Move Jitsi to a module

This commit is contained in:
Gonne Kretschmer 2023-10-23 17:43:13 +02:00
parent 4318950142
commit 41c4af643d
4 changed files with 56 additions and 25 deletions

Binary file not shown.

View file

@ -3,13 +3,17 @@ flake-inputs:
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
(import ./jitsi.nix flake-inputs) ../../modules/jitsi.nix
../../roles ../../roles
./network.nix ./network.nix
]; ];
# System configuration here services.mathebau-jitsi = {
enable = true;
hostName = "meet.mathebau.de";
};
# System configuration here
networking.hostName = "ghatanothoa"; networking.hostName = "ghatanothoa";
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

View file

@ -1,23 +0,0 @@
flake-inputs:
{pkgs, config, lib, modulesPath, ...}: {
imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
services.jitsi-meet = {
enable = true;
hostName = "meet.mathebau.de";
config = {
defaultLang = "de";
};
};
services.jitsi-videobridge = {
openFirewall = true;
nat = {
publicAddress = "130.83.2.184";
localAddress = "192.168.0.25";
};
};
services.nginx.virtualHosts."meet.mathebau.de".enableACME = false;
services.nginx.virtualHosts."meet.mathebau.de".forceSSL = false;
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 10000 ];
}

50
nixos/modules/jitsi.nix Normal file
View file

@ -0,0 +1,50 @@
{pkgs, config, lib, modulesPath, ...}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
head;
inherit (lib.types) str;
cfg = config.services.mathebau-jitsi;
in
{
imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
options.services.mathebau-jitsi = {
enable = mkEnableOption "mathebau jitsi service";
hostName = mkOption {
type = str;
default = null;
};
localAddress = mkOption {
type = str;
default = (head config.networking.interfaces.enX0.ipv4.addresses).address;
};
};
config = mkIf cfg.enable {
services.jitsi-meet = {
enable = true;
hostName = cfg.hostName;
config = {
defaultLang = "de";
};
};
services.jitsi-videobridge = {
openFirewall = true;
nat = {
publicAddress = "130.83.2.184";
localAddress = cfg.localAddress;
};
};
#We are behind a reverse proxy that handles TLS
services.nginx.virtualHosts."${cfg.hostName}" = {
enableACME = false;
forceSSL = false;
};
#The network ports for HTTP(S) are not opened automatically
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}