{pkgs, config, lib, modulesPath, ...}:
let 
  inherit (lib)
    mkIf
    mkEnableOption
    mkOption
    head;
  inherit (lib.types) str;
  cfg = config.services.mathebau-jitsi;
in
{
  imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
  
  options.services.mathebau-jitsi = {
    enable = mkEnableOption "mathebau jitsi service";
    hostName = mkOption {
      type = str;
    };
    localAddress = mkOption {
      type = str;
      default = (head config.networking.interfaces.enX0.ipv4.addresses).address;
    };
  };

  config = mkIf cfg.enable {
    services.jitsi-meet = {
      enable = true;
      hostName = cfg.hostName;
      config = {
        defaultLang = "de";
      };
    };
    services.jitsi-videobridge = {
      openFirewall = true;
      nat = {
        publicAddress = "130.83.2.184";
        localAddress = cfg.localAddress;
      };
    };
    environment.persistence.${config.impermanence.name} = {
      directories = [
        "/var/lib/jitsi-meet"
        "/var/lib/prosody"
      ];
    };
  #We are behind a reverse proxy that handles TLS
    services.nginx.virtualHosts."${cfg.hostName}" = {
      enableACME = false;
      forceSSL = false;
    };

  #The network ports for HTTP(S) are not opened automatically
    networking.firewall.allowedTCPPorts = [ 80 443 ];
  };
}