#!/usr/bin/env bash # @copyright Copyright (c) 2023, Daniel Calviño Sánchez (danxuliu@gmail.com) # # @license GNU AGPL version 3 or any later version # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # Helper script to run the recording backend for Nextcloud Talk. # # The recording backend is implemented in several Python files. This Bash script # is provided to set up a Docker container with Selenium, a web browser and all # the needed Python dependencies for the recording backend. # # This script creates an Ubuntu container, installs all the needed dependencies # in it and executes the recording backend inside the container. If the # container exists already the previous container will be reused and this script # will simply execute the recording backend in it. # # Due to that the Docker container will not be stopped nor removed when the # script exits (except when the container was created but it could not be # started); that must be explicitly done once the container is no longer needed. # # # # DOCKER AND PERMISSIONS # # To perform its job, this script requires the "docker" command to be available. # # The Docker Command Line Interface (the "docker" command) requires special # permissions to talk to the Docker daemon, and those permissions are typically # available only to the root user. Please see the Docker documentation to find # out how to give access to a regular user to the Docker daemon: # https://docs.docker.com/engine/installation/linux/linux-postinstall/ # # Note, however, that being able to communicate with the Docker daemon is the # same as being able to get root privileges for the system. Therefore, you must # give access to the Docker daemon (and thus run this script as) ONLY to trusted # and secure users: # https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface # Sets the variables that abstract the differences in command names and options # between operating systems. # # Switches between timeout on GNU/Linux and gtimeout on macOS (same for mktemp # and gmktemp). function setOperatingSystemAbstractionVariables() { case "$OSTYPE" in darwin*) if [ "$(which gtimeout)" == "" ]; then echo "Please install coreutils (brew install coreutils)" exit 1 fi MKTEMP=gmktemp TIMEOUT=gtimeout DOCKER_OPTIONS="-e no_proxy=localhost " ;; linux*) MKTEMP=mktemp TIMEOUT=timeout DOCKER_OPTIONS=" " ;; *) echo "Operating system ($OSTYPE) not supported" exit 1 ;; esac } # Removes Docker container if it was created but failed to start. function cleanUp() { # Disable (yes, "+" disables) exiting immediately on errors to ensure that # all the cleanup commands are executed (well, no errors should occur during # the cleanup anyway, but just in case). set +o errexit # The name filter must be specified as "^/XXX$" to get an exact match; using # just "XXX" would match every name that contained "XXX". if [ -n "$(docker ps --all --quiet --filter status=created --filter name="^/$CONTAINER$")" ]; then echo "Removing Docker container $CONTAINER" docker rm --volumes --force $CONTAINER fi } # Exit immediately on errors. set -o errexit # Execute cleanUp when the script exits, either normally or due to an error. trap cleanUp EXIT # Ensure working directory is script directory, as some actions (like copying # the files to the container) expect that. cd "$(dirname $0)" HELP="Usage: $(basename $0) [OPTION]... Options (all options can be omitted, but when present they must appear in the following order): --help prints this help and exits. --container CONTAINER_NAME the name to assign to the container. Defaults to talk-recording. --time-zone TIME_ZONE the time zone to use inside the container. Defaults to UTC. The recording backend can be started again later with a different time zone (although other commands executed in the container with 'docker exec' will still use the time zone specified during creation). --dev-shm-size SIZE the size to assign to /dev/shm in the Docker container. Defaults to 2g" if [ "$1" = "--help" ]; then echo "$HELP" exit 0 fi CONTAINER="talk-recording" if [ "$1" = "--container" ]; then CONTAINER="$2" shift 2 fi if [ "$1" = "--time-zone" ]; then TIME_ZONE="$2" shift 2 fi CUSTOM_CONTAINER_OPTIONS=false # 2g is the default value recommended in the documentation of the Docker images # for Selenium: # https://github.com/SeleniumHQ/docker-selenium#--shm-size2g DEV_SHM_SIZE="2g" if [ "$1" = "--dev-shm-size" ]; then DEV_SHM_SIZE="$2" CUSTOM_CONTAINER_OPTIONS=true shift 2 fi if [ -n "$1" ]; then echo "Invalid option (or at invalid position): $1 $HELP" exit 1 fi ENVIRONMENT_VARIABLES="" if [ -n "$TIME_ZONE" ]; then ENVIRONMENT_VARIABLES="--env TZ=$TIME_ZONE" fi setOperatingSystemAbstractionVariables # If the container is not found a new one is prepared. Otherwise the existing # container is used. # # The name filter must be specified as "^/XXX$" to get an exact match; using # just "XXX" would match every name that contained "XXX". if [ -z "$(docker ps --all --quiet --filter name="^/$CONTAINER$")" ]; then echo "Creating Talk recording container" # In Ubuntu 22.04 and later Firefox is installed as a snap package, which # does not work out of the box in a container. Therefore, for now Ubuntu # 20.04 is used instead. docker run --detach --tty --name=$CONTAINER --shm-size=$DEV_SHM_SIZE $ENVIRONMENT_VARIABLES $DOCKER_OPTIONS ubuntu:20.04 bash echo "Installing required Python modules" # "noninteractive" is used to provide default settings instead of asking for # them (for example, for tzdata). # Additional Python dependencies may be installed by pip if needed. docker exec $CONTAINER bash -c "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes ffmpeg firefox pulseaudio python3-pip xvfb" echo "Adding user to run the recording backend" docker exec $CONTAINER useradd --create-home recording echo "Copying recording backend to the container" docker exec $CONTAINER mkdir --parent /tmp/recording/ docker cp . $CONTAINER:/tmp/recording/ echo "Installing recording backend inside container" docker exec $CONTAINER python3 -m pip install /tmp/recording/ echo "Copying configuration from server.conf.in to /etc/nextcloud-talk-recording/server.conf" docker exec $CONTAINER mkdir --parent /etc/nextcloud-talk-recording/ docker cp server.conf.in $CONTAINER:/etc/nextcloud-talk-recording/server.conf elif $CUSTOM_CONTAINER_OPTIONS; then # Environment variables are excluded from this warning. echo "WARNING: Using existing container, custom container options ignored" fi # Start existing container if it is stopped. if [ -n "$(docker ps --all --quiet --filter status=exited --filter name="^/$CONTAINER$")" ]; then echo "Starting Talk recording container" docker start $CONTAINER fi echo "Starting recording backend" docker exec --tty --interactive --user recording $ENVIRONMENT_VARIABLES --workdir /home/recording $CONTAINER python3 -m nextcloud.talk.recording --config /etc/nextcloud-talk-recording/server.conf