jicofo.service +++ b/conf/jitsi-jicofo.service @@ -6,8 +6,8 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/jitsi-jicofo/ -ExecStart=__FINALPATH__/jitsi-jicofo/jicofo.sh --host=localhost --domain=__DOMAIN__ --secret=__FOCUS_SECRET__ --user_domain=auth.__DOMAIN__ --user_name=__FOCUS_USER__ --user_password=__FOCUS_PASSWORD__ & >> /var/log/__APP__/__APP__-jitsi-jicofo.log 2>&1 +WorkingDirectory=__FINALPATH__/jicofo/ +ExecStart=__FINALPATH__/jicofo/jicofo.sh --host=localhost --domain=__DOMAIN__ --port=__PORT_COMPONENT__ --secret=__FOCUS_SECRET__ --user_domain=auth.__DOMAIN__ --user_name=__FOCUS_USER__ --user_password=__FOCUS_PASSWORD__ & >> /var/log/__APP__/__APP__-jitsi-jicofo.log 2>&1 [Install] WantedBy=multi-user.target diff --git a/conf/jitsi-jicofo.src b/conf/jitsi-jicofo.src deleted file mode 100644 index 0f55222..0000000 --- a/conf/jitsi-jicofo.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/jitsi/jicofo/archive/517.tar.gz -SOURCE_SUM=5239a8a4c8519a9362cabf151a1bb34138ba5083d652bc2c44a397484d6ffe08 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= diff --git a/conf/jitsi-meet-prosody.src b/conf/jitsi-meet-prosody.src new file mode 100644 index 0000000..41f75ff --- /dev/null +++ b/conf/jitsi-meet-prosody.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.3969-1_all.deb +SOURCE_SUM=d5649beb69516f22122e5a40e1b50082559c23751ce982614f09509316bfb999 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=deb +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME=jitsi-meet-prosody.deb +SOURCE_EXTRACT=false diff --git a/conf/jitsi-meet.src b/conf/jitsi-meet-web.src similarity index 67% rename from conf/jitsi-meet.src rename to conf/jitsi-meet-web.src index e607ffd..bb72408 100644 --- a/conf/jitsi-meet.src +++ b/conf/jitsi-meet-web.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.3729-1_all.deb -SOURCE_SUM=067ff38ef484063db6756a1f06e3e55226a9a01b9ad60f4a2cbe7021423eece4 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.3969-1_all.deb +SOURCE_SUM=f034557b0b30b97544c271a383adb7fdc9f74e1c8ffebe4aac87c0b2460784ae SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-videobridge.service b/conf/jitsi-videobridge.service index 07bbd1d..5bed2bf 100644 --- a/conf/jitsi-videobridge.service +++ b/conf/jitsi-videobridge.service @@ -7,7 +7,7 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__/jitsi-videobridge/ -ExecStart=__FINALPATH__/jitsi-videobridge/jvb.sh --host=127.0.0.1 --domain=__DOMAIN__ --port=__PORT_COMPONENT__ --secret=__VIDEOBRIDGE_SECRET__ > /var/log/jvb.log 2>&1 +ExecStart=__FINALPATH__/jitsi-videobridge/jvb.sh --host=localhost --domain=__DOMAIN__ --port=__PORT_COMPONENT__ --secret=__VIDEOBRIDGE_SECRET__ > /var/log/jvb.log 2>&1 [Install] WantedBy=multi-user.target diff --git a/conf/jitsi-videobridge.src b/conf/jitsi-videobridge.src index 32d85cd..90f539b 100644 --- a/conf/jitsi-videobridge.src +++ b/conf/jitsi-videobridge.src @@ -1,6 +1,7 @@ -SOURCE_URL=https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-1130.zip -SOURCE_SUM=792db05e61e36d8811e7b132581b95b1022a8bf5689189e6206bc05888b54ec4 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-164-gfdce823f-1_all.deb +SOURCE_SUM=6a04a11fec7bffc74124d53d6734e599853311692b541805094af3577e2c8c58 SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=zip +SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= +SOURCE_FILENAME=jitsi-videobridge.deb +SOURCE_EXTRACT=false diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index cbb3291..5acc01c 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -19,10 +19,19 @@ -- for the server. Note that you must create the accounts separately -- (see http://prosody.im/doc/creating_accounts for info) -- Example: admins = { "user1@example.com", "user2@example.net" } -admins = { "svc__APP__focus@auth.__DOMAIN__" } daemonize = true -cross_domain_bosh = true; component_ports = { __PORT_COMPONENT__ } +plugin_paths = { "__FINAL_PATH__/jitsi-meet-prosody/" } +muc_mapper_domain_base = "__DOMAIN__"; +turncredentials_secret = "__TURN_SECRET__"; +turncredentials = { + { type = "stun", host = "__DOMAIN__", port = "443" }, + { type = "turn", host = "__DOMAIN__", port = "443", transport = "udp" }, + { type = "turns", host = "__DOMAIN__", port = "443", transport = "tcp" } +}; + +cross_domain_bosh = false; +consider_bosh_secure = true; --component_interface = "192.168.0.10" -- Enable use of libevent for better performance under high load @@ -63,26 +72,17 @@ modules_enabled = { --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 -- HTTP modules - "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" + --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" --"http_files"; -- Serve static files from a directory over HTTP -- Other specific functionality + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. --"groups"; -- Shared roster support --"announce"; -- Send announcement to all online users --"welcome"; -- Welcome users who register accounts --"watchregistrations"; -- Alert admins of registrations --"motd"; -- Send a message to users when they log in --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. - -- jitsi - "stream_management"; - "message_carbons"; - "mam"; - "lastactivity"; - "offline"; - "pubsub"; - "adhoc"; - "websocket"; - "http_altconnect"; } -- These modules are auto-loaded, but should you want @@ -139,7 +139,6 @@ allow_registration = false -- for information about using the hashed backend. -- authentication = "internal_plain" -authentication = "internal_hashed" -- Select the storage backend to use. By default Prosody uses flat files -- in its configured data directory, but it also supports more backends @@ -178,8 +177,25 @@ VirtualHost "__DOMAIN__" key = "/etc/yunohost/certs/__DOMAIN__/key.pem"; certificate = "/etc/yunohost/certs/__DOMAIN__/crt.pem"; } + speakerstats_component = "speakerstats.__DOMAIN__" + conference_duration_component = "conferenceduration.__DOMAIN__" + -- we need bosh + modules_enabled = { + "bosh"; + "pubsub"; + "ping"; -- Enable mod_ping + "speakerstats"; + "turncredentials"; + "conference_duration"; + } + c2s_require_encryption = false - c2s_require_encryption = false +Component "internal.auth.__DOMAIN__" "muc" + storage = "null" + modules_enabled = { + "ping"; + } + admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__JVB_USER__@auth.__DOMAIN__" } VirtualHost "auth.__DOMAIN__" ssl = { @@ -218,8 +234,24 @@ VirtualHost "auth.__DOMAIN__" -- component_secret = "password" Component "conference.__DOMAIN__" "muc" + storage = "null" + modules_enabled = { + -- "muc_meeting_id"; + -- "muc_domain_mapper"; + -- "token_verification"; + } + admins = { "__FOCUS_USER__@auth.__DOMAIN__" } + -- muc_room_locking = false + -- muc_room_default_public_jids = true Component "jitsi-videobridge.__DOMAIN__" component_secret = "__VIDEOBRIDGE_SECRET__" + Component "focus.__DOMAIN__" component_secret = "__FOCUS_SECRET__" + +Component "speakerstats.__DOMAIN__" "speakerstats_component" + muc_component = "conference.__DOMAIN__" + +Component "conferenceduration.__DOMAIN__" "conference_duration_component" + muc_component = "conference.__DOMAIN__" \ No newline at end of file diff --git a/conf/mod_carbons.lua b/conf/mod_carbons.lua deleted file mode 100644 index ab37083..0000000 --- a/conf/mod_carbons.lua +++ /dev/null @@ -1,119 +0,0 @@ --- XEP-0280: Message Carbons implementation for Prosody --- Copyright (C) 2011-2016 Kim Alvefur --- --- This file is MIT/X11 licensed. - -local st = require "util.stanza"; -local jid_bare = require "util.jid".bare; -local xmlns_carbons = "urn:xmpp:carbons:2"; -local xmlns_forward = "urn:xmpp:forward:0"; -local full_sessions, bare_sessions = metronome.full_sessions, metronome.bare_sessions; - -local function toggle_carbons(event) - local origin, stanza = event.origin, event.stanza; - local state = stanza.tags[1].name; - module:log("debug", "%s %sd carbons", origin.full_jid, state); - origin.want_carbons = state == "enable" and stanza.tags[1].attr.xmlns; - origin.send(st.reply(stanza)); - return true; -end -module:hook("iq-set/self/"..xmlns_carbons..":disable", toggle_carbons); -module:hook("iq-set/self/"..xmlns_carbons..":enable", toggle_carbons); - -local function message_handler(event, c2s) - local origin, stanza = event.origin, event.stanza; - local orig_type = stanza.attr.type or "normal"; - local orig_from = stanza.attr.from; - local bare_from = jid_bare(orig_from); - local orig_to = stanza.attr.to; - local bare_to = jid_bare(orig_to); - - if not(orig_type == "chat" or (orig_type == "normal" and stanza:get_child("body"))) then - return -- Only chat type messages - end - - -- Stanza sent by a local client - local bare_jid = bare_from; -- JID of the local user - local target_session = origin; - local top_priority = false; - local user_sessions = bare_sessions[bare_from]; - - -- Stanza about to be delivered to a local client - if not c2s then - bare_jid = bare_to; - target_session = full_sessions[orig_to]; - user_sessions = bare_sessions[bare_jid]; - if not target_session and user_sessions then - -- The top resources will already receive this message per normal routing rules, - -- so we are going to skip them in order to avoid sending duplicated messages. - local top_resources = user_sessions.top_resources; - top_priority = top_resources and top_resources[1].priority - end - end - - if not user_sessions then - module:log("debug", "Skip carbons for offline user"); - return -- No use in sending carbons to an offline user - end - - if stanza:get_child("private", xmlns_carbons) then - if not c2s then - stanza:maptags(function(tag) - if not ( tag.attr.xmlns == xmlns_carbons and tag.name == "private" ) then - return tag; - end - end); - end - module:log("debug", "Message tagged private, ignoring"); - return - elseif stanza:get_child("no-copy", "urn:xmpp:hints") then - module:log("debug", "Message has no-copy hint, ignoring"); - return - elseif not c2s and bare_jid == orig_from and stanza:get_child("x", "http://jabber.org/protocol/muc#user") then - module:log("debug", "MUC PM, ignoring"); - return - end - - local carbon; - user_sessions = user_sessions and user_sessions.sessions; - for _, session in pairs(user_sessions) do - -- Carbons are sent to resources that have enabled it - if session.want_carbons - -- but not the resource that sent the message, or the one that it's directed to - and session ~= target_session - -- and isn't among the top resources that would receive the message per standard routing rules - and (c2s or session.priority ~= top_priority) then - if not carbon then - -- Create the carbon copy and wrap it as per the Stanza Forwarding XEP - local copy = st.clone(stanza); - if c2s and not orig_to then - stanza.attr.to = bare_from; - end - copy.attr.xmlns = "jabber:client"; - carbon = st.message{ from = bare_jid, type = orig_type, } - :tag(c2s and "sent" or "received", { xmlns = xmlns_carbons }) - :tag("forwarded", { xmlns = xmlns_forward }) - :add_child(copy):reset(); - - end - - carbon.attr.to = session.full_jid; - module:log("debug", "Sending carbon to %s", session.full_jid); - session.send(carbon); - end - end -end - -local function c2s_message_handler(event) - return message_handler(event, true) -end - --- Stanzas sent by local clients -module:hook("pre-message/host", c2s_message_handler, -0.5); -module:hook("pre-message/bare", c2s_message_handler, -0.5); -module:hook("pre-message/full", c2s_message_handler, -0.5); --- Stanzas to local clients -module:hook("message/bare", message_handler, -0.5); -module:hook("message/full", message_handler, -0.5); - -module:add_feature(xmlns_carbons); diff --git a/conf/mod_http_altconnect.lua b/conf/mod_http_altconnect.lua deleted file mode 100644 index 2985ff8..0000000 --- a/conf/mod_http_altconnect.lua +++ /dev/null @@ -1,59 +0,0 @@ --- mod_http_altconnect --- XEP-0156: Discovering Alternative XMPP Connection Methods - -module:depends"http"; - -local mm = require "core.modulemanager"; -local json = require"util.json"; -local st = require"util.stanza"; -local array = require"util.array"; - -local function get_supported() - local uris = array(); - if mm.is_loaded(module.host, "bosh") or mm.is_loaded("*", "bosh") then - uris:push({ rel = "urn:xmpp:alt-connections:xbosh", href = module:http_url("bosh", "/http-bind") }); - end - if mm.is_loaded(module.host, "websocket") or mm.is_loaded("*", "websocket") then - uris:push({ rel = "urn:xmpp:alt-connections:websocket", href = module:http_url("websocket", "xmpp-websocket"):gsub("^http", "ws") }); - end - return uris; -end - - -local function GET_xml(event) - local request, response = event.request, event.response; - local xrd = st.stanza("XRD", { xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0' }); - local uris = get_supported(); - for i, method in ipairs(uris) do - xrd:tag("Link", method):up(); - end - response.headers.content_type = "application/xrd+xml" - response.headers.access_control_allow_origin = "*"; - return '' .. tostring(xrd); -end - -local function GET_json(event) - local request, response = event.request, event.response; - local jrd = { links = get_supported() }; - response.headers.content_type = "application/json" - response.headers.access_control_allow_origin = "*"; - return json.encode(jrd); -end; - -local function GET_either(event) - local accept_type = event.request.headers.accept or ""; - if ( accept_type:find("xml") or #accept_type ) < ( accept_type:find("json") or #accept_type+1 ) then - return GET_xml(event); - else - return GET_json(event); - end -end; - -module:provides("http", { - default_path = "/.well-known"; - route = { - ["GET /host-meta"] = GET_either; - -- ["GET /host-meta.xml"] = GET_xml; -- Hmmm - ["GET /host-meta.json"] = GET_json; - }; -}); diff --git a/conf/mod_smacks.lua b/conf/mod_smacks.lua deleted file mode 100644 index a849141..0000000 --- a/conf/mod_smacks.lua +++ /dev/null @@ -1,613 +0,0 @@ --- XEP-0198: Stream Management for Prosody IM --- --- Copyright (C) 2010-2015 Matthew Wild --- Copyright (C) 2010 Waqas Hussain --- Copyright (C) 2012-2015 Kim Alvefur --- Copyright (C) 2012 Thijs Alkemade --- Copyright (C) 2014 Florian Zeitz --- Copyright (C) 2016-2020 Thilo Molitor --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - -local st = require "util.stanza"; -local dep = require "util.dependencies"; -local cache = dep.softreq("util.cache"); -- only available in prosody 0.10+ -local uuid_generate = require "util.uuid".generate; -local jid = require "util.jid"; - -local t_insert, t_remove = table.insert, table.remove; -local math_min = math.min; -local math_max = math.max; -local os_time = os.time; -local tonumber, tostring = tonumber, tostring; -local add_filter = require "util.filters".add_filter; -local timer = require "util.timer"; -local datetime = require "util.datetime"; - -local xmlns_sm2 = "urn:xmpp:sm:2"; -local xmlns_sm3 = "urn:xmpp:sm:3"; -local xmlns_errors = "urn:ietf:params:xml:ns:xmpp-stanzas"; -local xmlns_delay = "urn:xmpp:delay"; - -local sm2_attr = { xmlns = xmlns_sm2 }; -local sm3_attr = { xmlns = xmlns_sm3 }; - -local resume_timeout = module:get_option_number("smacks_hibernation_time", 300); -local s2s_smacks = module:get_option_boolean("smacks_enabled_s2s", false); -local s2s_resend = module:get_option_boolean("smacks_s2s_resend", false); -local max_unacked_stanzas = module:get_option_number("smacks_max_unacked_stanzas", 0); -local delayed_ack_timeout = module:get_option_number("smacks_max_ack_delay", 60); -local max_hibernated_sessions = module:get_option_number("smacks_max_hibernated_sessions", 10); -local max_old_sessions = module:get_option_number("smacks_max_old_sessions", 10); -local core_process_stanza = prosody.core_process_stanza; -local sessionmanager = require"core.sessionmanager"; - -assert(max_hibernated_sessions > 0, "smacks_max_hibernated_sessions must be greater than 0"); -assert(max_old_sessions > 0, "smacks_old_sessions must be greater than 0"); - -local c2s_sessions = module:shared("/*/c2s/sessions"); - -local function init_session_cache(max_entries, evict_callback) - -- old prosody version < 0.10 (no limiting at all!) - if not cache then - local store = {}; - return { - get = function(user, key) - if not user then return nil; end - if not key then return nil; end - return store[key]; - end; - set = function(user, key, value) - if not user then return nil; end - if not key then return nil; end - store[key] = value; - end; - }; - end - - -- use per user limited cache for prosody >= 0.10 - local stores = {}; - return { - get = function(user, key) - if not user then return nil; end - if not key then return nil; end - if not stores[user] then - stores[user] = cache.new(max_entries, evict_callback); - end - return stores[user]:get(key); - end; - set = function(user, key, value) - if not user then return nil; end - if not key then return nil; end - if not stores[user] then stores[user] = cache.new(max_entries, evict_callback); end - stores[user]:set(key, value); - -- remove empty caches completely - if not stores[user]:count() then stores[user] = nil; end - end; - }; -end -local old_session_registry = init_session_cache(max_old_sessions, nil); -local session_registry = init_session_cache(max_hibernated_sessions, function(resumption_token, session) - if session.destroyed then return true; end -- destroyed session can always be removed from cache - session.log("warn", "User has too much hibernated sessions, removing oldest session (token: %s)", resumption_token); - -- store old session's h values on force delete - -- save only actual h value and username/host (for security) - old_session_registry.set(session.username, resumption_token, { - h = session.handled_stanza_count, - username = session.username, - host = session.host - }); - return true; -- allow session to be removed from full cache to make room for new one -end); - -local function stoppable_timer(delay, callback) - local stopped = false; - local timer = module:add_timer(delay, function (t) - if stopped then return; end - return callback(t); - end); - if timer and timer.stop then return timer; end -- new prosody api includes stop() function - return { - stop = function () stopped = true end; - timer; - }; -end - -local function delayed_ack_function(session) - -- fire event only if configured to do so and our session is not already hibernated or destroyed - if delayed_ack_timeout > 0 and session.awaiting_ack - and not session.hibernating and not session.destroyed then - session.log("debug", "Firing event 'smacks-ack-delayed', queue = %d", - session.outgoing_stanza_queue and #session.outgoing_stanza_queue or 0); - module:fire_event("smacks-ack-delayed", {origin = session, queue = session.outgoing_stanza_queue}); - end - session.delayed_ack_timer = nil; -end - -local function can_do_smacks(session, advertise_only) - if session.smacks then return false, "unexpected-request", "Stream management is already enabled"; end - - local session_type = session.type; - if session.username then - if not(advertise_only) and not(session.resource) then -- Fail unless we're only advertising sm - return false, "unexpected-request", "Client must bind a resource before enabling stream management"; - end - return true; - elseif s2s_smacks and (session_type == "s2sin" or session_type == "s2sout") then - return true; - end - return false, "service-unavailable", "Stream management is not available for this stream"; -end - -module:hook("stream-features", - function (event) - if can_do_smacks(event.origin, true) then - event.features:tag("sm", sm2_attr):tag("optional"):up():up(); - event.features:tag("sm", sm3_attr):tag("optional"):up():up(); - end - end); - -module:hook("s2s-stream-features", - function (event) - if can_do_smacks(event.origin, true) then - event.features:tag("sm", sm2_attr):tag("optional"):up():up(); - event.features:tag("sm", sm3_attr):tag("optional"):up():up(); - end - end); - -local function request_ack_if_needed(session, force, reason) - local queue = session.outgoing_stanza_queue; - local expected_h = session.last_acknowledged_stanza + #queue; - -- session.log("debug", "*** SMACKS(1) ***: awaiting_ack=%s, hibernating=%s", tostring(session.awaiting_ack), tostring(session.hibernating)); - if session.awaiting_ack == nil and not session.hibernating then - -- this check of last_requested_h prevents ack-loops if missbehaving clients report wrong - -- stanza counts. it is set when an is really sent (e.g. inside timer), preventing any - -- further requests until a higher h-value would be expected. - -- session.log("debug", "*** SMACKS(2) ***: #queue=%s, max_unacked_stanzas=%s, expected_h=%s, last_requested_h=%s", tostring(#queue), tostring(max_unacked_stanzas), tostring(expected_h), tostring(session.last_requested_h)); - if (#queue > max_unacked_stanzas and expected_h ~= session.last_requested_h) or force then - session.log("debug", "Queuing (in a moment) from %s - #queue=%d", reason, #queue); - session.awaiting_ack = false; - session.awaiting_ack_timer = stoppable_timer(1e-06, function () - -- session.log("debug", "*** SMACKS(3) ***: awaiting_ack=%s, hibernating=%s", tostring(session.awaiting_ack), tostring(session.hibernating)); - -- only request ack if needed and our session is not already hibernated or destroyed - if not session.awaiting_ack and not session.hibernating and not session.destroyed then - session.log("debug", "Sending (inside timer, before send) from %s - #queue=%d", reason, #queue); - (session.sends2s or session.send)(st.stanza("r", { xmlns = session.smacks })) - session.awaiting_ack = true; - -- expected_h could be lower than this expression e.g. more stanzas added to the queue meanwhile) - session.last_requested_h = session.last_acknowledged_stanza + #queue; - session.log("debug", "Sending (inside timer, after send) from %s - #queue=%d", reason, #queue); - if not session.delayed_ack_timer then - session.delayed_ack_timer = stoppable_timer(delayed_ack_timeout, function() - delayed_ack_function(session); - end); - end - end - end); - end - end - - -- Trigger "smacks-ack-delayed"-event if we added new (ackable) stanzas to the outgoing queue - -- and there isn't already a timer for this event running. - -- If we wouldn't do this, stanzas added to the queue after the first "smacks-ack-delayed"-event - -- would not trigger this event (again). - if #queue > max_unacked_stanzas and session.awaiting_ack and session.delayed_ack_timer == nil then - session.log("debug", "Calling delayed_ack_function directly (still waiting for ack)"); - delayed_ack_function(session); - end -end - -local function outgoing_stanza_filter(stanza, session) - local is_stanza = stanza.attr and not stanza.attr.xmlns and not stanza.name:find":"; - if is_stanza and not stanza._cached then -- Stanza in default stream namespace - local queue = session.outgoing_stanza_queue; - local cached_stanza = st.clone(stanza); - cached_stanza._cached = true; - - if cached_stanza and cached_stanza.name ~= "iq" and cached_stanza:get_child("delay", xmlns_delay) == nil then - cached_stanza = cached_stanza:tag("delay", { - xmlns = xmlns_delay, - from = jid.bare(session.full_jid or session.host), - stamp = datetime.datetime() - }); - end - - queue[#queue+1] = cached_stanza; - if session.hibernating then - session.log("debug", "hibernating, stanza queued"); - module:fire_event("smacks-hibernation-stanza-queued", {origin = session, queue = queue, stanza = cached_stanza}); - return nil; - end - request_ack_if_needed(session, false, "outgoing_stanza_filter"); - end - return stanza; -end - -local function count_incoming_stanzas(stanza, session) - if not stanza.attr.xmlns then - session.handled_stanza_count = session.handled_stanza_count + 1; - session.log("debug", "Handled %d incoming stanzas", session.handled_stanza_count); - end - return stanza; -end - -local function wrap_session_out(session, resume) - if not resume then - session.outgoing_stanza_queue = {}; - session.last_acknowledged_stanza = 0; - end - - add_filter(session, "stanzas/out", outgoing_stanza_filter, -999); - - local session_close = session.close; - function session.close(...) - if session.resumption_token then - session_registry.set(session.username, session.resumption_token, nil); - old_session_registry.set(session.username, session.resumption_token, nil); - session.resumption_token = nil; - end - -- send out last ack as per revision 1.5.2 of XEP-0198 - if session.smacks and session.conn then - (session.sends2s or session.send)(st.stanza("a", { xmlns = session.smacks, h = string.format("%d", session.handled_stanza_count) })); - end - return session_close(...); - end - return session; -end - -local function wrap_session_in(session, resume) - if not resume then - session.handled_stanza_count = 0; - end - add_filter(session, "stanzas/in", count_incoming_stanzas, 999); - - return session; -end - -local function wrap_session(session, resume) - wrap_session_out(session, resume); - wrap_session_in(session, resume); - return session; -end - -function handle_enable(session, stanza, xmlns_sm) - local ok, err, err_text = can_do_smacks(session); - if not ok then - session.log("warn", "Failed to enable smacks: %s", err_text); -- TODO: XEP doesn't say we can send error text, should it? - (session.sends2s or session.send)(st.stanza("failed", { xmlns = xmlns_sm }):tag(err, { xmlns = xmlns_errors})); - return true; - end - - module:log("debug", "Enabling stream management"); - session.smacks = xmlns_sm; - - wrap_session(session, false); - - local resume_token; - local resume = stanza.attr.resume; - if resume == "true" or resume == "1" then - resume_token = uuid_generate(); - session_registry.set(session.username, resume_token, session); - session.resumption_token = resume_token; - end - (session.sends2s or session.send)(st.stanza("enabled", { xmlns = xmlns_sm, id = resume_token, resume = resume, max = tostring(resume_timeout) })); - return true; -end -module:hook_stanza(xmlns_sm2, "enable", function (session, stanza) return handle_enable(session, stanza, xmlns_sm2); end, 100); -module:hook_stanza(xmlns_sm3, "enable", function (session, stanza) return handle_enable(session, stanza, xmlns_sm3); end, 100); - -module:hook_stanza("http://etherx.jabber.org/streams", "features", - function (session, stanza) - stoppable_timer(1e-6, function () - if can_do_smacks(session) then - if stanza:get_child("sm", xmlns_sm3) then - session.sends2s(st.stanza("enable", sm3_attr)); - session.smacks = xmlns_sm3; - elseif stanza:get_child("sm", xmlns_sm2) then - session.sends2s(st.stanza("enable", sm2_attr)); - session.smacks = xmlns_sm2; - else - return; - end - wrap_session_out(session, false); - end - end); - end); - -function handle_enabled(session, stanza, xmlns_sm) - module:log("debug", "Enabling stream management"); - session.smacks = xmlns_sm; - - wrap_session_in(session, false); - - -- FIXME Resume? - - return true; -end -module:hook_stanza(xmlns_sm2, "enabled", function (session, stanza) return handle_enabled(session, stanza, xmlns_sm2); end, 100); -module:hook_stanza(xmlns_sm3, "enabled", function (session, stanza) return handle_enabled(session, stanza, xmlns_sm3); end, 100); - -function handle_r(origin, stanza, xmlns_sm) - if not origin.smacks then - module:log("debug", "Received ack request from non-smack-enabled session"); - return; - end - module:log("debug", "Received ack request, acking for %d", origin.handled_stanza_count); - -- Reply with - (origin.sends2s or origin.send)(st.stanza("a", { xmlns = xmlns_sm, h = string.format("%d", origin.handled_stanza_count) })); - -- piggyback our own ack request if needed (see request_ack_if_needed() for explanation of last_requested_h) - local expected_h = origin.last_acknowledged_stanza + #origin.outgoing_stanza_queue; - if #origin.outgoing_stanza_queue > 0 and expected_h ~= origin.last_requested_h then - request_ack_if_needed(origin, true, "piggybacked by handle_r"); - end - return true; -end -module:hook_stanza(xmlns_sm2, "r", function (origin, stanza) return handle_r(origin, stanza, xmlns_sm2); end); -module:hook_stanza(xmlns_sm3, "r", function (origin, stanza) return handle_r(origin, stanza, xmlns_sm3); end); - -function handle_a(origin, stanza) - if not origin.smacks then return; end - origin.awaiting_ack = nil; - if origin.awaiting_ack_timer then - origin.awaiting_ack_timer:stop(); - end - if origin.delayed_ack_timer then - origin.delayed_ack_timer:stop(); - origin.delayed_ack_timer = nil; - end - -- Remove handled stanzas from outgoing_stanza_queue - -- origin.log("debug", "ACK: h=%s, last=%s", stanza.attr.h or "", origin.last_acknowledged_stanza or ""); - local h = tonumber(stanza.attr.h); - if not h then - origin:close{ condition = "invalid-xml"; text = "Missing or invalid 'h' attribute"; }; - return; - end - local handled_stanza_count = h-origin.last_acknowledged_stanza; - local queue = origin.outgoing_stanza_queue; - if handled_stanza_count > #queue then - origin.log("warn", "The client says it handled %d new stanzas, but we only sent %d :)", - handled_stanza_count, #queue); - origin.log("debug", "Client h: %d, our h: %d", tonumber(stanza.attr.h), origin.last_acknowledged_stanza); - for i=1,#queue do - origin.log("debug", "Q item %d: %s", i, tostring(queue[i])); - end - end - - for i=1,math_min(handled_stanza_count,#queue) do - local handled_stanza = t_remove(origin.outgoing_stanza_queue, 1); - module:fire_event("delivery/success", { session = origin, stanza = handled_stanza }); - end - - origin.log("debug", "#queue = %d", #queue); - origin.last_acknowledged_stanza = origin.last_acknowledged_stanza + handled_stanza_count; - request_ack_if_needed(origin, false, "handle_a") - return true; -end -module:hook_stanza(xmlns_sm2, "a", handle_a); -module:hook_stanza(xmlns_sm3, "a", handle_a); - ---TODO: Optimise... incoming stanzas should be handled by a per-session --- function that has a counter as an upvalue (no table indexing for increments, --- and won't slow non-198 sessions). We can also then remove the .handled flag --- on stanzas - -function handle_unacked_stanzas(session) - local queue = session.outgoing_stanza_queue; - local error_attr = { type = "cancel" }; - if #queue > 0 then - session.outgoing_stanza_queue = {}; - for i=1,#queue do - if not module:fire_event("delivery/failure", { session = session, stanza = queue[i] }) then - local reply = st.reply(queue[i]); - if reply.attr.to ~= session.full_jid then - reply.attr.type = "error"; - reply:tag("error", error_attr) - :tag("recipient-unavailable", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}); - core_process_stanza(session, reply); - end - end - end - end -end - -module:hook("pre-resource-unbind", function (event) - local session, err = event.session, event.error; - if session.smacks then - if not session.resumption_token then - local queue = session.outgoing_stanza_queue; - if #queue > 0 then - session.log("debug", "Destroying session with %d unacked stanzas", #queue); - handle_unacked_stanzas(session); - end - else - session.log("debug", "mod_smacks hibernating session for up to %d seconds", resume_timeout); - local hibernate_time = os_time(); -- Track the time we went into hibernation - session.hibernating = hibernate_time; - local resumption_token = session.resumption_token; - module:fire_event("smacks-hibernation-start", {origin = session, queue = session.outgoing_stanza_queue}); - timer.add_task(resume_timeout, function () - session.log("debug", "mod_smacks hibernation timeout reached..."); - -- We need to check the current resumption token for this resource - -- matches the smacks session this timer is for in case it changed - -- (for example, the client may have bound a new resource and - -- started a new smacks session, or not be using smacks) - local curr_session = full_sessions[session.full_jid]; - if session.destroyed then - session.log("debug", "The session has already been destroyed"); - elseif curr_session and curr_session.resumption_token == resumption_token - -- Check the hibernate time still matches what we think it is, - -- otherwise the session resumed and re-hibernated. - and session.hibernating == hibernate_time then - -- wait longer if the timeout isn't reached because push was enabled for this session - -- session.first_hibernated_push is the starting point for hibernation timeouts of those push enabled clients - -- wait for an additional resume_timeout seconds if no push occured since hibernation at all - local current_time = os_time(); - local timeout_start = math_max(session.hibernating, session.first_hibernated_push or session.hibernating); - if session.push_identifier ~= nil and not session.first_hibernated_push then - session.log("debug", "No push happened since hibernation started, hibernating session for up to %d extra seconds", resume_timeout); - return resume_timeout; - end - if current_time-timeout_start < resume_timeout and session.push_identifier ~= nil then - session.log("debug", "A push happened since hibernation started, hibernating session for up to %d extra seconds", current_time-timeout_start); - return current_time-timeout_start; -- time left to wait - end - session.log("debug", "Destroying session for hibernating too long"); - session_registry.set(session.username, session.resumption_token, nil); - -- save only actual h value and username/host (for security) - old_session_registry.set(session.username, session.resumption_token, { - h = session.handled_stanza_count, - username = session.username, - host = session.host - }); - session.resumption_token = nil; - sessionmanager.destroy_session(session); - else - session.log("debug", "Session resumed before hibernation timeout, all is well") - end - end); - return true; -- Postpone destruction for now - end - end -end); - -local function handle_s2s_destroyed(event) - local session = event.session; - local queue = session.outgoing_stanza_queue; - if queue and #queue > 0 then - session.log("warn", "Destroying session with %d unacked stanzas", #queue); - if s2s_resend then - for i = 1, #queue do - module:send(queue[i]); - end - session.outgoing_stanza_queue = nil; - else - handle_unacked_stanzas(session); - end - end -end - -module:hook("s2sout-destroyed", handle_s2s_destroyed); -module:hook("s2sin-destroyed", handle_s2s_destroyed); - -local function get_session_id(session) - return session.id or (tostring(session):match("[a-f0-9]+$")); -end - -function handle_resume(session, stanza, xmlns_sm) - if session.full_jid then - session.log("warn", "Tried to resume after resource binding"); - session.send(st.stanza("failed", { xmlns = xmlns_sm }) - :tag("unexpected-request", { xmlns = xmlns_errors }) - ); - return true; - end - - local id = stanza.attr.previd; - local original_session = session_registry.get(session.username, id); - if not original_session then - session.log("debug", "Tried to resume non-existent session with id %s", id); - local old_session = old_session_registry.get(session.username, id); - if old_session and session.username == old_session.username - and session.host == old_session.host - and old_session.h then - session.send(st.stanza("failed", { xmlns = xmlns_sm, h = string.format("%d", old_session.h) }) - :tag("item-not-found", { xmlns = xmlns_errors }) - ); - else - session.send(st.stanza("failed", { xmlns = xmlns_sm }) - :tag("item-not-found", { xmlns = xmlns_errors }) - ); - end; - elseif session.username == original_session.username - and session.host == original_session.host then - session.log("debug", "mod_smacks resuming existing session %s...", get_session_id(original_session)); - original_session.log("debug", "mod_smacks session resumed from %s...", get_session_id(session)); - -- TODO: All this should move to sessionmanager (e.g. session:replace(new_session)) - if original_session.conn then - original_session.log("debug", "mod_smacks closing an old connection for this session"); - local conn = original_session.conn; - c2s_sessions[conn] = nil; - conn:close(); - end - original_session.ip = session.ip; - original_session.conn = session.conn; - original_session.send = session.send; - original_session.close = session.close; - original_session.filter = session.filter; - original_session.filter.session = original_session; - original_session.filters = session.filters; - original_session.stream = session.stream; - original_session.secure = session.secure; - original_session.hibernating = nil; - session.log = original_session.log; - session.type = original_session.type; - wrap_session(original_session, true); - -- Inform xmppstream of the new session (passed to its callbacks) - original_session.stream:set_session(original_session); - -- Similar for connlisteners - c2s_sessions[session.conn] = original_session; - - original_session.send(st.stanza("resumed", { xmlns = xmlns_sm, - h = string.format("%d", original_session.handled_stanza_count), previd = id })); - - -- Fake an with the h of the from the client - original_session:dispatch_stanza(st.stanza("a", { xmlns = xmlns_sm, - h = stanza.attr.h })); - - -- Ok, we need to re-send any stanzas that the client didn't see - -- ...they are what is now left in the outgoing stanza queue - -- We have to use the send of "session" because we don't want to add our resent stanzas - -- to the outgoing queue again - local queue = original_session.outgoing_stanza_queue; - session.log("debug", "resending all unacked stanzas that are still queued after resume, #queue = %d", #queue); - for i=1,#queue do - session.send(queue[i]); - end - session.log("debug", "all stanzas resent, now disabling send() in this session, #queue = %d", #queue); - function session.send(stanza) - session.log("warn", "Tried to send stanza on old session migrated by smacks resume (maybe there is a bug?): %s", tostring(stanza)); - return false; - end - module:fire_event("smacks-hibernation-end", {origin = session, resumed = original_session, queue = queue}); - request_ack_if_needed(original_session, true, "handle_resume"); - else - module:log("warn", "Client %s@%s[%s] tried to resume stream for %s@%s[%s]", - session.username or "?", session.host or "?", session.type, - original_session.username or "?", original_session.host or "?", original_session.type); - session.send(st.stanza("failed", { xmlns = xmlns_sm }) - :tag("not-authorized", { xmlns = xmlns_errors })); - end - return true; -end -module:hook_stanza(xmlns_sm2, "resume", function (session, stanza) return handle_resume(session, stanza, xmlns_sm2); end); -module:hook_stanza(xmlns_sm3, "resume", function (session, stanza) return handle_resume(session, stanza, xmlns_sm3); end); - -local function handle_read_timeout(event) - local session = event.session; - if session.smacks then - if session.awaiting_ack then - if session.awaiting_ack_timer then - session.awaiting_ack_timer:stop(); - end - if session.delayed_ack_timer then - session.delayed_ack_timer:stop(); - session.delayed_ack_timer = nil; - end - return false; -- Kick the session - end - session.log("debug", "Sending (read timeout)"); - (session.sends2s or session.send)(st.stanza("r", { xmlns = session.smacks })); - session.awaiting_ack = true; - if not session.delayed_ack_timer then - session.delayed_ack_timer = stoppable_timer(delayed_ack_timeout, function() - delayed_ack_function(session); - end); - end - return true; - end -end - -module:hook("s2s-read-timeout", handle_read_timeout); -module:hook("c2s-read-timeout", handle_read_timeout); diff --git a/conf/nginx.conf b/conf/nginx.conf index 35c4a49..10430ae 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,40 +1,81 @@ -#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; -location __PATH__/ { +root __FINALPATH__/jitsi-meet-web; - # Path to source - alias __FINALPATH__/jitsi-meet/ ; - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - - index index.html; - ssi on; +# ssi on with javascript for multidomain variables in config.js +ssi on; +ssi_types application/x-javascript application/javascript; - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; +index index.html index.htm; +error_page 404 /static/404.html; + + +location = /config.js { + alias __FINALPATH__/jitsi-meet-web/config.js; } -location ~ ^/([a-zA-Z0-9=\?]+)$ { - rewrite ^/(.*)$ / break; +location = /external_api.js { + alias __FINALPATH__/jitsi-meet-web/libs/external_api.min.js; +} + +#ensure all static content can always be found first +location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ +{ + add_header 'Access-Control-Allow-Origin' '*'; + alias __FINALPATH__/jitsi-meet-web/$1/$2; } # BOSH -location __PATH__/http-bind { +location = /http-bind { proxy_pass http://127.0.0.1:5290/http-bind; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; - proxy_buffering off; - tcp_nodelay on; - access_log off; } # xmpp websockets -location __PATH__/xmpp-websocket { - proxy_pass http://127.0.0.1:5290/xmpp-websocket; +location = /xmpp-websocket { + proxy_pass http://127.0.0.1:5290/xmpp-websocket?prefix=$prefix&$args; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; + proxy_set_header Host $http_host; tcp_nodelay on; } + +location ~ ^/([^/?&:'"]+)$ { + try_files $uri @root_path; +} + +location @root_path { + rewrite ^/(.*)$ / break; +} + +location ~ ^/([^/?&:'"]+)/config.js$ +{ + set $subdomain "$1."; + set $subdir "$1/"; + alias __FINALPATH__/jitsi-meet-web/config.js; +} + +#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / +location ~ ^/([^/?&:'"]+)/(.*)$ { + set $subdomain "$1."; + set $subdir "$1/"; + rewrite ^/([^/?&:'"]+)/(.*)$ /$2; +} + +# BOSH for subdomains +location ~ ^/([^/?&:'"]+)/http-bind { + set $subdomain "$1."; + set $subdir "$1/"; + set $prefix "$1"; + + rewrite ^/(.*)$ /http-bind; +} + +# websockets for subdomains +location ~ ^/([^/?&:'"]+)/xmpp-websocket { + set $subdomain "$1."; + set $subdir "$1/"; + set $prefix "$1"; + + rewrite ^/(.*)$ /xmpp-websocket; +} diff --git a/conf/sip-communicator.properties b/conf/sip-communicator.properties index 2f19f54..a77ae5a 100644 --- a/conf/sip-communicator.properties +++ b/conf/sip-communicator.properties @@ -2,3 +2,16 @@ org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__ org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=__PRIVATE_IPV4__ org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=__PUBLIC_IPV4__ + + + +org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true +org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 +org.jitsi.videobridge.ENABLE_STATISTICS=true +org.jitsi.videobridge.STATISTICS_TRANSPORT=muc +org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost +org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.__DOMAIN__ +org.jitsi.videobridge.xmpp.user.shard.USERNAME=__JVB_USER__ +org.jitsi.videobridge.xmpp.user.shard.PASSWORD=__JVB_PASSWORD__ +org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.__DOMAIN__ +org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=__MUC_NICKNAME__ \ No newline at end of file diff --git a/manifest.json b/manifest.json index 11bbd84..a1c83d6 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Video conferencing web application", "fr": "Application web de conférence vidéo" }, - "version": "1.0.3729~ynh1", + "version": "1.0.3969~ynh1", "url": "https://jitsi.org/Projects/JitMeet", "license": "Apache-2.0", "maintainer": { diff --git a/scripts/backup b/scripts/backup index 032aea5..0348e8d 100644 --- a/scripts/backup +++ b/scripts/backup @@ -65,18 +65,10 @@ ynh_print_info --message="Backing up Metronome..." # Backup Metronome domain conf template ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" -ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua" -ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/jitsi-videobridge.$domain.cfg.lua" -ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/focus.$domain.cfg.lua" # Backup Metronome Hook ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" -# Backup Metronome Module -ynh_backup --src_path="/usr/lib/metronome/modules/mod_carbons.lua" -ynh_backup --src_path="/usr/lib/metronome/modules/mod_http_altconnect.lua" -ynh_backup --src_path="/usr/lib/metronome/modules/mod_smacks.lua" - #================================================= # SPECIFIC BACKUP #================================================= diff --git a/scripts/install b/scripts/install index 32c231c..33395b0 100644 --- a/scripts/install +++ b/scripts/install @@ -15,6 +15,7 @@ source /usr/share/yunohost/helpers ynh_print_info --message="Managing script failure..." ynh_clean_setup () { + read -p "key" ynh_clean_check_starting } # Exit if an error occurs during the execution of the script @@ -39,6 +40,12 @@ focus_secret=$(ynh_string_random --length=8) focus_user="svc${app}focus" +jvb_user="svc${app}jvb" + +jvb_password=$(ynh_string_random --length=8) + +muc_nickname=$(ynh_string_random --length=32) + #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -61,6 +68,9 @@ ynh_app_setting_set --app=$app --key=focus_password --value=$focus_password ynh_app_setting_set --app=$app --key=videobridge_secret --value=$videobridge_secret ynh_app_setting_set --app=$app --key=focus_secret --value=$focus_secret ynh_app_setting_set --app=$app --key=focus_user --value=$focus_user +ynh_app_setting_set --app=$app --key=jvb_user --value=$jvb_user +ynh_app_setting_set --app=$app --key=jvb_password --value=$jvb_password +ynh_app_setting_set --app=$app --key=muc_nickname --value=$muc_nickname #================================================= # STANDARD MODIFICATIONS @@ -92,7 +102,7 @@ ynh_print_info --message="Installing dependencies..." ynh_install_app_dependencies $pkg_dependencies -ynh_install_nodejs --nodejs_version=10 +#ynh_install_nodejs --nodejs_version=10 #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -100,10 +110,25 @@ ynh_install_nodejs --nodejs_version=10 ynh_print_info --message="Setting up source files..." ynh_app_setting_set --app=$app --key=final_path --value=$final_path + # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path/jitsi-videobridge" --source_id=jitsi-videobridge -ynh_setup_source --dest_dir="$final_path/jitsi-jicofo-build" --source_id=jitsi-jicofo -ynh_setup_source --dest_dir="$final_path/jitsi-meet_temp" --source_id=jitsi-meet +declare -A packages +packages[jicofo]="jicofo" +packages[jitsi-meet-prosody]="jitsi-meet/prosody-plugins" +packages[jitsi-meet-web]="jitsi-meet" +packages[jitsi-videobridge]="jitsi-videobridge" + +for package in "${!packages[@]}" +do + ynh_setup_source --dest_dir="$final_path/${package}_temp" --source_id=$package + pushd "$final_path/${package}_temp" + ar x $package.deb data.tar.xz + tar xf data.tar.xz + popd + + mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/" + ynh_secure_remove --file="$final_path/${package}_temp" +done #================================================= # NGINX CONFIGURATION @@ -128,48 +153,39 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= ynh_print_info --message="Configuring metronome..." -# Create additional domains -if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - ynh_print_info --message="Creating additional domains for package_check..." - yunohost domain add auth.$domain - yunohost domain add conference.$domain - yunohost domain add jitsi-videobridge.$domain - yunohost domain add focus.$domain -fi +# Adapt prosody module to metronome +ynh_replace_string --match_string="prosody" --replace_string="metronome" --target_file="$final_path/jitsi-meet-prosody/mod_muc_domain_mapper.lua" # Create focus user +yunohost domain add auth.$domain yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 +yunohost user create $jvb_user -f $jvb_user -l $jvb_user -m ${jvb_user}@auth.$domain -p $jvb_password -q 0 # Add Metronome domain conf template metronome_conf="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" mkdir -p /usr/share/yunohost/templates/jitsi/ cp ../conf/metronome.cfg.lua $metronome_conf +ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf" +ynh_replace_string --match_string="__FINAL_PATH__" --replace_string="$final_path" --target_file="$metronome_conf" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$metronome_conf" ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$metronome_conf" ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf" -ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf" +ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="$metronome_conf" +ynh_replace_string --match_string="__JVB_USER__" --replace_string="$jvb_user" --target_file="$metronome_conf" touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" -touch "/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua" -touch "/usr/share/yunohost/templates/jitsi/jitsi-videobridge.$domain.cfg.lua" -touch "/usr/share/yunohost/templates/jitsi/focus.$domain.cfg.lua" # Add Metronome hook cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app yunohost tools regen-conf metronome -# Add Metronome modules -cp ../conf/mod_carbons.lua /usr/lib/metronome/modules/mod_carbons.lua -cp ../conf/mod_http_altconnect.lua /usr/lib/metronome/modules/mod_http_altconnect.lua -cp ../conf/mod_smacks.lua /usr/lib/metronome/modules/mod_smacks.lua - ynh_systemd_action --service_name=metronome --action=restart #================================================= -# BUILD JITSI-VIDEOBRIDGE +# CONFIGURE JITSI-VIDEOBRIDGE #================================================= -ynh_print_info --message="Building Jitsi-Videobridge..." +ynh_print_info --message="Configuring Jitsi-Videobridge..." public_ipv4="$(curl ip.yunohost.org)" || true private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true @@ -179,37 +195,18 @@ cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-commun ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/.sip-communicator/sip-communicator.properties" ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$final_path/.sip-communicator/sip-communicator.properties" ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$final_path/.sip-communicator/sip-communicator.properties" +ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/.sip-communicator/sip-communicator.properties" +ynh_replace_string --match_string="__JVB_USER__" --replace_string="$jvb_user" --target_file="$final_path/.sip-communicator/sip-communicator.properties" +ynh_replace_string --match_string="__JVB_PASSWORD__" --replace_string="$jvb_password" --target_file="$final_path/.sip-communicator/sip-communicator.properties" +ynh_replace_string --match_string="__MUC_NICKNAME__" --replace_string="$muc_nickname" --target_file="$final_path/.sip-communicator/sip-communicator.properties" chown -R $app: $final_path #================================================= -# BUILD JITSI-JICOFO +# CONFIGURE JITSI-MEET #================================================= -ynh_print_info --message="Building Jitsi-Jicofo..." +ynh_print_info --message="Configuring Jitsi-Meet..." -pushd "$final_path/jitsi-jicofo-build" - mvn package -DskipTests -Dassembly.skipAssembly=false -popd - -unzip $final_path/jitsi-jicofo-build/target/jicofo-linux-x64-1.1-SNAPSHOT.zip -d $final_path - -mv $final_path/jicofo-linux-x64-1.1-SNAPSHOT/ $final_path/jitsi-jicofo/ - -ynh_secure_remove --file="$final_path/jitsi-jicofo-build" - -#================================================= -# BUILD JITSI-MEET -#================================================= -ynh_print_info --message="Building Jitsi-Meet..." - -pushd "$final_path/jitsi-meet_temp" - ar x jitsi-meet-web.deb data.tar.xz - tar xf data.tar.xz -popd - -mv "$final_path/jitsi-meet_temp/usr/share/jitsi-meet/" "$final_path/jitsi-meet/" -ynh_secure_remove --file="$final_path/jitsi-meet_temp" - -config="$final_path/jitsi-meet/config.js" +config="$final_path/jitsi-meet-web/config.js" cp ../conf/config.js "$config" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" @@ -225,6 +222,7 @@ ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_c ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-jicofo.service" +ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-jicofo.service" ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="../conf/jitsi-jicofo.service" ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="../conf/jitsi-jicofo.service" ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="../conf/jitsi-jicofo.service" diff --git a/scripts/remove b/scripts/remove index 45dead7..b9142e9 100644 --- a/scripts/remove +++ b/scripts/remove @@ -22,6 +22,7 @@ port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) port_component=$(ynh_app_setting_get --app=$app --key=port_component) final_path=$(ynh_app_setting_get --app=$app --key=final_path) focus_user=$(ynh_app_setting_get --app=$app --key=focus_user) +jvb_user=$(ynh_app_setting_get --app=$app --key=jvb_user) #================================================= # STANDARD REMOVE @@ -60,7 +61,7 @@ ynh_print_info --message="Removing dependencies..." # Remove metapackage and its dependencies ynh_remove_app_dependencies -ynh_remove_nodejs +#ynh_remove_nodejs #================================================= # REMOVE APP MAIN DIR @@ -116,19 +117,9 @@ fi #================================================= ynh_print_info --message="Reconfiguring Metronome..." -# Remove Metronome modules -ynh_secure_remove --file="/usr/lib/metronome/modules/mod_carbons.lua" -ynh_secure_remove --file="/usr/lib/metronome/modules/mod_http_altconnect.lua" -ynh_secure_remove --file="/usr/lib/metronome/modules/mod_smacks.lua" - -ynh_systemd_action --service_name=metronome --action=restart - # Remove domain conf template ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" -ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua" -ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/jitsi-videobridge.$domain.cfg.lua" -ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/focus.$domain.cfg.lua" # Remove Jitsi template directory if [ -z "$(ls -A /usr/share/yunohost/templates/jitsi)" ]; then @@ -141,14 +132,8 @@ yunohost tools regen-conf metronome # Delete focus user yunohost user delete $focus_user --purge - -# Removing additional domains -if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - yunohost domain remove auth.$domain - yunohost domain remove conference.$domain - yunohost domain remove jitsi-videobridge.$domain - yunohost domain remove focus.$domain -fi +yunohost user delete $jvb_user --purge +yunohost domain remove auth.$domain #================================================= # REMOVE THE LOG FILES diff --git a/scripts/restore b/scripts/restore index a97c086..1e04f9c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -91,7 +91,7 @@ ynh_print_info --message="Reinstalling dependencies..." # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies -ynh_install_nodejs --nodejs_version=10 +#ynh_install_nodejs --nodejs_version=10 #================================================= # CONFIGURE FIREWALL @@ -108,33 +108,21 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge ynh_print_info --message="Configuring metronome..." # Create additional domains -if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - yunohost domain add auth.$domain - yunohost domain add conference.$domain - yunohost domain add jitsi-videobridge.$domain - yunohost domain add focus.$domain -fi +yunohost domain add auth.$domain # Create focus user yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 +yunohost user create $jvb_user -f $jvb_user -l $jvb_user -m ${jvb_user}@auth.$domain -p $jvb_password -q 0 # Restore Metronome domain conf template mkdir -p /usr/share/yunohost/templates/jitsi/ ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" -ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua" -ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/jitsi-videobridge.$domain.cfg.lua" -ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/focus.$domain.cfg.lua" # Restore Metronome Hook ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" yunohost tools regen-conf metronome -# Restore Metronome modules -ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_carbons.lua" -ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_http_altconnect.lua" -ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_smacks.lua" - ynh_systemd_action --service_name=metronome --action=restart #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 28f2e3a..7b477f5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -67,6 +67,21 @@ if ynh_version_gt "1.0.3387~ynh2" "${current_version}" ; then yunohost tools regen-conf metronome fi +if ynh_version_gt "1.0.3969~ynh1" "${current_version}" ; then + # Remove not needed domains + yunohost domain remove conference.$domain + yunohost domain remove jitsi-videobridge.$domain + yunohost domain remove focus.$domain + + # Remove Previously installed Metronome modules + ynh_secure_remove --file="/usr/lib/metronome/modules/mod_carbons.lua" + ynh_secure_remove --file="/usr/lib/metronome/modules/mod_http_altconnect.lua" + ynh_secure_remove --file="/usr/lib/metronome/modules/mod_smacks.lua" + + # Remove nodejs + ynh_remove_nodejs +fi + # Closing port_component if yunohost firewall list | grep -q "\- $port_component$" then @@ -74,6 +89,7 @@ then ynh_exec_warn_less yunohost firewall disallow TCP $port_component fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -108,9 +124,24 @@ then ynh_print_info --message="Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path/jitsi-videobridge" --source_id=jitsi-videobridge - ynh_setup_source --dest_dir="$final_path/jitsi-jicofo-build" --source_id=jitsi-jicofo - ynh_setup_source --dest_dir="$final_path/jitsi-meet_temp" --source_id=jitsi-meet + declare -A packages + packages[jicofo]="jicofo" + packages[jitsi-meet-prosody]="jitsi-meet/prosody-plugins" + packages[jitsi-meet-web]="jitsi-meet" + packages[jitsi-videobridge]="jitsi-videobridge" + + for package in "${!packages[@]}" + do + ynh_secure_remove --file="$final_path/${package}" + ynh_setup_source --dest_dir="$final_path/${package}_temp" --source_id=$package + pushd "$final_path/${package}_temp" + ar x $package.deb data.tar.xz + tar xf data.tar.xz + popd + + mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/" + ynh_secure_remove --file="$final_path/${package}_temp" + done fi #================================================= @@ -128,7 +159,7 @@ ynh_print_info --message="Upgrading dependencies..." ynh_install_app_dependencies $pkg_dependencies -ynh_install_nodejs --nodejs_version=10 +#ynh_install_nodejs --nodejs_version=10 #================================================= # CREATE DEDICATED USER @@ -225,6 +256,7 @@ ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_c ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-jicofo.service" +ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-jicofo.service" ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="../conf/jitsi-jicofo.service" ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="../conf/jitsi-jicofo.service" ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="../conf/jitsi-jicofo.service" From 1c53a0441a7414154d93cf6f55bdedccff16b82b Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 10 Apr 2020 06:38:10 +0200 Subject: [PATCH 04/57] typo --- scripts/install | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/install b/scripts/install index 33395b0..2cc6c00 100644 --- a/scripts/install +++ b/scripts/install @@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers ynh_print_info --message="Managing script failure..." ynh_clean_setup () { - read -p "key" ynh_clean_check_starting } # Exit if an error occurs during the execution of the script From 7cb7583ee417e193f278a1332b2c0bc155bdaa17 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 10 Apr 2020 19:36:04 +0200 Subject: [PATCH 05/57] removing previous domain creation --- README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/README.md b/README.md index 1cb8d1c..b5309bd 100644 --- a/README.md +++ b/README.md @@ -21,12 +21,7 @@ Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Vi ## Important points before installing 1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld -2. **Jitsi** requires you create additionals domains in your DNS and in your YunoHost - * auth.jitsi.domain.tld - * conference.jitsi.domain.tld - * jitsi-videobridge.jitsi.domain.tld - * focus.jitsi.domain.tld -3. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) +2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) ## Screenshots From c9e4ed4a4b99d35ebf03b157e5b556183ce58023 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 11 Apr 2020 21:55:05 +0200 Subject: [PATCH 06/57] more jitsi ready --- conf/jitsi-jicofo-logging.properties | 36 +++ conf/jitsi-jicofo-sip-communicator.properties | 1 + conf/jitsi-jicofo.config | 27 +++ conf/jitsi-jicofo.service | 3 +- conf/jitsi-videobridge-logging.properties | 39 ++++ ...i-videobridge-sip-communicator.properties} | 13 +- conf/jitsi-videobridge.config | 20 ++ conf/jitsi-videobridge.service | 16 +- conf/metronome.cfg.lua | 214 ++---------------- conf/nginx.conf | 2 +- scripts/_common.sh | 2 +- scripts/backup | 7 + scripts/install | 89 ++++++-- scripts/remove | 9 + scripts/restore | 15 ++ scripts/upgrade | 104 +++++---- 16 files changed, 325 insertions(+), 272 deletions(-) create mode 100644 conf/jitsi-jicofo-logging.properties create mode 100644 conf/jitsi-jicofo-sip-communicator.properties create mode 100644 conf/jitsi-jicofo.config create mode 100644 conf/jitsi-videobridge-logging.properties rename conf/{sip-communicator.properties => jitsi-videobridge-sip-communicator.properties} (98%) create mode 100644 conf/jitsi-videobridge.config diff --git a/conf/jitsi-jicofo-logging.properties b/conf/jitsi-jicofo-logging.properties new file mode 100644 index 0000000..18c87ce --- /dev/null +++ b/conf/jitsi-jicofo-logging.properties @@ -0,0 +1,36 @@ + +handlers= java.util.logging.ConsoleHandler +#handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler + +java.util.logging.ConsoleHandler.level = ALL +java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter + +net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo + +.level=INFO +net.sf.level=SEVERE +net.java.sip.communicator.plugin.reconnectplugin.level=FINE +org.ice4j.level=SEVERE +org.jitsi.impl.neomedia.level=SEVERE + +# Do not worry about missing strings +net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE + +#net.java.sip.communicator.service.protocol.level=ALL + +# Enable debug packets logging +#org.jitsi.impl.protocol.xmpp.level=FINE + +# Syslog(uncomment handler to use) +com.agafua.syslog.SyslogHandler.transport = udp +com.agafua.syslog.SyslogHandler.facility = local0 +com.agafua.syslog.SyslogHandler.port = 514 +com.agafua.syslog.SyslogHandler.hostname = localhost +com.agafua.syslog.SyslogHandler.formatter = net.java.sip.communicator.util.ScLogFormatter +com.agafua.syslog.SyslogHandler.escapeNewlines = false + +# to disable double timestamps in syslog uncomment next line +#net.java.sip.communicator.util.ScLogFormatter.disableTimestamp=true + +# uncomment to see how Jicofo talks to the JVB +#org.jitsi.impl.protocol.xmpp.colibri.level=ALL diff --git a/conf/jitsi-jicofo-sip-communicator.properties b/conf/jitsi-jicofo-sip-communicator.properties new file mode 100644 index 0000000..8ca1252 --- /dev/null +++ b/conf/jitsi-jicofo-sip-communicator.properties @@ -0,0 +1 @@ +org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.__DOMAIN__ diff --git a/conf/jitsi-jicofo.config b/conf/jitsi-jicofo.config new file mode 100644 index 0000000..f0c030c --- /dev/null +++ b/conf/jitsi-jicofo.config @@ -0,0 +1,27 @@ +# Jitsi Conference Focus settings +# sets the host name of the XMPP server +JICOFO_HOST=localhost + +# sets the XMPP domain (default: none) +JICOFO_HOSTNAME=__DOMAIN__ + +# sets the secret used to authenticate as an XMPP component +JICOFO_SECRET=__FOCUS_SECRET__ + +# sets the port to use for the XMPP component connection +JICOFO_PORT=__PORT_COMPONENT__ + +# sets the XMPP domain name to use for XMPP user logins +JICOFO_AUTH_DOMAIN=auth.__DOMAIN__ + +# sets the username to use for XMPP user logins +JICOFO_AUTH_USER=__FOCUS_USER__ + +# sets the password to use for XMPP user logins +JICOFO_AUTH_PASSWORD=__FOCUS_PASSWORD__ + +# extra options to pass to the jicofo daemon +JICOFO_OPTS="" + +# adds java system props that are passed to jicofo (default are for home and logging config file) +JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/__APP__/jicofo/logging.properties" diff --git a/conf/jitsi-jicofo.service b/conf/jitsi-jicofo.service index d207c10..5346ddc 100644 --- a/conf/jitsi-jicofo.service +++ b/conf/jitsi-jicofo.service @@ -6,8 +6,9 @@ After=network.target Type=simple User=__APP__ Group=__APP__ +EnvironmentFile=/etc/__APP__/jicofo/config WorkingDirectory=__FINALPATH__/jicofo/ -ExecStart=__FINALPATH__/jicofo/jicofo.sh --host=localhost --domain=__DOMAIN__ --port=__PORT_COMPONENT__ --secret=__FOCUS_SECRET__ --user_domain=auth.__DOMAIN__ --user_name=__FOCUS_USER__ --user_password=__FOCUS_PASSWORD__ & >> /var/log/__APP__/__APP__-jitsi-jicofo.log 2>&1 +ExecStart=/bin/bash -c "exec __FINALPATH__/jicofo/jicofo.sh --host=$JICOFO_HOST --domain=$JICOFO_HOSTNAME --port=$JICOFO_PORT --secret=$JICOFO_SECRET --user_name=$JICOFO_AUTH_USER --user_domain=$JICOFO_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD $JICOFO_OPTS" [Install] WantedBy=multi-user.target diff --git a/conf/jitsi-videobridge-logging.properties b/conf/jitsi-videobridge-logging.properties new file mode 100644 index 0000000..7df14c2 --- /dev/null +++ b/conf/jitsi-videobridge-logging.properties @@ -0,0 +1,39 @@ +handlers= java.util.logging.ConsoleHandler +#handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler + +java.util.logging.ConsoleHandler.level = ALL +java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter + +net.java.sip.communicator.util.ScLogFormatter.programname=JVB + +.level=INFO + +org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE + +# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge. +org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING + +# Syslog(uncomment handler to use) +com.agafua.syslog.SyslogHandler.transport = udp +com.agafua.syslog.SyslogHandler.facility = local0 +com.agafua.syslog.SyslogHandler.port = 514 +com.agafua.syslog.SyslogHandler.hostname = localhost +com.agafua.syslog.SyslogHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter +com.agafua.syslog.SyslogHandler.escapeNewlines = false + +# to disable double timestamps in syslog uncomment next line +#net.java.sip.communicator.util.ScLogFormatter.disableTimestamp=true + +# time series logging +java.util.logging.SimpleFormatter.format= %5$s%n +java.util.logging.FileHandler.level = ALL +java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter +java.util.logging.FileHandler.pattern = /tmp/jvb-series.log +java.util.logging.FileHandler.limit = 200000000 +java.util.logging.FileHandler.count = 1 +java.util.logging.FileHandler.append = false + +timeseries.level=OFF +timeseries.org.jitsi.videobridge.cc.vp8.level=ALL +timeseries.useParentHandlers = false +timeseries.handlers = java.util.logging.FileHandler diff --git a/conf/sip-communicator.properties b/conf/jitsi-videobridge-sip-communicator.properties similarity index 98% rename from conf/sip-communicator.properties rename to conf/jitsi-videobridge-sip-communicator.properties index a77ae5a..a1ea5df 100644 --- a/conf/sip-communicator.properties +++ b/conf/jitsi-videobridge-sip-communicator.properties @@ -1,10 +1,3 @@ -org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false -org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__ -org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=__PRIVATE_IPV4__ -org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=__PUBLIC_IPV4__ - - - org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 org.jitsi.videobridge.ENABLE_STATISTICS=true @@ -14,4 +7,8 @@ org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.__DOMAIN__ org.jitsi.videobridge.xmpp.user.shard.USERNAME=__JVB_USER__ org.jitsi.videobridge.xmpp.user.shard.PASSWORD=__JVB_PASSWORD__ org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.__DOMAIN__ -org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=__MUC_NICKNAME__ \ No newline at end of file +org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=__MUC_NICKNAME__ +org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false +org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__ +org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=__PRIVATE_IPV4__ +org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=__PUBLIC_IPV4__ \ No newline at end of file diff --git a/conf/jitsi-videobridge.config b/conf/jitsi-videobridge.config new file mode 100644 index 0000000..5b8ffed --- /dev/null +++ b/conf/jitsi-videobridge.config @@ -0,0 +1,20 @@ +# Jitsi Videobridge settings + +# sets the XMPP domain (default: none) +JVB_HOSTNAME=__DOMAIN__ + +# sets the hostname of the XMPP server (default: domain if set, localhost otherwise) +JVB_HOST= + +# sets the port of the XMPP server (default: 5275) +JVB_PORT=__PORT_COMPONENT__ + +# sets the shared secret used to authenticate to the XMPP server +JVB_SECRET=__VIDEOBRIDGE_SECRET__ + +# extra options to pass to the JVB daemon +JVB_OPTS="--apis=," + + +# adds java system props that are passed to jvb (default are for home and logging config file) +JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/__APP__/videobridge/logging.properties" diff --git a/conf/jitsi-videobridge.service b/conf/jitsi-videobridge.service index 5bed2bf..8f7cb9a 100644 --- a/conf/jitsi-videobridge.service +++ b/conf/jitsi-videobridge.service @@ -6,8 +6,22 @@ After=network.target Type=simple User=__APP__ Group=__APP__ +SuccessExitStatus=143 +# allow bind to 80 and 443 +AmbientCapabilities=CAP_NET_BIND_SERVICE +EnvironmentFile=/etc/__APP__/videobridge/config +Environment=LOGFILE=/var/log/jitsi/jvb.log +RuntimeDirectory=jitsi-videobridge +RuntimeDirectoryMode=0750 +PIDFile=/var/run/jitsi-videobridge/jitsi-videobridge.pid +# more threads for this process +TasksMax=65000 +# allow more open files for this process +LimitNPROC=65000 +LimitNOFILE=65000 WorkingDirectory=__FINALPATH__/jitsi-videobridge/ -ExecStart=__FINALPATH__/jitsi-videobridge/jvb.sh --host=localhost --domain=__DOMAIN__ --port=__PORT_COMPONENT__ --secret=__VIDEOBRIDGE_SECRET__ > /var/log/jvb.log 2>&1 +ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=$${JVB_HOST:-localhost} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS}" +ExecStartPost=/bin/bash -c "echo $MAINPID > /var/run/jitsi-videobridge/jitsi-videobridge.pid" [Install] WantedBy=multi-user.target diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 5acc01c..feaddfb 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -1,29 +1,11 @@ --- Prosody XMPP Server Configuration --- --- Information on configuring Prosody can be found on our --- website at http://prosody.im/doc/configure --- --- Tip: You can check that the syntax of this file is correct --- when you have finished by running: prosodyctl check config --- If there are any errors, it will let you know what and where --- they are, otherwise it will keep quiet. --- --- Good luck, and happy Jabbering! - - ----------- Server-wide settings ---------- --- Settings in this section apply to the whole server and are the default settings --- for any virtual hosts - --- This is a (by default, empty) list of accounts that are admins --- for the server. Note that you must create the accounts separately --- (see http://prosody.im/doc/creating_accounts for info) --- Example: admins = { "user1@example.com", "user2@example.net" } -daemonize = true component_ports = { __PORT_COMPONENT__ } plugin_paths = { "__FINAL_PATH__/jitsi-meet-prosody/" } + +-- domain mapper options, must at least have domain base set to use the mapper muc_mapper_domain_base = "__DOMAIN__"; + turncredentials_secret = "__TURN_SECRET__"; + turncredentials = { { type = "stun", host = "__DOMAIN__", port = "443" }, { type = "turn", host = "__DOMAIN__", port = "443", transport = "udp" }, @@ -32,143 +14,14 @@ turncredentials = { cross_domain_bosh = false; consider_bosh_secure = true; ---component_interface = "192.168.0.10" - --- Enable use of libevent for better performance under high load --- For more information see: http://prosody.im/doc/libevent ---use_libevent = true - --- This is the list of modules Prosody will load on startup. --- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. --- Documentation on modules can be found at: http://prosody.im/doc/modules -modules_enabled = { - - -- Generally required - "roster"; -- Allow users to have a roster. Recommended ;) - "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. - "tls"; -- Add support for secure TLS on c2s/s2s connections - "dialback"; -- s2s dialback support - "disco"; -- Service discovery - "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. - - -- Not essential, but recommended - "private"; -- Private XML storage (for room bookmarks, etc.) - "vcard"; -- Allow users to set vCards - - -- These are commented by default as they have a performance impact - --"privacy"; -- Support privacy lists - "compression"; -- Stream compression (requires the lua-zlib package installed) - - -- Nice to have - "version"; -- Replies to server version requests - "uptime"; -- Report how long server has been running - "time"; -- Let others know the time here on this server - "ping"; -- Replies to XMPP pings with pongs - "pep"; -- Enables users to publish their mood, activity, playing music and more - "register"; -- Allow users to register on this server using a client and change passwords - - -- Admin interfaces - "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands - --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 - - -- HTTP modules - --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" - --"http_files"; -- Serve static files from a directory over HTTP - - -- Other specific functionality - "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. - --"groups"; -- Shared roster support - --"announce"; -- Send announcement to all online users - --"welcome"; -- Welcome users who register accounts - --"watchregistrations"; -- Alert admins of registrations - --"motd"; -- Send a message to users when they log in - --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. -} - --- These modules are auto-loaded, but should you want --- to disable them then uncomment them here: -modules_disabled = { - -- "offline"; -- Store offline messages - -- "c2s"; -- Handle client connections - -- "s2s"; -- Handle server-to-server connections -} - --- Disable account creation by default, for security --- For more information see http://prosody.im/doc/creating_accounts -allow_registration = false - --- These are the SSL/TLS-related settings. If you don't want --- to use SSL/TLS, you may comment or remove this --- ssl = { --- key = "/etc/prosody/certs/localhost.key"; --- certificate = "/etc/prosody/certs/localhost.crt"; ---} - --- Force clients to use encrypted connections? This option will --- prevent clients from authenticating unless they are using encryption. - --- c2s_require_encryption = true - --- Force certificate authentication for server-to-server connections? --- This provides ideal security, but requires servers you communicate --- with to support encryption AND present valid, trusted certificates. --- NOTE: Your version of LuaSec must support certificate verification! --- For more information see http://prosody.im/doc/s2s#security - --- s2s_secure_auth = false - --- Many servers don't support encryption or have invalid or self-signed --- certificates. You can list domains here that will not be required to --- authenticate using certificates. They will be authenticated using DNS. - ---s2s_insecure_domains = { "gmail.com" } - --- Even if you leave s2s_secure_auth disabled, you can still require valid --- certificates for some domains by specifying a list here. - ---s2s_secure_domains = { "jabber.org" } - --- Required for init scripts and prosodyctl --- pidfile = "/var/run/prosody/prosody.pid" - --- Select the authentication backend to use. The 'internal' providers --- use Prosody's configured data storage to store the authentication data. --- To allow Prosody to offer secure authentication mechanisms to clients, the --- default provider stores passwords in plaintext. If you do not trust your --- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed --- for information about using the hashed backend. - --- authentication = "internal_plain" - --- Select the storage backend to use. By default Prosody uses flat files --- in its configured data directory, but it also supports more backends --- through modules. An "sql" backend is included by default, but requires --- additional dependencies. See http://prosody.im/doc/storage for more info. - ---storage = "sql" -- Default is "internal" - --- For the "sql" backend, you can uncomment *one* of the below to configure: ---sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. ---sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } ---sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } - --- Logging configuration --- For advanced logging see http://prosody.im/doc/logging --- log = { --- info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging --- error = "/var/log/prosody/prosody.err"; --- "*syslog"; --- } - ------------ Virtual hosts ----------- --- You need to add a VirtualHost entry for each domain you wish Prosody to serve. --- Settings under each VirtualHost entry apply *only* to that host. - ---VirtualHost "localhost" VirtualHost "__DOMAIN__" -- enabled = false -- Remove this line to enable this host authentication = "anonymous" + -- Properties below are modified by jitsi-meet-tokens package config + -- and authentication above is switched to "token" + --app_id="example_app_id" + --app_secret="example_app_secret" -- Assign this host a certificate for TLS, otherwise it would use the one -- set in the global section (if any). -- Note that old-style SSL on port 5223 only supports one certificate, and will always @@ -190,6 +43,18 @@ VirtualHost "__DOMAIN__" } c2s_require_encryption = false +Component "conference.__DOMAIN__" "muc" + storage = "null" + modules_enabled = { + "muc_meeting_id"; + -- "muc_domain_mapper"; + -- "token_verification"; + } + admins = { "__FOCUS_USER__@auth.__DOMAIN__" } + muc_room_locking = false + muc_room_default_public_jids = true + +-- internal muc component Component "internal.auth.__DOMAIN__" "muc" storage = "null" modules_enabled = { @@ -213,40 +78,6 @@ VirtualHost "auth.__DOMAIN__" }, } ------- Components ------ --- You can specify components to add hosts that provide special services, --- like multi-user conferences, and transports. --- For more information on components, see http://prosody.im/doc/components - ----Set up a MUC (multi-user chat) room server on conference.example.com: ---Component "conference.example.com" "muc" - --- Set up a SOCKS5 bytestream proxy for server-proxied file transfers: ---Component "proxy.example.com" "proxy65" - ----Set up an external component (default component port is 5347) --- --- External components allow adding various services, such as gateways/ --- transports to other networks like ICQ, MSN and Yahoo. For more info --- see: http://prosody.im/doc/components#adding_an_external_component --- ---Component "gateway.example.com" --- component_secret = "password" - -Component "conference.__DOMAIN__" "muc" - storage = "null" - modules_enabled = { - -- "muc_meeting_id"; - -- "muc_domain_mapper"; - -- "token_verification"; - } - admins = { "__FOCUS_USER__@auth.__DOMAIN__" } - -- muc_room_locking = false - -- muc_room_default_public_jids = true - -Component "jitsi-videobridge.__DOMAIN__" - component_secret = "__VIDEOBRIDGE_SECRET__" - Component "focus.__DOMAIN__" component_secret = "__FOCUS_SECRET__" @@ -254,4 +85,7 @@ Component "speakerstats.__DOMAIN__" "speakerstats_component" muc_component = "conference.__DOMAIN__" Component "conferenceduration.__DOMAIN__" "conference_duration_component" - muc_component = "conference.__DOMAIN__" \ No newline at end of file + muc_component = "conference.__DOMAIN__" + +--Component "jitsi-videobridge.__DOMAIN__" +-- component_secret = "__VIDEOBRIDGE_SECRET__" diff --git a/conf/nginx.conf b/conf/nginx.conf index 10430ae..ad832ab 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -9,7 +9,7 @@ error_page 404 /static/404.html; location = /config.js { - alias __FINALPATH__/jitsi-meet-web/config.js; + alias /etc/__NAME__/meet/config.js; } location = /external_api.js { diff --git a/scripts/_common.sh b/scripts/_common.sh index 48cf5d6..3bc96e0 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="openjdk-8-jdk|openjdk-11-jdk openjdk-8-jre|openjdk-11-jre maven" +pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless" #================================================= # PERSONAL HELPERS diff --git a/scripts/backup b/scripts/backup index 0348e8d..69be2b0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -69,6 +69,13 @@ ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" # Backup Metronome Hook ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" +#================================================= +# BACKUP THE APP CONFIG +#================================================= +ynh_print_info --message="Backing up the app config..." + +ynh_backup --src_path="/etc/$app" + #================================================= # SPECIFIC BACKUP #================================================= diff --git a/scripts/install b/scripts/install index 2cc6c00..5f132a3 100644 --- a/scripts/install +++ b/scripts/install @@ -15,6 +15,7 @@ source /usr/share/yunohost/helpers ynh_print_info --message="Managing script failure..." ynh_clean_setup () { + read -p "key" ynh_clean_check_starting } # Exit if an error occurs during the execution of the script @@ -189,25 +190,68 @@ ynh_print_info --message="Configuring Jitsi-Videobridge..." public_ipv4="$(curl ip.yunohost.org)" || true private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true -mkdir -p "$final_path/.sip-communicator" -cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-communicator.properties" -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/.sip-communicator/sip-communicator.properties" -ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$final_path/.sip-communicator/sip-communicator.properties" -ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$final_path/.sip-communicator/sip-communicator.properties" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/.sip-communicator/sip-communicator.properties" -ynh_replace_string --match_string="__JVB_USER__" --replace_string="$jvb_user" --target_file="$final_path/.sip-communicator/sip-communicator.properties" -ynh_replace_string --match_string="__JVB_PASSWORD__" --replace_string="$jvb_password" --target_file="$final_path/.sip-communicator/sip-communicator.properties" -ynh_replace_string --match_string="__MUC_NICKNAME__" --replace_string="$muc_nickname" --target_file="$final_path/.sip-communicator/sip-communicator.properties" -chown -R $app: $final_path +mkdir -p "/etc/$app/videobridge" + +jitsi_videobridge_sip_communicator_conf="/etc/$app/videobridge/sip-communicator.properties" +cp ../conf/jitsi-videobridge-sip-communicator.properties "$jitsi_videobridge_sip_communicator_conf" +ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$jitsi_videobridge_sip_communicator_conf" +ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" +ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" +ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_videobridge_sip_communicator_conf" +ynh_replace_string --match_string="__JVB_USER__" --replace_string="$jvb_user" --target_file="$jitsi_videobridge_sip_communicator_conf" +ynh_replace_string --match_string="__JVB_PASSWORD__" --replace_string="$jvb_password" --target_file="$jitsi_videobridge_sip_communicator_conf" +ynh_replace_string --match_string="__MUC_NICKNAME__" --replace_string="$muc_nickname" --target_file="$jitsi_videobridge_sip_communicator_conf" + +jitsi_videobridge_conf="/etc/$app/videobridge/config" +cp ../conf/jitsi-videobridge.config "$jitsi_videobridge_conf" +ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_videobridge_conf" +ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$jitsi_videobridge_conf" +ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$jitsi_videobridge_conf" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_conf" + +jitsi_videobridge_logging_conf="/etc/$app/videobridge/logging.properties" +cp ../conf/jitsi-videobridge-logging.properties "$jitsi_videobridge_logging_conf" + +#================================================= +# CONFIGURE JITSI-JICOFO +#================================================= +ynh_print_info --message="Configuring Jitsi-Jicofo..." + +mkdir -p "/etc/$app/jicofo" + +jitsi_jicofo_sip_communicator_conf="/etc/$app/jicofo/sip-communicator.properties" +cp ../conf/jitsi-jicofo-sip-communicator.properties "$jitsi_jicofo_sip_communicator_conf" +ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_jicofo_sip_communicator_conf" + +jitsi_jicofo_conf="/etc/$app/jicofo/config" +cp ../conf/jitsi-jicofo.config "$jitsi_jicofo_conf" +ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_jicofo_conf" +ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$jitsi_jicofo_conf" +ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$jitsi_jicofo_conf" +ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="$jitsi_jicofo_conf" +ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="$jitsi_jicofo_conf" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_jicofo_conf" + +jitsi_jicofo_logging_conf="/etc/$app/jicofo/logging.properties" +cp ../conf/jitsi-jicofo-logging.properties "$jitsi_jicofo_logging_conf" #================================================= # CONFIGURE JITSI-MEET #================================================= ynh_print_info --message="Configuring Jitsi-Meet..." -config="$final_path/jitsi-meet-web/config.js" -cp ../conf/config.js "$config" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" +mkdir -p "/etc/$app/meet" + +jitsi_meet_conf="/etc/$app/meet/config.js" +cp ../conf/config.js "$jitsi_meet_conf" +ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_meet_conf" + +#================================================= +# CREATE LOG DIR +#================================================= +ynh_print_info --message="Creating log dir..." + +mkdir -p "/var/log/$app" #================================================= # SETUP SYSTEMD @@ -215,16 +259,7 @@ ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --targ ynh_print_info --message="Configuring a systemd service..." # Create a dedicated systemd config -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-videobridge.service" -ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="../conf/jitsi-videobridge.service" -ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-videobridge.service" ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service" - -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-jicofo.service" -ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-jicofo.service" -ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="../conf/jitsi-jicofo.service" -ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="../conf/jitsi-jicofo.service" -ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="../conf/jitsi-jicofo.service" ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service" #================================================= @@ -233,7 +268,13 @@ ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service" ynh_print_info --message="Storing the config file checksum..." # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$config" +ynh_store_file_checksum --file="$jitsi_videobridge_sip_communicator_conf" +ynh_store_file_checksum --file="$jitsi_videobridge_conf" +ynh_store_file_checksum --file="$jitsi_videobridge_logging_conf" +ynh_store_file_checksum --file="$jitsi_jicofo_sip_communicator_conf" +ynh_store_file_checksum --file="$jitsi_jicofo_conf" +ynh_store_file_checksum --file="$jitsi_jicofo_logging_conf" +ynh_store_file_checksum --file="$jitsi_meet_conf" #================================================= # GENERIC FINALIZATION @@ -244,6 +285,8 @@ ynh_print_info --message="Securing files and directories..." # Set permissions to app files chown -R $app: $final_path +chown -R $app: /etc/$app +chown -R $app: /var/log/$app #================================================= # SETUP LOGROTATE diff --git a/scripts/remove b/scripts/remove index b9142e9..e1d75d6 100644 --- a/scripts/remove +++ b/scripts/remove @@ -135,9 +135,18 @@ yunohost user delete $focus_user --purge yunohost user delete $jvb_user --purge yunohost domain remove auth.$domain +#================================================= +# REMOVE THE CONFIG +#================================================= +ynh_print_info --message="Removing the config..." + +# Remove the log files +ynh_secure_remove --file="/etc/$app" + #================================================= # REMOVE THE LOG FILES #================================================= +ynh_print_info --message="Removing the log files..." # Remove the log files ynh_secure_remove --file="/var/log/$app" diff --git a/scripts/restore b/scripts/restore index 1e04f9c..547d16e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -125,6 +125,21 @@ yunohost tools regen-conf metronome ynh_systemd_action --service_name=metronome --action=restart +#================================================= +# RESTORE THE APP CONFIG +#================================================= +ynh_print_info --message="Restoring the app config..." + +ynh_restore_file --origin_path="/etc/$app" + +#================================================= +# CREATE LOG DIR +#================================================= +ynh_print_info --message="Creating log dir..." + +mkdir -p "/var/log/$app" +chown -R $app: /var/log/$app + #================================================= # RESTORE SYSTEMD #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 7b477f5..62e57b3 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -172,68 +172,86 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # SPECIFIC UPGRADE #================================================= -# BUILD JITSI-VIDEOBRIDGE +# CONFIGURE JITSI-VIDEOBRIDGE #================================================= -ynh_print_info --message="Building Jitsi-Videobridge..." +ynh_print_info --message="Configuring Jitsi-Videobridge..." if [ "$upgrade_type" == "UPGRADE_APP" ] then public_ipv4="$(curl ip.yunohost.org)" || true private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true - - mkdir -p "$final_path/.sip-communicator" - cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-communicator.properties" - ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/.sip-communicator/sip-communicator.properties" - ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$final_path/.sip-communicator/sip-communicator.properties" - ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$final_path/.sip-communicator/sip-communicator.properties" - chown -R $app: $final_path + + jitsi_videobridge_sip_communicator_conf="/etc/$app/videobridge/sip-communicator.properties" + ynh_backup_if_checksum_is_different --file="$jitsi_videobridge_sip_communicator_conf" + cp -f ../conf/jitsi_videobridge-sip-communicator.properties "$jitsi_videobridge_sip_communicator_conf" + ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$jitsi_videobridge_sip_communicator_conf" + ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" + ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" + ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_videobridge_sip_communicator_conf" + ynh_replace_string --match_string="__JVB_USER__" --replace_string="$jvb_user" --target_file="$jitsi_videobridge_sip_communicator_conf" + ynh_replace_string --match_string="__JVB_PASSWORD__" --replace_string="$jvb_password" --target_file="$jitsi_videobridge_sip_communicator_conf" + ynh_replace_string --match_string="__MUC_NICKNAME__" --replace_string="$muc_nickname" --target_file="$jitsi_videobridge_sip_communicator_conf" + ynh_store_file_checksum --file="$jitsi_videobridge_sip_communicator_conf" + + jitsi_videobridge_conf="/etc/$app/videobridge/config" + ynh_backup_if_checksum_is_different --file="$jitsi_videobridge_conf" + cp ../conf/jitsi-videobridge.config "$jitsi_videobridge_conf" + ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_videobridge_conf" + ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$jitsi_videobridge_conf" + ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$jitsi_videobridge_conf" + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_conf" + ynh_store_file_checksum --file="$jitsi_videobridge_conf" + + jitsi_videobridge_logging_conf="/etc/$app/videobridge/logging.properties" + ynh_backup_if_checksum_is_different --file="$jitsi_videobridge_logging_conf" + cp ../conf/jitsi-videobridge-logging.properties "$jitsi_videobridge_logging_conf" + ynh_store_file_checksum --file="$jitsi_videobridge_logging_conf" fi #================================================= -# BUILD JITSI-JICOFO +# CONFIGURE JITSI-JICOFO #================================================= -ynh_print_info --message="Building Jitsi-Jicofo..." +ynh_print_info --message="configuring Jitsi-Jicofo..." if [ "$upgrade_type" == "UPGRADE_APP" ] then - pushd "$final_path/jitsi-jicofo-build" - mvn package -DskipTests -Dassembly.skipAssembly=false - popd + jitsi_jicofo_sip_communicator_conf="/etc/$app/jicofo/sip-communicator.properties" + ynh_backup_if_checksum_is_different --file="$jitsi_jicofo_sip_communicator_conf" + cp ../conf/jitsi-jicofo-sip-communicator.properties "$jitsi_jicofo_sip_communicator_conf" + ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_jicofo_sip_communicator_conf" + ynh_store_file_checksum --file="$jitsi_jicofo_sip_communicator_conf" - unzip $final_path/jitsi-jicofo-build/target/jicofo-linux-x64-1.1-SNAPSHOT.zip -d $final_path + jitsi_jicofo_conf="/etc/$app/jicofo/config" + ynh_backup_if_checksum_is_different --file="$jitsi_jicofo_conf" + cp ../conf/jitsi-jicofo.config "$jitsi_jicofo_conf" + ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_jicofo_conf" + ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$jitsi_jicofo_conf" + ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$jitsi_jicofo_conf" + ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="$jitsi_jicofo_conf" + ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="$jitsi_jicofo_conf" + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_jicofo_conf" + ynh_store_file_checksum --file="$jitsi_jicofo_conf" - ynh_secure_remove --file="$final_path/jitsi-jicofo" + jitsi_jicofo_logging_conf="/etc/$app/jicofo/logging.properties" + ynh_backup_if_checksum_is_different --file="$jitsi_jicofo_logging_conf" + cp ../conf/jitsi-jicofo-logging.properties "$jitsi_jicofo_logging_conf" + ynh_store_file_checksum --file="$jitsi_jicofo_logging_conf" - mv $final_path/jicofo-linux-x64-1.1-SNAPSHOT/ $final_path/jitsi-jicofo/ - - ynh_secure_remove --file="$final_path/jitsi-jicofo-build" fi #================================================= -# BUILD JITSI-MEET +# CONFIGURE JITSI-MEET #================================================= -ynh_print_info --message="Building Jitsi-Meet..." +ynh_print_info --message="Configuring Jitsi-Meet..." if [ "$upgrade_type" == "UPGRADE_APP" ] then - pushd "$final_path/jitsi-meet_temp" - ar x jitsi-meet-web.deb data.tar.xz - tar xf data.tar.xz - popd - - config="$final_path/jitsi-meet/config.js" - ynh_backup_if_checksum_is_different --file="$config" - - ynh_secure_remove --file="$final_path/jitsi-meet" - - mv "$final_path/jitsi-meet_temp/usr/share/jitsi-meet/" "$final_path/jitsi-meet/" - ynh_secure_remove --file="$final_path/jitsi-meet_temp" - cp ../conf/config.js "$config" - ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" - - # Recalculate and store the checksum of the file for the next upgrade. - ynh_store_file_checksum --file="$config" + jitsi_meet_conf="/etc/$app/meet/config.js" + ynh_backup_if_checksum_is_different --file="$jitsi_meet_conf" + cp ../conf/config.js "$jitsi_meet_conf" + ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_meet_conf" + ynh_store_file_checksum --file="$jitsi_meet_conf" fi #================================================= @@ -250,16 +268,7 @@ ynh_use_logrotate --non-append ynh_print_info --message="Upgrading systemd configuration..." # Create a dedicated systemd config -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-videobridge.service" -ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="../conf/jitsi-videobridge.service" -ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-videobridge.service" ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service" - -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-jicofo.service" -ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-jicofo.service" -ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="../conf/jitsi-jicofo.service" -ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="../conf/jitsi-jicofo.service" -ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="../conf/jitsi-jicofo.service" ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service" #================================================= @@ -271,6 +280,7 @@ ynh_print_info --message="Securing files and directories..." # Set permissions on app files chown -R root: $final_path +chown -R $app: /etc/$app #================================================= # SETUP SSOWAT From 51f7263ecc5c614702a03d53b3367df6990bb932 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 13 Apr 2020 17:16:38 +0200 Subject: [PATCH 07/57] switching to the jvb user --- conf/config.js | 2 +- ...si-videobridge-sip-communicator.properties | 12 +++++------ conf/metronome.cfg.lua | 7 ++++--- scripts/install | 20 ++++++++----------- scripts/remove | 6 +++--- scripts/restore | 4 ++-- scripts/upgrade | 6 +++--- 7 files changed, 27 insertions(+), 30 deletions(-) diff --git a/conf/config.js b/conf/config.js index 9c31d6b..347409d 100644 --- a/conf/config.js +++ b/conf/config.js @@ -335,7 +335,7 @@ var config = { // through the JVB and use the peer to peer connection instead. When a // 3rd participant joins the conference will be moved back to the JVB // connection. - enabled: true, + enabled: false, // Use XEP-0215 to fetch STUN and TURN servers. // useStunTurn: true, diff --git a/conf/jitsi-videobridge-sip-communicator.properties b/conf/jitsi-videobridge-sip-communicator.properties index a1ea5df..f0041e3 100644 --- a/conf/jitsi-videobridge-sip-communicator.properties +++ b/conf/jitsi-videobridge-sip-communicator.properties @@ -1,14 +1,14 @@ +org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false +org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__ +org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=__PRIVATE_IPV4__ +org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=__PUBLIC_IPV4__ org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 org.jitsi.videobridge.ENABLE_STATISTICS=true org.jitsi.videobridge.STATISTICS_TRANSPORT=muc org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.__DOMAIN__ -org.jitsi.videobridge.xmpp.user.shard.USERNAME=__JVB_USER__ -org.jitsi.videobridge.xmpp.user.shard.PASSWORD=__JVB_PASSWORD__ +org.jitsi.videobridge.xmpp.user.shard.USERNAME=__VIDEOBRIDGE_USER__ +org.jitsi.videobridge.xmpp.user.shard.PASSWORD=__VIDEOBRIDGE_SECRET__ org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.__DOMAIN__ org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=__MUC_NICKNAME__ -org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false -org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__ -org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=__PRIVATE_IPV4__ -org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=__PUBLIC_IPV4__ \ No newline at end of file diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index feaddfb..293087b 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -1,4 +1,5 @@ component_ports = { __PORT_COMPONENT__ } + plugin_paths = { "__FINAL_PATH__/jitsi-meet-prosody/" } -- domain mapper options, must at least have domain base set to use the mapper @@ -60,7 +61,7 @@ Component "internal.auth.__DOMAIN__" "muc" modules_enabled = { "ping"; } - admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__JVB_USER__@auth.__DOMAIN__" } + admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" } VirtualHost "auth.__DOMAIN__" ssl = { @@ -87,5 +88,5 @@ Component "speakerstats.__DOMAIN__" "speakerstats_component" Component "conferenceduration.__DOMAIN__" "conference_duration_component" muc_component = "conference.__DOMAIN__" ---Component "jitsi-videobridge.__DOMAIN__" --- component_secret = "__VIDEOBRIDGE_SECRET__" +Component "jitsi-videobridge.__DOMAIN__" + component_secret = "__VIDEOBRIDGE_SECRET__" diff --git a/scripts/install b/scripts/install index 5f132a3..e7c5e55 100644 --- a/scripts/install +++ b/scripts/install @@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers ynh_print_info --message="Managing script failure..." ynh_clean_setup () { - read -p "key" ynh_clean_check_starting } # Exit if an error occurs during the execution of the script @@ -38,11 +37,9 @@ videobridge_secret=$(ynh_string_random --length=8) #YOURSECRET2 focus_secret=$(ynh_string_random --length=8) -focus_user="svc${app}focus" +focus_user="focus" -jvb_user="svc${app}jvb" - -jvb_password=$(ynh_string_random --length=8) +videobridge_user="jvb" muc_nickname=$(ynh_string_random --length=32) @@ -68,8 +65,7 @@ ynh_app_setting_set --app=$app --key=focus_password --value=$focus_password ynh_app_setting_set --app=$app --key=videobridge_secret --value=$videobridge_secret ynh_app_setting_set --app=$app --key=focus_secret --value=$focus_secret ynh_app_setting_set --app=$app --key=focus_user --value=$focus_user -ynh_app_setting_set --app=$app --key=jvb_user --value=$jvb_user -ynh_app_setting_set --app=$app --key=jvb_password --value=$jvb_password +ynh_app_setting_set --app=$app --key=videobridge_user --value=$videobridge_user ynh_app_setting_set --app=$app --key=muc_nickname --value=$muc_nickname #================================================= @@ -159,7 +155,7 @@ ynh_replace_string --match_string="prosody" --replace_string="metronome" --targe # Create focus user yunohost domain add auth.$domain yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 -yunohost user create $jvb_user -f $jvb_user -l $jvb_user -m ${jvb_user}@auth.$domain -p $jvb_password -q 0 +yunohost user create $videobridge_user -f $videobridge_user -l $videobridge_user -m ${videobridge_user}@auth.$domain -p $videobridge_secret -q 0 # Add Metronome domain conf template metronome_conf="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" @@ -172,13 +168,13 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="$metronome_conf" -ynh_replace_string --match_string="__JVB_USER__" --replace_string="$jvb_user" --target_file="$metronome_conf" +ynh_replace_string --match_string="__VIDEOBRIDGE_USER__" --replace_string="$videobridge_user" --target_file="$metronome_conf" touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" # Add Metronome hook cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app -yunohost tools regen-conf metronome +yunohost tools regen-conf metronome --force ynh_systemd_action --service_name=metronome --action=restart @@ -198,8 +194,8 @@ ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_f ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_videobridge_sip_communicator_conf" -ynh_replace_string --match_string="__JVB_USER__" --replace_string="$jvb_user" --target_file="$jitsi_videobridge_sip_communicator_conf" -ynh_replace_string --match_string="__JVB_PASSWORD__" --replace_string="$jvb_password" --target_file="$jitsi_videobridge_sip_communicator_conf" +ynh_replace_string --match_string="__VIDEOBRIDGE_USER__" --replace_string="$videobridge_user" --target_file="$jitsi_videobridge_sip_communicator_conf" +ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$jitsi_videobridge_sip_communicator_conf" ynh_replace_string --match_string="__MUC_NICKNAME__" --replace_string="$muc_nickname" --target_file="$jitsi_videobridge_sip_communicator_conf" jitsi_videobridge_conf="/etc/$app/videobridge/config" diff --git a/scripts/remove b/scripts/remove index e1d75d6..2573e92 100644 --- a/scripts/remove +++ b/scripts/remove @@ -22,7 +22,7 @@ port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) port_component=$(ynh_app_setting_get --app=$app --key=port_component) final_path=$(ynh_app_setting_get --app=$app --key=final_path) focus_user=$(ynh_app_setting_get --app=$app --key=focus_user) -jvb_user=$(ynh_app_setting_get --app=$app --key=jvb_user) +videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user) #================================================= # STANDARD REMOVE @@ -128,11 +128,11 @@ fi # Remove Metronome Hook ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" -yunohost tools regen-conf metronome +yunohost tools regen-conf metronome --force # Delete focus user yunohost user delete $focus_user --purge -yunohost user delete $jvb_user --purge +yunohost user delete $videobridge_user --purge yunohost domain remove auth.$domain #================================================= diff --git a/scripts/restore b/scripts/restore index 547d16e..821e74b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -112,7 +112,7 @@ yunohost domain add auth.$domain # Create focus user yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 -yunohost user create $jvb_user -f $jvb_user -l $jvb_user -m ${jvb_user}@auth.$domain -p $jvb_password -q 0 +yunohost user create $videobridge_user -f $videobridge_user -l $videobridge_user -m ${videobridge_user}@auth.$domain -p $videobridge_secret -q 0 # Restore Metronome domain conf template mkdir -p /usr/share/yunohost/templates/jitsi/ @@ -121,7 +121,7 @@ ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/auth.$domain # Restore Metronome Hook ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" -yunohost tools regen-conf metronome +yunohost tools regen-conf metronome --force ynh_systemd_action --service_name=metronome --action=restart diff --git a/scripts/upgrade b/scripts/upgrade index 62e57b3..a497f30 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -64,7 +64,7 @@ if ynh_version_gt "1.0.3387~ynh2" "${current_version}" ; then # Add Metronome hook cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app - yunohost tools regen-conf metronome + yunohost tools regen-conf metronome --force fi if ynh_version_gt "1.0.3969~ynh1" "${current_version}" ; then @@ -188,8 +188,8 @@ then ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_videobridge_sip_communicator_conf" - ynh_replace_string --match_string="__JVB_USER__" --replace_string="$jvb_user" --target_file="$jitsi_videobridge_sip_communicator_conf" - ynh_replace_string --match_string="__JVB_PASSWORD__" --replace_string="$jvb_password" --target_file="$jitsi_videobridge_sip_communicator_conf" + ynh_replace_string --match_string="__VIDEOBRIDGE_USER__" --replace_string="$videobridge_user" --target_file="$jitsi_videobridge_sip_communicator_conf" + ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$jitsi_videobridge_sip_communicator_conf" ynh_replace_string --match_string="__MUC_NICKNAME__" --replace_string="$muc_nickname" --target_file="$jitsi_videobridge_sip_communicator_conf" ynh_store_file_checksum --file="$jitsi_videobridge_sip_communicator_conf" From 541953305ae8b264418cd4426f7b8f0a2826a45f Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 13 Apr 2020 21:08:04 +0200 Subject: [PATCH 08/57] Upgrade to 1.0.3992 --- conf/jicofo.src | 4 ++-- conf/jitsi-meet-prosody.src | 4 ++-- conf/jitsi-meet-web.src | 4 ++-- conf/jitsi-videobridge.src | 4 ++-- conf/metronome.cfg.lua | 2 +- manifest.json | 2 +- scripts/install | 19 ++++++++++++++++--- scripts/upgrade | 15 +++++++++++++++ 8 files changed, 41 insertions(+), 13 deletions(-) diff --git a/conf/jicofo.src b/conf/jicofo.src index e033fc6..f12f2c7 100644 --- a/conf/jicofo.src +++ b/conf/jicofo.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-541-1_all.deb -SOURCE_SUM=be1fd88c63de46e5a4a1a314934d0b3b11bf1634fd89c62494d30a25b55c8568 +SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-544-1_all.deb +SOURCE_SUM=34944ee997551c6cee68bf5933c256e29eef77e3d884716a96e0d6ab9879baea SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-meet-prosody.src b/conf/jitsi-meet-prosody.src index 41f75ff..3a09db0 100644 --- a/conf/jitsi-meet-prosody.src +++ b/conf/jitsi-meet-prosody.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.3969-1_all.deb -SOURCE_SUM=d5649beb69516f22122e5a40e1b50082559c23751ce982614f09509316bfb999 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.3992-1_all.deb +SOURCE_SUM=f7f539bec8b5ab00cb401ff4f50c54dda27df9c98012069e6d6c7ab2943ac3ac SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-meet-web.src b/conf/jitsi-meet-web.src index bb72408..155b90a 100644 --- a/conf/jitsi-meet-web.src +++ b/conf/jitsi-meet-web.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.3969-1_all.deb -SOURCE_SUM=f034557b0b30b97544c271a383adb7fdc9f74e1c8ffebe4aac87c0b2460784ae +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.3992-1_all.deb +SOURCE_SUM=e431e41c1b055ecd238506285204eaad615ffc4f7d2ef6bbd8ef1ae7016cd845 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-videobridge.src b/conf/jitsi-videobridge.src index 90f539b..0bff989 100644 --- a/conf/jitsi-videobridge.src +++ b/conf/jitsi-videobridge.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-164-gfdce823f-1_all.deb -SOURCE_SUM=6a04a11fec7bffc74124d53d6734e599853311692b541805094af3577e2c8c58 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-169-ga28eb88e-1_all.deb +SOURCE_SUM=d8a091c000bbbd6ea3ea77ef6a54e63c04d3483169cadce6b0187e318b97c499 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 293087b..f01c489 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -73,7 +73,7 @@ VirtualHost "auth.__DOMAIN__" hostname = "localhost", user = { basedn = "ou=users,dc=yunohost,dc=org", - filter = "(&(objectClass=posixAccount)(mail=*@auth.__DOMAIN__))", + filter = "(&(objectClass=posixAccount)(mail=*@auth.__DOMAIN__)(permission=cn=xmpp.main,ou=permission,dc=yunohost,dc=org))", usernamefield = "mail", namefield = "cn", }, diff --git a/manifest.json b/manifest.json index a1c83d6..d5e7784 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Video conferencing web application", "fr": "Application web de conférence vidéo" }, - "version": "1.0.3969~ynh1", + "version": "1.0.3992~ynh1", "url": "https://jitsi.org/Projects/JitMeet", "license": "Apache-2.0", "maintainer": { diff --git a/scripts/install b/scripts/install index e7c5e55..6834827 100644 --- a/scripts/install +++ b/scripts/install @@ -123,7 +123,22 @@ do popd mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/" - ynh_secure_remove --file="$final_path/${package}_temp" + # ynh_secure_remove --file="$final_path/${package}_temp" +done + +# Adapt prosody module to metronome +for file in $final_path/jitsi-meet-prosody/*.lua +do + ynh_replace_string --match_string="prosody" --replace_string="metronome" --target_file="$file" + ynh_replace_string --match_string="Prosody" --replace_string="Metronome" --target_file="$file" +done + +for directory in $final_path/jitsi-meet-prosody/*/; do + for file in $directory/*.lua + do + ynh_replace_string --match_string="prosody" --replace_string="metronome" --target_file="$file" + ynh_replace_string --match_string="Prosody" --replace_string="Metronome" --target_file="$file" + done done #================================================= @@ -149,8 +164,6 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= ynh_print_info --message="Configuring metronome..." -# Adapt prosody module to metronome -ynh_replace_string --match_string="prosody" --replace_string="metronome" --target_file="$final_path/jitsi-meet-prosody/mod_muc_domain_mapper.lua" # Create focus user yunohost domain add auth.$domain diff --git a/scripts/upgrade b/scripts/upgrade index a497f30..c76cd4a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -142,6 +142,21 @@ then mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/" ynh_secure_remove --file="$final_path/${package}_temp" done + + # Adapt prosody module to metronome + for file in $final_path/jitsi-meet-prosody/*.lua + do + ynh_replace_string --match_string="prosody" --replace_string="metronome" --target_file="$file" + ynh_replace_string --match_string="Prosody" --replace_string="Metronome" --target_file="$file" + done + + for directory in $final_path/jitsi-meet-prosody/*/; do + for file in $directory/*.lua + do + ynh_replace_string --match_string="prosody" --replace_string="metronome" --target_file="$file" + ynh_replace_string --match_string="Prosody" --replace_string="Metronome" --target_file="$file" + done + done fi #================================================= From 735e29ab037c6d5de388d2bc0d9881b54d3c01a2 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 13 Apr 2020 21:41:38 +0200 Subject: [PATCH 09/57] cleanup __VIDEOBRIDGE_SECRET__ --- conf/metronome.cfg.lua | 3 --- scripts/install | 1 - scripts/upgrade | 1 - 3 files changed, 5 deletions(-) diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index f01c489..454d5cf 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -87,6 +87,3 @@ Component "speakerstats.__DOMAIN__" "speakerstats_component" Component "conferenceduration.__DOMAIN__" "conference_duration_component" muc_component = "conference.__DOMAIN__" - -Component "jitsi-videobridge.__DOMAIN__" - component_secret = "__VIDEOBRIDGE_SECRET__" diff --git a/scripts/install b/scripts/install index 6834827..d895959 100644 --- a/scripts/install +++ b/scripts/install @@ -178,7 +178,6 @@ ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_c ynh_replace_string --match_string="__FINAL_PATH__" --replace_string="$final_path" --target_file="$metronome_conf" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$metronome_conf" ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$metronome_conf" -ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="$metronome_conf" ynh_replace_string --match_string="__VIDEOBRIDGE_USER__" --replace_string="$videobridge_user" --target_file="$metronome_conf" diff --git a/scripts/upgrade b/scripts/upgrade index c76cd4a..80d6b4a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -53,7 +53,6 @@ if ynh_version_gt "1.0.3387~ynh2" "${current_version}" ; then cp ../conf/metronome.cfg.lua $metronome_conf ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$metronome_conf" ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$metronome_conf" - ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf" From 5dc17827dbd1d783f00e245e43a0d6d3357099c9 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 14 Apr 2020 02:12:12 +0200 Subject: [PATCH 10/57] Update metronome.cfg.lua --- conf/metronome.cfg.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 454d5cf..91704e3 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -1,4 +1,6 @@ component_ports = { __PORT_COMPONENT__ } +c2s_require_encryption = false +s2s_secure_auth = false plugin_paths = { "__FINAL_PATH__/jitsi-meet-prosody/" } From c43abb32fc0e392176dd95f3df85641095fb5042 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 14 Apr 2020 02:37:45 +0200 Subject: [PATCH 11/57] Update metronome.cfg.lua Need to PR for module:context on metronome IM --- conf/metronome.cfg.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 91704e3..9a2ba23 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -50,7 +50,7 @@ Component "conference.__DOMAIN__" "muc" storage = "null" modules_enabled = { "muc_meeting_id"; - -- "muc_domain_mapper"; + "muc_domain_mapper"; -- "token_verification"; } admins = { "__FOCUS_USER__@auth.__DOMAIN__" } From 14fee3be31496f855151085030266b01384a47cd Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 15 Apr 2020 08:50:39 +0200 Subject: [PATCH 12/57] Upgrade following .deb steps --- conf/config.js | 20 ++++---- conf/jitsi-jicofo.config | 2 +- conf/jitsi-jicofo.service | 7 ++- .../jitsi-videobridge-20-jvb-udp-buffers.conf | 3 ++ ...-videobridge-callstats-java-sdk.properties | 5 ++ conf/jitsi-videobridge-log4j2.xml | 33 +++++++++++++ ...si-videobridge-sip-communicator.properties | 4 -- conf/jitsi-videobridge.config | 2 +- conf/jitsi-videobridge.service | 10 ++-- conf/metronome.cfg.lua | 46 ++++++++----------- conf/nginx.conf | 6 +-- scripts/install | 21 +++++++-- scripts/remove | 10 +++- scripts/upgrade | 13 ++++++ 14 files changed, 124 insertions(+), 58 deletions(-) create mode 100644 conf/jitsi-videobridge-20-jvb-udp-buffers.conf create mode 100644 conf/jitsi-videobridge-callstats-java-sdk.properties create mode 100644 conf/jitsi-videobridge-log4j2.xml diff --git a/conf/config.js b/conf/config.js index 347409d..10e04c1 100644 --- a/conf/config.js +++ b/conf/config.js @@ -24,7 +24,7 @@ var config = { // focus: 'focus.__DOMAIN__', // XMPP MUC domain. FIXME: use XEP-0030 to discover it. - muc: 'conference.__DOMAIN__' + muc: 'conference.__DOMAIN__' }, // BOSH URL. FIXME: use XEP-0156 to discover it. @@ -44,9 +44,6 @@ var config = { // testing: { - // Enables experimental simulcast support on Firefox. - enableFirefoxSimulcast: false, - // P2P test mode disables automatic switching to P2P when there are 2 // participants in the conference. p2pTestMode: false @@ -111,11 +108,10 @@ var config = { // w3c spec-compliant video constraints to use for video capture. Currently // used by browsers that return true from lib-jitsi-meet's // util#browser#usesNewGumFlow. The constraints are independent from - // this config's resolution value. Defaults to requesting an ideal aspect - // ratio of 16:9 with an ideal resolution of 720. + // this config's resolution value. Defaults to requesting an ideal + // resolution of 720p. // constraints: { // video: { - // aspectRatio: 16 / 9, // height: { // ideal: 720, // max: 720, @@ -343,7 +339,7 @@ var config = { // The STUN servers that will be used in the peer to peer connections stunServers: [ - // { urls: 'stun:__DOMAIN__:443' }, + // { urls: 'stun:__DOMAIN__:4446' }, { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } ], @@ -452,6 +448,14 @@ var config = { // the menu has option to flip the locally seen video for local presentations // disableLocalVideoFlip: false, + // Mainly privacy related settings + + // Disables all invite functions from the app (share, invite, dial out...etc) + // disableInviteFunctions: true, + + // Disables storing the room name to the recents list + // doNotStoreRoom: true, + // Deployment specific URLs. // deploymentUrls: { // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for diff --git a/conf/jitsi-jicofo.config b/conf/jitsi-jicofo.config index f0c030c..baf16d5 100644 --- a/conf/jitsi-jicofo.config +++ b/conf/jitsi-jicofo.config @@ -24,4 +24,4 @@ JICOFO_AUTH_PASSWORD=__FOCUS_PASSWORD__ JICOFO_OPTS="" # adds java system props that are passed to jicofo (default are for home and logging config file) -JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/__APP__/jicofo/logging.properties" +JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/jicofo/logging.properties" diff --git a/conf/jitsi-jicofo.service b/conf/jitsi-jicofo.service index 5346ddc..339d861 100644 --- a/conf/jitsi-jicofo.service +++ b/conf/jitsi-jicofo.service @@ -3,12 +3,11 @@ Description=jitsi-jicofo After=network.target [Service] -Type=simple -User=__APP__ -Group=__APP__ EnvironmentFile=/etc/__APP__/jicofo/config +Environment=LOGFILE=/var/log/__APP__/jitsi-jicofo.log +User=__APP__ WorkingDirectory=__FINALPATH__/jicofo/ -ExecStart=/bin/bash -c "exec __FINALPATH__/jicofo/jicofo.sh --host=$JICOFO_HOST --domain=$JICOFO_HOSTNAME --port=$JICOFO_PORT --secret=$JICOFO_SECRET --user_name=$JICOFO_AUTH_USER --user_domain=$JICOFO_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD $JICOFO_OPTS" +ExecStart=/bin/bash -c "exec __FINALPATH__/jicofo/jicofo.sh --host=${JICOFO_HOST} --domain=${JICOFO_HOSTNAME} --port=${JICOFO_PORT} --secret=${JICOFO_SECRET} --user_name=${JICOFO_AUTH_USER} --user_domain=${JICOFO_AUTH_DOMAIN} --user_password=${JICOFO_AUTH_PASSWORD} ${JICOFO_OPTS} < /dev/null >> ${LOGFILE} 2>&1" [Install] WantedBy=multi-user.target diff --git a/conf/jitsi-videobridge-20-jvb-udp-buffers.conf b/conf/jitsi-videobridge-20-jvb-udp-buffers.conf new file mode 100644 index 0000000..4d8b81f --- /dev/null +++ b/conf/jitsi-videobridge-20-jvb-udp-buffers.conf @@ -0,0 +1,3 @@ +# this sets the max, so that we can bump the JVB UDP single port buffer size. +net.core.rmem_max=10485760 +net.core.netdev_max_backlog=100000 diff --git a/conf/jitsi-videobridge-callstats-java-sdk.properties b/conf/jitsi-videobridge-callstats-java-sdk.properties new file mode 100644 index 0000000..8fe294e --- /dev/null +++ b/conf/jitsi-videobridge-callstats-java-sdk.properties @@ -0,0 +1,5 @@ +CallStats.BaseURL = https://collector.callstats.io:443 +CallStats.AuthTimeOut = 5000 +CallStats.ConnectionTimeOut = 30000 +CallStats.SOTimeOut = 30000 +CallStats.keepAliveInterval = 1000 diff --git a/conf/jitsi-videobridge-log4j2.xml b/conf/jitsi-videobridge-log4j2.xml new file mode 100644 index 0000000..38f6202 --- /dev/null +++ b/conf/jitsi-videobridge-log4j2.xml @@ -0,0 +1,33 @@ + + + + /var/log/__APP__ + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/conf/jitsi-videobridge-sip-communicator.properties b/conf/jitsi-videobridge-sip-communicator.properties index f0041e3..b87feb4 100644 --- a/conf/jitsi-videobridge-sip-communicator.properties +++ b/conf/jitsi-videobridge-sip-communicator.properties @@ -1,7 +1,3 @@ -org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false -org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__ -org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=__PRIVATE_IPV4__ -org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=__PUBLIC_IPV4__ org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 org.jitsi.videobridge.ENABLE_STATISTICS=true diff --git a/conf/jitsi-videobridge.config b/conf/jitsi-videobridge.config index 5b8ffed..8dd4059 100644 --- a/conf/jitsi-videobridge.config +++ b/conf/jitsi-videobridge.config @@ -17,4 +17,4 @@ JVB_OPTS="--apis=," # adds java system props that are passed to jvb (default are for home and logging config file) -JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/__APP__/videobridge/logging.properties" +JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/videobridge/logging.properties" diff --git a/conf/jitsi-videobridge.service b/conf/jitsi-videobridge.service index 8f7cb9a..5d64ba7 100644 --- a/conf/jitsi-videobridge.service +++ b/conf/jitsi-videobridge.service @@ -1,16 +1,14 @@ [Unit] -Description=jitsi-videobridge +Description=__APP__ Videobridge After=network.target [Service] -Type=simple -User=__APP__ -Group=__APP__ SuccessExitStatus=143 # allow bind to 80 and 443 AmbientCapabilities=CAP_NET_BIND_SERVICE EnvironmentFile=/etc/__APP__/videobridge/config -Environment=LOGFILE=/var/log/jitsi/jvb.log +Environment=LOGFILE=/var/log/__APP__/jitsi-videobridge.log +User=__APP__ RuntimeDirectory=jitsi-videobridge RuntimeDirectoryMode=0750 PIDFile=/var/run/jitsi-videobridge/jitsi-videobridge.pid @@ -20,7 +18,7 @@ TasksMax=65000 LimitNPROC=65000 LimitNOFILE=65000 WorkingDirectory=__FINALPATH__/jitsi-videobridge/ -ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=$${JVB_HOST:-localhost} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS}" +ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=$${JVB_HOST:-localhost} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS} < /dev/null >> ${LOGFILE} 2>&1" ExecStartPost=/bin/bash -c "echo $MAINPID > /var/run/jitsi-videobridge/jitsi-videobridge.pid" [Install] diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 9a2ba23..8f5215c 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -10,8 +10,8 @@ muc_mapper_domain_base = "__DOMAIN__"; turncredentials_secret = "__TURN_SECRET__"; turncredentials = { - { type = "stun", host = "__DOMAIN__", port = "443" }, - { type = "turn", host = "__DOMAIN__", port = "443", transport = "udp" }, + { type = "stun", host = "__DOMAIN__", port = "4446" }, + { type = "turn", host = "__DOMAIN__", port = "4446", transport = "udp" }, { type = "turns", host = "__DOMAIN__", port = "443", transport = "tcp" } }; @@ -19,20 +19,20 @@ cross_domain_bosh = false; consider_bosh_secure = true; VirtualHost "__DOMAIN__" - -- enabled = false -- Remove this line to enable this host - authentication = "anonymous" + -- enabled = false -- Remove this line to enable this host + authentication = "anonymous" -- Properties below are modified by jitsi-meet-tokens package config -- and authentication above is switched to "token" --app_id="example_app_id" --app_secret="example_app_secret" - -- Assign this host a certificate for TLS, otherwise it would use the one - -- set in the global section (if any). - -- Note that old-style SSL on port 5223 only supports one certificate, and will always - -- use the global one. - ssl = { - key = "/etc/yunohost/certs/__DOMAIN__/key.pem"; - certificate = "/etc/yunohost/certs/__DOMAIN__/crt.pem"; - } + -- Assign this host a certificate for TLS, otherwise it would use the one + -- set in the global section (if any). + -- Note that old-style SSL on port 5223 only supports one certificate, and will always + -- use the global one. + ssl = { + key = "/etc/yunohost/certs/__DOMAIN__/key.pem"; + certificate = "/etc/yunohost/certs/__DOMAIN__/crt.pem"; + } speakerstats_component = "speakerstats.__DOMAIN__" conference_duration_component = "conferenceduration.__DOMAIN__" -- we need bosh @@ -64,22 +64,16 @@ Component "internal.auth.__DOMAIN__" "muc" "ping"; } admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" } + muc_room_locking = false + muc_room_default_public_jids = true VirtualHost "auth.__DOMAIN__" - ssl = { - key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem"; - certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem"; - } - authentication = "ldap2" - ldap = { - hostname = "localhost", - user = { - basedn = "ou=users,dc=yunohost,dc=org", - filter = "(&(objectClass=posixAccount)(mail=*@auth.__DOMAIN__)(permission=cn=xmpp.main,ou=permission,dc=yunohost,dc=org))", - usernamefield = "mail", - namefield = "cn", - }, - } + ssl = { + key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem"; + certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem"; + } + storage = "internal" + authentication = "internal_plain" Component "focus.__DOMAIN__" component_secret = "__FOCUS_SECRET__" diff --git a/conf/nginx.conf b/conf/nginx.conf index ad832ab..fc29336 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,9 +7,8 @@ ssi_types application/x-javascript application/javascript; index index.html index.htm; error_page 404 /static/404.html; - location = /config.js { - alias /etc/__NAME__/meet/config.js; + alias /etc/__NAME__/meet/__DOMAIN__-config.js; } location = /external_api.js { @@ -52,7 +51,8 @@ location ~ ^/([^/?&:'"]+)/config.js$ { set $subdomain "$1."; set $subdir "$1/"; - alias __FINALPATH__/jitsi-meet-web/config.js; + + alias /etc/__NAME__/meet/__DOMAIN__-config.js; } #Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / diff --git a/scripts/install b/scripts/install index d895959..78da6da 100644 --- a/scripts/install +++ b/scripts/install @@ -167,8 +167,8 @@ ynh_print_info --message="Configuring metronome..." # Create focus user yunohost domain add auth.$domain -yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 -yunohost user create $videobridge_user -f $videobridge_user -l $videobridge_user -m ${videobridge_user}@auth.$domain -p $videobridge_secret -q 0 +# yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 +# yunohost user create $videobridge_user -f $videobridge_user -l $videobridge_user -m ${videobridge_user}@auth.$domain -p $videobridge_secret -q 0 # Add Metronome domain conf template metronome_conf="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" @@ -190,6 +190,9 @@ yunohost tools regen-conf metronome --force ynh_systemd_action --service_name=metronome --action=restart +metronomectl adduser $focus_user@auth.$domain $focus_password || true +metronomectl adduser $videobridge_user@auth.$domain $videobridge_secret || true + #================================================= # CONFIGURE JITSI-VIDEOBRIDGE #================================================= @@ -220,6 +223,17 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil jitsi_videobridge_logging_conf="/etc/$app/videobridge/logging.properties" cp ../conf/jitsi-videobridge-logging.properties "$jitsi_videobridge_logging_conf" +jitsi_videobridge_callstats_java_sdk_conf="/etc/$app/videobridge/callstats-java-sdk.properties" +cp ../conf/jitsi-videobridge-callstats-java-sdk.properties "$jitsi_videobridge_callstats_java_sdk_conf" + +jitsi_videobridge_log4j2_conf="/etc/$app/videobridge/log4j2.xml" +cp ../conf/jitsi-videobridge-log4j2.xml "$jitsi_videobridge_log4j2_conf" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_log4j2_conf" + +jitsi_videobridge_20_jvb_udp_buffers_conf="/etc/sysctl.d/20-jvb-udp-buffers.conf" +cp ../conf/jitsi-videobridge-20-jvb-udp-buffers.conf "$jitsi_videobridge_20_jvb_udp_buffers_conf" +sysctl --system || true + #================================================= # CONFIGURE JITSI-JICOFO #================================================= @@ -250,7 +264,7 @@ ynh_print_info --message="Configuring Jitsi-Meet..." mkdir -p "/etc/$app/meet" -jitsi_meet_conf="/etc/$app/meet/config.js" +jitsi_meet_conf="/etc/$app/meet/$domain-config.js" cp ../conf/config.js "$jitsi_meet_conf" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_meet_conf" @@ -295,6 +309,7 @@ ynh_print_info --message="Securing files and directories..." chown -R $app: $final_path chown -R $app: /etc/$app chown -R $app: /var/log/$app +chmod -R 770 /var/log/$app #================================================= # SETUP LOGROTATE diff --git a/scripts/remove b/scripts/remove index 2573e92..b5ca851 100644 --- a/scripts/remove +++ b/scripts/remove @@ -117,6 +117,9 @@ fi #================================================= ynh_print_info --message="Reconfiguring Metronome..." +metronomectl deluser $focus_user@auth.$domain || true +metronomectl deluser $videobridge_user@auth.$domain || true + # Remove domain conf template ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" @@ -131,8 +134,8 @@ ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app yunohost tools regen-conf metronome --force # Delete focus user -yunohost user delete $focus_user --purge -yunohost user delete $videobridge_user --purge +# yunohost user delete $focus_user --purge +# yunohost user delete $videobridge_user --purge yunohost domain remove auth.$domain #================================================= @@ -143,6 +146,9 @@ ynh_print_info --message="Removing the config..." # Remove the log files ynh_secure_remove --file="/etc/$app" +ynh_secure_remove --file="/etc/sysctl.d/20-jvb-udp-buffers.conf" +sysctl --system || true + #================================================= # REMOVE THE LOG FILES #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 80d6b4a..11fe459 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -220,6 +220,17 @@ then ynh_backup_if_checksum_is_different --file="$jitsi_videobridge_logging_conf" cp ../conf/jitsi-videobridge-logging.properties "$jitsi_videobridge_logging_conf" ynh_store_file_checksum --file="$jitsi_videobridge_logging_conf" + + jitsi_videobridge_callstats_java_sdk_conf="/etc/$app/videobridge/callstats-java-sdk.properties" + cp ../conf/jitsi-videobridge-callstats-java-sdk.properties "$jitsi_videobridge_callstats_java_sdk_conf" + + jitsi_videobridge_log4j2_conf="/etc/$app/videobridge/log4j2.xml" + cp ../conf/jitsi-videobridge-log4j2.xml "$jitsi_videobridge_log4j2_conf" + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_log4j2_conf" + + jitsi_videobridge_20_jvb_udp_buffers_conf="/etc/sysctl.d/videobridge/20-jvb-udp-buffers.conf" + cp ../conf/jitsi-videobridge-20-jvb-udp-buffers.conf "$jitsi_videobridge_20_jvb_udp_buffers_conf" + sysctl --system || true fi #================================================= @@ -295,6 +306,8 @@ ynh_print_info --message="Securing files and directories..." # Set permissions on app files chown -R root: $final_path chown -R $app: /etc/$app +chown -R $app: /var/log/$app +chmod -R 770 /var/log/$app #================================================= # SETUP SSOWAT From 49d641682f6e45117002b5f974b3890310425420 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 25 Apr 2020 18:51:08 +0200 Subject: [PATCH 13/57] Update manifest.json --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index d5e7784..67b97f4 100644 --- a/manifest.json +++ b/manifest.json @@ -17,7 +17,7 @@ "email": "julien.malik@paraiso.me" }, "requirements": { - "yunohost": ">= 3.6" + "yunohost": ">= 3.8" }, "multi_instance": false, "services": [ From 6151496d694e37cfd4ab30a7ea2a99bd1561b74c Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 30 Apr 2020 05:55:38 +0200 Subject: [PATCH 14/57] upgrade to 1.0.4025 --- README.md | 2 +- README_fr.md | 2 +- conf/jicofo.src | 4 ++-- conf/jitsi-meet-prosody.src | 4 ++-- conf/jitsi-meet-web.src | 4 ++-- conf/jitsi-videobridge.src | 4 ++-- manifest.json | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index a1562c7..15ded28 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to ## Overview Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Videobridge to provide high quality, secure, and scalable video conferences. -**Shipped version:** 1.0.3729 +**Shipped version:** 1.0.4025 ## Important points before installing diff --git a/README_fr.md b/README_fr.md index c936b58..7b3bf06 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour ## Vue d'ensemble Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Javascript, propose des vidéos-conférences de haute qualité, sécurisées et évolutives. -**Version actuelle :** 1.0.3729 +**Version actuelle :** 1.0.4025 ## Points importants à préparer avant l'installation diff --git a/conf/jicofo.src b/conf/jicofo.src index f12f2c7..bc3e15d 100644 --- a/conf/jicofo.src +++ b/conf/jicofo.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-544-1_all.deb -SOURCE_SUM=34944ee997551c6cee68bf5933c256e29eef77e3d884716a96e0d6ab9879baea +SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-549-1_all.deb +SOURCE_SUM=77607060b9db3e4b2a91bf26ccf6d56f23c6e112357fb5dfd4e6ab062ff01af3 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-meet-prosody.src b/conf/jitsi-meet-prosody.src index 3a09db0..57916ea 100644 --- a/conf/jitsi-meet-prosody.src +++ b/conf/jitsi-meet-prosody.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.3992-1_all.deb -SOURCE_SUM=f7f539bec8b5ab00cb401ff4f50c54dda27df9c98012069e6d6c7ab2943ac3ac +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.4025-1_all.deb +SOURCE_SUM=ddd3edd7c7df0ba9e79dec4b5b8c3d19139d4540205a47fedda36352567fd5f8 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-meet-web.src b/conf/jitsi-meet-web.src index 155b90a..67960aa 100644 --- a/conf/jitsi-meet-web.src +++ b/conf/jitsi-meet-web.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.3992-1_all.deb -SOURCE_SUM=e431e41c1b055ecd238506285204eaad615ffc4f7d2ef6bbd8ef1ae7016cd845 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.4025-1_all.deb +SOURCE_SUM=60fe635ce05c7a6824e994a88f4adcb2b6e9ff176a7a4e444a70bced58c3f0b0 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-videobridge.src b/conf/jitsi-videobridge.src index 0bff989..20075c2 100644 --- a/conf/jitsi-videobridge.src +++ b/conf/jitsi-videobridge.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-169-ga28eb88e-1_all.deb -SOURCE_SUM=d8a091c000bbbd6ea3ea77ef6a54e63c04d3483169cadce6b0187e318b97c499 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-183-gdbddd169-1_all.deb +SOURCE_SUM=c2dd14437e4e655818bc1c3890b75384e5980042e8475a1142540afc04555ada SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index 67b97f4..a352836 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Video conferencing web application", "fr": "Application web de conférence vidéo" }, - "version": "1.0.3992~ynh1", + "version": "1.0.4025~ynh1", "url": "https://jitsi.org/Projects/JitMeet", "license": "Apache-2.0", "maintainer": { From e74c523af745ed30539c71769411bf23291e6a72 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 30 Apr 2020 05:55:46 +0200 Subject: [PATCH 15/57] include uuidgen --- scripts/_common.sh | 2 +- scripts/install | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 3bc96e0..a6ea17a 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless" +pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 78da6da..f23194e 100644 --- a/scripts/install +++ b/scripts/install @@ -41,7 +41,7 @@ focus_user="focus" videobridge_user="jvb" -muc_nickname=$(ynh_string_random --length=32) +muc_nickname=$(uuidgen) #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS From 02b5750388806ab1d82c1f8f5a779ed8ad021155 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 1 May 2020 09:56:02 +0200 Subject: [PATCH 16/57] fix uuidgen error --- scripts/install | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index f23194e..f07bddc 100644 --- a/scripts/install +++ b/scripts/install @@ -41,8 +41,6 @@ focus_user="focus" videobridge_user="jvb" -muc_nickname=$(uuidgen) - #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -66,7 +64,6 @@ ynh_app_setting_set --app=$app --key=videobridge_secret --value=$videobridge_sec ynh_app_setting_set --app=$app --key=focus_secret --value=$focus_secret ynh_app_setting_set --app=$app --key=focus_user --value=$focus_user ynh_app_setting_set --app=$app --key=videobridge_user --value=$videobridge_user -ynh_app_setting_set --app=$app --key=muc_nickname --value=$muc_nickname #================================================= # STANDARD MODIFICATIONS @@ -201,6 +198,9 @@ ynh_print_info --message="Configuring Jitsi-Videobridge..." public_ipv4="$(curl ip.yunohost.org)" || true private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true +muc_nickname=$(uuidgen) +ynh_app_setting_set --app=$app --key=muc_nickname --value=$muc_nickname + mkdir -p "/etc/$app/videobridge" jitsi_videobridge_sip_communicator_conf="/etc/$app/videobridge/sip-communicator.properties" From efa8c8aec7b798204f1dc7bfe0a438a959b1ece5 Mon Sep 17 00:00:00 2001 From: Marco Cirillo Date: Fri, 1 May 2020 14:34:38 +0200 Subject: [PATCH 17/57] metronome.cfg.lua: fix configuration... --- conf/metronome.cfg.lua | 71 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 61 insertions(+), 10 deletions(-) diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 8f5215c..57de247 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -1,19 +1,63 @@ component_ports = { __PORT_COMPONENT__ } -c2s_require_encryption = false -s2s_secure_auth = false +--c2s_require_encryption = false --Why would it be needed? plugin_paths = { "__FINAL_PATH__/jitsi-meet-prosody/" } +modules_enabled = { + + -- Generally required + "roster"; -- Allow users to have a roster. Recommended. + "saslauth"; -- Authentication for clients. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + "disco"; -- Service discovery + + -- Not essential, but recommended + "private"; -- Private XML storage (for room bookmarks, etc.) + "vcard"; -- Allow users to set vCards + "pep"; -- Allows setting of mood, tune, etc. + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + "bidi"; -- Enables Bidirectional Server-to-Server Streams. + + -- Nice to have + "version"; -- Replies to server version requests + "uptime"; -- Report how long server has been running + "time"; -- Let others know the time here on this server + "ping"; -- Replies to XMPP pings with pongs + "register"; -- Allow users to register on this server using a client and change passwords + "stream_management"; -- Allows clients and servers to use Stream Management + "stanza_optimizations"; -- Allows clients to use Client State Indication and SIFT + "message_carbons"; -- Allows clients to enable carbon copies of messages + "mam"; -- Enable server-side message archives using Message Archive Management + "push"; -- Enable Push Notifications via PubSub using XEP-0357 + "lastactivity"; -- Enables clients to know the last presence status of an user + "adhoc_cm"; -- Allow to set client certificates to login through SASL External via adhoc + "admin_adhoc"; -- administration adhoc commands + "bookmarks"; -- XEP-0048 Bookmarks synchronization between PEP and Private Storage + "sec_labels"; -- Allows to use a simplified version XEP-0258 Security Labels and related ACDFs. + "privacy"; -- Add privacy lists and simple blocking command support + + -- Other specific functionality + --"admin_telnet"; -- administration console, telnet to port 5582 + --"admin_web"; -- administration web interface + "bosh"; -- Enable support for BOSH clients, aka "XMPP over Bidirectional Streams over Synchronous HTTP" + --"compression"; -- Allow clients to enable Stream Compression + --"spim_block"; -- Require authorization via OOB form for messages from non-contacts and block unsollicited messages + --"gate_guard"; -- Enable config-based blacklisting and hit-based auto-banning features + --"incidents_handling"; -- Enable Incidents Handling support (can be administered via adhoc commands) + --"server_presence"; -- Enables Server Buddies extension support + --"service_directory"; -- Enables Service Directories extension support + --"public_service"; -- Enables Server vCard support for public services in directories and advertises in features + --"register_api"; -- Provides secure API for both Out-Of-Band and In-Band registration for E-Mail verification + "websocket"; -- Enable support for WebSocket clients, aka "XMPP over WebSockets" + + -- For Jitsi Meet + "http_altconnect"; +} + -- domain mapper options, must at least have domain base set to use the mapper muc_mapper_domain_base = "__DOMAIN__"; -turncredentials_secret = "__TURN_SECRET__"; - -turncredentials = { - { type = "stun", host = "__DOMAIN__", port = "4446" }, - { type = "turn", host = "__DOMAIN__", port = "4446", transport = "udp" }, - { type = "turns", host = "__DOMAIN__", port = "443", transport = "tcp" } -}; +turn_secret = "__TURN_SECRET__"; cross_domain_bosh = false; consider_bosh_secure = true; @@ -37,7 +81,6 @@ VirtualHost "__DOMAIN__" conference_duration_component = "conferenceduration.__DOMAIN__" -- we need bosh modules_enabled = { - "bosh"; "pubsub"; "ping"; -- Enable mod_ping "speakerstats"; @@ -45,6 +88,14 @@ VirtualHost "__DOMAIN__" "conference_duration"; } c2s_require_encryption = false + external_services = { + ["__DOMAIN__"] = { + { type = "stun", port = "4446", trasport = "udp" }, + { type = "stun", port = "4446", trasport = "tcp" } + { type = "turn", port = "4446", transport = "udp", turn_secret = "__TURN_SECRET__", turn_ttl = "86400" }, + { type = "turns", port = "443", transport = "tcp", turn_secret = "__TURN_SECRET__", turn_ttl = "86400" }, + } + } Component "conference.__DOMAIN__" "muc" storage = "null" From edcbf6526379cf4401b7720751ab6dc4e4622a45 Mon Sep 17 00:00:00 2001 From: Marco Cirillo Date: Fri, 1 May 2020 15:18:03 +0200 Subject: [PATCH 18/57] metronome.cfg.lua: fix configuration. --- conf/metronome.cfg.lua | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 57de247..1d0ef1f 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -63,7 +63,6 @@ cross_domain_bosh = false; consider_bosh_secure = true; VirtualHost "__DOMAIN__" - -- enabled = false -- Remove this line to enable this host authentication = "anonymous" -- Properties below are modified by jitsi-meet-tokens package config -- and authentication above is switched to "token" @@ -86,6 +85,7 @@ VirtualHost "__DOMAIN__" "speakerstats"; "turncredentials"; "conference_duration"; + "extdisco"; } c2s_require_encryption = false external_services = { @@ -98,25 +98,25 @@ VirtualHost "__DOMAIN__" } Component "conference.__DOMAIN__" "muc" - storage = "null" modules_enabled = { "muc_meeting_id"; "muc_domain_mapper"; -- "token_verification"; } admins = { "__FOCUS_USER__@auth.__DOMAIN__" } - muc_room_locking = false - muc_room_default_public_jids = true + allow_anonymous_creation = true + instant_room_on_creation = true + room_default_whois = "anyone" -- internal muc component Component "internal.auth.__DOMAIN__" "muc" - storage = "null" - modules_enabled = { + +modules_enabled = { "ping"; } admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" } - muc_room_locking = false - muc_room_default_public_jids = true + instant_room_on_creation = true + room_default_whois = "anyone" VirtualHost "auth.__DOMAIN__" ssl = { From 4d4ab48c2c1ab6c281ffea58ff4191e365ebad2f Mon Sep 17 00:00:00 2001 From: Marco Cirillo Date: Fri, 1 May 2020 15:22:07 +0200 Subject: [PATCH 19/57] metronome.cfg.lua: add at least a global admin. --- conf/metronome.cfg.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 1d0ef1f..975e43f 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -54,11 +54,12 @@ modules_enabled = { "http_altconnect"; } +-- Make the focus user a global administrator +admins = { "__FOCUS_USER__@auth.__DOMAIN__" } + -- domain mapper options, must at least have domain base set to use the mapper muc_mapper_domain_base = "__DOMAIN__"; -turn_secret = "__TURN_SECRET__"; - cross_domain_bosh = false; consider_bosh_secure = true; @@ -110,8 +111,7 @@ Component "conference.__DOMAIN__" "muc" -- internal muc component Component "internal.auth.__DOMAIN__" "muc" - -modules_enabled = { + modules_enabled = { "ping"; } admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" } From 570b7bd8a94ef100906b7344fa7c86d1817dbade Mon Sep 17 00:00:00 2001 From: Marco Cirillo Date: Fri, 1 May 2020 15:43:44 +0200 Subject: [PATCH 20/57] metronome.cfg.lua: remove turncredentials ref. Ultimately mod_extdisco offers more flexibility than it does, and supports credentials requests which mod_turncredentials doesn't. --- conf/metronome.cfg.lua | 1 - 1 file changed, 1 deletion(-) diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 975e43f..efb6766 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -84,7 +84,6 @@ VirtualHost "__DOMAIN__" "pubsub"; "ping"; -- Enable mod_ping "speakerstats"; - "turncredentials"; "conference_duration"; "extdisco"; } From cc89f39aed528a92ef0ddc6cd973e2a4b63c6c38 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 02:03:31 +0200 Subject: [PATCH 21/57] Upgarde to 1.0.4025 --- README.md | 14 +++---- README_fr.md | 12 +++--- check_process | 6 ++- conf/config.js | 81 ++++++++++++++++++++++++++++++++----- conf/jicofo.src | 4 +- conf/jitsi-meet-prosody.src | 4 +- conf/jitsi-meet-web.src | 4 +- conf/jitsi-videobridge.src | 4 +- issue_template.md | 46 +++++++++++++++++++++ manifest.json | 2 +- scripts/backup | 24 +---------- scripts/install | 44 ++++++++++---------- scripts/remove | 34 ++++++++-------- scripts/restore | 34 ++++++++-------- scripts/upgrade | 67 +++++++++++++++++------------- 15 files changed, 236 insertions(+), 144 deletions(-) create mode 100644 issue_template.md diff --git a/README.md b/README.md index 15ded28..30b5ebd 100644 --- a/README.md +++ b/README.md @@ -7,18 +7,18 @@ Those limitations come from the packaging of the upstream app. Have to be improved. -[![Integration level](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi) +[![Integration level](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.maintain.svg) [![Install Jitsi Meet with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=jitsi) *[Lire ce readme en français.](./README_fr.md)* -> *This package allow you to install Jitsi Meet quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* +> *This package allows you to install Jitsi Meet quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Videobridge to provide high quality, secure, and scalable video conferences. -**Shipped version:** 1.0.4025 +**Shipped version:** 1.0.4127 ## Important points before installing @@ -41,11 +41,11 @@ How to configure this app: Via the admin panel, a plain file with SSH, or any ot * Official documentation: https://jitsi.org/user-faq/ -## Specific YunoHost features +## YunoHost specific features #### Supported architectures -* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/jitsi/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/jitsi/) * ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/jitsi/) ## Links @@ -60,7 +60,7 @@ How to configure this app: Via the admin panel, a plain file with SSH, or any ot Developer info ---------------- -Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing). +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing). To try the testing branch, please proceed like that. ``` diff --git a/README_fr.md b/README_fr.md index 7b3bf06..1dbfb07 100644 --- a/README_fr.md +++ b/README_fr.md @@ -7,18 +7,18 @@ Ces limitations viennent de la manière dont l'application a été empaquetée pour YunoHost. À améliorer. -[![Niveau d'intégration](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi) +[![Niveau d'intégration](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.maintain.svg) [![Installer Jitsi Meet avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=jitsi) *[Read this readme in english.](./README.md)* -> *Ce paquet vous permet d'installer Jistsi Meet rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* +> *Ce package vous permet d'installer Jitsi Meet rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* ## Vue d'ensemble Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Javascript, propose des vidéos-conférences de haute qualité, sécurisées et évolutives. -**Version actuelle :** 1.0.4025 +**Version actuelle :** 1.0.4127 ## Points importants à préparer avant l'installation @@ -50,8 +50,8 @@ Comment configurer cette application: via le panneau d'administration, un fichie #### Architectures supportées -* x86-64b - [![Status des compilations](https://ci-apps.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/jitsi/) -* ARMv8-A - [![Status des compilations](https://ci-apps-arm.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/jitsi/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/jitsi/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/jitsi/) ## Liens diff --git a/check_process b/check_process index da085f9..b6e7fdf 100644 --- a/check_process +++ b/check_process @@ -14,6 +14,8 @@ setup_private=0 setup_public=1 upgrade=1 + # 1.0.3729~ynh1 + upgrade=1 from_commit=7e81cff25dd5a85a5f9b97299b2dc251f2725d4b backup_restore=1 multi_instance=0 # This test is no longer necessary since the version 2.7 (PR: https://github.com/YunoHost/yunohost/pull/304), you can still do it if your app could be installed with this version. @@ -27,7 +29,7 @@ Email=yalh@yahoo.com Notification=all ;;; Upgrade options - ; commit=CommitHash - name=Name and date of the commit. + ; commit=7e81cff25dd5a85a5f9b97299b2dc251f2725d4b + name=1.0.3729~ynh1 manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666& diff --git a/conf/config.js b/conf/config.js index 10e04c1..bdccb13 100644 --- a/conf/config.js +++ b/conf/config.js @@ -54,6 +54,13 @@ var config = { // Disables the auto-play behavior of *all* newly created video element. // This is useful when the client runs on a host with limited resources. // noAutoPlayVideo: false + + // Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled, + // simulcast is turned off for the desktop share. If presenter is turned + // on while screensharing is in progress, the max bitrate is automatically + // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines + // the probability for this to be enabled. + // capScreenshareBitrate: 1 // 0 to disable }, // Disables ICE/UDP by filtering out local and remote UDP candidates in @@ -181,9 +188,9 @@ var config = { // appKey: '' // Specify your app key here. // // A URL to redirect the user to, after authenticating // // by default uses: - // // 'https://__DOMAIN__/static/oauth.html' + // // 'https://jitsi-meet.example.com/static/oauth.html' // redirectURI: - // 'https://__DOMAIN__/subfolder/static/oauth.html' + // 'https://jitsi-meet.example.com/subfolder/static/oauth.html' // }, // When integrations like dropbox are enabled only that will be shown, // by enabling fileRecordingsServiceEnabled, we show both the integrations @@ -210,6 +217,21 @@ var config = { // Default value for the channel "last N" attribute. -1 for unlimited. channelLastN: -1, + // // Options for the recording limit notification. + // recordingLimit: { + // + // // The recording limit in minutes. Note: This number appears in the notification text + // // but doesn't enforce the actual recording time limit. This should be configured in + // // jibri! + // limit: 60, + // + // // The name of the app with unlimited recordings. + // appName: 'Unlimited recordings APP', + // + // // The URL of the app with unlimited recordings. + // appURL: 'https://unlimited.recordings.app.com/' + // }, + // Disables or enables RTX (RFC 4588) (defaults to false). // disableRtx: false, @@ -226,15 +248,26 @@ var config = { // disabled, then bandwidth estimations are disabled. // enableRemb: false, + // Enables ICE restart logic in LJM and displays the page reload overlay on + // ICE failure. Current disabled by default because it's causing issues with + // signaling when Octo is enabled. Also when we do an "ICE restart"(which is + // not a real ICE restart), the client maintains the TCC sequence number + // counter, but the bridge resets it. The bridge sends media packets with + // TCC sequence numbers starting from 0. + // enableIceRestart: false, + // Defines the minimum number of participants to start a call (the default // is set in Jicofo and set to 2). // minParticipants: 2, - // Use XEP-0215 to fetch STUN and TURN servers. + // Use the TURN servers discovered via XEP-0215 for the jitsi-videobridge + // connection // useStunTurn: true, - // Enable IPv6 support. - // useIPv6: true, + // Use TURN/UDP servers for the jitsi-videobridge connection (by default + // we filter out TURN/UDP because it is usually not needed since the + // bridge itself is reachable via UDP) + // useTurnUdp: false // Enables / disables a data communication channel with the Videobridge. // Values can be 'datachannel', 'websocket', true (treat it as @@ -246,9 +279,6 @@ var config = { // UI // - // Use display name as XMPP nickname. - // useNicks: false, - // Require users to always specify a display name. // requireDisplayName: true, @@ -289,6 +319,14 @@ var config = { // and microsoftApiApplicationClientID // enableCalendarIntegration: false, + // When 'true', it shows an intermediate page before joining, where the user can configure its devices. + // prejoinPageEnabled: false, + + // If true, shows the unsafe roon name warning label when a room name is + // deemed unsafe (due to the simplicity in the name) and a password is not + // set or the lobby is not enabled. + // enableInsecureRoomNameWarning: false, + // Stats // @@ -331,7 +369,7 @@ var config = { // through the JVB and use the peer to peer connection instead. When a // 3rd participant joins the conference will be moved back to the JVB // connection. - enabled: false, + enabled: true, // Use XEP-0215 to fetch STUN and TURN servers. // useStunTurn: true, @@ -341,7 +379,7 @@ var config = { // { urls: 'stun:__DOMAIN__:4446' }, { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } - ], + ] // Sets the ICE transport policy for the p2p connection. At the time // of this writing the list of possible values are 'all' and 'relay', @@ -353,7 +391,7 @@ var config = { // If set to true, it will prefer to use H.264 for P2P calls (if H.264 // is supported). - preferH264: true + // preferH264: true // If set to true, disable H.264 video codec by stripping it out of the // SDP. @@ -368,6 +406,10 @@ var config = { // The Google Analytics Tracking ID: // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' + // Matomo configuration: + // matomoEndpoint: 'https://your-matomo-endpoint/', + // matomoSiteID: '42', + // The Amplitude APP Key: // amplitudeAPPKey: '' @@ -475,6 +517,23 @@ var config = { // If set to true all muting operations of remote participants will be disabled. // disableRemoteMute: true, + /** + External API url used to receive branding specific information. + If there is no url set or there are missing fields, the defaults are applied. + None of the fieds are mandatory and the response must have the shape: + { + // The hex value for the colour used as background + backgroundColor: '#fff', + // The url for the image used as background + backgroundImageUrl: 'https://example.com/background-img.png', + // The anchor url used when clicking the logo image + logoClickUrl: 'https://example-company.org', + // The url used for the image used as logo + logoImageUrl: 'https://example.com/logo-img.png' + } + */ + // brandingDataUrl: '', + // List of undocumented settings used in jitsi-meet /** _immediateReloadThreshold diff --git a/conf/jicofo.src b/conf/jicofo.src index bc3e15d..9670fa7 100644 --- a/conf/jicofo.src +++ b/conf/jicofo.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-549-1_all.deb -SOURCE_SUM=77607060b9db3e4b2a91bf26ccf6d56f23c6e112357fb5dfd4e6ab062ff01af3 +SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-589-1_all.deb +SOURCE_SUM=29973b40292f8d017e1dfe718ac18e08908edd3b9e5039934eae67c1ab7d4a2f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-meet-prosody.src b/conf/jitsi-meet-prosody.src index 57916ea..85d2876 100644 --- a/conf/jitsi-meet-prosody.src +++ b/conf/jitsi-meet-prosody.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.4025-1_all.deb -SOURCE_SUM=ddd3edd7c7df0ba9e79dec4b5b8c3d19139d4540205a47fedda36352567fd5f8 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.4127-1_all.deb +SOURCE_SUM=bc72563dfe0bd5c1b6516fc824a48038597a56626d78af0e19484e8283da8475 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-meet-web.src b/conf/jitsi-meet-web.src index 67960aa..229a29e 100644 --- a/conf/jitsi-meet-web.src +++ b/conf/jitsi-meet-web.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.4025-1_all.deb -SOURCE_SUM=60fe635ce05c7a6824e994a88f4adcb2b6e9ff176a7a4e444a70bced58c3f0b0 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.4127-1_all.deb +SOURCE_SUM=085fe0b5e576636a83743727b4934ce1c7d8f9c93353d361b5e15acb49737941 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-videobridge.src b/conf/jitsi-videobridge.src index 20075c2..a9d7c4a 100644 --- a/conf/jitsi-videobridge.src +++ b/conf/jitsi-videobridge.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-183-gdbddd169-1_all.deb -SOURCE_SUM=c2dd14437e4e655818bc1c3890b75384e5980042e8475a1142540afc04555ada +SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-202-g5f9377b9-1_all.deb +SOURCE_SUM=0afce2a9c591e72a69c28665f8bf48d5e9d3a4e253e6be8737b1913f4d25b29b SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/issue_template.md b/issue_template.md new file mode 100644 index 0000000..e0a5b5b --- /dev/null +++ b/issue_template.md @@ -0,0 +1,46 @@ +--- +name: Bug report +about: Create a report to help us debug, it would be nice to fill the template as much as you can to help us, help you and help us all. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change url...), you are on the right place!* + - *Otherwise, the issue may be due to Jitsi Meet itself. Refer to its documentation or repository for help.* + - *If you have a doubt, post here, we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +**Describe the bug** +*A clear and concise description of what the bug is.* + +**Versions** +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* + +**To Reproduce** +*Steps to reproduce the behavior.* +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install jitsi + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '....'* + 3. *Scroll down to '....'* + 4. *See error* + +**Expected behavior** +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +**Logs** +*After a failed command, YunoHost makes the log available to you, but also to others, thanks to `yunohost log display [log name] --share`. The actual command, with the correct log name, is displayed at the end of the failed attempt in the CLI. Execute it and copy here the share link it outputs.* +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/manifest.json b/manifest.json index a352836..e270e31 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Video conferencing web application", "fr": "Application web de conférence vidéo" }, - "version": "1.0.4025~ynh1", + "version": "1.0.4127~ynh1", "url": "https://jitsi.org/Projects/JitMeet", "license": "Apache-2.0", "maintainer": { diff --git a/scripts/backup b/scripts/backup index 69be2b0..2ccff41 100644 --- a/scripts/backup +++ b/scripts/backup @@ -13,7 +13,6 @@ source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= -ynh_print_info --message="Managing script failure..." ynh_clean_setup () { ynh_clean_check_starting @@ -32,26 +31,19 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) #================================================= -# STANDARD BACKUP STEPS +# DECLARE DATA AND CONF FILES TO BACKUP #================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_print_info --message="Stopping a systemd service..." - -ynh_systemd_action --service_name=$app-videobridge --action="stop" --log_path="/var/log/$app/$app-videobridge.log" -ynh_systemd_action --service_name=$app-jicofo --action="stop" --log_path="/var/log/$app/$app-jicofo.log" +ynh_print_info --message="Declaring files to be backed up..." #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_print_info --message="Backing up the main app directory..." ynh_backup --src_path="$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_print_info --message="Backing up nginx web server configuration..." ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" @@ -60,7 +52,6 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP METRONOME #================================================= -ynh_print_info --message="Backing up Metronome..." # Backup Metronome domain conf template ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" @@ -72,7 +63,6 @@ ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" #================================================= # BACKUP THE APP CONFIG #================================================= -ynh_print_info --message="Backing up the app config..." ynh_backup --src_path="/etc/$app" @@ -81,26 +71,16 @@ ynh_backup --src_path="/etc/$app" #================================================= # BACKUP LOGROTATE #================================================= -ynh_print_info --message="Backing up logrotate configuration..." ynh_backup --src_path="/etc/logrotate.d/$app" #================================================= # BACKUP SYSTEMD #================================================= -ynh_print_info --message="Backing up systemd configuration..." ynh_backup --src_path="/etc/systemd/system/$app-videobridge.service" ynh_backup --src_path="/etc/systemd/system/$app-jicofo.service" -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_print_info --message="Starting a systemd service..." - -ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" -ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index f07bddc..e05a620 100644 --- a/scripts/install +++ b/scripts/install @@ -12,7 +12,6 @@ source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= -ynh_print_info --message="Managing script failure..." ynh_clean_setup () { ynh_clean_check_starting @@ -23,7 +22,6 @@ ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -ynh_print_info --message="Retrieving arguments from the manifest..." domain=$YNH_APP_ARG_DOMAIN path_url="/" @@ -44,7 +42,7 @@ videobridge_user="jvb" #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_print_info --message="Validating installation parameters..." +ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" @@ -55,7 +53,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_print_info --message="Storing installation settings..." +ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url @@ -70,7 +68,7 @@ ynh_app_setting_set --app=$app --key=videobridge_user --value=$videobridge_user #================================================= # FIND AND OPEN A PORT #================================================= -ynh_print_info --message="Configuring firewall..." +ynh_script_progression --message="Configuring firewall..." # Find an available port port=$(ynh_find_port --port=4443) @@ -91,7 +89,7 @@ ynh_app_setting_set --app=$app --key=port_component --value=$port_component #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_print_info --message="Installing dependencies..." +ynh_script_progression --message="Installing dependencies..." ynh_install_app_dependencies $pkg_dependencies @@ -100,7 +98,7 @@ ynh_install_app_dependencies $pkg_dependencies #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_print_info --message="Setting up source files..." +ynh_script_progression --message="Setting up source files..." ynh_app_setting_set --app=$app --key=final_path --value=$final_path @@ -141,7 +139,7 @@ done #================================================= # NGINX CONFIGURATION #================================================= -ynh_print_info --message="Configuring nginx web server..." +ynh_script_progression --message="Configuring nginx web server..." # Create a dedicated nginx config ynh_add_nginx_config @@ -149,7 +147,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_print_info --message="Configuring system user..." +ynh_script_progression --message="Configuring system user..." # Create a system user ynh_system_user_create --username=$app --home_dir=$final_path @@ -159,7 +157,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # CONFIGURE METRONOME #================================================= -ynh_print_info --message="Configuring metronome..." +ynh_script_progression --message="Configuring metronome..." # Create focus user @@ -193,7 +191,7 @@ metronomectl adduser $videobridge_user@auth.$domain $videobridge_secret || true #================================================= # CONFIGURE JITSI-VIDEOBRIDGE #================================================= -ynh_print_info --message="Configuring Jitsi-Videobridge..." +ynh_script_progression --message="Configuring Jitsi-Videobridge..." public_ipv4="$(curl ip.yunohost.org)" || true private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true @@ -237,7 +235,7 @@ sysctl --system || true #================================================= # CONFIGURE JITSI-JICOFO #================================================= -ynh_print_info --message="Configuring Jitsi-Jicofo..." +ynh_script_progression --message="Configuring Jitsi-Jicofo..." mkdir -p "/etc/$app/jicofo" @@ -260,7 +258,7 @@ cp ../conf/jitsi-jicofo-logging.properties "$jitsi_jicofo_logging_conf" #================================================= # CONFIGURE JITSI-MEET #================================================= -ynh_print_info --message="Configuring Jitsi-Meet..." +ynh_script_progression --message="Configuring Jitsi-Meet..." mkdir -p "/etc/$app/meet" @@ -271,14 +269,14 @@ ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --targ #================================================= # CREATE LOG DIR #================================================= -ynh_print_info --message="Creating log dir..." +ynh_script_progression --message="Creating log dir..." mkdir -p "/var/log/$app" #================================================= # SETUP SYSTEMD #================================================= -ynh_print_info --message="Configuring a systemd service..." +ynh_script_progression --message="Configuring a systemd service..." # Create a dedicated systemd config ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service" @@ -287,7 +285,7 @@ ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service" #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= -ynh_print_info --message="Storing the config file checksum..." +ynh_script_progression --message="Storing the config file checksum..." # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$jitsi_videobridge_sip_communicator_conf" @@ -303,7 +301,7 @@ ynh_store_file_checksum --file="$jitsi_meet_conf" #================================================= # SECURE FILES AND DIRECTORIES #================================================= -ynh_print_info --message="Securing files and directories..." +ynh_script_progression --message="Securing files and directories..." # Set permissions to app files chown -R $app: $final_path @@ -314,7 +312,7 @@ chmod -R 770 /var/log/$app #================================================= # SETUP LOGROTATE #================================================= -ynh_print_info --message="Configuring log rotation..." +ynh_script_progression --message="Configuring log rotation..." # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -322,7 +320,7 @@ ynh_use_logrotate #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_print_info --message="Integrating service in YunoHost..." +ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add $app-videobridge --description "$app jitsi-videobridge for jitsi" --log "/var/log/$app/$app-videobridge.log" yunohost service add $app-jicofo --description "$app jitsi-jicofo for jitsi" --log "/var/log/$app/$app-jicofo.log" @@ -330,7 +328,7 @@ yunohost service add $app-jicofo --description "$app jitsi-jicofo for jitsi" --l #================================================= # START SYSTEMD SERVICE #================================================= -ynh_print_info --message="Starting a systemd service..." +ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" @@ -339,7 +337,7 @@ ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/ #================================================= # SETUP SSOWAT #================================================= -ynh_print_info --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring SSOwat..." # Make app public ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" @@ -347,7 +345,7 @@ ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" #================================================= # RELOAD NGINX #================================================= -ynh_print_info --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." ynh_systemd_action --service_name=nginx --action=reload @@ -355,4 +353,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_print_info --message="Installation of $app completed" +ynh_script_progression --message="Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index b5ca851..0b7470e 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_print_info --message="Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -29,25 +29,24 @@ videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user) #================================================= # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -ynh_print_info --message="Removing service integration in YunoHost..." # Remove the service from the list of services known by Yunohost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app-videobridge >/dev/null then - ynh_print_info --message="Removing $app-videobridge service..." + ynh_script_progression --message="Removing $app-videobridge service..." yunohost service remove $app-videobridge fi if ynh_exec_warn_less yunohost service status $app-jicofo >/dev/null then - ynh_print_info --message="Removing $app-jicofo service..." + ynh_script_progression --message="Removing $app-jicofo service..." yunohost service remove $app-jicofo fi #================================================= # STOP AND REMOVE SERVICE #================================================= -ynh_print_info --message="Stopping and removing the systemd service..." +ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config --service=$app-videobridge @@ -56,7 +55,7 @@ ynh_remove_systemd_config --service=$app-jicofo #================================================= # REMOVE DEPENDENCIES #================================================= -ynh_print_info --message="Removing dependencies..." +ynh_script_progression --message="Removing dependencies..." # Remove metapackage and its dependencies ynh_remove_app_dependencies @@ -66,7 +65,7 @@ ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_print_info --message="Removing app main directory..." +ynh_script_progression --message="Removing app main directory..." # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -74,7 +73,7 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_print_info --message="Removing nginx web server configuration..." +ynh_script_progression --message="Removing nginx web server configuration..." # Remove the dedicated nginx config ynh_remove_nginx_config @@ -82,7 +81,7 @@ ynh_remove_nginx_config #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= -ynh_print_info --message="Removing logrotate configuration..." +ynh_script_progression --message="Removing logrotate configuration..." # Remove the app-specific logrotate config ynh_remove_logrotate @@ -90,23 +89,22 @@ ynh_remove_logrotate #================================================= # CLOSE A PORT #================================================= -ynh_print_info --message="Closing a port..." if yunohost firewall list | grep -q "\- $port$" then - ynh_print_info --message="Closing port $port..." + ynh_script_progression --message="Closing port $port..." ynh_exec_warn_less yunohost firewall disallow TCP $port fi if yunohost firewall list | grep -q "\- $port_videobridge$" then - ynh_print_info --message="Closing port $port_videobridge..." + ynh_script_progression --message="Closing port $port_videobridge..." ynh_exec_warn_less yunohost firewall disallow UDP $port_videobridge fi if yunohost firewall list | grep -q "\- $port_component$" then - ynh_print_info --message="Closing port $port_component..." + ynh_script_progression --message="Closing port $port_component..." ynh_exec_warn_less yunohost firewall disallow TCP $port_component fi @@ -115,7 +113,7 @@ fi #================================================= # RECONFIGURE METRONOME #================================================= -ynh_print_info --message="Reconfiguring Metronome..." +ynh_script_progression --message="Reconfiguring Metronome..." metronomectl deluser $focus_user@auth.$domain || true metronomectl deluser $videobridge_user@auth.$domain || true @@ -141,7 +139,7 @@ yunohost domain remove auth.$domain #================================================= # REMOVE THE CONFIG #================================================= -ynh_print_info --message="Removing the config..." +ynh_script_progression --message="Removing the config..." # Remove the log files ynh_secure_remove --file="/etc/$app" @@ -152,7 +150,7 @@ sysctl --system || true #================================================= # REMOVE THE LOG FILES #================================================= -ynh_print_info --message="Removing the log files..." +ynh_script_progression --message="Removing the log files..." # Remove the log files ynh_secure_remove --file="/var/log/$app" @@ -162,7 +160,7 @@ ynh_secure_remove --file="/var/log/$app" #================================================= # REMOVE DEDICATED USER #================================================= -ynh_print_info --message="Removing the dedicated system user..." +ynh_script_progression --message="Removing the dedicated system user..." # Delete a system user ynh_system_user_delete --username=$app @@ -171,4 +169,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_print_info --message="Removal of $app completed" +ynh_script_progression --message="Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index 821e74b..4ab451e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -13,7 +13,6 @@ source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= -ynh_print_info --message="Managing script failure..." ynh_clean_setup () { ynh_clean_check_starting @@ -24,7 +23,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_print_info --message="Loading settings..." +ynh_script_progression --message="Loading settings..." app=$YNH_APP_INSTANCE_NAME @@ -42,7 +41,7 @@ port_component=$(ynh_app_setting_get --app=$app --key=port_component) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_print_info --message="Validating restoration parameters..." +ynh_script_progression --message="Validating restoration parameters..." ynh_webpath_available --domain=$domain --path_url=$path_url \ || ynh_die --message="Path not available: ${domain}${path_url}" @@ -54,21 +53,21 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_print_info --message="Restoring the nginx configuration..." +ynh_script_progression --message="Restoring the nginx configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_print_info --message="Restoring the app main directory..." +ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_print_info --message="Recreating the dedicated system user..." +ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir=$final_path @@ -76,7 +75,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # RESTORE USER RIGHTS #================================================= -ynh_print_info --message="Restoring user rights..." +ynh_script_progression --message="Restoring user rights..." # Restore permissions on app files chown -R root: $final_path @@ -86,7 +85,7 @@ chown -R root: $final_path #================================================= # REINSTALL DEPENDENCIES #================================================= -ynh_print_info --message="Reinstalling dependencies..." +ynh_script_progression --message="Reinstalling dependencies..." # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies @@ -96,7 +95,7 @@ ynh_install_app_dependencies $pkg_dependencies #================================================= # CONFIGURE FIREWALL #================================================= -ynh_print_info --message="Configuring firewall..." +ynh_script_progression --message="Configuring firewall..." # Open this port ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port @@ -105,7 +104,7 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge #================================================= # CONFIGURE METRONOME #================================================= -ynh_print_info --message="Configuring metronome..." +ynh_script_progression --message="Configuring metronome..." # Create additional domains yunohost domain add auth.$domain @@ -128,14 +127,14 @@ ynh_systemd_action --service_name=metronome --action=restart #================================================= # RESTORE THE APP CONFIG #================================================= -ynh_print_info --message="Restoring the app config..." +ynh_script_progression --message="Restoring the app config..." ynh_restore_file --origin_path="/etc/$app" #================================================= # CREATE LOG DIR #================================================= -ynh_print_info --message="Creating log dir..." +ynh_script_progression --message="Creating log dir..." mkdir -p "/var/log/$app" chown -R $app: /var/log/$app @@ -143,7 +142,7 @@ chown -R $app: /var/log/$app #================================================= # RESTORE SYSTEMD #================================================= -ynh_print_info --message="Restoring the systemd configuration..." +ynh_script_progression --message="Restoring the systemd configuration..." ynh_restore_file --origin_path="/etc/systemd/system/$app-videobridge.service" systemctl enable $app-videobridge.service @@ -153,7 +152,7 @@ systemctl enable $app-jicofo.service #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_print_info --message="Integrating service in YunoHost..." +ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log" yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log" @@ -161,7 +160,7 @@ yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_print_info --message="Starting a systemd service..." +ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log" @@ -169,6 +168,7 @@ ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/ #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." ynh_restore_file --origin_path="/etc/logrotate.d/$app" @@ -177,7 +177,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_print_info --message="Reloading nginx web server and php-fpm..." +ynh_script_progression --message="Reloading nginx web server and php-fpm..." ynh_systemd_action --service_name=nginx --action=reload @@ -185,4 +185,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_print_info --message="Restoration completed for $app" +ynh_script_progression --message="Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index 11fe459..bfd18b1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_print_info --message="Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -31,6 +31,7 @@ focus_password=$(ynh_app_setting_get --app=$app --key=focus_password) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) current_version=$(ynh_read_manifest --manifest="/etc/yunohost/apps/$app/manifest.json" --manifest_key="version" || echo 1.0) @@ -38,7 +39,7 @@ current_version=$(ynh_read_manifest --manifest="/etc/yunohost/apps/$app/manifest #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_print_info --message="Ensuring downward compatibility..." +ynh_script_progression --message="Ensuring downward compatibility..." # If final_path doesn't exist, create it if [ -z "$final_path" ]; then @@ -84,7 +85,7 @@ fi # Closing port_component if yunohost firewall list | grep -q "\- $port_component$" then - ynh_print_info --message="Closing port $port_component..." + ynh_script_progression --message="Closing port $port_component..." ynh_exec_warn_less yunohost firewall disallow TCP $port_component fi @@ -92,7 +93,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_print_info --message="Backing up the app before upgrading (may take a while)..." +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -109,7 +110,7 @@ ynh_abort_if_errors #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_print_info --message="Stopping a systemd service..." +ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app-videobridge --action="stop" --log_path="/var/log/$app/$app-videobridge.log" ynh_systemd_action --service_name=$app-jicofo --action="stop" --log_path="/var/log/$app/$app-jicofo.log" @@ -120,7 +121,7 @@ ynh_systemd_action --service_name=$app-jicofo --action="stop" --log_path="/var/l if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_print_info --message="Upgrading source files..." + ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src declare -A packages @@ -161,7 +162,7 @@ fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_print_info --message="Upgrading nginx web server configuration..." +ynh_script_progression --message="Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config @@ -169,7 +170,7 @@ ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= -ynh_print_info --message="Upgrading dependencies..." +ynh_script_progression --message="Upgrading dependencies..." ynh_install_app_dependencies $pkg_dependencies @@ -178,7 +179,7 @@ ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE DEDICATED USER #================================================= -ynh_print_info --message="Making sure dedicated system user exists..." +ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir=$final_path @@ -188,7 +189,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # CONFIGURE JITSI-VIDEOBRIDGE #================================================= -ynh_print_info --message="Configuring Jitsi-Videobridge..." +ynh_script_progression --message="Configuring Jitsi-Videobridge..." if [ "$upgrade_type" == "UPGRADE_APP" ] then @@ -236,7 +237,7 @@ fi #================================================= # CONFIGURE JITSI-JICOFO #================================================= -ynh_print_info --message="configuring Jitsi-Jicofo..." +ynh_script_progression --message="configuring Jitsi-Jicofo..." if [ "$upgrade_type" == "UPGRADE_APP" ] then @@ -267,7 +268,7 @@ fi #================================================= # CONFIGURE JITSI-MEET #================================================= -ynh_print_info --message="Configuring Jitsi-Meet..." +ynh_script_progression --message="Configuring Jitsi-Meet..." if [ "$upgrade_type" == "UPGRADE_APP" ] @@ -279,18 +280,10 @@ then ynh_store_file_checksum --file="$jitsi_meet_conf" fi -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_print_info --message="Upgrading logrotate configuration..." - -# Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate --non-append - #================================================= # SETUP SYSTEMD #================================================= -ynh_print_info --message="Upgrading systemd configuration..." +ynh_script_progression --message="Upgrading systemd configuration..." # Create a dedicated systemd config ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service" @@ -301,7 +294,7 @@ ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service" #================================================= # SECURE FILES AND DIRECTORIES #================================================= -ynh_print_info --message="Securing files and directories..." +ynh_script_progression --message="Securing files and directories..." # Set permissions on app files chown -R root: $final_path @@ -310,25 +303,41 @@ chown -R $app: /var/log/$app chmod -R 770 /var/log/$app #================================================= -# SETUP SSOWAT +# SETUP LOGROTATE #================================================= -ynh_print_info --message="Upgrading SSOwat configuration..." +ynh_script_progression --message="Upgrading logrotate configuration..." -# Make app public -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." + +yunohost service add $app-videobridge --description "$app jitsi-videobridge for jitsi" --log "/var/log/$app/$app-videobridge.log" +yunohost service add $app-jicofo --description "$app jitsi-jicofo for jitsi" --log "/var/log/$app/$app-jicofo.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_print_info --message="Starting a systemd service..." +ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log" +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Upgrading SSOwat configuration..." + +# Make app public +ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + #================================================= # RELOAD NGINX #================================================= -ynh_print_info --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." ynh_systemd_action --service_name=nginx --action=reload @@ -336,4 +345,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_print_info --message="Upgrade of $app completed" +ynh_script_progression --message="Upgrade of $app completed" From 175ceb7654c7657539b2fc3084a37d4c1d8b081e Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 02:44:41 +0200 Subject: [PATCH 22/57] Apply last upstream modifications --- conf/jitsi-jicofo-logging.properties | 15 +++++++++++++-- conf/jitsi-videobridge-logging.properties | 14 -------------- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/conf/jitsi-jicofo-logging.properties b/conf/jitsi-jicofo-logging.properties index 18c87ce..229f808 100644 --- a/conf/jitsi-jicofo-logging.properties +++ b/conf/jitsi-jicofo-logging.properties @@ -1,9 +1,15 @@ handlers= java.util.logging.ConsoleHandler + +# Handlers with XMPP debug enabled: +#handlers= java.util.logging.ConsoleHandler, org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler + +# Handlers with syslog enabled: #handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler java.util.logging.ConsoleHandler.level = ALL java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter +java.util.logging.ConsoleHandler.filter = org.jitsi.impl.protocol.xmpp.log.ExcludeXmppPackets net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo @@ -18,8 +24,12 @@ net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVER #net.java.sip.communicator.service.protocol.level=ALL -# Enable debug packets logging -#org.jitsi.impl.protocol.xmpp.level=FINE +# To enable XMPP packets logging add XmppPacketsFileHandler to the handlers property +org.jitsi.impl.protocol.xmpp.log.PacketDebugger.level=ALL +org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.pattern=/var/log/jitsi/jicofo-xmpp.log +org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.append=true +org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.limit=200000000 +org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.count=3 # Syslog(uncomment handler to use) com.agafua.syslog.SyslogHandler.transport = udp @@ -28,6 +38,7 @@ com.agafua.syslog.SyslogHandler.port = 514 com.agafua.syslog.SyslogHandler.hostname = localhost com.agafua.syslog.SyslogHandler.formatter = net.java.sip.communicator.util.ScLogFormatter com.agafua.syslog.SyslogHandler.escapeNewlines = false +com.agafua.syslog.SyslogHandler.filter = org.jitsi.impl.protocol.xmpp.log.ExcludeXmppPackets # to disable double timestamps in syslog uncomment next line #net.java.sip.communicator.util.ScLogFormatter.disableTimestamp=true diff --git a/conf/jitsi-videobridge-logging.properties b/conf/jitsi-videobridge-logging.properties index 7df14c2..4a37486 100644 --- a/conf/jitsi-videobridge-logging.properties +++ b/conf/jitsi-videobridge-logging.properties @@ -23,17 +23,3 @@ com.agafua.syslog.SyslogHandler.escapeNewlines = false # to disable double timestamps in syslog uncomment next line #net.java.sip.communicator.util.ScLogFormatter.disableTimestamp=true - -# time series logging -java.util.logging.SimpleFormatter.format= %5$s%n -java.util.logging.FileHandler.level = ALL -java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter -java.util.logging.FileHandler.pattern = /tmp/jvb-series.log -java.util.logging.FileHandler.limit = 200000000 -java.util.logging.FileHandler.count = 1 -java.util.logging.FileHandler.append = false - -timeseries.level=OFF -timeseries.org.jitsi.videobridge.cc.vp8.level=ALL -timeseries.useParentHandlers = false -timeseries.handlers = java.util.logging.FileHandler From 516d3598ed4090a9fd0f369fb8064cb14168dcfb Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 02:54:47 +0200 Subject: [PATCH 23/57] Fix metronome --- conf/metronome.cfg.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index efb6766..883b7c5 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -91,9 +91,9 @@ VirtualHost "__DOMAIN__" external_services = { ["__DOMAIN__"] = { { type = "stun", port = "4446", trasport = "udp" }, - { type = "stun", port = "4446", trasport = "tcp" } + { type = "stun", port = "4446", trasport = "tcp" }, { type = "turn", port = "4446", transport = "udp", turn_secret = "__TURN_SECRET__", turn_ttl = "86400" }, - { type = "turns", port = "443", transport = "tcp", turn_secret = "__TURN_SECRET__", turn_ttl = "86400" }, + { type = "turns", port = "443", transport = "tcp", turn_secret = "__TURN_SECRET__", turn_ttl = "86400" } } } From b709b3b550fb506fb5ea3be818a34cb654502b85 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 02:55:00 +0200 Subject: [PATCH 24/57] Update install --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index e05a620..b0a4e52 100644 --- a/scripts/install +++ b/scripts/install @@ -118,7 +118,7 @@ do popd mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/" - # ynh_secure_remove --file="$final_path/${package}_temp" + ynh_secure_remove --file="$final_path/${package}_temp" done # Adapt prosody module to metronome From b0bad7bc128e383d78a51ee6409682f48da0cbc5 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 02:55:11 +0200 Subject: [PATCH 25/57] Update config.js --- conf/config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.js b/conf/config.js index bdccb13..befb1c5 100644 --- a/conf/config.js +++ b/conf/config.js @@ -391,7 +391,7 @@ var config = { // If set to true, it will prefer to use H.264 for P2P calls (if H.264 // is supported). - // preferH264: true + preferH264: true // If set to true, disable H.264 video codec by stripping it out of the // SDP. From 7b652984f6f5739531b561d38a42d96910ee9240 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 15:03:24 +0200 Subject: [PATCH 26/57] Missing mod_http_altconnect --- conf/config.js | 4 +-- conf/metronome.cfg.lua | 51 ++----------------------------- conf/mod_http_altconnect.lua | 59 ++++++++++++++++++++++++++++++++++++ scripts/backup | 3 ++ scripts/install | 6 ++-- scripts/remove | 7 ++++- scripts/restore | 6 ++-- scripts/upgrade | 3 +- 8 files changed, 82 insertions(+), 57 deletions(-) create mode 100644 conf/mod_http_altconnect.lua diff --git a/conf/config.js b/conf/config.js index befb1c5..3de6f09 100644 --- a/conf/config.js +++ b/conf/config.js @@ -46,7 +46,7 @@ var config = { testing: { // P2P test mode disables automatic switching to P2P when there are 2 // participants in the conference. - p2pTestMode: false + // p2pTestMode: false // Enables the test specific features consumed by jitsi-meet-torture // testMode: false @@ -379,7 +379,7 @@ var config = { // { urls: 'stun:__DOMAIN__:4446' }, { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } - ] + ], // Sets the ICE transport policy for the p2p connection. At the time // of this writing the list of possible values are 'all' and 'relay', diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 883b7c5..f81815f 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -1,55 +1,10 @@ component_ports = { __PORT_COMPONENT__ } ---c2s_require_encryption = false --Why would it be needed? +-- c2s_require_encryption = false --Why would it be needed? +-- s2s_secure_auth = false plugin_paths = { "__FINAL_PATH__/jitsi-meet-prosody/" } modules_enabled = { - - -- Generally required - "roster"; -- Allow users to have a roster. Recommended. - "saslauth"; -- Authentication for clients. Recommended if you want to log in. - "tls"; -- Add support for secure TLS on c2s/s2s connections - "disco"; -- Service discovery - - -- Not essential, but recommended - "private"; -- Private XML storage (for room bookmarks, etc.) - "vcard"; -- Allow users to set vCards - "pep"; -- Allows setting of mood, tune, etc. - "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. - "bidi"; -- Enables Bidirectional Server-to-Server Streams. - - -- Nice to have - "version"; -- Replies to server version requests - "uptime"; -- Report how long server has been running - "time"; -- Let others know the time here on this server - "ping"; -- Replies to XMPP pings with pongs - "register"; -- Allow users to register on this server using a client and change passwords - "stream_management"; -- Allows clients and servers to use Stream Management - "stanza_optimizations"; -- Allows clients to use Client State Indication and SIFT - "message_carbons"; -- Allows clients to enable carbon copies of messages - "mam"; -- Enable server-side message archives using Message Archive Management - "push"; -- Enable Push Notifications via PubSub using XEP-0357 - "lastactivity"; -- Enables clients to know the last presence status of an user - "adhoc_cm"; -- Allow to set client certificates to login through SASL External via adhoc - "admin_adhoc"; -- administration adhoc commands - "bookmarks"; -- XEP-0048 Bookmarks synchronization between PEP and Private Storage - "sec_labels"; -- Allows to use a simplified version XEP-0258 Security Labels and related ACDFs. - "privacy"; -- Add privacy lists and simple blocking command support - - -- Other specific functionality - --"admin_telnet"; -- administration console, telnet to port 5582 - --"admin_web"; -- administration web interface - "bosh"; -- Enable support for BOSH clients, aka "XMPP over Bidirectional Streams over Synchronous HTTP" - --"compression"; -- Allow clients to enable Stream Compression - --"spim_block"; -- Require authorization via OOB form for messages from non-contacts and block unsollicited messages - --"gate_guard"; -- Enable config-based blacklisting and hit-based auto-banning features - --"incidents_handling"; -- Enable Incidents Handling support (can be administered via adhoc commands) - --"server_presence"; -- Enables Server Buddies extension support - --"service_directory"; -- Enables Service Directories extension support - --"public_service"; -- Enables Server vCard support for public services in directories and advertises in features - --"register_api"; -- Provides secure API for both Out-Of-Band and In-Band registration for E-Mail verification - "websocket"; -- Enable support for WebSocket clients, aka "XMPP over WebSockets" - -- For Jitsi Meet "http_altconnect"; } @@ -85,7 +40,7 @@ VirtualHost "__DOMAIN__" "ping"; -- Enable mod_ping "speakerstats"; "conference_duration"; - "extdisco"; + "extdisco"; } c2s_require_encryption = false external_services = { diff --git a/conf/mod_http_altconnect.lua b/conf/mod_http_altconnect.lua new file mode 100644 index 0000000..2985ff8 --- /dev/null +++ b/conf/mod_http_altconnect.lua @@ -0,0 +1,59 @@ +-- mod_http_altconnect +-- XEP-0156: Discovering Alternative XMPP Connection Methods + +module:depends"http"; + +local mm = require "core.modulemanager"; +local json = require"util.json"; +local st = require"util.stanza"; +local array = require"util.array"; + +local function get_supported() + local uris = array(); + if mm.is_loaded(module.host, "bosh") or mm.is_loaded("*", "bosh") then + uris:push({ rel = "urn:xmpp:alt-connections:xbosh", href = module:http_url("bosh", "/http-bind") }); + end + if mm.is_loaded(module.host, "websocket") or mm.is_loaded("*", "websocket") then + uris:push({ rel = "urn:xmpp:alt-connections:websocket", href = module:http_url("websocket", "xmpp-websocket"):gsub("^http", "ws") }); + end + return uris; +end + + +local function GET_xml(event) + local request, response = event.request, event.response; + local xrd = st.stanza("XRD", { xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0' }); + local uris = get_supported(); + for i, method in ipairs(uris) do + xrd:tag("Link", method):up(); + end + response.headers.content_type = "application/xrd+xml" + response.headers.access_control_allow_origin = "*"; + return '' .. tostring(xrd); +end + +local function GET_json(event) + local request, response = event.request, event.response; + local jrd = { links = get_supported() }; + response.headers.content_type = "application/json" + response.headers.access_control_allow_origin = "*"; + return json.encode(jrd); +end; + +local function GET_either(event) + local accept_type = event.request.headers.accept or ""; + if ( accept_type:find("xml") or #accept_type ) < ( accept_type:find("json") or #accept_type+1 ) then + return GET_xml(event); + else + return GET_json(event); + end +end; + +module:provides("http", { + default_path = "/.well-known"; + route = { + ["GET /host-meta"] = GET_either; + -- ["GET /host-meta.xml"] = GET_xml; -- Hmmm + ["GET /host-meta.json"] = GET_json; + }; +}); diff --git a/scripts/backup b/scripts/backup index 2ccff41..5f61234 100644 --- a/scripts/backup +++ b/scripts/backup @@ -60,6 +60,9 @@ ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" # Backup Metronome Hook ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" +# Backup Metronome Module +ynh_backup --src_path="/usr/lib/metronome/modules/mod_http_altconnect.lua" + #================================================= # BACKUP THE APP CONFIG #================================================= diff --git a/scripts/install b/scripts/install index b0a4e52..a07781c 100644 --- a/scripts/install +++ b/scripts/install @@ -181,9 +181,11 @@ touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" # Add Metronome hook cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app -yunohost tools regen-conf metronome --force -ynh_systemd_action --service_name=metronome --action=restart +# Add Metronome modules +cp ../conf/mod_http_altconnect.lua /usr/lib/metronome/modules/mod_http_altconnect.lua + +yunohost tools regen-conf metronome metronomectl adduser $focus_user@auth.$domain $focus_password || true metronomectl adduser $videobridge_user@auth.$domain $videobridge_secret || true diff --git a/scripts/remove b/scripts/remove index 0b7470e..e7aa691 100644 --- a/scripts/remove +++ b/scripts/remove @@ -115,6 +115,11 @@ fi #================================================= ynh_script_progression --message="Reconfiguring Metronome..." +# Remove Metronome modules +ynh_secure_remove --file="/usr/lib/metronome/modules/mod_http_altconnect.lua" + +ynh_systemd_action --service_name=metronome --action=restart + metronomectl deluser $focus_user@auth.$domain || true metronomectl deluser $videobridge_user@auth.$domain || true @@ -129,7 +134,7 @@ fi # Remove Metronome Hook ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" -yunohost tools regen-conf metronome --force +yunohost tools regen-conf metronome # Delete focus user # yunohost user delete $focus_user --purge diff --git a/scripts/restore b/scripts/restore index 4ab451e..7bb3f8c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -120,9 +120,11 @@ ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/auth.$domain # Restore Metronome Hook ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" -yunohost tools regen-conf metronome --force -ynh_systemd_action --service_name=metronome --action=restart +# Restore Metronome modules +ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_http_altconnect.lua" + +yunohost tools regen-conf metronome #================================================= # RESTORE THE APP CONFIG diff --git a/scripts/upgrade b/scripts/upgrade index bfd18b1..0720050 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -64,7 +64,7 @@ if ynh_version_gt "1.0.3387~ynh2" "${current_version}" ; then # Add Metronome hook cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app - yunohost tools regen-conf metronome --force + yunohost tools regen-conf metronome fi if ynh_version_gt "1.0.3969~ynh1" "${current_version}" ; then @@ -75,7 +75,6 @@ if ynh_version_gt "1.0.3969~ynh1" "${current_version}" ; then # Remove Previously installed Metronome modules ynh_secure_remove --file="/usr/lib/metronome/modules/mod_carbons.lua" - ynh_secure_remove --file="/usr/lib/metronome/modules/mod_http_altconnect.lua" ynh_secure_remove --file="/usr/lib/metronome/modules/mod_smacks.lua" # Remove nodejs From 760b15db41691c8d3927346ab564d37d12b08969 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 15:09:44 +0200 Subject: [PATCH 27/57] Fix missing variables --- scripts/restore | 4 ++++ scripts/upgrade | 13 ++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/restore b/scripts/restore index 7bb3f8c..bda34ee 100644 --- a/scripts/restore +++ b/scripts/restore @@ -33,6 +33,10 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) focus_user=$(ynh_app_setting_get --app=$app --key=focus_user) focus_password=$(ynh_app_setting_get --app=$app --key=focus_password) +focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret) + +videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user) +videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret) port=$(ynh_app_setting_get --app=$app --key=port) port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) diff --git a/scripts/upgrade b/scripts/upgrade index 0720050..35bcccb 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,13 +20,16 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret) -focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret) -port=$(ynh_app_setting_get --app=$app --key=port) -port_component=$(ynh_app_setting_get --app=$app --key=port_component) - focus_user=$(ynh_app_setting_get --app=$app --key=focus_user) focus_password=$(ynh_app_setting_get --app=$app --key=focus_password) +focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret) + +videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user) +videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret) + +port=$(ynh_app_setting_get --app=$app --key=port) +port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) +port_component=$(ynh_app_setting_get --app=$app --key=port_component) #================================================= # CHECK VERSION From a07e0f7e68d6c8acce68924a8236eb28b3ffcf0c Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 15:15:52 +0200 Subject: [PATCH 28/57] Update config.js --- conf/config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.js b/conf/config.js index 3de6f09..11acce7 100644 --- a/conf/config.js +++ b/conf/config.js @@ -46,7 +46,7 @@ var config = { testing: { // P2P test mode disables automatic switching to P2P when there are 2 // participants in the conference. - // p2pTestMode: false + p2pTestMode: false // Enables the test specific features consumed by jitsi-meet-torture // testMode: false From acfb39491271173f18c35ab07dc75c6258a45e93 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 15:28:21 +0200 Subject: [PATCH 29/57] removing mod_http_altconnect.lua --- conf/metronome.cfg.lua | 5 --- conf/mod_http_altconnect.lua | 59 ------------------------------------ scripts/backup | 3 -- scripts/install | 3 -- scripts/remove | 5 --- scripts/restore | 3 -- scripts/upgrade | 1 + 7 files changed, 1 insertion(+), 78 deletions(-) delete mode 100644 conf/mod_http_altconnect.lua diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index f81815f..0d7769b 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -4,11 +4,6 @@ component_ports = { __PORT_COMPONENT__ } plugin_paths = { "__FINAL_PATH__/jitsi-meet-prosody/" } -modules_enabled = { - -- For Jitsi Meet - "http_altconnect"; -} - -- Make the focus user a global administrator admins = { "__FOCUS_USER__@auth.__DOMAIN__" } diff --git a/conf/mod_http_altconnect.lua b/conf/mod_http_altconnect.lua deleted file mode 100644 index 2985ff8..0000000 --- a/conf/mod_http_altconnect.lua +++ /dev/null @@ -1,59 +0,0 @@ --- mod_http_altconnect --- XEP-0156: Discovering Alternative XMPP Connection Methods - -module:depends"http"; - -local mm = require "core.modulemanager"; -local json = require"util.json"; -local st = require"util.stanza"; -local array = require"util.array"; - -local function get_supported() - local uris = array(); - if mm.is_loaded(module.host, "bosh") or mm.is_loaded("*", "bosh") then - uris:push({ rel = "urn:xmpp:alt-connections:xbosh", href = module:http_url("bosh", "/http-bind") }); - end - if mm.is_loaded(module.host, "websocket") or mm.is_loaded("*", "websocket") then - uris:push({ rel = "urn:xmpp:alt-connections:websocket", href = module:http_url("websocket", "xmpp-websocket"):gsub("^http", "ws") }); - end - return uris; -end - - -local function GET_xml(event) - local request, response = event.request, event.response; - local xrd = st.stanza("XRD", { xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0' }); - local uris = get_supported(); - for i, method in ipairs(uris) do - xrd:tag("Link", method):up(); - end - response.headers.content_type = "application/xrd+xml" - response.headers.access_control_allow_origin = "*"; - return '' .. tostring(xrd); -end - -local function GET_json(event) - local request, response = event.request, event.response; - local jrd = { links = get_supported() }; - response.headers.content_type = "application/json" - response.headers.access_control_allow_origin = "*"; - return json.encode(jrd); -end; - -local function GET_either(event) - local accept_type = event.request.headers.accept or ""; - if ( accept_type:find("xml") or #accept_type ) < ( accept_type:find("json") or #accept_type+1 ) then - return GET_xml(event); - else - return GET_json(event); - end -end; - -module:provides("http", { - default_path = "/.well-known"; - route = { - ["GET /host-meta"] = GET_either; - -- ["GET /host-meta.xml"] = GET_xml; -- Hmmm - ["GET /host-meta.json"] = GET_json; - }; -}); diff --git a/scripts/backup b/scripts/backup index 5f61234..2ccff41 100644 --- a/scripts/backup +++ b/scripts/backup @@ -60,9 +60,6 @@ ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" # Backup Metronome Hook ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" -# Backup Metronome Module -ynh_backup --src_path="/usr/lib/metronome/modules/mod_http_altconnect.lua" - #================================================= # BACKUP THE APP CONFIG #================================================= diff --git a/scripts/install b/scripts/install index a07781c..a1a0da1 100644 --- a/scripts/install +++ b/scripts/install @@ -182,9 +182,6 @@ touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" # Add Metronome hook cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app -# Add Metronome modules -cp ../conf/mod_http_altconnect.lua /usr/lib/metronome/modules/mod_http_altconnect.lua - yunohost tools regen-conf metronome metronomectl adduser $focus_user@auth.$domain $focus_password || true diff --git a/scripts/remove b/scripts/remove index e7aa691..c09b4fc 100644 --- a/scripts/remove +++ b/scripts/remove @@ -115,11 +115,6 @@ fi #================================================= ynh_script_progression --message="Reconfiguring Metronome..." -# Remove Metronome modules -ynh_secure_remove --file="/usr/lib/metronome/modules/mod_http_altconnect.lua" - -ynh_systemd_action --service_name=metronome --action=restart - metronomectl deluser $focus_user@auth.$domain || true metronomectl deluser $videobridge_user@auth.$domain || true diff --git a/scripts/restore b/scripts/restore index bda34ee..e726e8e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -125,9 +125,6 @@ ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/auth.$domain # Restore Metronome Hook ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" -# Restore Metronome modules -ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_http_altconnect.lua" - yunohost tools regen-conf metronome #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 35bcccb..9cda028 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -78,6 +78,7 @@ if ynh_version_gt "1.0.3969~ynh1" "${current_version}" ; then # Remove Previously installed Metronome modules ynh_secure_remove --file="/usr/lib/metronome/modules/mod_carbons.lua" + ynh_secure_remove --file="/usr/lib/metronome/modules/mod_http_altconnect.lua" ynh_secure_remove --file="/usr/lib/metronome/modules/mod_smacks.lua" # Remove nodejs From 5fcab5dee43d8c634cd91fc838dc037680887020 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 15:32:01 +0200 Subject: [PATCH 30/57] Forcing metronome regen-conf --- scripts/install | 2 +- scripts/remove | 3 ++- scripts/restore | 2 +- scripts/upgrade | 3 ++- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/install b/scripts/install index a1a0da1..32a978a 100644 --- a/scripts/install +++ b/scripts/install @@ -182,7 +182,7 @@ touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" # Add Metronome hook cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app -yunohost tools regen-conf metronome +yunohost tools regen-conf metronome --force metronomectl adduser $focus_user@auth.$domain $focus_password || true metronomectl adduser $videobridge_user@auth.$domain $videobridge_secret || true diff --git a/scripts/remove b/scripts/remove index c09b4fc..9e3e883 100644 --- a/scripts/remove +++ b/scripts/remove @@ -129,7 +129,8 @@ fi # Remove Metronome Hook ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" -yunohost tools regen-conf metronome + +yunohost tools regen-conf metronome --force # Delete focus user # yunohost user delete $focus_user --purge diff --git a/scripts/restore b/scripts/restore index e726e8e..523384c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -125,7 +125,7 @@ ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/auth.$domain # Restore Metronome Hook ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" -yunohost tools regen-conf metronome +yunohost tools regen-conf metronome --force #================================================= # RESTORE THE APP CONFIG diff --git a/scripts/upgrade b/scripts/upgrade index 9cda028..2c6673a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -67,7 +67,8 @@ if ynh_version_gt "1.0.3387~ynh2" "${current_version}" ; then # Add Metronome hook cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app - yunohost tools regen-conf metronome + + yunohost tools regen-conf metronome --force fi if ynh_version_gt "1.0.3969~ynh1" "${current_version}" ; then From e73d54fbfde5489cf64031fed054874bc0d2fcb1 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 16:07:33 +0200 Subject: [PATCH 31/57] switching to 127.0.0.1 instead of localhost --- conf/jitsi-jicofo-logging.properties | 2 +- conf/jitsi-jicofo.config | 2 +- conf/jitsi-videobridge-logging.properties | 2 +- conf/jitsi-videobridge-sip-communicator.properties | 2 +- conf/jitsi-videobridge.service | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/jitsi-jicofo-logging.properties b/conf/jitsi-jicofo-logging.properties index 229f808..078e3e1 100644 --- a/conf/jitsi-jicofo-logging.properties +++ b/conf/jitsi-jicofo-logging.properties @@ -35,7 +35,7 @@ org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.count=3 com.agafua.syslog.SyslogHandler.transport = udp com.agafua.syslog.SyslogHandler.facility = local0 com.agafua.syslog.SyslogHandler.port = 514 -com.agafua.syslog.SyslogHandler.hostname = localhost +com.agafua.syslog.SyslogHandler.hostname = 127.0.0.1 com.agafua.syslog.SyslogHandler.formatter = net.java.sip.communicator.util.ScLogFormatter com.agafua.syslog.SyslogHandler.escapeNewlines = false com.agafua.syslog.SyslogHandler.filter = org.jitsi.impl.protocol.xmpp.log.ExcludeXmppPackets diff --git a/conf/jitsi-jicofo.config b/conf/jitsi-jicofo.config index baf16d5..08eebf6 100644 --- a/conf/jitsi-jicofo.config +++ b/conf/jitsi-jicofo.config @@ -1,6 +1,6 @@ # Jitsi Conference Focus settings # sets the host name of the XMPP server -JICOFO_HOST=localhost +JICOFO_HOST=127.0.0.1 # sets the XMPP domain (default: none) JICOFO_HOSTNAME=__DOMAIN__ diff --git a/conf/jitsi-videobridge-logging.properties b/conf/jitsi-videobridge-logging.properties index 4a37486..ba2009b 100644 --- a/conf/jitsi-videobridge-logging.properties +++ b/conf/jitsi-videobridge-logging.properties @@ -17,7 +17,7 @@ org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING com.agafua.syslog.SyslogHandler.transport = udp com.agafua.syslog.SyslogHandler.facility = local0 com.agafua.syslog.SyslogHandler.port = 514 -com.agafua.syslog.SyslogHandler.hostname = localhost +com.agafua.syslog.SyslogHandler.hostname = 127.0.0.1 com.agafua.syslog.SyslogHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter com.agafua.syslog.SyslogHandler.escapeNewlines = false diff --git a/conf/jitsi-videobridge-sip-communicator.properties b/conf/jitsi-videobridge-sip-communicator.properties index b87feb4..f6b3ea8 100644 --- a/conf/jitsi-videobridge-sip-communicator.properties +++ b/conf/jitsi-videobridge-sip-communicator.properties @@ -2,7 +2,7 @@ org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 org.jitsi.videobridge.ENABLE_STATISTICS=true org.jitsi.videobridge.STATISTICS_TRANSPORT=muc -org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost +org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=127.0.0.1 org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.__DOMAIN__ org.jitsi.videobridge.xmpp.user.shard.USERNAME=__VIDEOBRIDGE_USER__ org.jitsi.videobridge.xmpp.user.shard.PASSWORD=__VIDEOBRIDGE_SECRET__ diff --git a/conf/jitsi-videobridge.service b/conf/jitsi-videobridge.service index 5d64ba7..bc93d5f 100644 --- a/conf/jitsi-videobridge.service +++ b/conf/jitsi-videobridge.service @@ -18,7 +18,7 @@ TasksMax=65000 LimitNPROC=65000 LimitNOFILE=65000 WorkingDirectory=__FINALPATH__/jitsi-videobridge/ -ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=$${JVB_HOST:-localhost} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS} < /dev/null >> ${LOGFILE} 2>&1" +ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=$${JVB_HOST:-127.0.0.1} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS} < /dev/null >> ${LOGFILE} 2>&1" ExecStartPost=/bin/bash -c "echo $MAINPID > /var/run/jitsi-videobridge/jitsi-videobridge.pid" [Install] From f021c4c06218f7a0ceae39faa5f842761dabcc72 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 18 Jun 2020 16:16:02 +0200 Subject: [PATCH 32/57] Make P2P working again --- conf/metronome.cfg.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 0d7769b..e77e213 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -50,7 +50,7 @@ VirtualHost "__DOMAIN__" Component "conference.__DOMAIN__" "muc" modules_enabled = { "muc_meeting_id"; - "muc_domain_mapper"; + -- "muc_domain_mapper"; # Disable because it make p2p failed -- "token_verification"; } admins = { "__FOCUS_USER__@auth.__DOMAIN__" } From 92e58640d8e11f65d056cd953f783f9e40aaa25c Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 19 Jun 2020 04:34:21 +0200 Subject: [PATCH 33/57] No error in logs but still unable to connect even with two user using chrome --- conf/jitsi-jicofo-sip-communicator.properties | 1 + conf/jitsi-jicofo.config | 10 +++--- conf/jitsi-videobridge.config | 8 ++--- conf/jitsi-videobridge.service | 2 +- conf/metronome.cfg.lua | 33 ++++++++++++------- conf/nginx.conf | 6 ++-- scripts/install | 15 +++++++-- scripts/restore | 2 +- scripts/upgrade | 7 ++-- 9 files changed, 53 insertions(+), 31 deletions(-) diff --git a/conf/jitsi-jicofo-sip-communicator.properties b/conf/jitsi-jicofo-sip-communicator.properties index 8ca1252..a30f768 100644 --- a/conf/jitsi-jicofo-sip-communicator.properties +++ b/conf/jitsi-jicofo-sip-communicator.properties @@ -1 +1,2 @@ org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.__DOMAIN__ +org.jitsi.jicofo.health.ENABLE_HEALTH_CHECKS=true diff --git a/conf/jitsi-jicofo.config b/conf/jitsi-jicofo.config index 08eebf6..326a32d 100644 --- a/conf/jitsi-jicofo.config +++ b/conf/jitsi-jicofo.config @@ -5,18 +5,18 @@ JICOFO_HOST=127.0.0.1 # sets the XMPP domain (default: none) JICOFO_HOSTNAME=__DOMAIN__ -# sets the secret used to authenticate as an XMPP component -JICOFO_SECRET=__FOCUS_SECRET__ - # sets the port to use for the XMPP component connection JICOFO_PORT=__PORT_COMPONENT__ -# sets the XMPP domain name to use for XMPP user logins -JICOFO_AUTH_DOMAIN=auth.__DOMAIN__ +# sets the secret used to authenticate as an XMPP component +JICOFO_SECRET=__FOCUS_SECRET__ # sets the username to use for XMPP user logins JICOFO_AUTH_USER=__FOCUS_USER__ +# sets the XMPP domain name to use for XMPP user logins +JICOFO_AUTH_DOMAIN=auth.__DOMAIN__ + # sets the password to use for XMPP user logins JICOFO_AUTH_PASSWORD=__FOCUS_PASSWORD__ diff --git a/conf/jitsi-videobridge.config b/conf/jitsi-videobridge.config index 8dd4059..f8ad055 100644 --- a/conf/jitsi-videobridge.config +++ b/conf/jitsi-videobridge.config @@ -1,11 +1,11 @@ # Jitsi Videobridge settings +# sets the hostname of the XMPP server (default: domain if set, 127.0.0.1 otherwise) +JVB_HOST=127.0.0.1 + # sets the XMPP domain (default: none) JVB_HOSTNAME=__DOMAIN__ -# sets the hostname of the XMPP server (default: domain if set, localhost otherwise) -JVB_HOST= - # sets the port of the XMPP server (default: 5275) JVB_PORT=__PORT_COMPONENT__ @@ -13,7 +13,7 @@ JVB_PORT=__PORT_COMPONENT__ JVB_SECRET=__VIDEOBRIDGE_SECRET__ # extra options to pass to the JVB daemon -JVB_OPTS="--apis=," +JVB_OPTS="–apis=xmpp,rest" # adds java system props that are passed to jvb (default are for home and logging config file) diff --git a/conf/jitsi-videobridge.service b/conf/jitsi-videobridge.service index bc93d5f..4341d1a 100644 --- a/conf/jitsi-videobridge.service +++ b/conf/jitsi-videobridge.service @@ -18,7 +18,7 @@ TasksMax=65000 LimitNPROC=65000 LimitNOFILE=65000 WorkingDirectory=__FINALPATH__/jitsi-videobridge/ -ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=$${JVB_HOST:-127.0.0.1} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS} < /dev/null >> ${LOGFILE} 2>&1" +ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=${JVB_HOST} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS} < /dev/null >> ${LOGFILE} 2>&1" ExecStartPost=/bin/bash -c "echo $MAINPID > /var/run/jitsi-videobridge/jitsi-videobridge.pid" [Install] diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index e77e213..824a977 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -1,12 +1,13 @@ component_ports = { __PORT_COMPONENT__ } + +-- Make the focus user a global administrator +admins = { "__FOCUS_USER__@auth.__DOMAIN__" } + -- c2s_require_encryption = false --Why would it be needed? -- s2s_secure_auth = false plugin_paths = { "__FINAL_PATH__/jitsi-meet-prosody/" } --- Make the focus user a global administrator -admins = { "__FOCUS_USER__@auth.__DOMAIN__" } - -- domain mapper options, must at least have domain base set to use the mapper muc_mapper_domain_base = "__DOMAIN__"; @@ -15,10 +16,10 @@ consider_bosh_secure = true; VirtualHost "__DOMAIN__" authentication = "anonymous" - -- Properties below are modified by jitsi-meet-tokens package config - -- and authentication above is switched to "token" - --app_id="example_app_id" - --app_secret="example_app_secret" + -- Properties below are modified by jitsi-meet-tokens package config + -- and authentication above is switched to "token" + --app_id="example_app_id" + --app_secret="example_app_secret" -- Assign this host a certificate for TLS, otherwise it would use the one -- set in the global section (if any). -- Note that old-style SSL on port 5223 only supports one certificate, and will always @@ -31,9 +32,11 @@ VirtualHost "__DOMAIN__" conference_duration_component = "conferenceduration.__DOMAIN__" -- we need bosh modules_enabled = { + "bosh"; "pubsub"; "ping"; -- Enable mod_ping "speakerstats"; + -- "turncredentials"; "conference_duration"; "extdisco"; } @@ -48,35 +51,43 @@ VirtualHost "__DOMAIN__" } Component "conference.__DOMAIN__" "muc" + storage = "internal" modules_enabled = { "muc_meeting_id"; - -- "muc_domain_mapper"; # Disable because it make p2p failed + "muc_domain_mapper"; -- "token_verification"; } admins = { "__FOCUS_USER__@auth.__DOMAIN__" } allow_anonymous_creation = true instant_room_on_creation = true - room_default_whois = "anyone" + room_default_config = { + whois = "anyone"; + } -- internal muc component Component "internal.auth.__DOMAIN__" "muc" + storage = "internal" modules_enabled = { "ping"; } admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" } instant_room_on_creation = true - room_default_whois = "anyone" + room_default_config = { + whois = "anyone"; + } VirtualHost "auth.__DOMAIN__" ssl = { key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem"; certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem"; } - storage = "internal" authentication = "internal_plain" Component "focus.__DOMAIN__" component_secret = "__FOCUS_SECRET__" + +Component "jitsi-videobridge.__DOMAIN__" + component_secret = "__VIDEOBRIDGE_SECRET__" Component "speakerstats.__DOMAIN__" "speakerstats_component" muc_component = "conference.__DOMAIN__" diff --git a/conf/nginx.conf b/conf/nginx.conf index fc29336..586a961 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -24,9 +24,11 @@ location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|. # BOSH location = /http-bind { - proxy_pass http://127.0.0.1:5290/http-bind; + proxy_pass http://127.0.0.1:5290/http-bind; + proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $http_host; + proxy_buffering off; + tcp_nodelay on; } # xmpp websockets diff --git a/scripts/install b/scripts/install index 32a978a..2471d61 100644 --- a/scripts/install +++ b/scripts/install @@ -35,6 +35,9 @@ videobridge_secret=$(ynh_string_random --length=8) #YOURSECRET2 focus_secret=$(ynh_string_random --length=8) +#OTHER SECRET +turn_secret=$(ynh_string_random --length=8) + focus_user="focus" videobridge_user="jvb" @@ -60,6 +63,7 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=focus_password --value=$focus_password ynh_app_setting_set --app=$app --key=videobridge_secret --value=$videobridge_secret ynh_app_setting_set --app=$app --key=focus_secret --value=$focus_secret +ynh_app_setting_set --app=$app --key=turn_secret --value=$turn_secret ynh_app_setting_set --app=$app --key=focus_user --value=$focus_user ynh_app_setting_set --app=$app --key=videobridge_user --value=$videobridge_user @@ -136,6 +140,9 @@ for directory in $final_path/jitsi-meet-prosody/*/; do done done +# workaround for mod_muc_domain_mapper +ynh_replace_string --match_string="module:log(\"debug\"" --replace_string="-- module:log(\"debug\"" --target_file="$final_path/jitsi-meet-prosody/mod_muc_domain_mapper.lua" + #================================================= # NGINX CONFIGURATION #================================================= @@ -173,9 +180,11 @@ ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_c ynh_replace_string --match_string="__FINAL_PATH__" --replace_string="$final_path" --target_file="$metronome_conf" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$metronome_conf" ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$metronome_conf" +ynh_replace_string --match_string="__TURN_SECRET__" --replace_string="$turn_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="$metronome_conf" ynh_replace_string --match_string="__VIDEOBRIDGE_USER__" --replace_string="$videobridge_user" --target_file="$metronome_conf" +ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$metronome_conf" touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" @@ -262,8 +271,8 @@ ynh_script_progression --message="Configuring Jitsi-Meet..." mkdir -p "/etc/$app/meet" jitsi_meet_conf="/etc/$app/meet/$domain-config.js" -cp ../conf/config.js "$jitsi_meet_conf" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_meet_conf" +ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/config.js" +cpp -undef -P ../conf/config.js -o "$jitsi_meet_conf" #================================================= # CREATE LOG DIR @@ -330,8 +339,8 @@ yunohost service add $app-jicofo --description "$app jitsi-jicofo for jitsi" --l ynh_script_progression --message="Starting a systemd service..." # Start a systemd service -ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log" +ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" #================================================= # SETUP SSOWAT diff --git a/scripts/restore b/scripts/restore index 523384c..10c76f1 100644 --- a/scripts/restore +++ b/scripts/restore @@ -165,8 +165,8 @@ yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log" #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log" +ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 2c6673a..3417659 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -274,13 +274,12 @@ fi #================================================= ynh_script_progression --message="Configuring Jitsi-Meet..." - if [ "$upgrade_type" == "UPGRADE_APP" ] then jitsi_meet_conf="/etc/$app/meet/config.js" ynh_backup_if_checksum_is_different --file="$jitsi_meet_conf" - cp ../conf/config.js "$jitsi_meet_conf" - ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_meet_conf" + ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/config.js" + cpp -undef -P ../conf/config.js -o "$jitsi_meet_conf" ynh_store_file_checksum --file="$jitsi_meet_conf" fi @@ -327,8 +326,8 @@ yunohost service add $app-jicofo --description "$app jitsi-jicofo for jitsi" --l #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log" +ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" #================================================= # SETUP SSOWAT From 29c9f38d3c3de970de73fe3559664ed39258b975 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 16 Dec 2020 11:00:03 +0100 Subject: [PATCH 34/57] 1.0.4466 --- README.md | 2 +- README_fr.md | 2 +- conf/jicofo.src | 4 ++-- conf/jitsi-meet-prosody.src | 4 ++-- conf/jitsi-meet-web.src | 4 ++-- conf/jitsi-videobridge.config | 2 +- conf/jitsi-videobridge.src | 4 ++-- manifest.json | 2 +- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 30b5ebd..2759173 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Videobridge to provide high quality, secure, and scalable video conferences. -**Shipped version:** 1.0.4127 +**Shipped version:** 1.0.4466 ## Important points before installing diff --git a/README_fr.md b/README_fr.md index 1dbfb07..db31ceb 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install ## Vue d'ensemble Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Javascript, propose des vidéos-conférences de haute qualité, sécurisées et évolutives. -**Version actuelle :** 1.0.4127 +**Version actuelle :** 1.0.4466 ## Points importants à préparer avant l'installation diff --git a/conf/jicofo.src b/conf/jicofo.src index 9670fa7..162ef71 100644 --- a/conf/jicofo.src +++ b/conf/jicofo.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-589-1_all.deb -SOURCE_SUM=29973b40292f8d017e1dfe718ac18e08908edd3b9e5039934eae67c1ab7d4a2f +SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-644-1_all.deb +SOURCE_SUM=3bb26605f64becbf29a2d9b1ef75ff8ef8536732c5fb93371789ddadae1077a4 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-meet-prosody.src b/conf/jitsi-meet-prosody.src index 85d2876..a579490 100644 --- a/conf/jitsi-meet-prosody.src +++ b/conf/jitsi-meet-prosody.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.4127-1_all.deb -SOURCE_SUM=bc72563dfe0bd5c1b6516fc824a48038597a56626d78af0e19484e8283da8475 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.4466-1_all.deb +SOURCE_SUM=8fd9a721cdeca7f88c825034679514ddb9c75c81dd615966f3fc3bd09812ea05 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-meet-web.src b/conf/jitsi-meet-web.src index 229a29e..777fecb 100644 --- a/conf/jitsi-meet-web.src +++ b/conf/jitsi-meet-web.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.4127-1_all.deb -SOURCE_SUM=085fe0b5e576636a83743727b4934ce1c7d8f9c93353d361b5e15acb49737941 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.4466-1_all.deb +SOURCE_SUM=1129e848b5b1711ca41d160658033f6a427d1eb9f961a168df7bda6ab1180b01 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-videobridge.config b/conf/jitsi-videobridge.config index f8ad055..795b4eb 100644 --- a/conf/jitsi-videobridge.config +++ b/conf/jitsi-videobridge.config @@ -13,7 +13,7 @@ JVB_PORT=__PORT_COMPONENT__ JVB_SECRET=__VIDEOBRIDGE_SECRET__ # extra options to pass to the JVB daemon -JVB_OPTS="–apis=xmpp,rest" +JVB_OPTS="–-apis=xmpp,rest" # adds java system props that are passed to jvb (default are for home and logging config file) diff --git a/conf/jitsi-videobridge.src b/conf/jitsi-videobridge.src index a9d7c4a..8554e9c 100644 --- a/conf/jitsi-videobridge.src +++ b/conf/jitsi-videobridge.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-202-g5f9377b9-1_all.deb -SOURCE_SUM=0afce2a9c591e72a69c28665f8bf48d5e9d3a4e253e6be8737b1913f4d25b29b +SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-376-g9f12bfe2-1_all.deb +SOURCE_SUM=06594db323a76d76a78c6085a9f3042a1f21e641d9abd1c31b20edfd0eaa5a3b SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index e270e31..e55b926 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Video conferencing web application", "fr": "Application web de conférence vidéo" }, - "version": "1.0.4127~ynh1", + "version": "1.0.4466~ynh1", "url": "https://jitsi.org/Projects/JitMeet", "license": "Apache-2.0", "maintainer": { From 805e8496feda51f8d8490498eb1e01587eeefbbe Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 16 Dec 2020 12:20:38 +0100 Subject: [PATCH 35/57] fix JVB_OPTS --- conf/jitsi-videobridge.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/jitsi-videobridge.config b/conf/jitsi-videobridge.config index 795b4eb..5280acf 100644 --- a/conf/jitsi-videobridge.config +++ b/conf/jitsi-videobridge.config @@ -13,7 +13,7 @@ JVB_PORT=__PORT_COMPONENT__ JVB_SECRET=__VIDEOBRIDGE_SECRET__ # extra options to pass to the JVB daemon -JVB_OPTS="–-apis=xmpp,rest" +JVB_OPTS="--apis=xmpp,rest" # adds java system props that are passed to jvb (default are for home and logging config file) From 2b1447410cfef84a88a0f2b0835f708988264fea Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 3 Feb 2022 03:00:20 +0100 Subject: [PATCH 36/57] with prosody --- .../ISSUE_TEMPLATE.md | 39 +- .github/PULL_REQUEST_TEMPLATE.md | 16 + check_process | 13 +- conf/config.js | 595 -------- conf/jicofo.src | 7 - ...itsi-jicofo.config => jitsi-jicofo-config} | 12 +- conf/jitsi-jicofo-jicofo.conf | 13 + conf/jitsi-jicofo-logging.properties | 25 +- conf/jitsi-jicofo-sip-communicator.properties | 2 - conf/jitsi-jicofo.service | 4 +- conf/jitsi-jicofo.src | 7 + conf/jitsi-meet-config.js | 1264 +++++++++++++++++ conf/jitsi-meet-prosody.src | 4 +- conf/jitsi-meet-web.src | 4 +- .../jitsi-videobridge-20-jvb-udp-buffers.conf | 3 - conf/jitsi-videobridge-jvb.conf | 12 + conf/jitsi-videobridge-log4j2.xml | 33 - conf/jitsi-videobridge-logging.properties | 31 +- conf/jitsi-videobridge.config | 12 +- conf/jitsi-videobridge.src | 4 +- conf/metronome.cfg.lua | 96 -- conf/metronome_regen_conf.hook | 29 - conf/nginx.conf | 36 +- conf/prosody.cfg.lua | 128 ++ doc/.gitkeep | 0 doc/DESCRIPTION.md | 9 + doc/DESCRIPTION_fr.md | 8 + doc/DISCLAIMER.md | 9 + doc/DISCLAIMER_fr.md | 9 + doc/screenshots/.gitkeep | 0 doc/screenshots/screenshot.png | Bin 0 -> 128953 bytes manifest.json | 16 +- pull_request_template.md | 18 - scripts/backup | 27 +- scripts/install | 177 +-- scripts/remove | 98 +- scripts/restore | 84 +- scripts/upgrade | 128 +- 38 files changed, 1753 insertions(+), 1219 deletions(-) rename issue_template.md => .github/ISSUE_TEMPLATE.md (51%) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md delete mode 100644 conf/config.js delete mode 100644 conf/jicofo.src rename conf/{jitsi-jicofo.config => jitsi-jicofo-config} (56%) create mode 100644 conf/jitsi-jicofo-jicofo.conf delete mode 100644 conf/jitsi-jicofo-sip-communicator.properties create mode 100644 conf/jitsi-jicofo.src create mode 100644 conf/jitsi-meet-config.js delete mode 100644 conf/jitsi-videobridge-20-jvb-udp-buffers.conf create mode 100644 conf/jitsi-videobridge-jvb.conf delete mode 100644 conf/jitsi-videobridge-log4j2.xml delete mode 100644 conf/metronome.cfg.lua delete mode 100644 conf/metronome_regen_conf.hook create mode 100644 conf/prosody.cfg.lua create mode 100644 doc/.gitkeep create mode 100644 doc/DESCRIPTION.md create mode 100644 doc/DESCRIPTION_fr.md create mode 100644 doc/DISCLAIMER.md create mode 100644 doc/DISCLAIMER_fr.md create mode 100644 doc/screenshots/.gitkeep create mode 100644 doc/screenshots/screenshot.png delete mode 100644 pull_request_template.md diff --git a/issue_template.md b/.github/ISSUE_TEMPLATE.md similarity index 51% rename from issue_template.md rename to .github/ISSUE_TEMPLATE.md index e0a5b5b..2729a6b 100644 --- a/issue_template.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,46 +1,55 @@ --- name: Bug report -about: Create a report to help us debug, it would be nice to fill the template as much as you can to help us, help you and help us all. +about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently. --- **How to post a meaningful bug report** 1. *Read this whole template first.* 2. *Determine if you are on the right place:* - - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change url...), you are on the right place!* - - *Otherwise, the issue may be due to Jitsi Meet itself. Refer to its documentation or repository for help.* - - *If you have a doubt, post here, we will figure it out together.* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* + - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* + - *When in doubt, post here and we will figure it out together.* 3. *Delete the italic comments as you write over them below, and remove this guide.* --- -**Describe the bug** +### Describe the bug + *A clear and concise description of what the bug is.* -**Versions** +### Context + - Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* - YunoHost version: x.x.x - I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* -- Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: *no / yes* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* - If yes, please explain: - Using, or trying to install package version/branch: - If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* -**To Reproduce** -*Steps to reproduce the behavior.* +### Steps to reproduce + - *If you performed a command from the CLI, the command itself is enough. For example:* ```sh - sudo yunohost app install jitsi + sudo yunohost app install the_app ``` - *If you used the webadmin, please perform the equivalent command from the CLI first.* - *If the error occurs in your browser, explain what you did:* 1. *Go to '...'* - 2. *Click on '....'* - 3. *Scroll down to '....'* + 2. *Click on '...'* + 3. *Scroll down to '...'* 4. *See error* -**Expected behavior** +### Expected behavior + *A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* -**Logs** -*After a failed command, YunoHost makes the log available to you, but also to others, thanks to `yunohost log display [log name] --share`. The actual command, with the correct log name, is displayed at the end of the failed attempt in the CLI. Execute it and copy here the share link it outputs.* +### Logs + +*When an operation fails, YunoHost provides a simple way to share the logs.* +- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.* +- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.* + +*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)* + *If applicable and useful, add screenshots to help explain your problem.* diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) diff --git a/check_process b/check_process index b6e7fdf..6f1ce97 100644 --- a/check_process +++ b/check_process @@ -1,11 +1,6 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) + domain="domain.tld" ; Checks pkg_linter=1 setup_sub_dir=0 @@ -18,13 +13,8 @@ upgrade=1 from_commit=7e81cff25dd5a85a5f9b97299b2dc251f2725d4b backup_restore=1 multi_instance=0 - # This test is no longer necessary since the version 2.7 (PR: https://github.com/YunoHost/yunohost/pull/304), you can still do it if your app could be installed with this version. - # incorrect_path=1 port_already_use=0 change_url=0 -;;; Levels - # If the level 5 (Package linter) is forced to 1. Please add justifications here. - Level 5=auto ;;; Options Email=yalh@yahoo.com Notification=all @@ -32,4 +22,3 @@ Notification=all ; commit=7e81cff25dd5a85a5f9b97299b2dc251f2725d4b name=1.0.3729~ynh1 manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666& - diff --git a/conf/config.js b/conf/config.js deleted file mode 100644 index 11acce7..0000000 --- a/conf/config.js +++ /dev/null @@ -1,595 +0,0 @@ -/* eslint-disable no-unused-vars, no-var */ - -var config = { - // Connection - // - - hosts: { - // XMPP domain. - domain: '__DOMAIN__', - - // When using authentication, domain for guest users. - // anonymousdomain: 'guest.example.com', - - // Domain for authenticated users. Defaults to . - // authdomain: '__DOMAIN__', - - // Jirecon recording component domain. - // jirecon: 'jirecon.__DOMAIN__', - - // Call control component (Jigasi). - // call_control: 'callcontrol.__DOMAIN__', - - // Focus component domain. Defaults to focus.. - // focus: 'focus.__DOMAIN__', - - // XMPP MUC domain. FIXME: use XEP-0030 to discover it. - muc: 'conference.__DOMAIN__' - }, - - // BOSH URL. FIXME: use XEP-0156 to discover it. - bosh: '//__DOMAIN__/http-bind', - - // Websocket URL - // websocket: 'wss://__DOMAIN__/xmpp-websocket', - - // The name of client node advertised in XEP-0115 'c' stanza - clientNode: 'http://jitsi.org/jitsimeet', - - // The real JID of focus participant - can be overridden here - // focusUserJid: 'focus@auth.__DOMAIN__', - - - // Testing / experimental features. - // - - testing: { - // P2P test mode disables automatic switching to P2P when there are 2 - // participants in the conference. - p2pTestMode: false - - // Enables the test specific features consumed by jitsi-meet-torture - // testMode: false - - // Disables the auto-play behavior of *all* newly created video element. - // This is useful when the client runs on a host with limited resources. - // noAutoPlayVideo: false - - // Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled, - // simulcast is turned off for the desktop share. If presenter is turned - // on while screensharing is in progress, the max bitrate is automatically - // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines - // the probability for this to be enabled. - // capScreenshareBitrate: 1 // 0 to disable - }, - - // Disables ICE/UDP by filtering out local and remote UDP candidates in - // signalling. - // webrtcIceUdpDisable: false, - - // Disables ICE/TCP by filtering out local and remote TCP candidates in - // signalling. - // webrtcIceTcpDisable: false, - - - // Media - // - - // Audio - - // Disable measuring of audio levels. - // disableAudioLevels: false, - // audioLevelsInterval: 200, - - // Enabling this will run the lib-jitsi-meet no audio detection module which - // will notify the user if the current selected microphone has no audio - // input and will suggest another valid device if one is present. - enableNoAudioDetection: true, - - // Enabling this will run the lib-jitsi-meet noise detection module which will - // notify the user if there is noise, other than voice, coming from the current - // selected microphone. The purpose it to let the user know that the input could - // be potentially unpleasant for other meeting participants. - enableNoisyMicDetection: true, - - // Start the conference in audio only mode (no video is being received nor - // sent). - // startAudioOnly: false, - - // Every participant after the Nth will start audio muted. - // startAudioMuted: 10, - - // Start calls with audio muted. Unlike the option above, this one is only - // applied locally. FIXME: having these 2 options is confusing. - // startWithAudioMuted: false, - - // Enabling it (with #params) will disable local audio output of remote - // participants and to enable it back a reload is needed. - // startSilent: false - - // Video - - // Sets the preferred resolution (height) for local video. Defaults to 720. - // resolution: 720, - - // w3c spec-compliant video constraints to use for video capture. Currently - // used by browsers that return true from lib-jitsi-meet's - // util#browser#usesNewGumFlow. The constraints are independent from - // this config's resolution value. Defaults to requesting an ideal - // resolution of 720p. - // constraints: { - // video: { - // height: { - // ideal: 720, - // max: 720, - // min: 240 - // } - // } - // }, - - // Enable / disable simulcast support. - // disableSimulcast: false, - - // Enable / disable layer suspension. If enabled, endpoints whose HD - // layers are not in use will be suspended (no longer sent) until they - // are requested again. - // enableLayerSuspension: false, - - // Every participant after the Nth will start video muted. - // startVideoMuted: 10, - - // Start calls with video muted. Unlike the option above, this one is only - // applied locally. FIXME: having these 2 options is confusing. - // startWithVideoMuted: false, - - // If set to true, prefer to use the H.264 video codec (if supported). - // Note that it's not recommended to do this because simulcast is not - // supported when using H.264. For 1-to-1 calls this setting is enabled by - // default and can be toggled in the p2p section. - // preferH264: true, - - // If set to true, disable H.264 video codec by stripping it out of the - // SDP. - // disableH264: false, - - // Desktop sharing - - // The ID of the jidesha extension for Chrome. - desktopSharingChromeExtId: null, - - // Whether desktop sharing should be disabled on Chrome. - // desktopSharingChromeDisabled: false, - - // The media sources to use when using screen sharing with the Chrome - // extension. - desktopSharingChromeSources: [ 'screen', 'window', 'tab' ], - - // Required version of Chrome extension - desktopSharingChromeMinExtVersion: '0.1', - - // Whether desktop sharing should be disabled on Firefox. - // desktopSharingFirefoxDisabled: false, - - // Optional desktop sharing frame rate options. Default value: min:5, max:5. - // desktopSharingFrameRate: { - // min: 5, - // max: 5 - // }, - - // Try to start calls with screen-sharing instead of camera video. - // startScreenSharing: false, - - // Recording - - // Whether to enable file recording or not. - // fileRecordingsEnabled: false, - // Enable the dropbox integration. - // dropbox: { - // appKey: '' // Specify your app key here. - // // A URL to redirect the user to, after authenticating - // // by default uses: - // // 'https://jitsi-meet.example.com/static/oauth.html' - // redirectURI: - // 'https://jitsi-meet.example.com/subfolder/static/oauth.html' - // }, - // When integrations like dropbox are enabled only that will be shown, - // by enabling fileRecordingsServiceEnabled, we show both the integrations - // and the generic recording service (its configuration and storage type - // depends on jibri configuration) - // fileRecordingsServiceEnabled: false, - // Whether to show the possibility to share file recording with other people - // (e.g. meeting participants), based on the actual implementation - // on the backend. - // fileRecordingsServiceSharingEnabled: false, - - // Whether to enable live streaming or not. - // liveStreamingEnabled: false, - - // Transcription (in interface_config, - // subtitles and buttons can be configured) - // transcribingEnabled: false, - - // Enables automatic turning on captions when recording is started - // autoCaptionOnRecord: false, - - // Misc - - // Default value for the channel "last N" attribute. -1 for unlimited. - channelLastN: -1, - - // // Options for the recording limit notification. - // recordingLimit: { - // - // // The recording limit in minutes. Note: This number appears in the notification text - // // but doesn't enforce the actual recording time limit. This should be configured in - // // jibri! - // limit: 60, - // - // // The name of the app with unlimited recordings. - // appName: 'Unlimited recordings APP', - // - // // The URL of the app with unlimited recordings. - // appURL: 'https://unlimited.recordings.app.com/' - // }, - - // Disables or enables RTX (RFC 4588) (defaults to false). - // disableRtx: false, - - // Disables or enables TCC (the default is in Jicofo and set to true) - // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting - // affects congestion control, it practically enables send-side bandwidth - // estimations. - // enableTcc: true, - - // Disables or enables REMB (the default is in Jicofo and set to false) - // (draft-alvestrand-rmcat-remb-03). This setting affects congestion - // control, it practically enables recv-side bandwidth estimations. When - // both TCC and REMB are enabled, TCC takes precedence. When both are - // disabled, then bandwidth estimations are disabled. - // enableRemb: false, - - // Enables ICE restart logic in LJM and displays the page reload overlay on - // ICE failure. Current disabled by default because it's causing issues with - // signaling when Octo is enabled. Also when we do an "ICE restart"(which is - // not a real ICE restart), the client maintains the TCC sequence number - // counter, but the bridge resets it. The bridge sends media packets with - // TCC sequence numbers starting from 0. - // enableIceRestart: false, - - // Defines the minimum number of participants to start a call (the default - // is set in Jicofo and set to 2). - // minParticipants: 2, - - // Use the TURN servers discovered via XEP-0215 for the jitsi-videobridge - // connection - // useStunTurn: true, - - // Use TURN/UDP servers for the jitsi-videobridge connection (by default - // we filter out TURN/UDP because it is usually not needed since the - // bridge itself is reachable via UDP) - // useTurnUdp: false - - // Enables / disables a data communication channel with the Videobridge. - // Values can be 'datachannel', 'websocket', true (treat it as - // 'datachannel'), undefined (treat it as 'datachannel') and false (don't - // open any channel). - // openBridgeChannel: true, - - - // UI - // - - // Require users to always specify a display name. - // requireDisplayName: true, - - // Whether to use a welcome page or not. In case it's false a random room - // will be joined when no room is specified. - enableWelcomePage: true, - - // Enabling the close page will ignore the welcome page redirection when - // a call is hangup. - // enableClosePage: false, - - // Disable hiding of remote thumbnails when in a 1-on-1 conference call. - // disable1On1Mode: false, - - // Default language for the user interface. - // defaultLanguage: 'en', - - // If true all users without a token will be considered guests and all users - // with token will be considered non-guests. Only guests will be allowed to - // edit their profile. - enableUserRolesBasedOnToken: false, - - // Whether or not some features are checked based on token. - // enableFeaturesBasedOnToken: false, - - // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests. - // lockRoomGuestEnabled: false, - - // When enabled the password used for locking a room is restricted to up to the number of digits specified - // roomPasswordNumberOfDigits: 10, - // default: roomPasswordNumberOfDigits: false, - - // Message to show the users. Example: 'The service will be down for - // maintenance at 01:00 AM GMT, - // noticeMessage: '', - - // Enables calendar integration, depends on googleApiApplicationClientID - // and microsoftApiApplicationClientID - // enableCalendarIntegration: false, - - // When 'true', it shows an intermediate page before joining, where the user can configure its devices. - // prejoinPageEnabled: false, - - // If true, shows the unsafe roon name warning label when a room name is - // deemed unsafe (due to the simplicity in the name) and a password is not - // set or the lobby is not enabled. - // enableInsecureRoomNameWarning: false, - - // Stats - // - - // Whether to enable stats collection or not in the TraceablePeerConnection. - // This can be useful for debugging purposes (post-processing/analysis of - // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth - // estimation tests. - // gatherStats: false, - - // The interval at which PeerConnection.getStats() is called. Defaults to 10000 - // pcStatsInterval: 10000, - - // To enable sending statistics to callstats.io you must provide the - // Application ID and Secret. - // callStatsID: '', - // callStatsSecret: '', - - // enables sending participants display name to callstats - // enableDisplayNameInStats: false, - - // enables sending participants email if available to callstats and other analytics - // enableEmailInStats: false, - - // Privacy - // - - // If third party requests are disabled, no other server will be contacted. - // This means avatars will be locally generated and callstats integration - // will not function. - // disableThirdPartyRequests: false, - - - // Peer-To-Peer mode: used (if enabled) when there are just 2 participants. - // - - p2p: { - // Enables peer to peer mode. When enabled the system will try to - // establish a direct connection when there are exactly 2 participants - // in the room. If that succeeds the conference will stop sending data - // through the JVB and use the peer to peer connection instead. When a - // 3rd participant joins the conference will be moved back to the JVB - // connection. - enabled: true, - - // Use XEP-0215 to fetch STUN and TURN servers. - // useStunTurn: true, - - // The STUN servers that will be used in the peer to peer connections - stunServers: [ - - // { urls: 'stun:__DOMAIN__:4446' }, - { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } - ], - - // Sets the ICE transport policy for the p2p connection. At the time - // of this writing the list of possible values are 'all' and 'relay', - // but that is subject to change in the future. The enum is defined in - // the WebRTC standard: - // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum. - // If not set, the effective value is 'all'. - // iceTransportPolicy: 'all', - - // If set to true, it will prefer to use H.264 for P2P calls (if H.264 - // is supported). - preferH264: true - - // If set to true, disable H.264 video codec by stripping it out of the - // SDP. - // disableH264: false, - - // How long we're going to wait, before going back to P2P after the 3rd - // participant has left the conference (to filter out page reload). - // backToP2PDelay: 5 - }, - - analytics: { - // The Google Analytics Tracking ID: - // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' - - // Matomo configuration: - // matomoEndpoint: 'https://your-matomo-endpoint/', - // matomoSiteID: '42', - - // The Amplitude APP Key: - // amplitudeAPPKey: '' - - // Array of script URLs to load as lib-jitsi-meet "analytics handlers". - // scriptURLs: [ - // "libs/analytics-ga.min.js", // google-analytics - // "https://example.com/my-custom-analytics.js" - // ], - }, - - // Information about the jitsi-meet instance we are connecting to, including - // the user region as seen by the server. - deploymentInfo: { - // shard: "shard1", - // region: "europe", - // userRegion: "asia" - }, - - // Decides whether the start/stop recording audio notifications should play on record. - // disableRecordAudioNotification: false, - - // Information for the chrome extension banner - // chromeExtensionBanner: { - // // The chrome extension to be installed address - // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', - - // // Extensions info which allows checking if they are installed or not - // chromeExtensionsInfo: [ - // { - // id: 'kglhbbefdnlheedjiejgomgmfplipfeb', - // path: 'jitsi-logo-48x48.png' - // } - // ] - // }, - - // Local Recording - // - - // localRecording: { - // Enables local recording. - // Additionally, 'localrecording' (all lowercase) needs to be added to - // TOOLBAR_BUTTONS in interface_config.js for the Local Recording - // button to show up on the toolbar. - // - // enabled: true, - // - - // The recording format, can be one of 'ogg', 'flac' or 'wav'. - // format: 'flac' - // - - // }, - - // Options related to end-to-end (participant to participant) ping. - // e2eping: { - // // The interval in milliseconds at which pings will be sent. - // // Defaults to 10000, set to <= 0 to disable. - // pingInterval: 10000, - // - // // The interval in milliseconds at which analytics events - // // with the measured RTT will be sent. Defaults to 60000, set - // // to <= 0 to disable. - // analyticsInterval: 60000, - // }, - - // If set, will attempt to use the provided video input device label when - // triggering a screenshare, instead of proceeding through the normal flow - // for obtaining a desktop stream. - // NOTE: This option is experimental and is currently intended for internal - // use only. - // _desktopSharingSourceDevice: 'sample-id-or-label', - - // If true, any checks to handoff to another application will be prevented - // and instead the app will continue to display in the current browser. - // disableDeepLinking: false, - - // A property to disable the right click context menu for localVideo - // the menu has option to flip the locally seen video for local presentations - // disableLocalVideoFlip: false, - - // Mainly privacy related settings - - // Disables all invite functions from the app (share, invite, dial out...etc) - // disableInviteFunctions: true, - - // Disables storing the room name to the recents list - // doNotStoreRoom: true, - - // Deployment specific URLs. - // deploymentUrls: { - // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for - // // user documentation. - // userDocumentationURL: 'https://docs.example.com/video-meetings.html', - // // If specified a 'Download our apps' button will be displayed in the overflow menu with a link - // // to the specified URL for an app download page. - // downloadAppsUrl: 'https://docs.example.com/our-apps.html' - // }, - - // Options related to the remote participant menu. - // remoteVideoMenu: { - // // If set to true the 'Kick out' button will be disabled. - // disableKick: true - // }, - - // If set to true all muting operations of remote participants will be disabled. - // disableRemoteMute: true, - - /** - External API url used to receive branding specific information. - If there is no url set or there are missing fields, the defaults are applied. - None of the fieds are mandatory and the response must have the shape: - { - // The hex value for the colour used as background - backgroundColor: '#fff', - // The url for the image used as background - backgroundImageUrl: 'https://example.com/background-img.png', - // The anchor url used when clicking the logo image - logoClickUrl: 'https://example-company.org', - // The url used for the image used as logo - logoImageUrl: 'https://example.com/logo-img.png' - } - */ - // brandingDataUrl: '', - - // List of undocumented settings used in jitsi-meet - /** - _immediateReloadThreshold - autoRecord - autoRecordToken - debug - debugAudioLevels - deploymentInfo - dialInConfCodeUrl - dialInNumbersUrl - dialOutAuthUrl - dialOutCodesUrl - disableRemoteControl - displayJids - etherpad_base - externalConnectUrl - firefox_fake_device - googleApiApplicationClientID - iAmRecorder - iAmSipGateway - microsoftApiApplicationClientID - peopleSearchQueryTypes - peopleSearchUrl - requireDisplayName - tokenAuthUrl - */ - - // List of undocumented settings used in lib-jitsi-meet - /** - _peerConnStatusOutOfLastNTimeout - _peerConnStatusRtcMuteTimeout - abTesting - avgRtpStatsN - callStatsConfIDNamespace - callStatsCustomScriptUrl - desktopSharingSources - disableAEC - disableAGC - disableAP - disableHPF - disableNS - enableLipSync - enableTalkWhileMuted - forceJVB121Ratio - hiddenDomain - ignoreStartMuted - nick - startBitrate - */ - - - // Allow all above example options to include a trailing comma and - // prevent fear when commenting out the last value. - makeJsonParserHappy: 'even if last key had a trailing comma' - - // no configuration value should follow this line. -}; - -/* eslint-enable no-unused-vars, no-var */ diff --git a/conf/jicofo.src b/conf/jicofo.src deleted file mode 100644 index 162ef71..0000000 --- a/conf/jicofo.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-644-1_all.deb -SOURCE_SUM=3bb26605f64becbf29a2d9b1ef75ff8ef8536732c5fb93371789ddadae1077a4 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=deb -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=jicofo.deb -SOURCE_EXTRACT=false \ No newline at end of file diff --git a/conf/jitsi-jicofo.config b/conf/jitsi-jicofo-config similarity index 56% rename from conf/jitsi-jicofo.config rename to conf/jitsi-jicofo-config index 326a32d..15ee558 100644 --- a/conf/jitsi-jicofo.config +++ b/conf/jitsi-jicofo-config @@ -5,18 +5,12 @@ JICOFO_HOST=127.0.0.1 # sets the XMPP domain (default: none) JICOFO_HOSTNAME=__DOMAIN__ -# sets the port to use for the XMPP component connection -JICOFO_PORT=__PORT_COMPONENT__ - -# sets the secret used to authenticate as an XMPP component -JICOFO_SECRET=__FOCUS_SECRET__ +# sets the XMPP domain name to use for XMPP user logins +JICOFO_AUTH_DOMAIN=auth.__DOMAIN__ # sets the username to use for XMPP user logins JICOFO_AUTH_USER=__FOCUS_USER__ -# sets the XMPP domain name to use for XMPP user logins -JICOFO_AUTH_DOMAIN=auth.__DOMAIN__ - # sets the password to use for XMPP user logins JICOFO_AUTH_PASSWORD=__FOCUS_PASSWORD__ @@ -24,4 +18,4 @@ JICOFO_AUTH_PASSWORD=__FOCUS_PASSWORD__ JICOFO_OPTS="" # adds java system props that are passed to jicofo (default are for home and logging config file) -JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/jicofo/logging.properties" +JAVA_SYS_PROPS="-Dconfig.file=/etc/__APP__/jicofo/jicofo.conf -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/jicofo/logging.properties" diff --git a/conf/jitsi-jicofo-jicofo.conf b/conf/jitsi-jicofo-jicofo.conf new file mode 100644 index 0000000..c1b7c15 --- /dev/null +++ b/conf/jitsi-jicofo-jicofo.conf @@ -0,0 +1,13 @@ +# Jicofo HOCON configuration. See reference.conf in /usr/share/jicofo/jicofo.jar for +#available options, syntax, and default values. +jicofo { + xmpp: { + client: { + client-proxy: focus.__DOMAIN__ + } + trusted-domains: [ "recorder.__DOMAIN__" ] + } + bridge: { + brewery-jid: "JvbBrewery@internal.auth.__DOMAIN__" + } +} diff --git a/conf/jitsi-jicofo-logging.properties b/conf/jitsi-jicofo-logging.properties index 078e3e1..7181e26 100644 --- a/conf/jitsi-jicofo-logging.properties +++ b/conf/jitsi-jicofo-logging.properties @@ -6,23 +6,14 @@ handlers= java.util.logging.ConsoleHandler # Handlers with syslog enabled: #handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler +#handlers= java.util.logging.ConsoleHandler, io.sentry.jul.SentryHandler java.util.logging.ConsoleHandler.level = ALL -java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter +java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter java.util.logging.ConsoleHandler.filter = org.jitsi.impl.protocol.xmpp.log.ExcludeXmppPackets -net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo - +org.jitsi.utils.logging2.JitsiLogFormatter.programname=Jicofo .level=INFO -net.sf.level=SEVERE -net.java.sip.communicator.plugin.reconnectplugin.level=FINE -org.ice4j.level=SEVERE -org.jitsi.impl.neomedia.level=SEVERE - -# Do not worry about missing strings -net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE - -#net.java.sip.communicator.service.protocol.level=ALL # To enable XMPP packets logging add XmppPacketsFileHandler to the handlers property org.jitsi.impl.protocol.xmpp.log.PacketDebugger.level=ALL @@ -31,17 +22,17 @@ org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.append=true org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.limit=200000000 org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.count=3 -# Syslog(uncomment handler to use) +# Syslog (uncomment handler to use) com.agafua.syslog.SyslogHandler.transport = udp com.agafua.syslog.SyslogHandler.facility = local0 com.agafua.syslog.SyslogHandler.port = 514 -com.agafua.syslog.SyslogHandler.hostname = 127.0.0.1 -com.agafua.syslog.SyslogHandler.formatter = net.java.sip.communicator.util.ScLogFormatter +com.agafua.syslog.SyslogHandler.hostname = localhost +com.agafua.syslog.SyslogHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter com.agafua.syslog.SyslogHandler.escapeNewlines = false com.agafua.syslog.SyslogHandler.filter = org.jitsi.impl.protocol.xmpp.log.ExcludeXmppPackets -# to disable double timestamps in syslog uncomment next line -#net.java.sip.communicator.util.ScLogFormatter.disableTimestamp=true +# Sentry (uncomment handler to use) +io.sentry.jul.SentryHandler.level=WARNING # uncomment to see how Jicofo talks to the JVB #org.jitsi.impl.protocol.xmpp.colibri.level=ALL diff --git a/conf/jitsi-jicofo-sip-communicator.properties b/conf/jitsi-jicofo-sip-communicator.properties deleted file mode 100644 index a30f768..0000000 --- a/conf/jitsi-jicofo-sip-communicator.properties +++ /dev/null @@ -1,2 +0,0 @@ -org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.__DOMAIN__ -org.jitsi.jicofo.health.ENABLE_HEALTH_CHECKS=true diff --git a/conf/jitsi-jicofo.service b/conf/jitsi-jicofo.service index 339d861..a813643 100644 --- a/conf/jitsi-jicofo.service +++ b/conf/jitsi-jicofo.service @@ -6,8 +6,8 @@ After=network.target EnvironmentFile=/etc/__APP__/jicofo/config Environment=LOGFILE=/var/log/__APP__/jitsi-jicofo.log User=__APP__ -WorkingDirectory=__FINALPATH__/jicofo/ -ExecStart=/bin/bash -c "exec __FINALPATH__/jicofo/jicofo.sh --host=${JICOFO_HOST} --domain=${JICOFO_HOSTNAME} --port=${JICOFO_PORT} --secret=${JICOFO_SECRET} --user_name=${JICOFO_AUTH_USER} --user_domain=${JICOFO_AUTH_DOMAIN} --user_password=${JICOFO_AUTH_PASSWORD} ${JICOFO_OPTS} < /dev/null >> ${LOGFILE} 2>&1" +WorkingDirectory=__FINALPATH__/jitsi-jicofo/ +ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-jicofo/jicofo.sh --host=${JICOFO_HOST} --domain=${JICOFO_HOSTNAME} --port=${JICOFO_PORT} --secret=${JICOFO_SECRET} --user_name=${JICOFO_AUTH_USER} --user_domain=${JICOFO_AUTH_DOMAIN} --user_password=${JICOFO_AUTH_PASSWORD} ${JICOFO_OPTS} < /dev/null >> ${LOGFILE} 2>&1" [Install] WantedBy=multi-user.target diff --git a/conf/jitsi-jicofo.src b/conf/jitsi-jicofo.src new file mode 100644 index 0000000..569560d --- /dev/null +++ b/conf/jitsi-jicofo.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-846-1_all.deb +SOURCE_SUM=aac0143b8c83932d6f934a8b6fca54c75f541613aab8beb9e96ce5b0eb9051bf +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=deb +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME=jitsi-jicofo.deb +SOURCE_EXTRACT=false \ No newline at end of file diff --git a/conf/jitsi-meet-config.js b/conf/jitsi-meet-config.js new file mode 100644 index 0000000..011c458 --- /dev/null +++ b/conf/jitsi-meet-config.js @@ -0,0 +1,1264 @@ +/* eslint-disable no-unused-vars, no-var */ + +var config = { + // Connection + // + + hosts: { + // XMPP domain. + domain: '__DOMAIN__', + + // When using authentication, domain for guest users. + // anonymousdomain: 'guest.example.com', + + // Domain for authenticated users. Defaults to . + // authdomain: '__DOMAIN__', + + // Focus component domain. Defaults to focus.. + // focus: 'focus.__DOMAIN__', + + // XMPP MUC domain. FIXME: use XEP-0030 to discover it. + muc: 'conference.__DOMAIN__' + }, + + // BOSH URL. FIXME: use XEP-0156 to discover it. + bosh: '//__DOMAIN__/http-bind', + + // Websocket URL + // websocket: 'wss://__DOMAIN__/xmpp-websocket', + + // The real JID of focus participant - can be overridden here + // Do not change username - FIXME: Make focus username configurable + // https://github.com/jitsi/jitsi-meet/issues/7376 + // focusUserJid: 'focus@auth.__DOMAIN__', + + + // Testing / experimental features. + // + + testing: { + // Disables the End to End Encryption feature. Useful for debugging + // issues related to insertable streams. + // disableE2EE: false, + + // Enables/disables thumbnail reordering in the filmstrip. It is enabled by default unless explicitly + // disabled by the below option. + // enableThumbnailReordering: true, + + // Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users. + // mobileXmppWsThreshold: 10 // enable XMPP WebSockets on mobile for 10% of the users + + // P2P test mode disables automatic switching to P2P when there are 2 + // participants in the conference. + // p2pTestMode: false, + + // Enables the test specific features consumed by jitsi-meet-torture + // testMode: false + + // Disables the auto-play behavior of *all* newly created video element. + // This is useful when the client runs on a host with limited resources. + // noAutoPlayVideo: false + + // Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled, + // simulcast is turned off for the desktop share. If presenter is turned + // on while screensharing is in progress, the max bitrate is automatically + // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines + // the probability for this to be enabled. This setting has been deprecated. + // desktopSharingFrameRate.max now determines whether simulcast will be enabled + // or disabled for the screenshare. + // capScreenshareBitrate: 1 // 0 to disable - deprecated. + + // Enable callstats only for a percentage of users. + // This takes a value between 0 and 100 which determines the probability for + // the callstats to be enabled. + // callStatsThreshold: 5 // enable callstats for 5% of the users. + }, + + // Feature Flags. + flags: { + // Enables source names in the signaling. + // sourceNameSignaling: false, + }, + + // Disables moderator indicators. + // disableModeratorIndicator: false, + + // Disables the reactions feature. + // disableReactions: true, + + // Disables the reactions moderation feature. + // disableReactionsModeration: false, + + // Disables polls feature. + // disablePolls: false, + + // Disables self-view tile. (hides it from tile view and from filmstrip) + // disableSelfView: false, + + // Disables self-view settings in UI + // disableSelfViewSettings: false, + + // screenshotCapture : { + // Enables the screensharing capture feature. + // enabled: false, + // + // The mode for the screenshot capture feature. + // Can be either 'recording' - screensharing screenshots are taken + // only when the recording is also on, + // or 'always' - screensharing screenshots are always taken. + // mode: 'recording' + // } + + // Disables ICE/UDP by filtering out local and remote UDP candidates in + // signalling. + // webrtcIceUdpDisable: false, + + // Disables ICE/TCP by filtering out local and remote TCP candidates in + // signalling. + // webrtcIceTcpDisable: false, + + + // Media + // + + // Enable unified plan implementation support on Chromium based browsers. + // enableUnifiedOnChrome: false, + + // Audio + + // Disable measuring of audio levels. + // disableAudioLevels: false, + // audioLevelsInterval: 200, + + // Enabling this will run the lib-jitsi-meet no audio detection module which + // will notify the user if the current selected microphone has no audio + // input and will suggest another valid device if one is present. + enableNoAudioDetection: true, + + // Enabling this will show a "Save Logs" link in the GSM popover that can be + // used to collect debug information (XMPP IQs, SDP offer/answer cycles) + // about the call. + // enableSaveLogs: false, + + // Enabling this will hide the "Show More" link in the GSM popover that can be + // used to display more statistics about the connection (IP, Port, protocol, etc). + // disableShowMoreStats: true, + + // Enabling this will run the lib-jitsi-meet noise detection module which will + // notify the user if there is noise, other than voice, coming from the current + // selected microphone. The purpose it to let the user know that the input could + // be potentially unpleasant for other meeting participants. + enableNoisyMicDetection: true, + + // Start the conference in audio only mode (no video is being received nor + // sent). + // startAudioOnly: false, + + // Every participant after the Nth will start audio muted. + // startAudioMuted: 10, + + // Start calls with audio muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithAudioMuted: false, + + // Enabling it (with #params) will disable local audio output of remote + // participants and to enable it back a reload is needed. + // startSilent: false + + // Enables support for opus-red (redundancy for Opus). + // enableOpusRed: false, + + // Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio. + // Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC. + // audioQuality: { + // stereo: false, + // opusMaxAverageBitrate: null // Value to fit the 6000 to 510000 range. + // }, + + // Video + + // Sets the preferred resolution (height) for local video. Defaults to 720. + // resolution: 720, + + // Specifies whether the raised hand will hide when someone becomes a dominant speaker or not + // disableRemoveRaisedHandOnFocus: false, + + // Specifies whether there will be a search field in speaker stats or not + // disableSpeakerStatsSearch: false, + + // Specifies whether participants in speaker stats should be ordered or not, and with what priority + // speakerStatsOrder: [ + // 'role', <- Moderators on top + // 'name', <- Alphabetically by name + // 'hasLeft', <- The ones that have left in the bottom + // ] <- the order of the array elements determines priority + + // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. + // Use -1 to disable. + // maxFullResolutionParticipants: 2, + + // w3c spec-compliant video constraints to use for video capture. Currently + // used by browsers that return true from lib-jitsi-meet's + // util#browser#usesNewGumFlow. The constraints are independent from + // this config's resolution value. Defaults to requesting an ideal + // resolution of 720p. + // constraints: { + // video: { + // height: { + // ideal: 720, + // max: 720, + // min: 240 + // } + // } + // }, + + // Enable / disable simulcast support. + // disableSimulcast: false, + + // Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended + // (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen + // sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent + // by the client. + // enableLayerSuspension: false, + + // Every participant after the Nth will start video muted. + // startVideoMuted: 10, + + // Start calls with video muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithVideoMuted: false, + + // If set to true, prefer to use the H.264 video codec (if supported). + // Note that it's not recommended to do this because simulcast is not + // supported when using H.264. For 1-to-1 calls this setting is enabled by + // default and can be toggled in the p2p section. + // This option has been deprecated, use preferredCodec under videoQuality section instead. + // preferH264: true, + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // Desktop sharing + + // Optional desktop sharing frame rate options. Default value: min:5, max:5. + // desktopSharingFrameRate: { + // min: 5, + // max: 5 + // }, + + // This option has been deprecated since it is no longer supported as per the w3c spec. + // https://w3c.github.io/mediacapture-screen-share/#dom-mediadevices-getdisplaymedia. If the user has not + // interacted with the webpage before the getDisplayMedia call, the promise will be rejected by the browser. This + // has already been implemented in Firefox and Safari and will be implemented in Chrome soon. + // https://bugs.chromium.org/p/chromium/issues/detail?id=1198918 + // startScreenSharing: false, + + // Recording + + // Whether to enable file recording or not. + // fileRecordingsEnabled: false, + // Enable the dropbox integration. + // dropbox: { + // appKey: '' // Specify your app key here. + // // A URL to redirect the user to, after authenticating + // // by default uses: + // // 'https://__DOMAIN__/static/oauth.html' + // redirectURI: + // 'https://__DOMAIN__/subfolder/static/oauth.html' + // }, + // When integrations like dropbox are enabled only that will be shown, + // by enabling fileRecordingsServiceEnabled, we show both the integrations + // and the generic recording service (its configuration and storage type + // depends on jibri configuration) + // fileRecordingsServiceEnabled: false, + // Whether to show the possibility to share file recording with other people + // (e.g. meeting participants), based on the actual implementation + // on the backend. + // fileRecordingsServiceSharingEnabled: false, + + // Whether to enable live streaming or not. + // liveStreamingEnabled: false, + + // Transcription (in interface_config, + // subtitles and buttons can be configured) + // transcribingEnabled: false, + + // If true transcriber will use the application language. + // The application language is either explicitly set by participants in their settings or automatically + // detected based on the environment, e.g. if the app is opened in a chrome instance which is using french as its + // default language then transcriptions for that participant will be in french. + // Defaults to true. + // transcribeWithAppLanguage: true, + + // Transcriber language. This settings will only work if "transcribeWithAppLanguage" is explicitly set to false. + // Available languages can be found in + // ./src/react/features/transcribing/transcriber-langs.json. + // preferredTranscribeLanguage: 'en-US', + + // Enables automatic turning on captions when recording is started + // autoCaptionOnRecord: false, + + // Misc + + // Default value for the channel "last N" attribute. -1 for unlimited. + channelLastN: -1, + + // Connection indicators + // connectionIndicators: { + // autoHide: true, + // autoHideTimeout: 5000, + // disabled: false, + // disableDetails: false, + // inactiveDisabled: false + // }, + + // Provides a way for the lastN value to be controlled through the UI. + // When startLastN is present, conference starts with a last-n value of startLastN and channelLastN + // value will be used when the quality level is selected using "Manage Video Quality" slider. + // startLastN: 1, + + // Provides a way to use different "last N" values based on the number of participants in the conference. + // The keys in an Object represent number of participants and the values are "last N" to be used when number of + // participants gets to or above the number. + // + // For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than + // 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN' + // will be used as default until the first threshold is reached. + // + // lastNLimits: { + // 5: 20, + // 30: 15, + // 50: 10, + // 70: 5, + // 90: 2 + // }, + + // Provides a way to translate the legacy bridge signaling messages, 'LastNChangedEvent', + // 'SelectedEndpointsChangedEvent' and 'ReceiverVideoConstraint' into the new 'ReceiverVideoConstraints' message + // that invokes the new bandwidth allocation algorithm in the bridge which is described here + // - https://github.com/jitsi/jitsi-videobridge/blob/master/doc/allocation.md. + // useNewBandwidthAllocationStrategy: false, + + // Specify the settings for video quality optimizations on the client. + // videoQuality: { + // // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified + // // here will be removed from the list of codecs present in the SDP answer generated by the client. If the + // // same codec is specified for both the disabled and preferred option, the disable settings will prevail. + // // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case. + // disabledCodec: 'H264', + // + // // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here, + // // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only + // // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the + // // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this + // // to take effect. + // preferredCodec: 'VP8', + // + // // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints + // // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet. + // // This will result in Safari not being able to decode video from endpoints sending VP9 video. + // // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the + // // preferred codec and goes back to the preferred codec when that endpoint leaves. + // // enforcePreferredCodec: false, + // + // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for + // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values + // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on + // // the available bandwidth calculated by the browser, but it will be capped by the values specified here. + // // This is currently not implemented on app based clients on mobile. + // maxBitratesVideo: { + // H264: { + // low: 200000, + // standard: 500000, + // high: 1500000 + // }, + // VP8 : { + // low: 200000, + // standard: 500000, + // high: 1500000 + // }, + // VP9: { + // low: 100000, + // standard: 300000, + // high: 1200000 + // } + // }, + // + // // The options can be used to override default thresholds of video thumbnail heights corresponding to + // // the video quality levels used in the application. At the time of this writing the allowed levels are: + // // 'low' - for the low quality level (180p at the time of this writing) + // // 'standard' - for the medium quality level (360p) + // // 'high' - for the high quality level (720p) + // // The keys should be positive numbers which represent the minimal thumbnail height for the quality level. + // // + // // With the default config value below the application will use 'low' quality until the thumbnails are + // // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to + // // the high quality. + // minHeightForQualityLvl: { + // 360: 'standard', + // 720: 'high' + // }, + // + // // Provides a way to resize the desktop track to 720p (if it is greater than 720p) before creating a canvas + // // for the presenter mode (camera picture-in-picture mode with screenshare). + // resizeDesktopForPresenter: false + // }, + + // Notification timeouts + // notificationTimeouts: { + // short: 2500, + // medium: 5000, + // long: 10000 + // }, + + // // Options for the recording limit notification. + // recordingLimit: { + // + // // The recording limit in minutes. Note: This number appears in the notification text + // // but doesn't enforce the actual recording time limit. This should be configured in + // // jibri! + // limit: 60, + // + // // The name of the app with unlimited recordings. + // appName: 'Unlimited recordings APP', + // + // // The URL of the app with unlimited recordings. + // appURL: 'https://unlimited.recordings.app.com/' + // }, + + // Disables or enables RTX (RFC 4588) (defaults to false). + // disableRtx: false, + + // Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event. + // disableBeforeUnloadHandlers: true, + + // Disables or enables TCC support in this client (default: enabled). + // enableTcc: true, + + // Disables or enables REMB support in this client (default: enabled). + // enableRemb: true, + + // Enables ICE restart logic in LJM and displays the page reload overlay on + // ICE failure. Current disabled by default because it's causing issues with + // signaling when Octo is enabled. Also when we do an "ICE restart"(which is + // not a real ICE restart), the client maintains the TCC sequence number + // counter, but the bridge resets it. The bridge sends media packets with + // TCC sequence numbers starting from 0. + // enableIceRestart: false, + + // Enables forced reload of the client when the call is migrated as a result of + // the bridge going down. + // enableForcedReload: true, + + // Use TURN/UDP servers for the jitsi-videobridge connection (by default + // we filter out TURN/UDP because it is usually not needed since the + // bridge itself is reachable via UDP) + // useTurnUdp: false + + // Enable support for encoded transform in supported browsers. This allows + // E2EE to work in Safari if the corresponding flag is enabled in the browser. + // Experimental. + // enableEncodedTransformSupport: false, + + // UI + // + + // Disables responsive tiles. + // disableResponsiveTiles: false, + + // Hides lobby button + // hideLobbyButton: false, + + // If Lobby is enabled starts knocking automatically. + // autoKnockLobby: false, + + // Hides add breakout room button + // hideAddRoomButton: false, + + // Require users to always specify a display name. + // requireDisplayName: true, + + // Whether to use a welcome page or not. In case it's false a random room + // will be joined when no room is specified. + enableWelcomePage: true, + + // Disable app shortcuts that are registered upon joining a conference + // disableShortcuts: false, + + // Disable initial browser getUserMedia requests. + // This is useful for scenarios where users might want to start a conference for screensharing only + // disableInitialGUM: false, + + // Enabling the close page will ignore the welcome page redirection when + // a call is hangup. + // enableClosePage: false, + + // Disable hiding of remote thumbnails when in a 1-on-1 conference call. + // Setting this to null, will also disable showing the remote videos + // when the toolbar is shown on mouse movements + // disable1On1Mode: null | false | true, + + // Default local name to be displayed + // defaultLocalDisplayName: 'me', + + // Default remote name to be displayed + // defaultRemoteDisplayName: 'Fellow Jitster', + + // Hides the display name from the participant thumbnail + // hideDisplayName: false, + + // Hides the dominant speaker name badge that hovers above the toolbox + // hideDominantSpeakerBadge: false, + + // Default language for the user interface. + // defaultLanguage: 'en', + + // Disables profile and the edit of all fields from the profile settings (display name and email) + // disableProfile: false, + + // Hides the email section under profile settings. + // hideEmailInSettings: false, + + // Whether or not some features are checked based on token. + // enableFeaturesBasedOnToken: false, + + // When enabled the password used for locking a room is restricted to up to the number of digits specified + // roomPasswordNumberOfDigits: 10, + // default: roomPasswordNumberOfDigits: false, + + // Message to show the users. Example: 'The service will be down for + // maintenance at 01:00 AM GMT, + // noticeMessage: '', + + // Enables calendar integration, depends on googleApiApplicationClientID + // and microsoftApiApplicationClientID + // enableCalendarIntegration: false, + + // Configs for prejoin page. + // prejoinConfig: { + // // When 'true', it shows an intermediate page before joining, where the user can configure their devices. + // // This replaces `prejoinPageEnabled`. + // enabled: true, + // // List of buttons to hide from the extra join options dropdown. + // hideExtraJoinButtons: ['no-audio', 'by-phone'] + // }, + + // When 'true', the user cannot edit the display name. + // (Mainly useful when used in conjuction with the JWT so the JWT name becomes read only.) + // readOnlyName: false, + + // If etherpad integration is enabled, setting this to true will + // automatically open the etherpad when a participant joins. This + // does not affect the mobile app since opening an etherpad + // obscures the conference controls -- it's better to let users + // choose to open the pad on their own in that case. + // openSharedDocumentOnJoin: false, + + // If true, shows the unsafe room name warning label when a room name is + // deemed unsafe (due to the simplicity in the name) and a password is not + // set or the lobby is not enabled. + // enableInsecureRoomNameWarning: false, + + // Whether to automatically copy invitation URL after creating a room. + // Document should be focused for this option to work + // enableAutomaticUrlCopy: false, + + // Array with avatar URL prefixes that need to use CORS. + // corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ], + + // Base URL for a Gravatar-compatible service. Defaults to libravatar. + // gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/', + + // App name to be displayed in the invitation email subject, as an alternative to + // interfaceConfig.APP_NAME. + // inviteAppName: null, + + // Moved from interfaceConfig(TOOLBAR_BUTTONS). + // The name of the toolbar buttons to display in the toolbar, including the + // "More actions" menu. If present, the button will display. Exceptions are + // "livestreaming" and "recording" which also require being a moderator and + // some other values in config.js to be enabled. Also, the "profile" button will + // not display for users with a JWT. + // Notes: + // - it's impossible to choose which buttons go in the "More actions" menu + // - it's impossible to control the placement of buttons + // - 'desktop' controls the "Share your screen" button + // - if `toolbarButtons` is undefined, we fallback to enabling all buttons on the UI + // toolbarButtons: [ + // 'camera', + // 'chat', + // 'closedcaptions', + // 'desktop', + // 'download', + // 'embedmeeting', + // 'etherpad', + // 'feedback', + // 'filmstrip', + // 'fullscreen', + // 'hangup', + // 'help', + // 'invite', + // 'livestreaming', + // 'microphone', + // 'mute-everyone', + // 'mute-video-everyone', + // 'participants-pane', + // 'profile', + // 'raisehand', + // 'recording', + // 'security', + // 'select-background', + // 'settings', + // 'shareaudio', + // 'sharedvideo', + // 'shortcuts', + // 'stats', + // 'tileview', + // 'toggle-camera', + // 'videoquality', + // '__end' + // ], + + // Holds values related to toolbar visibility control. + // toolbarConfig: { + // // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT + // // The initial numer of miliseconds for the toolbar buttons to be visible on screen. + // initialTimeout: 20000, + // // Moved from interfaceConfig.TOOLBAR_TIMEOUT + // // Number of miliseconds for the toolbar buttons to be visible on screen. + // timeout: 4000, + // // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE + // // Whether toolbar should be always visible or should hide after x miliseconds. + // alwaysVisible: false + // }, + + // Toolbar buttons which have their click/tap event exposed through the API on + // `toolbarButtonClicked`. Passing a string for the button key will + // prevent execution of the click/tap routine; passing an object with `key` and + // `preventExecution` flag on false will not prevent execution of the click/tap + // routine. Below array with mixed mode for passing the buttons. + // buttonsWithNotifyClick: [ + // 'camera', + // { + // key: 'chat', + // preventExecution: false + // }, + // { + // key: 'closedcaptions', + // preventExecution: true + // }, + // 'desktop', + // 'download', + // 'embedmeeting', + // 'etherpad', + // 'feedback', + // 'filmstrip', + // 'fullscreen', + // 'hangup', + // 'help', + // { + // key: 'invite', + // preventExecution: false + // }, + // 'livestreaming', + // 'microphone', + // 'mute-everyone', + // 'mute-video-everyone', + // 'participants-pane', + // 'profile', + // { + // key: 'raisehand', + // preventExecution: true + // }, + // 'recording', + // 'security', + // 'select-background', + // 'settings', + // 'shareaudio', + // 'sharedvideo', + // 'shortcuts', + // 'stats', + // 'tileview', + // 'toggle-camera', + // 'videoquality', + // // The add passcode button from the security dialog. + // { + // key: 'add-passcode', + // preventExecution: false + // } + // '__end' + // ], + + // List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons: + // 'microphone', 'camera', 'select-background', 'invite', 'settings' + // hiddenPremeetingButtons: [], + + // Stats + // + + // Whether to enable stats collection or not in the TraceablePeerConnection. + // This can be useful for debugging purposes (post-processing/analysis of + // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth + // estimation tests. + // gatherStats: false, + + // The interval at which PeerConnection.getStats() is called. Defaults to 10000 + // pcStatsInterval: 10000, + + // To enable sending statistics to callstats.io you must provide the + // Application ID and Secret. + // callStatsID: '', + // callStatsSecret: '', + + // The callstats initialize config params as described in the API: + // https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret + // callStatsConfigParams: { + // disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter. + // applicationVersion: "app_version", // Application version specified by the developer. + // disablePrecalltest: true, // disables the pre-call test, it is enabled by default. + // siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made. + // additionalIDs: { // additionalIDs object, contains application related IDs. + // customerID: "Customer Identifier. Example, walmart.", + // tenantID: "Tenant Identifier. Example, monster.", + // productName: "Product Name. Example, Jitsi.", + // meetingsName: "Meeting Name. Example, Jitsi loves callstats.", + // serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.", + // pbxID: "PBX Identifier. Example, walmart.", + // pbxExtensionID: "PBX Extension Identifier. Example, 5625.", + // fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.", + // sessionID: "Session Identifier. Example, session-12-34" + // }, + // collectLegacyStats: true, //enables the collection of legacy stats in chrome browser + // collectIP: true //enables the collection localIP address + // }, + + // Enables sending participants' display names to callstats + // enableDisplayNameInStats: false, + + // Enables sending participants' emails (if available) to callstats and other analytics + // enableEmailInStats: false, + + // Enables detecting faces of participants and get their expression and send it to other participants + // enableFacialRecognition: true, + + // Controls the percentage of automatic feedback shown to participants when callstats is enabled. + // The default value is 100%. If set to 0, no automatic feedback will be requested + // feedbackPercentage: 100, + + // Privacy + // + + // If third party requests are disabled, no other server will be contacted. + // This means avatars will be locally generated and callstats integration + // will not function. + // disableThirdPartyRequests: false, + + + // Peer-To-Peer mode: used (if enabled) when there are just 2 participants. + // + + p2p: { + // Enables peer to peer mode. When enabled the system will try to + // establish a direct connection when there are exactly 2 participants + // in the room. If that succeeds the conference will stop sending data + // through the JVB and use the peer to peer connection instead. When a + // 3rd participant joins the conference will be moved back to the JVB + // connection. + enabled: true, + + // Enable unified plan implementation support on Chromium for p2p connection. + // enableUnifiedOnChrome: false, + + // Sets the ICE transport policy for the p2p connection. At the time + // of this writing the list of possible values are 'all' and 'relay', + // but that is subject to change in the future. The enum is defined in + // the WebRTC standard: + // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum. + // If not set, the effective value is 'all'. + // iceTransportPolicy: 'all', + + // If set to true, it will prefer to use H.264 for P2P calls (if H.264 + // is supported). This setting is deprecated, use preferredCodec instead. + // preferH264: true, + + // Provides a way to set the video codec preference on the p2p connection. Acceptable + // codec values are 'VP8', 'VP9' and 'H264'. + // preferredCodec: 'H264', + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. This setting is deprecated, use disabledCodec instead. + // disableH264: false, + + // Provides a way to prevent a video codec from being negotiated on the p2p connection. + // disabledCodec: '', + + // How long we're going to wait, before going back to P2P after the 3rd + // participant has left the conference (to filter out page reload). + // backToP2PDelay: 5, + + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + // { urls: 'stun:__DOMAIN__:3478' }, + { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } + ] + }, + + analytics: { + // True if the analytics should be disabled + // disabled: false, + + // The Google Analytics Tracking ID: + // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' + + // Matomo configuration: + // matomoEndpoint: 'https://your-matomo-endpoint/', + // matomoSiteID: '42', + + // The Amplitude APP Key: + // amplitudeAPPKey: '' + + // Configuration for the rtcstats server: + // By enabling rtcstats server every time a conference is joined the rtcstats + // module connects to the provided rtcstatsEndpoint and sends statistics regarding + // PeerConnection states along with getStats metrics polled at the specified + // interval. + // rtcstatsEnabled: false, + + // In order to enable rtcstats one needs to provide a endpoint url. + // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, + + // The interval at which rtcstats will poll getStats, defaults to 1000ms. + // If the value is set to 0 getStats won't be polled and the rtcstats client + // will only send data related to RTCPeerConnection events. + // rtcstatsPolIInterval: 1000, + + // Array of script URLs to load as lib-jitsi-meet "analytics handlers". + // scriptURLs: [ + // "libs/analytics-ga.min.js", // google-analytics + // "https://example.com/my-custom-analytics.js" + // ], + }, + + // Logs that should go be passed through the 'log' event if a handler is defined for it + // apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'], + + // Information about the jitsi-meet instance we are connecting to, including + // the user region as seen by the server. + deploymentInfo: { + // shard: "shard1", + // region: "europe", + // userRegion: "asia" + }, + + // Array of disabled sounds. + // Possible values: + // - 'ASKED_TO_UNMUTE_SOUND' + // - 'E2EE_OFF_SOUND' + // - 'E2EE_ON_SOUND' + // - 'INCOMING_MSG_SOUND' + // - 'KNOCKING_PARTICIPANT_SOUND' + // - 'LIVE_STREAMING_OFF_SOUND' + // - 'LIVE_STREAMING_ON_SOUND' + // - 'NO_AUDIO_SIGNAL_SOUND' + // - 'NOISY_AUDIO_INPUT_SOUND' + // - 'OUTGOING_CALL_EXPIRED_SOUND' + // - 'OUTGOING_CALL_REJECTED_SOUND' + // - 'OUTGOING_CALL_RINGING_SOUND' + // - 'OUTGOING_CALL_START_SOUND' + // - 'PARTICIPANT_JOINED_SOUND' + // - 'PARTICIPANT_LEFT_SOUND' + // - 'RAISE_HAND_SOUND' + // - 'REACTION_SOUND' + // - 'RECORDING_OFF_SOUND' + // - 'RECORDING_ON_SOUND' + // - 'TALK_WHILE_MUTED_SOUND' + // disabledSounds: [], + + // DEPRECATED! Use `disabledSounds` instead. + // Decides whether the start/stop recording audio notifications should play on record. + // disableRecordAudioNotification: false, + + // DEPRECATED! Use `disabledSounds` instead. + // Disables the sounds that play when other participants join or leave the + // conference (if set to true, these sounds will not be played). + // disableJoinLeaveSounds: false, + + // DEPRECATED! Use `disabledSounds` instead. + // Disables the sounds that play when a chat message is received. + // disableIncomingMessageSound: false, + + // Information for the chrome extension banner + // chromeExtensionBanner: { + // // The chrome extension to be installed address + // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', + + // // Extensions info which allows checking if they are installed or not + // chromeExtensionsInfo: [ + // { + // id: 'kglhbbefdnlheedjiejgomgmfplipfeb', + // path: 'jitsi-logo-48x48.png' + // } + // ] + // }, + + // Local Recording + // + + // localRecording: { + // Enables local recording. + // Additionally, 'localrecording' (all lowercase) needs to be added to + // the `toolbarButtons`-array for the Local Recording button to show up + // on the toolbar. + // + // enabled: true, + // + + // The recording format, can be one of 'ogg', 'flac' or 'wav'. + // format: 'flac' + // + + // }, + // e2ee: { + // labels, + // externallyManagedKey: false + // }, + + // Options related to end-to-end (participant to participant) ping. + // e2eping: { + // // The interval in milliseconds at which pings will be sent. + // // Defaults to 10000, set to <= 0 to disable. + // pingInterval: 10000, + // + // // The interval in milliseconds at which analytics events + // // with the measured RTT will be sent. Defaults to 60000, set + // // to <= 0 to disable. + // analyticsInterval: 60000, + // }, + + // If set, will attempt to use the provided video input device label when + // triggering a screenshare, instead of proceeding through the normal flow + // for obtaining a desktop stream. + // NOTE: This option is experimental and is currently intended for internal + // use only. + // _desktopSharingSourceDevice: 'sample-id-or-label', + + // If true, any checks to handoff to another application will be prevented + // and instead the app will continue to display in the current browser. + // disableDeepLinking: false, + + // A property to disable the right click context menu for localVideo + // the menu has option to flip the locally seen video for local presentations + // disableLocalVideoFlip: false, + + // A property used to unset the default flip state of the local video. + // When it is set to 'true', the local(self) video will not be mirrored anymore. + // doNotFlipLocalVideo: false, + + // Mainly privacy related settings + + // Disables all invite functions from the app (share, invite, dial out...etc) + // disableInviteFunctions: true, + + // Disables storing the room name to the recents list + // doNotStoreRoom: true, + + // Deployment specific URLs. + // deploymentUrls: { + // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for + // // user documentation. + // userDocumentationURL: 'https://docs.example.com/video-meetings.html', + // // If specified a 'Download our apps' button will be displayed in the overflow menu with a link + // // to the specified URL for an app download page. + // downloadAppsUrl: 'https://docs.example.com/our-apps.html' + // }, + + // Options related to the remote participant menu. + // remoteVideoMenu: { + // // If set to true the 'Kick out' button will be disabled. + // disableKick: true, + // // If set to true the 'Grant moderator' button will be disabled. + // disableGrantModerator: true + // }, + + // If set to true all muting operations of remote participants will be disabled. + // disableRemoteMute: true, + + // Enables support for lip-sync for this client (if the browser supports it). + // enableLipSync: false + + /** + External API url used to receive branding specific information. + If there is no url set or there are missing fields, the defaults are applied. + The config file should be in JSON. + None of the fields are mandatory and the response must have the shape: + { + // The domain url to apply (will replace the domain in the sharing conference link/embed section) + inviteDomain: 'example-company.org, + // The hex value for the colour used as background + backgroundColor: '#fff', + // The url for the image used as background + backgroundImageUrl: 'https://example.com/background-img.png', + // The anchor url used when clicking the logo image + logoClickUrl: 'https://example-company.org', + // The url used for the image used as logo + logoImageUrl: 'https://example.com/logo-img.png', + // Overwrite for pool of background images for avatars + avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'], + // The lobby/prejoin screen background + premeetingBackground: 'url(https://example.com/premeeting-background.png)', + // A list of images that can be used as video backgrounds. + // When this field is present, the default images will be replaced with those provided. + virtualBackgrounds: ['https://example.com/img.jpg'], + // Object containing a theme's properties. It also supports partial overwrites of the main theme. + // For a list of all possible theme tokens and their current defaults, please check: + // https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json + // For a short explanations on each of the tokens, please check: + // https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.js + // IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code + // or they are partially applied. + customTheme: { + palette: { + ui01: "orange !important", + ui02: "maroon", + surface02: 'darkgreen', + ui03: "violet", + ui04: "magenta", + ui05: "blueviolet", + field02Hover: 'red', + action01: 'green', + action01Hover: 'lightgreen', + action02Disabled: 'beige', + success02: 'cadetblue', + action02Hover: 'aliceblue' + }, + typography: { + labelRegular: { + fontSize: 25, + lineHeight: 30, + fontWeight: 500 + } + } + } + } + */ + // dynamicBrandingUrl: '', + + // When true the user cannot add more images to be used as virtual background. + // Only the default ones from will be available. + // disableAddingBackgroundImages: false, + + // Disables using screensharing as virtual background. + // disableScreensharingVirtualBackground: false, + + // Sets the background transparency level. '0' is fully transparent, '1' is opaque. + // backgroundAlpha: 1, + + // The URL of the moderated rooms microservice, if available. If it + // is present, a link to the service will be rendered on the welcome page, + // otherwise the app doesn't render it. + // moderatedRoomServiceUrl: 'https://moderated.__DOMAIN__', + + // If true, tile view will not be enabled automatically when the participants count threshold is reached. + // disableTileView: true, + + // If true, the tiles will be displayed contained within the available space rather than enlarged to cover it, + // with a 16:9 aspect ratio (old behaviour). + // disableTileEnlargement: true, + + // Controls the visibility and behavior of the top header conference info labels. + // If a label's id is not in any of the 2 arrays, it will not be visible at all on the header. + // conferenceInfo: { + // // those labels will not be hidden in tandem with the toolbox. + // alwaysVisible: ['recording', 'local-recording', 'raised-hands-count'], + // // those labels will be auto-hidden in tandem with the toolbox buttons. + // autoHide: [ + // 'subject', + // 'conference-timer', + // 'participants-count', + // 'e2ee', + // 'transcribing', + // 'video-quality', + // 'insecure-room' + // ] + // }, + + // Hides the conference subject + // hideConferenceSubject: false, + + // Hides the conference timer. + // hideConferenceTimer: false, + + // Hides the recording label + // hideRecordingLabel: false, + + // Hides the participants stats + // hideParticipantsStats: true, + + // Sets the conference subject + // subject: 'Conference Subject', + + // Sets the conference local subject + // localSubject: 'Conference Local Subject', + + // This property is related to the use case when jitsi-meet is used via the IFrame API. When the property is true + // jitsi-meet will use the local storage of the host page instead of its own. This option is useful if the browser + // is not persisting the local storage inside the iframe. + // useHostPageLocalStorage: true, + + // etherpad ("shared document") integration. + // + + // If set, add a "Open shared document" link to the bottom right menu that + // will open an etherpad document. + // etherpad_base: 'https://your-etherpad-installati.on/p/', + + // List of undocumented settings used in jitsi-meet + /** + _immediateReloadThreshold + debug + debugAudioLevels + deploymentInfo + dialInConfCodeUrl + dialInNumbersUrl + dialOutAuthUrl + dialOutCodesUrl + disableRemoteControl + displayJids + externalConnectUrl + e2eeLabels + firefox_fake_device + googleApiApplicationClientID + iAmRecorder + iAmSipGateway + microsoftApiApplicationClientID + peopleSearchQueryTypes + peopleSearchUrl + requireDisplayName + tokenAuthUrl + */ + + /** + * This property can be used to alter the generated meeting invite links (in combination with a branding domain + * which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting + * can become https://brandedDomain/roomAlias) + */ + // brandingRoomAlias: null, + + // List of undocumented settings used in lib-jitsi-meet + /** + _peerConnStatusOutOfLastNTimeout + _peerConnStatusRtcMuteTimeout + abTesting + avgRtpStatsN + callStatsConfIDNamespace + callStatsCustomScriptUrl + desktopSharingSources + disableAEC + disableAGC + disableAP + disableHPF + disableNS + enableTalkWhileMuted + forceJVB121Ratio + forceTurnRelay + hiddenDomain + ignoreStartMuted + websocketKeepAlive + websocketKeepAliveUrl + */ + + /** + * Default interval (milliseconds) for triggering mouseMoved iframe API event + */ + mouseMoveCallbackInterval: 1000, + + /** + Use this array to configure which notifications will be shown to the user + The items correspond to the title or description key of that notification + Some of these notifications also depend on some other internal logic to be displayed or not, + so adding them here will not ensure they will always be displayed + + A falsy value for this prop will result in having all notifications enabled (e.g null, undefined, false) + */ + // notifications: [ + // 'connection.CONNFAIL', // shown when the connection fails, + // 'dialog.cameraNotSendingData', // shown when there's no feed from user's camera + // 'dialog.kickTitle', // shown when user has been kicked + // 'dialog.liveStreaming', // livestreaming notifications (pending, on, off, limits) + // 'dialog.lockTitle', // shown when setting conference password fails + // 'dialog.maxUsersLimitReached', // shown when maximmum users limit has been reached + // 'dialog.micNotSendingData', // shown when user's mic is not sending any audio + // 'dialog.passwordNotSupportedTitle', // shown when setting conference password fails due to password format + // 'dialog.recording', // recording notifications (pending, on, off, limits) + // 'dialog.remoteControlTitle', // remote control notifications (allowed, denied, start, stop, error) + // 'dialog.reservationError', + // 'dialog.serviceUnavailable', // shown when server is not reachable + // 'dialog.sessTerminated', // shown when there is a failed conference session + // 'dialog.sessionRestarted', // show when a client reload is initiated because of bridge migration + // 'dialog.tokenAuthFailed', // show when an invalid jwt is used + // 'dialog.transcribing', // transcribing notifications (pending, off) + // 'dialOut.statusMessage', // shown when dial out status is updated. + // 'liveStreaming.busy', // shown when livestreaming service is busy + // 'liveStreaming.failedToStart', // shown when livestreaming fails to start + // 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable + // 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected + // 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied + // 'localRecording.localRecording', // shown when a local recording is started + // 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed + // 'notify.disconnected', // shown when a participant has left + // 'notify.connectedOneMember', // show when a participant joined + // 'notify.connectedTwoMembers', // show when two participants joined simultaneously + // 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously + // 'notify.leftOneMember', // show when a participant left + // 'notify.leftTwoMembers', // show when two participants left simultaneously + // 'notify.leftThreePlusMembers', // show when more than 2 participants left simultaneously + // 'notify.grantedTo', // shown when moderator rights were granted to a participant + // 'notify.invitedOneMember', // shown when 1 participant has been invited + // 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited + // 'notify.invitedTwoMembers', // shown when 2 participants have been invited + // 'notify.kickParticipant', // shown when a participant is kicked + // 'notify.moderationStartedTitle', // shown when AV moderation is activated + // 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated + // 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation + // 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation + // 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation + // 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party + // 'notify.mutedTitle', // shown when user has been muted upon joining, + // 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device + // 'notify.newDeviceCameraTitle', // prompts the user to use a newly detected camera + // 'notify.passwordRemovedRemotely', // shown when a password has been removed remotely + // 'notify.passwordSetRemotely', // shown when a password has been set remotely + // 'notify.raisedHand', // shown when a partcipant used raise hand, + // 'notify.startSilentTitle', // shown when user joined with no audio + // 'notify.unmute', // shown to moderator when user raises hand during AV moderation + // 'prejoin.errorDialOut', + // 'prejoin.errorDialOutDisconnected', + // 'prejoin.errorDialOutFailed', + // 'prejoin.errorDialOutStatus', + // 'prejoin.errorStatusCode', + // 'prejoin.errorValidation', + // 'recording.busy', // shown when recording service is busy + // 'recording.failedToStart', // shown when recording fails to start + // 'recording.unavailableTitle', // shown when recording service is not reachable + // 'toolbar.noAudioSignalTitle', // shown when a broken mic is detected + // 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone + // 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted + // 'transcribing.failedToStart' // shown when transcribing fails to start + // ], + + // Prevent the filmstrip from autohiding when screen width is under a certain threshold + // disableFilmstripAutohiding: false, + + // Specifies whether the chat emoticons are disabled or not + // disableChatSmileys: false, + + // Allow all above example options to include a trailing comma and + // prevent fear when commenting out the last value. + makeJsonParserHappy: 'even if last key had a trailing comma' + + // no configuration value should follow this line. +}; + +/* eslint-enable no-unused-vars, no-var */ diff --git a/conf/jitsi-meet-prosody.src b/conf/jitsi-meet-prosody.src index a579490..f310f7a 100644 --- a/conf/jitsi-meet-prosody.src +++ b/conf/jitsi-meet-prosody.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.4466-1_all.deb -SOURCE_SUM=8fd9a721cdeca7f88c825034679514ddb9c75c81dd615966f3fc3bd09812ea05 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.5818-1_all.deb +SOURCE_SUM=0808e2be09149aec08326a4f49e58d1beaed41e040e5717a1796d5f5c5f000bc SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-meet-web.src b/conf/jitsi-meet-web.src index 777fecb..2e919ff 100644 --- a/conf/jitsi-meet-web.src +++ b/conf/jitsi-meet-web.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.4466-1_all.deb -SOURCE_SUM=1129e848b5b1711ca41d160658033f6a427d1eb9f961a168df7bda6ab1180b01 +SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.5818-1_all.deb +SOURCE_SUM=72e260c0d3f046e94c05d4441de57f3012213cffe360794f09f4d2db6125fcc1 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/jitsi-videobridge-20-jvb-udp-buffers.conf b/conf/jitsi-videobridge-20-jvb-udp-buffers.conf deleted file mode 100644 index 4d8b81f..0000000 --- a/conf/jitsi-videobridge-20-jvb-udp-buffers.conf +++ /dev/null @@ -1,3 +0,0 @@ -# this sets the max, so that we can bump the JVB UDP single port buffer size. -net.core.rmem_max=10485760 -net.core.netdev_max_backlog=100000 diff --git a/conf/jitsi-videobridge-jvb.conf b/conf/jitsi-videobridge-jvb.conf new file mode 100644 index 0000000..3fa117a --- /dev/null +++ b/conf/jitsi-videobridge-jvb.conf @@ -0,0 +1,12 @@ +videobridge { + http-servers { + public { + port = 9090 + } + } + websockets { + enabled = true + domain = "__DOMAIN__:443" + tls = true + } +} diff --git a/conf/jitsi-videobridge-log4j2.xml b/conf/jitsi-videobridge-log4j2.xml deleted file mode 100644 index 38f6202..0000000 --- a/conf/jitsi-videobridge-log4j2.xml +++ /dev/null @@ -1,33 +0,0 @@ - - - - /var/log/__APP__ - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/conf/jitsi-videobridge-logging.properties b/conf/jitsi-videobridge-logging.properties index ba2009b..3c364a4 100644 --- a/conf/jitsi-videobridge-logging.properties +++ b/conf/jitsi-videobridge-logging.properties @@ -1,25 +1,34 @@ handlers= java.util.logging.ConsoleHandler #handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler +#handlers= java.util.logging.ConsoleHandler, io.sentry.jul.SentryHandler java.util.logging.ConsoleHandler.level = ALL java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter -net.java.sip.communicator.util.ScLogFormatter.programname=JVB - +org.jitsi.utils.logging2.JitsiLogFormatter.programname=JVB .level=INFO -org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE - -# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge. -org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING - -# Syslog(uncomment handler to use) +# Syslog (uncomment handler to use) com.agafua.syslog.SyslogHandler.transport = udp com.agafua.syslog.SyslogHandler.facility = local0 com.agafua.syslog.SyslogHandler.port = 514 -com.agafua.syslog.SyslogHandler.hostname = 127.0.0.1 +com.agafua.syslog.SyslogHandler.hostname = localhost com.agafua.syslog.SyslogHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter com.agafua.syslog.SyslogHandler.escapeNewlines = false -# to disable double timestamps in syslog uncomment next line -#net.java.sip.communicator.util.ScLogFormatter.disableTimestamp=true +# Sentry (uncomment handler to use) +io.sentry.jul.SentryHandler.level=WARNING + +# time series logging +java.util.logging.SimpleFormatter.format= %5$s%n +java.util.logging.FileHandler.level = ALL +java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter +java.util.logging.FileHandler.pattern = /tmp/jvb-series.log +java.util.logging.FileHandler.limit = 200000000 +java.util.logging.FileHandler.count = 1 +java.util.logging.FileHandler.append = false + +timeseries.level=OFF +timeseries.useParentHandlers = false +# time series logging is disabled by default. Uncomment the line below to enable it. +#timeseries.handlers = java.util.logging.FileHandler diff --git a/conf/jitsi-videobridge.config b/conf/jitsi-videobridge.config index 5280acf..7b356a0 100644 --- a/conf/jitsi-videobridge.config +++ b/conf/jitsi-videobridge.config @@ -1,20 +1,16 @@ # Jitsi Videobridge settings -# sets the hostname of the XMPP server (default: domain if set, 127.0.0.1 otherwise) -JVB_HOST=127.0.0.1 - # sets the XMPP domain (default: none) JVB_HOSTNAME=__DOMAIN__ +# sets the hostname of the XMPP server (default: domain if set, 127.0.0.1 otherwise) +JVB_HOST=127.0.0.1 + # sets the port of the XMPP server (default: 5275) JVB_PORT=__PORT_COMPONENT__ # sets the shared secret used to authenticate to the XMPP server JVB_SECRET=__VIDEOBRIDGE_SECRET__ -# extra options to pass to the JVB daemon -JVB_OPTS="--apis=xmpp,rest" - - # adds java system props that are passed to jvb (default are for home and logging config file) -JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/videobridge/logging.properties" +JAVA_SYS_PROPS="-Dconfig.file=/etc/__APP__/videobridge/jvb.conf -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/videobridge/logging.properties" diff --git a/conf/jitsi-videobridge.src b/conf/jitsi-videobridge.src index 8554e9c..3d38e20 100644 --- a/conf/jitsi-videobridge.src +++ b/conf/jitsi-videobridge.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-376-g9f12bfe2-1_all.deb -SOURCE_SUM=06594db323a76d76a78c6085a9f3042a1f21e641d9abd1c31b20edfd0eaa5a3b +SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-617-ga8b39c3f-1_all.deb +SOURCE_SUM=0bb47e1c96736bd5f3fe595223424cefc7d9a4a1db2be4d4cc87c4206d71df5e SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=deb SOURCE_IN_SUBDIR=true diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua deleted file mode 100644 index 824a977..0000000 --- a/conf/metronome.cfg.lua +++ /dev/null @@ -1,96 +0,0 @@ -component_ports = { __PORT_COMPONENT__ } - --- Make the focus user a global administrator -admins = { "__FOCUS_USER__@auth.__DOMAIN__" } - --- c2s_require_encryption = false --Why would it be needed? --- s2s_secure_auth = false - -plugin_paths = { "__FINAL_PATH__/jitsi-meet-prosody/" } - --- domain mapper options, must at least have domain base set to use the mapper -muc_mapper_domain_base = "__DOMAIN__"; - -cross_domain_bosh = false; -consider_bosh_secure = true; - -VirtualHost "__DOMAIN__" - authentication = "anonymous" - -- Properties below are modified by jitsi-meet-tokens package config - -- and authentication above is switched to "token" - --app_id="example_app_id" - --app_secret="example_app_secret" - -- Assign this host a certificate for TLS, otherwise it would use the one - -- set in the global section (if any). - -- Note that old-style SSL on port 5223 only supports one certificate, and will always - -- use the global one. - ssl = { - key = "/etc/yunohost/certs/__DOMAIN__/key.pem"; - certificate = "/etc/yunohost/certs/__DOMAIN__/crt.pem"; - } - speakerstats_component = "speakerstats.__DOMAIN__" - conference_duration_component = "conferenceduration.__DOMAIN__" - -- we need bosh - modules_enabled = { - "bosh"; - "pubsub"; - "ping"; -- Enable mod_ping - "speakerstats"; - -- "turncredentials"; - "conference_duration"; - "extdisco"; - } - c2s_require_encryption = false - external_services = { - ["__DOMAIN__"] = { - { type = "stun", port = "4446", trasport = "udp" }, - { type = "stun", port = "4446", trasport = "tcp" }, - { type = "turn", port = "4446", transport = "udp", turn_secret = "__TURN_SECRET__", turn_ttl = "86400" }, - { type = "turns", port = "443", transport = "tcp", turn_secret = "__TURN_SECRET__", turn_ttl = "86400" } - } - } - -Component "conference.__DOMAIN__" "muc" - storage = "internal" - modules_enabled = { - "muc_meeting_id"; - "muc_domain_mapper"; - -- "token_verification"; - } - admins = { "__FOCUS_USER__@auth.__DOMAIN__" } - allow_anonymous_creation = true - instant_room_on_creation = true - room_default_config = { - whois = "anyone"; - } - --- internal muc component -Component "internal.auth.__DOMAIN__" "muc" - storage = "internal" - modules_enabled = { - "ping"; - } - admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" } - instant_room_on_creation = true - room_default_config = { - whois = "anyone"; - } - -VirtualHost "auth.__DOMAIN__" - ssl = { - key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem"; - certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem"; - } - authentication = "internal_plain" - -Component "focus.__DOMAIN__" - component_secret = "__FOCUS_SECRET__" - -Component "jitsi-videobridge.__DOMAIN__" - component_secret = "__VIDEOBRIDGE_SECRET__" - -Component "speakerstats.__DOMAIN__" "speakerstats_component" - muc_component = "conference.__DOMAIN__" - -Component "conferenceduration.__DOMAIN__" "conference_duration_component" - muc_component = "conference.__DOMAIN__" diff --git a/conf/metronome_regen_conf.hook b/conf/metronome_regen_conf.hook deleted file mode 100644 index 014db5b..0000000 --- a/conf/metronome_regen_conf.hook +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -force=${2:-0} # 0/1 --force argument -dryrun=${3:-0} # 0/1 --dry-run argument -pending_conf=$4 # Path of the pending conf file - -do_pre_regen() { - # Add specific domain metronome conf - cp -af "/usr/share/yunohost/templates/jitsi/." "${pending_conf}/../metronome/etc/metronome/conf.d/" -} - -do_post_regen() { - regen_conf_files=$1 -} - -case "$1" in - pre) - do_pre_regen - ;; - post) - do_post_regen - ;; - *) - echo "Hook called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -exit 0 \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf index 586a961..737626d 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -20,20 +20,23 @@ location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|. { add_header 'Access-Control-Allow-Origin' '*'; alias __FINALPATH__/jitsi-meet-web/$1/$2; + + # cache all versioned files + if ($arg_v) { + expires 1y; + } } # BOSH location = /http-bind { - proxy_pass http://127.0.0.1:5290/http-bind; - proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5280/http-bind?prefix=$prefix&$args; proxy_set_header X-Forwarded-For $remote_addr; - proxy_buffering off; - tcp_nodelay on; + proxy_set_header Host $http_host; } # xmpp websockets location = /xmpp-websocket { - proxy_pass http://127.0.0.1:5290/xmpp-websocket?prefix=$prefix&$args; + proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -41,6 +44,15 @@ location = /xmpp-websocket { tcp_nodelay on; } +# colibri (JVB) websockets for jvb1 +location ~ ^/colibri-ws/default-id/(.*) { + proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + tcp_nodelay on; +} + location ~ ^/([^/?&:'"]+)$ { try_files $uri @root_path; } @@ -57,13 +69,6 @@ location ~ ^/([^/?&:'"]+)/config.js$ alias /etc/__NAME__/meet/__DOMAIN__-config.js; } -#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / -location ~ ^/([^/?&:'"]+)/(.*)$ { - set $subdomain "$1."; - set $subdir "$1/"; - rewrite ^/([^/?&:'"]+)/(.*)$ /$2; -} - # BOSH for subdomains location ~ ^/([^/?&:'"]+)/http-bind { set $subdomain "$1."; @@ -81,3 +86,10 @@ location ~ ^/([^/?&:'"]+)/xmpp-websocket { rewrite ^/(.*)$ /xmpp-websocket; } + +#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / +location ~ ^/([^/?&:'"]+)/(.*)$ { + set $subdomain "$1."; + set $subdir "$1/"; + rewrite ^/([^/?&:'"]+)/(.*)$ /$2; +} diff --git a/conf/prosody.cfg.lua b/conf/prosody.cfg.lua new file mode 100644 index 0000000..0fb3f69 --- /dev/null +++ b/conf/prosody.cfg.lua @@ -0,0 +1,128 @@ +plugin_paths = { "__FINALPATH__/jitsi-meet-prosody/" } + +-- domain mapper options, must at least have domain base set to use the mapper +muc_mapper_domain_base = "__DOMAIN__"; + +external_service_secret = "__TURN_SECRET__"; +external_services = { + { type = "stun", host = "__DOMAIN__", port = 3478 }, + { type = "turn", host = "__DOMAIN__", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" }, + { type = "turns", host = "__DOMAIN__", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } +}; + +cross_domain_bosh = false; +consider_bosh_secure = true; +-- https_ports = { }; -- Remove this line to prevent listening on port 5284 + +-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4 +ssl = { + protocol = "tlsv1_2+"; + ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" +} + +unlimited_jids = { + "__FOCUS_USER__@auth.__DOMAIN__", + "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" +} + +VirtualHost "__DOMAIN__" + -- enabled = false -- Remove this line to enable this host + authentication = "anonymous" + -- Properties below are modified by jitsi-meet-tokens package config + -- and authentication above is switched to "token" + --app_id="example_app_id" + --app_secret="example_app_secret" + -- Assign this host a certificate for TLS, otherwise it would use the one + -- set in the global section (if any). + -- Note that old-style SSL on port 5223 only supports one certificate, and will always + -- use the global one. + ssl = { + key = "/etc/prosody/certs/__DOMAIN__.key"; + certificate = "/etc/prosody/certs/__DOMAIN__.crt"; + } + av_moderation_component = "avmoderation.__DOMAIN__" + speakerstats_component = "speakerstats.__DOMAIN__" + conference_duration_component = "conferenceduration.__DOMAIN__" + -- we need bosh + modules_enabled = { + "bosh"; + "pubsub"; + "ping"; -- Enable mod_ping + "speakerstats"; + "external_services"; + "conference_duration"; + "muc_lobby_rooms"; + "muc_breakout_rooms"; + "av_moderation"; + } + c2s_require_encryption = false + lobby_muc = "lobby.__DOMAIN__" + breakout_rooms_muc = "breakout.__DOMAIN__" + main_muc = "conference.__DOMAIN__" + -- muc_lobby_whitelist = { "recorder.__DOMAIN__" } -- Here we can whitelist jibri to enter lobby enabled rooms + +Component "conference.__DOMAIN__" "muc" + restrict_room_creation = true + storage = "memory" + modules_enabled = { + "muc_meeting_id"; + "muc_domain_mapper"; + "polls"; + --"token_verification"; + "muc_rate_limit"; + } + admins = { "__FOCUS_USER__@auth.__DOMAIN__" } + muc_room_locking = false + muc_room_default_public_jids = true + +Component "breakout.__DOMAIN__" "muc" + restrict_room_creation = true + storage = "memory" + modules_enabled = { + "muc_meeting_id"; + "muc_domain_mapper"; + --"token_verification"; + "muc_rate_limit"; + } + admins = { "__FOCUS_USER__@auth.__DOMAIN__" } + muc_room_locking = false + muc_room_default_public_jids = true + +-- internal muc component +Component "internal.auth.__DOMAIN__" "muc" + storage = "memory" + modules_enabled = { + "ping"; + } + admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" } + muc_room_locking = false + muc_room_default_public_jids = true + +VirtualHost "auth.__DOMAIN__" + modules_enabled = { + "limits_exception"; + } + authentication = "internal_hashed" + +-- Proxy to jicofo's user JID, so that it doesn't have to register as a component. +Component "focus.__DOMAIN__" "client_proxy" + target_address = "__FOCUS_USER__@auth.__DOMAIN__" + +Component "speakerstats.__DOMAIN__" "speakerstats_component" + muc_component = "conference.__DOMAIN__" + +Component "conferenceduration.__DOMAIN__" "conference_duration_component" + muc_component = "conference.__DOMAIN__" + +Component "avmoderation.__DOMAIN__" "av_moderation_component" + muc_component = "conference.__DOMAIN__" + +Component "lobby.__DOMAIN__" "muc" + storage = "memory" + restrict_room_creation = true + muc_room_locking = false + muc_room_default_public_jids = true + modules_enabled = { + "muc_rate_limit"; + "polls"; + } diff --git a/doc/.gitkeep b/doc/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..6233043 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1,9 @@ +Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Videobridge to provide high quality, secure, and scalable video conferences. + +## Disclaimer + +**Jitsi** for YunoHost for now as some limitations: + * Can only be used using Chrome/Chromium + * Is limited to two participants + +Those limitations come from the packaging of the upstream app. Have to be improved. diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md new file mode 100644 index 0000000..6fda900 --- /dev/null +++ b/doc/DESCRIPTION_fr.md @@ -0,0 +1,8 @@ +Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Javascript, propose des vidéos-conférences de haute qualité, sécurisées et évolutives. + +## Avertissements +**Jitsi-meet** pour YunoHost est limité actuellement : + * Il ne peut être utilisé qu'avec Chrome ou un navigateur basé sur Chromium + * Il est limité à 2 participants par réunion + +Ces limitations viennent de la manière dont l'application a été empaquetée pour YunoHost. À améliorer. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..0e30e5a --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,9 @@ +## Important points before installing + +1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld +2. **Jitsi** requires you create additionals domains in your DNS and in your YunoHost + * auth.jitsi.domain.tld + * conference.jitsi.domain.tld + * jitsi-videobridge.jitsi.domain.tld + * focus.jitsi.domain.tld +3. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md new file mode 100644 index 0000000..4799c46 --- /dev/null +++ b/doc/DISCLAIMER_fr.md @@ -0,0 +1,9 @@ +## Points importants à préparer avant l'installation + +1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld +2. **Jitsi** nécessite des domaines supplémentaires au niveau du DNS et de votre YunoHost + * auth.jitsi.domain.tld + * conference.jitsi.domain.tld + * jitsi-videobridge.jitsi.domain.tld + * focus.jitsi.domain.tld +3. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) diff --git a/doc/screenshots/.gitkeep b/doc/screenshots/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/screenshots/screenshot.png b/doc/screenshots/screenshot.png new file mode 100644 index 0000000000000000000000000000000000000000..e9890da88690222e2edea2ef5e40aade38984eba GIT binary patch literal 128953 zcmZs?1yCHp8a28B0vmL365QQAK!C-a;O-jS-5r7i4IT&@90CM~;10pv-QD30_x|_Q z|Ek^;1mtYC}fpvmP zser-Yg*Am$;9rQdn1-{motd+np`$5C*}}!y+0@ZEaO@ojL;{i$6;^SdKg@LVCYWlt z867&bp2D&D_Itm&aj}VU0|OuPD=Qwp^4Em1276M-F$z4Cn!AIdIYo%10RqJ!fmcT6 z>Y2rw)8Mj=k76jfsn(KO@Jda+iTyThWm!9)r1r1;(p&JNN`l=yi`Qwy&TNO@X~d~A zRc4wL1oCHXFD?lKM*qKq>@BL;|33fcuc#ma4KS}BFmmS)$p72oFZsrn;Rjl%;SY#^ zpOUsVAL&lFLq_jL|CZx7Ne*kH^x=Y;16?Luxd}y6p;Fj&1ffR~Ur-m?>xcHuP)XV0 z5G7E1*xRpfmk6&g^UW(}tg19_y+5T4qCB(BjE}Efd9LArsD?WUy3qV@g&#rT#IGL$ zq>wLrV1Vz*YF&Ez=;-L2!YN7vZ6KjX5NI92Uy8xkApQ;M@*B|i-+y$E*ir=o8pk*Y`G@%7LjTVfU$2t2J%dd^wl{u58eoX`U}5lL+DpoY%)b66 z0-YNSOk5NaAXI5Fo|}=8k(h|ppc4c6cW^~WNQnKP12xR}FA9uM>HirE2pw)wqn*V7 zFLdK}HM-T$G7WX`2FoD`=tsyTot0j_T&MO+k`T%1O1UBp7Gig)W(@&qZ;nV9D)A=* zqXepT_%|eKz?gwW1Nn!;+A@&f@x(mbo1?liRyElZnB!4(=?#1eDrNOcf66L7MTQZw z{}IFrT1Ts=ycpDfX5-|r{?W{?l;kiYt)aUQ>-ov9zEg_1y_rV9y?EH0%<<|iv$zUzHz3aqT=l0@|K^Amez86D3wC$BSDOLmIsxjSC9GFRzcgd zu=ln+AgsaTjiJ^SS?0uz*H zg2D!7y=0ljD;PDh4-&eZSo$o8YTj_t`mjBkt*@qrV_zYikLYM^XUD993272ldxQyC z{U$;5nFb3dYO5;(Q~W17J`Avb$1SiB#egmL`SWK@&D5C#lvxfVl&p(Qo1W z37>F}n*&PoV2J*H$m`tG>?Q%MSVYa59krzj*l%|iJFx`3Y?Hf%tNLc1o}NF_{P8HO z*KrX;+?HH$Qw9Z`w!e;BAXCEXRm_;x+l8zrd=b7_&4IK#kQMZ3$pb4FKe_5J+@83o%yfxjKp9PoO+m_7G|~jY7_~U zKNw)I2YiBDHC6l=M22KE|K}j_3|-a$h5KooG3z#}P+;s`d6uc+Zx*e;9!4wKT4ib# zGf|?syiVJ29J9+?zpNaPi8BB0tlg}naj`2fU^_k5&(!kFH|e|%=X>P;hC_k#I-FF* zfOgwb^veJvJSu~*(pG&rs-jV35xfu1dhn#Xac|+oaugRG2N}URHRhxH&L3$Ype{i+ zL_|b;f|-M>j-{rI>YV#DTm;&9_F#y$~oi zr`pOgS2Q2F7|-ng{cv9Gh~6I`2~YBrYY3d7lj3RocG>6dUWge71Se8BaWr2Wr5o@M zz$J1j0Rh5JmKHr?dpidQR_N~Q&HP9-MpKlEku54!H;^w$df}Q|N1BybQ@;&W6jj|_ z*M7~#2?HL81J z1!l6Hp4JM}b=>9Ur9XU=OIAl2IdbPMf8dik73o~6rH>bI&L94bfowOL*4zI;`tn_X z#v1_YL<0 zqqWo}nB^rF2WaqzFC>}K^E%py75wCL@0==&BhbM1Av!53iMi$SUy8mjZ)z8?vIU0; z0NuTA6(=D#MFW!31q-;W(i~6gD}2$Qf^#trA5H1B1_rqm77>82K%lRz07~%0P*YIc zDwvhd9L#}_gVen#C@5BW^z`(I#thWb?AsIc7Y;m5oXQpkS9xMK{wxe;@Y|g!urSKu zjjgH}Z}dca-5l%IS!=4?RYIU_sn&DVrofq{KMorv7=jkq->Ve>Xaj**5da2;#~8EO zT;Opxo$d6|hDV_nwTPo03>%Gxw`DNk5JE5pbrB<)nwp}9iR3F$Qd7IRx>n==2Wb#x z#Kl9U^Q#w*faW(SX8DLnH5O0E-vOs8K0I zfni8Wf)QahniXw08vu)N==z`t&s{DTC)Fq1;sDFQ_Rix9aZ3@t@B=_oah(o0|JO9D z-U3zw8hg^sgI=24#gB_zmYv(6IjCXkSLYzV>b!5JFV9alHa7f36@UJ?YbYd3QqVCm zZJ)UV=N@iO(2NvmNbHv42$H(StDIuqy%!Zp?Rq4WM74s1J2GY5dj7p&@wz@F z@fywKLzse-RTC%i{U&*Ne^7xG0*&o;y1(3uiHY&=H8V3C$r4DXkZM|b9uq;Ev#!e- zS!dt1|J;Ojt-`GVOO>uo(cqa6Z6^=q#7nT#!s80e>Si5(&-+Ef{;T+-vSvv;mfv|0 zK(nu+N|>Tx8%hfjX%X4riFq_D{P6hvp%LxCG3cq4E?X7Z5bv+UsbMtlTaP*Bwp;gp zv|e3Xw{|!ThedropQ?iLVs&%8t%gRvedKQ|B<~EW*;d9vk_A&4)*^ zi(b933)CG~&_5Ce18i((3)Xcz*?zuH_g4oq6$-Mi2SG-UZT-nYz1>QyPtI?XM-;Qd zsOkx^pB#81fC=;8@BVaKbU-L#-R=^c`Y*S>!a6G)ut5zC1f*NtX^!lv}=<)Zw*eDXf!)N^Z`Ur0Toxe%}lxO!}XE&Z$QP0MXAuKnwe2Si-4sq zEZo`bPoP%FLN0la=@2B8XJK>lXn&(VX@Q?bjVy41UDZnP}F;i=UA|{>9UIwEsCG zxPo+;ZuSbZm+Ne_9UUEIWCqjiTJQEtD(9ryS5 zj~jNfdWrpX%G3m}XN~Qe&wAo1W%S(FLI44iK%uFnbw8=Bkd%@_9?Ztho}QLgXS>vB zvrwm6qQ;v!lF8@x>1tB>0+206Rrwa=!cWG6{9MWV0ZpyJKu|RU=PSj z83JC{z~Go@X*DYiI*OGGAy7a$9^3gnEKE*LN+y}a%D;5G;n@-S7&*$LqD@3L>vv z+yCR2fO1g)2yag`uB1jH<&G-o-Zd9vVHIO9v>fIdo}1B17Fe8(t7P|qEMkGV#V{Ite42^Fei+t@oHKdnB>aqGw4JUY+jF~2lVpG zanniN@86Hx+-<_(mZ$55bS@ju^L}c2dU|Cgr7X|=Vg5fiP(Ep8)?Kq3(obAHkl%{@2SB!h*470DX@{J~bf?{y~fb z0*#OEPnA?O9XA4O(FT|_IOpl%riOHF#eF0C`uZ9$w${>8>%n9|(lNI^Diuz&JRCPY zhn>vT^x}T>0SFEtUv*s$ek+c>MOnvM?j|{V26f9U}sQgxvyW%=$pq@&sk@CpZ6~|ILXM!;D7i4fqsY% z)r|l%)${35wfHW5U`k1JGL^v{DlYmZ0+ymQ;_9eMFz1-h!p(N)!LqvJ)dcoPDCFMg z#cifSyR$qmzi7@OO99V@-E8Rgux8Xd!tHpG*Wl7qQ}caOu3E{(#l_3h ziQj`67Hg_(liP`2t2eJO1Quh0!-fS9Fr1wlGqzL{w)fD!Bi9POmV01^>cuME-Q8`s z-ORQvS8BnK*k1gf7^@BqXiF_}6j&s|c%i)Nn(T}l|LnyI2Wt%DSnCQ0I4qqKiZ|<06^7>VgP?t28pKZ;&zyoyn>Wss@`Y`gc^e*k$ z5UY2fzuj&#?MJX6q065tbm-8svNG7Z!n{1dbq-c^bE~)eIk*LQ(wYJ{-IA1;xY@?d%R6`Enm%kc-H(mP%gYPM zF#*rZ-DZyqCY?X4XYSKw+VzH=p;b%>DT7bfUQMN355{OqjH?$u3uwfAwZ{Y4IT{uR zW55#U7g8-8p=K^yxbYBsJ)<2m0Uzu6{wXI+C{5ZBe)x}w1VSaMs|l+g+Fjm)*4Pa6 zpewt7-Im>@$YRoE)e&0`0%!;GuwH-=1vpSrUjEZktP0&ym9d1QV|9lC4LyC+-FCV| z^U0D~XDAAR{OYL7hv`?E9Pk1)3~CD}FPCZ=lD8{p%h=Qy_jPWrE>>R77v`hjZb>UI{oda*FW0_%5!JQy zQ6~VpX4c#2HC6w)6rIanxdV|>V4eE(|DRCMEVdvh2oVSbseEFndzkWXK*~|TfzaBc zBJ8a4bdd7ELBr3LIJWXzIF7EMYaro22jxw&R0%K1^~;`CfV88eqy&)P*4OtLU;#%b zCw+i!09_Rsi5NU~eYAi^z*7nE2=|INyMVycoO!lO(~`&>z~B$&**>nPs~tc~0!2T7 zuCip`DihE`<^K~z@BvVL$(CDgLc7k|17J9G=wY8|%@lOvlG(N`6YF&4Vf86IJiB0T zX8B&-F?YYw#cCFTGmK<*6zwXS@tt&oVmn%Qj1tky@S5@A*x!`wr&=ZSm3m{=a};V| zlWH|pvB!EfNuE#jUCWs@|9c8bMVzCRc%rA@2Ejw9W1A~K|115l5%2>a64)jOJ?>=V1ktN{w zJg;s0xS4%Y(YDot7zIyyxpVX4dy~AdJ)EsRud;XjM}qk|?YDyQ%w!Vu15}`dM>!I8Yu4$$Mx}vp zTuY%sHhj1Eeky}XpXe|5Z_@H`F1jcoGkeu8_|^iRVI9b5lz_bQ^F9uATYkw?x0`() z^n$luIh$XQ_IT7?utk0{MeY*h>}JNG*$9qs$c01gAda}D4eKtboo_snC*;2q2HYis z!&eP!RLwnY0I;QOGlRrN%X!T|bHu9U(!N2j-V!?-zs+SpH{w;+U@uS~DDY)1pY3Za z779tWk@1&%YyIMpif{@apC!HH*Yu2M5Qw-|GLx&wDPB5o6gh(-d9Erb6S+7)@WXFr z6%a#FMMkFeMOAp8O&=lCBY~S8ECODqOg)R2O*=~~CHyE7G;AY>}3N+y<4c=DoS3?plO|Kjs# z>5Q#XavFlpg&5u$&_()rGnpLyGHU8HbVIi01DJ(Tn;(tt1DM1&L#1n{ONQN^A^t)X z9Z!O(KQ3YdxyLNCI3Sl_aq?AA_~(Sb=T;L!NVel4z3hjf5>K|UCeR4VN5hES{RxX_ zQ;gy6E$--T#x}C{b&fXtwiL@!D>tWjVr;%&kpqh_+)p|JxIMK1=UtAMFF;*TdQ~XX zpwd9KgLi3HtZ^{eCqBKjWh;xZ^tAV(fkp^tLAQWrX2Fv`jEpzLvp0ByNjn(+l??fb z$e@SI44?`yvwTsOwj`qahCNe8=jY7=86`{(^AcSgKCDkHEF`(`&{uWe_F=2#~)4;RzxCse-?)^!BBH`F_0W{kBIn!Qzn5@a@L~jjyb5 z{*`eBlvG$IVy+}pmG&Wlmy|V)C26upT17Ah(h7%4@u_d$*g+`Oh58^1&W8Co7d&I#EGZ z07G>BE5SFm)&nTvQApM`$#XxmZ`3dqPDE~lhAb6kxZimc@lGDa2zFFF)oyf@BJ~i? zJIs$wqvITK$T0t1sIguX@EL0S+nzHCQ>c$dt1Jtid$s>rFmtr>C=*G@W5lqyPCT0k z**?GWQT6N(CI5cL=g_)s-nSD!8%%!v`Xxk^p!4XhskQDMk0o!-Md9$}lfwM6%fKF+ zNdAAOqlny41s_Xr8GC}7#b8jH`aK|6WCtD|FH}qA)EON?h(;8T2qkqbKDTsoOSc6Vxd5l= z!+(6FGg$YpU&ePjVeViys3iI@Sl*&{$t2!s;>8$`!wOT#kD~YGEAq8d;Jmo?%Dike z^bRtsX;@De(c%0YcfZ^nN5SXve!klwiSLh8{2{4=V~7_+ibaVOgZ^cTAxG#Y)QC4MTIPji0{fLV&p(B&0^Ipi{sk{4e~8hV z*R^NE{xvwS`WPlp#OHiIyLyzk0OV_W6d&_QbX&lkxyQ=fp_R^8xuJC;M6s~H-hs|w z+f}Hzpv^TXE-S0Tb$g!-7}g9VL}-S+uG7uiFFV{qd?O(h4sgrd28+JDx%^%bYOC1? zB)m5~0fj@^@~3^fLqr|q%Ge5UgaOfT14ob(MY zFf2#=Z?nQ0K384d-ia0zTs6Yr8d6}HRsh7F@{q@GR|Ufm=>&P$f3_X0E=P$^i8bNU zQ&oezHcR|HT|en#gpo3Q!EF`I;Gid_Ljr~`l-HFV&!gX-Bvy0#mS0nPoxh0TH9@5O zUf%hW#F)K9Md*Ih=EC{~>)Vr+&4Yhi7k+mOXD$yPvXR2dHC9PJc!=jnsEzHsgD?#| z%2sJ%Kiwr#l<44;l((Y%LjG@(>nFwM&lJ%zG0)!88%i0D%CW6D|7%jll*fv+qj`r) zB({6<+XxT7*P(#;Wi6~jL3+Zu-K5o5&)6sImJQjqbk~cZ=U)PTfUiHeBOx4X&ax_A zTh%wYY+;o{J7@h>Cx6BJq>!7q)BSZqn0M*Rf$N{IiVm;9RzUK3v*!c90n6&WfArz! z=Vyk^9Xx1`M|G$)OO`L?si7D?E4LC_qsbd|Yy946{_g{iL)Xf~u`FE#9%2)JTX706d)ThHCoHYq?j8snCYz|P z`*7P`C|ukq2wIOj1KBzUEBxNc9lpdL4Ay(M=ya&BTL+6mYf(ewZOgg&sZg8$c(M3c zndPAw9kKx4Bh4shB7%KUV$hB^!G6)I!!dQu4N6o8au6>4ZrPh)7zHv6>YmxWk#*6x z`X6>UgtM_AFYe(l$u2Xj;3uD(FpSTOJ)G+798XJUO2K36niu6djgJ>6ZPS;|`mA-vk|I135Y3Pk#{9Xq2wew&W*LhHpFP(T+JU zV%s^}SvhzpKl~NIr9dN1UI34T+#^`tFPa~^z98SGoPuheo2c@s>BWNzM8X&hE-7%f ze&BhdDQ=n80e3Sv?9NWhlUI=Uxze}8XEZA-zey*K)v58m%9-dz?=02%v$?P#L3dz< z4%H`mW@4nJw!(WS&9Vh#7 zjQZ{CbC{%{ThxFhP_@=MQiL|6&Ek)_V0$tbb_8K|HU@W$Z^2R_9hV@MD5#wlV~Fe- zW9R(=NF|i+P741Y624&-g5i$}OaO&KobeFnG{J<`{^O)d1ERlfD^b_JEoN7&bd|rj zw;n=`mlSE=1t$EGmX%SV9>9hnitXLe5cUYfB()hN0MW8}a_Hm}@uo@X{n)6f zE0`k}@7S*j<<+7OCygRb3$)d0ydlxj8CLc z7?o8iUe7-xW0E2Z)?te6x0w2Zg5p9b{*#i-{LLAxaz>GpamadFDhb2qB&1~AG0N2kFdNseCpJPyiO_w}o`>uk39lHZo1UJP)y&z?B%B%nveZ|3RLJ0d31%YuT-4KOJ_dUD zN*r`TymC!qN#^*IE$CDMXVV$EbBsf7;`d7c?7tez*_OirEO$ily`Q`kTkWs}c(eqc z6!H?QvWmuVgALsUOC=GQ>30~lc>N+INxFjKvl1OQ_Dd!(r`EOubVa4#_wNV`z!=l{ z#&5dQR-7oL<-G5TBS4KE+<;`%%B0l0x@J@qpSufOms%$BSPZC8T5@*95I;2!A&FBQ6Sq-H$FL0JA~y;+)oLRkohZ%xs_#~N?&OD;#xX35P$X_trO>d3e4x=fmai< zQ#n;aQECo~Rtb*$cPGgBiH2BDIzlryLFsE%l8) zrMNxxq(4_5=+_QMgGsrMx>>9h`h~*=x32%ZoW{0&)Mbh+fIw|@Gtq2YjMs*E^`A}& zf$9&zx^>*b;D@&if`XYx?f+);Qn?u4ld32t&P|SC9~V#cOIL{oL-uzMRf|n@m}paE z;wR6UqDhBjB&Xkhcpc;h$+Q3I-J(^w_AkXtm%q918ykvC@}+*xq!P+=hsH@#NJ^_= z;h0I9I)F);q@JCh)_uHu5BDdd?=gT(=QAxL^}q$L_rPC&hcu|$`q$5)K7~CF-a~nh}G2FJ3a}uk(BZlbTe`&1MhUwxA9kAK))fEd-&vSM0@$)EQ`@hHdK9T5qWi zs@-#aa$g{iM-UI?V4^HVXcHwL+j+tTNq9ob z8osnD(Hg%@y6&N+WDr6?gSKv0mw3!-9K-tG14~$e4(u4+7}``}N*OHob2={?H$rqrOf!^M$-<5j<+V%&=lrH{X%=0N$|VeC zhhi(l5e#gEAinL9d@M^Fsg+Te>^9;$R#lTu8{F9Y=W@}&A6bx)NO$ep4xvivADL3U zOSd_;csMA(@$u7ZFyW0cMu>efsM4N@kN2xHoY2mG)Ha_a54O*cR4f{qQ48^v3A_#X z7M@MA5&X`u8-9Sf&p@!u#VQ)UrQ4#iYmgG$i5OKaPt=CjNElB6tl`|s*K($yIg`PD zIWh3oX2FyD?|(;#^4o04hEEV-5F7%N-zLtjzy&IX#%*5PQoZGci<* zImHt&nw1a*!Fc!933roFP>VOM2FTRWA`xZIop&3Y$7XCrjdj_YcS?yGwio1_Zwy|* zxtslnH7z@G&UD{)4(x~!0 zV{72h>%+w{*|C>8o=b}Y8+sG@U9Fo&NGA;*P49d9L=A2@HZE!DGRv{2E!)-%H#%IY zeo-|Fgx2m2l-%hY_eZh=bu=&E$zqfr$V$UBDn0J@tXb=dvrzErJhc%{u_LuQB{GiZo?BcaAnzV34cnyg(8cCX|3Hzf<6r%KT zfFF?a#r>kFbOeubB&)X_9bT}gT$jqC8MBMJ87Bp0KRPsIqUHlWN6zdw$zWPq z>FI9^vp){T|gd81}=J@^|opDXOg<4eR zvv1pq}(%9t@z1pBdF@uuA!m_u25_6x}eDu{Qfkx^%CdwVt552!?q zJ3HJ>I^}*ommV3Ce{2S?YRs_|v3!~j4<)jXF5FwdIabrOAjg)ww@!TUEq|Z+JT23p}(voLy=LE9$v! zm!+4>$;feOmm;(ZI#%W-8h(HI^Q2Zdn3VWKT9KBYXw<8z^^c-z6h!ND^J!ytd2)ZA z?tB)S+letZsu%Ce!veM7t;y(K4KBR7P<~w7yed5fL zQgN`Z+f~|QMydMp;{!gkAbnE!75v1B{!_`g$#XX&_vVglf^=8Q$ESzvLtgFATYlJZ z!qyGX`$^qVJOuJCx}7V_53?q9a16`X-AE~nY35aPHUE?)QSUmaz07d7u(!72D0YbX z1nK$IBOqEV<~`9fx@9VTd`*oj54#tQJ!UUXPy5e&+oM^wHFIvq%Qu}>$}_qxo>SOS zAuz%&Hl2d5z6IQAfd@Maun5$TzHyEr7JsOJND}m7o}xoJE>XD*6Y@9PW z_Y6a}2;BI?qbF?u2kqOkpJ$w2D`WrKZ$mtqdtg}>ykjXVg7}vF`Rb;@Z|+&+nZs&6 zg&oQMs}P>+5q3!%uZK#>35wCckpp?K_yrLZ(eT{T;IT{amhk@H3-^^{~?0;GKxdR1};6%*sa(Of# zs^6@fb*rx|KlLSS?J#fen4n0Ww(HhMhz7p+Zs$|`JxGgxIZuv0fIyLUM&{jz=hc^Q zADFY<(K{`R^8hi(ix`BiwA8##gYidz(&h>zkjiz1#%P(??tR z-Dm0;b(o41dj-$>{2tx+hkRl`J+b++;?x31(fMo6H+Q-^=0^LOxC3-f1~- zj@X6S(_=yOiT7zgaQW3%NBoQLX*m$t-%Y_}fd!Ki#mdBI;69)3nCst91oE=0G3&4U zO?JLGc)93qh{U$pzf@$qG%Vp)XhuQk21Xlv4hq^@Zq9Vk1T{UI58H^FqdG|g6WQe^ zn4iy3g2y@)T4!^{ZI_ybDX?t)p3&R{9=pz}o$6N_Erss!rz?QG;O<9(_Tb3Dfy`Kvn{0t1B*>q!wkqeLQSmU@a4BN)WW<2!hl9&H%r{Swtq^Ij+F@K95uZ2(`bUG9%8xV8}PNKbQGT8X^ z2fqs~m{v8Ty?<;%VNi-v3PS`>ZUV(6rJ%dC;^2qn2NAr`H2_SZ9y4?_Lk1@a_l>Cf z8`%Y^jq|RqUbeP$DZMBnk38>Dz5yXwK*sc~ck{?sMjjpRW)@k!I?9vL*q(T0tD!g} znRCl?E|(^}V&nO}3NzewI@{RsQaeL5-gYy%Tuq(URldzT2UCM7WWmYIx{6Ak%~kos z8)x^8I;I8rc~sO-#yjSyg@Yz_%`a!T-AFstzGOJeTR<+ZM4h33u%Av)-($2Q%dtry zYI}5l_a70zb7F4M_H+z08j)75HG2B<&|Q?kM*--rwV0|>AR_5+qrJcJ|1ec+QLw~_ z1%2w)jfSyhw!?gR->|nI&$pc52gh~p-9Pu8t&3ee#?GJ3YkQ%2E3CRVs~FX3m@2)4 zTFkBA31)rNR$XXk8S04t_j0qn()p_`_U7gM>Y%6h!HMc;2_ zspQ7J`Q_IBrdQvaFwebKpz-`737ivJpq4V|11t@+sI^$NI9vk!v>Dk=Jum{GX@TXv z$=zK~a$P>s4oXs0HiLe(`Ahu=o7mosr`?N+f69~ZE&In$IuQ%EVhr)b?RiL;r|s7mWgHL9~}|@>cuLlVH0(5615iJL9_#oj} zoQz+X%4OQLa(q$!i|vGCtL^r*G_%rN?mm_ANT%9M&?%7=@J2?%Fcio(J%hiXT{IEq zIbf(Z^WT!iL`AL6y`E;#Zp*0LR8>g?{Gd={o8cv2B;vK8 zADwl4Fwdx^WA~xv;k-kwlz7vv&115VExt1%3bTJBAD3yma)Dp3qTfUqEJb0IzO-h~ zGj}A=;z`iEVX9=~mYuzDkgw;xHH<&4e|Laz(gV4_KCJ?tm$}5$-N@`jiE`gVD57>L zmurZb#q~R;Z{edi*(m}c%nmgF#h&_JCEq%g_cMS{bqFskMNo}4%YhjF;o`2ML z?uT@DQdQX6-fo*%1~Vf7Kv9H~fq&nw9-;C*nuJ#1iYWw_t-C>4GaGWAV-;feF zmoq%8Dvv;dPr|>eH0KsGKV{EMu^D5fUnbz3-1nN;JNTVV1Oq5jh@v`=A{|@tt;s2! zYf#J`N;m*3;=&uMkl`mX-iNdbZn0S^59S+Qc>atq{4SAopE>nK1bp^KCso#{cK*`y zXYLBR5F}WIOdPy-3I9!z1ncw&l^RMTT>QgwejOJreCc6d|0QC>UHJI7{*s@BvQ?A3 z`S;IpJ2DABl<%Ja~~<8+-6v1MGvar0JCaB=v# zSgFs)mbnf2W^2TNqwVD^OWAy+#;>3Vv&qZ(voCuv56Hx1Lsa~3Fm%H`Lq#?MPAwtz zT#0lClR#5Q5<+3l5m3c6T*m6GQ8Lgo-#EQ}`1|YPm#U3SlR0Ql|@jH6hrtObQg8wK`dRe#p zC+AQnzoqR40u3MC5qLiJaWcdC2b46WL7)K1Zl+#Dyc;M{V0o+z#<9V~^UJxaV8eQtaiMn@_?Dlb z7e$;MO2aN-YIy+uh@ zCGLhNNVH3-YNX6h^@lzNY1;k%FpOG~nOpR{A``=-7m6v0r6WHCYB>R!fiWI}|>M!@PHr%=|`!A31ooC8hJAeZe+eVwY ze7n6OIP1FM0tmGou5_Q9)*xJ~eRL?_^X2q3KKG(?r)SfW!;j6rj(AeO{p_-$`x%L* zlleL^(iF=kFa4(j!E~(!k+ux~_lmTeVA81W>%tWQvCo%T6>ZD{pSSt)%6=ZyFr$5X zK5fy9WWyV#%>$T%)ZxfvJ>YX0;^Vtg7 zuDd?*l#Sxz>H*L;om(kue#ZC+qS>*o-S> zlPs9!t42-btaVMDi`9=W{<}DSKT>vmowAd>3FAX^bl=H-zfXlsrNsY=A6TEgO8YhK zFEOQ3Ka!O`_@&W8eERHXzz#DL!+=31txeeySBY^YZQ&AtQo{pE5^eE-VZ>-LU_VNk%D(eY_bQWS+zR$MH^h-RJzksBwaH!A7` zso(CH)4iorlpTFAkD`saJg#^~2qk5C-Bl4;z&3woLhF5IqgL$~)wq^0RKh@QG}5k= zNT&)qqO~fWV?XQ0vI_n|Uw&MzdTd zgf8Mp;4Oe2IJZyCeZzV!-u*Iuo`Yuf`fbP3LF0>aQz*4CvS4H*MV_^)@2wpqTI^4h=90fhp+{9g8OoxS|gof5-!od$MPt5TZ+0ys*K5k8go@iNriaJfcaZS9_suadAhe)YxiQ?b0*NkS{fbSeZ5I>4;VuG5vV^n=Ma^4FcSih+hwGhjlO#NMyxy;!I$;KnL>e|rmgS$bTmHt`7MZ? zd?0COhk;cm5Xh_7q%NJdko1x^6w$C@?$2iGv8($f3Chl{Pn zbSi8OhP$aBLz@UdcwT1+-chYXAGpv{U_m)8*DP6z6lv)xJqOui6TFMJpFYK!@M#Z! z=Pb+dHTdDi)s6!N0(F65T~y!<3SKa&Y9NDD+3vqx5umT|yxTDLKw#{S=St{M+G0A? zuv1Tw5AXpSv+?Wi`9DQKepT44)Zg?<>Y##TU*`pY4-ntDj?K)L3(P$n->YAKppm32 z@SC7gmG2-&4xYLs96nft47iit9qU^KP=bEvB$W4I70Cz$72U{=FG+hWX;J z-7)$N->B$MpFS!m_!dK6Ifv%Ag(uZPD%{L=;$V$i#g{;SAGzVV( zLK@B?NJ>Z_z`X2!x3~Y#_}d=>z(@V{hJ79+L_GB4`W8}##bB`E^E*0w4FlqPp}@)! zjpD?(+J&g7-ySEY9|=Vc5?4_J9Mz{FQTRmH!t&mFE4_}d|C|cLY74%`-VhqOe$6Ws zILfy`T;36S+#r4S4>`tU`AhYK9tX%b5r-OBFb7#6BXK=dX^_dvC>V6>C@*o9{$kd% z?#}=UTMc?jEqkSzZ(XtFM*p%RlWw|trQ>sS$XRlD{#+(gmxMs?Lf%WDW;-?T3#Xsi zriD7Fk~~XB3Sy;w;6QDXp;#vmPR1FvC_Qj)2;0LGgLK8O?;W-XeRkHBTcGh{c;&ug zDLmLo0ixXs@KtKS$@=+zU`(K z+2NFv{eM^A8O&T~0{^C__7``^t?{%vZ}W4t3~o&CyO8(A&b&*o25nG0lOBh)F1*3N z>2DK$6#4^TmUBE~+P4t<=9TCvw$hHCd(@PPARu8md-;Ci^jXn?qQ9SB(zu>`vfc{{ zUUxl%Vy0(pIwB&nhc-ZBF~4Ajm)?r7K|dG9s8>Og`qq6thm8X93LIL#T=-=X>H2(|A30eP>PRB@fZJj?aSG)kd{F{&AcZr><8I)9ZUkEBUB!rZ{% zoWDItd7_|Z43hI}EjKeEl_7-xUVzdiD8G)TvD>;}_~>Q)8oymLs=2w>6N6!zC^WB* zJl<#f9(}zU!5aKoud$#pNdUk~)1AD^1*eM%cYdO#mV2XxN>`R(Rn=NUurXRHCpERZ zQP>0s$TGwN6W5^|;k4lNR4d~3uuQkRmui+JV4;ldZSj1HpL24W>q2chm>nM&HwRvh z%LVXM94`p5sa97h73&ycz_4p!7ZnPiBQq}A2J!fG>i=p13P}1+L${RlD)e`+WSBAG z!oZuGP`prd3V_EFp2k(tp{`M!iAZlgzcDmC9vfhrB=@vBJ?M@`A&^v^`WKgw_Bk#o z8bZdqiCu%sK$9^yIX+!*1k_$I#imO*c9VV93j7GH(&pu!jvZT8v%9N_9>^&S=L;qt z^%;VDSgW^U=PlQV*Uf>)P-lzJpn6&A+2Z=6Y{IQkq8@p|LwJh0un=x zzgHhy`Ym99qHYIIAOTdnG#-bkz(b1RK#)SaWjHru<>j-1^Mud69%n}%Hg)XKK<-5f z@`tclc|zoVvJ^s3W*lE+LjoFcjs<=3IzRi0qXO@E3^D@*G&DeX9x`P8_}iq-%A|AF za=vsAxMz>dqp)3=!|^SUx&&UilR*f=Lq=kF-ea$xE&M1qQLCCGemedox@CzQ)3xBMw5flS98M$FyYYykkjUIG zzkdCsU`OtBw}|YDShYzU|84jE^X9N^-N&O&w49qUEZC|lZ&TFK63B^YeeXY;xS}NT zxLW3WsdiQ*EV&a#M$1F%Hlu48%M6~|iB)S|)x9}ordV?mZ1ZC-MO*L&c%7K}41vyR z<;cI%p$rC)^?q>fwDsN7l+iNp#-Jn-fq#*ad(okcD4Ftw)R#Yg;L@k7Qw|%?n2(O+ zSiqCtFPDD#r6p27F*&vcc#P0b(4tD3i_;tP#d1*Q@NgXy^VVy+M?(6MyxpSm>7gY^ zCVAw0Jqh!y21;mgi6#AA-QpJ)Q4=QZ*IN%@EXUClPI&C!zRQ=!W=`pi*pQ45#()zK z9o%AjFDJ0Hlr}O_^#8E-)?rb#QQs&k(!vk|A|2A*jdZJkba!{B!VnVDEsS(Xhjcdx zNOzY=cf+}Pp7(jrcg}VGJog1$!|XkK?p(cot3N6D9Kp>ff*MU>421W)3)+(0w{i!D72g@>lSBw3xLy5$+5rJp0PV_QiC}@Sxnc{v& zdeuP#Bc0)IX?tf%yMy1SlB;zLI*&4F>kBJP?%Tbg5E;kNT(dOBQdD>3_mLv-UBd0S z&{RIh%lU%X3En!|SIIIcIVud8j&+17l1zDWdE7NMu4+2wtOShFP4M|r`j+jl+E|+e z1)BsZwrfEuugWa9d%rQ;(UmuduJYvAbqygAb|^hCWyfjHAt9R$gD^`!{n2O0DY1;# zyXU;kv0&ti30?DeoU6+}}1*8k5N1+Um#!F*JGl|+62X^~c* zP(PMEK^?M1bWC9F39ouJpAg;Xe0W~izX^V#XPl>XO7B;)LW~c7yKMwF(+4LAu%xe& zyig3@X}{`5-Fn@#0|F>oaRS-Xsk1=PriDK#L{yt8v19x7=pW~H@eGkF5q7k$-|#^_ z=J&Kgxd!4HB){8uoabHh#LRH$R*g6wT+`Z&g7vWf4Z;hi@QobY{PPm|BWsFZYE#eN zXSU0`)ALI0ULrjw{zG`%zR!Az}*kgYPHg))kj%0RwA6)K}15 z-J~LTe8vd7Z*%XeA$C(mZGqcnEon5|s>D$e4Py zV`L@$F|xUPTnzdb-#F#Mt(AN70e1<{+&U(AQy7qq`&(=RB$3UUxpDH0Ju zT*Lg%tM?j~?2lQ_I`TwpB*kgsz16=%CwW0M%Z{SK71Sju{yZpSw%X*sE3g#to3IqN zx6k9@<&ikVdfwMMH%vXp#(5guZc<(iYlhI**$Dfzt-+Bn0V4b9!-{jV7GGqKtS$KK zC4ipK`A?K?tht*Ja-e8FrGEP?dt8r%2Pv!-Cp#~o9sSlpwS&g*;4@GJ}VX}ayNgKVv+09~-w7@AF>Z&&Md>u=|d4CUuj3|ogDACd$k z2S?oh;D~ipAv`V!`IYX6x!b|;`3Shc~_{7Bsxu4x%cgj|0L4J7BWfTa9Ip04=QK?Q1l#DK4T@ z_mv%@$HgcZN}A6cz#W{c_vm=IJ7JDjH%qru&yeY! zKX$;~qJRHOJy*cOTIlhU$X3eM%!z7PXnncdULM`j-rlLEz_o7?&ox)<{N*?p=(XeDJmA*ePfO<8iOC7YV6)fGAPN7EFlXBUA zAWq3xlYYw~zuC_cKCyQA2?G@$&(ktR$5d-F^a?(be2?9Lv<~gx z&K{CxJJk>OGoghb<%nL5DF6k|5D7yedEV7Bvm^RFhl%4{8^AT9HdT0c)=cv4%}%Fj zhXIS)!OfGDqsJxgeiECrCc0;vH^5UqQ^tRWXXz%!P7Jms+%iSGErUlRgYFw%w+s}r zQ{dU2_=4=`eScKTgDLtalnOQ7XEy`5XXy$pF-5&v?tM*;MDqc7!1q_PyX6hE2jV8J zVjhFGh@Ecm-6V+4;@cf09+rMYGlCg=>yzZ)Eqx7zvbK2HqNEK7%W&Tuz3q^S&{?@Jd& zVzQ-aKJmdBqPmK}#&(Dwl=&N(!g|_BL$=Z7(cn8*;(mpZVnN$(GU2>|C1l5Vf;bq5hR1$38Os zL(k4~(iv7cYkCLXdT&&PpXQ)$A_YE;_=!lS;+a|G zzM{?b1U76&4YF(0JLQyBXWzOz2n7#N^s@4Wr5^J%+M-BeJ{^G;PffdD;^+}1aNQ`L8KL6g z;v;*43!-edElSt*d8_*q#H*U_H{2!2G5fjp^msL!P9ghCzwh^Q_RN1qnwxPMLlB* zdx7!_^hQKw#hzeCOAZk5zt9;#&_7FUvJ*>qId>x{T=3=%par4<>IjFV2whO0IE%Qr zUo|C;+;ObK6n&O*dhhou_2c;b?8;GVh@L*12z%AwS{0f2Dj`!FnZwhb!{`|YWnGND zz%NLj)!P8^zjrU$6Au(Gj>|2`vG|hxN%$$hZEDB(q>1HDg}Dpbi$$%+9WoL&W@2l} zKRW8GLaz8F(HLZRNq@DcT)j|#k&7Ep*JU`->c;QYMNJ3fVYPBE|rJY%$_qK2q|& z&l8JlBylNX_Q?Kn%am{JF-37Ua?LR$>YCzS1E>hF4_Rc%54tP(zm+zf4L>@{%+$DL z9O-`SID1lv=I1tliGaEc&c*|y_`~@k6OE7l-&Pj10DLIqY0XQPuJ7~2{d;d8U`;n) z?S9nXAo@C&o|hTR5g*4ircHlIQ$XlMj*5edelL1zBEXo%$e0l*>KBJaBM>M`_MS!{ z?x%qmYTIX#-cLOI#yqZA{2g+OViiSArKdM*Z`ygjFwRsk&cH6{OB;=M{`_5ZY8I-$ z_~A4}RZGiAdimrHDhboC*Dj+kZ_#D?XqQ@`oN z7DZQ^YCOE~Gy2Hzn6CZUkciykepeYD{s57vgCySF~l66i8&xJe! zzdSY(cS#eD$>SWn(pql^FR8>qTf3bUKla!lk_6y}UgL`Qvc$p~Znwq@pY-l`nj(YC{m_G-MZo`i7aW{{JRQgBpB~?b z?hOTyZ~jjsorOksk6xUr7f+VY^ZuA9JlK9q@!v%ece%!?GyzW2WQHFTnr_E9nvZCA z|1@cJDoBI^A+x z@U{IsXIIyJKfSoz!tduuK_*TYFK}^cgy?1id>LnFi7*iN_O|KSe@|3zZ%|%Y(z`to zUbU+mSyDj-&JX{(2YPRZ?g$bO z$NIVd+3q2!TT7qF_x!J8NILjg<^OtXt`TJZEdRzZSgl-{G*Q8n9haZ z>Cg>{@LeZGB6AZIvg+zZsJJEe!_Qa0C(+3)vHAGA<-@^;uftn-I5=grh2i07LNHi# z^xLu1Plj(|X{o6ZlNplqsht4O;cne5Na@a>umtE55`m(u-_<=H8?WLv9Nh1dXW#_F zbt}1B8Py4#xkz^y+T=>6s{?_-NgXdIyI$cQ$)zW19><+Y{VcnsWo( zzGsWUJ9c&3v&&X`-Ww!iTZ{{}7IXY|%?wy5AI?U8tsQZ2aFo%~r78B@AJ03#Or7o@ z9>xpnGA!qLU~r|x8`Xk@IrA+Pe*7`*RLy_T7<;!-w`BwHgdj-POU+GH|Fq0ZLx6q* zaCXdEMms%-0aT|i9K0}Gt2q)ygv(L82YmwL-NAJPab(T4`W`=txA#EA6gthCb6xWe zZmO1YOiSvQ&6BG}-6cIeU!5HJqz_8rg^`Zv!2yHD0A@!2jTKz7eD~IgMat0dFf|ka zlmVSQS^fmSt3ZyTFndhIc!%bLP>wc>g?sN%ykr+Rb0s)Pmh*uoxOuv*hhDf#KJB zA2aBg#Hgy`b85t{admYSU|gYY{f1thK~PYqKqd1j+2p%zIyyQ8-W;RyJm)q;=H|=Q zy_%)3DF6F)_%FcTI^Pveip#&AA>vlX`52YxG&eZqbHAY~DxE3o(N&RyBk_@_SVmE{ zac4-&JSAP&4hY9OP5TRxNMwi@AMaL6=GaG-P1v?mr2Mpeiq6-!Jym?-jHr?M2+>86 zQZp+wi$T}el6M<7Zp$g`tr4^dBDqCZvi=Tzvcs57}UcGdQ?ES5F`y zS3HY4oI_R4>PGP5Za>sSj{d^hcQ40mQTyV)2WCqNm8Yk>ozsJ@p15}ljp?*_+t1{L zMeZ&fpQcC=`~AJTL!?6{D{Z@E5_Jvn!qppGZ6qYR0(IGz z2V?*<_@9IMV!llFV8+jW_&(s7@73T}!MZWrvdBmkl9v0)21K00EAQcApS`;3(u{f| z)CR7EzQ^t1EhH=~{BXKG7SIA6G)@!p(aak|hJQLv)=A?U9RkpGsu~-$vqr!!_UVhE z0yhcfXjK^ZrMWG>YINg-gZsXPD027=fRo~Vgu`34=drZ1ikCI<_4T!~`q5|H-`8hh zZmw@efF)X_`a^|I@FLKfHMS4R2gUygnx>{_50M*~a)HCvXRo=eX_%Sysx4pguct#C zGuqCr%a4y8$I1RXC?cH>j-gvwxNmsFy4c)50{|5wA@3vzIc^w0X;Mt%+cgsA}xcb|xWQv=MYu1_zHXQ5Qzs0T8n3`U9 ztb@SAQB2u;FV(eZ1GFAXFd2`H+~io1E?17H03uup%uXU5b8h%w$i{`c4*cVJomeF=bYh5ujk z`QHUr{i;#*9|ui$cig(tA!^c{nHNj$D=Rk#k~;q}=hiX@shbzxLYpEc)g?JZE<}Ug zLa@2L^P9WRB5>7DqANU3HjlQaYPAbgQqt1Wl9G6g4VrY9rl-v-XS{_-QqTd`AtzVfK*~CU!=}wvc%y7$vJw7@9e~Rr(9VpFIj#3%j^qEki;#RjeIWoF zN!(f~Lxuc)kJ+zKQTEnx4jmSm%vHTS&&FM%S-x7)HNi>!(|U>1Zz#OMwjml4150(e zu;FGytMpylY@go+(SbkhQ~0hfejF$$$Sf+AH~f(D+lwFYb?l(ym^Qa>SjdM@ib_dI zkyM8R`wz$kU>|ongCm4pKB7LByDrz6dCXi>yi^+qi76hGey8y2eXjLN<34f6Ydart zqz}~8gUPH4lvqqj>;aJD(hDIW-wNBQX0cMi2Y4;_nHUKH;)@NxMxWZhJi#4TCq@{$ zKi%7;V7_hW%l=5mH+PR;Z_PD_gbMe+<4!^cr|ocEO2-hJXoP^ZKR zlMu~V*7LhzCxgm4(S|BfbyCx;L!;7lDabl4E9Zz5e>T#Qr9(zXXWt?L;>Wm0l)Men zP%7$P4p>XzPj>i!vFvprDPw{E-!J>}cv{67B20GKF-7B$QO*HC#OM8P7UUc;B0YRo<~e3B?chfkG4{3!A5USL`{q3w&Ez zdVYs-J^RF(^`6GIUWuhogu7M3u{lBu?e4E>YWqkH(DS01GS)I z$Oq9Z5f^d5uhQxvM&e|@`7YOg{uvl{ILDcq-hs2BBpF;duyQ&)++6_ZEzOMgrw>i4 zKLBhZz*z%)1AyxIZ096K{rXoW!GDb@XT+-|S^Qkr%vM|S}Xptq`lUQ`blAdJHx}CmWLC;^R_{^hajJ2SFih{ zA-~7p>lQj{`Z2@u`=jJU&(kJC^sQMErb_-Hv^qYA`jszRx*l@IFP_oX4; z*!uO}{}Q|M(Ch+2B|$&2yMyIL&vbZgq5YbOKz`s6=3V zTK@VL?w>~k4wFg3P2ie&J7BY+XShHQhm@+Am&$5{aHGGjWt8Yb4HW>B5XH-&nzwi| z{zG9{AkOV^(*Pv6XBDK90gnvo9|9pJ|NZ@QILH`aUbxJeE zWmQ#4q=KUI^qcWtrn$V zOj6AATKNIS$q3E1;2@|%>NNk4Z6o=H zAOmeu#QH~me#m(4w17(5ki()Gm0`-A@WxFnN&vG#r9NCa{{KCjhEGS;;UFDAD37L) zLL$@9(8xO7kWW|rmWS!~YW_+SnT%48zHdsFiNg?8pZxj%uz0{}%mX-Z;W}B;6anZO z0#?S8?!m!9f`~Wo=!we&CjauY7jv0L;cZ%UL8Jcuwfz6=W7zWDlOKhJ90Y^m1rA_9 zE_^-AQ{TK@6jn%?zp-+nll*v;B>tu5q?crG-seB>FBSj}P8FzHWX9bpGoO|! zlNnMwdhX4gE`_c$8~i>eOH?cm{L7>Dxfo73b3zQngwGa6|Q@l zkCNlRh6a4WM-|@N48T=SOiZvLUkqbxyh!d-qCS4OeV;DhUR+XQdZPEw!G~kmU$pxkjcM7|yP7;8!og7h`MFAykskyf1t05rG#=(ngsywQfK1z^AvuPiLX27mglC8T*_;BK0fYO9{#2;aqb ztY~{}RD_u((yhG&Db54uI48$js5-Z4=V~+4%nw2O=C($bu@%l-rsl_OX&+=BWOkjOm7z{9Hawu?9)k z-J6_#S6Y!P4F>PyrL5B3_w5jj^uEdey+Fk8E)5Aw<+t+mQoBe96-4X!qdCiMTR@}5 zbJ6%3qnt9hqwX?u=3${sX2}YadLZ#Wt`lcSiAfAF{U3=JF2n`%bp%!7K)BD+V5xK};JLL8Af@Uw#AMPiDUk3ua`4Jj7g>`jjHR58zf6qZ zn|1pGCZ%cpYZGE=!!_cUet6>ZVS6$hMYcrc+M>vz}0IWh%Fw5zB{WD4|P>|5AN zBzXUaXY%^qDFa!x+M$~tv_(Uv4osAa0hy)nEe zY#A{GA80X>TkpaKHh^$11k0oeC9uZiJ1^|sIr9`ChGF2HLr&r{YdOBK$xtR9LJdpw zqhioubNeo5JcD~b7j^N10!4qx$;*$Ma{%+5Qh^FxJi5}TX{AQ-JGIi{y0M~z%B;U|L4L&%bZ{Z0_Zk6tCD%qL+5*Jy7;taye1TcpwV_FunGV|! zsVhUNGnAu%PN5KIEO!T$LjZuaw~!y@T(oQs zfTjhFI5MxKWWP6>0;p^gs3SzTw-)TmmB(?r-`WgfrLUe#$bcVR<}vsB3-^z~9bdKB z-#R0M8DikO6br9kMAa<=J!vSRA2 zRYWl{LKBC$-r>m=u!VrWYBOPAm80m6G)I!rq*O?vE`G=gwqN=#1wu*xLI-^fXq20@^Q zW&}E1Z7o~Ks!r}O-(+N{x|@j zYt-}AK+ruTAsr_75;qSgzVOQ1bNn8_FJZap8Yn5aZ1t__2$3LUi#fv!E4 z1wkrOrJwv1>_Ckt%_PH^a11p%)b$S4%Ixn?$lKk|=d3HoVhOLjyu92PNbKqAifHpf zhWD>?+QP-bv0kX3Fz3iTHt?p!>NFWRHg@o5b!Tq=l+Ma6SR+zxWaR_HT;lFNuqR4GzlM z+FH+>;FscKRiYUXl)!vHe5pFev*TaMMzI|zF-PJ9Y-a1d6OV6$N&{0s$(UX*^Ivzo z0-PPx7J2``^7S~EvbfgtFL=Ls=W3&!z9czCD=FkU_-Oa4y6^`cUbq4}J&huH?cW&x zrx93Z81`f3hUJhn#zS;Ugg}mgNc6`nH2DAHI<;#Fhy>o%;528{xy+(HjNy+Z7 zMEqsnsl#2s=EGy^8~WWH`EK}~@(FXF?7;iog^@pJ`mT)OHiu5zU6mXJ)!yIyVU^~R zrk;-TB@~Rr%>E?H-zu}pWckyE0&ZG9QoZS>rj#}rRo6aR*g2am`YDt(@_j1nifrEM zOKoi}D>2lCNeEW@o`$6j(yiqG{^xr^mvBUbG$Vj>A23A7zrTlXwS^d z$mU>SqZu&JVpHMirSNwLlnuovza)XZhav~D!$t!nZ(u`otks-8{2jB*uUu)B@D3AdeB%8AI~KQ0 z3;inKq_J6S^jN#!dmfgiUu!m;uAHZs@pvIEoz2J=K|(@mm>EykVQ~DJSIW-2)u-^1 zIu5p@-!fI`_;N|gvC%GwYy>Cf!*ZV>Wdi+6Z1u=}x7u#vgmsOR` zq7HW9y5vQbWmk$*szMim0OdyPF8cj=?K|qaDD$LsBi4DB{xh5POQ+UTp@5XU{Q}L5vkaQcCitncL$-E=yPndET zymQ>wOYGl`;AJgNM1p@vmWAil@dkM`4WHXPN-RdLpW(Tfw=5`v!iky{0`ExICAapG zq4O0R9@3gZjJqr!`BC zK6m9!ZGLX|>yn}&Ds&$E+db&}vnthgJ3Gw6sR^N+M5J7R#(pL>G@9ZiL=W!Bpb5>S zId{nZ$pAs>G-RDcCC?X+k0(;3CLr&z7M@i zq71lRKuj7A4ho1?M#@%RWj8djlT*>q`6`q(5DMOula>xqu>~2J!0!MYV{1p#_b>x| zQ0T341`Q!#Zjbm%3rHM!)z#HCcr~T|NFnbac=7p0CU$1O6b{VUU%znWAQb<;l^B-0 zMb*{6IFz0;J887X$@|-$B{`6lK#m5Ios(OpwhD!SPC3>glgZ&R7YYAVqk%v~O$U?G zlcRs`KY+yUz`U(r4CQk~&?sS{v-wgI?_ZYHAXN6V$nUwSV9($`c+p1+V4VgwPy$8I zDk(-!=;Qlom2-h3v_Pf* zYX>;0V9Ds>bF;JMli5I(28Z>X9w(k}z(Wof;Fof=`$M$^?k;tU16mJdB4g_`WJX82+KYX0} z?L6g!(R6a(^A3P#Y{)T_L2DO?gU7CZ|AmoEA8pLfub%q6>pr9ZH zg;5lGa_%-Tqk&>j(Zj4j%>B?Dj@Jpjgm(y%#MHX^mhpiypVFKk-vW?7lfsSi>fvO| zI;GEcr3Ol<2dN@8Jtu##hvicnPNldXcK^~R>UngTKp_EbwHrG`z}#Bgw6 zRL;uls=IXY#{Q0xTj#a+URdd^(RE|aYi=8_t-(YI(RnJO%oK5~&)8Xz6XiDf$=)T* zXBGPEve-tB+uCTo{?S0QSnTBn_V}2%I1Xdq(A@3L&d%}i=#qngCmIk;cIN(&u7&PT z4ES|*60ENz@S~o`YU3MmGwJf!0gvWDX>&3}3HU0(v1s1tw&J#(ooopo+dvVTQS`?(={NYCWi=m#QMTGKd9-=!G)*J`8PEjv6v@PCaAb2v@5P+4v9Q7=vlfIh z&wMxtA~cJE$SzLNewdxzos%2PO|Y^0Ty4|joe>F1@r>IaX$f`aEqk6Xg;l3jgf5P` z>I~S(U7tl-HynAs{Vdr}m^?>l%AkPYdv5$jiy)`sEcwylF9|g`zopaA96gkB!owL% zaqD}D=g9>*WDg%+bDb$lSWN$#drctb=9PUepvd6RRE0D0VWGNd zYUjlJ!O~-UHL#`WVKIK{9(uwJMF+#B?HsIoxFlB0gU~D zF=Wsb=q;`d3vKDJo;8bV&E(x*AF&e$6l7$82Nb_A6^wMI(##KlD4UDpr`z{%9MyW; zn7%#iY5cYwKhbb||NfnROf1{xutowz*j~aWJ&rk+E(Uu{E)*~6SJ1QgrK)OfXvK-N zQCry{17Q~{pc!2o$93Ax>R5?!F+wKS+F2P^2j>xzVrtp0_hAdQxj`~?;dbp8|G&G_ z1;w{v@DdWnG^!7;sC-+N){cNCd@dUVXU8 z!-EWYT@t+re>+P^*J@l`wC*pYz;+;dEl1kcG}P72Y&f1BTnQ3m+zjZKgSVrXUUE}W zJ&)}-sBIg5rwTTd#1Gnahbw3l95O^yTvW!?Q#Yh^a4_AqYl9n>+Cd;frpBn{D7IY{ zC}zu|!H6w)X)cAYc!=sjOSi4wY~)X8(iM46-C}Mk{xcynMpj&)ib7t|AiUes!lq@b zdFgI*>SEq)I1M=PQ+F00F2^FEQ5F(`em6VHU6qOWH}Y|V2V+niv6)5Y_s$`k6E+z z&aSPkt>A*$sFy&A2q`HfWcB5j*g*kQ{pW8 z41x%cTC<0?CoQ+8J?ZlnW|OUaN0Y?Ff1q1$2SNNN!HAsIRj#f^t z7!ptwoh#HCgka1($7=XrZWcjVqU>^ge7341gZM<5m$ZGapb(O^V!ofL3Pw4F)ocar zmah$6+Gp4k%6J(_*5=B$DmN39pP@Lra!#cS#N{MA_O+9Y;wT^`bKg{KPV$vb30{%` zpMA$R*F(Scy<|;ZWmf|94I!DG*#CnD8+_Ld=2R z=Mg{LtGZiXzlQ@B@=>F_++0ax4p#Y!M;p2<9Ms<;eqjsf_>J%LRJyuY%1%NAg}Y=1 z2BDUQ=kJ) z%Zbou>7l({Xm1Hn+w*X#mqqkrbbpD{+>H78(5K{LV=>`}f=XbDkEFRf8 z!HIV=iv3YC!{Ku_wt@;s7UOBj{d}jQ2Y1c1ua2#$A%||x+elhSN0h2q>L7X z6~a$iS{xs^&F)E&sQF8IBr)Li=M9jUL|R%9ZH@2Ar?)BF0_T8a*TJ%tURCZUvDDgR!@uPiLHF`Mz-eAiksbyG(o!?n_@X=dbQO#=>nEw*0K163=%!}2#-%g#O% z%LmmD%acBcTsPi}BRmke9BmG!gSmwf>*~|K)m3CNi}mP(Uoznoh++IQW3ynDj-3fL;mlX>2f*y7P1EI%RAhc?A&= z6gUV11cepGK%rEoL_~h$&`eM`m4iUx;Z@+9*uFhiDbV?KviLv;t=GhfrGpImB-|Vm z@P147=ZgLo1sZMTnpEh|C2`FcRHEXD z-2itJP*gZ<;n@@X;Q?2bCnE3R)g%vK-G-&QK!X7mJtX)x#Jf`Cr=LGf?L@Rc`z&)L z)4Fn)k6a;66PZcdDGa6XuPke*ufM)n2a$aI{0-l~i)4+MbENqD`+xgJSfDa{Ai6NO zus{?DhMBpQ$0Oj2FWB;?@>9kngg`!Nl1Kwz9j;M-?0COa(85(S{L= zX-fPgsuD&OeT$}#XnY1^?=9K%U35^gMyFR2EBCj2cb>b0&qyrlYOgj;yzM0oth}1$?sVqs1xqG>db)mB)g3yekaD}Z+rnrE zln{}=W;nSH+BB6RUr0l%`(CNBb?4;t55MPWv5sJ|;I*r%IuTEzl-K;9D>6y}Pl1;D zO0B`R9xMxOJ-drujGjFZWJP&{BnB+*Sgs@`FHOyI#|Hi0_>6v zlFrXv1KJ=*9pI3Q?$LF;3Z;srQ;Hd$7yJGYE~@IY#>y2zg)758>XfRbsAJCGW7Wcm z&xfn+97w+3kTdVD?VF;RnmdUl>K$I1rJQHQTVTce>N;EW+#Yb8_gR75=@ty7Qzr{K zJdt?O9S&Z=YEVZS!CCK)ETJtS#P|W*_OygA{47f9BMpp>P}DuzSMRJ>cd>j8!@NP} zREFh)DUM=q$L9|(k2q9GAuRYH#+8|uSA!BOt-%Kl%b5dymT*D2l1~+WS|D~ihYv&n}!AAwk}A| zvc0~cZr@3JNWwQj!`~{O^f^i0Ufs#ZmbhB3SUb9AxcwO9=$(A}#1AAwTX_ivixprg zDaEiW$FRr7j$Sn$s9NHMWhXM!vQhCG4c{wdFvLJ6S6YpQ_g+mkV(1;}{GHr!=(%2j z3m?{FE!3~_q#2aejQQ#b_X)YrqO#>;*9vn+W#halerZ=Cz8!w;K>BGz~@hTOLG|qdpxQQu#OCs z{ij!i7-x_WUaZJCdviPpC|F)eYrgtttO6q{qiXbnzT^_O1dKfaOFbSr{;VS zz}zYu9~3)$Mm;MZ(2ZzYX@#zw1racM%#8U*mTKR}k_~Ka$(Pn2iXPzI%N^~!Ao3KG z0uR2b8)HtX49_(e?LA$6PQ6p8&E%Dhj@Y{Ode}T#dd)vF&DE-i1iiIZguu$Vkh2*Q z4=Ud}2?cZD%BupC5g-3;=)lJDuwi16A%3?Lt`|mBNM21@Ge30Xqo-IXE>mJ&AKF2c zDnpEE_6A2yx{#Z)XvVZD`(q?zt6yPB|C$4HojbtymUH5K<&pQdklc|64hlJ_-Sojy z9tw9ktkqGK)BCRjD(~AVRi46iGUDCY{TB=H>uSEU|HeJK+doRe@)GMG_JH+89FP}r zav|98h9hk#--Ti|(D4o~ZoGwnrwF7IqX#e8y47i8%2*hHBRqsRdq`zt3Sg%ZwlrIk;<)KxOYhnPU4+$EI2bbW%X z619X2ON_K}sFpUflM8~_cm3A&0FKH0m7+Sp`l@6a*B$8 z0%jDIfw0?0Z=NP8q}P~DRGJi0Hn#_eqG_cE)Pp9x+n0vn?%X_6Y|&Ar${ZyR`(=P9ZS15Djf%@g(;4V{zc{;JR%XG#2Yu}ZbqDBZ+GZ;j zj=4xfOh=2O?rf9b)HN*S}Jv5MXWtLGZ?A zW^y^B21`^?9V^l~qeVqU?d|PxaX1<8c^dbCYRW){VQ_jY)B<}&uAd!K8@Dch?hsJo z+G{h(NhpXt0gZ)e5#0K~WDd?erh6omH=z|?90~(#SkpaR!6qT;OC2n=F~Lz+_`+)> z!HY4Oe=xk|3)@&cK2_XPhgbob3a3bHr%?t@ctTG9a!e0ecFMr-G)ky9!!DtMM+uN$;s&>-2~}e`0nS{?ER~>#WvJ+ z({~^U8$tSed4Xx~i=R~!$wH{{pshqTQv@8p$Fkk1_)4L$$S-z+WL2%kLs`X2vv zC>N6$skJr9Awuj|+z`Fod#cLF9ZUKJCNp^S&OI@!c1oyBAn2xN8txYcho^+nuz?^T zdIF14S?rCd_?WY$r6q`O^#F)mo=qS*eb1FY4J5j3oO#Yn%=gV~LqSpmh%pi;2m5sE z#6v*$VXw@}+QifpxFv^%6id0oQHvKBb*tV$yMEimN@F9?MtPkR2Let9h}$~CtL~}a zD*V;@xMbqwF($cN2x`5BLO;2+v^sO@pi#+GiM<>BV(~A}PhM1JTG)PA`KAF1pm%g&Tq6Z;KWc6sJV z|MOQh#l1~O7<0@j`kuD84}y*M_d2hG8D7;7!y0Y_F(U1R=U;vN$STNvzbBl|8)Q0;VxG7Ta^(s#>#7 zTZlBc3#7hUauP%UgY(wO3$_m+Xfb8b)KyuVNsR%QK3*1BU>66Y0Mxk(-AmZ8owYTZ zPc=iDA`sTgsyHqz9GQ~3Wo7z9V!J9MUyI_0b`@Ij^yilMUf_Aw%*rnj&(_;7zTA!E zoh7$1H84|i@{-CLv~{f~)Mk1|i34OSGt+e$aWl37q3)WCxl&PH2v{<_+qB$W4heW} z{8IVjTAgP?%1CHgS-g69?_+1UGKe`EUQZhbkxS&8kR+N-R-O&%wt_`R*Ep z2n2w0@$E_ak%|NgM9Prj>YRklwR?uS!8|5RNEQyzK#XzlLdfHYfBs}c8xs!W2+7W- z3|wuXCvm-upRu0YIa4%qUjc#Ipf+dE8mNg1{6slQeH)H|qQ2<`+5i}?jLi0*KS(B4 zXdU1wnVe({M2w~_!Xh8G4z8SrnfCWDZUU5_29I0qvYnq%c2Z*kMlADf(0B9nSViY$ z;sA`@3Arl+iHt)cFVD16t{s-xvoq7|)Kp$-mM@$mB86JAPWCIkWsXhy5Tm2whwY1; zq~WcFlR>jI8--}zy(2`;2F8EYKmtTHoo^mpx6YM=>=IeaCk1$m!oDL_*)xH3Pa-`x z_p)9})tlnx4-x&OSRaeLHNMVqQrc5I!1J1$)Rl*W?O+4r*j(E7e zlcy1tfJPVxVpWzf5KnHin2WKs~cS02GowKE;lz*y8~z&yGyU%??;pWNV`VjN-n z+}gAB=f3HvN>~KJFAH^I@j`KPbd9*)WLBlP-Q1<+Ok&}hXb>93Xq9LuIPI{}9P(i}j)tGw!aPj4tZ(xxfbl61L*%cn>9q)l?jgNA6I_a@7q@L#sS;8&3 z_8b0aPhditcDDl!J(^y-$$c?354D#&9Yn%Oi9gS?QY?6pF$>I+ehGw^&RHmhtr=a@ z)Tg~+4v-)x{k44I4$MewY-~XcGGor(-rf&{s(N~QYHEN?60FSrRm`ibuAb0m0i21N zk`g}H6CnCG>5}x1w}aZTk%)R;BDHM?JAccva|ec<0$VpM*z?LFfwVfm&r(t4@jr}ZPHOZ&FNmB>nPe2@NxUf-ZO#zU?JCuSiA^Ua436CGQ$>;3FPr4^ z+7c2dUk`BancMJGxuy2yM~)-#zu=0*dsLAU+(}4I!eY7htQxLYYPmd|$ttQ{lS?%MroXEz@JyqtEb;YR5g~(967auZ`?f zN^bWOgi_7+{)VOdY)xZ;LI~3qciR{zGXbHohb3O8sS+2~^Pb=DE@~7=D*m4OloXCN zRib{J!*G*@&T9nHabZ;7W}Y&if4d^*Vs9jC?j`Rly@SY-_`$2V*&p z$aQ9^yD3;&kT(z%G{ zv$eT-n+oUq8dWR&ZE$^P-Lavep#}TERe&{~v_%XB`c2j4S|Exp^Mj8wj>;MbrvEbW zO`^@mbK~ZMQTd+)l;Pr>JeGZ)5qVl@suKwvX&+Cq= zkek5hHj*U>O5hrolpCKO)!gY%-N)snsxB8@z9HC@jg8ie5AgmNhPP0oh_i%skWg9+ zo{&q`qEmO0UZmK}=6G3e8CAY^Opn)jE_{V+OJaYnz=9 zf8n0DPjlzJFZM5kT3({NnJG8G+aRJd(^GpbF(#-KCZ!&^ri{f2X^p!Y2*kCE%T2eN z^nR-ZZMVA6&yTvE8^a3n^#^lEBH=>KQmVy*tL-3p5_D=x8>_yIuJO=eAAZa z2yQuHroo;34Y~l&#@x!uwTC88ubiM{?@&}mNy+8)-7^xVyHLn*YU~v|ZalVObzdtf zhjnUT4yL~Oy1*^ySy7ZXx<%389@w2TJ;Kk=XuHQ=Cp=kuSzd(aR_7yhExJ^vMjH1s zaK3Nd5sQeG>|o^sfy6P}q8$%1^T$+j+x#1*STkWXp7g0Q7zEwGkQr)PJ^n7KdaXY1 z`y#enXHd0V{N(<~r4MnvY)NU|C^XS`-kMLRyUnh`F_GwtahNeyt|d-dKCeJTP~Vh= zB!BBt0O!crkFkapWyIXurE8R$zHz2VneJ>P#bRP??8Ncin5UdQ=f~m7MDj9RT2qyB zbX<2^H`e(NnPP@}7M0#Vy5>*bV8p3$a_db>>-}!cE_kIjj4_=k|EA~>zNnC^efK!N zdF!eYCZj$r(GX{1?+!;^F-P1IZAx`k_ep~^_G780r%tJYO2YGR$V7vcs6F>O+dq;> zSVcAzjN&bn31GbU8!R#v?OOHFy16K*@$oKjZ%2l)om7;~>Unrw8@&E5wyVL#?bO9h zl6BIn5~`H)9kS!@wVZfB5Y&T@2XeY!sco`^m754lpgtcQd=t-6DOd>i{c2#8_-i{3 z`LR#9!iR+qUyvL>j0taB-Eq>471a#e@hO3C9M$wkz*6R1cz}u(2s=2p{=hn%*N@$U z?z&j|8=^H$8?BWVMAJM6wFip2HsAFM7@2df`t0hfFrv=2>&;6toOq&b^cegBjnbCQ z!&A-ayiW_tET*Ebl#tE+oCUVbYTX~7d6&2E9PGOd5gs;azZWTbL}|75G{BffMwcQ7 zvC#_;o~$U@)+gQkV&CF5D(AJaqbYphGn=vv(FNJEAY2=haz#<0uLNwI;{wx?W;fir zUPk?+L43X1?1hW&*NrvWI2AX@ng$^{J4MBXjOZn5{pjxyc|^F+X@R?F*L=+Vpvh_j zt%GRIjmb2D@&nXJ8R-C>I=B?NB4ck@5D7B;eqMt?C8v`{iO}O$r#BPLa14jcR^RQtUf2$@x^ohI)q*;l zkb`UMU5$&Xp`1}#=Vp_K>ih>YleekuJ5FxUJCPU1*b)To^ZjOOPtMX}-K6ACFFddH zb%jj^8@VX)e|lTQY0 zI5v6m+m`LZ)5Xe3ch^a#yjUk;f8qjvm4$fZW%n#W+1ZmLV}{sqP1X`SR+|bP@Uu~tZufcrMX|;p@#o_bj$WR;2)WiO&jsTvPS#N%y+0sRDWq?2;f4O|sevRbc< z+QZa^d8y}=(~!H_Hf)FM5i1#myI-x5S26esGcOJ|n{?;x&Y2<{DQvgk(vke0`SB3@ z`qJIB8(YPCl^@F@mxsHQPXh|CzOUfAe0k@2ZBG%OU(6wNZEA8OCy3l=d0?BWcDR*c{wc*9KI4<>I_?dIpBR#FS-pcoDs`ud37+XL2gf@kn z#=K~s=hB!zt2geJ&W)LUqG6hRI@7e}1$vs(LZ-b7WO9?W&vA^eODcu^)3!r!&jUXD z2-d!$TOqezt6LoxEZ(#2#D6Pz7a|%#;+Xfyw~!u zG*9!Zs+>=ErpG>4ioh#eyQ>Y%K<{!-Cd1fas zk0Up@>cs^?hdtzo^Zx;46~@HkfrdDgLSf*)d@p`Cy2N0?$8|p&Ci`vU4XGCPlZCFl z;;kdsq>!k&(+5lnjv2!S(PAW6Z)1f;W?YTa$9Ecb-I%ShAkthVhrx}8&Pwl?-QC4! z=MJc&u%iqswN3#Vz`Q@>P-t`Cm4t+(gFPJR(WiE>W_%og`C2{~zvzC{`Z>#v*k#fx z%RtAk8H$O~E&BxuYe;(P?9TOx#-v|#Si;z(ZDb|yG`e@f*5{6-IW?py{GL#)jL$J) z64ZcmD3Ol<)uLF3eECw-cBhcT&<#B}Yhq#|ARr)5IXCrE1(bbLD-=Q97*vjdQf$r9 zTER~#nw$3dgmAk2n!@PGw+1Rdc~0U-OADgb6|)N~S;eQ~F?Y7nK9I)UL1}g)+sWH? zkUEyLJCZ+~Pj#;#5TBZ9@W2lI-YCDeu`yBS!ls4!WT!dRG_wV-$75{Jg#Sk_F$)@A z^{%;932%O9we#u3DS5j!HVXPn600xw>YY_kf3Y?_aM?p!z&&$u8v2>YK>l-Qug1k? zRM3ED^H}vZq?z_vX z{^f{)xoZ9feM<9#%e&@`D1MwH=Ewf551j&`E0speuc!hbb)%Ja zx!jr&I<2^m`5zJ%Hw5Q74aN=54-bBssUpl)CIrCrivBK^HlYWos zA%F=m5ny&UIXKsVQyb~`^&n~1;L)8ls{F~;$SFkyy-A(jKG~j9n;o`!S=S8Z={No{ zCMaWSh34sw^q+0>boh}c7Fn``()b{=RI+H$;xZ85;0-QB8#Sy`ryB1V<*wuSB^Nhk zm21a&vPjJ2wd$ea(hmdX%Ia#Li}hS!G4gcDtgd#sx;XAKY|+?w$Kg}c*zuNRmAKHW zA%bmmlqv|#XyWixgG(iaeR68Cj#RR|yncZOB;Qv>NvtZ)bQ?zUn`)Dr4E{L%3PLNV zu5BAOdQWUAM=!iHbw#ttl_@%>!&PD>vl-=l`LoA#;|FPV6-B8>DGem-1whT{=@k#I zcUV10N=}Bu;nrL!GR+C6NVU_PgQSs__cDuB)d`IgZ>-8|`yazb1e@Bf#v_zjzAiee zO--1bd#+j}--UlbO?f~^7{OXn+F@1r>ELUH#vYpb7*M#sq9Ix2b^@f92Xq~6XHMo} zw(3%HpO~y(dv-vZj!S1&NQ@k)K9C+YpY6E{Xji>ULumDOGTPnzH|6^i8n}pKA zc9ux4y9w#DM;N!_7Hw)n+NQN?`}|iUy*OGXU8mu6{Ndlq8Be-sH&?2L&}gqm57hmfwh3x$foYgwXS^zb*VbjyMX<3dS#p+T_45>9K?dG#^Uh2P>|oj7 zIm#W~thSz{i-()_rX(gO^OJNJicq})i3&|k3ofG&ZgFKqN%iiS7QK3KPS3016(*^t ziG=77U9sKL-#F#npD=?MHbANsJoZXm0omt_PZw;`E`NrA?d0nKc~R#l4^N&E<_BYa63pb0w$uPaWTk z*X^$HTPDP0jDJEY;nKnVd$S!p|Q|KmN9?eC8$G*=bhc;o`h9W47BX;IS%SFd8_2 z1WDa;zU&AmjU?lZj){p$O=XQiTQv_^JqPzKQ!0{+iz_3VTGoGdWm*Xc3NyUkI!~Qp zC_co`O4WyKS{AAjlC#L+93dg8@8oAsJ*=Kt@|O?3{nJesnC?e_jLsf+uBa-nX#)=8$m)2^`Hf>n$Cr#yx&Dst zCjK=8BW;(Yx?iz(BDf-Tzlaa91T?Muwe2?D2=VfczvD{oF%6gG2tNL)!y4MIq^&(U zHN_kPOtc?To3gw62bR7y<;EyI%v<^X-h!@DQYcupM)#dqQBmW_#Ke;Lo|yPOABP}t zh|;^6(ThhG(mDH|?uT2xY1v)2Ox|{4Ia$HUWq9I&27`ge;2u7_j2Zq&)RSkaN(KtzF8!?Iqtwfv!^$S^*q!>q**my*>o43 zZa7ZlQu?eFN?A-UC%!Cu`qupsoeS@IC^Yp$I{+q`w5Mt$*cbMUj^Y>HLss; zS_NkWo!0T{7j%xS?QFGfsYB9R*g~-X+JupNVmdlHK*?cmUk1Y6bw{uI-^=y@-;3;2di<|%&fBBL=^UI6pZHuP5@;)+|nT;bO!@lDs zRHFX+mgY{J6?|2YM?~3jGVF96YmOuz)uz>7!?%}pD5~AXSVfT{rueWe_%c}2h$;$osF8+r7nP0g;l*h z=G8gy0M+NhQ%JN+IZ^;ZZjw|vC(tx|vlZiWaXA>N>(*uq!g2GjLQ=WAXIBc#VX`mb z#+*-cf#6nt$xU%iJeAN6jtaG&n4I)LboIg>w!t{%I39|j+)C@F_kgyGR?}EB%cLC~x&m5S%Pvf6s63d|*x9nQG>n$mHdce)(WC~c=UT@>}oJNY9lnG$8b#M z(7B-J#KT&-4D@!?QO(!XafP$Y!}F-QV_P z)W(vAse{Y4m#4Twd%3wGYy!Znd`$@uUS@)NyKSdz{1s+{^}HOZKKrUF|JXqTK+Ok5 z5?2_0eeEkXU~ih@(fvYQ$GJb7C`}68!gd$wz8%>7C-3mF?%C#~kGfl->E?;9kN3hj z?WpcJhwbPf;)X-eWo1>r@chW1dzguk=^rXuD>mqdGk>*mtmxafEZ_=Vq?pt+WM9te z>|e``>N|-N$1S@T+wrPdE9QOaSIlWn6F@kS-3*n(7Z=}}5v-&O{cS3xngZ7v_Btzv z22R*%8`=8ab569C0+4u3__<_XDPSQJ6Qg$Qc=+oIp9#AjhQL`d1-`2=5eJrzlYdwE z+bxRD4Ia_3N6A(16oMn`4y(EQIRzQ{54pK@FUL1ZFsS$6mlA#T0Z};lSKUe{Y~0x< z*@EG$>*|WK1Wz>XW;48G)aGoX{M6Y-tF7-(c=e3Gw$3!*i{VZZpM?Su?pdhn> zyz<{&^^r;%eZ;HLp&%rGVfa>3eupOZ^@}o6z#T!w+TY&??xOI>$Q!rBr6uEVN&i59 z#g2De4<5&{XsanJm%ke?ON)0q>bDmm1u#%56lw97DpH4shl=X|Vgv4=h+$Q5y!0_ns116+B?b-b{{0&$aGaet zj@`jKDoh}pM)-8!2?h(JX8VfO0+L3mSS>yQAt9Qd=VAvC6B9mDyM0BWQ~Flo{rl(n zcmVnIH(x`f52S}0IVbQadI-9V0fgWUtVWRX6EJRgXsd+ zpP1p1krhWih2v=a4&yuG-vNK6d^{yBO?9aqM{U4RSAC%e1&F9bKR-0;QAvkdmGosyEbhzElPO#)aCl3Db4G+otv}|c89;(8n>km6k{8)WYdJa z5UGLzkZ{QuaA1mx{ii<)y&wDcXEp2?xY~>@w1-~0Is-<9SCdXOO-KehHDJ$yW)1AN z8<(fu-jDD8*SOO$yrCw30wnO|ldUo3iNoBUovjys}Y}@oaNUEN3EVjtd(P=MLGXzEF~th&uQC+!q(w42D6o#P<)9))6oYB}a16H~$6yLC(j%<|Pi8Q%{PeEzHF^l3ih^NwD1`$0Ye zSGl1G-3l)kMy>b33?b1p7{@4?Km235y-QILhu<0gyO)_S&I~ImUG3CI`-ToWrP2h~ zm7VKiz_MPb2rN#yV}Y5Oekajx^Oz{efW>wrVmh^KCoj{;D5KChsBQg8z}OZ}T^k`K zsXrYVUs4X*OA*25HHQIyi_|wL)kFU^U08@er6e(*@h;8l1!>Av?~`Pa_#Sz5Kt@DI zo)?5Z*7sSawXZ4693(N}gdXvU26unwCUFF4EA!TLWv1Bg_n@%@gM&f;gWn|%_+1S6 zOZ^(YHKp#tWeaVH`?ZfsMynlc#|vBQO{!;&U3d^Wuv7EckBetcwAwa}C+fI2vtK>n zxV>G;t*}2EC8L=b{*Zg@iISQ7msc4K3mc+Pa_XYNbvoGu2oce!OE>UF11S^W)5OC+ z8lL>u-Ad~3wV7L8%oXnh)RdxA?|N2PLN?tNzeWn`>9-8&)W}vtX%uE|G*{G|kZcd+>=$E2$j)m~Ma(4Zy$$l4Pffp8c*2xMB817KQL3-!1OP}F}vY+l0w-P&yc!$S*jEspC0 z2;rN0U|fi%k&Xu1ETJ3ZA+1atP?Zh=M)BV~R1t=Gd7$aa6^I6Tk#USp>swhT7ZDNB zE|ce_+$fLk&Z)Y0e_AWs_3=C*rFT^c@{Qf8jmXD4R06mwTsBh)X=w`R<1SsL zr{5fAsim^p#n8JstuXDeKgJxR)#OM~dR6@V={n!~ktgf!ztBzeJ7Kpcw{K9Klha|$ zUL$~vxyc`|fKObGH#`7*9=_R&0OkbZ<2~JV(Dj3K3Q#NmkFP^*Kv&HImW$tS9Xxj5 zE^b&ZX*w*WLe~m+?;egfRY)=5T;u1fo6$a(Sif!yfPe>KX+vhUhZ#b<4zHZ`YS{4* zeKqlO$%?JXT*p3IEwi||$j7=psA&6ZE|Y+V`;0^=QF~{5A3>$<&HU)>Ia}v`z-NY- z`NldQ4#sC~rY^|KtJnt-Dkq9O&)PiO+gIu6=~PBXnvf%x-!DqWbgNkG3+zqxuQ;Em&~k5= zvDP52j=VGzO$R}gwZBLs?!I^T+o}}eFM#6Qj|Z*#pL1OizhC*R|w|6PL_dcyUl+*VnMo}^d2-^Oh*yWnt z50W~GqpV*Je1<{oMUbkSa5}KLJ9E{%81Na+$`=G-w^f@bJ~S0PT-a=CJZ(`|_p~$F zKQDc*cz3!k=CRQ5%$??Mi9IVatTkCbe~y75+2kWUjs=cDxVW7);;x`3O^!cE<=;5i z1GgT0Am(uUtbkVjH*WMUjt3PIjW_&whQ2`8M#0FzO2WiRR0k~N7Q;4De~^ZYWF|FX zuNBmb>4z|k&-CAhA4ujp2iuy?&CtkD>HvYmfldA5tBCY)v#v&vfD-&+x7$<^Btk>NQE`H`&!je4^KBRlprE;}p=!J)JPTP(t7 zV-7cKYh@%ye2QQ0z2qc*_&?53lQ|9;BK-VN0eAJN5^aSWAgj+ylJo@Vq>;Z1f#!f{NA^GaPKissu?s1@|F`?+_doa@a%ojHkj6N zg}m`am9MT_RTV%Ca>}7gQwr~#x=g)eUjs`YT7(>wZslQO`MF-C5KA1I$wX^R_GKwC zd5lbXkOE7)1vn8wtDW)tfjK3ON39?_zzHg^txAO)7>(cAnwG{&v)n~70Gi(r8fhjL z7V?XHo7#1tYOmP+ycqC_8udtPW!o&b{#bf(#y?_4$|KoX^OW44U?~ZRgw+c*d>{M1 zdgzUEgaioSmdLpWWG5ox&=ba)_~|O+%hZ8feNQ>aFUFX%gIrlY)$Xx`?{z*7SF_j0 zY6k9k&q5J03NnJK^XKK5w*zLBnVzN9E=_>IL8r&XSl}JP#uas<#ITEOT%q~n^JVt& zdd-jNv-~J)^yTBoRxCD%s9K4h;1Q)6ICykw(24k5tIQi;#jeuRbuc18E=k}(Ray#B z4nD!M$L2}(@527Sj+7J3gq(SF{HRE;a)WBg{*bp6Y4#oU;~=i| zDvVp^0WMX=p{d04MErph%6#$v(g@(Hyyn&gn>2i7( z6-!KC8&Q;_a8al?IZa5@!H7k_=|PFu=3k~Pk{~-wHTX1={e1ln%$zt{~#ABVG~UF}Xjh`Wv>x>wLsx*xP1DxZe` zvu_u8Giy1xJr)j{1hx*(tw>3@ZD$2pdG}Q&Vc%NQ3a?kHl8fDzZ6nV;uLVsWJfke z3JSXe*6q`?J3)dFyzgO*4wssaBU8NJOCXaq)*k3HK)L!Y-!OP$6DOkUGO1@JDG98& z?e2ad?USMjfF+b{`T)wjD@-f>B!IcmEpm|MNFc#t#25(7`H(lBOJ}NWmpHsT?nkc> zY3?lLC&Ggm)C3aL(A#|*{JHz884#?_dop zybmJ@T?7FOLwf5SQDE6%(QizF9Q1u%mlm#LLrBxMGw$fJr$Wj+&+U_Y0s-#tU%a)@ zT>w9tqWI^Vwt(UR=F09xTP3F^*9+9TN+}EAuZ>DjyC`e+rTULd{V?rLR_Vl~mZE-o z0OkX9P$X1SQ8BKbEdMh>h>+KWacrp2vN43{?r(izE+4U}CL$!9=LS^mqrc*t5A$3f zYD#PQ>bAJ*`i;elK7Ihnl!9`sV-(nvAV<^k8X(|hW7}Q7WIv^F+~QxF^5}bCI3k9g zn2^Jm@{XZvm`I)ra*J!WgZ+06AS8E_7aDrsCPs6IXE3Nt{dgo%+N%`mjsk5FtIf#B zFacwQc2%KWS*cyweB3i7c?P5E$#^#Xh#KnuAorqyzZ2M9zLk6m4-E~87+H4$?ur*s zak9>u6jm#Bbtw-IhFM_O`F8MElMP%AWYMet8EFQ1ev_wgKoACV;`i@?&9D~^e;NRQ z=b(%KE8kLyDP<4o4FtGKBd)W59^XvnGs7=Y*b6Vnx3{T#%TZ9m&_OZuZF>mFX?z3d zy??m-l4Jl9_RscV4>(o+eewUDs4_6HD4dekq-;2}T(5FUZoEQ9XvZV#o1-_2d8&M@ z5KYOpKSLlHgBEEX8wzz?C5+QmJHzp*($ezc|1G!B{Ndr2{71H?z0vBK>%9$H7ui>o zH?!6HMFMIK0A@UcW=gQqaJ_pvbG0|voQ9Jd13AdOjF(6Z3+-+4GZ_cVDedM-QT$x5 zGWkEtEvz+xHly;|E{ zJ@qbgQFM4H8QYJPW_who2jJp2zd^8F=nt))HtnaKQeG?$+_=m(JZ!74S@5T<+NKHk zLMh<6TJ}IQf;2vwfRadCQ}u8Qi;ZXn2(d~Z)C(2cCVDyF#NBZ!Co2LPukR1vk~sO3o_< zY=RDReNi_>nzQ}=$J>Fs7}VI|J<4XR2N#|JpKC8VQno&g>UxcXGegt6Y!#l>xGv$| z(RN;~vu$)d`KbON~`$;D$2uh8;Ju^258VN?hK@EJMrZj%3?5WPp)0zz6foB9*X5+~ELlrN z6Q^lFOe4lhMS8F-W3aQ|e*CkaenAA#O~Iv!cpJ-W)17V7+C*Y3mdvk*}NOtdzba}d5NZsuJHMQ}pdaf$($ zJC>?UHA=LHZf+$(Z3J47h*`=oc3x^>YG-!2=Pz|w#NhaE?H4o3wI^{oE93X;DOIrz ziIA9XtwVp#QXE4tO!o%uHFc_Zo!?qc&L@rdce)C%MEd{8`~uH0p_NUAbi!H$wxZx` z((9#~i$*wV)$!_87n&5R*x=U8eW6UbCYmnuQuox^vbCv=%UR$06GmFnfP|Nf;)yQ2 zHR|Oz!;>4#UVebTuxQh8&KGF7(wpjiyc}QXy8BeLt9UxwWu}(KNvBM&#N#Oa=Gmmr zT35f(clTgN0*N7#8b;uvhWjVC@m)U-P$~ecBvooX&1F#G4d~&1z#=2xg-COBQktrm zTlo>ugw{^ezPh}s6HAsRHOM~18z8d>PxzIW7{kW@%<$mXTxvJj?m01?;qPDF@u`Vm zLLT@0y90W>gKJk~kXH@W(_WK3x@wcj&xAD2&u`GFmFZWJi|6#Ye>BESDyQ8?DX(X}PG=l0OZaPR zDclZhCtY>`bmd@$pDFer(?u^9zN}rfUF)@e<@dqOhpOy3yO!-6c1MPYQuB}jbAXun zvwnn?aF;?dNs=%&);mJU5WW3DxMB`nPe^EYUPa-dYu%f3SlJL=TfoQiFYa;-e)`l3 ztSJOByp6TS@uM3e%WYjD?B79h_GO7`z+3}?y{V*)y_(jaz^^ZKo!OWuZ~IM*+c-}V z%P6JISI^$y3sa(6E;I*E!|QYKl5?rIK2Jo2Z3#a#HN4Vwe?cf!7vOjo+(Z_P><5%q zum{l#g@U8sO#ZAaIz&%GX%SX>TRxyKpM}i}Q}3Pu5a`(W)#t zx9rm&7gXp2RRs)0ff-rdZ+bU-C z=YdgXVfs*$SENxcxr}sPQ|ppfKQ}Jq{61JbrK)IQi%(Q|#+gGGA&Wr37FSn@qZh5J zckp>+q4%h1q5jIaG-3kre~)%O*m7 z`iV84rnX_i%wvhzx_ae9U)J3oKNZM19Rp_BLT?e9#etCo#xSC_J*iCnZHTXizYk zI4~(bEeV<_wt2e)P>`F87oy?J=4Qy-n}mfx8eU2d5=@{6eo{(@v!{`(@fPmP<*pT0 zl*eMGAe!wI&4=+rOcm!xTa-9o%!egnf~EfMwK(pa9Y`N{3_|o zg$m+JqpOGHswjP{ZbJX-{MFS{)9J*;V7t$&xy< zD`5{?*o@d8_r&G39=+4dQ8H#uk$}TUhytl=p%+`@_$nc=Z7o&Iam{l2E@(;5Q626%v>0p}=f2JIMH2y)q9z?twEk@R&d%o$b;>r@}i_F>3Gl*-t*SmA}W_vLh zbLtE4RS^@3zCH zmIArVa(ny(@7`W_h@?@t!2d3Qe#FFx=Qw|rET$4Jtw8;%gSI!g5L;fFS-jw-ojmS= z!xJn2n1ix@O9;WBLo|4SRsOz7>-Jhmg6f^*LrEid$@?4BWH5HE^xz-71caE9bZzt` zfv+pDxN9^au)GDwtgU%6~PWwe!BH*EFtOpC$5ZbgW!ztjeTjn$FCM+!k*J% zPvC&ADeNWBIyRfTzYwbs#WC!_>|i38Y&-z4#KQ3X$D@9Z1A^Gg;EeT{r|--6%LN`z z7j`rL{VwRLJLsnJ1-8UHe^pdhrc+3M*6C$f@}~^RR8ky*Gp{B_W2}c3#4F`DCQyMcUPBRy#XA;UAV-gT7?-Di4S8;$4M{ zp)(pIrNYLVwoj4)Q5)w9Ol%GVA9GnSnYpVf3(qzNzcrz`dqWptB+s_YE1*<@t$wbf z!r@v{9I^p60%0!~pSZ~m@&GtndP+C$Dcd9gZG5+!yO?SI`Ictx^!xEjWqMPoKOJq~ z)e<hr%a?u*i^4T_r3ZV1b-!V^Q#^KxlvD zJ-P1Xmofs11lfZm7=*vi49$~7`CF+NmPi`7811X|OXQTgDgk~<7Llj8{^+gfd4y%` z#lj%sH#~*lOC@-RfMn{){rh5>(exb~_wk+XD|;TeiUx~kH9t+PK}(;#{-yC%E&Qn& zdS>cu7I&D!E4lzk-esoZ=db)^laWCF#||>}dxIS328b=z_-87w!x5_(%dBUf0!feV zGyOJ?KU(=@W8<1O1o60^Wh~ z8P9>(KLXn+0a^P2VO8&b|EmRnSgB9OVe6+ypjJq06U$k>X)=PW4nhJUNbSpK}O@ve$5WL&RXq!6w!WZ}s4(LUPk?Rn|bwo^O#hB9 zzZBDG@&4`iYff~c=o0;WMJ?+U5(^Q{-*c4`B|9U`hn}0uK{fVBozi^Z^i@NJl71zngc zA}uD4I=&l&y1rR`L>rYd{I06h>S_;F8&^L+=qQr|mvySwD#n{?<}nosn)Gf2Zg=!Jm_43yUsM$|dCVr@)pN1iH2#Cp zKT>u152f)B?fi%jNLNYD#7pzPV2FX7c4K96;7uKDTDB# zP=P?4>n}=$vz=v)&1ItLN(?G^wNGKSjD&n!=wWi0U+I4BCOnFVnTVRG9n>a@*6&4okU%6iTf%CnK z<@;$yszn_t!UK)t962}p+H#1DK{O%v^Gj|HS_}NBbUb%5Qq5*BmqKyXyxl5(D{=Zb zTWNQ0+WH*r=f9|v!TrOWkgw*FHvf-a!0Vu$JDP^}SNkJTF6(KqjPE8-1UE5uP^4Nz z(}7IpOJQ5J^z25kT9Dq&-r!9GsO2zaAEbQDO;$Y;gUs4j5k-2O+Yyt7M8OPq#irFqW|g_1odS;4$|p+jiXtUe}(JoQlpE? ze)*KMUVE`qA}izdlsfB_^v=UQS?`}XAH)?M>%IaTFhq2)LM_v!W{Y}^Tspe1u&=}j zAm4vG2N5C7)z;K2y8MJ=zA2@9uC3I0r+=o|7Ao^;D=vCDOP)&DU)V=!ZwhNki+U0M zgn;_j>M`fA`l)w*eue;-P$J|}8c#0)x!I;A?*7i11Vs<#)8Rvfo-R593H1H5`r+{7 zhBPK&wJ3sQ5p-grGy)>RX`5|P5VVQ6Mb~YwRY($J-*1S3yk*}AzppFf0ZJ;qGJXw0 zO|yt9Cr81vUx&Ct`^du^_sw+ro0)-$tB>@r>AeY*l^^Y1^f(C#Um}}k>}#h2KFb%# zMQ82jOw6|N6}5Y?TGz(NgT?)!ArguzlJcj5m{t+w1np_}ek_ks&v!~m8jC!hAdt*2$YRJ} zrTF-u;2GLJy;)h1Wdw%s$qAZfj8qR1aWgte9LF?JWf-%Mx81m`4#(^6?d|RwLrsrI zHx(G3N)N1T*WoW3A%r)>63><6XBwAwv`d8NIea{ySzO?{T!Fj(f~%5Qz`8eFolxJW zz1=y;p)-};!SeTA8QZ#@gHWKkiPcN9-F8Xt{|@T{;4S^&ReOH-K&kbL!1=}<+)+Z& zn{G*M60A-K$d1&_et+rcS8dPpjKePn2HqEIpLM7(GTW#Qg!ZKuoi27ReTT>d-)nI< zAqG`En17^1y@-wa$VsyNvj#g%2O%s(J)X7OsJr5;r%rI+)pI7lW1{(B=+ihmT^A)b zXvL2e^a72tH(yr;XSnVpV)g1)e56gAmc?&SvQK>#G);$aP0Rsg8qVAm4Ih2J{UPtj|aY?^`4s z3T05a3dk3Yh@hui0A*p_bVTqpDOA{RMw$D74V(l_teoR5J=o}aOpd2 z8^f>o=HgL5dVO*#=wmZhVcnKvP5;I1yy#RP$hA_10hBe|Mc8|BI?^M4yfnA))IDzM zxU*Sw_d#TduZgh6`SOEjP2ysru!onjN<%ZD*WYN*|B&AeWda_NRipr81AlPEMJ#1cT zc!eNUjJBUQ%>pSk2K8vPzRTd0L*{bYE@STmsyUs1p5E;NT*QV;b)0m8e56V}h+=6!D^;H30Amb9tnP<_;D zm_)RzaH@X$QpQK3($ta7`O${XL+Fl(l^XjEapgL3tL z#MHEJa2vLG4|4D{}+Kn4~jqHZy;KKMu(70%pwfov4I z26S=Q&%YxtbRt4jN37{R+D|{HoMWit-UNU$3h{PCFZv8Q6s^y1UxGz|yi4_G7XB3lo02w78v;vpGI4D{J%DV9%Iz*M^l9fW}10%@N`xj#tH zxs{Zx4u~ddWn-N*QiY=3$gKN>uVh^E0 zu@|u~Yvj^%;l3jQcPz@?FO->|)_K^wyqw##yl^5ODt&4q2&aaA9=7Pjh29=R#i!{e z$vsqkMeXUd_%EsyJDRM2dL_Wf$CE&cHOCW2_~mz>7lUi+;l-3?tTT`EJ+Rk-o+^;m(dSY9+&#!%t5CJcBE?&!Z=^xO9P6DXl{Wwpr88ETu3O~y zT@7*q-+(Nn>a)hkv76nCd$wtbB%4fAR~^x=7b?-prVEhm>AJQ#b=I2;`gwa0{y<2^ z6Jdn*=^mXPE?#73_U8g@vF%yHR%yr)`kFSLEiW>@&S zksZB-?US>V;9panaO-FWCC5HLu-jStZq+MB#*o$xxlLU?1&E(M!FISc*wg0=wIGJq zoYSMeh_f(h`|bi9s4gh!dtJ)M?Yq?OGciGF$QG!YCFrGBz9e4D+t*OP)8nyc{kh)Z*DHa_kCgH&&pcdejVNj|~W4+6a76WSou5XEv54 zo;&#UZ6f=qn|3cGF7$YGx9G-(F~D zdQKN)tLL_$I>CikYEEtbbqR88ejs)E&wPFHkD9i2`?F&l(dole9mTa{w*u15i<{P& zQNqW@xE6nPcBTNq*Q{XYtw(JpdJ#dkdFZCXBnNT1vyJX=;50;Xy!gb6s4oJBesWiUuur5*jG3?sST-WCz1HG)2bm@zmXe4ER(Gn_b-$M3x-MYl?PDaartc- zJRjagRhCy4WYY3+fdytibIw2s&8n+#{~y-gDy*um`~SuyrAz5XKtQ^Y6zT4i?(R~$ zk#3L{>28qRgmiaHcjx|3yr28|JtyzkyAHf`U+%T%nrp@wV~+9pj)8BGbn>>!<+D@e zJ&#Ax`04j`{;~}G$J|QZ_mmMpDfJt^dB{PT<14qv2C#wk^az8F7RmM}P3hGBIr84* zwpDG%zSDEtzwJ|YFXlA#l2txmXy9Eco?}LD)D_@v|33I!UEWv*Z&iE}D2aJZ#YfG) z(C|c@MSGc9(#6NXa2^YxlD=&$r&Q6v0Us3Sjw#_JO>HQ#&#H54nFu@vEGLl; z=T-9u(!JU^MIP;2>O$6fNvHh{oPqT8d{A!h_zGB0S$Q>IQJLP-t|jYevCwn2?O#~T z*4&OUOoe3O;t@EmO(aP7^`So3gJxzQdNuW}bh2C3ow}&j3rdNMvq|{5@Bk%6p^4!N z?mou!Z*YjvhCgWl9*~tcO4e-)?-%l8IUy&nIS}vzgxw=p@+sety}Rf=@Rc&*er(~( zSBEA=WN{Oq9d>6Evshi5QiHu7XGsYMR~;FV%4&plm$l-#?FQq}l>=~!H0!)u5twlg zNy#5b@@ktA@%sjHl{@X`o59n8?CS|rR-jP-s-6B0zNtra_Wt3HPaBhw78@xJGB=^e zi>)>{Kk3>z#5DpMqg|L?*g#TIQ=eTic-S6m!>Fj`bXa}^hc_c9H@AIuHR1%)+jNl- z{+JX6Z=14fx_&YfkM7vG+4Ekqnr)z^vKIu(mm+crS}udYv3@T{Svmv-estlK1+kxj zVPa|hUi-LhFLJ&)u%cTRu6)Vw*Lmg*#u@5wDhldnc!r>5`a{4d!xXV?Yf8dl&^BOt zt)V^#y}ed}MJ590XCTFu-D;7~+)X=nL{`mkrp)zr1BW3Zm`O=(N89b5AY#o?ec)V0 z6IASfMD5&n7w5m(qmAHC&ld}eyq#OST=InKvjJBQxV@9E#%Z=t{UPwyokvzhj&0ww zi0sdKU!6NY^xN`8_1x07TI>Rku;|833nWxhbVGV^-8R!tSa(~g{KnbYtmmp3m^+G; z-_CJy0b4Q`Xf2?hfJ}Z6RCv}-&m{eaw@C19Xl#ZNxnL6*3<9Im4eZ@4U$YW>;JiMW zm@N1z`+hf}=YL};otfB^XeWT)`KN-+gcUBt6YCvDx5#@31N)7`eza5|ts zceR<>C-S=4i1GHOV5K+)nXerc^W8*VOdk(f1MjM}RB=RNy{WFDH!>w$(dzvC#Gx2GIsLi1HZV0N~Y3@@~TT3iNtjbd+% z2`0!ckUqwEz5*&olJyeZt(sRtR!{l1SmldA#7I?YKlSyCC5vfcxFmk}o4n%2)z4Xn z4I2%{+HPyhQGIoZTOSWwod?722Iic+kG79-v|R?<^ZrZ*Gfkaf#3iyGd?gbCM3 zDr0hb^v1Fmw3*H^9C}-mWAae6xEmJ1B-Pgkhh$hWljeQ9nbLR>&ydJ%zlOq%OjL~i z-1hch^gfVAI)#~6*6aRqjwAij&2!+L<(zYzo2M6l|0F9Lq+3`dCG1*(vibJdtQN9s z)4+GVnj(@v#H)t`LNlz^$|NM@vj)G@6CXMvc$FLPTR`E3OAb)b-gZ z%bEbj`(?sLDSZ2}Yqdf&I-$GnHv5w0gWl~yI;@iT2JoHpr#7KOw;7~+q<;(+A-5hp zH5lFBCnJO`(*nWK)*Kf~t&^@B99-T7f&^p)u5LsCGBSICfH;fjvt=U%L6b1Pvff0K z*j!0Q{?E~t58Io5lW}J?OJ48EN$C1TEs~Uu=eEDAf*n4xv7;p~iJxqz$*{8nVJmWL zb2c+2*U!sB$(PO4A<7z;0}ASM-0&nXeOvBiMM_m1&zt)8w_C(iW63jGxh39xA{CJX z3CVunT6xZH4-({JH7UootLPINjg{t{5*BR?Z3R8{e%}>r1k&swQ;Eps4<*U5c-N2z zSHF^?$&KD&-M78yJOfI24@aB%3+Wk1&sFWtbC;~{NNgPSB2Nd^myd5AuK&1GX|lrW z4ep=x8&pYRw{(PYYTGm(r64`mv0PJ5qm<5$cs2J9r2d%U)n?@qZ|yiAOm!!Zk8~g1 zTbb?tT&gE}_d=kyxQUM*Xyzye?qkO06NChYJJ+X0%zs!} z2wFY2Sz8-=z{2Qx1Yi2-G(PoB=i)9_u&Z$E>x6Vo<40r^jTvQ|a`l;PRm{MXDA-qK zN#zaFn|oNC9jkP8v((l=PyWp8MU%gCzhd~>6epj_n1s{}P`#+2pr!Hb*ZgbX@aGrb zxbc!0JQTGv=TH_ zs#ou%W?dr*$wouLu4RMB9-svZ%-S%Ou>JPn59%7UP z#Q>*6G_y^X&WDb(dxQ6Zk=pl#h)UwQy(V=BClcdk6PFs!*lBE3RQ6A$#y}rPrKC1H zZZ7J~H$_PAW`^hk_*Mak1<_!(wj8K9FWB7=g<8(m*n>d2epWU}mnZi#VKIwe1Gi$$gAc=Arnc@)GOcGf;VRfVuG=q=15b;c`AZ7S#XgC{@!a+ui%+4V(;(rRgS6c!g>o6}0BZn0m0Vc5=$&74vmv!-jQ= z%@VP8d(k|lroK55_eDTLWp$ zAG57wUn~5%sN5>5x0lt)EVrM#_?DjcaHcNJfmQD_vK_Z#^h>soS=48C~H9O<>t|n>$DYA6;*T_&*hmWisOD)m0SA>uP;RS{=E{xo_JvO5L2vvk&!xw=A zv5PUCDJ7uxzJys(X#P*0YfU1=sQYNl$##$Qh3snbqcTr}En zV)-SHtwC3BLmK{|H6|CdbRBQxWz(aC);#704?hD&{MRV*-t8mTW-`W(ACL|%0>1eJ zbWsF`vbcE1f&Gn4@7?Z6-jDB=LP#T(zo3znX*%|nfc!E+=;VMQ)&!n&2#@G;dyg)s z-u+-i$tyIm*6)2De)UVz^?!T_n@zldGt>2^0K-qdT7;2qRgkPC9eU%GKf zZXuINN9Q!;5op!yW1W#vV^|<^$1!<{EP3kPKCxD zgKuKA<1*qn^fbqhI{6B$s^XQarc?P8IUX~L6kdOL)4z6sDZI3SeZHw2`h(z?NjufSKF@P`&Zb0?@EW9imdd7cGE%E;3~Wng57jR7Fg%9R2r}} zLeT3oc2@J6p3_v0Vl@0*#pxdpYi!ZjbF3BLJ^2iBC(Tatx;|z!~G9~$KmFQ_X|?mT#RK}glb}KE>Rr{FvGRy#y=p7xMW-Ofy zDgxsElgo};&jB)C+oXadMQLN1l2VOK8XjpW;y%zw^(fD zL@TvZekg8X*;(p9Y*OcjxClxp3!5kR_dl=-Dr(QL{hJFw4$eInr;V&F$mW9C*!n=i zi%gK*7K@#f4i#G}WYgI-bzmQ4#)6e=0uF8FG*n)wFgtUi-2Yo0wWWIW`}d;xW7JhU zE%NGC44WrqQu~9m*zWnS5{Ms@vvAA4z6vO+RLxtL%BDuZV(0nz>~mT!_BkWhQB%(; zQ zA&7KTW%w^so;|ke=hxiwChfzLeeTa|t65puj&1}-9w-R^#V`=muD+=TwU6Y2jJkx~ zgoLkYaSNXs@B6vPVKGh;>%Z8#mcxSSFlJO3bF8W*Tlp9K0Fx=4jqq5#cjv{m{7r7X1Q??b=;gi&ZKP7^QeD0C*Vq28 zrO?}EXZ|~uqx_C-a=*Ln2SYi^wXD-pUA2qjz(e<)C|Iio%hx{%|GnppHE432d{T6( z*w|xYJgOX~Cm%nkEPs8f1KqS&FrquVz8^!(lf$fDt;W%`8k#%wyz82RW;An0nr9C} zVIO)Wk?o>Be6fp{MX=l!IqV>;n)uutQd?M3U2;jdda$$8&^W2JaGt+g)3Cc=GT}CH zQ$3zNE0j5V`*c=NMx1(s`rEfqeCC+m!^i@(x5Li`#oBkTx3VKq`I030GModhn>HWS zLa8(iqLZ_GV(4UZ@X66yUcS+ zTd*hdXEq8p|6rMgo4UCC=l0&@*-hmZCfC&~<8-&*+jf@M7u>Zepn?xDRJEM%iWV$d z_Dgg!7yl)65EFkb4&N|Jq)K;lx;yiqT5`J_Ekr0)w|h&HQ#??0onpx|lwoP|hTn1} zl%drzuO)Lmv~&r&H8y8eKX^GC2X(b?5A)aYsCFFCVCdEVEPMWMvzJ=|TEw0q$+m0N zf0ysxM{l~XW5S&8ZXHNV?#g#>+g%gl?d-$^Qe1njb3_={<7m6R6Tsm&UFA^Z{r4VM z3}0B3-ONISX^!uED)2ih(h%uVy?YZfN{;UnbBU~e6oS0%+erx#6&-q>w{ha8$u+8$ z|5sdbqyuAGM9_FiK|wk1xmk=U65iL_vNnmww^Zkk8lCuEqr!zmL=G$PX8;AoV&xrM za-Q)(qFw(h36<8`c+?7O?=IgCByf`|g+b6S`xsyq1*~ z9p0O{rTNRk+xV2(0qf$2<(P9FRKe~@g8M_9bV7E=uLTPpLk!+f$Vac!-P=Pm=A?9w zn~cUwLUO;Ro5{xa?<=YgTPUN%oc3m&p+epOz3@K|k-_nOl-ucWuH0QGfvR<(Mt}Wk zrhVLI*2P3FZ77XdrWrUN_PAox3*8tk~K$bRBcKzW4Zm<6twlJx0o2;TD zd1@i3+tPG7X+LEvRt9`HiNEX(fZyov>jNAPaQRCla|}KEFKC1DQMm5_2ojUTY&dXv zCKb_-n^h~)(l=dCg8Y0k9-uQq-AHXO^}TL&|`2NlAE8u>%gT* zEPV4;OHECUA>ZNYO6;JD#YSJ;V@2+Z|NAyBkmeJ(^!wz49O#Qmn)AbgO~cBn1ZaEK zcx*~y=V1s6V~F;vD1tmBKl{H$W)&5nBsMgCR8Nza`0B|&74KiZ0_Kpz(25Pvl<^mo zQ&1Qi9VIP_nHU}YTshUiJ+3A;`-+1lIvy~sLVqFth0bucz`Ads#yIGd~E8I6x!g@1Jq+D2i`BWiKlGA1x=)Gmi0zDieey>!$MD4y?HKeRh zyGe}q4OrON7bkN-9sT^lu5^kPJ@_wOg#xICzIf3*lmr+lF#iq>IH@C{*x=df^6~PW z&Kz{^=wD zY6Vp7&0`;KE{D?6Bj-M|<$X-EA zBTb#$BsnX4YE{P~z$6-D0jLs$t;#a>RV_MfNO$+2jSUK|J*QmpT>0z~jx_0rwIi%A z)ZoXT^ZO8?-ob&YSfN;U&oVYlvY7iru*sYl=-c-nLQje^G!m2f4{A{s&qwlgye`h! zO%jKRo-$_R-ek{_E9>d$T^+i9e!NK4Q3Hq{Srd=51O|<&CkfF#P=Dwv!cwGB=m2!8 zCgq(wiZUBphEU*EI;07gi9HwkUI{FFdtESYpQ?Agx-HnhF1`4!W*)y9J@EjQVJ z;wNFfZRb*7E3jF;)nIh~qoUEuoXW}VdD1x+Q0a#+N3&k5?R}mD@5+>PHXS?$^@L(5 zG$x@|*c=qm(x+sg5>3sIHmnp{JMGhc#Q4|PLV6*fy{c6heBZUte)S-g{B84AX~m~r z$8rHY<5KvWBu9l2^rh1n%5~4vg%Tkp2$%I{I=7WN`2DYaWEy==lKAX5?3WLzsPc@) z-3$D!QJdG{8ntqm=ezD+eD-F1$*BK%OkHZY6BA$ym76SDJoZKLoow~d)!crg^FHm8 z`_b@30t0@0;xg^&V#AOhlfo$keyC^T{TP)DkJm{RW7)1jc-!O(YOt`1CRfH zmszDX{ldecG1OyV1JU`g^aJg`PbJ(;oL@f3#>U^UT5siTSUwF$0w_^yJeU+Gyi2o2 zJMv80g(QBsa|7*>ur!5!u<#9aPN5TKl^BA*u?xG*WW<#H<}L4j_YQqC)lf%jNST=k}!Qh8#2Hh}UUE*lICE&>1@ zNvPr#o-!8#!*MvABdw$vmNs7|UDX4chFxem(xgUZhD6tI`F5`SZgLlT)(DG2_%oTy z7GG)%kIhQte_qwIMmB7c^@VB*&*{OGL$5uX2FmcEn4m6L+Coqc3JR0J`#9q9zRq$@ zU`U;EC^4KcF9bj!(f_$c)}C$U9UYhF6rC@SIut2l<2QrpB6vEO5L@KHXYh1eD1o`G9!>$9 zt_l4UfyW|XB0_;+>fU=jSD}X2Z@6^ z@q0R$|E{g1TvsH0Ae-npjsday%>IQJDDFOb_Rl0lBe+9-#IpEo`=J)oHyk{}4)`xW z3U#3kMeZda*L)!~t)2}ebTa{fUT|*^)!RLvoSZDtY4w_^FjOzbK7R)Dh3s!BIB~2^ zJ}3nz99jou=Z&egKwqF)TL;uxv!$pMtDgft7!ZR}#DRf{_@}BG^$~XWJtd|dfYR>n zJOqQIm5#>8aI zOIQ-}kEMyRINYv9Zu05aAOGoOU7JVWX!zWqq^3r>aH2u8tL8Y-dXnVoqy{xN+z?Ij^=!N>6;1Fz?cN|4vXoswxN*|pmo;~@XGHSc*k%m zlq7ZlgYfYoU#Fzmgne-;$@^wQ9sd!2f&C=);@9`bH%6)*eJt*yIim#YgCmtw#AWMhN$Qz5o@5 zG_g(Bt~9+V5d`$J>Axk~#k|EHAzA@l_UNxg?&Tk30s`n&1iEbNW~mKF?5CeH6q{`i~kt5f_T#g=)m6;9wu;E!jy0cZ`p zq;v*y(%=SACp56Q;!ZMjiYY>|wF*b#?Y&ydAB*{^^E2?Y4;9g2bUzGj`rTed5c1wk zm+QC3v~2s~@Sy_39JpzrT|TFrFkj$!PhooL`XL`S|giZ{sr=etz zh8m0@L!v2Nd15@ICzYO^M7S{6k~tZUWZ!7leV1=e#Y>DjCZ4G%cY?$GCI?Z+ibBMBzev+eDIf<1s8b@vuP zzgAq=y;s|cVj`Vbs+n*+KZ$3ZvG)h8^?(g-oCF3bgjj~A$?o{6pjeT5waH@9D1kd1 zi6QrernlotnQ)pId4t2lUh93iDt+YkMYU!3#m-v(LDPo1KaVJ7+@j;$dFx%*z6l8o zTrS{SC@Cv?i0W(h?^BfXLBwK*_O6uKE z^I6`6(V;0K)XRQgpI!U3eTgvN^ro|5R;jcl91L7prj!BTro8ke;pDt-xjmRG)AO}< z(!&9ZzQ4c!`}gm$Lvz1>hnXUO0z-P=1L|LjysYM#OUIp(bT{k`1=_9SU#ZY`{hesl zurR(NvAlyzhU57|$**mRtPe{TOx8jx)Qf*S-^!n4R$8goZx3rtx0tOenA@yYw^UP` z=?uo`ML}%9Lkh6p97GcYep(*%2}w>x1v-^Isub8;418NpqoBHR)lIWtFLe7kC;<05 zsUVSu%}GAp?POZ@@5Znk7=#EsjL(2q^8u&53&@Cr>$6VxPecH(F`J+%di4Yb)$`*+ zuRd!Gr2ApDo8_Oc!Tv?_!hE>QcK~q>Re?(lZ86AzD+WQ1% zx#usu?=jo~2yxtn8qIDX1W*XVq%h$5ABXBo0{{O3kKlZG6KXiqb7O&4+wreAF&qP; zUJ=M24Loat=Jfvkbn6ocL`}xqN1e}*S_S@V+kU44><>xNm@bRpSd>XCrlc@R7RLX4 z<%0v9Merr_OWS5TR*)4SI~1nR)5`FjzY1wEtLci_6*UyS*dh>Js1Dql#B{z=sn zH{Nic&AqXAd~!A<&%cZmJ=g<^=oe-qyzc+xMu;Xe7hRn+FZXi@YP$_jzbo!!M;W0a zvM@Ukr%leI4#_hW41%n!xGt_8yYPT${{H?wD?@bp1?79ky49uxJeLrIV7fK1~)V zA{59k&P_xhQ<*z64v4yI#pG5uKU0E5Bf1L?PD)BDC@7$b1HR$8{3xK|TRi%<4Gj&- zsR{z?W4-!gu?^()qHlxcf()Bu9c&JeCnr{`Sf;~86R?zE!5#)zR|=poaHQKPZZcYq zlH3ZiiB-Cu6=V~%Z=BFld7j^Vb zvZ@WTXe7^C@I=ampbE6f0N^RujsSPpUvOo!(2qw&T)c0+H)h|du}$|!VIhc309v9F z0vg60DUDjDlmbOgfrFj;&SoLz=OjToiCFXQZWL#mgO`oR79TZ2JKBMeH`vx;T7j{I znram$nE9>OAT9sZg(WwbhTsBbFHnueM|LnJ{{8kdd5kE9v2mwFr=oXFcC5sSDEWH0 zm@emoVspWXuzes#uO{5#vI;e&OgfL0U&)EN=_|q03fbrNP^b%vJWa1MNz}*xX z{Fv)i*`(Qd6nG^CNA7RXgAF-n$MG#``rVNx?I-e>kq5(fUI0Vx3>h3WdZ7gigE$<0 z0<34HAYcEs0~bCrUFHitF-kO<9s)KeVN$73pE|YR#5XZ<-?%kZ92?Gud+n`WGFy`D z0RdrP?Sdu%#olErV4;?0i-vQ7))^Y+&V|#z^3ypQTWz{psh?$07k*(|i5@aIk{2;d zp25hjn6mR4g^j;@C zXGadY+m}V3JP{1LXwhBAKS@Ou2_-a_YaJ2~`ytu#mZO_osY*Z|s>v3|tg#A0^9a^aK zA@^0Su?iatTlNmgs5{e}@NVdfvKt}XBfzG#V8fgI5-5O!1Jd5Q;i~1|_*_PdZxy%} z)F(AqUrZ*`Nh|Up*#WU75O(VB?haUP28A|f+hZTY-&6z9nV4R`zQDHJsJENB5elC^ z3)-&dcVb{vh?+##vMZ-7I4SZyPS4O^Tq~tTcMu#M%QP1EW^Q-i{-8MN>Yy?-mzRZtx$uSlDQ-9xSxjy&r9!M&qF~o)Q~w5~ z-(!p)59;bQKmLNg*1azWo;1qje3y2gAi{a^_Np>G1+>`p#x*&MKssN&IJ(!M`@#t{ zmpV!;N4fB}KH1tEAm9rW%_?UY+fW51N%J;kdVfofAoVqlRhbOttZa9DZe`%_D8n^H z$>dc+55=L^{4uo)ySuPCl#vk?Rc<-QHs6UY=((Q1mDH<0s^n{r^%YxgEN~-_dhL>h z$k;VZ^wIITvvFGYmP?qs|1)>Uf4n8+?Xk|zBGp=bBd(Z9Dhz(@Zon(JcoqNx;tt ziImfcj>cKFrN-%#r7&TROVob>7RV#`BB6u-zYcodzegYq*QB2^tM*OrK-cvl@f)p+ z`lK>6L~w>54}*b365Aa~1iW&VEl#>8lz{XR9wE_cag`%**p0{tK|sAT!TB=ybSq}4 z*`OOM6sP3&3^72D7Dc7>`Y2}3s-;BYb$J>Z5osBDgqXVY;SKbv(az3 zm_nSV<*Gc+2lD_nUxkeHL%81P^D113-&mB6uoOXj4D}R9VF8fWC#k8q`FUbF{1-`T z@%mm3q8;tm2_DzmZO6TdhO{Uw!0k9)5|1(&38RY>3}N&6ir^KuQ_)Y4*zt_+F?ZJ~N!*`>9tks- z+{kKYx@@N#I&6wIAVp9Zt4qxVrg4A=$^tYC9R5g%OV-^EYP=136BpwNDQ5R*u|*^y ze=ksLa4Z;-MT4yLN|5`(3O5ZFVt_^9-s%7w~2$Bp0w z4kDc@I3XkqLV0h(MKQe=T$T>Hz#_AMARvq}Hg3o)+9}qxQt$p={y3LeG{`i^mgLGL znVya=wtoYBY*+7byxPSgm7Pm`_0cONJ%vkIG;mwh`t`dc@K?#d0A$9T7sF3D6qan3 zN(r?pTvpl$QnWpfXTXW&QSS`{9LX9a;^7ie288Yu8bMw4gV%A^^#(UPf8}a9RmQ{S zK{G5oNomXZLA-UV#_fUml9lF1g|mB<`?j?<&pcu#u*oqV(gbyV){GDQju9+;nrF~$ zUV`3h@^3D{`btv_SGdQ)x+DwsbKWaN1O$hMGHvg7BqW)@&<%effbx*ko4snF=P8dy zr7(aSfVB$VJ7~32k|*TA6ZH1($$IUaQy4zKhKr`Q>w5Rx;lBKrwK{Odc60YrMQ#CA z4e;tEDG^tR#Fn67*S_?I_8Kq&9c>$qVFOe;g;V)T`RbL{46@NG%KoxGjLpYS$MU3r zfE@DVJaqME=&=yL+ZTg-#tI!8M4J6I=%Ns^cQSnM1t6waBQ`@gnI}| z%jfLvk2j51zGKUNZK??;dIW)hvmjVQ1t2I%LLyMCEJ2RGa&>s@q8eX4w-1Eaz+nT_ z`n~0B6(Hbej|2tyK8*D#f{l@sdV6@!guT9On*MQAk`~cC9p?2H9D#-h36qwq;$vWt zMTz+#o(NJ()bTNZzv{d&v@QI;#|T4W(6NuI7zP{^4D_?8>W(#sL`7scuP-DB zz)Z0MUn!_+WfuS=06kckChj6S7rpN}MGQrpc-QB!Qoo0gsh+@m;c2O~zXDk}NGLDJdnjzd5J(0sFa#*J_a1JV>?#DC}Rue&u*DS}!OH$cq9eu3taEwp(*E z#EHP6g?14}=4VJiff*bu++IQV2JMEDLLe=EymZ%HjZ=S9+s%?ldsj-C;uRUpoeBTmgEj@rG*gkJkButF5yhRx#s@D{cj4 zq;&US$1rBBQaMnJ;L>?fKDSRLlU@YOZL7x%gw(igSN#^OF0oKUyLx-?!!@GBFk{mK zNz7BFiDLJuS$A@fykT)8aM`(voCs0x?(fMeOd>>aa5A}3P;EgV`U)Nl*w{?fG~-wx zP{fEdblM^j+ir>APvzO=!EShnqDP`vMRxX8I$KOyR^;G;it2~M8!&ui+DgZAbIvXY zUjj3zyu7@H2uPo4X{GgV?0Bpjv~Q8u{_7Yh^z@m`q*y9|zY3Dlco_z*3xdOCp_p5P@0Wha%yJv-M>jo(i# zIazT{H&k1Cju9m$JmyeK@r*R4mm@+*LGZgBv+w*X`dhcO1*79i#{Py|Xardx2KxGEP90}NLMe8~u*wB?y^IS2s~h)B#Bt}BK?$ybVOTob@z!F2(-U0o9m`%Rd}PD#D_opH-A<>gD~l;%=L;N5ZKz=^-<&zK{7 z>Oc}V9DLj-2E`0M7EgK(mQ2R0+)*%{iBshq8@`OVVqg2aq#t^`BBTDe2XL$fiXoGJ zzkD*VsX99^yt(oF(|P4+c?KJ%Edc|` zx1O8?O;6Jvz85}30dzU#KE%q|y?ukCyux3PDuu?-*W!;__$&f<#X~+CAmHh3%d>z@GD=fbCe>z ztUhK*{CGdS>sJv^qqoGcF?E`jGdQVjg2aj)w2I%vdny~b}-_!(0;I~=|j&%0B`~WC_$%C60*aGfGkh_>ux1@46MdxIvF{| zP53YE`-mMozQ0g+dZ|QuPY~o{B7ML0_VmE@Iqf+$TL1hmMlSy8)Aj|nADE~BXWT;8 z3RwdHTD@}t7~X5XW!0KR_R_M=Cu*c2=m&Bp*0oismI!mP&xx;|ZS2?_+??R8luMFi zcur)&-4ny0Juxl%E=OHnWwY*0^kdnB%q4x3qr{$4f-+`=Wq-F8j-BFcA$xc#310aP zEj5OLF11LDSZ+}Cc)ln_Hg(Y}*e9}uzA+t!xPaMz9dXAZ1!AM&qHDMPf^v!$78YR7 z*%Ydpv2bc!5SV#Vj6JnZ@{O!jEC;jSr%qsrysfB-a7?x3wSRsjKFXh3Rnq)28fq}k z5v7Uvw4Kk^udUmr=R>8-M2?=Fy`J<#d?UFQ;?Smrowimt=t>)s1#-!(o3KRWa7seD zD(KXoyxcs((sGqa&T?7wHG0vSMe(C;X@0(F#KdDw4-26y2#pN*+#M^ZUSYw(+aAq+ zhBF{)_oC8TRIaT7|LMpQ>~|lJ^-_NAT|G{9(n-qgs^H^4%47b9qG5QBEgeMTEZ8J| z*m6xcAH8r>moI0Iui1NVkdk-;P?>IjiiB66TLs#G=SK$bceNH5sG6Yy&{*0g5`t@? z6|4t5XVLNnuP~`x8FpCU7F2?m@LN=Ud9n-tM~(_Q{n}*T^A_~?U3MH9&sv|Gqn3Qp zON@_?A0HndBrC&w%pBUf=vf*aMKAI%_pk;`U?gRkbi+huDrrPA*^2H68iu)v^WT11 zOs95mB+4=M#mAb%{K%n*xQt?LhihdsVE*CLWY(Twj|-XL;dxP;c>}vBq}swvN+Bt z0-u4X#S>23Be9FC5mT~rzi+8`<@qQ?r|n?xs#m%8Du5I~W2 zoyja$MiuYgtR1n28vw$03&>$7Zq4A>T@S>fOG5*lf(bFa&5e6tbD*Yktem#EQ2z1lm;2J1)2ruDP?m(Z)z!$sF?PQjk>J6ocr<5F|_!&@yp z(ao@{O&y~CNt8pVHm}Q6G0-_cUO6UU$MHPsZWWE_*()fMCxI@9d*82Qx}(t#!veze z0tf^S*rwXR3hDXNk#tb-M5_C=Q3RK)NZ^LQc#?XLB8fa@!8Qd3!Q>=xXY$8-ZSf(t zK<&_k1soqwj*nN>)}r*N5sa!XLo?+u@0N{U=RK@nf2F#~D6y6rarm=^FBnumVPIwz zUe^g0fO})}+P$Td`|F4tQQmBuhhJX!kKJu;+p}1(U@_xfR#9Gm$h-nsH-bP+eJYqM z^JPk`IlL2eggiSIedC-Ovo~4%j1SwyJCa`dA)bXZ?)0r4JE)Bjus+lCAxbovKN>NQ zzhDC)x$9%sFEzhyQ@cKwtJ1aLxxpp8m)%6AZHpedh2nNs=0Cowk++s^Rd#B ziN2*uvoe80HEdf_J5LWOvdxZW9)l;z&XfMZ=}}ZrL&%DPO4lZ-Kaj!exs8=T*=bH7 zJyqhlVa~TW?3y;hQEYUx9-RNm7@iXZg-g_%bXVq+Y}E&5y8m2GT5>p@u#gzEr6z%M zt)R%M$?^2-rP~Y^mixrhWEPUc?pz5tl2*^7lA)G|KboP(AOq#*Ph;8`mDCSw3$Gi0 z6}!sw+9gF6o_DzeCO0Pc3AeNnsDkMl$3Mi#xnx}*Z_G0Ul0{k``rpa$A2W)`CA~I% z92thK9*P-JY#@h*fi0ncpl=F#UJELWx>$H^_qLoW4F@22eJCoSU1w*#7=}!*+h4TT zv_2nhePD}>d?us-hb@d^c!99nC^uCDlUXo>5@O^#fG~ zJ8LZ_eJVGfwW5qa18v>9@s!TQsF5ag!$_;?B1&folr2%p;JObHuvcpo?TWXEOG&%! zWx7*D6IEIOKr~ihAz&wSU*Pj7zT@FEpIrxnP?k&0Iv~}jL+H{>e}c$*ddsFh^sv?5 z#qFmoeriyoQ33%|5y8nd&5_i))p1@dLw z6BfcyUvs_8N?B>-CXsrSxh0Jf%Y6*OM~QWQelG>`ov-P~1EG+wCS9T`i-96<5bq}U zPn7QYPZThLkEBGSo{+Lp`kT7z;stj{;Ytzv0kw^diRy^-|wa*XIowRQ3J^oqkqSPxypYDLcTg~8?xltsss2_xuE$|3zc zdq+~`ZtJ`toEnGob6CIysLPS-j5=3MO z@34zjBtRci#(+Fye?gLje$d;hbO&rI6Rxhp3H=*399&#nn)E8N5qFP^6Fv=W(XRVV zPw?;eoPMbH)2SWYml%TbACVH?uKRr(`xxy z{~OUHwUqey`9of@W%pod^X(@4F1~qG`q6 zW>z5d3EGGX9t+oTW7F_raQmHJlAg|GUVaK*z{%RL;jf?k84b?8uh2p5XL&hD;ZUH) zd`M-6^L}fR3^HgzA}xoevx5WJ>s0CDz5ZkZH}5Hjq8luYy2mL(43j*TSzL$F(2ZXG zp$9!(>m)--B z45pQ@8?_gsp=`;&JH`}17VpC1dwa8o=@GKl*_*VP&lImshwgTj+ylv^F@R+?#KxvG z{q8W8K)3!>N4>I36b=lCA=<)-UVVddvx%92)6$J*k6PZl^a>2)#uuj;7x_e11uP;b{uI9F3($;6v;Vi5KCu5;*uOaH!V=k}no)jhZDb&-pu+mr)*0k9ZEx<)1Ou$2l?^nY#kDqBVL0FA)^7#%)hD;jF$hKg=p8_@K9mu>3=1cC z$gPTpF1_6O*;d@{^GbWYA8L6WB&OYx`*M`!e%kt=d82{$uwg$yO@T_y^5W3>fXr`R z(V?reNe&Ph^QgRTzsnbF-O=RtOMwAzJ^8!fT8pjDT!#~4D}g<1>sjoN(_1Z%xhxC zSWYdASPxY8z)8O^AcvQ)iH47lkBW-w-8-pF*)y;8O;_zYwPHrgrUbH9O?nwADFRMA z13^JSqKG@sTVlqX$U8!#FEyI(>wZTc_>BzAl)FC+Q9Hbvh6U3Ds$?;@;B{~pZL?-9 zBLIwConcY^xczBnr}3VCAS~N^*4uay7uoZ>r%&>*;3&R=fGNoV3?YBSKa=b%&9zp( z%^l_D-Xb1NH8ySYbJps!)AKj&v`}+XRwu8CuOVcJe}4D$6R0`ot<1}KPZ*g&H~XRY zGma|vcX_$kDfhlId`m5x9~j&lZ6#(vj$|q)t9OUW5;5GbK*O0YR-fLY2m5u+Hfr5> zLTb0LuD8DnE}^SuNpo3ig7es1`G_^u_*YwRxFMNTC|^xYoqu4CQeP2^h63`=*B9Or zp^WuIGAvU0K#`e}(#d_@_@8(PIN8;r$LX)Yhx~OIByvX+6LCQ(2b}zHdpU4|%IFGk zibabV0=~!gZBG4lxG3=coPIf|$L(}}ojyrgVRTK(=jLCZ+i%J(Bol(AlPROU<5)Xu{)Ogke*L(m@q|(jRD{NO>sotvnyKQ7rgGC zfT93*^9wFgz}}t(KcWIAKt!;i<%$iQLc9B{52#pIrEAaY{9G=WIlS#) zR^4#gDHa4qePm zYLb6HyA%LGA&g75T^N;cQwPvVwpuE!dZcOII^ zhTM0D)JBp~Rgb2oZd-YPj%qZhs_-~7Qk(o-UR6`Wl{N^|5oe4Wpoa@G^b`6q(9v1m zge%gV6I_Gm2fMqzem1|xsSD5f`MHS{oR~tO>9R81PhLAx`?E+152X1p!Npz6J;qE{ z5)U5`ZLdAR<#RKzXu@to8TPJwMFg`wN^+c^!zlLi6p@!Oa&F&9ttMkv9-aUXMC~?= z{Be+PcRqb*MtuTDg0yRD7J6m7EoJEx&~@)d{A<}5mtR2y#0I*$9QjUaYil#O9Dla7 z@D1ZD<4EUMwzRbT)vjfEZ15?+KJJ z$jj^b7y2DiZ!T>DBTT_1()^OajL+@ARF@+6_xC{#sB}KF>PN5qF;hm|Fwtyl-}aMG zfjc-DEtY9mGg0(4JN8tj|3}+fN7b=(-=dHN3GR^KkPzG@xVyUq2@pKE>rQ|Kx8M*U zxVr@p?(XjH?r@89&Ub#_xcA*L-uvVAU@$gK@9ygA>Q$@OnsYArun&Xm)BO|vxA0$< zP>VW7O+pX(eL>lJei`Z)SKFHEDMiL`Okc;1$~}K0^U!w*Fa9*E0@4t}gCS$d1$n%h zY^L4*6hIE>=Fdk)ZM*KbxD6^p>rNFYeugAgh`ToL9k`N?rUnu503-#`P*AU~xg%GS z)6;$bp>X!ndVWFrYyV;Kp(i5#qVD8ln9W3JBECS5kDiU`ZKLq)CCu56{S-^E7>oJ% zcSH`j9!Hoh&s6oxSUe>{&h?Gxp#=RREiIiz4j!tjxC!WS_TfF3Y~F)q9{FY0;>^qr z$XSFA#V&2miN(^{T`q2wadILFf%N8|A@5-gC|rjPZZ6i>vH}cXdK_Grem4J^*olY^ z-m~gbqBYvyp3GtMlE6#=Q7C19q2V^cqUhz;Tk2?Y5_)`)rxDOAvzVl>AUV@?wdl`$ zbsbT63WR|`I)e?!)H#5FL@T3G?$~22U=sOFLmtpz>=3c_LtLM}P(JLH)y>Q!ifQZa zRom<_U@DF%wCK}RGyRcq>)h>8FKyWLS;Gbsn)m|)bbZ(Ke9F{FgalP!jVdsk={FsnYow`2%?c_Jyr z%S=c^Tbue7XrJvfVj+5G-npFmpS@4O5N%s=S|i{c_0eg{PXqs(=p^7waYsqT3D~tfAi`-lnj4S1Dq(3Y5-`8u=(e8^9!R& zb-KkIXRVcP+kI2}PJhX^Oe`|s?qgjj$A!+=utBu(!$p}C;N!bZh>aH6=NwYq{=@%kw<1j2SuZfkZmz*hmu zk7^x6>nU0i@V7QS65aQYTw1d@#frfbez$4aok$(&m6lH;{UGQ7YPHta*IR|%El0BF z6+LZY?t*AZtQ_V>c@YUwjEjTHFiF#pE1@}XJ0E%5JICnWxJBr`D1wd?sYt8&Tm z#{-j*kUm;ZH+z&9$DlT`(jT5%P20bgHfV-|ZJKX%+?`^5=%!1$@08*eLg%d`&g8!pUgF%O$k9; z|NNmp_S#!BE63L3^oIq&o7LkskQY87Qsq5%Yf#INHe$kp5n492Osw?LWK?B{9Pw#n zvFbS8Z=C5+yEFQ#kW*Atr9m5nL$`CGOPu=1QUUI$LyYzSG1X>d&eSj|He*dPx4DTJ ztJQuMKYx&OW|;m74TaIh8Uvt}z=hrHi=)oUz3JFsBeu@Tx5i6iS?Otq347d!5%O0d zt8t$02eg#xL^_K}Yn~^7?2m|;yVJzLGG>;~>_F#7O1k=x!gmg`IjC*rY^P+Ploo0< z4Nmpm?(7BWC-aBj_(e55g1C!Qb7jVs-QAv(m*tzCy8CmOa<^74+kVM_9}`6q+sUKr@i>ghcKLX~kgp5byvav=7s3yL z>}rlu++Q|0Hr>tuSKpZu`@8f7x26dW2CE49M?bwPAk49@@_LwmxmNNK&3n<9hKh;_56P$U zIhY;+y!fw!H77T2PQHfCY(Xgl(b#)U*8eu z>mDjCX-m&`(9QA?4K|(#cgiIva~iFzy)@(;Cq3vXCcw%kvReW#!4w7$ ztHAHJv2@4O-E(X4rljTPQx(hYJmW6NC9quCJ%(^_C+>gRV75)dSw61<17#!QOZ24ZGDYOmI@?1=AetTy)P93;o>k!xdnd;u_lAE{?*Gp!s-TD1c{@3O<+n?j+ znPyt43SFO`SAGni-FJFV@EZkHKeKZFxPL*bkc)z!!&Ss>PQYQaLD#M}wPD4jeER$H z8Jb-4;!LgMu3Cr~i|ff+1i3hh2s3~$By&0LEH(S!1i@gVEVpizSy~qaMpJj}FtdzH zJ|9lG#IWm_uxryWF|zpqfZ9-7is1Qd81E8akI#2Y23UPBo#qB1?zogWFQ5$GTl*^%ES`ze~TnB4G9K(WJSz4!6lUZ)trV z{FN<}=zrvIWt^D5_eFnxVrLbWycfo@mbmx06S>3jLw@fCK8Pk9eJa%eWM%%Ft@L#9 zFj(74k?;CXu=!ze;^>$dGC!E*?wRm={_|Vk zJJ0dm>P46SN_Dym7ap)uE}lJ7m7nEzIyu8XENEEWu)xGzDNwt;1@b98c3Asx`Yqu8 z0l;;h{$7wl7}34?l&6)^syY$Cob$daR`W*i?B0bCW+eDVaf*^@d2Fp4w26(CJN~X# z|2gfN!^ftW6rV4#2)(K|9y{oXk7P@qpLa0MeWL=^MLjba>WSce|&iVRLg0{$58p zp(Py(;vvX*0j%g9Sq~9M?_k=fNxz8axfQ^pNBo|Bn!j-!3`(bB2X}Zg0j98X6(nu+ z~2Y3rVmiYWMx&K0MB{Vq2cpZ<T9638nkox z*DhIG?$?uX%YvfD%1@MA(zexO_({5wIZ_eg^j>p^dlyX=p`gqt4VhsKDH(Wu*U(j7 z+Ce6wxdK=KYZ*Fhe3u7B@*<7a3}%V{Q^ChBp$>%av=gnRTNO{;3k&<-c=!J)0DPh^xDd@8FL`xFS^ zPh>*ygQxVdiGXhW@Yecn^V(J!_xIcZRV0PKNZNRDafS2y1=qvXL3S$&-@EngO|w9! z_etiJQWTM|W@rCLg9R-diUPZK?to*_>oGu_n9I#(HVc`!=y5Oq{{m=TIL#NI@Hpyb zk>_=qZgKTRt4_3ipA?40U*bI5v8{aicsetib9wX*M9kp;+-tQnOkPT=wnWC>oHy4x^A6o(L()Uv;QRv zj@R+{1eb72hzQbXDHdjC(}V*hpe$fwVnQAXqv*t}uBJxu zGrv%~MyYtR82rv3Pcw#UW}u{c+5{m_uMU`sz6hcVytX)a%TlCKZ!@2*$B6X7^|xEU zU&@@*siRKMdmZ{kLt!1ylM-UTBO8LwvN=SChL~SLDXg{xd3-;ap4L_5899Kwb+qa8rZBtWIdt^I+jt~?S{A%ONKu7o1w?Ma{_SY`~7dt?l0WHrF z11k&QDnh}^{r{rG(wY+9-P7N{4`6?2%$kh`+uPe*NhsLx5nfW@5q_7!A-QrVJ2UZU zS1Z!40jyCK6400@{@ZivFRV{v<<{$b>qk2x>cQ06PS9W@fNslAKmY-W-|4JL&qa$m zB5tPt^6um^2)CbMvF17+JB;`GjNkc?R|4MkywJJY<92?=S?|_ql`A3b5VD0z6b7eC zyz&20+T+<1qsDz_@T1bpf0{>1f|7Fvhi1xy za$B)^pO>HS$fX02d!C*R)1PrVKD}f?eo4xnD4VIIb0w4t1Z2d3ga{Z>Ky;?*bbuSE zx)6C?Edwq!Jnp-1q?b^_oLBA%W@K1kVIoNQw}=W9qm9V)s&OjL_xGSp?q8{tvk2bX zd;ygMD9g&r!-)A8ZcAwSg9KUQ&n}U1`D(5&BK~`#Z)gHhlt5rKCA_@6fLRh0g#Kc-IJo>Y2a~1jXq#REGJg3}jUpT-9eJ}m|1%%;< z5a2oUo*<%7q@XH*wl;{k9+swbQ>~Sda205jwp`+wn1S>&VIw){7VtJeA+i2%lZ{B+ zb5t}>5Ha~b1T{ePAeGV=S|r=*Fyoa1^#AbY0Vi9L;!DLk5NuJ@gHi+%wg=$C{u4`nl)|0wjIK0U>BtGsVbIt>fLbY2=539)L?A^hVP zJbU%`t~W|A|My*{31Xyww^V>cnC0J^;xC|C4gcd*2%ri4_dlB042LT|PIp>+9jB<1 zw+ML__W|Vy@VDIS6iN7+^IDi*J}(wC4G(A3+mlgL$aTu3T#68h%g*vGzvr!}tv@^) z+&`WMW5!htM@)FuVf}T&sUAad-n8>k$+-DpfAgyt&()@s@iDfmgpPj>hWfaLc6IN+ zZPv{~vAK3IGkMYOJGJ$*fT^iqQR=m%ipW&qB%O>@upy__<-?tIqh33Zvp~erbDUoL zNgE-dp{7{*xjmt*XU9JDXAIBYjc9CVyNHf!x9IE2oy|q|5?Vj%7e~0|(|e20i#}9a zeJrwg_Em-gpZ&9jsp%Gsvz56yH60z$P@?T6gC*H|%>7q#;z`DZG3UC5L(Nq+q;L}+ZM#L|z!nlU6KB0$Hr??kv9q47Ur|4V6_~b1w-t4y?;UsaowMnr_SHq z=!>I8_xpta{fiu|!W-tGftmdK<$mFK)Jn4Y7>&TOcEF{m#BL-s5vQ2D*_1z?15bK` zL;mEQ?@g6ARW&N+t0`isYO3zeX4mI^N5jbC&gY1cOQ-O?x&Yy}XtqioB8Ia)PbjDv zz^?s&xP&on@#O9HG z6_OA(w4X&~uf~HXJuU@Gctl~i#F*>HF0T{MbA+I_x?pbm(v|;Jm-^C7c*ocUf3xz7 z%@H|&!s9_Z;1B**by9A{ptjF0vIpr>GF=Q;tMPk{0+?|)Qje%);S1{WwOD&&831XQXX zZel`ySM!;+y|$~kMfQ!NJ4as9wRDEYd!zf9sV)EM(RVSbD!i97w?H$vkUGy?*XuSt zVdf^tMD8Wxc%jDq?W0eX(juk1IEc zk+3|}d_M~{Cf0U~5A0Zhiw5y?D7^vp`%@l}kjosUxe`L7+ za#CS=p#!0yyw!z-T2$3_)@Pq=@7I5AFF+xad^e_rf;U)SUk5zbM&u~izvp@2Ljri2 zl_?NqSYo%|0LmPR!1GP}*Uo=g@@q!!*MLH6!@$5;aNDK(i_3nrj`V+gokUGn_hCpF z72Sam_HV!WX-N8!LOp$ZuF7gYQ0TwUn)=uNr?a9Ea*4o8%E+|Eviv=S|2j3}@6=a_ zP~IA@uGfG(56^}7w=eM55v^!no^HkpXr%~{{`XBP2&BUQ$3T%BJ)Pj6%^M2X+*R0Bxe>@e|NR#!!9+Pm2(@UlUr%l zlQ8jtq;ZjEwNY;IEkM3F@)8$jXN>74+FNzQOhqmXlu#XDSAGa zf*1Mep8zO&F2X}}2qp^oq;R?=W!1`aJxEhtTAuO5SU`D}+|?${;nl_U34bwoGu_$! zR_|647_IuEPmTS)nNtxR4n?dIL(b`1ODvr=>{?qGVjkaMu{WN#@WX#;e$!R;q`*iteyY=7l?Hy4_a)&bu3T zSbsORaPJ4S^?g}&7N_nYi+3NNDnx=2qr>uuk))>lVG&fB;Kz-P@$=hGhIp7Qq4{6$;RcSGkxS+sGYlzcp-BQdwtNU$AmPi_)XX8 zIJlP~SyFMV$P-RHOy+*44&)yBT_1=QH=&XK9^PmUcbqv2Z!ktGmaZokAsf-oWu2i3 zyq097YaRK;QBrThcrR~~q*JEsmyRqsXixTe%td-?`?-@nmiv2l2HZmH&zm=K^7k9$ zo2F|G4`DFFBcquBFl`dluzL_s2I^;Eta%GBO z{L`t^;>F9Z^7ZI(4qZ>tNknRu{Oi*s4!Xzf*g9gjod8G!6EmBc!NpV&q`t81G7 zz$xo+k_xlKayD8VzUFZtF+=Hi@$tHcU)P14k78#ACN}wTIx53AcH!oz8+XyJR=ax9 z0h#m-71INQ^L*J|r{00rR<7QJrPo=pb8eKKkiRyCV_kd`@A*mc{WXU!H$OS=ehs+k z)AT`5D1x`@EIIVMnAL1jwWV{iwR>Mq#nYLKY|&Hsf*ptrYE^1 zEycewnTtp*G?Rw`K+SE67sxKCgF2W*VV7IaAqE;3&5-(|Fx-XUP^2aho8_9R*-z!_ zv8z*@RD_a#V^AY=bJlCk|8UnN9wHIXNS|&A%PslggQ0ks%f`Ah=)_(#s@CF$ogc9a zcT1`7^a2Bd*jN#dQD`L&|VSUG+|pj&F)3nqaT@hPxdUn ziMAWqf+xcEfwr)HM0D0^{W?%RT`7y=?ZK40K)O;WA=}FCq5AY5N_qQD>&~Kye4@hx z97HE&*NFwBSwL%k_6@Vr#j!cIEIju^#l-=zd|;cUX!3xN+sS^t{;pi)v_UyHsH*s& zKR!d@iP&1w3(+Qz_7{JHYR#b^B74)p&t<-TFaz@cz_}7!4)ABxnVtXZ!479wb809^ zz*EuFIltG@=aLor>>#7khT99Vd#^)LzMe>|CQFn8?DPJ?+=W8Yr)v*F7)H`htuaX; z3~o@FM4cZDk7#+DD>pJR(J?oV)XPOMPw1j>sL)R86Jy&IJE4K5GZ}ky+!s-5 zDojZ3UZ}-txJV!We#O81S{$?uxji{m{vMecCgbLY2HQs|M z4QInLzMxYUa;9eSc+M)a=MFa^67~~ zd#J%S5G_nc&nwQnew{dbU|c@?_};s^QV_sDk6h|Q10~Ych8nQAB3?e9|NN zpZA16vDBBfFud0zL>yh83v?=w^yihnAn1auCxwA~2WE3hk-Uo-bytVyvqdohkPBTp z^_*pnU%TV|5S%sP#Ze(Z5}C{%x8<^Jg#&X_c@daN;ERrguF zPV;~=mk`z_`_-Q9%nU`@Jej!}lX+z}e#VtYqY|lglMOxApTEa3lwjwe4}$gY8-&#G z(4YXY49l}_p$HHGD!H5k=_*~gx?W5vi~B6hwD{;*i0A=3_z4{$gup~qydGc29pr%w z>A{$qz^p#gL#K6@PGv7x-g+d(iAHRH@{(EjoJb(I}SbvC`~LpTv@c_M^^zF|C(D zjS7sI&&R|ptoz(5V3a0u+ash5hJ^*xeje!Cue+?~)#^F&6@NI%_AgP0owY2TnL}E2 zVmS}#FCC7^l?*Vj?OFko3rk*UvOD3aeF!?&59T<4%KS0+4wNGiWB5G zewg_EZCi4=$wS0yuUf(N?tHbxo0YkwTP?VuYYoeb*oB9!4U0{NdIS1S+qzSf`x0{? zYtX*4c=-D|f#dPqx7~a;+Sx{=$0n@Pf>l%3b8{8HxW?|drFY+{vzBi5!m$^ODiSD3 z5kZwn>*?VO)4B`7z(9D&&EaKGJ1MZ})%;g2+jiL4u}{A4Hm~%R$AdM#-R>X}uz0VG zCL2LVTQ{9Wjc(`V6iqjpK*TW}>*o7R9zT?B1=dVzyLN-Os_q1(veEI(g(*zjX`RqO zbKtVaJ;lTGwDNTEY7!F^_4y<@JxlE2^#Cm&t!zzWVQD8QICs|VJ4GHP^R&)bj{C4Bv;EqPKD^Q& zKJ4QRr+OPUS#^1?edSl=SpZdJK0Cp=U${l_{nztt#pg3u!gcPCXDy9%7OqTi*7e#6 zg-hNt9oYU7{Ub_4M|pFXDiTDGn%%AIE|(!FE_n;?>)Y~8nzml2Qr7jSC(3%XkJ}2( zOl_V=fgz!w1bDyOb5h^IY(B_g^t*?1Ff!m!eXOTJYfNc8+&V)`ZDH;vUiTAPC9 z18olBdvUFkBfrBY;oNY<7k4nRI-eO6EOzk~Y5%q_j9BmrFBb1gZUz#Iu9wa?d2|oI zwu(1B9Bh7-l?N|*=YyLwn4s39*}$nfK`HBW@>V_14Rli36zXCR-~rd`Bx4bO6gc|E znu2p=mLQJ^PfE~ght$eMJK4OX{Y6li5^G3^k8W+0H3hAOkzjQLk7L)#o{|7>t$7f4 zC`v%!*i1?QUZ00{cX^H|W?2IZ1?gldTYm8h9tM;h?{~wCv1j?2*c?s#$NFv}cs#?p z=J=oq#t^*%FSxkr(QGLr8w{BXIHJQKat6;87!i+>)%SzI&$uzTmZwC3*HB8*dWBDl zI*DL}p@lKhog6&BT{csQ?53>RP&oZ1&F5n_Vq|+;ehWD^bBzKSwo_U5{6>|QHnL;P z4uYY5I<_cWvmA|@h;*gCL1q+61iVNR4F7H!(}0*?Zb#lEcWE&5iw1>CRz9UysnOkU zgmU8!KFKHgl+MhbyIF`P<#vA*9)>={a|1zB0qbK*DfCx)!66DAVnYUsxcs8hLZ*`b zv@)1XT+^2Jad|tks^>AV4b?tIy3o(iL=_{L0;gOYW$LA9Q|qp%0#qm?5L(IB(pl0! zt2sMDJz=f6>yBRec&NNDumif zwqiA8LJ}Tj4Mh5=V0USHE(xWDfe{~(CK;T%rR&K+78NKwiUEFjk@6V|t=`*>SURV< zkcLaXX&Kg34CvNcjB6%}?D5Ur)(1aGtsH6zTOLR(>{KS}Iv}hl*6jrh)YqS|KzSFi3;P z+A?#}u6deZ`P=2yM3I%nezHywSmfH-yCnO4Ay0#OMFljJgswf3`F->RLL|mA+sqK9 z6A=ROwXL+Tp=*!uM$UB-U*m&_8KcIyih3&AuOLcj{?BbCM`v#uONwi^POk2b6eVk; zuD++g4H3;G!of@z`Z&k_GN(cjecO=yn~)cAlJ{WtNT&!z_BU*zA{s8O!7@BEn6Kz} zSp1^cyh@n6iIolVU=)NXbfTz>5n1PQnHA{s{yq`@_<}!0ikK)Nf`C5b_Mm65R{}*^ zdI$%L11s6wfD<&2>pp+)riktaCvw;~hW1Nyb}pbcrJ}Dx>5!^XeedrC;W3>%~LCW(km zO3d#}{7BiGskTkO$DgpWGnk(C3)FL&LNq-d{Wxvvy|AV1>uK_IrIpIWi|EQY0!oiB zp$^6THb$;BlR;ElP_Wpct8xSkLYxBXTS_aV^eGekmKud3c4jk1qYmB2ln^|DZt@oT z5AVw$GbLKx(WJ5T1o2TgfhT^@Q5nHMabw59@g_i#U@)YYpeR`6x)n-FdPs+jyz=RI zs*JSjQDx=TN=nGnWz|bsm%C=m)p1|vO_+YNdu8ka2d@i|pPztaJ^RG?L>lXo_f-Xn zzIhBYyMe&K!0PELMTnxvH`P6^Hl{fCXE)fgr`dh4aT0$K#qsmh|E}P){cYZOf&&tx??cAR2>Ael>A|Fu z0bH8V+?7nckMQ@B*+2S-Ql_4E#-e48P_~1eLjyjXfl$9_OuuT-D!~Zh148@CaXVSG z0GhYkS1&X^JC~izQP_IqUbyE-sr(^*{=e7qBAzdNU-x;s_Q)6$Zl@873;x9RQYVz~ zmU#M)mZF~#%uALUd`~BTSY-@^0=6fce=~h$TvhO z#N4F9IH4c7wm#^ipY;9Ipbqy=8O)}Tk%bQmPj~ty|1B`uP{>d54cIMiGu}`niy&hhrNE$a;km;W)bk1RUCctAGm8N(G-AcwtGnF@svp`acNKOr+6HSe#Pk_Q*l zW!WI9*paP36i-nK^nv(rJOxXQY@d|QI#Z!E88Q(<=(}TLXecgET@-XGm#@w&&Rn*> zxMWJ<0Ay<1Zy~CjzOfY=m{RVqdUwDjRUGdkx7%On?PD2y?NFk3!7RSk; zN%Dt|;7ssH`OZvno6PIW#W~LLHu(4qLEUT1XK7OzR~`?C3~7i4;;+DH(!vN$tnLLR zR685YW+&3)tmhfmZ}(M8YoaBT!Qv;9ZMc<2-3>)Rl?t@W61H*IudCBkZ5ev^p`d#A2}*QduOi!yaCsfU}lDHDJ`?X@RZ zDaCnPX7R4Ce(n=<(^cOpr87K&kQVh4oZzJnw4TT)#u)CEqRIxms)x!_wsI00HWSyY za~Q9vcuY)w8O*EgVB(@zZ0rbN7pqt-9u1;5+l!U8RB|@k9EPLxy$Hns#k@cAn zaZxs7xB?srr9vWUTRHH7D?mZuNek4LOUE~Snk6fWU>chY16`=Y$hfUt401gD;jrm? z<*I;*JuwOGWDr;Pad$DLN}~XjZ+U~UjSL&b{i1mh_U$hiL6*}{1(H-sXmjK{p#nAE zFe!wXF)^dia8t%@hATfUa!F!L*8EhXjW$yUrLosn-=yB)r-mZOjD-%rH5V$GfWGn* zqZ*JvL5vwQ4htU1JKASMx)wh#I^1!n;k&+r$n({nT{X`+=EoFkH#hdOYr2q;2bVvxK4IMD^Bs2iBa^hKr9!_MpXl z`X%Sq7-_;dSCV5>6-!b!Yj{YE(EPmkVPP+eUYG<2i4}f@7)ZvVX}=`OY~P|j3bQqf zXpUYgP>~saF06A2`vjeOm*Q^ZFtC?zeK)GA-dDFW!s#2nu@Q5gXva$=?%EteAa{JhLzn!&`8)*=rGQHN1aFkDsL3WsUP#^_GVoLQ2xuTTj>(HwGr zo%x=gxyy=lg)AEUTln6rVYf~$k$JhSrW|s$ja!|_>9IC7*{eS1FrQ|B0dQM|v+LNZ z=*uQICS|m}jC=TpUOA)Y%$>nP!@?w(BO^;P><^iO#l%P*nQ(?>!=#9A3>F5T87c4y z%YI#Ue1}~Rgnnv9Y$Q=stO95+X%W6Bhd~;d*>e23^Q-TUEHbl%#)EMuMw5xNku5JPOd#7r@hnszO-kX@{KPmjUr^KkZnsk3k9`X zm2+u9u)o2N?+i4Go?#SEt{Q0$>>DSc;P%?-NYsSO5C8NNd@D5AMeYzt`8asUP2t*x zt!#2zW$}8q>FQj(DMbjl#$iL6JBf+`LoDcufjM!>5Ym*GA8ec^y5fg!^+chD^H#Bd z2s$wt9YbtkUUaVB1Ns*nd85TbjqXOFofa6CbGyXo#ugps$EfDMyKgE~G8zH=SXfmrqZ}XU=@JDfX6L z=~ZszB-?8I>+d;MXB{&&?-*!RF0*H?GAOCpT(1f_bjvrYfpES;(#1$kIaOc}10@nF zV#Dr5B3P(qyj(46+Q!+HA%_3S|%^5KRA%ap_L@&rsAR2 zrHwhce#WOq6467Rh9MS~=r(?SIncPr6)%MSB>)bde%`bruOP2xlOar(%lV=?X_wDs zGg`h$qsm~N!8d$(+w8F6*gHJy15!ub!`)>KZvXoVi~FEKzK1@<$A$7k64Esv`KFl? z*I8iYe_vM;|Egk+_!hJl1{vZd z*;8%aODW@>u11L_T5X!Bk1L{EF9SsIh^C7p_qJHk)phMYXxU}yh2juV z#Y%j8Izg!b76r;m4NPmBRDgi5n{TrAweS{vQXjvwg3xe*bWsx1rFrGXGa90fws(3p zR|h#7{79=IL){q$ug~Fyl`koL7i!*t>Miy5x^qA4Sj^5oEncLyiWfIrAJ{vA0(R%s z{4V$Vs0wpvFCZ9qMSL$^>WO?B@pW7|!?M$>gT-i^2jT>YmXBRL0x=L^NHNgEj^IfR zO8srio$5}#H9u;+%fqOZ9_L`GGkKGVP85b_SHCjm@B2omD`z=3@$%4EW8!cVSPs@C zN^w;o=k_;O_Qsc$_^~zfCOW=Uf%1sHfYP0gA}@nSiVak7uta5(ZCoYaO1ctMT(6nVJ>LxCeJasOIn?~qBie^{ zT=1ky@np2r^hTeugmT~d4prD(7)@GhoXQGY8ZpQd;->QGe&5FWD8W~r4i7c6a$0wn zlpM<#3`uU~jM?2%K=JD}b_OWbMSr1O+O`85j6;|*kbB;OHY#|;{kd`MlJ1v6v>WSO zK*CNdL=o`~UX&c;2ZB`K4H=?ohc}VG?9pbM0IYE2sL|n4e>&WWeW%I5>-d=cThE?0 z>BIz!{+O5r6X<@8q36TQ^CVr*5=wu;t&raz!N7*4W$D%DR3hh>Ho9F-=ncd}_3Br% zb4=i1uZ8r-Gf~?!10jW+ZTn)~`+dJgr=o>V;53Y^`bX%0G{feg-=~Ee{hp{<2BAiQ zKZhO=K2c{Q9J(*%En*VAE99+p&7vx(73-7_yak=Y1RK4tMS0b!7bFSqw8*u=w>OzmS+xg7vD3PRMqFCT*y05H^-$MX~xBPKPZIM0f==;0SoqMKqLvY4Jx-8MFsV0R_EM>^D&c2-5tvJ%fd1-4Krc*ZyNYATcr%CvnIW<~Esdv?aj=wlk- zWKFIjj|2;lVD{WSGO|!ypZT|}^e|`7?$3f2Wmvaz47)3QdI8H3ug$8EU6f15eUDaz zu)jX^<14rmDk?(n;6G>$C(>@*Hi9I-TFF*CW|1qgiBKooQOkns3a)bWW=igUpnv)3 zYohao#l;s_Kr+?k8MGc5^6*a7Gd>XZDg(ks;8+0#5kAplGycmZiRcJQu5D#0?zcZ3fwHI7hWKWrO^@%cy-85K zh{Cd9yVr(T+p|l4BRg#NEZ)WsV^hq?*e{rnVnW>(3LZ&^Tg#~eZM?dCD^p( z)OJdoH>h%I%%0qJe6LL;U!9OiDfE5}-2p~V;`Z_j4^gpWNK4Cz!NH#6%h2fPzE}M1 z)f>jfQa3jZv-in_RsAc;P)TSAa3_+<`tv4MT`wy1%6x!rG_OD^GGqM~1pq!n28P+m5j^+gI&%|7=MTl-Wg=X8c}1m}I&S)MuWK)0rQansu`~CrO)KHM)0rRSE{vA2hcy%hrEAzzJSMMA% z)*NQl{1sT4hX*kml%KI03dRz9!kr!HQSz`bu(keng9s#acoI5rUb*^MDv<7A)w<=L zbw;Nc4W8ZN1j5=yKtm^#euU?%{{;^PFpZ>&7OF_CRS&=C3r4rAvOhpV4?2A)`@Nr0#UwY&adV(iztY{J{++b9OSw(kc6s^WfPj^^IqmGiuN)vS0al#w6;`!zHl+ zbFz+Ys{DELw{x2=6r|xLlY5(7*2mH@T2c{eWmtD7C~rg%e0_nCD>K(!2dXGKei-`} zA6z0s>X6h~%;HlOO1W3t7j^cfAH<#gUKx`RdkQ-aHzLQ*nw7rx=H*8F)Es6^iY#NUn@^15ivQX8N7IH?Dx~q@bp`tiUB28%6gK~;9QEMr5i1H80xkK ziw6&?%&s17+wbf-Rxez*>MGMOjs2wfFgufc4%TZn-Aa0@YqTWkv5wScN29R0#A)wpK(Ac>-TY^3HQ4 zsfn5?9@Jug4JZ7v*K;7+vi?Kqs;jYLd4wOmXXoof|s1FhYtqkd$zuaSgbNW2BVK{coDGw*<@45F^PB5F;$ z#f94G%KK0QXHKZ7p{73X3PMR4zt(&w-EZn2UaNO86~O693r#-%e(v%c`nQ%67G$jJ zW%lUOau0Rr;_4COa~)K#uuc|@#$y8>f=$6AVfE6Vey5!)?Bm$)2q7{S?~U&q zv?yzr#IHP>4a7dR?Ps=C-WL-F?zJUQv~2_4&)bIw@)v1UC-mi0seN*hc!PcaFa-n%X&g(u^61= zDE846xf%MaFd6d8mz*F+T}JDk%A`z$3f8QbQwevB4Gv;TGuxEwQ<&J9I@evxD=bM0 zWlG`~e8?9#EMV@{G3=;guLk&s+S0GWAKcCF$wnoUIvuamYeYmh# zxa#X?9*MCkCDrTMM8xS;mQ@7Z41It2Q**%;OP*vYs6DN!_(LD=LsRdvh2$26vT70+ zX`cEp4O*}S@QLV)XziJF5L#C9?EFSaQP44k#8Bnu>ml+C@7y?4$5Yu;KTy*k9k;T1 z@%+*v+;K`7rwLy}^{J+KABNE>W>bZ&gYXeO(i?Hy8`KRcxKz!f@hZ z3W-Avh{j2_8WqGi2xo3Qv+Q>c+bwS~a=p#v`bgy}bQ$>}gf?6^Z~BI} z{fwj~3OA3fHShRK!E$Xd_|h8`=pj5fKaKBL6$wlw_WM1AruW!OS= z!~De0>w~PcT8<|CPRVuf6t`OK=7vXBj>%czNlDYf(O9BNf@X znn{`5gyORO6Tc4UuCFSoX>20)c0GeAthx#Vm1T(6u?i<_Qu^3MFbOei@`HuNliRGq z7I*KsUacv!tM19NJJK#y8H(1jsu&=-9Uw_KaJB8kSzYvDSmDEREDc2UIag|{!rG?b zHvqme);t)s_A)j7oXkisOd5Nw+q5&nX>TH1SdcqgVRXwuq_|3yb#; z{})?t0Tox%bPEq51QIN`Yk&|mxI=;kCpZL$0KtR1y9al7hu{vuLU4C?cbB=H=Xu}n z|Ngt~SuEDT%sFRHcXf4Fb?v=-J@@9u*i75#%IVIgVfIZ2EjX|_JS|=b^s;k$w_a9t z=zirK$b~E-x%(HJUd^j2RuyhelL&y7yf4zq@_%aqaQf}-G1e%Tg2%EZm)#V#6^`Q1 zr`XgNk;)$4W8PMAD7%{3%IhsW34I#C-k(anFH?7%1$Da0rHjG{iJTTlofVc(*DL|! zlM8yP&co<}Vj5BtC%*NiJl9Y4hC~s)lCqL%{9HzlQ>mr!%_}HicRm)Z5IlB8KmoGa z_t_M<_(5Z)geB<3e%9I;sOJLZnnm3@!9l^_#_GOJ0DeJ>I#9<7Djz{9-3Nq3K67~! z`K%w<2YlaeqC)ai6ekas(jyW)A*+;H<-Pl-j=26dO?dg^hlg`nG=$rNyB|@(-YTXX zAE9PeOdke$mfL)9zpR~UcY%N0mb06JFMG^ubOPdB1>>YJdcL7&duYxXMGLR7vJaZp zU7Csgt(r7YvI`r;wN7r7FS=mNSK{ldBy6V^;`ni0<~;&aTFH z^(!cXWc0BT%H@mIpjy)w-_Cw(M;#zrhRr#6FE&D~6EA=m1R)=Jtgf2BE&^GpW?qP9NluAfVqZrF2<|!R&maR=nBG_%y$+0A1cYevE?CSK|BI zAdSB`bxq2{Kii(^jQ07!Ci+?P4t$WEP`#Yh?Q^p|S!^?3dYs?lM|CeIzC_^rtY(?S zOEuNjYs*DMDH0$VjB+iDO|vIe@Ci2wY~zFUxpd+W5d?8*;p~nDyA{)t&<3VHWup_4>y8&aQ*X>m~b6P>#iadw0Ku z{r45NCKIUI1M~a5rAAC_OWua#6Rx41dpve%oA<}gb=?*%)ITuJ z?dA@1$;jxM74GzwmhA8C--5?P=Vf=W$(F{ULLR%|;FvqGclCndd*wcr>+q$T?2J^p zZOPcGV#gPSPuJ$X^b41QFX%bDmdrDUGEzAZp_t{QN~-Oz!9s#l=1WhTb+m5fp~Hla zBW`uWiCmlQtG|d`P!_&lVqGt~>n~-#QPJiat`jnLQnE7#vPq$Pb1!1$-TOqw>kek_ z`&5=|h|j%w2!9LA>AfFJVrSx}X|5Dc=cW5d6}v&iy>{vB#2fsY9CPfALiA6TPZ)yF zjjlILfItt8Yk;TW-rP?VG4(b z@Cg+$8v>tw!R|!LOl3#1;{@r&OlvkV<~+cvx1KH!2TMrcXfiqMbsYdF;C{LI zr?wXieDU4rji}3O*!6O0b{cw|C6z=z zhxZqAPL8Qsenb|GVB?ZvtIZ&cS1~p=vDW#Fb)nI+^aU?v{Y=6%6xo^9&Y4v*R=zfz=mt;3CLZy)!?w18RA#P{qbpfT=NJWAt*TE7LO%(1LpS$@_(a$7j zwP<}RHxQn*Myb0I4fEg@W1#`ay>#{(w@rY+?YEA-jps-2%@o*4e>k6@P92MPr6^^r z95^aj$cWCvBYKRqC_gEOC4!Si{NY-RY}NV)kvn3y6!N&Mbw3`1{c}pCk5kF_!hXc& zs_(l1?Srb7AINS(`t^#JJXlrb z)mxy{>+KFvD?scRm$;5D^BY6khZbf5Bzx^Ypz4Ga81RFMq<*Nr< z@SEGI1nm;;35iDEJm?*Qvr|mMUT|2=-_5&qgF%taj};>y8CEiCGIdu*l zlxt)g-tSQTav~7XTV>}~Io|QY@a%xy;mBVP)tlsw{H7)Cu*Q#p;X?r3tlD&VqdxIK z7R1eZ^V(uTea{wdCw6&Dhy9TD{P{4U7R2rER`th$U3Ps5x*Z;i;uboGHja~{#Af2- zLi&5$w|QOO{6NCEvDTdKWjp+fh~6dxO{Ty9L~`$G$UaI4c&>GVaeOr=C=~?f)@$Nm z`G@x05ti|$WeM3ul8F-g11*4YKBwi-zjRcMfxUPq>C?*1xbosiX`84L{>t+c?sNRT z0jH*C7AsmyWx;WV1SarzirI^f?@wMF5t-2$TV=s>UzFY%?x%TsCLg)Ueymvv#Oi|? zdJQrO-r@0%nied*t2}r+sGuJ;4b|5!tXw0%w_|iREac9ksO}|wW*kA4AvUc}&>UyL zXFx}Oc#P`rwwPCy*VY$p`5-{eKJ^8+H|BSwpvj8Q@}aK71hHua!QYd@8S-8NE!MNXNhtGXt|CJqaX%^8eQ}Ew`J}lG#iwCs+WcFm z_miTE`Q2f@V3n1piVxe)VcVl(AUoZT>?M0=V=%1YHRKwGsnM)Wh42Fb_C{f&BY-6q8EKU@b!Gqz6e?rd|47QVB# zDKGoJT-06h5ojx{{xilZh=KEF{PNK+T~R$bqE2y-DU;{~P-=zSFokyd7*~*f=8~Q|BZA*YNk<@w%@GgG`v!dwI(=^@=_K7biXIP_`kC}Y zVrV##y38g?0WljD4Vk#m_>xP8)fR{poA8#L!R)s4dml4sypOr6s&*pyBr%dNbSXEQzC~z4_e}V z$k$6Nw{a|6P9hE}v*%jTiSyJ!4uX|_q(BK^wH0X4WYc+{{N9r6J#d0bZ5M#eVszvN zMfMdk`SV{Lb~G($=PF1~8t7{OEC!%@T;CT;yClgfzYiyN580{ZN(%lX!G6I1uy`EX zgqn?v_$+<$V6Lj=;GPlHT+8L>jbn7@QYYM3bLH!xUp--MsW(skLN2xOnaGIVq&IlI zt^UyhsdKUFHaT62+d3|sh&8EpSOlhZ6PORSCez?uFreFwDjV!KRNT+iI~o`Bga2IG z8_AYGplqocpC32LxPgC%KS)&T!q`ftU-!%!Yr?!NdnaMeg`yu6kY8ntb-{F9qJ2RC;O~1W~PsUd8cmMaC2^fr|OcJ)*xm zYXlR0<9uz;-t`>WsvX8Pf`mg$OSi9{ug=D)qe)RHo090y)SX{nnNEvN#QdZfV#NGX zH4n`#io2Dx^~;Lh*Rp1hVtccIY2k~yWN9g7#B1|F@-KPFKpe+5P?&U&?nW&>%!+*` zjE&t5(Xh>1r{&D0m|$QMc`Mb|w>Vt|GmRNj{bQ2AQg zh}X=Zmj3qKuvqcWoqwLC%9HcOjkw_N7_hP4s#hk+U^-S;qSa)4{p1Rwb5QV&QPm67 zh6BcH-21PTOgU=!91E1s=c*z=@i-slJ2|S@10L0r^&~sMvkCBKAQTA=3I-U}Tr4FL zx60;BaRJl4EE5Um#HwlO=MMJ{Ohe=?wbY}p6UccP zk%?929-3U&zRM8N2q^_&4-vy9PWPy+J}buDXb?-_!kV@6*|gjcByrYi1jXpg}SetBK&if6`gHCNhYW1_LF$LWz?E8cSGF9M43ojsmL&rLu55A0PO z0d4F8p9&%mNwp_`A^+_w8 z)iGtSe)@wm=K7^Q-U8-ye!GdpMU53J^S+eI*j`( zZn%|AXtGUHr4~FAyK}zUF>BqE#5tUx1Zl<%D<#CkHr^mY9-*PYg)y~fX}TT|VLOEZQ$0be! zIzW3Iqof=$Oz1WowU3I489qFaz{Ir;FrbzeOrgYyXE$Rm_D4K3B^=d!eqt0k#vSM7 zZHy>reCIo`FS3otYZoPtTg>l|npKt`g(=XVE|1i4H0)15X}e1z;IWZ!w#c?Jyes`? z!DaJWJNgfRS_0IJ$4Z%cndbN1pID|q?6D{GZn_P+{+-)T@Gc1cc(KB6yZG20oe1w~ z2i5^kdJBwHG(jrE2)DiNx+Ha^2*#HC)%#<|vu=)k{G=z>?ZI=#mK}iqZ#kX21wfnO zmaDW;vsQp`0ifaS%55#4{Mh_SScgTE_lYEq4^9B0duDmPuO8|IkN6jix+zfRv^t0i z20ig@fBJ%jApk!EM!dgxG*gZ({{WM87uVg@Y!Q*}+-;JI|Ds5@j+1L|zr1ua4?M&k zx>V6dBSL$s%hv`a2dK*)0mlg3VU3H=tIb6p035aD?&vK*CT4yatcrNF187tL7fO$g z`WI#TLwBahLeuqLdb%0fH?2vx1klIn&ZnhRZv9H}TDJFLA;j)?vEh2<*%D^z>k+&s z`S#blWeEj=e=|wT9JD`~$4HtT`rZt;PL0e+A&7@YxINr@xU{5QOnlX_(D`<@*o5Yt zN&bGLelcY}Y#SRl7&qKtL=R5r{7(cnt!L|YT|;G$QFvKd>2kv{X|EHYyU>>ZGCG>3 z|0%3u?!c78e4Vo_r+RI6ddbvmN;aL4gw$#+phYTCQM_+KR_bd_3@D=c@ezr0q7fm%!#Wd7ACe5 zU_9AJR>Rw+>o0wPx-(;ta}V5COAr# z8>83j&;BH7Pg$mNQ3kvQ2+*I*qJ{=J$pcgOPft=!pmz5!*7TL|KUmYdMztDsPO!Fc ze=^UW)niMf7bsKPzIXie@|(f?L}I6_nqOIZm7Ky1(Mj}iQ&|@K)0Yhv9P5|P(-s4R zeT35E-VE5s0DvQXhb<@uU{7eenMB=MZ)0b^tefO!WxF*NXI9?UAvXZ17ZD9L4MQrY zMdXvk|@=JQ}YoF!{j=u+!Y|gqUD^9)^#C+uh04$}9 z>}+-4*i7O!pDuemaJ2ZhBikN=KK<@l&;+=m{``V{94#h8#iUuYcclg7zCX^f`Ro92 z&EC1WvfD)A-R3`O^tMHZCJD0gGSdu4-u(NE7|}cSpwm&~N#7swX%F+e%TB!iKsU`D zri>>{V%Ns&v@aed3?%a6H^* zaOw^6FgKOih~cU46Y0TJ^PxRnoU)W{@=GQWWd>HS6Tt5R##!&_{lbDWWV9g1oKyp2 z^>c&Dx#!QkKqaBx>6emxmqSqNM;tLNcVJhD&NI_%a(Kl`88&Dn>d(H5TuSe-{R!tk zaKwvHkmN#oF%DpzUpyuYVhmc@^S~oW;nx&hPIIwPsZ3Apt0Mux?|z6bx4EWJv?6(2 zpwQCOiDYorSX2O??ed{P>?GcW8XU)2_cOqzCsS(`^jI6-DvZ^C%e z<92)y`ZNsPB;k@lP-|Wp>$;g4cS+|f#~{n;{sz>%Q28&T%DIFnFpCslE!&$$(EE%k zDoo$poR{CbD**_p-D;V+1&4m6s!+{bQIfMDLb|Lmn@M)VV;MKS=o_ICmCQ$FRU*6|p4^f=Xw8DwEk@wsgjOCT`}3rFlzL+wKLx(=c(Q`+p-x1;v{D zI{y}UAWs_86q&kV?cF;zz5M3#@QzCjM>_ptp!k@befK5VFz?-mroIv5NlF7O-ybKR zQ|AX&o#mPjd;T@{)WdOU=G{arvPp^C(X6%btpDE@A0pUiaxV zAFVWEZ_?kUO>6hUviLl6dveUV23TDAXGa>m!}I;)Lb;9mSL!6qE{SSsou6c%zqncC zHOQh4{3# zd$u(-cA=G(+5VJod){Fx2RmO$b38A4d~|iQNanD)_Ue4$lR4gPI(cR06j-}a8F|A$ z>LVW=MEx#P)>{78lFz5l4gVQ#5J-5pZdD~sv5A)BZ7G)I)^e-P)o#^xmFz}sT$PLh zGy>Y(;5xb>a&D-sGF{@~F@75oANXxOU;S9C_C2SVrlLmU)#dfq&EjL%db5s$<;AAv zGMTE&Vj|GIMMb7ZO*Va|Q0Jn|%+t?Tr&YH&`q^*jg+5MBOq9A@z4ZBb_b{KnaU!eU zx^OzvdA*11AN*%8RQqc2{puY%)lKum)O|npko)OwuZSFPs)PHX>2Z=lLFqUk*9|j3 zG#YL)Nb1m;aXIW=}P&qj52aoJ35IysOmXEUi0w!QaO`xL%uHaE3K zQCW}n ze7MIGk3u2lzq_pysI@`{6Si(B&>G8{CI~FZI4PR^HCz2?nk#=g%;qt+Ym3)*AR8DG zNm4zD`2MHOuoukZU76cekiUNqV*D#WTUwmxBC}=o)ZO-UN+zJ4?$&1LR^imd*FB$f zSabi{d_W)3X`4~1N%z+nToqE(#TxBC8q$9UE95&To$-%SrqWMg4NH_3z#6|T+Q=?k z&i4}F6KL*;=TN<+>gjcVd>mTRvENT~(d+D04<{V#Ao$jUx_tP3l$PY`z+Q4Q+`!G{ z;a8q)`chB+vfDLL2}(Wfdw0lsz$q-QKqyK3jn_R{211H28SMSxk_YbQ{}>BI2MaE^ zUHrYe%>Qr?K_F6ALLAECYPVx9BpumyhQ#gcAI7H)Htv<4u?gePS`b?zwn?`C>m8bR41!KDBX*ctG=K-`zenjP3?M&K zb5b(E3P$oQ%gCv(uP^vt-?v({SFl-oV0b$vdjj&E?uF0lM4v{?fBAADBQJtcHp|M( z1?nw5#J+vg`TV0iy=zJ#1E>mdk{O*sf`f}nN+!O&z9*^2Iz2tTy}cE#cD~#TAaQpD zNq*DmGPeFI!@(r;`C33~mRS!8C4t}yKtLxzcG#a|!c++7%3tnJ56{mh2kPnT1N}HN zvl8lH!&w?y+UTgL4Kql+v=IZ)m8Pc;3)FJn%>|kc@mkK}rOL?$^R?ir=JVh)?Kd!< zr?8N9c!=i_j0K$zT&c3l)q&cq2qlzXNI33@X0|dmDrya=vm73#jse~3pGhQ;?Y9B~ z9!Coe*4pNqe`0@*{agmVj%yna4-crjf&*}Bf!E*wkEMM6&((WS|9*eSK|XBAtG||+ zW(k~H61TLmxRp2)Hbo-@s6}3VP33c87ZA|4$Q?L2Kab{92IQ{!vgr)qfvTJw9fd_i zjBCD>a6B&)Q&x^!$V~=v5`SW8fq827^8%*PpEX8bze=U?IssWU>ss)*Y^GBi+uQnU zeE)ew@FgH9`S*tUL0LQ7$MHX6COlR?_z8MtIkdC!565)1{`c3^ z{50Ivb9R0WB5k2v9v1wtp3ctB`T6^U*{bgDZtIj1z|jkYR;EyxlB3}~L!x41u}DbL z@P5ys#)QEIhrutl|AUq^zbE#QdB=LRne)%a^%Shb3SWxA)6X_xr0u z>m3FC=i^gU^Zm2H2>qF#1DiIVFGKlnEr8C$U$ca?uU6!I)HfS2*_QE(Bb;eMMQz6e znidv3op#fj4m%@c30#bK24Majso+T< zBO>j9zxulk=eD^RMCTUL{siN>3A?g%g}N&<7D={rpHD&GV5cml=%|@$IK8ATaKFYQ z9(BUaB@oI~ZQf2VM~!J61Fv6d6sJs$2^3`E;1xI#(l9R`<^Hv92(9@;g- z+K~G{4Wc^Rq_@TAxD2Oqo3Y1nw;xBKF1B2+L@E`hJA(b-UTu%X0fO;U(T3;Vp5jjJ zd|-rT#E8C#!9pBLZ`G?@aRqjedzQaEqOQZY)DAC8jM0a#_%y{jo9`)mgj?oLqzugE1$jVp`>H<vGPV?!~TWf9#>hA-Ay6`9@BDamtU-|u-pI65eaSG6cEVSoLnp{@sb_xm!6%NKu z>gwu(UISdmX#uF7F1Q{*8B?I*$m9JF^uuwN?Hvod8jOYR*jK%=3S;nD&A|0VRb=F_HbWwzzJF${YQjAh^0gFB zqcf6}eiR7Z9y|l`b_$E=nKP=%l}SfBATH0K{r-S$*Mv$~R&MzLoP|JJM+T1M>wq}; z8+4;CVIcNMW(8+NGZfnulM>UV_~Qoyb!-YPmx8#)#~f1hpdfUkpNRdo@wQ_B9M(fK zsw6G9$99&@b*Gt6R;)LY5AEM0%=d+%`p-VO(2ap=L!;j#^fbNs&`g` z^#?dw>Mg#eU|?XT&;~kv-|9}}Fj}H;l-T&_EwT1Y zpB&AK>+K)pF@vwsZzR`Vc!^UO^+XJj*?&{(_XmHOZB>m9n4-~HzthU6xQH@&B&o{jpnJkBR zITe`lNYOXG&zvz)bF4gLrAOZg4HR3`7_N^y67r4WyNU_~+U~yj%*_ z=s_>L@Ca4g*^-@PG{~91i_?C7BQBwr^_A3%LeE*$nPC@CoX`$!Z0C?PjFoQr<1R`) z2%vqagTqZOkzT+ixkDC+$L}zAiDh|Km11LKH@CN^Cnt9=otqikCxQO~(r{K*RvjH3 zp-ervXm8L1gHmFoPGWvXBl4%*T6eUa{V9{oZ!0LKpWd~l=3d#Oj+G!;&Pa$++xs0v zf%ek5F9WL}GCJ<1a}N!WW|)7g4=TEfpoDjsUm?*cL5qHMPXlR826Ud_5Ef#_^1a@-5a&trVx|6?H4F z^_!b|bW4$HqjblWkCjrjz%2x5TwLJW{C031@-qZE; zTm_*aBE7O!G*wakE)FY;4LK4V@x6_c*!_(|jW_awi;D{o+fu`?xKB(^e-aVtb9*cE z>@60PEV?V#Ib}yWVyjaCAfNm8`E&c@$P|`8<$#`sY;$BE0gg41715hM+crTkoHE93 zb=Z}~t*pR;P^h&Ah->83&{wPQ^JMvH?ij&C;V_j+^hcs_Z zs!zPIuvqvV%r)y%qlApa5O5JGm?=RixJ)0TM)p1e;Z8wr(N{z!i9;J{KbNDGG&S9* zt}&CGAkIFhh&;apYso6(Uf0t)x1=#qiKo1L79YqIY2%gP%>ozcE!Oo#aHVX=mK!*s zjzsSSZyPVBNXf3};L2D3UikwJ_Z&Ts(}VCgRaG(7f`|y&0P@y<#X-i_qLx@tLv;Je zMocSA_Pt5J4=sL>i1MAvqNUIxTsd-g^|BdyPGzO%P0IG@O8tH6DI(CM#<@Ef3oO=v zTL*KGa13BSkBzMX%hAL6Iu&I-W}NSO>qgI_rBkEZpEE>~zF*qt6m)s@cQ6{4E81pR zfmOb}r3&VPEQHepbDMa~4E~3Vna-a~{#^<7fEj3zjexHpi2UoR#I?jjQm;XDg=)AHC@mPBvC$IqS!{JO z8%%cuV*w`1=yE1v?_QXcD)^%lWhCbv&FX*Maqk`+hXv1SED!3E`t_yN>zLyPyhtmv80_4LfiXIGC%vd{UyNV=1Y3Tb*5Z34^Gwd;d}{VsZ?I4GtlikU+&dJQ1)enhnuZiHA&(|qb~<& zw}W<814w#&={)%%6yW%J97$xO-%@);qV4+VHkUx4@??0qNE;`W%G*KL8MrF6tO|X) zDYWU8PGoW4TaXpFU$~L8RqTR3Udn3j>3G8;Lbeau^p+U8Y+Ewt2RM3oo@wCJeBm=5 z%VB@`ly@IpYkKamhD;z_3e7OAvAG%;yAsBwc?*LLxXe+*|rRSqbLJ^Zn zfJC^zPGK2_BQ8J!iwKJhLAs1wJZf*BAaKWDe0_*`c|TJgZPc#Q{~{>N{dlmZyv)sF z<0KPby2TZQgV3kmBxx!wdd>>SciIRnt9}pj2jcx6=l;2=Rp+09?0V}?jfbyza^Tys z)LNV`fj!Tuj!gIPd<$ykJUt0Ynqt1W4Rl}(ZFSMT$ihR*bH06DU+Ecrg`84Y>eYI^ zBlm2i^K7y8Id_GEZnpCM77q#UDO4G{DT^ACbu-mOaMv74h1k-B_^t=sTsQ*PWz*(TnVN2O()Rc37U`Y1oyluZD&o9|24|B*kZ-n@cv~V?xN0UK|_YDp8V8F=u(eJNi2DI*9P{ZtiukMyF*aW_~`*o{N zCRsO(zIsC~o3y%;cM z``g~ccV*+*&ocrxn{r!Wd9bwV9e0=DNm7~IB&L>*mmP0!>o{Dio%(TvS-*aULZ9xB zX>xxyXPu?NKfQM|aR!Z@cHbrdJ>12)BH}D5EN85@ReMrVlou3+i)Y|qWw&pf-FKC8 zcgpS^ups?FVIHP5mPA6in#GBJTC#ezh#W5i1c zQE@^f{Tu3#9Y)gWwtvGhK{=d_AL$<_d3*`+lzhE5|E)jiW3lr%QrxY%M%WDBUAo5; z-Y|YWEe4g8judI$N)AOwe259UP(67lt)LjvLX|yEvc!8+u4psqZ{^oYT&GGV(F`MIk1GSt5hQY z8&P@QuQFTENp(MiTo4~@Uztq!*SwXV2npad-&dbjSYu((gdoxG(k*-Lu(#@1a z;-9OxAK#twD=8@fyGRIzTWAvT@%?+SM(gQ(lVUv8eTPN7BMyORJY&pVdNLWmeH6xF z)at5waU_w>?-qy~`GEo*L?(UDNrsxmFMvU>Z1lzju(Gl?Ki%zfEW6sI&lD7{dj}w& zgdm-hW^spg2vH(QU8N=xJ753WnKu-5Ebu)zIH;~>y{YiTK%e(`clv^Pf~jm(o@gDp zt48<*c@Tnt4tTf<9Fg({h3X^-WV*0|vlmkl;!JjyQZfm=iB^mAO}pnR?BlT(u6bO3 zQIW~vTn$3dUs*5Dr69!m$^+v54lj@;;Y+fQuE~C88}w2Q0$~A}Ot5;Y0wT8!Kv6iA zhl8KreP<+7I3_g}*Z?rVziG_B=Yh*;g{(E;EPv0pO7G@8`Er-o_9Vb-3GpPFdto=wb#OWR)ybnfKy7^#Hbu_#&#AzRVEf!#*`15`#lQ#mhX{6d*N-Bz3w3qaca z-rvK`-{dE@F0v-px6?UD+4!?UTJ|(Wy&%nSVs93ajbk8V6|UDZJT(OUY1rcvUViRx zAni338gk!|Vh!?+KhHg}aPlI5D0hyRBZXMPjEOne;Zu5ofbVeJVz#!q^CKjSrBDFbq}=uG5ZVqd-CjnXI_qjw~|IbLeTTMLMy!PK!mJxK;~ycZXe zClbf+A*i1a`$`&B;l&C1>K^Tjy4-A)GZ#%9-*zNLcG~K;Ea<5YuD5!^B_Sq?+lA*a z-}mcq?NK~2!Wc7-&7ET)AlP@9q+KxG7U_3$g)7m5fz%UHUE(HA+C@>k^j;ypWGA*& z$$qVrRe%ncOI;NBTW18HBDEu9lAxM8#lj^dtcBr4xiSZNQB0OR8BJ`K{72yzsY@B- zc(%?y$^pN2*^gt*&Y$V0An zbG9z&dcjz^^P>^d2*i%%hoyYc)Xc8U%R4d=QF1TMdoD7KWm!pz5G4-H>8tb0+QoMj zd}8Lb@mg1+J%%J(!t&HS5oiw&MDrE!o-5@==B2^=wtTz37TGN>*K2C?5$(@C+IBub z>)Sm!bAL5q7>(?i&=xT$Dry%Lwvb!B6xn;-6N=ZF&@K)->}9KlB8v#Mif<%y%zx~a za6}XHIrR64=S-mI3_`Aokzj_&{$BB`GG#1{(swlL=%LFWdjyVcm=%AN`R;}^wEE)F zh!<^wv<&PgWUyhiGFHm}00bcr5urL2X_UP#Gsl|vLDBK;BbPw0^J_uhm)(%&Og{Z#6u87M=9wIgCq~b}kZ03SnGQyYMIc zwhTqzs}R&(0(I9j*U=zew>N9OTm|&e^xD7b5rIGl`j}N^<-$Hky6GX6h9(4}QZ`u9 z)lPn%pr-LOA#cgnMj_6=bs)pHbE2dES=bjP_!SY&C-dW|avi;|Gb0r%6aC$@Dw48d zQN-O#yLAaR3Ktd6+EEk9K9Y|!h3 zibq+=#9`EY9BIn^CpcO@ytG*9`FVh8Uy4f0O=W+wlIa$$kfpB|RB$5yaVc@UH{1XR zY=?QkK~~zA1kmuZSJ_o87HsXJ9tw@!RTeyOX2R=?bR>SUqQ-h~xW-dEcZr6-LYCo+ zhPLFj68c$AH!UgaPDG9WG~FA!aw-|yRVYg!aq zuKIVJ)=eW?Oi0x}Ht0J?L{rH+T|oJ)#zWQIqVJuYoLroouBDG0z~88kN0H*Y3L|PT z5Y7t0s*>JC*=O@F5oL%Hn9E&URYiG~o?xT5{o(Sn9(dMUOj<}@a0`n`XzUHVTwL#D zUR&Lc=GGS!vnKr0Hh#4{*Yr=m?xk@A=49rm%*@R!8cS|Xp{i8wMfG{nk(Ql@X)8^x z{H#ZN`%c2ln*a}yWjKh=Tbj(s0uiLbEiSbIMa#yr9|L-)2_-rv>f=6llJN|yYV+RI zG|}t%qW&nlCGhU9dQu1%5$9L0ii#S#xTaKRCCtp|(9m9XZ4AEROI+!MBgs3V?AVt- z>ZK-64%IFcOJOB<)zPN9@I6Ho{9xuAKi76=&2+_d;CXtjEhx{2x0j&!Da!v;l!1*o zDp1n8Zb5vGbZ1dD0^O51?s&;rB|WS=*<;(7#|Jh~PdbU$;N%CZg0${x?yq0i`V}2Q zV^q>TDRdBLv~1A`A~xreL+508*{%eq1=?}^6sa{MwMq3sOP8Ue37^{2Qxu{UW`U8m zfPCNQa1=-qiQ9)*zHjwR;k$pG4UT1KHv3E#*5$x=iC!ES6s(ggSSD^@?L@pCtF#~Z zI@rWg%{FpP%qIbHR&AY+|M1pG-^sB6C_=QHh0h-~>YoK5B51F`A6}=Vgn{d8(FmcYv1{mqT!wk+1**cu7w0kUOL^)VKe((#? z_P7QddxwpRjs_RMbxE4fm(yF9cwM%tEoQ|RdkR%i+RccS36}RZH_a(+dO>uV%4J%X z$P9gGC{<_2!ojh-t8Vg`z3l5f?(N~$%m}b-ebO`9l1=5g+DfeI6zn`<_90$vf8rx? zJ6RetpbfPt|4K6T2^2!=K+}e%Ee4q~`}{9gnSEzeEdtVIh0Qh!h}FbqO!B=zZQA;S z>zfl>Gv^T9^VDt*I%<;}2o5ocM?Uw4r&d8XgL~x?`e1XC z@pSA~v0LgOKv!PC+W#7j_-duaq4j1Vnk7%xX`_-2U)s&V{=J#9eL`#BJHsR}u0KJS zF@!ORh{i3pWJvLlFy2ZJaa->IixD+&6T_Q*csHYg65RC1|z>M1!p`&sfPAT&w0 z^Ala$`4M=%>|yDa&VPE2vw)3;r=+EIbvT`FM8st_za`xtCS`zxWeoVsL@@d@; zpT)(|kxr|zS=+=TSKjIJPwX(eM^w6p#n{HX^DV|Z-CmCAFx=A5H1>v17oFjjf!{7J z_4B3ESNFG7K7Y5`hw{_YHE*o1H+`KAZgm4CNOW{`H#ePOA}Zy$!w>D29wfxXw|BJr zXXnG2+jH~0YQojFv#)Mt@7+{;mIN?x<4c7545U^x$O-IoYozKPjXCmldCgZc&!mIe zMhjh4r3Yy+VM}Kjy^y+dFgET^N)R>!w;r-^a?;9gL6?s0?V+mpqIPb+l&oHJ1a2B z%O2yy!*%c;FebMFngU*;p8&J-KEYmpe}9QVcqMf2`fy&eyioh6ZG(Ja^#dy%o$Kb} zHHfy#Jb)x+aIjw;{pI;J3A<~Tw}|AcR}2;l67-5B%ZAB*NGydHo}a+cPlgJ{Ntoy+f!>gMp5raqg;88EmT19ybp6 z&%1Qqag=K{pkpq0k-S&9yKH+5j|CpaqvDhZ6?ItYnom_t?R1I&%4frU9gcPF>!+QJ zaME8kFg6wy9DFvdr8a%U7mjQ9Sh4yB2p@Gc#%mRnl)Sg&^#3H>diO_C?Gwr(v*}U0 zmk%fjiC<`4oA$Y1c0XrhIBim1WJLJY{!!?cU?>06Nz3(;8w&%2?yoM}Th))4DobwK zU%y_cmqT&*0q1>R)b>}dv4F`xdu>x|2QyK%P$bRB7jX#Q(0;hrycQsbcQlD#A-yCa z`C@#TJviUSV||gM#Hf_a*ID*RblkSDb#Zp)eso)1cC)m%w@07u)@XLC$uXEVP7$51s-Bd=gVs73641| zyDiRD8tR+cXsbK=dVFY~*0vZP9PAq$#9KbNsPs#$+G6ejqwm{$Ty%5{H&-`>dsHbI zaf49Kcu?075>obuOHv}3fPf(ORrhQ&i`!jSja!6Y{41mvoj*4nG=C2ZxN%>vc)9gh z4&3bCN3E@q*t_!Ru5GwK!tY!7Fb{B zpz!iye>$DXe(R#J%4j%a_!Z&8y^(NA;*jRgh3*tOY+AL!@uPgc*cWkWe{%SDm(pZf z?EB_vIp5ijB_ax}In7=$=#$3{_K*lzBt*k2T)%o1NWgROz;Gb7i06R~!cO(JXSrS= z?hG5RZLB1|U38O+M6gIMw`8IWkM@7NLT>4`MHz^Yt!}iARoxlHD6sQh! zw(alTKmO8s1KfV~pq0Y?P=NZzMg3@}p!c&nk8w=8!h-se#k2^exAEE3baXrO(|_bY zW_xteRSC6T0NWn-*W|eMCn)tBFcQxBOda@pzV|IB=Z5tvW#3n3GE*8q(@jz}hjA^1 zxY#&QCx*-AEG1=jz+>4~X*(M{dyb8em0-8=V>a}Cv_2PFP?nf5F%4=ze@J1+?9O0J zACC|<3x06ZESJNp;DqD7YhP#1N({badQu^J@ar(oG^ zyigxx`gE1>5b0`o+f?5r@{uCTqwPe)$||xhLRMeMr$Z-!-K|HO#qhD2Wxf5WKhcn5|@y0Iu1*$lYJu70%q*fpkF*aK{L$!w>c8w~F*x#^s#QHJgYeUuuws>iY z=z;so{z?h6uHPA+&$ru#NbU3#g=RO&6`jqS+bGH@yMhG?g7BxbiEuU_rtxq|l(ZvV zFLB+Qe%@-ncYBkPaq0Cpsbp(x98EyWO|uqGiJ0cP<@c*!C5W1e+q(bLzL1cQWd9%F zR-0DF49M|WNiVYqB$NgF19F{V&*AYUB1{2hAuctih=SU^`^&A2ci zfX000ME_Hj)Ve5|oc+`)Uflo_E|QVVb{c;y53Bi2Y`-6v#1Oo7E@zUG@X7J{^>Rpq zvwK5XntrdXWr0~&F1vRtg%cYm{WUIb&geI@=2OO6%a|$q2DmiVvdc(>gc};(Qi%T@tAi{?(4VyDwUqtBau4_89{U11IzmE^*F3G^ z!QpZ=u|2a)`Ld}GI_pi5k)!7pnlUcSpZ*U`UjY?W_kN9{v=T~pBi-HINOwzjcPZW7 zAt2q|Au)7!H$!*F@LhlJ|GSIDz#`V2bMAR^@BI`g$z{3D90H^2_cH~-4eF28k(D&h ze44dYVU-n*l#T-jk=-%1S!}qYziHIueGWKV6tLM5+Jwd-&b??{ zzh(-E!{U;TIlO75yvOM{mX=WXy*KckOl6rMTqHJ|IfN|=20f*Fh-Mq!y=x=;Z(DzP z2t5q?L+b-TyhC9QU78*%Ut%EpTN|_)tge5kmeI)P?KDn#XiKxYd4Lwa1eF=`g($mm323pS4dP7*ecGuzRP@xx)>b} zqnipuTOP+nZ`TgJDnGYZ+^DEeUAnL4mTv+0pKx4&$IfgbJI!MR4|H&=4mA8(U-lsz zVqyc{fU{O6#6UgW=#oI`({$R8$jdwRT5SV^^ED+*Ct7Z&1|UG_{d&e@Hy8mMR{VRj zCw?V`vgnU*jnBwX=9eNz1>dVF(7{3K2Jb`L)6644;6!}azHeMK6=i4mUel>p z=|qQzv(v59<=7w~AapuBjjgY*C)hPJG1V}%R(H&Vn6$X%cGTnDHez6}xpuso*_RWf zqJ3fNX`tuiHsZ|I;<00--4Gx6u2pKKYri|`>u#C#4~cXBe|a75v8MN%;%TFZzTN9) z3Lk8?&z8Vd4kCEM6Ou-`d$Z%`b(ipFLzx$Hru`Ta;zvqz?y-q1U2AOkJjPHLk_-v4@{2j?e}| z4Zdkf9lU5u9^1Iuy9Z#?QlSxgzALNv00KITi|{KJ;|@rQt7!a;&tPE|%R`{ewa#X( z*1`BF2>kXo=NU|1S8(~CE@tSsC>7qG1?*m8FY7LmoJi`ogF#>DKG;yeVccK zp%ihJ>}a?v9T*U44zaaW84gM5^7(wT9jqSir5B z1qB6n3lmkz3B3+=rN%z8`F{-qe5w`X%d^uxF;Sd|!SC!!>P5sP37T#AD(gdv#*v35*lY?d`C_HYo=ElnJca{y?r$&v(rvksAZ{7O}`<(YO3n9=u zcIiyZy~=YvZky*j;PV*{F4NUMVttzpr?V3iFM57TWLsLAY;yy|==7OgU@#Xxjzh^q zI9(bn*^SF=e{Yn@1n$%?8qxsOU+F zVq$@+Dk@)4DW&BjaoNdkGtTdM{$SI$t9*Aafm%a_5_IdqN)QQ8h2^wfcbnJpb?P|f zYLkc=uoNx0xw{TK$xG1ZsNIO-(2e+2GR3NrxWJgVISGY~jE?&F;7+II*n3yemB|~o zp?NR#NBS^-Zf;94U6cRs=!(eU=^-w`NpW2Phf&lv~oT^M#8IAA$4Jr@qhjS0J@$kqksq`(`*%ro{9fV`ue?~ z*CfD+9FUhM5I9oN^R>~%S5!9N0jQ>7#uAx>d8>>7IF=)91LQBD}VEUz_r6UJlqqC9LwZuJdoD(@Q^dJBd#oFg^iiMp~Ltf zw4KRTMN_Y%3l}PhkGs_kEC40M-rlWk=_yd+(es)6NCxOhNXzf-C~Em2$`*8|l1YtE zKK-v2(^{{xIQ{-~-OK)}uO@^4IWyGtoQKoL@`*B|2^R^b?6HHF@9m;(!y9t@`Edf5 zBI?;A#<)-je`p+=$8vG&1fyfun5!rO&8SEgPghT~!(zp)=xY2+&CAaog+^~ahm*l6 z(qK#0^vnb^zr~h?-d@aqO<}8B2zd#YFou<15~q=IOEvC@KxM=@uf-LkhmEC+%bM4@ zcYaA5yP0VGL)Z>DB7){j!y`euK!vLBG9lQv^EO3(g~Q6@^8n>gn7B=T$Z#)2+aGsCTmj=>zlDsTtPY&bsbCz^{XEGC$RTn*8sgI7G{`4o*a8+*sO0w%s#KyK>yu&USNBm$ zq0}8h5wMmPUU#0+6fJd>R%~el;7cy0YOl-6TbcQp zLF0D!5pWo)(!YF!47}EGw?5dQOxtFP!xMc1&U(F^;zX0*qpqUj5TUOdA*wEQ`_+p~ z6)$99W4y(r)nuF}nI7P8^Ss^NAfhL!iry>|5^!hwoPgKv#z6>(@Ho6gCZMP<$awto zEoW>{K!2`~<{U2`AUK~W?4XW(co<-&aPChtHWt})Wd9eGH{i@&jvmT53YVx9L;LVp zRSNt2(Po>roimslzDya)+DBgI@cOCA-^AEa9;oJoN)j^Ik#MKwfK$!r;NDFcx~Ero zRArW~3AJ+khml?5w^3dYs#*}ZJ?X+6Z8L#nVvF9~1;^<59Cx@d@V-8^`pM(@`DmC+ zin=e(4t)UzUgs1+t_F(UE~k?xx+wCz&b8QmPm0YTHS-V(Mp{<)zb6)ZNvb@4T#G{l zFi)sJv*+l6;}$}fuep@)-y7o^`S3UZ98y(+;bojp;P%qm$|%ABSu+cd#?`TEk>b}) zkR_8RN1bP5fyiW@764;5VCU4qUZTI<^%hg?`q|ly}d>a<-^h( zpw^J9owDvk_RNV&r^|X?Bfxv}u#r8+?b!pNxOf<10ir7lrgl=2JPr=)9tuGyC^vj) zj)evMXm$W4R~b}P)EY7F&3b$?RbKbAdlw&G+l9Q?r@XbE8;G44vkPyVuuyBYSRha# z{d52}*dv90xa_0y4qC*pOoi!})JX>VxX@C|GDMkhyxUVfp?ARcED8MIx$?87O-s@D z8fUSza9JZ=JUGN@r+Ej>Q}|xEx=8!v^`zWL&L__Ai8@FzAxGksJ?0R@bmLs zE6VX%AEPr3nT3Md+%<+8S=4a6jat+=3k)f>awCc()6?Hr6c0|E<#)`>?W`#+9k;OS z`?#T>z$)E`L#=NIn|=DjR}aW(`7OY4&}!E=VWIKrU%Bn6lY8y@#&|X7H{e8Tgm6%Q z#){)4Z!Fd4iBwD>TIuun?60O%LYmDXCs9C{N_-7oRrW|yof9PsH(HJj0J1Kf#@+eg z;NZ41KQgBUf_gy6a?(O}g$#t1k`96brS;;=xt$eP%Iu(iK{ftKRqT23-utzEI+$|g zaHa^T+7 zP68y1<}k_;X=_?jZ1Oc1av~DNlc5rg1d5_tx#+l==etZQhN_x3SD+_)g<-6lt7@gl zwH{)nqrS*MKQ$eNj){GGdMFm19d6Q&-=P*Vu)M7OU*GVM%3^_Hz-&VI0aBz(Xt#cM zXqNMq`WW%$0qAB!z52S>>cEQu)0`^_c`lwDe(gH{4a&=5sl(e!Qr=E$yu-*is`!ib zC6$O-=!Cp$$R!9@Mo(Q*bW12Vz<1wp0hWx@H%6HBrwFEGYshPF!v7F{OXy01A^>Z1 zT$~{dITBV*R2ccu2c&=(&u`M4Nl#a@TI*3n#?@W3SZ76+^+?Aa4F)JVAS^b&S()|d z%8O@nm)1Jq3|e?-C5Jg6ygrekC~B&TSv_MdyYL`1*NmQasW+Ja56-+svGot6RFt1m zFX%pb)q7^U5zuYhZn66yB@)G79wYFOds=}M@M>4Hx47=OYR7j95+id7y9Dp&Bz<|^ z`674g5I3clttaYSi&$v%uIz53OpEn@T$G~dsJ-1&iXLFJ4y^4{U zjJJECs#VzdZ!v2zfzDn< z6KRzmYoep5p`@s$qp8Gbuks-Y0LkIEntKegR+Ro4wsji5usSi`fnAfiBqle(hw+=rG$433lv&Iex8A zikb0ybXw@ztsco1>stHY>Gdl5IPwrNE3G50KAGUc z=Mabn1J%5GuuuzPxps2N+jlPI#zTn{I*P`|%QZY&QJ1~GzmI!+@i4nfS-HnTijP>2 zMtsbt^O@O9pQ#%uWEeU|0E&04Jqs%#p-*mm1VOq!Je3fPX2`>P&xQZP4BlrURJ@uV z^m!i5dQ8Rv$E#Fe1cWnTIZ8Y7GOpYNO%hMW2iD~YBc&R&8^Y%RSkq{6WK#OJ8y#K? zQ*Yi;u2AlD-=w`OS0%Kwf&KY&_!-LR+#P-NdRFia#Ubs7cbX(JU zX)_(YJk*)TTuan8F;tQ+tg;N7f&W^O>36dSjj1Qx*|rI!)+t_-QJ%!^u_3y!NUxp z?M$5Y*2F#CbjOu~(Zfx6Mi^?)8w6~ zu67)S8H^Zok_DnDI3Y>WPa{nN6$h$O)WkT5P~DF{8hzT8UlK>XwX@_`{9pzO17tm1 zd}Fz5XvXm{2soYHYct13Xv&L=KgGaVKF1D+r^^rcFjS2X%+znkn95lw^C3tSmTpQL zc&n&qwg{E+sk<|^DEy=fhyJ1*dH@8pVsferYjD}7h$D97bW)$KreejHRXutB-H4m} z^4OZj=#M(W4xy^=R8vjBa`42@1Hh(CS+_ECx_$YT!*TpM7mG<&s7m@x9p)&tLn=@t z?hn~}x#+_TyqPoN3<1cYwVs)&wFAAXD(0p|BW(f&A;$VowWzM@R2j4{tz@A7p_leu ze)t8*NiBMiPJAgs#3gH1sSgmB75$I9w8norTvM}~!%<-^ZPVeVu~9sA=-fvRm?X-I zIWlI}*xbUT2CQT&)_*boJI`N@t#`G(3N+!u8;Pm5Z4p4K?)eKtVa75CjeP?LrlNA+ zQoTYfX#pK4M?&6Ly`{#oG8wy`n^$gSHm?CQZyp^pEeC>gQaASeOY zwoGqt-Xv);xAphg`FmLFtn3)`Xj%oOo8f*c=Kt-YTMH2vdv+*-On9lKRqGkX1>TA$ zB31%Q3yg&*oG=dH%%RVnFE;ZB+t z2Rc9HGXKj8{Dtw`O74t7QIAz*c3sr*NCAkXvcqx`Bd$|;TK&rc+JaMgIN&r5IL>f! zBeWeT9kxe@nfpxd^{$EK2s-z7uvxBu=w<|(FcY<7bWK0yfj&Pqs!%6&b#)2n9<&nL zae+NMI$K+{%KDj6pvvcn*}Vo?{st41NkJGcYUyWpS9o_1I-;k@Ra!ZZS^Q$Oa z4B#&Z004&^6P>;%52=g%z7R`7eSMPBvWkkzQd-*PYPWNS4WHM?y&joy9iq!oW5+aN zwS2@`wud8f2A^+CdQ}(2w-*(6pF6+K-XkdM?#iz{JUy1}#6Jaziax@A@bL8T@bpAg z6cOum!@eKd9OSBz*c~MVF(Obj@dapEKw^1SotZR za{vMoK;ajGE`22k{)EFi=*T9mASHxiJt{@FKd#9o9iMJ?#RBq}S*N=C0Sii>hadJd z&MtIf*Z)N(^>ZmLV{GAuY6RWV23#Zd^!)t%^yI2Nq^=I=+{|-_eG(MrPD>nRE&N=r zcAYw>PWQ4itFs_Q0p1;>LD8<{W8EhsN$;&>K%FyI3GzEmc$2(oHZt_%ftUh9)*OVz36i_WNe~_~@q3P3hFEy*BbV>xdpk-_2*Z+mJd* z0+5)NldBN2n>+-l0MVg|(gjMnDCl`zIaPlCIgPoH*|74Rko%>_sLrjw-)06{iZ62@ zcPY!;j-x1wfV)x&}d93{L;|!(b4T6HCM4ssWtsW)_;E=>eq&J$f$pfXQ87G#2txD473P< zIMBN-?InT7bsnb16IL6J{)W6gxckR2^O8-@2pYR9#MsQ)*bVnLiw$8c#Fmw5zDA>+5eo6vp)QvOD?pYJ7}* z*Ag7I2j6*ha$8Gvl-7D)KZ2-xj4ymdsJ1LL1^M(ZE=yBj2A1v2Vg5#DMqm5P_m^zG5iqTTiw#_ zkG<9GbLSq~%{+L@tst`xbR2~ukFes}yRqKx6`*?%2Mp0WkM*0h+&xs=>ek;}cJcGo z`?U*y<#uT9)^POxA#D8so5An5KQz!}vo!lkevybWm%@8;C_gl?E`22Q6Z|H{R}I#^ z@+Y>)r`+GuojvBMYgdeaDCj8z;+~_E{*b#DXZ9wRv%{zGqbsMBpYcYzgAXzjI)TVQ z%HWxqjl-Y6>xJ?ci?YAJU^XmYBVi`|gOEWa{LgMI?A{J1Ddx57>@O*@ca3%g8jjmQ zJPO%pJl?gD0ToL?mK<#WhP24?1-(pWGjC2p!ceWyOzU>Kf^;SMF1NbDSi`4;4r528 z&gcb$RX$5Q198JC!|_k_JC}RGGGZazJ`b;5KD%~S*)6u;jlkX-3#)>8_G`cU*c1fZ zHlUH+oZ#DO`aV%8u)*KuNXrT1cvN7vdZ`|6ZW%v)!b!{Us&wL~CFRb7><+aIHOF-AjBn01 z@Wf603Z)(aTMbO5x3{9AV*|L?4X(qkm-qMQae1XBCB#sIR&4NgkA>P5jFmxcMi|^9 z`OS)hEP_$0$`Nds?EpG7OGoiQ1(F{hkA{_k?J1JKK3RNszJsRjwRN?Av@AbP@HCSH zeABm=0Gw9g{p0ukNAA^zvr;)m;F=iQy3vKurYHwbRtP6NvX5_I;G$z zE#_J2V1NtWGAp?%sM9mv1_c$8uU6)@>qSFDqxirlR`xeTM{MJaQ;zYkW48r!h;S|U z>@J#}tMn8b7}KG|f;ss1+$McnbOC}2F7y-L*!hRX#h+wx(pQSek_sDn)ACGof99tx z>!fdG7nm)dca$7Eq;_$)D=cO$YCidMt#9VAG?X`;IgZccw-s;VwwjiSvbQKBEfv~o z{5Z^Yjp@>R+BNbNn9#G;^~RjXsMOxu+8dL`YanTDG~E9a&~ZHN|4HNE^GsRbN^xU3 zRPr)CgPFPUAfup9#g!B@T>7Q?sTtZ+ed<59Qj?xxOGLW^**=<)dzsW)Me-SsqmM=Jg>t@!ARZz zScogC*NpMaKTH)V*w8e&t7XS~t5k8+#*ME!`XUWm(sg&s4_{n0I?1HuRYRa<=)ay_ z-hRHlLvUE8DKBaB%(Yjb%#tgChP*5k!4`qs`hz|ZX1*-2O%MpAyRe@-FRVe{;1!SP zBj~A7KE`i?ZNq-)fTS*62a>Zo}+H+=Q^oIu%rGgTpUnTD#{ zBC4yhxqY*nNkusex&!WDY9gd_WKB7X_v~v0i5_u*v6v zo*%iC|ImA=KR1FBDq{RN!9R&u8K9Xp&wI&9SOnsNz{MW-)usvdV+M!aYx@V2Ihl@PcWuON<>lmb+ua><`0=%E?Ju|c z75E>?I5?Uru1+>xgoW?WEanhbYh%VU?t;wM?I*40lPq*xErkQf@{)6Co*{6yJUvoN2X&u+Oew%kUV!Dq}e)}hYg?-E(i#9SHnI*W;j zs^u$uzO(aP?RaBEjl$*g9v@S-<`T_C*)hsbscN^|X|v;ex#LT#PJG{A$zY~$H1f?H zw`|ts?+CN`;=vP4mWk~B>~5a~pYREtCtq-t zj~(8~2XK1V5VII%<&!Z>sXc~*-?%?ddONC^3?BDfzIY8+5bV$joA2en5gI#%q z_$iK50`hw97ZV+QCR(Siq4Ci7MFEf3eKPr+tu<}*2E@-n8j$+v5lLg!%&TJpq+0N` zdKyi(y6)}|d14W! zDmMp8Z;?5Ekv|Z^Raww$vG=g^zTqrtEk#VZpPx%{eY%*7fsps_$7-x}Jvuyd2;j_! z{>Z1K;Ua#z_w&r7S=G3&i#@AfgVi|T);qbFiN?zCeHe6*d401xU*5?ppMJaUWPu)q za!h!(`5@FzyndaWs->ouIH$HxZndI2v;1_cecfcES(cpS@mGna%BF43_NR>rJdCU2 zl&GLs;tCbg{YW=dFXMG5_Y=`qf=ai0l(*_)V< z&)~fjywX;v+TgUOD9fvLJv#aL`nv{7P*Ydmcgyi%)IG%VWe=0SiH$YaqBgUG8OODl zAMSR%bN~lS%~Kgee87+ouvOeXf`Z+-A|X&jjEu1}_T?B*<=Rb^fOb@hyrZL|ib`S{ zcIzqa3a~ru){DOf^6b6Ul$7Fi=r;h8UWsy1u+s?Uoz_*r;O_1Z1%(O7tzT|#ZkyYA z=V{~0s6bHHh&Xs-*!{(pP-E@h@w%IUX=$AG*RNk#!7grY=Pi1XQx!2pf#q5amVn}z zz{^E1&v|>VOu%WPbIekCe|$!pl4pDy0LXX;Wi?-ZsGJ`189zKSa< z5p-brShU1-ov&3Al-B)}_8;Faakoq#)!$_1#UNc>rY72w##5|&=XAdNF~liTD>f;hH@6~r?wHNulMCposBLeR`nW^)U3r^Si?lZhhoS9F;+r+r z*I(S?DfauRukjs}R_+g2+t@T@Qa0qRHaqNuqtkfqNktRzwE`U7fs#|8YE3Elm4 zdpwaNV0TP8%`TUp`4b-XL@CiK9Ne%by&|Dain5u*K6Zb&$GlMhbHKcX5Pb z@Z9$w91h*G86~L>?%Dy#Q}^fXjdxJrp=^c1-1z1-u@-*wocZRloM3nl@Qt+f2LEY{VZUS3RLB&eD zIeO}s$z&-Rt`Q6t^o6T~gKEjLoET>_ zxPpmE5vp51q2X~3^SrAlrK&y2HmgVVnW&Z*t6X4d7@mi1-W9(1so2j;}z+T6M^(4o9=KWbU)HYml6!2 z)566s!WX3581gP3{){;bzGf`K77wShh`=5n6FSOw5*dZK>NoM?@+WO&T-e&Fv94M`{En!@R|NXlO3X^SgQjTn<}SOPPUad_XOp zGe1SoV-Fp+_0Gp1+ga393IwGL&L4Q`3XC@ZMe z(`gA3`gxkGVSU6}!5MtfL@dlMVnistsNN%jvRH`2q1nvMIZ!qVUJ;!&!IOa(YGP`? z^2j(1;;T|-?|eR6n8&Nm?>5$Jnthw>lS=SuKan>67zE{4*{Z3RlcxIW(yC@S^`89Qcb0E4%+m%*N)I1D zP|KZAu_COcm#cG}LqT=0Y2t+x=<^hwTW4PT-U0 zl$N&kX~N2%KYwCTcFZxpC9W0l?Fhk>wu@QF0DG@mwp!63 zEQI!2Hu>X;0C3RWn_HC8B^E@iwTnPgJU@!A1do#3h8ua@lB>3{fiLonL2w`H`HrQj zQ2P2nnlufUn-q<|8-2c*NiS4=me#U%mm>L;AlVCL8eE|T1EpGGQM=pwDNS?#%U5VN z0-ZPG0wwpy$a1@bjIwXavdQFl7*OU7kvZp*Wj{I_rh#B_eW ztegWXTwp@GKD(H9#(v$mj@YRcBnB5{Ufs4o?`W^l2S3_NEvjg{ld+?d)#T})NZ&vW|VuhJkc=6i@m$k6#ze+pP%0%7sQ>In3xI3j5099M0nhtEPcXdA5CYYp)Qpu zQd3q|*3rpKPq!qr!oXaZz_bHYW1_#W%oHhX)R`gwi+9dm9bP(0Gkl%v1X$qEwWTv{=i8O312PhlSM!d}ahy`3{X%33Nl zuD$ppTqM!f+ERZ4&e-dUzCgOgMm^j?|Ar?06ek~2SWt6lYJ4qcB10~tfx9>F6qxdT zkteDF2tROHJZFQ!e#lTpHMkqtEjd*jn2U|iJI7)Lux@szK_Im0Y|{4fBtM2aRyBj^ z?FZ-;(e*VjqZ*+?!s$^>jv_gY`p|I8o;p(%-^90GH9ACZ1Bdk)+*0KkS@N?_YS+Vi z`xNu$tgqPQxQv>~_8NFmzT8|^V()kBenD~a0G|w1SjYORA_CtMVC#b>BIj% z66bCMO{Pj0e@-0v?))sm0M>n)eMd@JU0F$qR*IN`fq{c#A$;OAgjK{C&@WZ|>T@<_VF^^#76bM|_dou@*)T4wF zGhQ@mSR4VuORW({cLMHu2^CWxQuAY)h+q zYv}5jl6u9_XA>tGG2@vrHPx)0uavy3&9Zt!LE!P!c-N=Mv+30|<(6(bkG<5X{F6*3 zw;7%Io1h|4$J>H$5$zQL(`{MDBZJLUeuwh~)G}%(&b4nX%z#FnbwYcglpZv=+viV= zx_hkI@0^GbQ8Fe83ybCDIXau+;pM{G(#BwldZ3H(mVcZy$??y7DBiiLtRAoEhYWXh z_!tNLh4)v3|CQ?}f!JfcfXD=q$G$E%v$L4yqYMvj`z0HvY2eL6EcV1S(NC@g7pROh z>NSTplk#oGp*Xuk@%}K-v^-Pqyg%sU`**#J!5DMmuDhtBdArMcOM)&_!Y}clE&1?zJ-<$`i&k>AoJd)F63~C8Ec}Ro>Iq2_Ay$v zF=+x)as`%kBG6V9R@N0(v#&JvsPLk~0g_}W@bCPm%(0__r_9qnf5Jg{zKrAp-9=BI z8!R67YCvP{_he^hBVy7=#>BX}xq)MNWn^Toudc>3x$+|f099f@(YLsmivQOXKz;)( zUUv4lhewl3HX;IoEZrdUgcJJLubjdo`c1a@O(hpC;Ox3yr#2ts%V%5(M5lm}`i+UCb)2izRSz$VO}?G$PG+(- zzaOl9bSoOJHr|)VgniUp&|Agxv&YrXZ~ev~;5e$Hv?mema8`4J#&m5Cn7FxlYBYou zp|$g`Ps2aLL`hUvh}<)bxLIXGU<89)yB!{Ak&G9!cM!@yAqhO6)J0(8ayghx|B(VN zTz2chv9UeQ@&!GwvEtKoJ}*~i=NrJ@oyMB6uqHpou}Bzy^0YBCF_FvRU$edIQXrT) zJ=*i}zdw=^h7-fi;#Q*A&s!xApAM3h*ZCyy(sv2OUYr91@%kNcgnkoWLz&ohHd^gF zD-7J-H$;&L6O+F(VLTATOZFY-c*H|ldzwvLeknRS;#pXjo#P-7aIl==@q+7qGRsbs z>`R{1DCifPANKpgSZGmFbv182`KtY}f0k3UY6h}ulU9RVCq5%=tX9nIRxEw@-K9~! zL@y*<11qu4BL+g>hK)06W@i&r*{)ySx*hJ5B7Xc?80=~NHfWeD3i!aR0>#fVA)0lj z4osBtndbcIK8_jL+3UzaYB4=M9lUkF(tB>>n(A z+^97{9QbhPHdc6;SfSm-EjjXb(Tm)YfN+1Z#9|CW(iT`~?5qJ)p4xzvl6+lSI z&VCmFOVDh;^}flfaKY@74?E*3%EbA|-1%>Z%#_%Ed@(P?w7z|WTCnQbrdt835$d+p~~C6B&0uG5t9 zvVYlx6_CF<{NmY!+o4GiAzxXYY$N&^(U8!)-c4OKE56~iX` zMB5mtJH}wIKsJRT`x7E!?qL8u%}#3h2EDGY8CXJ`6z&5c$Go|B;kfqV}?!c8Rm~jDd%+VbGz|NU_lcIeefR#+@ zKJpFsEbuRZvF}WB6x-A1?pb+DiMrEJ!_Z#XJHD2q!@+8(T>r)?Qf}7e>5L|RzL%Og zR&(FjozOw_ELXWT}Qz}|6& z@8{*7a@@@;rc! znpkhZM$T@LqT5-8WS&F>SSaH$8xjNt>GQfHT_E=SLmjl^YaQXUtvEcWjQ zsvAh5+}HsR=NJo00MzmUr2>}Orp88KuEEt}&A9y0?oa}-tgURCo_O=?9bQwNTqOFe zo;T*OCl}`F?Cf-Zo`(NktE;qlVt-y3?DjO#2?-J;;+86VNAdfV;f^xypb~h z9F7V=3xHU7FDFT3>^z;0`#6ths8XsnURK^-_a15(fLkJ4eiphQfPbH%rifqt765vy zMOfi8x>*c!NHAS**EGCMESR1wTQZZW)c;$^&&#v}`C6DCZBb=3m!#!_zM?o`nE_u0 zlSdxd|0G0>&dUm=CkpQczH!@%ZcG7Rqqh`n<4J`w%!s$n-6Y26zbet3RXLLa&4h zE@BKoUK!r}yHg-wKVyj?4W^~lN?bri4jGJjb8LK8{(Nd|_nQQtf%q3RRa>Q7a-;sW;rJ>CVMWvZw_wO)4T?1>OhibYnzg z311`5^3)JmLESE1Whp6K`xN7@c^sH~GH#*EFm#R=$r1uHbYrK1W6lmWr+yc1_ZKeL zv(BB?*~7bOGLJjdMgqx-;<#70>dj`yE+wKt%arKQ*}NXJD)HquDMeuEEntngE4V`w zn*B0H@8hySb<>GjEKN#n=QqKsIwd*F@sU{kGxWOq0FqLd|u(VNQXz%^p&o#q!2xp(Pq+ z|8ZGMua*^R?)NL7*UWlX-;>s3Mf}4zWpXqrtFqFnMq#4gA|mg-+t+5^o=uWoFd8jI z4^juD83DF#}=BZXSY`s+Uq*4?v>^B?%)3{YZ{`BbafA;2ZLy7($o*A9p>epJqQT2 zs5%3oxB~>zi59jP-$sU3^Cr3R5N2$`K~MO$5Kst$u?9-qo~%FwPXI*lQHE&16o)&% zO5xn@WPwmaYHn_=qPdQb_&1Dh?Cm9-d=!Z=4mU4@2RF9s^ISbdthClWfl~R#M#93q z?|uvGsi|nV?@3p-x8n^^0dI=hTs;v-OJFmL_V0p|7d)4jImpq`9*+kZ3P`dabV(mH zUT+8qwL6#Xb|o>1(XlaTzaj*_*P{CKPO!|R0jX?`nPY^8r~bRT`t_rkL^R$a7;Z^V z{JH$S{`7{EQ#}-Gw~)D{A-<8%cHlP_BM?Qi6j{`#aP}mvG80x{U`zfxs5nV7w6H+o zfVRH5fdTEgd9~CWr@d(p>sC1a!VR~`xmlJ|Ravi(Z-0b)ES<}0@G1m)s#$`72hMPD z<$ss$gpIkmxus>#|CWQAT3X$7AP!Gfcka<|Dx<|kO8UHwED&nai14tRXMg3(xuoX> zsz`_Q++A;&ogeorX|yg1TwnLp{CDXY@h38<#+bWmZDyn$^ZCv{fBLFVluA@665e&^ zyuE-i_1p~?Ds_ROF|!eM7BhuFgEBJ{&zf33?Dy~3z96?~d;y1(W_ZZE0KIj7sL4O( zFFsDdRV{R|McGrxcAaC*C=S%C*BnVlgN#_^0#%`>(0Ytsi2(CzA%H^40wWqXDzQ;?Azh+W^^Q3U?@@#8-}5uo;K3Vie9hh%|L{v|5h z^Y1wG`x-Wd>RL?6N96VIw1uU*R0aOiO7+Qk+M@IgXm)9KeF`-Z3kg?y<<~^1UtXbIPuAVer=MH=z@u6Bkjf6jE!0Nb+5fU zbp`nCg&AtK#{M#T?HNG0(fMr$h9zYCx}F+*nriH5i+FZLfzz(m^tJ-ksILlZDJOq# z+8t*6Y^K%HQ2E*DIx3lqk}|}&7HG^m%O(?`efa`}$W2Xd;^Ht+c>La+OiXdg1iaSrtMWs-?Joy)T+SZQDOx?a%#UjT9rjqw0NL&JKF z+z+q}GjINaoSf{^lJ1kdq@zY9J@{x-vhwR+h#4k^BxaR z&$6;xsb765mzTS{dpx#$<>=9|0)ap-FZ=wTpXz)JySlpmY2BX#1B3T}xLYPG!I3M% zI!qP?q|>D7*)f_B)|5Te$YBHT_0OIARn?|??C}*Mk;w3BKtSN?HP1FRDGq+Jzp=6L;YT0$ z95G_@lxfQzdAzLb)~81fwzaiA^ZP$VMoM+JP!#q1Kdy_8j!F6Ii&JUe&zL#ui4{H8 zIOOJD3=In(;pG)KW-I{2jEMt)aTDSzE95oRRp#$C3ZYQA`l)Bd63LN+A6HjZ`uh1< zUi{cGaZfzC`f^_GXP+K&b#;5@*|iEq<0l_|P;{f<$(2tB1P1A1{_^wby1LrN#)f?# z?(VgW(`L+^JZ0LyzxZtT&i53G#?dh`-BlVCy!XSMxtA{9yEJM1_=(ZcF^@g5>f&!% z2R`0MSn|{}f23)8{Dg@C{sEu=^XSpTA4f)xnm2ELC!-(`tX}hMaB%1+`#(Sq3t^Q( zKevC7@08sZ7Sa)HwIOnHa->peLPA1PQqrznyEs2tJ9q9h%3<;6{Jk#SLLdfr_TDF8 zt427@ufQqi7pNaXdaMD|W6O6wy-@GuLNIY&`_R-=&~;+H(ODBk4ajZQ2fN=FizR%& z@4AEs-tjAy%_+yeT)yI|C3i11ygDW>PAC+nr+r^iTvSweonaV4$h7G*8HV}SXGb&| zO+|(L)z|($Wykvo$reG%wY}E+o z`xSJDS>n|54%9n}9%}&g*z%pe285QB-)@qoY4dUTv#*|#GIo__NsrlDuTw`;^p;#+ zHrm)$K^;G$7uhO(|8EzvCM8TsykjwcMFyWK6AFa@AaQs1^BY+qFK2lqC076fyrazw zC_F+4@FLXL)ym7urp=fY79M`+z(r? zuVjW{EH8Ue;q{UJ0Z9)&^8R~oap@mV`SQ%Kzqq=(0)SerHhNdDWt5ecy!-awCrzF_ zDk^5-q9wCu-~Pty8@Wqd%G|REO9Zq40Cv3hc1=yS#NA!p-p(-0op;@R*WLI1aysL} z`Ez5(P0&4!VVJz!>?u=cOpH&soQDUcBl;rGssYG|4w zgwVY)S=g!(PWdaKD2nCnc{e?hM~M<8N|Y!ql|#ulmJ#3W-O|t(4BgWw1=Xic*ML>I zVMt?{8jltg-st3#sDUoa`uCUr+_3RAiNsw`f4$(ER;#^h$x=5r@tnE0kB%Ah_LfbT zb1zMp5dZk{l{uF#&YhRYGR(z`7j(B&$jj?$Yv#gtj(dCKLy9KPQu0LaVD zzWd$>7=|glQE=mW!K8#Kl@;>ps!E!sjozzNwgAB7snckIV8(58^fFmfQ{B)|KYhmR z{Hs?YrBWXs-?p|k3k&|u*C~D@{a3DjX7=29Ioa9m?d|jCFRZGnnxD9E!o*2$Z`o8^ zTceB2Xtmzn-jkr~K!OM;==q5gy5%+6Dl3-*Z1<$@H1G z0YJg^e3oTzU$Ah=J@@_k^XW$)TP_d?wr+ksZtVE>c2!#1iIC7Rkw~Qbes5gA_SvV0 zgM&kp9(ttUTE2^m%c8}1-MCS3E&nPGVTT+2WIc3yzoLLUag|u^{feLMA?F*5gF>O$ zxpU`^9XodJ+z9|OnJhImH8C+!CX<<&@FyfBaM2VB1-4s+LzoV}Z!C%eAf}Fp!B&lM zvepkkVCeX2M2Qk5N|Zy@H`dUa^Yl7%BNXYkPYOL4GClw>Iwp2>j6S!eQmM{oozdl_ zf8ct5LP(QBk@D4-ywo}a)zwvp5AJspi=SM%#@omD(<29JYO1r&ok=-2fNhm?SJ^=`jF7De;hqnQ&Y`PBrEF-O$(OZ{~%2Z%$M=ZuRrJI zT)OZ6WiM}dRV(Qr>JE4%sF6Dwk3s0N{-`-rxc`IXOBG%M2`xhCtZ)SIiQ&i-{&?m@I772&dw(y4pNT zSe$X8M2Qk5N-IiADwX!wwQg+3hu!oXdW{eI=Sot>^a34?MNtAmh^JrFKzii)3l={3 z(4)OZOF8!C>5Nl2fEhyIzS*7Ix1o1-gyTS2&$ULDvxLBMue5vYkESS!zpqd)1v8db zx5IbPZ9dM-5l#%LR0=>*w1}czD1oQYb)?WOSl|{cbPb|iNB;KBBUnWUXT`Lo|7O*7 zT6L9HRl%sMn2vf@+f3LF!fJFYiyfg4LcP=Lu?A3&E#F!7^bqpqWrD*poY!$)V|tWx z;9c_Rj8nb3J-VEigB%tDfv^hre$aIu04-tp4X;|F85BK!%Lpe%_h}5BzhgoO1B4-j zp#U2{!m0bOuGS8~a?7$P=scMO{V}87o_eeS)MLwcR=vR6+uPBmZT;ykyM~P28oKAd z0Im|B0cP(~_HU|ol~fv~=kgo?R4Uas|4q?t07MKS+?17mf8ra3q7kbC;W+3}aSf7m z+c47oFV9r==k!&_;g6I`C6ZYPrvy#YUS3|Ezg|i}(ITK-X@P_mx>EuPC2*@LIgX7V z;gk>v1cA{Hu-X<@+sta38Lg5qDwb6PtL2s$BM=A#0x{5m)-c#PNn6po&FPF&dv5D!TFgiErNB_IF%|g+L&zg{~7VDCf4%hOYz=2LYzHA4AX=8y0$~Yy$U=z{B}$am@{JW4 z8EJI?-JpbNnzkf9@KzHT`o`kuIZ8lr^FRQaJKxvKe>9FQ5D3JOKyzKOj?wB|W5src zd#y81i(faw`QY#GFBXd_ilS&CfRGZ1Y2gTwn?LR1FLVnO zxcE0#{v^AKE4UF(h{$n|_=e19I%>7;)r`7EtF9xAlGU~mq5;AfjNvhiVVi`p1~7~* z-?_tru0`(-ktdp_`+hHFpr_r;U1cS*O$Y zE{jJ2boW?BPsuRs+jNl!-R8TvxVX5uFbp$TCqg0+)&)(|E-o&ghP%0EQ!{0z(*VCX`W*&TBpa=SO^4SsGzB~ z2)cb;b)Q$*9qvZAs}T!*V|A@mMIaD12Sw392`EZL3njF01TFFwxcUiQ{AiI6E%c-W z5=!7o(;@;C1vK>2Lns0= 3.8" + "yunohost": ">= 4.3.0" }, "multi_instance": false, "services": [ @@ -27,12 +34,7 @@ "install" : [ { "name": "domain", - "type": "domain", - "ask": { - "en": "Choose a domain for Jitsi Meet", - "fr": "Choisissez un domaine pour Jitsi Meet" - }, - "example": "domain.org" + "type": "domain" } ] } diff --git a/pull_request_template.md b/pull_request_template.md deleted file mode 100644 index 09eba52..0000000 --- a/pull_request_template.md +++ /dev/null @@ -1,18 +0,0 @@ -## Problem -- *Description of why you made this PR* - -## Solution -- *And how do you fix that problem* - -## PR Status -- [ ] Code finished. -- [ ] Tested with Package_check. -- [ ] Fix or enhancement tested. -- [ ] Upgrade from last version tested. -- [ ] Can be reviewed and tested. - -## Package_check results ---- -*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results* - -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/jitsi_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/jitsi_ynh%20PR-NUM-%20(USERNAME)/) diff --git a/scripts/backup b/scripts/backup index 2ccff41..9add3f2 100644 --- a/scripts/backup +++ b/scripts/backup @@ -47,25 +47,6 @@ ynh_backup --src_path="$final_path" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# SPECIFIC BACKUP -#================================================= -# BACKUP METRONOME -#================================================= - -# Backup Metronome domain conf template -ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" -ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" - -# Backup Metronome Hook -ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" - -#================================================= -# BACKUP THE APP CONFIG -#================================================= - -ynh_backup --src_path="/etc/$app" - #================================================= # SPECIFIC BACKUP #================================================= @@ -81,6 +62,14 @@ ynh_backup --src_path="/etc/logrotate.d/$app" ynh_backup --src_path="/etc/systemd/system/$app-videobridge.service" ynh_backup --src_path="/etc/systemd/system/$app-jicofo.service" +#================================================= +# BACKUP VARIOUS FILES +#================================================= + +ynh_backup --src_path="/etc/$app/" + +ynh_backup --src_path="/etc/prosody/conf.avail/$domain.cfg.lua" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 2471d61..386a037 100644 --- a/scripts/install +++ b/scripts/install @@ -72,22 +72,22 @@ ynh_app_setting_set --app=$app --key=videobridge_user --value=$videobridge_user #================================================= # FIND AND OPEN A PORT #================================================= -ynh_script_progression --message="Configuring firewall..." +ynh_script_progression --message="Finding an available port..." # Find an available port -port=$(ynh_find_port --port=4443) +port=4443 # Open this port ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_app_setting_set --app=$app --key=port --value=$port # Find an available port -port_videobridge=$(ynh_find_port --port=10000) +port_videobridge=10000 # Open this port ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge ynh_app_setting_set --app=$app --key=port_videobridge --value=$port_videobridge # Find an available port -port_component=$(ynh_find_port --port=5347) +port_component=5347 ynh_app_setting_set --app=$app --key=port_component --value=$port_component #================================================= @@ -97,7 +97,18 @@ ynh_script_progression --message="Installing dependencies..." ynh_install_app_dependencies $pkg_dependencies -#ynh_install_nodejs --nodejs_version=10 +if ! yunohost app list | grep -q "prosody" +then + yunohost app install prosody --args "domain=$domain&admin=$admin&language=$language&password=$password" +fi + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -105,10 +116,9 @@ ynh_install_app_dependencies $pkg_dependencies ynh_script_progression --message="Setting up source files..." ynh_app_setting_set --app=$app --key=final_path --value=$final_path - # Download, check integrity, uncompress and patch the source from app.src declare -A packages -packages[jicofo]="jicofo" +packages[jitsi-jicofo]="jicofo" packages[jitsi-meet-prosody]="jitsi-meet/prosody-plugins" packages[jitsi-meet-web]="jitsi-meet" packages[jitsi-videobridge]="jitsi-videobridge" @@ -125,76 +135,46 @@ do ynh_secure_remove --file="$final_path/${package}_temp" done -# Adapt prosody module to metronome -for file in $final_path/jitsi-meet-prosody/*.lua -do - ynh_replace_string --match_string="prosody" --replace_string="metronome" --target_file="$file" - ynh_replace_string --match_string="Prosody" --replace_string="Metronome" --target_file="$file" -done - -for directory in $final_path/jitsi-meet-prosody/*/; do - for file in $directory/*.lua - do - ynh_replace_string --match_string="prosody" --replace_string="metronome" --target_file="$file" - ynh_replace_string --match_string="Prosody" --replace_string="Metronome" --target_file="$file" - done -done - -# workaround for mod_muc_domain_mapper -ynh_replace_string --match_string="module:log(\"debug\"" --replace_string="-- module:log(\"debug\"" --target_file="$final_path/jitsi-meet-prosody/mod_muc_domain_mapper.lua" +chown -R $app: $final_path #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." +ynh_script_progression --message="Configuring NGINX web server..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app --home_dir=$final_path - #================================================= # SPECIFIC SETUP #================================================= -# CONFIGURE METRONOME +# CONFIGURE PROSODY #================================================= -ynh_script_progression --message="Configuring metronome..." +ynh_script_progression --message="Configuring prosody..." +ynh_add_config --template="../conf/prosody.cfg.lua" --destination="/etc/prosody/conf.avail/$domain.cfg.lua" +chmod 644 "/etc/prosody/conf.avail/$domain.cfg.lua" +ln -s "/etc/prosody/conf.avail/$domain.cfg.lua" "/etc/prosody/conf.d/$domain.cfg.lua" -# Create focus user -yunohost domain add auth.$domain -# yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 -# yunohost user create $videobridge_user -f $videobridge_user -l $videobridge_user -m ${videobridge_user}@auth.$domain -p $videobridge_secret -q 0 +echo | prosodyctl cert generate $domain +ln -sf "/var/lib/prosody/$domain.key" "/etc/prosody/certs/$domain.key" +ln -sf "/var/lib/prosody/$domain.crt" "/etc/prosody/certs/$domain.crt" +ln -sf "/var/lib/prosody/$domain.crt" "/usr/local/share/ca-certificates/$domain.crt" -# Add Metronome domain conf template -metronome_conf="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" -mkdir -p /usr/share/yunohost/templates/jitsi/ -cp ../conf/metronome.cfg.lua $metronome_conf -ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf" -ynh_replace_string --match_string="__FINAL_PATH__" --replace_string="$final_path" --target_file="$metronome_conf" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$metronome_conf" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$metronome_conf" -ynh_replace_string --match_string="__TURN_SECRET__" --replace_string="$turn_secret" --target_file="$metronome_conf" -ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf" -ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="$metronome_conf" -ynh_replace_string --match_string="__VIDEOBRIDGE_USER__" --replace_string="$videobridge_user" --target_file="$metronome_conf" -ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$metronome_conf" +echo | prosodyctl cert generate "auth.$domain" +ln -sf "/var/lib/prosody/auth.$domain.key" "/etc/prosody/certs/auth.$domain.key" +ln -sf "/var/lib/prosody/auth.$domain.crt" "/etc/prosody/certs/auth.$domain.crt" +ln -sf "/var/lib/prosody/auth.$domain.crt" "/usr/local/share/ca-certificates/auth.$domain.crt" -touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" +update-ca-certificates -f -# Add Metronome hook -cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app +ynh_systemd_action --service_name="prosody" --action="restart" -yunohost tools regen-conf metronome --force +prosodyctl register "$focus_user" "auth.$domain" "$focus_password" -metronomectl adduser $focus_user@auth.$domain $focus_password || true -metronomectl adduser $videobridge_user@auth.$domain $videobridge_secret || true +prosodyctl register "$videobridge_user" "auth.$domain" "$videobridge_secret" + +prosodyctl mod_roster_command subscribe $focus_user.$domain $focus_user@auth.$domain #================================================= # CONFIGURE JITSI-VIDEOBRIDGE @@ -209,36 +189,15 @@ ynh_app_setting_set --app=$app --key=muc_nickname --value=$muc_nickname mkdir -p "/etc/$app/videobridge" -jitsi_videobridge_sip_communicator_conf="/etc/$app/videobridge/sip-communicator.properties" -cp ../conf/jitsi-videobridge-sip-communicator.properties "$jitsi_videobridge_sip_communicator_conf" -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$jitsi_videobridge_sip_communicator_conf" -ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" -ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_videobridge_sip_communicator_conf" -ynh_replace_string --match_string="__VIDEOBRIDGE_USER__" --replace_string="$videobridge_user" --target_file="$jitsi_videobridge_sip_communicator_conf" -ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$jitsi_videobridge_sip_communicator_conf" -ynh_replace_string --match_string="__MUC_NICKNAME__" --replace_string="$muc_nickname" --target_file="$jitsi_videobridge_sip_communicator_conf" +ynh_add_config --template="../conf/jitsi-videobridge-callstats-java-sdk.properties" --destination="/etc/$app/videobridge/callstats-java-sdk.properties" -jitsi_videobridge_conf="/etc/$app/videobridge/config" -cp ../conf/jitsi-videobridge.config "$jitsi_videobridge_conf" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_videobridge_conf" -ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$jitsi_videobridge_conf" -ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$jitsi_videobridge_conf" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_conf" +ynh_add_config --template="../conf/jitsi-videobridge-jvb.conf" --destination="/etc/$app/videobridge/jvb.conf" -jitsi_videobridge_logging_conf="/etc/$app/videobridge/logging.properties" -cp ../conf/jitsi-videobridge-logging.properties "$jitsi_videobridge_logging_conf" +ynh_add_config --template="../conf/jitsi-videobridge-logging.properties" --destination="/etc/$app/videobridge/logging.properties" -jitsi_videobridge_callstats_java_sdk_conf="/etc/$app/videobridge/callstats-java-sdk.properties" -cp ../conf/jitsi-videobridge-callstats-java-sdk.properties "$jitsi_videobridge_callstats_java_sdk_conf" +ynh_add_config --template="../conf/jitsi-videobridge-sip-communicator.properties" --destination="/etc/$app/videobridge/sip-communicator.properties" -jitsi_videobridge_log4j2_conf="/etc/$app/videobridge/log4j2.xml" -cp ../conf/jitsi-videobridge-log4j2.xml "$jitsi_videobridge_log4j2_conf" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_log4j2_conf" - -jitsi_videobridge_20_jvb_udp_buffers_conf="/etc/sysctl.d/20-jvb-udp-buffers.conf" -cp ../conf/jitsi-videobridge-20-jvb-udp-buffers.conf "$jitsi_videobridge_20_jvb_udp_buffers_conf" -sysctl --system || true +ynh_add_config --template="../conf/jitsi-videobridge.config" --destination="/etc/$app/videobridge/config" #================================================= # CONFIGURE JITSI-JICOFO @@ -247,21 +206,11 @@ ynh_script_progression --message="Configuring Jitsi-Jicofo..." mkdir -p "/etc/$app/jicofo" -jitsi_jicofo_sip_communicator_conf="/etc/$app/jicofo/sip-communicator.properties" -cp ../conf/jitsi-jicofo-sip-communicator.properties "$jitsi_jicofo_sip_communicator_conf" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_jicofo_sip_communicator_conf" +ynh_add_config --template="../conf/jitsi-jicofo-config" --destination="/etc/$app/jicofo/config" -jitsi_jicofo_conf="/etc/$app/jicofo/config" -cp ../conf/jitsi-jicofo.config "$jitsi_jicofo_conf" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_jicofo_conf" -ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$jitsi_jicofo_conf" -ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$jitsi_jicofo_conf" -ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="$jitsi_jicofo_conf" -ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="$jitsi_jicofo_conf" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_jicofo_conf" +ynh_add_config --template="../conf/jitsi-jicofo-jicofo.conf" --destination="/etc/$app/jicofo/jicofo.conf" -jitsi_jicofo_logging_conf="/etc/$app/jicofo/logging.properties" -cp ../conf/jitsi-jicofo-logging.properties "$jitsi_jicofo_logging_conf" +ynh_add_config --template="../conf/jitsi-jicofo-logging.properties" --destination="/etc/$app/jicofo/logging.properties" #================================================= # CONFIGURE JITSI-MEET @@ -270,9 +219,8 @@ ynh_script_progression --message="Configuring Jitsi-Meet..." mkdir -p "/etc/$app/meet" -jitsi_meet_conf="/etc/$app/meet/$domain-config.js" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/config.js" -cpp -undef -P ../conf/config.js -o "$jitsi_meet_conf" +ynh_add_config --template="../conf/jitsi-meet-config.js" --destination="/etc/$app/meet/$domain-config.js" +chmod 644 "/etc/$app/meet/$domain-config.js" #================================================= # CREATE LOG DIR @@ -280,6 +228,8 @@ cpp -undef -P ../conf/config.js -o "$jitsi_meet_conf" ynh_script_progression --message="Creating log dir..." mkdir -p "/var/log/$app" +chown -R $app: /var/log/$app +chmod -R 770 /var/log/$app #================================================= # SETUP SYSTEMD @@ -290,20 +240,6 @@ ynh_script_progression --message="Configuring a systemd service..." ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service" ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service" -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= -ynh_script_progression --message="Storing the config file checksum..." - -# Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$jitsi_videobridge_sip_communicator_conf" -ynh_store_file_checksum --file="$jitsi_videobridge_conf" -ynh_store_file_checksum --file="$jitsi_videobridge_logging_conf" -ynh_store_file_checksum --file="$jitsi_jicofo_sip_communicator_conf" -ynh_store_file_checksum --file="$jitsi_jicofo_conf" -ynh_store_file_checksum --file="$jitsi_jicofo_logging_conf" -ynh_store_file_checksum --file="$jitsi_meet_conf" - #================================================= # GENERIC FINALIZATION #================================================= @@ -312,11 +248,10 @@ ynh_store_file_checksum --file="$jitsi_meet_conf" ynh_script_progression --message="Securing files and directories..." # Set permissions to app files -chown -R $app: $final_path chown -R $app: /etc/$app -chown -R $app: /var/log/$app -chmod -R 770 /var/log/$app +#================================================= +# GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= @@ -345,15 +280,15 @@ ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path=" #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." # Make app public -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +ynh_permission_update --permission="main" --add="visitors" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/remove b/scripts/remove index 9e3e883..88fd557 100644 --- a/scripts/remove +++ b/scripts/remove @@ -18,9 +18,9 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) port=$(ynh_app_setting_get --app=$app --key=port) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) port_component=$(ynh_app_setting_get --app=$app --key=port_component) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) focus_user=$(ynh_app_setting_get --app=$app --key=focus_user) videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user) @@ -30,7 +30,7 @@ videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user) # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -# Remove the service from the list of services known by Yunohost (added from `yunohost service add`) +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app-videobridge >/dev/null then ynh_script_progression --message="Removing $app-videobridge service..." @@ -53,14 +53,39 @@ ynh_remove_systemd_config --service=$app-videobridge ynh_remove_systemd_config --service=$app-jicofo #================================================= -# REMOVE DEPENDENCIES +# RECONFIGURE PROSODY #================================================= -ynh_script_progression --message="Removing dependencies..." +ynh_script_progression --message="Reconfiguring Prosody..." -# Remove metapackage and its dependencies -ynh_remove_app_dependencies +prosodyctl deluser $focus_user@auth.$domain || true +prosodyctl deluser $videobridge_user@auth.$domain || true -#ynh_remove_nodejs +# Remove domain conf template +ynh_secure_remove --file="/etc/prosody/conf.d/$domain.cfg.lua" +ynh_secure_remove --file="/etc/prosody/conf.avail/$domain.cfg.lua" +ynh_secure_remove --file="/etc/prosody/certs/$domain.key" +ynh_secure_remove --file="/etc/prosody/certs/$domain.crt" +ynh_secure_remove --file="/var/lib/prosody/$domain.key" +ynh_secure_remove --file="/var/lib/prosody/$domain.crt" +ynh_secure_remove --file="/var/lib/prosody/$domain.cnf" +ynh_secure_remove --file="/etc/prosody/certs/auth.$domain.key" +ynh_secure_remove --file="/etc/prosody/certs/auth.$domain.crt" +ynh_secure_remove --file="/var/lib/prosody/auth.$domain.key" +ynh_secure_remove --file="/var/lib/prosody/auth.$domain.crt" +ynh_secure_remove --file="/var/lib/prosody/auth.$domain.cnf" +ynh_secure_remove --file="/usr/local/share/ca-certificates/auth.$domain.crt" + +update-ca-certificates -f + +ynh_systemd_action --service_name=prosody --action=restart + +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Removing logrotate configuration..." + +# Remove the app-specific logrotate config +ynh_remove_logrotate #================================================= # REMOVE APP MAIN DIR @@ -73,18 +98,18 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." +ynh_script_progression --message="Removing NGINX web server configuration..." -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= -# REMOVE LOGROTATE CONFIGURATION +# REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing logrotate configuration..." +ynh_script_progression --message="Removing dependencies..." -# Remove the app-specific logrotate config -ynh_remove_logrotate +# Remove metapackage and its dependencies +ynh_remove_app_dependencies #================================================= # CLOSE A PORT @@ -102,57 +127,16 @@ then ynh_exec_warn_less yunohost firewall disallow UDP $port_videobridge fi -if yunohost firewall list | grep -q "\- $port_component$" -then - ynh_script_progression --message="Closing port $port_component..." - ynh_exec_warn_less yunohost firewall disallow TCP $port_component -fi - #================================================= # SPECIFIC REMOVE #================================================= -# RECONFIGURE METRONOME +# REMOVE VARIOUS FILES #================================================= -ynh_script_progression --message="Reconfiguring Metronome..." +ynh_script_progression --message="Removing various files..." -metronomectl deluser $focus_user@auth.$domain || true -metronomectl deluser $videobridge_user@auth.$domain || true - -# Remove domain conf template -ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" -ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" - -# Remove Jitsi template directory -if [ -z "$(ls -A /usr/share/yunohost/templates/jitsi)" ]; then - ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi" -fi - -# Remove Metronome Hook -ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" - -yunohost tools regen-conf metronome --force - -# Delete focus user -# yunohost user delete $focus_user --purge -# yunohost user delete $videobridge_user --purge -yunohost domain remove auth.$domain - -#================================================= -# REMOVE THE CONFIG -#================================================= -ynh_script_progression --message="Removing the config..." - -# Remove the log files +# Remove a directory securely ynh_secure_remove --file="/etc/$app" -ynh_secure_remove --file="/etc/sysctl.d/20-jvb-udp-buffers.conf" -sysctl --system || true - -#================================================= -# REMOVE THE LOG FILES -#================================================= -ynh_script_progression --message="Removing the log files..." - # Remove the log files ynh_secure_remove --file="/var/log/$app" diff --git a/scripts/restore b/scripts/restore index 10c76f1..c976aad 100644 --- a/scripts/restore +++ b/scripts/restore @@ -23,7 +23,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -47,8 +47,6 @@ port_component=$(ynh_app_setting_get --app=$app --key=port_component) #================================================= ynh_script_progression --message="Validating restoration parameters..." -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " @@ -57,10 +55,18 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the nginx configuration..." +ynh_script_progression --message="Restoring the NGINX web server configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -68,20 +74,6 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir=$final_path - -#================================================= -# RESTORE USER RIGHTS -#================================================= -ynh_script_progression --message="Restoring user rights..." - -# Restore permissions on app files chown -R root: $final_path #================================================= @@ -94,7 +86,10 @@ ynh_script_progression --message="Reinstalling dependencies..." # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies -#ynh_install_nodejs --nodejs_version=10 +if ! yunohost app list | grep -q "prosody" +then + yunohost app install prosody --args "domain=$domain&admin=$admin&language=$language&password=$password" +fi #================================================= # CONFIGURE FIREWALL @@ -106,26 +101,29 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge #================================================= -# CONFIGURE METRONOME +# CONFIGURE PROSODY #================================================= -ynh_script_progression --message="Configuring metronome..." +ynh_script_progression --message="Configuring prosody..." -# Create additional domains -yunohost domain add auth.$domain +ynh_restore_file --origin_path="/etc/prosody/conf.avail/$domain.cfg.lua" +ln -s "/etc/prosody/conf.avail/$domain.cfg.lua" "/etc/prosody/conf.d/$domain.cfg.lua" -# Create focus user -yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 -yunohost user create $videobridge_user -f $videobridge_user -l $videobridge_user -m ${videobridge_user}@auth.$domain -p $videobridge_secret -q 0 +ln -sf /var/lib/prosody/$domain.key /etc/prosody/certs/$domain.key +ln -sf /var/lib/prosody/$domain.crt /etc/prosody/certs/$domain.crt -# Restore Metronome domain conf template -mkdir -p /usr/share/yunohost/templates/jitsi/ -ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" -ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" +ln -sf "/var/lib/prosody/auth.$domain.key" "/etc/prosody/certs/auth.$domain.key" +ln -sf "/var/lib/prosody/auth.$domain.crt" "/etc/prosody/certs/auth.$domain.crt" +ln -sf "/var/lib/prosody/auth.$domain.crt" "/usr/local/share/ca-certificates/auth.$domain.crt" -# Restore Metronome Hook -ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app" +update-ca-certificates -f -yunohost tools regen-conf metronome --force +ynh_systemd_action --service_name="prosody" --action="restart" + +prosodyctl register "$focus_user" "auth.$domain" "$focus_password" + +prosodyctl register "$videobridge_user" "auth.$domain" "$videobridge_secret" + +prosodyctl mod_roster_command subscribe $focus_user.$domain $focus_user@auth.$domain #================================================= # RESTORE THE APP CONFIG @@ -152,13 +150,20 @@ systemctl enable $app-videobridge.service ynh_restore_file --origin_path="/etc/systemd/system/$app-jicofo.service" systemctl enable $app-jicofo.service +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log" -yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log" +yunohost service add $app-videobridge --log="/var/log/$app/$app-videobridge.log" +yunohost service add $app-jicofo --log="/var/log/$app/$app-jicofo.log" #================================================= # START SYSTEMD SERVICE @@ -168,19 +173,12 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log" ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." - -ynh_restore_file --origin_path="/etc/logrotate.d/$app" - #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 3417659..d9d6086 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -39,61 +39,6 @@ ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) current_version=$(ynh_read_manifest --manifest="/etc/yunohost/apps/$app/manifest.json" --manifest_key="version" || echo 1.0) -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." - -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path=/var/www/$app - ynh_app_setting_set --app=$app --key=final_path --value=$final_path -fi - -if ynh_version_gt "1.0.3387~ynh2" "${current_version}" ; then - # Add Metronome domain conf template - metronome_conf="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" - mkdir -p /usr/share/yunohost/templates/jitsi/ - cp ../conf/metronome.cfg.lua $metronome_conf - ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$metronome_conf" - ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$metronome_conf" - ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf" - ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf" - - touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" - touch "/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua" - touch "/usr/share/yunohost/templates/jitsi/jitsi-videobridge.$domain.cfg.lua" - touch "/usr/share/yunohost/templates/jitsi/focus.$domain.cfg.lua" - - # Add Metronome hook - cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app - - yunohost tools regen-conf metronome --force -fi - -if ynh_version_gt "1.0.3969~ynh1" "${current_version}" ; then - # Remove not needed domains - yunohost domain remove conference.$domain - yunohost domain remove jitsi-videobridge.$domain - yunohost domain remove focus.$domain - - # Remove Previously installed Metronome modules - ynh_secure_remove --file="/usr/lib/metronome/modules/mod_carbons.lua" - ynh_secure_remove --file="/usr/lib/metronome/modules/mod_http_altconnect.lua" - ynh_secure_remove --file="/usr/lib/metronome/modules/mod_smacks.lua" - - # Remove nodejs - ynh_remove_nodejs -fi - -# Closing port_component -if yunohost firewall list | grep -q "\- $port_component$" -then - ynh_script_progression --message="Closing port $port_component..." - ynh_exec_warn_less yunohost firewall disallow TCP $port_component -fi - - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -102,9 +47,9 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup ynh_clean_check_starting + # Restore it if the upgrade fails + ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -119,6 +64,25 @@ ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app-videobridge --action="stop" --log_path="/var/log/$app/$app-videobridge.log" ynh_systemd_action --service_name=$app-jicofo --action="stop" --log_path="/var/log/$app/$app-jicofo.log" +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path +fi + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -129,7 +93,7 @@ then # Download, check integrity, uncompress and patch the source from app.src declare -A packages - packages[jicofo]="jicofo" + packages[jitsi-jicofo]="jicofo" packages[jitsi-meet-prosody]="jitsi-meet/prosody-plugins" packages[jitsi-meet-web]="jitsi-meet" packages[jitsi-videobridge]="jitsi-videobridge" @@ -146,29 +110,14 @@ then mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/" ynh_secure_remove --file="$final_path/${package}_temp" done - - # Adapt prosody module to metronome - for file in $final_path/jitsi-meet-prosody/*.lua - do - ynh_replace_string --match_string="prosody" --replace_string="metronome" --target_file="$file" - ynh_replace_string --match_string="Prosody" --replace_string="Metronome" --target_file="$file" - done - - for directory in $final_path/jitsi-meet-prosody/*/; do - for file in $directory/*.lua - do - ynh_replace_string --match_string="prosody" --replace_string="metronome" --target_file="$file" - ynh_replace_string --match_string="Prosody" --replace_string="Metronome" --target_file="$file" - done - done fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." +ynh_script_progression --message="Upgrading NGINX web server configuration..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config #================================================= @@ -178,15 +127,12 @@ ynh_script_progression --message="Upgrading dependencies..." ynh_install_app_dependencies $pkg_dependencies -#ynh_install_nodejs --nodejs_version=10 - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir=$final_path +if ! yunohost app list | grep -q "prosody" +then + yunohost app install prosody --args "domain=$domain&admin=$admin&language=$language&password=$password" +elfi + yunohost app upgrade +fi #================================================= # SPECIFIC UPGRADE @@ -232,10 +178,6 @@ then jitsi_videobridge_log4j2_conf="/etc/$app/videobridge/log4j2.xml" cp ../conf/jitsi-videobridge-log4j2.xml "$jitsi_videobridge_log4j2_conf" ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_log4j2_conf" - - jitsi_videobridge_20_jvb_udp_buffers_conf="/etc/sysctl.d/videobridge/20-jvb-udp-buffers.conf" - cp ../conf/jitsi-videobridge-20-jvb-udp-buffers.conf "$jitsi_videobridge_20_jvb_udp_buffers_conf" - sysctl --system || true fi #================================================= @@ -329,18 +271,10 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log" ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -# Make app public -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" - #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload From dc234cbc23296032b917fc48fa0ee9c24b9b3a54 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 3 Feb 2022 03:13:17 +0100 Subject: [PATCH 37/57] More informations --- doc/DESCRIPTION.md | 8 -------- doc/DESCRIPTION_fr.md | 7 ------- doc/DISCLAIMER.md | 8 ++------ doc/DISCLAIMER_fr.md | 8 ++------ 4 files changed, 4 insertions(+), 27 deletions(-) diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 6233043..d1fd89e 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1,9 +1 @@ Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Videobridge to provide high quality, secure, and scalable video conferences. - -## Disclaimer - -**Jitsi** for YunoHost for now as some limitations: - * Can only be used using Chrome/Chromium - * Is limited to two participants - -Those limitations come from the packaging of the upstream app. Have to be improved. diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index 6fda900..f02f4ca 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -1,8 +1 @@ Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Javascript, propose des vidéos-conférences de haute qualité, sécurisées et évolutives. - -## Avertissements -**Jitsi-meet** pour YunoHost est limité actuellement : - * Il ne peut être utilisé qu'avec Chrome ou un navigateur basé sur Chromium - * Il est limité à 2 participants par réunion - -Ces limitations viennent de la manière dont l'application a été empaquetée pour YunoHost. À améliorer. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 0e30e5a..e718345 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,9 +1,5 @@ ## Important points before installing 1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld -2. **Jitsi** requires you create additionals domains in your DNS and in your YunoHost - * auth.jitsi.domain.tld - * conference.jitsi.domain.tld - * jitsi-videobridge.jitsi.domain.tld - * focus.jitsi.domain.tld -3. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) +2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) +3. **Jitsi** will stop and disable Metronome XMPP. \ No newline at end of file diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index 4799c46..9905c55 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,9 +1,5 @@ ## Points importants à préparer avant l'installation 1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld -2. **Jitsi** nécessite des domaines supplémentaires au niveau du DNS et de votre YunoHost - * auth.jitsi.domain.tld - * conference.jitsi.domain.tld - * jitsi-videobridge.jitsi.domain.tld - * focus.jitsi.domain.tld -3. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) +2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) +3. **Jitsi** va arréter et désactiver le service XMPP Metronome. \ No newline at end of file From 7cfb08f7bfd685e36b3770e63742ac5e08c7d59f Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 6 Feb 2022 01:57:11 +0100 Subject: [PATCH 38/57] Implement prosody_ynh --- scripts/install | 6 +++++- scripts/remove | 25 +++++++++++++++++++++++++ scripts/restore | 6 +++++- scripts/upgrade | 6 +++--- 4 files changed, 38 insertions(+), 5 deletions(-) diff --git a/scripts/install b/scripts/install index 386a037..085bd58 100644 --- a/scripts/install +++ b/scripts/install @@ -99,9 +99,13 @@ ynh_install_app_dependencies $pkg_dependencies if ! yunohost app list | grep -q "prosody" then - yunohost app install prosody --args "domain=$domain&admin=$admin&language=$language&password=$password" + yunohost app install prosody --force +else + yunohost app upgrade prosody --force fi +ynh_app_setting_set --app=$app --key=require_prosody --value="1" + #================================================= # CREATE DEDICATED USER #================================================= diff --git a/scripts/remove b/scripts/remove index 88fd557..08c441a 100644 --- a/scripts/remove +++ b/scripts/remove @@ -111,6 +111,31 @@ ynh_script_progression --message="Removing dependencies..." # Remove metapackage and its dependencies ynh_remove_app_dependencies +# Remove the line for this app +ynh_app_setting_delete --app=$app --key=require_prosody + +# List apps requiring Prosody +installed_apps=$(yunohost app list | grep -oP 'id: \K.*$') +required_by="" +installed_app_required_by="" +for installed_app in $installed_apps +do + installed_app_required_by=$(ynh_app_setting_get --app=$installed_app --key="require_prosody") + if [[ $installed_app_required_by ]] + then + required_by="${installed_app_required_by}" + fi + installed_app_required_by="" +done + +# If Prosody is no more required +if [[ ! $required_by ]] +then + # Remove Prosody + ynh_print_info --message="Removing of Prosody" + yunohost app remove prosody --purge +fi + #================================================= # CLOSE A PORT #================================================= diff --git a/scripts/restore b/scripts/restore index c976aad..4d9d974 100644 --- a/scripts/restore +++ b/scripts/restore @@ -88,9 +88,13 @@ ynh_install_app_dependencies $pkg_dependencies if ! yunohost app list | grep -q "prosody" then - yunohost app install prosody --args "domain=$domain&admin=$admin&language=$language&password=$password" + yunohost app install prosody --force +else + yunohost app upgrade prosody --force fi +ynh_app_setting_set --app=$app --key=require_prosody --value="1" + #================================================= # CONFIGURE FIREWALL #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index d9d6086..15b9b2b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -129,9 +129,9 @@ ynh_install_app_dependencies $pkg_dependencies if ! yunohost app list | grep -q "prosody" then - yunohost app install prosody --args "domain=$domain&admin=$admin&language=$language&password=$password" -elfi - yunohost app upgrade + yunohost app install prosody --force +else + yunohost app upgrade prosody --force fi #================================================= From ab7ee572c4a70b798ceb875c39742e2ba0497772 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 6 Feb 2022 02:01:33 +0100 Subject: [PATCH 39/57] Improving prosody --- scripts/remove | 2 +- scripts/upgrade | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/remove b/scripts/remove index 08c441a..e8575b9 100644 --- a/scripts/remove +++ b/scripts/remove @@ -111,7 +111,7 @@ ynh_script_progression --message="Removing dependencies..." # Remove metapackage and its dependencies ynh_remove_app_dependencies -# Remove the line for this app +# Remove Prosody ynh_app_setting_delete --app=$app --key=require_prosody # List apps requiring Prosody diff --git a/scripts/upgrade b/scripts/upgrade index 15b9b2b..bdeac96 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -134,6 +134,8 @@ else yunohost app upgrade prosody --force fi +ynh_app_setting_set --app=$app --key=require_prosody --value="1" + #================================================= # SPECIFIC UPGRADE #================================================= From 9280b7600d5c0b0ecccfd3c27a768a53722ede9e Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 6 Feb 2022 15:30:08 +0100 Subject: [PATCH 40/57] fetch last apps.json --- scripts/install | 6 ++++-- scripts/restore | 6 ++++-- scripts/upgrade | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/scripts/install b/scripts/install index 085bd58..8b336b3 100644 --- a/scripts/install +++ b/scripts/install @@ -99,9 +99,11 @@ ynh_install_app_dependencies $pkg_dependencies if ! yunohost app list | grep -q "prosody" then - yunohost app install prosody --force + yunohost tools update + yunohost app install prosody else - yunohost app upgrade prosody --force + yunohost tools update + yunohost app upgrade prosody fi ynh_app_setting_set --app=$app --key=require_prosody --value="1" diff --git a/scripts/restore b/scripts/restore index 4d9d974..0f5e311 100644 --- a/scripts/restore +++ b/scripts/restore @@ -88,9 +88,11 @@ ynh_install_app_dependencies $pkg_dependencies if ! yunohost app list | grep -q "prosody" then - yunohost app install prosody --force + yunohost tools update + yunohost app install prosody else - yunohost app upgrade prosody --force + yunohost tools update + yunohost app upgrade prosody fi ynh_app_setting_set --app=$app --key=require_prosody --value="1" diff --git a/scripts/upgrade b/scripts/upgrade index bdeac96..78fc6c0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -129,9 +129,11 @@ ynh_install_app_dependencies $pkg_dependencies if ! yunohost app list | grep -q "prosody" then - yunohost app install prosody --force + yunohost tools update + yunohost app install prosody else - yunohost app upgrade prosody --force + yunohost tools update + yunohost app upgrade prosody fi ynh_app_setting_set --app=$app --key=require_prosody --value="1" From 7dc28880385641d8e3bd790f42b6d771ab6475f2 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 6 Feb 2022 15:37:16 +0100 Subject: [PATCH 41/57] Fix Yunohost service add --- scripts/install | 4 ++-- scripts/restore | 2 +- scripts/upgrade | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/install b/scripts/install index 8b336b3..6b4266b 100644 --- a/scripts/install +++ b/scripts/install @@ -271,8 +271,8 @@ ynh_use_logrotate #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app-videobridge --description "$app jitsi-videobridge for jitsi" --log "/var/log/$app/$app-videobridge.log" -yunohost service add $app-jicofo --description "$app jitsi-jicofo for jitsi" --log "/var/log/$app/$app-jicofo.log" +yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log" --needs_exposed_ports $port $port_videobridge +yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log" #================================================= # START SYSTEMD SERVICE diff --git a/scripts/restore b/scripts/restore index 0f5e311..43926b6 100644 --- a/scripts/restore +++ b/scripts/restore @@ -168,7 +168,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app-videobridge --log="/var/log/$app/$app-videobridge.log" +yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log" --needs_exposed_ports $port $port_videobridge yunohost service add $app-jicofo --log="/var/log/$app/$app-jicofo.log" #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 78fc6c0..0bb122c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -264,8 +264,8 @@ ynh_use_logrotate --non-append #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app-videobridge --description "$app jitsi-videobridge for jitsi" --log "/var/log/$app/$app-videobridge.log" -yunohost service add $app-jicofo --description "$app jitsi-jicofo for jitsi" --log "/var/log/$app/$app-jicofo.log" +yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log" --needs_exposed_ports $port $port_videobridge +yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log" #================================================= # START SYSTEMD SERVICE From 90248a01e96b7c65709c6348d29b062993306417 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 6 Feb 2022 15:37:27 +0100 Subject: [PATCH 42/57] Fix auto-readme --- doc/DESCRIPTION_fr.md | 2 +- doc/DISCLAIMER_fr.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index f02f4ca..b093c58 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -1 +1 @@ -Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Javascript, propose des vidéos-conférences de haute qualité, sécurisées et évolutives. +Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Javascript, propose des vidéos-conférences de haute qualité, sécurisées et évolutives. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index 9905c55..d778655 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,5 +1,5 @@ -## Points importants à préparer avant l'installation +## Points importants à préparer avant l'installation -1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld -2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) -3. **Jitsi** va arréter et désactiver le service XMPP Metronome. \ No newline at end of file +1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld +2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) +3. **Jitsi** va arréter et désactiver le service XMPP Metronome. \ No newline at end of file From 36a8b5d5f88c953422af814c7295556fa7f3506e Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sun, 6 Feb 2022 14:37:33 +0000 Subject: [PATCH 43/57] Auto-update README --- README.md | 71 +++++++++++++++++++----------------------------- README_fr.md | 76 ++++++++++++++++++---------------------------------- 2 files changed, 54 insertions(+), 93 deletions(-) diff --git a/README.md b/README.md index 16b67e3..4375847 100644 --- a/README.md +++ b/README.md @@ -1,62 +1,45 @@ + + # Jitsi Meet for YunoHost [![Integration level](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.maintain.svg) -[![Install Jitsi Meet with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=jitsi) +[![Install Jitsi Meet with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=jitsi) *[Lire ce readme en français.](./README_fr.md)* -> *This package allow you to install Jitsi Meet quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* - -## Disclaimer - -**Jitsi** for YunoHost for now as some limitations: - * Can only be used using Chrome/Chromium - * Is limited to two participants - -Those limitations come from the packaging of the upstream app. Have to be improved. +> *This package allows you to install Jitsi Meet quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview + Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Videobridge to provide high quality, secure, and scalable video conferences. -**Shipped version:** 1.0.4466 + +**Shipped version:** 1.0.4466~ynh1 + +**Demo:** https://meet.jit.si/ + +## Screenshots + +![](./doc/screenshots/screenshot.png) + +## Disclaimers / important information ## Important points before installing 1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld 2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) +3. **Jitsi** will stop and disable Metronome XMPP. +## Documentation and resources -## Screenshots - -![](https://jitsi.org/wp-content/uploads/2018/08/brady-bunch-stand-up-1024x632.jpg) - -## Demo - -* [Official demo](https://meet.jit.si/) - -## Configuration - -How to configure this app: Via the admin panel, a plain file with SSH, or any other way. - -## Documentation - - * Official documentation: https://jitsi.org/user-faq/ - -## YunoHost specific features - -#### Supported architectures - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/jitsi/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/jitsi/) - -## Links - - * Report a bug: https://github.com/YunoHost-Apps/jitsi_ynh/issues - * App website: https://jitsi.org/ - * Upstream app repository: https://github.com/jitsi/jitsi-meet - * YunoHost website: https://yunohost.org/ - ---- +* Official app website: https://jitsi.org/ +* Official user documentation: https://jitsi.org/user-faq/ +* Upstream app code repository: https://github.com/jitsi/jitsi-meet +* YunoHost documentation for this app: https://yunohost.org/app_jitsi +* Report a bug: https://github.com/YunoHost-Apps/jitsi_ynh/issues ## Developer info @@ -68,3 +51,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/jitsi_ynh/tree/testin or sudo yunohost app upgrade jitsi -u https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing --debug ``` + +**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/README_fr.md b/README_fr.md index db31ceb..19540d1 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,69 +1,43 @@ # Jitsi Meet pour YunoHost -## Avertissements -**Jitsi-meet** pour YunoHost est limité actuellement : - * Il ne peut être utilisé qu'avec Chrome ou un navigateur basé sur Chromium - * Il est limité à 2 participants par réunion - -Ces limitations viennent de la manière dont l'application a été empaquetée pour YunoHost. À améliorer. - [![Niveau d'intégration](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.maintain.svg) -[![Installer Jitsi Meet avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=jitsi) +[![Installer Jitsi Meet avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=jitsi) *[Read this readme in english.](./README.md)* +*[Lire ce readme en français.](./README_fr.md)* -> *Ce package vous permet d'installer Jitsi Meet rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* +> *Ce package vous permet d'installer Jitsi Meet rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* ## Vue d'ensemble + Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Javascript, propose des vidéos-conférences de haute qualité, sécurisées et évolutives. -**Version actuelle :** 1.0.4466 + +**Version incluse :** 1.0.4466~ynh1 + +**Démo :** https://meet.jit.si/ + +## Captures d'écran + +![](./doc/screenshots/screenshot.png) + +## Avertissements / informations importantes ## Points importants à préparer avant l'installation 1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld -2. **Jitsi** nécessite des domaines supplémentaires au niveau du DNS et de votre YunoHost - * auth.jitsi.domain.tld - * conference.jitsi.domain.tld - * jitsi-videobridge.jitsi.domain.tld - * focus.jitsi.domain.tld -3. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) +2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) +3. **Jitsi** va arréter et désactiver le service XMPP Metronome. +## Documentations et ressources -## Captures d'écran +* Site officiel de l'app : https://jitsi.org/ +* Documentation officielle utilisateur : https://jitsi.org/user-faq/ +* Dépôt de code officiel de l'app : https://github.com/jitsi/jitsi-meet +* Documentation YunoHost pour cette app : https://yunohost.org/app_jitsi +* Signaler un bug : https://github.com/YunoHost-Apps/jitsi_ynh/issues -![](https://jitsi.org/wp-content/uploads/2018/08/brady-bunch-stand-up-1024x632.jpg) - -## Démo - -* [Démo officielle](https://meet.jit.si/) - -## Configuration - -Comment configurer cette application: via le panneau d'administration, un fichier brut en SSH ou tout autre moyen. - -## Documentation - - * Documentation officielle : https://jitsi.org/user-faq/ - -## Caractéristiques spécifiques YunoHost - -#### Architectures supportées - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/jitsi/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/jitsi/) - -## Liens - - * Signaler un bug: https://github.com/YunoHost-Apps/jitsi_ynh/issues - * Site de l'application: https://jitsi.org/ - * Dépôt de l'application principale: https://github.com/jitsi/jitsi-meet - * Site web YunoHost: https://yunohost.org/ - ---- - -Informations pour les développeurs ----------------- +## Informations pour les développeurs Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing). @@ -73,3 +47,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/jitsi_ynh/tree/testin ou sudo yunohost app upgrade jitsi -u https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing --debug ``` + +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file From 80835da2705a54df5a5d84905407d20e8f4736da Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 6 Feb 2022 15:39:34 +0100 Subject: [PATCH 44/57] Fix add_header --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 737626d..5968362 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -18,7 +18,7 @@ location = /external_api.js { #ensure all static content can always be found first location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ { - add_header 'Access-Control-Allow-Origin' '*'; + more_set_headers "Access-Control-Allow-Origin: *"; alias __FINALPATH__/jitsi-meet-web/$1/$2; # cache all versioned files From 71b93b488bdae1ef260d8a39c0ae7c00ef95c02b Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 6 Feb 2022 15:45:20 +0100 Subject: [PATCH 45/57] Update restore --- scripts/restore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/restore b/scripts/restore index 43926b6..f4191e5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -169,7 +169,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log" --needs_exposed_ports $port $port_videobridge -yunohost service add $app-jicofo --log="/var/log/$app/$app-jicofo.log" +yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log" #================================================= # START SYSTEMD SERVICE From 37f01dd3fa8a4ade852ffa8a7a057e9da6305002 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 6 Feb 2022 15:45:58 +0100 Subject: [PATCH 46/57] Update restore --- scripts/restore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/restore b/scripts/restore index f4191e5..e97d81e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -152,9 +152,9 @@ chown -R $app: /var/log/$app ynh_script_progression --message="Restoring the systemd configuration..." ynh_restore_file --origin_path="/etc/systemd/system/$app-videobridge.service" -systemctl enable $app-videobridge.service +systemctl enable $app-videobridge.service --quiet ynh_restore_file --origin_path="/etc/systemd/system/$app-jicofo.service" -systemctl enable $app-jicofo.service +systemctl enable $app-jicofo.service --quiet #================================================= # RESTORE THE LOGROTATE CONFIGURATION From cb7b3d07a137dc8ededfd9147f7bdd84d27e673b Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 6 Feb 2022 17:19:59 +0100 Subject: [PATCH 47/57] Fix upgrade --- scripts/install | 2 +- scripts/upgrade | 75 +++++++++++++++---------------------------------- 2 files changed, 23 insertions(+), 54 deletions(-) diff --git a/scripts/install b/scripts/install index 6b4266b..5745b1e 100644 --- a/scripts/install +++ b/scripts/install @@ -141,7 +141,7 @@ do ynh_secure_remove --file="$final_path/${package}_temp" done -chown -R $app: $final_path +chown -R $app: "$final_path" #================================================= # NGINX CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 0bb122c..38b9182 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -140,6 +140,18 @@ ynh_app_setting_set --app=$app --key=require_prosody --value="1" #================================================= # SPECIFIC UPGRADE +#================================================= +# CONFIGURE PROSODY +#================================================= +ynh_script_progression --message="Configuring Prosody..." + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_add_config --template="../conf/prosody.cfg.lua" --destination="/etc/prosody/conf.avail/$domain.cfg.lua" + chmod 644 "/etc/prosody/conf.avail/$domain.cfg.lua" + ln -s "/etc/prosody/conf.avail/$domain.cfg.lua" "/etc/prosody/conf.d/$domain.cfg.lua" +fi + #================================================= # CONFIGURE JITSI-VIDEOBRIDGE #================================================= @@ -150,38 +162,15 @@ then public_ipv4="$(curl ip.yunohost.org)" || true private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true - jitsi_videobridge_sip_communicator_conf="/etc/$app/videobridge/sip-communicator.properties" - ynh_backup_if_checksum_is_different --file="$jitsi_videobridge_sip_communicator_conf" - cp -f ../conf/jitsi_videobridge-sip-communicator.properties "$jitsi_videobridge_sip_communicator_conf" - ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$jitsi_videobridge_sip_communicator_conf" - ynh_replace_string --match_string="__PRIVATE_IPV4__" --replace_string="$private_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" - ynh_replace_string --match_string="__PUBLIC_IPV4__" --replace_string="$public_ipv4" --target_file="$jitsi_videobridge_sip_communicator_conf" - ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_videobridge_sip_communicator_conf" - ynh_replace_string --match_string="__VIDEOBRIDGE_USER__" --replace_string="$videobridge_user" --target_file="$jitsi_videobridge_sip_communicator_conf" - ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$jitsi_videobridge_sip_communicator_conf" - ynh_replace_string --match_string="__MUC_NICKNAME__" --replace_string="$muc_nickname" --target_file="$jitsi_videobridge_sip_communicator_conf" - ynh_store_file_checksum --file="$jitsi_videobridge_sip_communicator_conf" + ynh_add_config --template="../conf/jitsi-videobridge-callstats-java-sdk.properties" --destination="/etc/$app/videobridge/callstats-java-sdk.properties" - jitsi_videobridge_conf="/etc/$app/videobridge/config" - ynh_backup_if_checksum_is_different --file="$jitsi_videobridge_conf" - cp ../conf/jitsi-videobridge.config "$jitsi_videobridge_conf" - ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_videobridge_conf" - ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$jitsi_videobridge_conf" - ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$jitsi_videobridge_conf" - ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_conf" - ynh_store_file_checksum --file="$jitsi_videobridge_conf" + ynh_add_config --template="../conf/jitsi-videobridge-jvb.conf" --destination="/etc/$app/videobridge/jvb.conf" - jitsi_videobridge_logging_conf="/etc/$app/videobridge/logging.properties" - ynh_backup_if_checksum_is_different --file="$jitsi_videobridge_logging_conf" - cp ../conf/jitsi-videobridge-logging.properties "$jitsi_videobridge_logging_conf" - ynh_store_file_checksum --file="$jitsi_videobridge_logging_conf" + ynh_add_config --template="../conf/jitsi-videobridge-logging.properties" --destination="/etc/$app/videobridge/logging.properties" - jitsi_videobridge_callstats_java_sdk_conf="/etc/$app/videobridge/callstats-java-sdk.properties" - cp ../conf/jitsi-videobridge-callstats-java-sdk.properties "$jitsi_videobridge_callstats_java_sdk_conf" + ynh_add_config --template="../conf/jitsi-videobridge-sip-communicator.properties" --destination="/etc/$app/videobridge/sip-communicator.properties" - jitsi_videobridge_log4j2_conf="/etc/$app/videobridge/log4j2.xml" - cp ../conf/jitsi-videobridge-log4j2.xml "$jitsi_videobridge_log4j2_conf" - ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_log4j2_conf" + ynh_add_config --template="../conf/jitsi-videobridge.config" --destination="/etc/$app/videobridge/config" fi #================================================= @@ -191,28 +180,11 @@ ynh_script_progression --message="configuring Jitsi-Jicofo..." if [ "$upgrade_type" == "UPGRADE_APP" ] then - jitsi_jicofo_sip_communicator_conf="/etc/$app/jicofo/sip-communicator.properties" - ynh_backup_if_checksum_is_different --file="$jitsi_jicofo_sip_communicator_conf" - cp ../conf/jitsi-jicofo-sip-communicator.properties "$jitsi_jicofo_sip_communicator_conf" - ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_jicofo_sip_communicator_conf" - ynh_store_file_checksum --file="$jitsi_jicofo_sip_communicator_conf" + ynh_add_config --template="../conf/jitsi-jicofo-config" --destination="/etc/$app/jicofo/config" - jitsi_jicofo_conf="/etc/$app/jicofo/config" - ynh_backup_if_checksum_is_different --file="$jitsi_jicofo_conf" - cp ../conf/jitsi-jicofo.config "$jitsi_jicofo_conf" - ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_jicofo_conf" - ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$jitsi_jicofo_conf" - ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$jitsi_jicofo_conf" - ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="$jitsi_jicofo_conf" - ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="$jitsi_jicofo_conf" - ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_jicofo_conf" - ynh_store_file_checksum --file="$jitsi_jicofo_conf" - - jitsi_jicofo_logging_conf="/etc/$app/jicofo/logging.properties" - ynh_backup_if_checksum_is_different --file="$jitsi_jicofo_logging_conf" - cp ../conf/jitsi-jicofo-logging.properties "$jitsi_jicofo_logging_conf" - ynh_store_file_checksum --file="$jitsi_jicofo_logging_conf" + ynh_add_config --template="../conf/jitsi-jicofo-jicofo.conf" --destination="/etc/$app/jicofo/jicofo.conf" + ynh_add_config --template="../conf/jitsi-jicofo-logging.properties" --destination="/etc/$app/jicofo/logging.properties" fi #================================================= @@ -222,11 +194,8 @@ ynh_script_progression --message="Configuring Jitsi-Meet..." if [ "$upgrade_type" == "UPGRADE_APP" ] then - jitsi_meet_conf="/etc/$app/meet/config.js" - ynh_backup_if_checksum_is_different --file="$jitsi_meet_conf" - ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/config.js" - cpp -undef -P ../conf/config.js -o "$jitsi_meet_conf" - ynh_store_file_checksum --file="$jitsi_meet_conf" + ynh_add_config --template="../conf/jitsi-meet-config.js" --destination="/etc/$app/meet/$domain-config.js" + chmod 644 "/etc/$app/meet/$domain-config.js" fi #================================================= From fb76952275fa1956fd0a46a8b6262da7880caf02 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 7 Feb 2022 01:14:21 +0100 Subject: [PATCH 48/57] Fix turn_secret during upgrade --- scripts/install | 8 ++++---- scripts/upgrade | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/install b/scripts/install index 5745b1e..3e26683 100644 --- a/scripts/install +++ b/scripts/install @@ -60,12 +60,12 @@ ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=focus_password --value=$focus_password -ynh_app_setting_set --app=$app --key=videobridge_secret --value=$videobridge_secret -ynh_app_setting_set --app=$app --key=focus_secret --value=$focus_secret -ynh_app_setting_set --app=$app --key=turn_secret --value=$turn_secret ynh_app_setting_set --app=$app --key=focus_user --value=$focus_user +ynh_app_setting_set --app=$app --key=focus_password --value=$focus_password +ynh_app_setting_set --app=$app --key=focus_secret --value=$focus_secret ynh_app_setting_set --app=$app --key=videobridge_user --value=$videobridge_user +ynh_app_setting_set --app=$app --key=videobridge_secret --value=$videobridge_secret +ynh_app_setting_set --app=$app --key=turn_secret --value=$turn_secret #================================================= # STANDARD MODIFICATIONS diff --git a/scripts/upgrade b/scripts/upgrade index 38b9182..81c096b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -27,6 +27,8 @@ focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret) videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user) videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret) +turn_secret=$(ynh_app_setting_get --app=$app --key=turn_secret) + port=$(ynh_app_setting_get --app=$app --key=port) port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) port_component=$(ynh_app_setting_get --app=$app --key=port_component) From d4d38bca9bdc3e2ae1fbf3c6bb9fbbd8bf15248a Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 7 Feb 2022 08:24:55 +0100 Subject: [PATCH 49/57] Fix upgrade --- scripts/upgrade | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 81c096b..7d243cd 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -151,7 +151,6 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_add_config --template="../conf/prosody.cfg.lua" --destination="/etc/prosody/conf.avail/$domain.cfg.lua" chmod 644 "/etc/prosody/conf.avail/$domain.cfg.lua" - ln -s "/etc/prosody/conf.avail/$domain.cfg.lua" "/etc/prosody/conf.d/$domain.cfg.lua" fi #================================================= From dc143786a75419b60255aa5e9489e019c2db3dab Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 7 Feb 2022 08:25:06 +0100 Subject: [PATCH 50/57] Update check_process --- check_process | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check_process b/check_process index 6f1ce97..7cb3e2e 100644 --- a/check_process +++ b/check_process @@ -10,7 +10,7 @@ setup_public=1 upgrade=1 # 1.0.3729~ynh1 - upgrade=1 from_commit=7e81cff25dd5a85a5f9b97299b2dc251f2725d4b + # upgrade=1 from_commit=7e81cff25dd5a85a5f9b97299b2dc251f2725d4b backup_restore=1 multi_instance=0 port_already_use=0 From fe5f1461b403e1a6f31a110d2ff4c1b05e66a214 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 7 Feb 2022 22:10:55 +0100 Subject: [PATCH 51/57] Fix missing muc_nickname --- scripts/upgrade | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/upgrade b/scripts/upgrade index 7d243cd..a13259e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -28,6 +28,7 @@ videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user) videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret) turn_secret=$(ynh_app_setting_get --app=$app --key=turn_secret) +muc_nickname=$(ynh_app_setting_get --app=$app --key=muc_nickname) port=$(ynh_app_setting_get --app=$app --key=port) port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) From da6e8b429cb655869af1add644975aa0bd6167b6 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 8 Feb 2022 22:42:11 +0100 Subject: [PATCH 52/57] more security --- scripts/install | 6 +++++- scripts/remove | 2 ++ scripts/restore | 9 ++++++++- scripts/upgrade | 6 ++++++ 4 files changed, 21 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 3e26683..dfcabfd 100644 --- a/scripts/install +++ b/scripts/install @@ -115,6 +115,8 @@ ynh_script_progression --message="Configuring system user..." # Create a system user ynh_system_user_create --username=$app --home_dir="$final_path" +gpasswd --add prosody $app +gpasswd --add www-data $app #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -141,7 +143,9 @@ do ynh_secure_remove --file="$final_path/${package}_temp" done -chown -R $app: "$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" #================================================= # NGINX CONFIGURATION diff --git a/scripts/remove b/scripts/remove index e8575b9..5d6b44e 100644 --- a/scripts/remove +++ b/scripts/remove @@ -113,6 +113,7 @@ ynh_remove_app_dependencies # Remove Prosody ynh_app_setting_delete --app=$app --key=require_prosody +gpasswd --delete prosody $app # List apps requiring Prosody installed_apps=$(yunohost app list | grep -oP 'id: \K.*$') @@ -172,6 +173,7 @@ ynh_secure_remove --file="/var/log/$app" #================================================= ynh_script_progression --message="Removing the dedicated system user..." +gpasswd --delete www-data $app # Delete a system user ynh_system_user_delete --username=$app diff --git a/scripts/restore b/scripts/restore index e97d81e..e3b8b01 100644 --- a/scripts/restore +++ b/scripts/restore @@ -66,6 +66,8 @@ ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" +gpasswd --add prosody $app +gpasswd --add www-data $app #================================================= # RESTORE THE APP MAIN DIR @@ -74,7 +76,9 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -chown -R root: $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" #================================================= # SPECIFIC RESTORATION @@ -112,6 +116,7 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge ynh_script_progression --message="Configuring prosody..." ynh_restore_file --origin_path="/etc/prosody/conf.avail/$domain.cfg.lua" +chmod 644 "/etc/prosody/conf.avail/$domain.cfg.lua" ln -s "/etc/prosody/conf.avail/$domain.cfg.lua" "/etc/prosody/conf.d/$domain.cfg.lua" ln -sf /var/lib/prosody/$domain.key /etc/prosody/certs/$domain.key @@ -138,6 +143,8 @@ ynh_script_progression --message="Restoring the app config..." ynh_restore_file --origin_path="/etc/$app" +chmod 644 "/etc/$app/meet/$domain-config.js" + #================================================= # CREATE LOG DIR #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index a13259e..92a74af 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -85,6 +85,8 @@ ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" +gpasswd --add prosody $app +gpasswd --add www-data $app #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -115,6 +117,10 @@ then done fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= From 4030f6ec0d011e99666384fa8cf2d5815dbed97a Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 9 Feb 2022 08:19:20 +0100 Subject: [PATCH 53/57] Fix restore --- scripts/restore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/restore b/scripts/restore index e3b8b01..e14f765 100644 --- a/scripts/restore +++ b/scripts/restore @@ -66,7 +66,6 @@ ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" -gpasswd --add prosody $app gpasswd --add www-data $app #================================================= @@ -100,6 +99,7 @@ else fi ynh_app_setting_set --app=$app --key=require_prosody --value="1" +gpasswd --add prosody $app #================================================= # CONFIGURE FIREWALL From b25cd092f6bb59f8c414359fc374aaaf7013276f Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 9 Feb 2022 08:21:08 +0100 Subject: [PATCH 54/57] Fix upgrade --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 92a74af..fab8974 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -85,7 +85,6 @@ ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" -gpasswd --add prosody $app gpasswd --add www-data $app #================================================= @@ -146,6 +145,7 @@ else fi ynh_app_setting_set --app=$app --key=require_prosody --value="1" +gpasswd --add prosody $app #================================================= # SPECIFIC UPGRADE From a73ec7c023b424d301b67d48a13b4a6c2f9e5871 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 9 Feb 2022 22:41:48 +0100 Subject: [PATCH 55/57] Fix upgrade --- scripts/upgrade | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index fab8974..6d9ba0c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -206,6 +206,15 @@ then chmod 644 "/etc/$app/meet/$domain-config.js" fi +#================================================= +# CREATE LOG DIR +#================================================= +ynh_script_progression --message="Creating log dir..." + +mkdir -p "/var/log/$app" +chown -R $app: /var/log/$app +chmod -R 770 /var/log/$app + #================================================= # SETUP SYSTEMD #================================================= @@ -223,10 +232,7 @@ ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service" ynh_script_progression --message="Securing files and directories..." # Set permissions on app files -chown -R root: $final_path chown -R $app: /etc/$app -chown -R $app: /var/log/$app -chmod -R 770 /var/log/$app #================================================= # SETUP LOGROTATE From 7962e1d49fc9d5d5da48fd4fdfbbd2590d1d7ad2 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 11 Feb 2022 00:47:00 +0100 Subject: [PATCH 56/57] enable LDAP authentication --- conf/jitsi-jicofo-jicofo.conf | 5 +++++ conf/jitsi-meet-config.js | 2 +- conf/mod_auth_ldap.src | 7 +++++++ conf/prosody.cfg.lua | 11 ++++++++++- doc/DISCLAIMER.md | 3 ++- doc/DISCLAIMER_fr.md | 3 ++- scripts/_common.sh | 2 +- scripts/install | 2 ++ scripts/upgrade | 2 ++ 9 files changed, 32 insertions(+), 5 deletions(-) create mode 100644 conf/mod_auth_ldap.src diff --git a/conf/jitsi-jicofo-jicofo.conf b/conf/jitsi-jicofo-jicofo.conf index c1b7c15..9e91218 100644 --- a/conf/jitsi-jicofo-jicofo.conf +++ b/conf/jitsi-jicofo-jicofo.conf @@ -1,6 +1,11 @@ # Jicofo HOCON configuration. See reference.conf in /usr/share/jicofo/jicofo.jar for #available options, syntax, and default values. jicofo { + authentication: { + enabled: true + type: XMPP + login-url: __DOMAIN__ + } xmpp: { client: { client-proxy: focus.__DOMAIN__ diff --git a/conf/jitsi-meet-config.js b/conf/jitsi-meet-config.js index 011c458..a2276f7 100644 --- a/conf/jitsi-meet-config.js +++ b/conf/jitsi-meet-config.js @@ -9,7 +9,7 @@ var config = { domain: '__DOMAIN__', // When using authentication, domain for guest users. - // anonymousdomain: 'guest.example.com', + anonymousdomain: 'guest.__DOMAIN__', // Domain for authenticated users. Defaults to . // authdomain: '__DOMAIN__', diff --git a/conf/mod_auth_ldap.src b/conf/mod_auth_ldap.src new file mode 100644 index 0000000..6fed26c --- /dev/null +++ b/conf/mod_auth_ldap.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua +SOURCE_SUM=49c67ec86ec75ac8de93803be2ac7f907d1e9d3d22cd4c88fd48aaeed7a411e3 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=lua +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME=mod_auth_ldap.lua +SOURCE_EXTRACT=false diff --git a/conf/prosody.cfg.lua b/conf/prosody.cfg.lua index 0fb3f69..d13ff0a 100644 --- a/conf/prosody.cfg.lua +++ b/conf/prosody.cfg.lua @@ -27,7 +27,12 @@ unlimited_jids = { VirtualHost "__DOMAIN__" -- enabled = false -- Remove this line to enable this host - authentication = "anonymous" + authentication = "ldap" + ldap_server = "localhost" + ldap_filter = "(uid=$user)" + ldap_scope = "subtree" + ldap_base = "ou=users,dc=yunohost,dc=org" + ldap_mode = "bind" -- Properties below are modified by jitsi-meet-tokens package config -- and authentication above is switched to "token" --app_id="example_app_id" @@ -61,6 +66,10 @@ VirtualHost "__DOMAIN__" main_muc = "conference.__DOMAIN__" -- muc_lobby_whitelist = { "recorder.__DOMAIN__" } -- Here we can whitelist jibri to enter lobby enabled rooms +VirtualHost "guest.__DOMAIN__" + authentication = "anonymous" + c2s_require_encryption = false + Component "conference.__DOMAIN__" "muc" restrict_room_creation = true storage = "memory" diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index e718345..d069ebb 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -2,4 +2,5 @@ 1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld 2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) -3. **Jitsi** will stop and disable Metronome XMPP. \ No newline at end of file +3. **Jitsi** will stop and disable Metronome XMPP. +4. LDAP authentication is activated, only authenticated users to create new conference rooms. Whenever a new room is about to be created, Jitsi Meet will prompt for a user name and password. After the room is created, others will be able to join from anonymous domain. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index d778655..02abc34 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -2,4 +2,5 @@ 1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld 2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) -3. **Jitsi** va arréter et désactiver le service XMPP Metronome. \ No newline at end of file +3. **Jitsi** va arréter et désactiver le service XMPP Metronome. +4. L'authentification LDAP est activée, seuls les utilisateurs authentifiés peuvent créer de nouvelles salles de conférence. Chaque fois qu'une nouvelle salle est sur le point d'être créée, Jitsi Meet vous demandera un nom d'utilisateur et un mot de passe. Une fois la salle créée, d'autres personnes pourront la rejoindre à partir d'un domaine anonyme. diff --git a/scripts/_common.sh b/scripts/_common.sh index a6ea17a..45d1c9f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime" +pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime lua-ldap" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index dfcabfd..f0b22b5 100644 --- a/scripts/install +++ b/scripts/install @@ -143,6 +143,8 @@ do ynh_secure_remove --file="$final_path/${package}_temp" done +ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap + chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" diff --git a/scripts/upgrade b/scripts/upgrade index 6d9ba0c..6765844 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -114,6 +114,8 @@ then mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/" ynh_secure_remove --file="$final_path/${package}_temp" done + + ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap fi chmod 750 "$final_path" From 517cb1ce3ed34b2bb7931e9b65ee37c25f4aafa0 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Thu, 10 Feb 2022 23:47:06 +0000 Subject: [PATCH 57/57] Auto-update README --- README.md | 2 ++ README_fr.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 4375847..0ba37b8 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Vi 1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld 2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) 3. **Jitsi** will stop and disable Metronome XMPP. +4. LDAP authentication is activated, only authenticated users to create new conference rooms. Whenever a new room is about to be created, Jitsi Meet will prompt for a user name and password. After the room is created, others will be able to join from anonymous domain. + ## Documentation and resources * Official app website: https://jitsi.org/ diff --git a/README_fr.md b/README_fr.md index 19540d1..abcc1a4 100644 --- a/README_fr.md +++ b/README_fr.md @@ -29,6 +29,8 @@ Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Ja 1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld 2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) 3. **Jitsi** va arréter et désactiver le service XMPP Metronome. +4. L'authentification LDAP est activée, seuls les utilisateurs authentifiés peuvent créer de nouvelles salles de conférence. Chaque fois qu'une nouvelle salle est sur le point d'être créée, Jitsi Meet vous demandera un nom d'utilisateur et un mot de passe. Une fois la salle créée, d'autres personnes pourront la rejoindre à partir d'un domaine anonyme. + ## Documentations et ressources * Site officiel de l'app : https://jitsi.org/