2025-05-22 16:50:34 +03:00
|
|
|
oldPkgs: { config, lib, ... }:
|
2023-12-18 19:02:54 +04:00
|
|
|
let
|
|
|
|
|
domain = config.selfprivacy.domain;
|
2024-02-15 13:56:12 +04:00
|
|
|
cfg = config.selfprivacy.modules.jitsi-meet;
|
2023-12-18 19:02:54 +04:00
|
|
|
in
|
2023-12-04 15:43:06 +04:00
|
|
|
{
|
|
|
|
|
options.selfprivacy.modules.jitsi-meet = {
|
2025-06-18 19:53:44 +03:00
|
|
|
enable =
|
|
|
|
|
(lib.mkOption {
|
|
|
|
|
default = false;
|
|
|
|
|
type = lib.types.bool;
|
|
|
|
|
description = "Enable JitsiMeet";
|
|
|
|
|
})
|
|
|
|
|
// {
|
|
|
|
|
meta = {
|
|
|
|
|
type = "enable";
|
|
|
|
|
};
|
2024-12-18 15:40:15 +03:00
|
|
|
};
|
2025-06-18 19:53:44 +03:00
|
|
|
subdomain =
|
|
|
|
|
(lib.mkOption {
|
|
|
|
|
default = "meet";
|
|
|
|
|
type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
|
|
|
|
|
description = "Subdomain";
|
|
|
|
|
})
|
|
|
|
|
// {
|
|
|
|
|
meta = {
|
|
|
|
|
widget = "subdomain";
|
|
|
|
|
type = "string";
|
|
|
|
|
regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
|
|
|
|
|
weight = 0;
|
|
|
|
|
};
|
2024-12-18 15:40:15 +03:00
|
|
|
};
|
2025-06-18 19:53:44 +03:00
|
|
|
appName =
|
|
|
|
|
(lib.mkOption {
|
|
|
|
|
default = "Jitsi Meet";
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = "The name displayed in the web interface";
|
|
|
|
|
})
|
|
|
|
|
// {
|
|
|
|
|
meta = {
|
|
|
|
|
type = "string";
|
|
|
|
|
weight = 1;
|
|
|
|
|
};
|
2024-12-18 15:40:15 +03:00
|
|
|
};
|
2023-12-04 15:43:06 +04:00
|
|
|
};
|
|
|
|
|
|
2024-02-15 13:56:12 +04:00
|
|
|
config = lib.mkIf cfg.enable {
|
2025-05-16 12:25:12 +03:00
|
|
|
nixpkgs.overlays = [
|
2025-05-22 16:50:34 +03:00
|
|
|
(final: prev: {
|
|
|
|
|
jicofo = oldPkgs.jicofo;
|
|
|
|
|
jitsi-meet = oldPkgs.jitsi-meet.overrideAttrs (old: {
|
|
|
|
|
meta = old.meta // { knownVulnerabilities = [ ]; };
|
2025-05-16 12:25:12 +03:00
|
|
|
});
|
2025-05-22 16:50:34 +03:00
|
|
|
jitsi-videobridge = oldPkgs.jitsi-videobridge;
|
|
|
|
|
jitsi-meet-prosody = oldPkgs.jitsi-meet-prosody;
|
2025-05-16 12:25:12 +03:00
|
|
|
})
|
2024-10-02 16:36:42 +03:00
|
|
|
];
|
2025-05-16 12:25:12 +03:00
|
|
|
|
2023-12-04 15:43:06 +04:00
|
|
|
services.jitsi-meet = {
|
|
|
|
|
enable = true;
|
2024-02-15 13:56:12 +04:00
|
|
|
hostName = "${cfg.subdomain}.${domain}";
|
2023-12-04 15:43:06 +04:00
|
|
|
nginx.enable = true;
|
|
|
|
|
interfaceConfig = {
|
|
|
|
|
SHOW_JITSI_WATERMARK = false;
|
|
|
|
|
SHOW_WATERMARK_FOR_GUESTS = false;
|
2024-06-30 21:47:08 +04:00
|
|
|
APP_NAME = cfg.appName;
|
|
|
|
|
};
|
|
|
|
|
config = {
|
|
|
|
|
prejoinConfig = {
|
|
|
|
|
enabled = true;
|
|
|
|
|
};
|
2025-05-16 12:25:12 +03:00
|
|
|
e2ee.disabled = true; # libolm is vulnerable and E2E is generally broken.
|
2023-12-04 15:43:06 +04:00
|
|
|
};
|
|
|
|
|
};
|
2024-08-08 15:57:25 +03:00
|
|
|
services.prosody.extraConfig = ''
|
|
|
|
|
log = {
|
|
|
|
|
info = "*syslog";
|
|
|
|
|
}
|
|
|
|
|
'';
|
2024-02-15 13:56:12 +04:00
|
|
|
services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = {
|
2023-12-18 19:02:54 +04:00
|
|
|
forceSSL = true;
|
2023-12-19 23:46:42 +04:00
|
|
|
useACMEHost = domain;
|
|
|
|
|
enableACME = false;
|
2023-12-18 19:02:54 +04:00
|
|
|
};
|
2024-07-30 19:19:06 +03:00
|
|
|
systemd = {
|
|
|
|
|
services = {
|
|
|
|
|
jicofo.serviceConfig.Slice = "jitsi_meet.slice";
|
|
|
|
|
jitsi-videobridge2.serviceConfig.Slice = "jitsi_meet.slice";
|
|
|
|
|
prosody.serviceConfig.Slice = "jitsi_meet.slice";
|
|
|
|
|
};
|
|
|
|
|
slices.jitsi_meet = {
|
|
|
|
|
description = "Jitsi Meet service slice";
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-12-04 15:43:06 +04:00
|
|
|
};
|
|
|
|
|
}
|
