From 6e69bd18691c80e53bad8d698418df4481fc0899 Mon Sep 17 00:00:00 2001 From: projectoperations <34292598+projectoperations@users.noreply.github.com> Date: Sat, 15 Nov 2025 12:42:01 +0000 Subject: [PATCH] talk-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/talk-recording/Dockerfile | 2 +- Containers/talk-recording/recording.conf | 48 +++++++++++++++++++++++- Containers/talk/Dockerfile | 2 +- Containers/talk/server.conf.in | 22 +++++++---- 4 files changed, 64 insertions(+), 10 deletions(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index ab4100a9672..e60394817aa 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -4,7 +4,7 @@ FROM python:3.13.3-alpine3.21 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh -ENV RECORDING_VERSION=v0.1 +ENV RECORDING_VERSION=v0.2.1 ENV ALLOW_ALL=false ENV HPB_PROTOCOL=https ENV NC_PROTOCOL=https diff --git a/Containers/talk-recording/recording.conf b/Containers/talk-recording/recording.conf index 99515528876..cc8bd4951f2 100644 --- a/Containers/talk-recording/recording.conf +++ b/Containers/talk-recording/recording.conf @@ -1,3 +1,5 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later [logs] # Log level based on numeric values of Python logging levels: # - Critical: 50 @@ -12,6 +14,11 @@ # IP and port to listen on for HTTP requests. #listen = 127.0.0.1:8000 +[app] +# Comma separated list of trusted proxies (IPs or CIDR networks) that may set +# the "X-Forwarded-For" header. +#trustedproxies = + [backend] # Allow any hostname as backend endpoint. This is extremely insecure and should # only be used during development. @@ -100,6 +107,18 @@ # ffmpeg. The options given here fully override the default global options. #common = ffmpeg -loglevel level+warning -n +# The (additional) options given to ffmpeg for the audio input. The options +# given here extend the default options for the audio input, although they do +# not override them. +# Default options: '-f pulse -i {AUDIO_SOURCE}' +#inputaudio = + +# The (additional) options given to ffmpeg for the video input. The options +# given here extend the default options for the video input, although they do +# not override them. +# Default options: '-f x11grab -draw_mouse 0 -video_size {WIDTH}x{HEIGHT} -i {VIDEO_SOURCE}' +#inputvideo = + # The options given to ffmpeg to encode the audio output. The options given here # fully override the default options for the audio output. #outputaudio = -c:a libopus @@ -120,4 +139,31 @@ # will use Google Chrome, or Chromium if Google Chrome is not installed. # Allowed values: firefox, chrome # Defaults to firefox -# browser = firefox +#browser = firefox + +# Path to the Selenium driver to use for recordings. +# If set the driver must match the browser being used (for example, +# "/usr/bin/geckodriver" for "firefox"). If no driver is explicitly set Selenium +# Manager will try to find the right one in $PATH, downloading it as a fallback. +# Note that Selenium Manager does not work in some architectures (for example, +# Linux on arm64/aarch64), so in those architectures the driver must be +# explicitly set. +#driverPath = + +# Path to the browser executable to use for recordings. +# If set the executable must match the browser being used (for example, +# "/usr/bin/firefox-esr" for "firefox"). If no executable is explicitly set +# Selenium Manager will try to find the right one in $PATH. Depending on the +# installed Selenium version if the executable is not found Selenium Manager may +# also download the browser as a fallback. +# Note that Selenium Manager does not work in some architectures (for example, +# Linux on arm64/aarch64); in those architectures the Selenium driver will try +# to find the executable, but the executable may need to be explicitly set if +# not found by the driver. +#browserPath = + +[stats] +# Comma-separated list of IP addresses (or CIDR networks) that are allowed to +# access the stats endpoint. +# Leave commented to only allow access from "127.0.0.1". +#allowed_ips = diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 24d7a53c043..66cbc62cbb7 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling FROM alpine:3.21.3 AS janus -ARG JANUS_VERSION=v1.3.1 +ARG JANUS_VERSION=v1.3.3 WORKDIR /src RUN set -ex; \ apk upgrade --no-cache -a; \ diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in index 85630d5aaf4..8f437e30839 100644 --- a/Containers/talk/server.conf.in +++ b/Containers/talk/server.conf.in @@ -84,7 +84,8 @@ internalsecret = the-shared-secret-for-internal-clients # For backend type "etcd": # Key prefix of backend entries. All keys below will be watched and assumed to # contain a JSON document with the following entries: -# - "url": Url of the Nextcloud instance. +# - "urls": List of urls of the Nextcloud instance. +# - "url": Url of the Nextcloud instance (deprecated). # - "secret": Shared secret for requests from and to the backend servers. # # Additional optional entries: @@ -93,8 +94,8 @@ internalsecret = the-shared-secret-for-internal-clients # - "sessionlimit": Number of sessions that are allowed to connect. # # Example: -# "/signaling/backend/one" -> {"url": "https://nextcloud.domain1.invalid", ...} -# "/signaling/backend/two" -> {"url": "https://domain2.invalid/nextcloud", ...} +# "/signaling/backend/one" -> {"urls": ["https://nextcloud.domain1.invalid"], ...} +# "/signaling/backend/two" -> {"urls": ["https://domain2.invalid/nextcloud"], ...} #backendprefix = /signaling/backend # Allow any hostname as backend endpoint. This is extremely insecure and should @@ -122,8 +123,8 @@ connectionsperhost = 8 # Backend configurations as defined in the "[backend]" section above. The # section names must match the ids used in "backends" above. #[backend-id] -# URL of the Nextcloud instance -#url = https://cloud.domain.invalid +# Comma-separated list of urls of the Nextcloud instance +#urls = https://cloud.domain.invalid # Shared secret for requests from and to the backend servers. Leave empty to use # the common shared secret from above. @@ -143,8 +144,8 @@ connectionsperhost = 8 #maxscreenbitrate = 2097152 #[another-backend] -# URL of the Nextcloud instance -#url = https://cloud.otherdomain.invalid +# Comma-separated list of urls of the Nextcloud instance +#urls = https://cloud.otherdomain.invalid # Shared secret for requests from and to the backend servers. Leave empty to use # the common shared secret from above. @@ -179,6 +180,13 @@ connectionsperhost = 8 # proxy server that is used. #maxscreenbitrate = 2097152 +# List of IP addresses / subnets that are allowed to be used by clients in +# candidates. The allowed list has preference over the blocked list below. +#allowedcandidates = 10.0.0.0/8 + +# List of IP addresses / subnets to filter from candidates received by clients. +#blockedcandidates = 1.2.3.0/24 + # For type "proxy": timeout in seconds for requests to the proxy server. #proxytimeout = 2