Next: , Previous: , Up: Servicios   [Contents][Index]


12.9.14 Servicios de telefonía

The (gnu services telephony) module contains Guix service definitions for telephony services. Currently it provides the following services:

Jami

This section describes how to configure a Jami server that can be used to host video (or audio) conferences, among other uses. The following example demonstrates how to specify Jami account archives (backups) to be provisioned automatically:

(service jami-service-type
         (jami-configuration
          (accounts
           (list (jami-account
                  (archive "/etc/jami/unencrypted-account-1.gz"))
                 (jami-account
                  (archive "/etc/jami/unencrypted-account-2.gz"))))))

When the accounts field is specified, the Jami account files of the service found under /var/lib/jami are recreated every time the service starts.

Jami accounts and their corresponding backup archives can be generated using the jami or jami-gnome Jami clients. The accounts should not be password-protected, but it is wise to ensure their files are only readable by ‘root’.

The next example shows how to declare that only some contacts should be allowed to communicate with a given account:

(service jami-service-type
         (jami-configuration
          (accounts
           (list (jami-account
                  (archive "/etc/jami/unencrypted-account-1.gz")
                  (peer-discovery? #t)
                  (rendezvous-point? #t)
                  (allowed-contacts
                   '("1dbcb0f5f37324228235564b79f2b9737e9a008f"
                     "2dbcb0f5f37324228235564b79f2b9737e9a008f")))))))

In this mode, only the declared allowed-contacts can initiate communication with the Jami account. This can be used, for example, with rendezvous point accounts to create a private video conferencing space.

To put the system administrator in full control of the conferences hosted on their system, the Jami service supports the following actions:

# herd doc jami list-actions
(list-accounts
 list-account-details
 list-banned-contacts
 list-contacts
 list-moderators
 add-moderator
 ban-contact
 enable-account
 disable-account)

The above actions aim to provide the most valuable actions for moderation purposes, not to cover the whole Jami API. Users wanting to interact with the Jami daemon from Guile may be interested in experimenting with the (gnu build jami-service) module, which powers the above Shepherd actions.

The add-moderator and ban-contact actions accept a contact fingerprint (40 characters long hash) as first argument and an account fingerprint or username as second argument:

# herd add-moderator jami 1dbcb0f5f37324228235564b79f2b9737e9a008f \
  f3345f2775ddfe07a4b0d95daea111d15fbc1199

# herd list-moderators jami
Moderators for account f3345f2775ddfe07a4b0d95daea111d15fbc1199:
  - 1dbcb0f5f37324228235564b79f2b9737e9a008f

In the case of ban-contact, the second username argument is optional; when omitted, the account is banned from all Jami accounts:

# herd ban-contact jami 1dbcb0f5f37324228235564b79f2b9737e9a008f

# herd list-banned-contacts jami
Banned contacts for account f3345f2775ddfe07a4b0d95daea111d15fbc1199:
  - 1dbcb0f5f37324228235564b79f2b9737e9a008f

Banned contacts are also stripped from their moderation privileges.

The disable-account action allows to completely disconnect an account from the network, making it unreachable, while enable-account does the inverse. They accept a single account username or fingerprint as first argument:

# herd disable-account jami f3345f2775ddfe07a4b0d95daea111d15fbc1199

# herd list-accounts jami
The following Jami accounts are available:
  - f3345f2775ddfe07a4b0d95daea111d15fbc1199 (dummy) [disabled]

The list-account-details action prints the detailed parameters of each accounts in the Recutils format, which means the recsel command can be used to select accounts of interest (see Selection Expressions in GNU recutils manual). Note that period characters (‘.’) found in the account parameter keys are mapped to underscores (‘_’) in the output, to meet the requirements of the Recutils format. The following example shows how to print the account fingerprints for all accounts operating in the rendezvous point mode:

# herd list-account-details jami | \
  recsel -p Account.username -e 'Account.rendezVous ~ "true"'
Account_username: f3345f2775ddfe07a4b0d95daea111d15fbc1199

The remaining actions should be self-explanatory.

The complete set of available configuration options is detailed below.

Data Type: jami-configuration

Available jami-configuration fields are:

libjami (default: libjami) (type: package)

The Jami daemon package to use.

dbus (default: dbus-for-jami) (type: package)

The D-Bus package to use to start the required D-Bus session.

nss-certs (default: nss-certs) (type: package)

The nss-certs package to use to provide TLS certificates.

enable-logging? (default: #t) (type: boolean)

Whether to enable logging to syslog.

debug? (default: #f) (type: boolean)

Whether to enable debug level messages.

auto-answer? (default: #f) (type: boolean)

Whether to force automatic answer to incoming calls.

accounts (type: maybe-jami-account-list)

A list of Jami accounts to be (re-)provisioned every time the Jami daemon service starts. When providing this field, the account directories under /var/lib/jami/ are recreated every time the service starts, ensuring a consistent state.

Data Type: jami-account

Available jami-account fields are:

archive (type: string-or-computed-file)

The account archive (backup) file name of the account. This is used to provision the account when the service starts. The account archive should not be encrypted. It is highly recommended to make it readable only to the ‘root’ user (i.e., not in the store), to guard against leaking the secret key material of the Jami account it contains.

allowed-contacts (type: maybe-account-fingerprint-list)

The list of allowed contacts for the account, entered as their 40 characters long fingerprint. Messages or calls from accounts not in that list will be rejected. When left specified, the configuration of the account archive is used as-is with respect to contacts and public inbound calls/messaging allowance, which typically defaults to allow any contact to communicate with the account.

moderators (type: maybe-account-fingerprint-list)

The list of contacts that should have moderation privileges (to ban, mute, etc. other users) in rendezvous conferences, entered as their 40 characters long fingerprint. When left unspecified, the configuration of the account archive is used as-is with respect to moderation, which typically defaults to allow anyone to moderate.

rendezvous-point? (type: maybe-boolean)

Whether the account should operate in the rendezvous mode. In this mode, all the incoming audio/video calls are mixed into a conference. When left unspecified, the value from the account archive prevails.

peer-discovery? (type: maybe-boolean)

Whether peer discovery should be enabled. Peer discovery is used to discover other OpenDHT nodes on the local network, which can be useful to maintain communication between devices on such network even when the connection to the the Internet has been lost. When left unspecified, the value from the account archive prevails.

bootstrap-hostnames (type: maybe-string-list)

A list of hostnames or IPs pointing to OpenDHT nodes, that should be used to initially join the OpenDHT network. When left unspecified, the value from the account archive prevails.

name-server-uri (type: maybe-string)

The URI of the name server to use, that can be used to retrieve the account fingerprint for a registered username.

Mumble server

This section describes how to set up and run a Mumble server (formerly known as Murmur).

Data Type: mumble-server-configuration

The service type for the Mumble server. An example configuration can look like this:

(service mumble-server-service-type
         (mumble-server-configuration
          (welcome-text
            "Welcome to this Mumble server running on Guix!")
          (cert-required? #t) ;disallow text password logins
          (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem")
          (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem")))

After reconfiguring your system, you can manually set the mumble-server SuperUser password with the command that is printed during the activation phase.

Se recomienda el registro de una cuenta de usuaria normal de Mumble y la concesión de permisos de administración o moderación. Puede usar el cliente mumble para ingresar como una nueva usuaria normal, registrarse usted misma, y salir del sistema. En el siguiente paso ingrese en el sistema con el nombre SuperUser, use la contraseña de SuperUser que fue establecida con anterioridad, y conceda los permisos de administración o moderación a su usuaria de nombre creada anteriormente y cree algunos canales.

Available mumble-server-configuration fields are:

package (predeterminado: mumble)

Package that contains bin/mumble-server.

user (default: "mumble-server")

User who will run the Mumble-Server server.

group (default: "mumble-server")

Group of the user who will run the mumble-server server.

port (predeterminado: 64738)

Puerto en el que escucha el servidor.

welcome-text (predeterminado: "")

Mensaje de bienvenida enviado a clientes tras su conexión.

server-password (predeterminada: "")

Contraseña que debe introducirse para poder conectarse.

max-users (predeterminados: 100)

Número máximo de usuarias que pueden estar conectadas a la vez al servidor.

max-user-bandwidth (predeterminado: #f)

Tráfico de voz máximo que una usuaria puede mandar por segundo.

database-file (default: "/var/lib/mumble-server/db.sqlite")

Nombre de archivo de la base de datos sqlite. La usuaria del servicio se convertirá en propietaria del directorio.

log-file (default: "/var/log/mumble-server/mumble-server.log")

Nombre de archivo del archivo de registro. La usuaria del servicio se convertirá en propietaria del directorio.

autoban-attempts (predeterminados: 10)

Número máximo de ingresos al sistema que una usuaria puede llevar a cabo en autoban-timeframe sin bloquearse su acceso durante autoban-time.

autoban-timeframe (predeterminado: 120)

Marco de tiempo del bloqueo automático en segundos.

autoban-time (predeterminado: 300)

Duración en segundos del periodo que permanecerá bloqueado un cliente cuando viole los límites de bloqueo automático.

opus-threshold (predeterminado: 100)

Porcentaje de clientes que tienen que permitir opus antes de cambiar al algoritmo de sonido opus.

channel-nesting-limit (predeterminado: 10)

Cual puede ser el nivel de recursión de los canales.

channelname-regex (predeterminado: #f)

Una cadena en forma de expresión regular Qt que deben cumplir los nombres de canal.

username-regex (predeterminado: #f)

Una cadena en forma de expresión regular Qt que deben cumplir los nombres de usuaria.

text-message-length (predeterminado: 5000)

Número máximo de bytes que una usuaria puede enviar en un mensaje de texto.

image-message-length (predeterminado: (* 128 1024))

Número máximo de bytes que una usuaria puede enviar en un mensaje de imagen.

cert-required? (predeterminado: #f)

If it is set to #t clients that use weak password authentication will not be accepted. Users must have completed the certificate wizard to join.

remember-channel? (predeterminado: #f)

Should mumble-server remember the last channel each user was in when they disconnected and put them into the remembered channel when they rejoin.

allow-html? (predeterminado: #f)

Si se permite html en mensajes de texto, comentarios de usuaria y descripciones de canal.

allow-ping? (predeterminado: #f)

Setting to true exposes the current user count, the maximum user count, and the server’s maximum bandwidth per client to unauthenticated users. In the Mumble client, this information is shown in the Connect dialog.

Desactivar esta opción impedirá la escucha pública en el servidor.

bonjour? (predeterminado: #f)

Si el servidor debe anunciarse a sí mismo en la red local a través del protocolo “bonjour”.

send-version? (predeterminado: #f)

Should the mumble-server server version be exposed in ping requests.

log-days (predeterminado: 31)

Mumble also stores logs in the database, which are accessible via RPC. The default is 31 days of months, but you can set this setting to 0 to keep logs forever, or -1 to disable logging to the database.

obfuscate-ips? (predeterminado: #t)

Si las IP registradas deben ofuscarse para proteger la privacidad de las usuarias.

ssl-cert (predeterminado: #f)

Nombre del archivo del certificado SSL/TLS usado para conexiones cifradas.

(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem")
ssl-key (predeterminada: #f)

Ruta de archivo de la clave privada de ssl usada para las conexiones cifradas.

(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem")
ssl-dh-params (predeterminado: #f)

Nombre del archivo codificado con PEM con parámetros Diffie-Hellman para el cifrado SSL/TLS. De manera alternativa puede establecer su valor a "@ffdhe2048", "@ffdhe3072", "@ffdhe4096", "@ffdhe6144" o "@ffdhe8192" para usar los parámetros contenidos en el RFC 7919.

ssl-ciphers (predeterminado: #f)

La opción ssl-ciphers selecciona los protocolos de cifrado disponibles para su uso en SSL/TLS.

Esta opción se especifica mediante el uso de la notación de listas de prot. de cifrado de OpenSSL.

It is recommended that you try your cipher string using ’openssl ciphers <string>’ before setting it here, to get a feel for which cipher suites you will get. After setting this option, it is recommend that you inspect your Mumble server log to ensure that Mumble is using the cipher suites that you expected it to.

Nota: Changing this option may impact the backwards compatibility of your Mumble-Server server, and can remove the ability for older Mumble clients to be able to connect to it.

public-registration (predeterminado: #f)

Must be a <mumble-server-public-registration-configuration> record or #f.

Puede registrar de manera opcional su servidor en la lista pública de servidores que el cliente mumble muestra al inicio. No puede registrar su servidor si tiene establecida una contraseña para el servidor (server-password), o establece allow-ping como #f.

Puede tomar algunas horas hasta que se muestre en la lista pública.

file (predeterminado: #f)

Forma opcional alternativa de forzar el valor de esta configuración.

Data Type: mumble-server-public-registration-configuration

Configuration for public registration of a mumble-server service.

name

This is a display name for your server. Not to be confused with the hostname.

password

A password to identify your registration. Subsequent updates will need the same password. Don’t lose your password.

url

Debe ser un enlace http:// o https:// a su página web.

hostname (predeterminado: #f)

De manera predeterminada su servidor se enumerará por sus direcciones IP. Si se usa esta opción, en vez de eso se enlazará a través de este nombre de máquina.

Deprecation notice: Due to historical reasons, all of the above mumble-server- procedures are also exported with the murmur- prefix. It is recommended that you switch to using mumble-server- going forward.


Next: , Previous: , Up: Servicios   [Contents][Index]