jiti-meet/debian/jitsi-meet-web-config.postinst

#!/bin/bash
# postinst script for jitsi-meet-web-config
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

case "$1" in
    configure)

        # loading debconf
        . /usr/share/debconf/confmodule

        # try to get host from jitsi-videobridge
        db_get jitsi-videobridge/jvb-hostname
        if [ -z "$RET" ] ; then
            # server hostname
            db_set jitsi-videobridge/jvb-hostname "localhost"
            db_input critical jitsi-videobridge/jvb-hostname || true
            db_go
            db_get jitsi-videobridge/jvb-hostname
        fi
        JVB_HOSTNAME=$(echo "$RET" | xargs echo -n)

        # detect dpkg-reconfigure
        RECONFIGURING="false"
        db_get jitsi-meet/jvb-hostname
        JVB_HOSTNAME_OLD=$(echo "$RET" | xargs echo -n)
        if [ -n "$RET" ] && [ ! "$JVB_HOSTNAME_OLD" = "$JVB_HOSTNAME" ] ; then
            RECONFIGURING="true"
            rm -f /etc/jitsi/meet/$JVB_HOSTNAME_OLD-config.js
        fi

        # stores the hostname so we will reuse it later, like in purge
        db_set jitsi-meet/jvb-hostname $JVB_HOSTNAME

        NGINX_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx' 2>/dev/null | awk '{print $3}' || true)"
        NGINX_FULL_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx-full' 2>/dev/null | awk '{print $3}' || true)"
        NGINX_EXTRAS_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx-extras' 2>/dev/null | awk '{print $3}' || true)"
        if [ "$NGINX_INSTALL_CHECK" = "installed" ] \
           || [ "$NGINX_INSTALL_CHECK" = "unpacked" ] \
           || [ "$NGINX_FULL_INSTALL_CHECK" = "installed" ] \
           || [ "$NGINX_FULL_INSTALL_CHECK" = "unpacked" ] \
           || [ "$NGINX_EXTRAS_INSTALL_CHECK" = "installed" ] \
           || [ "$NGINX_EXTRAS_INSTALL_CHECK" = "unpacked" ] ; then
            FORCE_NGINX="true"
        fi
        APACHE_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'apache2' 2>/dev/null | awk '{print $3}' || true)"
        if [ "$APACHE_INSTALL_CHECK" = "installed" ] || [ "$APACHE_INSTALL_CHECK" = "unpacked" ] ; then
            FORCE_APACHE="true"
        fi
        # In case user enforces apache and if apache is available, unset nginx.
        RET=""
        db_get jitsi-meet/enforce_apache || RET="false"
        if [ "$RET" = "true" ] && [ "$FORCE_APACHE" = "true" ]; then
            FORCE_NGINX="false"
        fi

        db_subst jitsi-meet/jaas-choice domain "${JVB_HOSTNAME}"
        db_set jitsi-meet/jaas-choice false
        db_input critical jitsi-meet/jaas-choice || true
        db_go
        db_get jitsi-meet/jaas-choice
        JAAS_INPUT="$RET"

        UPLOADED_CERT_CHOICE="I want to use my own certificate"
        LE_CERT_CHOICE="Let's Encrypt certificates"
        # if first time config ask for certs, or if we are reconfiguring
        if [ -z "$JVB_HOSTNAME_OLD" ] || [ "$RECONFIGURING" = "true" ] ; then
            RET=""
            db_input critical jitsi-meet/cert-choice || true
            db_go
            db_get jitsi-meet/cert-choice
            CERT_CHOICE="$RET"

            if [ "$CERT_CHOICE" = "$UPLOADED_CERT_CHOICE" ]; then
                RET=""
                db_get jitsi-meet/cert-path-key
                if [ -z "$RET" ] ; then
                    db_set jitsi-meet/cert-path-key "/etc/ssl/$JVB_HOSTNAME.key"
                    db_input critical jitsi-meet/cert-path-key || true
                    db_go
                    db_get jitsi-meet/cert-path-key
                fi
                CERT_KEY="$RET"
                RET=""
                db_get jitsi-meet/cert-path-crt
                if [ -z "$RET" ] ; then
                    db_set jitsi-meet/cert-path-crt "/etc/ssl/$JVB_HOSTNAME.crt"
                    db_input critical jitsi-meet/cert-path-crt || true
                    db_go
                    db_get jitsi-meet/cert-path-crt
                fi
                CERT_CRT="$RET"
            else
                # create self-signed certs (we also need them for the case of LE so we can start nginx)
                CERT_KEY="/etc/jitsi/meet/$JVB_HOSTNAME.key"
                CERT_CRT="/etc/jitsi/meet/$JVB_HOSTNAME.crt"
                HOST="$( (hostname -s; echo localhost) | head -n 1)"
                DOMAIN="$( (hostname -d; echo localdomain) | head -n 1)"
                openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj \
                    "/O=$DOMAIN/OU=$HOST/CN=$JVB_HOSTNAME/emailAddress=webmaster@$HOST.$DOMAIN" \
                    -keyout $CERT_KEY \
                    -out $CERT_CRT \
                    -reqexts SAN \
                    -extensions SAN \
                    -config <(cat /etc/ssl/openssl.cnf \
                        <(printf "[SAN]\nsubjectAltName=DNS:localhost,DNS:$JVB_HOSTNAME"))

                if [ "$CERT_CHOICE" = "$LE_CERT_CHOICE" ]; then
                    db_subst jitsi-meet/email domain "${JVB_HOSTNAME}"
                    db_input critical jitsi-meet/email || true
                    db_go
                    db_get jitsi-meet/email
                    EMAIL="$RET"
                    if [ ! -z "$EMAIL" ] ; then
                        ISSUE_LE_CERT="true"
                    fi
                fi
            fi
        fi

        # jitsi meet
        JITSI_MEET_CONFIG="/etc/jitsi/meet/$JVB_HOSTNAME-config.js"
        if [ ! -f $JITSI_MEET_CONFIG ] ; then
            cp /usr/share/jitsi-meet-web-config/config.js $JITSI_MEET_CONFIG
            # replaces needed config for multidomain as it works only with nginx
            if [[ "$FORCE_NGINX" = "true" ]] ; then
                sed -i "s/conference.jitsi-meet.example.com/conference.<\!--# echo var=\"subdomain\" default=\"\" -->jitsi-meet.example.com/g" $JITSI_MEET_CONFIG
            fi
            sed -i "s/jitsi-meet.example.com/$JVB_HOSTNAME/g" $JITSI_MEET_CONFIG
        fi

        if [ "${JAAS_INPUT}" = "true" ] && ! grep -q "^var enableJaaS = true;$" $JITSI_MEET_CONFIG;  then
            if grep -q "^var enableJaaS = false;$" $JITSI_MEET_CONFIG; then
                sed -i "s/^var enableJaaS = false;$/var enableJaaS = true;/g" $JITSI_MEET_CONFIG
            else
                # old config, let's add the lines at the end. Adding var enableJaaS to avoid adding it on update again
                echo "var enableJaaS = true;" >> $JITSI_MEET_CONFIG
                echo "config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';" >> $JITSI_MEET_CONFIG
                echo "config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';" >> $JITSI_MEET_CONFIG

                # Sets roomPasswordNumberOfDigits only if there was not already set
                if ! cat $JITSI_MEET_CONFIG | grep roomPasswordNumberOfDigits | grep -qv //; then
                    echo "config.roomPasswordNumberOfDigits = 10; // skip re-adding it (do not remove comment)" >> $JITSI_MEET_CONFIG
                fi
            fi
        fi

        if [[ "$FORCE_NGINX" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then

            # this is a reconfigure, lets just delete old links
            if [ "$RECONFIGURING" = "true" ] ; then
                rm -f /etc/nginx/sites-enabled/$JVB_HOSTNAME_OLD.conf
                rm -f /etc/jitsi/meet/$JVB_HOSTNAME_OLD-config.js
            fi

            # nginx conf
            if [ ! -f /etc/nginx/sites-available/$JVB_HOSTNAME.conf ] ; then
                cp /usr/share/jitsi-meet-web-config/jitsi-meet.example /etc/nginx/sites-available/$JVB_HOSTNAME.conf
                if [ ! -f /etc/nginx/sites-enabled/$JVB_HOSTNAME.conf ] ; then
                    ln -s /etc/nginx/sites-available/$JVB_HOSTNAME.conf /etc/nginx/sites-enabled/$JVB_HOSTNAME.conf
                fi
                sed -i "s/jitsi-meet.example.com/$JVB_HOSTNAME/g" /etc/nginx/sites-available/$JVB_HOSTNAME.conf
            fi

            if [ "$CERT_CHOICE" = "$UPLOADED_CERT_CHOICE" ] ; then
                # replace self-signed certificate paths with user provided ones
                CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
                CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
                sed -i "s/ssl_certificate_key\ \/etc\/jitsi\/meet\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \
                    /etc/nginx/sites-available/$JVB_HOSTNAME.conf
                CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
                CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
                sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \
                    /etc/nginx/sites-available/$JVB_HOSTNAME.conf
            fi

            invoke-rc.d nginx reload || true
        elif [[ "$FORCE_APACHE" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then

            # this is a reconfigure, lets just delete old links
            if [ "$RECONFIGURING" = "true" ] ; then
                a2dissite $JVB_HOSTNAME_OLD.conf
                rm -f /etc/jitsi/meet/$JVB_HOSTNAME_OLD-config.js
            fi

            # apache2 config
            if [ ! -f /etc/apache2/sites-available/$JVB_HOSTNAME.conf ] ; then
                # when creating new config, make sure all needed modules are enabled
                a2enmod rewrite ssl headers proxy_http proxy_wstunnel include
                cp /usr/share/jitsi-meet-web-config/jitsi-meet.example-apache /etc/apache2/sites-available/$JVB_HOSTNAME.conf
                a2ensite $JVB_HOSTNAME.conf
                sed -i "s/jitsi-meet.example.com/$JVB_HOSTNAME/g" /etc/apache2/sites-available/$JVB_HOSTNAME.conf
            fi

            if [ "$CERT_CHOICE" = "$UPLOADED_CERT_CHOICE" ] ; then
                # replace self-signed certificate paths with user provided ones
                CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
                CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
                sed -i "s/SSLCertificateKeyFile\ \/etc\/jitsi\/meet\/.*key/SSLCertificateKeyFile\ $CERT_KEY_ESC/g" \
                    /etc/apache2/sites-available/$JVB_HOSTNAME.conf
                CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
                CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
                sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \
                    /etc/apache2/sites-available/$JVB_HOSTNAME.conf
            fi

            invoke-rc.d apache2 reload || true
        fi

        # If scripts fail they will print suggestions for next steps, do not fail install
        # those can be re-run later
        # run the scripts only on new install or when re-configuring
        if [ "$ISSUE_LE_CERT" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ] ; then
            /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL $JVB_HOSTNAME || true
        fi
        if [ "${JAAS_INPUT}" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ] ; then
            /usr/share/jitsi-meet/scripts/register-jaas-account.sh $EMAIL $JVB_HOSTNAME || true
        fi

        echo ""
        echo ""
        echo "       ;dOocd;"
        echo "     .dNMM0dKO."
        echo "     lNMMMKd0K,"
        echo "    .xMMMMNxkNc"
        echo "     dMMMMMkxXc"
        echo "     cNMMMNl.."
        if [ "${JAAS_INPUT}" != "true" ]; then
            echo "     .kMMMX;             Interested in adding telephony to your Jitsi meetings?"
            echo "      ;XMMMO'"
            echo "       lNMMWO'           Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
            echo "        lNMMM0,                        and follow the guide in the dev console."
        else
            echo "     .kMMMX;"
            echo "      ;XMMMO'            Don't forget to sign up on"
            echo "       lNMMWO'             https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
            echo "        lNMMM0,              in order to add telephony to your Jitsi meetings!"
        fi
        echo "         lXMMMK:."
        echo "          ;KMMMNKd.  'oo,"
        echo "           'xNMMMMXkkkkOKOl'"
        echo "             :0WMMMMMMNOkk0Kk,"
        echo "              .cdOWMMMMMWXOkOl"
        echo "                 .;dKWMMMMMXc."
        echo "                    .,:cll:'"
        echo ""
        echo ""

        # and we're done with debconf
        db_stop
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0