{
  config,
  lib,
  modulesPath,
  ...
}: let
  inherit
    (lib)
    mkIf
    mkEnableOption
    mkOption
    head
    ;
  inherit (lib.types) str;
  cfg = config.services.mathebau-jitsi;
in {
  imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];

  options.services.mathebau-jitsi = {
    enable = mkEnableOption "mathebau jitsi service";
    hostName = mkOption {
      type = str;
    };
    localAddress = mkOption {
      type = str;
      default = (head config.networking.interfaces.enX0.ipv4.addresses).address;
    };
  };

  config = mkIf cfg.enable {
    services = {
      jitsi-meet = {
        enable = true;
        config = {
          defaultLang = "de";
        };
        inherit (cfg) hostName;
      };
      jitsi-videobridge = {
        openFirewall = true;
        nat = {
          publicAddress = "130.83.2.184";
          inherit (cfg) localAddress;
        };
      };
      #We are behind a reverse proxy that handles TLS
      nginx.virtualHosts."${cfg.hostName}" = {
        enableACME = false;
        forceSSL = false;
      };
    };
    environment.persistence.${config.impermanence.name} = {
      directories = [
        "/var/lib/jitsi-meet"
        "/var/lib/prosody"
      ];
    };
    #The network ports for HTTP(S) are not opened automatically
    networking.firewall.allowedTCPPorts = [80 443];
  };
}