more updates march

2026-03-01 17:38:47 +00:00
parent ceee62f62c
commit a085ba9714
810 changed files with 27066 additions and 6471 deletions
--- a/jitsi/jibri/rootfs/etc/chromium/policies/managed/managed_policies.json
+++ b/jitsi/jibri/rootfs/etc/chromium/policies/managed/managed_policies.json
@@ -0,0 +1,3 @@
+{
+  "CommandLineFlagSecurityWarningsEnabled": false
+}
--- a/jitsi/jibri/rootfs/etc/cont-init.d/10-config
+++ b/jitsi/jibri/rootfs/etc/cont-init.d/10-config
@@ -0,0 +1,93 @@
+#!/usr/bin/with-contenv bash
+
+# Check if the SYS_ADMIN cap is set
+if ! capsh --has-p=cap_sys_admin; then
+    echo "Required capability SYS_ADMIN is missing"
+    exit 1
+fi
+
+# Check if /dev/shm is large enough (2GB at least)
+if ! shm-check; then
+    echo "/dev/shm must be at least 2GB in size"
+    exit 1
+fi
+
+if [[ -z $JIBRI_RECORDER_PASSWORD || -z $JIBRI_XMPP_PASSWORD ]]; then
+    echo 'FATAL ERROR: Jibri recorder password and auth password must be set'
+    exit 1
+fi
+
+OLD_JIBRI_RECORDER_PASSWORD=passw0rd
+if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then
+    echo 'FATAL ERROR: Jibri recorder password must be changed, check the README'
+    exit 1
+fi
+
+OLD_JIBRI_XMPP_PASSWORD=passw0rd
+if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then
+    echo 'FATAL ERROR: Jibri auth password must be changed, check the README'
+    exit 1
+fi
+
+# DISPLAY is necessary for start
+[ -z "${DISPLAY}" ] \
+&& ( echo -e "\e[31mERROR: Please set DISPLAY variable.\e[39m"; kill 1; exit 1 )
+
+# script for finalizing must have executing bit.
+[ ! -z "${JIBRI_FINALIZE_RECORDING_SCRIPT_PATH}" ] \
+&& [ -f "${JIBRI_FINALIZE_RECORDING_SCRIPT_PATH}" ] \
+&& [ ! -x "${JIBRI_FINALIZE_RECORDING_SCRIPT_PATH}" ] \
+&& chmod +x ${JIBRI_FINALIZE_RECORDING_SCRIPT_PATH}
+
+# set random jibri nickname for the instance if is not set
+[ -z "${JIBRI_INSTANCE_ID}" ] && export JIBRI_INSTANCE_ID="jibri-$(date +%N)"
+
+# check for AUTOSCALER_URL, AUTOSCALER_SIDECAR_KEY_FILE and AUTOSCALER_SIDECAR_KEY_ID as indicator that sidecar should be enabled
+if [ -n "$AUTOSCALER_URL" ]; then
+    if [ -z "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then
+        export AUTOSCALER_SIDECAR_KEY_FILE="/etc/jitsi/autoscaler-sidecar/asap.pem"
+    fi
+    if [ -z "$AUTOSCALER_SIDECAR_KEY_ID" ]; then
+        # assume key id is equal to the base real path of the key file minus .pem
+        export AUTOSCALER_SIDECAR_KEY_ID="$(basename "$(realpath "$AUTOSCALER_SIDECAR_KEY_FILE")" | tr -d '.pem')"
+    fi
+
+    if [ -f "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then
+        echo "AUTOSCALER_URL found, enabling autoscaler sidecar"
+
+        export JIBRI_VERSION="$(dpkg -s jibri | grep Version | awk '{print $2}' | sed 's/..$//')"
+
+        [ -z "$AUTOSCALER_SIDECAR_PORT" ] && export AUTOSCALER_SIDECAR_PORT="6000"
+        [ -z "$JIBRI_WEBHOOK_SUBSCRIBERS" ] && export JIBRI_WEBHOOK_SUBSCRIBERS="http://localhost:$AUTOSCALER_SIDECAR_PORT/hook"
+        [ -z "$AUTOSCALER_SIDECAR_INSTANCE_ID" ] && export AUTOSCALER_SIDECAR_INSTANCE_ID="$JIBRI_INSTANCE_ID"
+        [ -z "$AUTOSCALER_SIDECAR_REGION" ] && export AUTOSCALER_SIDECAR_REGION="docker"
+        [ -z "$AUTOSCALER_SIDECAR_GROUP_NAME" ] && export AUTOSCALER_SIDECAR_GROUP_NAME="docker-jibri"
+        [ -z "$LOCAL_ADDRESS" ] && export LOCAL_ADDRESS="$(ip route get 1 | grep -oP '(?<=src ).*' | awk '{ print $1 '})"
+
+        mkdir -p /etc/jitsi/autoscaler-sidecar
+        tpl /defaults/autoscaler-sidecar.config > /etc/jitsi/autoscaler-sidecar/config
+    else
+        echo "No key file at $AUTOSCALER_SIDECAR_KEY_FILE, leaving autoscaler sidecar disabled"
+    fi
+else
+    echo "No AUTOSCALER_URL defined, leaving autoscaler sidecar disabled"
+fi
+
+# maintain backward compatibility with older variable
+[ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN="$XMPP_RECORDER_DOMAIN"
+
+# always recreate configs
+tpl /defaults/jibri.conf > /etc/jitsi/jibri/jibri.conf
+tpl /defaults/xmpp.conf > /etc/jitsi/jibri/xmpp.conf
+tpl /defaults/logging.properties > /etc/jitsi/jibri/logging.properties
+tpl /defaults/xorg-video-dummy.conf > /etc/jitsi/jibri/xorg-video-dummy.conf
+
+# make recording dir
+[ -z "${JIBRI_RECORDING_DIR}" ] && export JIBRI_RECORDING_DIR=/config/recordings
+mkdir -p ${JIBRI_RECORDING_DIR}
+chown -R jibri ${JIBRI_RECORDING_DIR}
+
+# make logs dir
+JIBRI_LOGS_DIR=/config/logs
+mkdir -p ${JIBRI_LOGS_DIR}
+chown -R jibri ${JIBRI_LOGS_DIR}
--- a/jitsi/jibri/rootfs/etc/fix-attrs.d/10-jibri
+++ b/jitsi/jibri/rootfs/etc/fix-attrs.d/10-jibri
@@ -0,0 +1,2 @@
+/home/jibri/.config true jibri 0640 0750
+/home/jibri false jibri 0640 0750
--- a/jitsi/jibri/rootfs/etc/opt/chrome/policies/managed/managed_policies.json
+++ b/jitsi/jibri/rootfs/etc/opt/chrome/policies/managed/managed_policies.json
@@ -0,0 +1,3 @@
+{
+  "CommandLineFlagSecurityWarningsEnabled": false
+}
--- a/jitsi/jibri/rootfs/etc/pulse/default.pa
+++ b/jitsi/jibri/rootfs/etc/pulse/default.pa
@@ -0,0 +1,65 @@
+#!/usr/bin/pulseaudio -nF
+#
+# This file is part of PulseAudio.
+#
+# PulseAudio is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# PulseAudio is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
+
+# This startup script is used only if PulseAudio is started per-user
+# (i.e. not in system mode)
+
+# Customized for Jibri
+
+.fail
+
+### Automatically restore the volume of streams and devices
+load-module module-device-restore
+load-module module-stream-restore
+load-module module-card-restore
+
+### Automatically augment property information from .desktop files
+### stored in /usr/share/application
+load-module module-augment-properties
+
+### Should be after module-*-restore but before module-*-detect
+load-module module-switch-on-port-available
+
+### Load several protocols
+load-module module-native-protocol-unix
+
+### Automatically restore the default sink/source when changed by the user
+### during runtime
+### NOTE: This should be loaded as early as possible so that subsequent modules
+### that look up the default sink/source get the right value
+load-module module-default-device-restore
+
+### Make sure we always have a sink around, even if it is a null sink.
+load-module module-always-sink
+
+### Honour intended role device property
+load-module module-intended-roles
+
+### Automatically suspend sinks/sources that become idle for too long
+load-module module-suspend-on-idle
+
+### If autoexit on idle is enabled we want to make sure we only quit
+### when no local session needs us anymore.
+#.ifexists module-console-kit.so
+#load-module module-console-kit
+#.endif
+#.ifexists module-systemd-login.so
+#load-module module-systemd-login
+#.endif
+
+### Enable positioned event sounds
+load-module module-position-event-sounds
--- a/jitsi/jibri/rootfs/etc/services.d/10-xorg/run
+++ b/jitsi/jibri/rootfs/etc/services.d/10-xorg/run
@@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv bash
+
+DAEMON="/usr/bin/Xorg -nocursor -noreset  +extension RANDR +extension RENDER -logfile /tmp/xorg.log  -config /etc/jitsi/jibri/xorg-video-dummy.conf ${DISPLAY}"
+exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"
+
--- a/jitsi/jibri/rootfs/etc/services.d/20-icewm/run
+++ b/jitsi/jibri/rootfs/etc/services.d/20-icewm/run
@@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv bash
+
+DAEMON="/usr/bin/icewm-session"
+exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"
+
--- a/jitsi/jibri/rootfs/etc/services.d/30-pulse/run
+++ b/jitsi/jibri/rootfs/etc/services.d/30-pulse/run
@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+
+HOME=/home/jibri
+exec s6-setuidgid jibri /bin/bash -c "exec /usr/bin/pulseaudio"
--- a/jitsi/jibri/rootfs/etc/services.d/40-jibri/finish
+++ b/jitsi/jibri/rootfs/etc/services.d/40-jibri/finish
@@ -0,0 +1,9 @@
+#!/usr/bin/with-contenv bash
+
+# When jibri is shutdown (or gracefully shutdown), it exits with code 255.
+# In this case, we don't want S6 to restart the service. We want to stop all
+# services and shutdown the container.
+
+if [[ $1 -eq 255 ]]; then
+  s6-svscanctl -t /var/run/s6/services
+fi
--- a/jitsi/jibri/rootfs/etc/services.d/40-jibri/run
+++ b/jitsi/jibri/rootfs/etc/services.d/40-jibri/run
@@ -0,0 +1,12 @@
+#!/usr/bin/with-contenv bash
+
+# we have to set it, otherwise chrome won't find ~/.asoundrc file
+HOME=/home/jibri
+
+DAEMON=/opt/jitsi/jibri/launch.sh
+CHROME_BIN_PATH="$(which google-chrome)"
+[ $? -ne 0 ] && CHROME_BIN_PATH="$(which chromium)"
+# pre-warm google chrome before jibri launches to ensure fast chrome launch during recordings
+[ -n "$CHROME_BIN_PATH" ] && s6-setuidgid jibri $CHROME_BIN_PATH --timeout=1000 --headless about:blank
+exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"
+
--- a/jitsi/jibri/rootfs/etc/services.d/50-autoscaler-sidecar/run
+++ b/jitsi/jibri/rootfs/etc/services.d/50-autoscaler-sidecar/run
@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv bash
+
+if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then
+    DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js"
+    exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON"
+else
+    # if autoscaler-sidecar should not be started,
+    # prevent s6 from restarting this script again and again
+    s6-svc -O /var/run/s6/services/50-autoscaler-sidecar
+fi