aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app/jitsi/integration/prosody
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-08-24 15:42:47 +0200
committerAlex Auvolat <alex@adnab.me>2022-08-24 15:42:47 +0200
commit2e8923b383eb06c53261eee8e5c442b857fb67e4 (patch)
tree0ad148f75f7b54dfed2dbac8f43f6df9badc502a /cluster/prod/app/jitsi/integration/prosody
parent9848f3090f77363a2fda0f9fa673ebcf1fb8228c (diff)
downloadnixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.tar.gz
nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.zip
Move app files into cluster subdirectories; add prod garage
Diffstat (limited to 'cluster/prod/app/jitsi/integration/prosody')
-rw-r--r--cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua137
-rw-r--r--cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua.back64
2 files changed, 201 insertions, 0 deletions
diff --git a/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua b/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua
new file mode 100644
index 0000000..b5bc0b9
--- /dev/null
+++ b/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua
@@ -0,0 +1,137 @@
+modules_enabled = {
+ "roster"; -- Allow users to have a roster. Recommended ;)
+ "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+ "tls"; -- Add support for secure TLS on c2s/s2s connections
+ "dialback"; -- s2s dialback support
+ "disco"; -- Service discovery
+ "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+ "version"; -- Replies to server version requests
+ "uptime"; -- Report how long server has been running
+ "time"; -- Let others know the time here on this server
+ "ping"; -- Replies to XMPP pings with pongs
+ "pep"; -- Enables users to publish their mood, activity, playing music and more
+ -- jitsi
+ --"smacks"; -- not shipped with prosody
+ "carbons";
+ "mam";
+ "lastactivity";
+ "offline";
+ "pubsub";
+ "adhoc";
+ "websocket";
+ --"http_altconnect"; -- not shipped with prosody
+}
+modules_disabled = { "s2s" }
+
+plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
+
+log = {
+ --log less on console with warn="*console"; or err="*console" or more with debug="*console"
+ info="*console";
+}
+daemonize = false
+use_libevent = true
+
+-- domain mapper options, must at least have domain base set to use the mapper
+muc_mapper_domain_base = "jitsi.deuxfleurs.fr";
+
+--@FIXME would be great to configure it
+--turncredentials_secret = "__turnSecret__";
+
+--turncredentials = {
+-- { type = "stun", host = "jitmeet.example.com", port = "3478" },
+-- { type = "turn", host = "jitmeet.example.com", port = "3478", transport = "udp" },
+-- { type = "turns", host = "jitmeet.example.com", port = "5349", transport = "tcp" }
+--};
+
+cross_domain_bosh = false;
+consider_bosh_secure = true;
+--component_ports = { 5347 }
+component_ports = { } -- it seems we don't need external components for now...
+https_ports = { } -- we don't need http
+http_ports = { 5280 }
+c2s_ports = { 5222 }
+s2s_ports = { }
+
+
+-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
+ssl = {
+ protocol = "tlsv1_2+";
+ ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
+}
+
+VirtualHost "jitsi"
+ enabled = true -- Remove this line to enable this host
+ authentication = "anonymous"
+ -- Properties below are modified by jitsi-meet-tokens package config
+ -- and authentication above is switched to "token"
+ --app_id="example_app_id"
+ --app_secret="example_app_secret"
+ -- Assign this host a certificate for TLS, otherwise it would use the one
+ -- set in the global section (if any).
+ -- Note that old-style SSL on port 5223 only supports one certificate, and will always
+ -- use the global one.
+ ssl = {
+ key = "/var/lib/prosody/jitsi.key";
+ certificate = "/var/lib/prosody/jitsi.crt";
+ }
+ speakerstats_component = "speakerstats.jitsi"
+ conference_duration_component = "conferenceduration.jitsi"
+ -- we need bosh
+ modules_enabled = {
+ "bosh";
+ "pubsub";
+ "ping"; -- Enable mod_ping
+ "speakerstats";
+ --"turncredentials"; not supported yet
+ "conference_duration";
+ "muc_lobby_rooms";
+ }
+ c2s_require_encryption = false
+ lobby_muc = "lobby.jitsi"
+ main_muc = "conference.jitsi"
+ -- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms
+
+Component "conference.jitsi" "muc"
+ storage = "memory"
+ modules_enabled = {
+ "muc_meeting_id";
+ "muc_domain_mapper";
+ --"token_verification";
+ }
+ admins = { "focus@auth.jitsi" }
+ muc_room_locking = false
+ muc_room_default_public_jids = true
+
+-- internal muc component
+Component "internal.auth.jitsi" "muc"
+ storage = "memory"
+ modules_enabled = {
+ "ping";
+ }
+ admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }
+ muc_room_locking = false
+ muc_room_default_public_jids = true
+
+VirtualHost "auth.jitsi"
+ ssl = {
+ key = "/var/lib/prosody/auth.jitsi.key";
+ certificate = "/var/lib/prosody/auth.jitsi.crt";
+ }
+ authentication = "internal_plain"
+
+Component "focus.jitsi" "client_proxy"
+ target_address = "focus@auth.jitsi"
+
+Component "speakerstats.jitsi" "speakerstats_component"
+ muc_component = "conference.jitsi"
+
+Component "conferenceduration.jitsi" "conference_duration_component"
+ muc_component = "conference.jitsi"
+
+Component "lobby.jitsi" "muc"
+ storage = "memory"
+ restrict_room_creation = true
+ muc_room_locking = false
+ muc_room_default_public_jids = true
+
diff --git a/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua.back b/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua.back
new file mode 100644
index 0000000..d03d7c9
--- /dev/null
+++ b/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua.back
@@ -0,0 +1,64 @@
+daemonize = false
+allow_registration = false
+use_libevent = true
+component_interface = "0.0.0.0"
+component_ports = { 5347 }
+http_ports = { 5280 }
+https_ports = {}
+
+-- Not sure all modules are required
+modules_enabled = {
+ "roster"; -- Allow users to have a roster. Recommended ;)
+ "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+ "tls"; -- Add support for secure TLS on c2s/s2s connections
+ "dialback"; -- s2s dialback support
+ "disco"; -- Service discovery
+ "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+ "version"; -- Replies to server version requests
+ "uptime"; -- Report how long server has been running
+ "time"; -- Let others know the time here on this server
+ "ping"; -- Replies to XMPP pings with pongs
+ "pep"; -- Enables users to publish their mood, activity, playing music and more
+ -- jitsi
+ --"smacks"; -- not shipped with prosody
+ "carbons";
+ "mam";
+ "lastactivity";
+ "offline";
+ "pubsub";
+ "adhoc";
+ "websocket";
+ --"http_altconnect"; -- not shipped with prosody
+}
+
+log = {
+ --log less on console with warn="*console"; or err="*console" or more with debug="*console"
+ debug="*console";
+}
+
+VirtualHost "jitsi"
+ authentication = "anonymous"
+ ssl = {
+ key = "/var/lib/prosody/jitsi.key";
+ certificate = "/var/lib/prosody/jitsi.crt";
+ }
+ modules_enabled = {
+ "bosh";
+ "pubsub";
+ }
+ c2s_require_encryption = false
+
+VirtualHost "auth.jitsi"
+ ssl = {
+ key = "/var/lib/prosody/auth.jitsi.key";
+ certificate = "/var/lib/prosody/auth.jitsi.crt";
+ }
+ authentication = "internal_plain"
+ admins = { "focus@auth.jitsi"}
+
+Component "conference.jitsi" "muc"
+Component "internal.auth.jitsi" "muc"
+ storage = "memory"
+ modules_enabled = { "ping"; }
+ admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }
+