deblan-mirror/nextcloud-spreed-signaling
deblan-mirror/nextcloud-spreed-signaling
1
0
Fork 0
mirror of https://github.com/strukturag/nextcloud-spreed-signaling synced 2024-06-03 06:22:14 +02:00
Code Issues Releases Wiki Activity
703 commits 5 branches 19 tags 4.1 MiB
Commit graph

703 commits

This branch
This branch
All branches
Author SHA1 Message Date
Joachim Bauch ce5d74bbec
Run "go mod tidy". 2022-07-07 17:03:41 +02:00
Joachim Bauch 5b3b147794
Merge pull request #276 from Tachi107/systemd-hardening 
dist: harden systemd service unit
 2022-07-07 16:34:27 +02:00
Joachim Bauch d3f8876d25
Merge pull request #281 from strukturag/refactor-async-events 
Clustering support
 2022-07-07 16:24:15 +02:00
Joachim Bauch 042d447ab4
Merge pull request #288 from strukturag/initial-welcome 
Send initial "welcome" message when clients connect.
 2022-07-07 10:10:43 +02:00
Joachim Bauch 243411671d
Add documentation for welcome message. 2022-07-07 10:04:13 +02:00
Joachim Bauch f7db8a38e1
Send initial "welcome" message when clients connect. 
This can be used to detect server features before performing the
actual "hello" handshake.
 2022-07-07 09:57:10 +02:00
Joachim Bauch ad1dea2780
Only send single "incall" message with "all: true" in clustered setup. 
Previously each instance would send one message to all users in the cluster.
 2022-07-04 15:26:12 +02:00
Joachim Bauch 32a2f822e0
Merge pull request #287 from strukturag/arbitrary-capabilities 
Support arbitrary capabilities values.
 2022-07-04 15:00:41 +02:00
Joachim Bauch ec62503bd3
Support arbitrary capabilities values. 2022-07-04 13:53:02 +02:00
Joachim Bauch b2da4002a4
grpc: Reload certificate if file has changed and support mutual authentication. 2022-07-04 11:05:21 +02:00
Joachim Bauch 06e9ae0644
Add certificate reloader class. 2022-07-04 10:50:44 +02:00
Joachim Bauch 44bf8b74c2
grpc: Make sure DNS discovery of clients continues if initial lookup failed. 2022-07-01 11:42:49 +02:00
Joachim Bauch 15dabeee1e
grpc: Check clients for own server id asychronously. 
The external address of the (own) GRPC server might only be reachable after
some time, so performing the check only initially could fail but will
succeed later.
 2022-07-01 10:22:16 +02:00
Joachim Bauch 715b2317df
Add helper to wait with exponential backoff. 2022-07-01 10:21:49 +02:00
Joachim Bauch 24eab34da7
Allow configuring backends through etcd. 2022-06-30 11:35:36 +02:00
Joachim Bauch 01858a89f4
grpc: Enable DNS discovery for GRPC clients. 2022-06-30 11:35:35 +02:00
Joachim Bauch 20cc51c2fe
grpc: Automatically detect if a target is the current server itself. 
This allows configuring the same list of targets for all instances without
having to setup the "own" address differently for each server.
 2022-06-30 11:35:35 +02:00
Joachim Bauch 5a242b2570
readme: Add note on clustering. 2022-06-30 11:35:34 +02:00
Joachim Bauch 0e144906a4
Added tests for clustered behaviour. 2022-06-30 11:35:33 +02:00
Joachim Bauch dcb5be956c
Implement "sendoffer" for remote sessions. 2022-06-30 11:35:33 +02:00
Joachim Bauch 36710c8aa9
Improve detection of decodable sessions that were created on a different server. 2022-06-30 11:35:32 +02:00
Joachim Bauch 25dabf910d
Allow configuring GRPC targets through etcd. 2022-06-30 11:35:32 +02:00
Joachim Bauch b6e419f18a
Add metrics for GRPC calls. 2022-06-30 11:35:31 +02:00
Joachim Bauch b315c09a3b
Allow configuring GRPC transport credentials. 2022-06-30 11:35:30 +02:00
Joachim Bauch 6f64ff901d
Create temporary connection to proxy used by remote publisher. 2022-06-30 11:35:30 +02:00
Joachim Bauch 2ca9fb21c4
Add SingleNotifier class. 2022-06-30 11:35:29 +02:00
Joachim Bauch a0d3af14e0
Add initial clustering support. 2022-06-30 11:35:28 +02:00
Joachim Bauch 7b24dc1d1d
Add grpc 1.47.0 / protobuf 1.28.0 2022-06-24 13:37:38 +02:00
Joachim Bauch ece2903413
Trigger "joined" events through async messages. 2022-06-24 13:37:37 +02:00
Joachim Bauch 0115c97946
Refactor asynchronous events to central location. 2022-06-24 13:37:35 +02:00
Joachim Bauch ddb7ece622
Merge pull request #283 from strukturag/etcd-tests-running 
Fix testing etcd server not starting up if etcd is running on host.
 2022-06-24 13:37:11 +02:00
Joachim Bauch a761f135a8
Fix testing etcd server not starting up if etcd is running on host. 2022-06-24 13:30:32 +02:00
Joachim Bauch a06bc333d2
make: remove leftover easyjson bootstrap files in "clean" target 2022-06-24 13:01:03 +02:00
Joachim Bauch af4bd51ec0
Merge pull request #282 from strukturag/refactor-etcd 
Move common etcd code to own class.
 2022-06-24 12:20:15 +02:00
Joachim Bauch b0624be0a9
Move etcd configuration to common section. 2022-06-24 11:15:29 +02:00
Joachim Bauch 134d22bfe7
Move common etcd code to own class. 2022-06-24 11:15:29 +02:00
Joachim Bauch 28b94191b1
Merge pull request #277 from strukturag/dependabot/pip/docs/sphinx-5.0.2 
Bump sphinx from 5.0.1 to 5.0.2 in /docs
 2022-06-20 08:47:39 +02:00
dependabot[bot] 83ce95f39f
Bump sphinx from 5.0.1 to 5.0.2 in /docs 
Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/5.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v5.0.1...v5.0.2)

---
updated-dependencies:
- dependency-name: sphinx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-16 20:31:46 +00:00
Joachim Bauch 79532954da
readme: Update link to documentation. 2022-06-15 09:13:14 +02:00
Joachim Bauch 3393ffde8a
Merge pull request #275 from Tachi107/systemd-sysusers 
dist: add systemd sysusers file
 2022-06-15 08:39:27 +02:00
Andrea Pappacoda 15a9bea122
dist: harden systemd service unit 
With this patch the systemd service will now run in a hardened sandbox
that limits the kinds of subsystems available to the unit. This improves
the overall security of the system, as nextcloud-spreed-signaling
becomes almost pointless to exploit.

The most notable changes include:

- The entire fie system is mounted read-only with ProtectSystem=strict
- No binaries are executable, apart from /usr/bin/signaling, with
  NoExecPaths=/ and ExecPaths=/usr/bin/signaling
- The service cannot see any user on the system apart from the one that
  is running the process, with PrivateUsers=yes
- Most of the /proc subsystem is inaccessible, and things like system
  stats may be unavailabe, with ProcSubset=pid
- All home directories are inaccessible, with ProtectHome=yes
- The kinds of permitted system calls are limited, via SystemCallFilter=

I highly recommend you to read the systemd.exec(5) manual page to fully
understand what these options do and how they can protect the system.
https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 2022-06-15 00:00:20 +02:00
Andrea Pappacoda f09c343592
dist: add systemd sysusers file 
The systemd unit makes use of the user "signaling", but it is not
created in any way, so the directive is ignored.

By creating a sysusers file it is possible to tell the system to create
a "signaling" user so that the directive is honoured.

For more information, see the sysusers.d manpage, at
https://www.freedesktop.org/software/systemd/man/sysusers.d.html

This is mainly useful on systems running systemd, but the sysusers
concept is implemented also by other projects that don't use systemd,
like opensysusers, originated from Artix Linux.
 2022-06-14 22:30:31 +02:00
Joachim Bauch da1efac59d
make: No need to run easyjson against room.go. 
Doesn't define any JSON structs, so easyjson is no longer needed.
 2022-06-14 16:50:34 +02:00
Joachim Bauch 4bedfdf780
Merge pull request #274 from strukturag/ignore-room-message-not-joined 
Fix check for async room messages received while not joined to a room.
 2022-06-14 16:44:14 +02:00
Joachim Bauch 078768f9c8
Fix check for async room messages received while not joined to a room. 2022-06-14 16:38:29 +02:00
Joachim Bauch 26f9edd476
Merge pull request #270 from strukturag/dependabot/pip/docs/sphinx-5.0.1 
Bump sphinx from 5.0.0 to 5.0.1 in /docs
 2022-06-03 08:25:44 +02:00
dependabot[bot] 31e7923ec1
Bump sphinx from 5.0.0 to 5.0.1 in /docs 
Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/5.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v5.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: sphinx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 20:57:29 +00:00
Joachim Bauch 6a1a00551d
Merge pull request #269 from strukturag/dont_run_mod_tidy 
Don't run "go mod tidy" while building.
 2022-06-02 15:58:11 +02:00
Joachim Bauch b83bf7cb5d
Don't run "go mod tidy" while building. 2022-06-02 15:52:29 +02:00
Joachim Bauch cbfc96e0a7
Update changelog for 0.5.0 2022-06-02 14:16:33 +02:00