Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

non-critical-infra: init jitsi #404

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

non-critical-infra: init jitsi #404

wants to merge 1 commit into from

Conversation

Janik-Haag
Copy link
Member

@Janik-Haag Janik-Haag commented Mar 22, 2024
edited
Loading

This config still contains a bug where lobby-autostart kicks the moderator after joining using the secure domain bypass

The jitsi config has the lobby enabled for every-room by-default, this means only people that get access will be able to join. Access control is done using the Secure Domain Lobby Bypass plugin and should be changed to Token Lobby Bypass once we have a IDP.

Adding users for Secure Domain Lobby Bypass has to be done in a imperativ way using:

prosodyctl register <username> jitsi.nixos.org <password>

Depends on nixos/nixpkgs#297809
And the DNS records are still missing from the pr.

@Janik-Haag
non-critical-infra: init jitsi
9b62cda 
This commit sets up jitsi for the nixos-org.
The jitsi config has the lobby enabled for every-room by-default,
this means only people that get access will be able to join.
Access control is done using the `Secure Domain Lobby Bypass` plugin and
should be changed to `Token Lobby Bypass` once we have a IDP.
@delroth
Copy link
Contributor

delroth commented Apr 12, 2024

ref #401

@delroth
Copy link
Contributor

delroth commented Apr 14, 2024

And the DNS records are still missing from the pr.

Can you maybe send that as a separate PR ahead of time? Do we know on which machine we're deploying this at this point? (caliban?)

delroth
delroth reviewed Apr 14, 2024
View reviewed changes
non-critical-infra/hosts/caliban.nixos.org/default.nix
@@ -9,6 +9,7 @@
../../modules/first-time-contribution-tagger.nix
../../modules/backup.nix
../../modules/vaultwarden.nix
../../modules/jitsi.nix
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please keep this sorted.

Copy link
Contributor

@delroth delroth Apr 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, looks like it's already not. Bleh.

So instead: can you sort this? :P (the ../../modules/* entries)

Erethon
Erethon reviewed Apr 18, 2024
View reviewed changes
non-critical-infra/modules/jitsi.nix
autoKnock = true;
enableChat = false;
};
stunServers = [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be p2p.stunServers according to the documentation and code.

An alternative to using (and depending on) the matrix.org TURN server would be to disable the p2p calls for two person calls completely with p2p.enabled = false. One could argue this is a bit more privacy friendly, since this way you never expose your IP to the other person on the call.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Erethon Erethon Erethon left review comments

@delroth delroth delroth left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Janik-Haag @delroth @Erethon