Update PoliticTalk Jitsi room policy

templates/prosody-token-auth.cfg.lua.example

@@ -0,0 +1,35 @@
+-- Reference snippet for the PoliticTalk VPS.
+-- Apply this manually inside:
+-- /etc/prosody/conf.avail/politictalk.parallelglobe.io.cfg.lua
+--
+-- Do not commit real app secrets. The app_id/app_secret values must match
+-- POLITICTALK_JITSI_JWT_APP_ID and POLITICTALK_JITSI_JWT_APP_SECRET in PgApi.
+
+VirtualHost "politictalk.parallelglobe.io"
+    authentication = "token"
+    app_id = "POLITICTALK_JITSI_JWT_APP_ID"
+    app_secret = "POLITICTALK_JITSI_JWT_APP_SECRET"
+    allow_empty_token = false
+    enable_domain_verification = false
+
+Component "conference.politictalk.parallelglobe.io" "muc"
+    politictalk_room_inactive_callback_url = "https://api.parallelglobe.is/events/politictalk/jitsi/room-inactive"
+    politictalk_room_inactive_callback_secret = "POLITICTALK_JITSI_LIFECYCLE_SECRET"
+
+    modules_enabled = {
+        -- keep the existing modules already present in the VPS file
+        "token_verification";
+        "politictalk_roles";
+    }
+
+-- Also set the equivalent Jicofo options so only PgApi JWT moderator
+-- claims can create room moderators:
+--
+-- /etc/jitsi/jicofo/jicofo.conf
+--
+-- jicofo {
+--   conference {
+--     enable-auto-owner = false
+--     enable-moderator-checks = true
+--   }
+-- }