add recording container

I've added recording.conf to the update script to see, when there are changes done to it, also backend.secret needs to be changed in the config and added to all other configs in aio Signed-off-by: Zoey <[email protected]>
nextcloud · Jun 3, 2023 · e275338 · e275338
1 parent 27d99ef
commit e275338
Show file tree

Hide file tree

Showing 6 changed files with 241 additions and 1 deletion.
diff --git a/.github/workflows/recording-update.yml b/.github/workflows/recording-update.yml
@@ -0,0 +1,36 @@
+name: recording-update
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  run_update:
+    name: update spreed
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Run spreed-update
+      run: |
+        # Spreed
+        spreed_version="$(
+          git ls-remote https://github.com/nextcloud/spreed v*.*.* \
+            | cut -d/ -f3 \
+            | sort -V \
+            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
+            | tail -1
+        )"
+        sed -i "s|git clone --recursive https://github.com/nextcloud/spreed --branch .* /src; \\\|git clone --recursive https://github.com/nextcloud/spreed --branch $spreed_version /src; \\\|" ./Containers/recording/Dockerfile
+        curl -L "https://raw.githubusercontent.com/nextcloud/spreed/$spreed_version/recording/server.conf.in" -o Containers/recording/recording.conf
+        
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v5
+      with:
+        commit-message: recording-update automated change
+        signoff: true
+        title: recording update
+        body: Automated recording container update
+        labels: dependencies, 3. to review
+        milestone: next
+        branch: recording-container-update
diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
@@ -47,6 +47,10 @@
         uri strip_prefix /standalone-signaling
         reverse_proxy {$TALK_HOST}:8081
     }
+    route /recording/* {
+        uri strip_prefix /recording
+        reverse_proxy {$TALK_HOST}:1234
+    }
 
     # Others
     import /mnt/data/caddy-imports/*

diff --git a/Containers/recording/Dockerfile b/Containers/recording/Dockerfile
@@ -0,0 +1,41 @@
+FROM python:3.11.3-alpine3.18
+
+COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=664 recording.conf /etc/recording.conf
+
+RUN set -ex; \
+    apk add --no-cache \
+        ca-certificates \
+        tzdata \
+        bash \
+        ffmpeg \
+        libpulse \
+        bind-tools \
+        netcat-openbsd \
+        git \
+        wget \
+        shadow; \
+    # xvfb firefox chromium chromium-chromedriver?
+    # apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing; \
+    useradd --system recordning; \
+    git clone --recursive https://github.com/nextcloud/spreed --branch v16.0.3 /src; \
+    mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
+    python3 -m pip install /src/recording/src; \
+    rm -rf /src; \
+    apk del --no-cache \
+        git \
+        wget \
+        shadow; \
+    \
+# Give root a random password
+    echo "root:$(openssl rand -base64 12)" | chpasswd; \
+    \
+    chown recordning:recordning -R \
+        /tmp;
+
+USER recordning
+ENTRYPOINT ["start.sh"]
+CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/etc/recording.conf"]
+
+HEALTHCHECK CMD nc -z localhost 1234 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/recording/recording.conf b/Containers/recording/recording.conf
@@ -0,0 +1,111 @@
+[logs]
+# Log level based on numeric values of Python logging levels:
+# - Critical: 50
+# - Error:    40
+# - Warning:  30
+# - Info:     20
+# - Debug:    10
+# - Not set:   0
+#level = 20
+
+[http]
+# IP and port to listen on for HTTP requests.
+listen = 0.0.0.0:1234
+
+[backend]
+# Allow any hostname as backend endpoint. This is extremely insecure and should
+# only be used during development.
+#allowall = false
+
+# Common shared secret for requests from and to the backend servers if
+# "allowall" is enabled. This must be the same value as configured in the
+# Nextcloud admin ui.
+#secret = the-shared-secret
+
+# Comma-separated list of backend ids allowed to connect.
+#backends = backend-id, another-backend
+
+# If set to "true", certificate validation of backend endpoints will be skipped.
+# This should only be enabled during development, e.g. to work with self-signed
+# certificates.
+# Overridable by backend.
+#skipverify = false
+
+# Maximum allowed size in bytes for messages sent by the backend.
+# Overridable by backend.
+#maxmessagesize = 1024
+
+# Width for recorded videos.
+# Overridable by backend.
+#videowidth = 1920
+
+# Height for recorded videos.
+# Overridable by backend.
+#videoheight = 1080
+
+# Temporary directory used to store recordings until uploaded. It must be
+# writable by the user running the recording server.
+# Overridable by backend.
+#directory = /tmp
+
+# Backend configurations as defined in the "[backend]" section above. The
+# section names must match the ids used in "backends" above.
+#[backend-id]
+# URL of the Nextcloud instance
+#url = https://cloud.domain.invalid
+
+# Shared secret for requests from and to the backend servers. This must be the
+# same value as configured in the Nextcloud admin ui.
+#secret = the-shared-secret
+
+#[another-backend]
+# URL of the Nextcloud instance
+#url = https://cloud.otherdomain.invalid
+
+# Shared secret for requests from and to the backend servers. This must be the
+# same value as configured in the Nextcloud admin ui.
+#secret = the-shared-secret
+
+[signaling]
+# Common shared secret for authenticating as an internal client of signaling
+# servers if a specific secret is not set for a signaling server. This must be
+# the same value as configured in the signaling server configuration file.
+#internalsecret = the-shared-secret-for-internal-clients
+
+# Comma-separated list of signaling servers with specific internal secrets.
+#signalings = signaling-id, another-signaling
+
+# Signaling server configurations as defined in the "[signaling]" section above.
+# The section names must match the ids used in "signalings" above.
+#[signaling-id]
+# URL of the signaling server
+#url = https://signaling.domain.invalid
+
+# Shared secret for authenticating as an internal client of signaling servers.
+# This must be the same value as configured in the signaling server
+# configuration file.
+#internalsecret = the-shared-secret-for-internal-clients
+
+#[another-signaling]
+# URL of the signaling server
+#url = https://signaling.otherdomain.invalid
+
+# Shared secret for authenticating as an internal client of signaling servers.
+# This must be the same value as configured in the signaling server
+# configuration file.
+#internalsecret = the-shared-secret-for-internal-clients
+
+[ffmpeg]
+# The options given to FFmpeg to encode the audio output. The options given here
+# fully override the default options for the audio output.
+#outputaudio = -c:a libopus
+
+# The options given to FFmpeg to encode the video output. The options given here
+# fully override the default options for the video output.
+#outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
+
+# The extension of the file for audio only recordings.
+#extensionaudio = .ogg
+
+# The extension of the file for audio and video recordings.
+#extensionvideo = .webm
diff --git a/Containers/recording/start.sh b/Containers/recording/start.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Variables
+if [ -z "$NC_DOMAIN" ]; then
+    echo "You need to provide the NC_DOMAIN."
+    exit 1
+elif [ -z "$SIGNALING_SECRET" ]; then
+    echo "You need to provide the SIGNALING_SECRET."
+    exit 1
+elif [ -z "$RECORDING_SECRET" ]; then
+    echo "You need to provide the RECORDING_SECRET."
+    exit 1
+fi
+
+set -x
+IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
+set +x
+
+# TODO: Check if using IP of signaling container is enough or if nc_domain/standalone-signaling is enough
+cat << RECORDING_CONF > "/etc/recording.conf"
+[logs]
+level = 20
+
+[http]
+listen = 0.0.0.0:1234
+
+[backend]
+allowall = false
+secret = ${RECORDING_SECRET}
+url = https://${NC_DOMAIN}
+skipverify = false
+maxmessagesize = 1024
+videowidth = 1920
+videoheight = 1080
+directory = /tmp
+
+[signaling]
+internalsecret = ${SIGNALING_SECRET}
+url = http://${IPv4_ADDRESS_TALK}:8081
+
+[ffmpeg]
+outputaudio = -c:a libopus
+outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
+extensionaudio = .ogg
+extensionvideo = .webm
+RECORDING_CONF
+
+exec "$@"
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
@@ -63,7 +63,7 @@ ENV TALK_PORT=3478
 
 USER talk
 ENTRYPOINT ["start.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+CMD ["supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT") || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"