jitsi changed

templates/auth-roadmap.md

@@ -0,0 +1,33 @@
+# PoliticTalk Jitsi Auth Roadmap
+
+These notes are intentionally not deployed yet. They describe the local files and app changes we should add when we connect PgApi authentication to Jitsi.
+
+## Target Flow
+
+```text
+PgPlatform calendar event
+  -> PgPlatform PoliticTalk prejoin page
+  -> PgApi verifies logged-in user, event ownership/invite/access, and event time window
+  -> PgApi returns a short-lived Jitsi JWT
+  -> PgPlatform embeds or opens Jitsi with that JWT
+  -> Jitsi VPS validates JWT through Prosody token auth
+```
+
+## Local Files To Add Later
+
+```text
+jitsi/templates/prosody-token-auth.cfg.lua.example
+jitsi/templates/jicofo-token-auth.conf.example
+jitsi/templates/jitsi-token-auth.env.example
+```
+
+Only templates should be committed. Real JWT secrets must stay in VPS-only files.
+
+## Platform Changes To Add Later
+
+- PgApi endpoint to issue Jitsi JWTs for valid PoliticTalk event access.
+- JWT claims for room, user display name, email/id, moderator flag, expiry, and feature permissions.
+- PgPlatform prejoin route that shows event title and immutable platform user name.
+- PgPlatform embedded Jitsi room using the IFrame API.
+- Moderator-only controls for audio moderation and poll permissions.
+- Event end-time enforcement through JWT expiry and/or iframe hangup.

templates/deploy.env.example

@@ -0,0 +1,8 @@
+# Optional variables for jitsi/scripts/deploy-vps.sh.
+# Copy this to a VPS-only location if needed. Do not commit real secrets.
+
+DOMAIN=politictalk.parallelglobe.io
+BACKUP_ROOT=/root/jitsi-backups
+
+# Set to 1 only when intentionally replacing the nginx vhost config.
+DEPLOY_NGINX=0