forked from Fachschaft/nixConfig
61 lines
1.3 KiB
Nix
61 lines
1.3 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
modulesPath,
|
|
...
|
|
}: let
|
|
inherit
|
|
(lib)
|
|
mkIf
|
|
mkEnableOption
|
|
mkOption
|
|
head
|
|
;
|
|
inherit (lib.types) str;
|
|
cfg = config.services.mathebau-jitsi;
|
|
in {
|
|
imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
|
|
|
|
options.services.mathebau-jitsi = {
|
|
enable = mkEnableOption "mathebau jitsi service";
|
|
hostName = mkOption {
|
|
type = str;
|
|
};
|
|
localAddress = mkOption {
|
|
type = str;
|
|
default = (head config.networking.interfaces.enX0.ipv4.addresses).address;
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services = {
|
|
jitsi-meet = {
|
|
enable = true;
|
|
config = {
|
|
defaultLang = "de";
|
|
};
|
|
inherit (cfg) hostName;
|
|
};
|
|
jitsi-videobridge = {
|
|
openFirewall = true;
|
|
nat = {
|
|
publicAddress = "130.83.2.184";
|
|
inherit (cfg) localAddress;
|
|
};
|
|
};
|
|
#We are behind a reverse proxy that handles TLS
|
|
nginx.virtualHosts."${cfg.hostName}" = {
|
|
enableACME = false;
|
|
forceSSL = false;
|
|
};
|
|
};
|
|
environment.persistence.${config.impermanence.name} = {
|
|
directories = [
|
|
"/var/lib/jitsi-meet"
|
|
"/var/lib/prosody"
|
|
];
|
|
};
|
|
#The network ports for HTTP(S) are not opened automatically
|
|
networking.firewall.allowedTCPPorts = [80 443];
|
|
};
|
|
}
|