Joachim Bauch
5296e09a2e
grpc: Always use reloadable credentials.
...
Settings the callaback functions on tls.Config seems to causes issues on
slow CPUs (e.g. GitHub actions) where old certificates might be reused.
2022-07-08 09:34:17 +02:00
Joachim Bauch
c463791e21
CI: Don't retry tests in case of failures.
...
Flaky tests should be fixed instead.
2022-07-08 08:33:57 +02:00
Joachim Bauch
a9517feebb
Merge pull request #289 from strukturag/jwt-v4
...
Update to Go module version of github.com/golang-jwt/jwt
2022-07-07 17:16:53 +02:00
Joachim Bauch
924fce6713
Stop using deprecated "jwt.StandardClaims".
2022-07-07 17:12:21 +02:00
Joachim Bauch
8a97fa7f5e
Update to Go module version of github.com/golang-jwt/jwt
2022-07-07 17:04:34 +02:00
Joachim Bauch
ce5d74bbec
Run "go mod tidy".
2022-07-07 17:03:41 +02:00
Joachim Bauch
5b3b147794
Merge pull request #276 from Tachi107/systemd-hardening
...
dist: harden systemd service unit
2022-07-07 16:34:27 +02:00
Joachim Bauch
d3f8876d25
Merge pull request #281 from strukturag/refactor-async-events
...
Clustering support
2022-07-07 16:24:15 +02:00
Joachim Bauch
042d447ab4
Merge pull request #288 from strukturag/initial-welcome
...
Send initial "welcome" message when clients connect.
2022-07-07 10:10:43 +02:00
Joachim Bauch
243411671d
Add documentation for welcome message.
2022-07-07 10:04:13 +02:00
Joachim Bauch
f7db8a38e1
Send initial "welcome" message when clients connect.
...
This can be used to detect server features before performing the
actual "hello" handshake.
2022-07-07 09:57:10 +02:00
Joachim Bauch
ad1dea2780
Only send single "incall" message with "all: true" in clustered setup.
...
Previously each instance would send one message to all users in the cluster.
2022-07-04 15:26:12 +02:00
Joachim Bauch
32a2f822e0
Merge pull request #287 from strukturag/arbitrary-capabilities
...
Support arbitrary capabilities values.
2022-07-04 15:00:41 +02:00
Joachim Bauch
ec62503bd3
Support arbitrary capabilities values.
2022-07-04 13:53:02 +02:00
Joachim Bauch
b2da4002a4
grpc: Reload certificate if file has changed and support mutual authentication.
2022-07-04 11:05:21 +02:00
Joachim Bauch
06e9ae0644
Add certificate reloader class.
2022-07-04 10:50:44 +02:00
Joachim Bauch
44bf8b74c2
grpc: Make sure DNS discovery of clients continues if initial lookup failed.
2022-07-01 11:42:49 +02:00
Joachim Bauch
15dabeee1e
grpc: Check clients for own server id asychronously.
...
The external address of the (own) GRPC server might only be reachable after
some time, so performing the check only initially could fail but will
succeed later.
2022-07-01 10:22:16 +02:00
Joachim Bauch
715b2317df
Add helper to wait with exponential backoff.
2022-07-01 10:21:49 +02:00
Joachim Bauch
24eab34da7
Allow configuring backends through etcd.
2022-06-30 11:35:36 +02:00
Joachim Bauch
01858a89f4
grpc: Enable DNS discovery for GRPC clients.
2022-06-30 11:35:35 +02:00
Joachim Bauch
20cc51c2fe
grpc: Automatically detect if a target is the current server itself.
...
This allows configuring the same list of targets for all instances without
having to setup the "own" address differently for each server.
2022-06-30 11:35:35 +02:00
Joachim Bauch
5a242b2570
readme: Add note on clustering.
2022-06-30 11:35:34 +02:00
Joachim Bauch
0e144906a4
Added tests for clustered behaviour.
2022-06-30 11:35:33 +02:00
Joachim Bauch
dcb5be956c
Implement "sendoffer" for remote sessions.
2022-06-30 11:35:33 +02:00
Joachim Bauch
36710c8aa9
Improve detection of decodable sessions that were created on a different server.
2022-06-30 11:35:32 +02:00
Joachim Bauch
25dabf910d
Allow configuring GRPC targets through etcd.
2022-06-30 11:35:32 +02:00
Joachim Bauch
b6e419f18a
Add metrics for GRPC calls.
2022-06-30 11:35:31 +02:00
Joachim Bauch
b315c09a3b
Allow configuring GRPC transport credentials.
2022-06-30 11:35:30 +02:00
Joachim Bauch
6f64ff901d
Create temporary connection to proxy used by remote publisher.
2022-06-30 11:35:30 +02:00
Joachim Bauch
2ca9fb21c4
Add SingleNotifier class.
2022-06-30 11:35:29 +02:00
Joachim Bauch
a0d3af14e0
Add initial clustering support.
2022-06-30 11:35:28 +02:00
Joachim Bauch
7b24dc1d1d
Add grpc 1.47.0 / protobuf 1.28.0
2022-06-24 13:37:38 +02:00
Joachim Bauch
ece2903413
Trigger "joined" events through async messages.
2022-06-24 13:37:37 +02:00
Joachim Bauch
0115c97946
Refactor asynchronous events to central location.
2022-06-24 13:37:35 +02:00
Joachim Bauch
ddb7ece622
Merge pull request #283 from strukturag/etcd-tests-running
...
Fix testing etcd server not starting up if etcd is running on host.
2022-06-24 13:37:11 +02:00
Joachim Bauch
a761f135a8
Fix testing etcd server not starting up if etcd is running on host.
2022-06-24 13:30:32 +02:00
Joachim Bauch
a06bc333d2
make: remove leftover easyjson bootstrap files in "clean" target
2022-06-24 13:01:03 +02:00
Joachim Bauch
af4bd51ec0
Merge pull request #282 from strukturag/refactor-etcd
...
Move common etcd code to own class.
2022-06-24 12:20:15 +02:00
Joachim Bauch
b0624be0a9
Move etcd configuration to common section.
2022-06-24 11:15:29 +02:00
Joachim Bauch
134d22bfe7
Move common etcd code to own class.
2022-06-24 11:15:29 +02:00
Joachim Bauch
28b94191b1
Merge pull request #277 from strukturag/dependabot/pip/docs/sphinx-5.0.2
...
Bump sphinx from 5.0.1 to 5.0.2 in /docs
2022-06-20 08:47:39 +02:00
dependabot[bot]
83ce95f39f
Bump sphinx from 5.0.1 to 5.0.2 in /docs
...
Bumps [sphinx](https://github.com/sphinx-doc/sphinx ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases )
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/5.x/CHANGES )
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v5.0.1...v5.0.2 )
---
updated-dependencies:
- dependency-name: sphinx
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-16 20:31:46 +00:00
Joachim Bauch
79532954da
readme: Update link to documentation.
2022-06-15 09:13:14 +02:00
Joachim Bauch
3393ffde8a
Merge pull request #275 from Tachi107/systemd-sysusers
...
dist: add systemd sysusers file
2022-06-15 08:39:27 +02:00
Andrea Pappacoda
15a9bea122
dist: harden systemd service unit
...
With this patch the systemd service will now run in a hardened sandbox
that limits the kinds of subsystems available to the unit. This improves
the overall security of the system, as nextcloud-spreed-signaling
becomes almost pointless to exploit.
The most notable changes include:
- The entire fie system is mounted read-only with ProtectSystem=strict
- No binaries are executable, apart from /usr/bin/signaling, with
NoExecPaths=/ and ExecPaths=/usr/bin/signaling
- The service cannot see any user on the system apart from the one that
is running the process, with PrivateUsers=yes
- Most of the /proc subsystem is inaccessible, and things like system
stats may be unavailabe, with ProcSubset=pid
- All home directories are inaccessible, with ProtectHome=yes
- The kinds of permitted system calls are limited, via SystemCallFilter=
I highly recommend you to read the systemd.exec(5) manual page to fully
understand what these options do and how they can protect the system.
https://www.freedesktop.org/software/systemd/man/systemd.exec.html
2022-06-15 00:00:20 +02:00
Andrea Pappacoda
f09c343592
dist: add systemd sysusers file
...
The systemd unit makes use of the user "signaling", but it is not
created in any way, so the directive is ignored.
By creating a sysusers file it is possible to tell the system to create
a "signaling" user so that the directive is honoured.
For more information, see the sysusers.d manpage, at
https://www.freedesktop.org/software/systemd/man/sysusers.d.html
This is mainly useful on systems running systemd, but the sysusers
concept is implemented also by other projects that don't use systemd,
like opensysusers, originated from Artix Linux.
2022-06-14 22:30:31 +02:00
Joachim Bauch
da1efac59d
make: No need to run easyjson against room.go.
...
Doesn't define any JSON structs, so easyjson is no longer needed.
2022-06-14 16:50:34 +02:00
Joachim Bauch
4bedfdf780
Merge pull request #274 from strukturag/ignore-room-message-not-joined
...
Fix check for async room messages received while not joined to a room.
2022-06-14 16:44:14 +02:00
Joachim Bauch
078768f9c8
Fix check for async room messages received while not joined to a room.
2022-06-14 16:38:29 +02:00