# Nojoin Administration Guide This guide is for Owners and Admins running a self-hosted Nojoin installation. ## Roles Nojoin supports three primary roles: - **Owner**: Full system access, including server configuration and user management. - **Admin**: Can manage users and invitations, but cannot take the highest-privilege owner actions. - **User**: Standard access to personal recordings, settings, and connected services. Additional privilege guardrails apply around Owner creation and superuser-only operations. ## Invitations Registration is invite-gated. Admins can: - Create invitation links. - Choose the invited role between `user` and `admin`. - Set expiry and usage limits. - Revoke invites while retaining the historical record. - Delete revoked invites permanently if desired. Users who register through an invite choose their own password during sign-up and are not forced through an immediate password-rotation flow. ## Manual User Provisioning and Password Rotation New and rotated passwords are enforced server-side. - Passwords must be at least 8 characters long. - Passwords made entirely of whitespace are rejected. - Existing password hashes are grandfathered until the next password change or admin reset. When an Admin or Owner creates a user manually: - The user receives a temporary password. - The user must choose a new password before the rest of the application becomes available. - While `force_password_change` is active, Nojoin only allows self-profile access, password update, and logout. The same restriction also applies when a superuser resets another user's password through the privileged user-management flow. ## Administration Settings Areas ### Calendar Use **Settings > Administration > Calendar providers** to save installation-wide Google and Microsoft OAuth credentials. Read [CALENDAR.md](CALENDAR.md) for the full provider registration and tenant guidance. ### AI and Models Use **Settings > AI** for installation-wide provider defaults, model operations, and Ollama configuration. > [!IMPORTANT] > For security, LLM provider API keys and Hugging Face tokens are server-side environment-only variables and must be configured via environment variables (e.g., `.env`) and the container restarted, rather than through UI settings fields. Admin-only sections let you: - Choose the default LLM provider. - Configure the Ollama API URL. - View installed Whisper models. - Remove local model cache entries. Required default models are prepared automatically. ### Backup and Restore Use **Settings > Administration > Backup and restore** for export and restore operations. Read [BACKUP_RESTORE.md](BACKUP_RESTORE.md) before relying on it operationally, especially because backup archives can contain restorable calendar credentials and connected-account tokens. ### System Use **Settings > Administration > System operations** for operational controls such as: - Restarting the stack. - Viewing live logs. - Filtering merged or per-service log output. - Downloading log output for investigation. ### Updates Use **Settings > Updates** to see: - The installed server version from the current API build. - The latest stable published release. - Release history and release notes. ## Operational Notes - Back up the installation before upgrading. - Review release notes for browser capture, auth, and upload lifecycle changes. - After live-pipeline upgrades, use the recording page's waveform, Meeting Edge status, and overall recording progress before treating a meeting as stuck. - For remote deployments, configure a trusted public origin with `WEB_APP_URL`. - Treat backup archives as sensitive material. ### Browser Capture Support - Shared-audio live recording requires Chrome on Windows, Linux, or macOS, or another supported desktop Chromium browser. Other Chromium-family browsers on macOS are best-effort. - Chrome on Android and iOS can start microphone-only live recordings. - Firefox, Safari, and other mobile browsers can review and administer Nojoin but cannot start live capture. - Tab sharing with audio enabled is the recommended support path for browser-based meetings. - If local microphone audio is missing, ask the user to grant microphone permission and review **Settings > Capture**. - If remote participant audio is missing, ask the user to start again and enable shared audio in the browser picker. - If a mobile Chrome recording is missing remote participants, confirm the user expected microphone-only capture and that the phone microphone could hear the meeting audio. - If a user has a paused recording, they must resume or discard it before starting another capture. - Review backend and worker logs for segment upload, transcode, live transcription, finalize, or discard failures. - Browser-live segment numbering starts at `0`; upload or finalize support cases should confirm the sequence is contiguous. - The worker keeps browser-live audio as 16 kHz, two-channel WAV after transcode. Channel 0 is shared/system audio when available and channel 1 is microphone audio. Paused recordings are retained indefinitely and are not cleaned up automatically. This protects uploaded meeting data and prevents overlapping segment streams for the same user. Read [CAPTURE.md](CAPTURE.md) for the support matrix, browser picker behavior, and troubleshooting steps. ## Related Docs - [DEPLOYMENT.md](DEPLOYMENT.md) - [CALENDAR.md](CALENDAR.md) - [BACKUP_RESTORE.md](BACKUP_RESTORE.md) - [CAPTURE.md](CAPTURE.md) - [USAGE.md](USAGE.md)