• View
• Edit
• History
• Print

Galene

Galene is a video conferencing software like Jitsi Meet. The website for it can be found at https://galene.org/.

Install Golang and Git if you haven't already.

pkg_add go git

Add a login class to /etc/login.conf, make sure to use tabs for indentation, not spaces:

galene:\
	:openfiles-cur=8182:\
	:openfiles-max=8182:\
	:openfiles=8182:\
	:stacksize-cur=512M:\
	:stacksize-max=512M:\
	:maxproc-max=infinity:\
	:maxproc-cur=8182:\
	:tc=daemon:

Create a new user for Galene to run under and change to that user.

useradd -m -L galene _galene
doas -u galene sh

Download and compile Galene:

git clone https://github.com/jech/galene
cd galene
CGO_ENABLED=0 go build -ldflags='-s -w'

Create your groups and configuration:

mkdir groups
mkdir data

vi data/config.json
# replace meet.cowsrule.fyi with your domain
{
	"users":{"cow": {"password":"yourpasswordhere", "permissions": "admin"}},
	"proxyURL": "https://meet.cowsrule.fyi",
	"canonicalHost": "meet.cowsrule.fyi"
}

# if you are not already running a turn server, you can skip this step as galene will autostart one.
vi data/ice-servers.json
# replace turn.cowsrule.fyi with your domain and yourauthsecret with the auth secret in /etc/turnserver.conf
[
	{
		"urls": [
			"turn:turn.cowsrule.fyi?transport=tcp"
		],
		"username": "galene",
		"credential": "yourauthsecret",
		"credentialType": "hmac-sha1"
	}
]

Configuring groups: Groups are defined by files in the ./groups directory. The definition for the group called groupname is in the file groups/groupname.json; it does not contain the group name, which makes it easy to copy or link group definitions. You may use subdirectories: a file groups/teaching/networking.json defines a group called teaching/networking. Examples:

A typical group definition file looks like this:

{
    "users":{
        "jch": {"password":"1234", "permissions": "op"}
    },
    "allow-recording": true,
    "auto-subgroups": true
}

This defines a group with the operator (administrator) username jch and password 1234. The allow-recording entry says that the operator is allowed to record videos to disk, and the auto-subgroups entry says that subgroups will be created automatically. This particular group does not allow password login for ordinary users, and is suitable if you use invitations (see Stateful Tokens below) for ordinary users.

In order to allow password login for ordinary users, add password entries with the permission present:

{
    "users":{
        "jch":  {"password": "1234", "permissions": "op"}
        "john": {"password": "secret", "permissions": "present"}
    }
}

If the group is to be publicly accessible, you may allow logins with any username using the wildcard-user entry::

{
    "users":{
        "jch": {"password":"1234", "permissions": "op"}
    },
    "wildcard-user": {"password": "1234", "permissions": "present"},
    "public": true
}

If you want to allow users to use any password, use a wildcard password:

{
    "users":{
        "jch": {"password":"1234", "permissions": "op"}
    },
    "wildcard-user":
        {"password": {"type": "wildcard"}, "permissions": "present"},
    "public": true
}

Create a script to start Galene:

cat << EOF > ~/start.sh
#!/bin/sh

cd ~/galene

while true; do 
	./galene -insecure -http :8444
done

EOF

Start galene on boot:

crontab -e
@reboot tmux new -d "ksh ~/start.sh"