sp-config/sp-modules/jitsi-meet/module.nix

{ config, lib, ... }:
let
  domain = config.selfprivacy.domain;
  cfg = config.selfprivacy.modules.jitsi-meet;
in
{
  options.selfprivacy.modules.jitsi-meet = {
    enable = (lib.mkOption {
      default = false;
      type = lib.types.bool;
      description = "Enable JitsiMeet";
    }) // {
      meta = {
        type = "enable";
      };
    };
    subdomain = (lib.mkOption {
      default = "meet";
      type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
      description = "Subdomain";
    }) // {
      meta = {
        widget = "subdomain";
        type = "string";
        regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
        weight = 0;
      };
    };
    appName = (lib.mkOption {
      default = "Jitsi Meet";
      type = lib.types.str;
      description = "The name displayed in the web interface";
    }) // {
      meta = {
        type = "string";
        weight = 1;
      };
    };
  };

  config = lib.mkIf cfg.enable {
    nixpkgs.overlays = [
      (_: prev: {
        # We disable E2E for clients below
        jitsi-meet = prev.jitsi-meet.overrideAttrs (old: {
          meta = old.meta // { knownVulnerabilities = [ ]; };
        });
      })
    ];

    services.jitsi-meet = {
      enable = true;
      hostName = "${cfg.subdomain}.${domain}";
      nginx.enable = true;
      interfaceConfig = {
        SHOW_JITSI_WATERMARK = false;
        SHOW_WATERMARK_FOR_GUESTS = false;
        APP_NAME = cfg.appName;
      };
      config = {
        prejoinConfig = {
          enabled = true;
        };
        e2ee.disabled = true; # libolm is vulnerable and E2E is generally broken.
      };
    };
    services.prosody.extraConfig = ''
      log = {
        info = "*syslog";
      }
    '';
    services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = {
      forceSSL = true;
      useACMEHost = domain;
      enableACME = false;
    };
    systemd = {
      services = {
        jicofo.serviceConfig.Slice = "jitsi_meet.slice";
        jitsi-videobridge2.serviceConfig.Slice = "jitsi_meet.slice";
        prosody.serviceConfig.Slice = "jitsi_meet.slice";
      };
      slices.jitsi_meet = {
        description = "Jitsi Meet service slice";
      };
    };
  };
}
move jitsi-meet to SP module 2023-12-04 15:43:06 +04:00			`{ config, lib, ... }:`
move nginx exclusive virtualHosts to SP modules 2023-12-18 19:02:54 +04:00			`let`
			`domain = config.selfprivacy.domain;`
modules: parameterize all subdomains 2024-02-15 13:56:12 +04:00			`cfg = config.selfprivacy.modules.jitsi-meet;`
move nginx exclusive virtualHosts to SP modules 2023-12-18 19:02:54 +04:00			`in`
move jitsi-meet to SP module 2023-12-04 15:43:06 +04:00			`{`
			`options.selfprivacy.modules.jitsi-meet = {`
feat: Dynamic templating 2024-12-18 15:40:15 +03:00			`enable = (lib.mkOption {`
move jitsi-meet to SP module 2023-12-04 15:43:06 +04:00			`default = false;`
sp-modules: refactor options types 2023-12-28 12:54:59 +04:00			`type = lib.types.bool;`
feat: Dynamic templating 2024-12-18 15:40:15 +03:00			`description = "Enable JitsiMeet";`
			`}) // {`
			`meta = {`
			`type = "enable";`
			`};`
move jitsi-meet to SP module 2023-12-04 15:43:06 +04:00			`};`
feat: Dynamic templating 2024-12-18 15:40:15 +03:00			`subdomain = (lib.mkOption {`
modules: parameterize all subdomains 2024-02-15 13:56:12 +04:00			`default = "meet";`
			`type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";`
feat: Dynamic templating 2024-12-18 15:40:15 +03:00			`description = "Subdomain";`
			`}) // {`
			`meta = {`
			`widget = "subdomain";`
			`type = "string";`
			`regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";`
			`weight = 0;`
			`};`
modules: parameterize all subdomains 2024-02-15 13:56:12 +04:00			`};`
feat: Dynamic templating 2024-12-18 15:40:15 +03:00			`appName = (lib.mkOption {`
feat: add more service options and change Gitea to Forgejo 2024-06-30 21:47:08 +04:00			`default = "Jitsi Meet";`
			`type = lib.types.str;`
feat: Dynamic templating 2024-12-18 15:40:15 +03:00			`description = "The name displayed in the web interface";`
			`}) // {`
			`meta = {`
			`type = "string";`
			`weight = 1;`
			`};`
feat: add more service options and change Gitea to Forgejo 2024-06-30 21:47:08 +04:00			`};`
move jitsi-meet to SP module 2023-12-04 15:43:06 +04:00			`};`

modules: parameterize all subdomains 2024-02-15 13:56:12 +04:00			`config = lib.mkIf cfg.enable {`
fix: remove E2E support in jitsi 2025-05-16 12:25:12 +03:00			`nixpkgs.overlays = [`
			`(_: prev: {`
			`# We disable E2E for clients below`
			`jitsi-meet = prev.jitsi-meet.overrideAttrs (old: {`
			`meta = old.meta // { knownVulnerabilities = [ ]; };`
			`});`
			`})`
fix: Allow JitsiMeet to build 2024-10-02 16:36:42 +03:00			`];`
fix: remove E2E support in jitsi 2025-05-16 12:25:12 +03:00
move jitsi-meet to SP module 2023-12-04 15:43:06 +04:00			`services.jitsi-meet = {`
			`enable = true;`
modules: parameterize all subdomains 2024-02-15 13:56:12 +04:00			`hostName = "${cfg.subdomain}.${domain}";`
move jitsi-meet to SP module 2023-12-04 15:43:06 +04:00			`nginx.enable = true;`
			`interfaceConfig = {`
			`SHOW_JITSI_WATERMARK = false;`
			`SHOW_WATERMARK_FOR_GUESTS = false;`
feat: add more service options and change Gitea to Forgejo 2024-06-30 21:47:08 +04:00			`APP_NAME = cfg.appName;`
			`};`
			`config = {`
			`prejoinConfig = {`
			`enabled = true;`
			`};`
fix: remove E2E support in jitsi 2025-05-16 12:25:12 +03:00			`e2ee.disabled = true; # libolm is vulnerable and E2E is generally broken.`
move jitsi-meet to SP module 2023-12-04 15:43:06 +04:00			`};`
			`};`
fix: prosody shouldnt log debug messages 2024-08-08 15:57:25 +03:00			`services.prosody.extraConfig = ''`
			`log = {`
			`info = "*syslog";`
			`}`
			`'';`
modules: parameterize all subdomains 2024-02-15 13:56:12 +04:00			`services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = {`
move nginx exclusive virtualHosts to SP modules 2023-12-18 19:02:54 +04:00			`forceSSL = true;`
Revert "use enableACME for all virtualHosts" This reverts commit 46366702bc6fe1352588f8db7f1ca58b1cfb0a84. 2023-12-19 23:46:42 +04:00			`useACMEHost = domain;`
			`enableACME = false;`
move nginx exclusive virtualHosts to SP modules 2023-12-18 19:02:54 +04:00			`};`
feat: Server monitroing, NixOS 24.05 (#84) Co-authored-by: nhnn <nhnn@disroot.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/84 2024-07-30 19:19:06 +03:00			`systemd = {`
			`services = {`
			`jicofo.serviceConfig.Slice = "jitsi_meet.slice";`
			`jitsi-videobridge2.serviceConfig.Slice = "jitsi_meet.slice";`
			`prosody.serviceConfig.Slice = "jitsi_meet.slice";`
			`};`
			`slices.jitsi_meet = {`
			`description = "Jitsi Meet service slice";`
			`};`
			`};`
move jitsi-meet to SP module 2023-12-04 15:43:06 +04:00			`};`
			`}`