pyrox.dev / nixpkgs
lol
fork atom

jitsi-meet: Add option to disable Prosody services not used by Jitsi Meet

The default Prosody config assumes that Prosody will be used as a federated
XMPP server, while the usecase for Jitsi Meet is much narrower.

Erin Yuki Schlarb 56581588 7ab8f255

options
unified split
Changed files
+31 -2
nixos
modules
services
web-apps
jitsi-meet.md
jitsi-meet.nix
+8
nixos/modules/services/web-apps/jitsi-meet.md 
···

       
19

       
 

       
}


     

       
20

       
 

       
```


     

       
21

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
22

       
 

       
## Configuration {#module-services-jitsi-configuration}


     

       
23

       
 

       



     

       
24

       
 

       
Here is the minimal configuration with additional configurations:


     
···

       
27

       
 

       
  services.jitsi-meet = {


     

       
28

       
 

       
    enable = true;


     

       
29

       
 

       
    hostName = "jitsi.example.com";


     

       

       

       
     

       
30

       
 

       
    config = {


     

       
31

       
 

       
      enableWelcomePage = false;


     

       
32

       
 

       
      prejoinPageEnabled = true;


     
···

       
19

       
 

       
}


     

       
20

       
 

       
```


     

       
21

       
 

       



     

       
22

       
+

       
Jitsi Meet depends on the Prosody XMPP server only for message passing from


     

       
23

       
+

       
the web browser while the default Prosody configuration is intended for use


     

       
24

       
+

       
with standalone XMPP clients and XMPP federation. If you only use Prosody as


     

       
25

       
+

       
a backend for Jitsi Meet it is therefore recommended to also enable


     

       
26

       
+

       
{option}`services.jitsi-meet.prosody.lockdown` option to disable unnecessary


     

       
27

       
+

       
Prosody features such as federation or the file proxy.


     

       
28

       
+

       



     

       
29

       
 

       
## Configuration {#module-services-jitsi-configuration}


     

       
30

       
 

       



     

       
31

       
 

       
Here is the minimal configuration with additional configurations:


     
···

       
34

       
 

       
  services.jitsi-meet = {


     

       
35

       
 

       
    enable = true;


     

       
36

       
 

       
    hostName = "jitsi.example.com";


     

       
37

       
+

       
    prosody.lockdown = true;


     

       
38

       
 

       
    config = {


     

       
39

       
 

       
      enableWelcomePage = false;


     

       
40

       
 

       
      prejoinPageEnabled = true;
+23 -2
nixos/modules/services/web-apps/jitsi-meet.nix 
···

       
175

       
 

       
    prosody.enable = mkOption {


     

       
176

       
 

       
      type = bool;


     

       
177

       
 

       
      default = true;


     

       

       

       
     

       
178

       
 

       
      description = ''


     

       
179

       
 

       
        Whether to configure Prosody to relay XMPP messages between Jitsi Meet components. Turn this


     

       
180

       
 

       
        off if you want to configure it manually.


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
181

       
 

       
      '';


     

       
182

       
 

       
    };


     

       
183

       
 

       



     
···

       
211

       
 

       
        smacks = mkDefault true;


     

       
212

       
 

       
        tls = mkDefault true;


     

       
213

       
 

       
        websocket = mkDefault true;


     

       

       

       
     

       
214

       
 

       
      };


     

       

       

       
     

       

       

       
     

       
215

       
 

       
      muc = [


     

       
216

       
 

       
        {


     

       
217

       
 

       
          domain = "conference.${cfg.hostName}";


     
···

       
300

       
 

       
            muc_component = "conference.${cfg.hostName}"


     

       
301

       
 

       
            breakout_rooms_component = "breakout.${cfg.hostName}"


     

       
302

       
 

       
        '')


     

       
303

       
-

       
        (mkBefore ''


     

       
304

       
 

       
          muc_mapper_domain_base = "${cfg.hostName}"


     

       
305

       
 

       



     

       
306

       
 

       
          cross_domain_websocket = true;


     
···

       
310

       
 

       
            "focus@auth.${cfg.hostName}",


     

       
311

       
 

       
            "jvb@auth.${cfg.hostName}"


     

       
312

       
 

       
          }


     

       
313

       
-

       
        '')


     

       

       

       
     

       

       

       
     

       

       

       
     

       
314

       
 

       
      ];


     

       
315

       
 

       
      virtualHosts.${cfg.hostName} = {


     

       
316

       
 

       
        enabled = true;


     
···

       
175

       
 

       
    prosody.enable = mkOption {


     

       
176

       
 

       
      type = bool;


     

       
177

       
 

       
      default = true;


     

       
178

       
+

       
      example = false;


     

       
179

       
 

       
      description = ''


     

       
180

       
 

       
        Whether to configure Prosody to relay XMPP messages between Jitsi Meet components. Turn this


     

       
181

       
 

       
        off if you want to configure it manually.


     

       
182

       
+

       
      '';


     

       
183

       
+

       
    };


     

       
184

       
+

       
    prosody.lockdown = mkOption {


     

       
185

       
+

       
      type = bool;


     

       
186

       
+

       
      default = false;


     

       
187

       
+

       
      example = true;


     

       
188

       
+

       
      description = ''


     

       
189

       
+

       
        Whether to disable Prosody features not needed by Jitsi Meet.


     

       
190

       
+

       



     

       
191

       
+

       
        The default Prosody configuration assumes that it will be used as a


     

       
192

       
+

       
        general-purpose XMPP server rather than as a companion service for


     

       
193

       
+

       
        Jitsi Meet. This option reconfigures Prosody to only listen on


     

       
194

       
+

       
        localhost without support for TLS termination, XMPP federation or


     

       
195

       
+

       
        the file transfer proxy.


     

       
196

       
 

       
      '';


     

       
197

       
 

       
    };


     

       
198

       
 

       



     
···

       
226

       
 

       
        smacks = mkDefault true;


     

       
227

       
 

       
        tls = mkDefault true;


     

       
228

       
 

       
        websocket = mkDefault true;


     

       
229

       
+

       
        proxy65 = mkIf cfg.prosody.lockdown (mkDefault false);


     

       
230

       
 

       
      };


     

       
231

       
+

       
      httpInterfaces = mkIf cfg.prosody.lockdown (mkDefault [ "127.0.0.1" ]);


     

       
232

       
+

       
      httpsPorts = mkIf cfg.prosody.lockdown (mkDefault []);


     

       
233

       
 

       
      muc = [


     

       
234

       
 

       
        {


     

       
235

       
 

       
          domain = "conference.${cfg.hostName}";


     
···

       
318

       
 

       
            muc_component = "conference.${cfg.hostName}"


     

       
319

       
 

       
            breakout_rooms_component = "breakout.${cfg.hostName}"


     

       
320

       
 

       
        '')


     

       
321

       
+

       
        (mkBefore (''


     

       
322

       
 

       
          muc_mapper_domain_base = "${cfg.hostName}"


     

       
323

       
 

       



     

       
324

       
 

       
          cross_domain_websocket = true;


     
···

       
328

       
 

       
            "focus@auth.${cfg.hostName}",


     

       
329

       
 

       
            "jvb@auth.${cfg.hostName}"


     

       
330

       
 

       
          }


     

       
331

       
+

       
        '' + optionalString cfg.prosody.lockdown ''


     

       
332

       
+

       
          c2s_interfaces = { "127.0.0.1" };


     

       
333

       
+

       
          modules_disabled = { "s2s" };


     

       
334

       
+

       
        ''))


     

       
335

       
 

       
      ];


     

       
336

       
 

       
      virtualHosts.${cfg.hostName} = {


     

       
337

       
 

       
        enabled = true;