From bb93d3aed57f4388a90635d86d945fc4b8a5a9c2 Mon Sep 17 00:00:00 2001
From: Gonne Kretschmer <gonne.kretschmer@stud.tu-darmstadt.de>
Date: Mon, 23 Oct 2023 17:43:13 +0200
Subject: [PATCH] Move Jitsi to a module

---
 nixos/machines/ghatanothoa/configuration.nix |  8 ++-
 nixos/machines/ghatanothoa/jitsi.nix         | 23 --------
 nixos/modules/jitsi.nix                      | 55 ++++++++++++++++++++
 3 files changed, 61 insertions(+), 25 deletions(-)
 delete mode 100644 nixos/machines/ghatanothoa/jitsi.nix
 create mode 100644 nixos/modules/jitsi.nix

diff --git a/nixos/machines/ghatanothoa/configuration.nix b/nixos/machines/ghatanothoa/configuration.nix
index 54f3211..4e60e1b 100644
--- a/nixos/machines/ghatanothoa/configuration.nix
+++ b/nixos/machines/ghatanothoa/configuration.nix
@@ -3,13 +3,17 @@ flake-inputs:
 
 imports = [
   ./hardware-configuration.nix
-  (import ./jitsi.nix flake-inputs)
+  ../../modules/jitsi.nix
   ../../roles
   ./network.nix
 ];
 
-# System configuration here
+  services.mathebau-jitsi = {
+    enable = true;
+    hostName = "meet.mathebau.de";
+  };
 
+# System configuration here
   networking.hostName = "ghatanothoa";
   system.stateVersion = "23.11";
 }
diff --git a/nixos/machines/ghatanothoa/jitsi.nix b/nixos/machines/ghatanothoa/jitsi.nix
deleted file mode 100644
index 547e3c7..0000000
--- a/nixos/machines/ghatanothoa/jitsi.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-flake-inputs:
-{pkgs, config, lib, modulesPath, ...}: {
-  imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
-  
-  services.jitsi-meet = {
-    enable = true;
-    hostName = "meet.mathebau.de";
-    config = {
-      defaultLang = "de";
-    };
-  };
-  services.jitsi-videobridge = {
-    openFirewall = true;
-    nat = {
-      publicAddress = "130.83.2.184";
-      localAddress = "192.168.0.25";
-    };
-  };
-  services.nginx.virtualHosts."meet.mathebau.de".enableACME = false;
-  services.nginx.virtualHosts."meet.mathebau.de".forceSSL = false;
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  networking.firewall.allowedUDPPorts = [ 10000 ];
-}
diff --git a/nixos/modules/jitsi.nix b/nixos/modules/jitsi.nix
new file mode 100644
index 0000000..ca2a8a7
--- /dev/null
+++ b/nixos/modules/jitsi.nix
@@ -0,0 +1,55 @@
+{pkgs, config, lib, modulesPath, ...}:
+let 
+  inherit (lib)
+    mkIf
+    mkEnableOption
+    mkOption
+    head;
+  inherit (lib.types) str;
+  cfg = config.services.mathebau-jitsi;
+in
+{
+  imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
+  
+  options.services.mathebau-jitsi = {
+    enable = mkEnableOption "mathebau jitsi service";
+    hostName = mkOption {
+      type = str;
+    };
+    localAddress = mkOption {
+      type = str;
+      default = (head config.networking.interfaces.enX0.ipv4.addresses).address;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.jitsi-meet = {
+      enable = true;
+      hostName = cfg.hostName;
+      config = {
+        defaultLang = "de";
+      };
+    };
+    services.jitsi-videobridge = {
+      openFirewall = true;
+      nat = {
+        publicAddress = "130.83.2.184";
+        localAddress = cfg.localAddress;
+      };
+    };
+    environment.persistence.${config.impermanence.name} = {
+      directories = [
+        "/var/lib/jitsi-meet"
+        "/var/lib/prosody"
+      ];
+    };
+  #We are behind a reverse proxy that handles TLS
+    services.nginx.virtualHosts."${cfg.hostName}" = {
+      enableACME = false;
+      forceSSL = false;
+    };
+
+  #The network ports for HTTP(S) are not opened automatically
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+  };
+}