···
off if you want to configure it manually.
173
+
excalidraw.enable = mkEnableOption (lib.mdDoc "Excalidraw collaboration backend for Jitsi");
174
+
excalidraw.port = mkOption {
177
+
description = lib.mdDoc ''The port which the Excalidraw backend for Jitsi should listen to.'';
180
+
secureDomain.enable = mkEnableOption (lib.mdDoc "Authenticated room creation");
config = mkIf cfg.enable {
···
roomDefaultPublicJids = true;
204
+
restrict_room_creation = true
206
+
admins = { "focus@auth.${cfg.hostName}" }
199
-
domain = "internal.${cfg.hostName}";
210
+
domain = "breakout.${cfg.hostName}";
211
+
name = "Jitsi Meet Breakout MUC";
212
+
roomLocking = false;
213
+
roomDefaultPublicJids = true;
215
+
restrict_room_creation = true
217
+
admins = { "focus@auth.${cfg.hostName}" }
221
+
domain = "internal.auth.${cfg.hostName}";
name = "Jitsi Meet Videobridge MUC";
223
+
roomLocking = false;
224
+
roomDefaultPublicJids = true;
admins = { "focus@auth.${cfg.hostName}", "jvb@auth.${cfg.hostName}" }
#-- muc_room_cache_size = 1000
232
+
domain = "lobby.${cfg.hostName}";
233
+
name = "Jitsi Meet Lobby MUC";
234
+
roomLocking = false;
235
+
roomDefaultPublicJids = true;
237
+
restrict_room_creation = true
208
-
extraModules = [ "pubsub" "smacks" ];
246
+
"external_services"
247
+
"conference_duration"
250
+
"muc_breakout_rooms"
254
+
"muc_domain_mapper"
extraPluginPaths = [ "${pkgs.jitsi-meet-prosody}/share/prosody-plugins" ];
210
-
extraConfig = lib.mkMerge [ (mkAfter ''
211
-
Component "focus.${cfg.hostName}" "client_proxy"
212
-
target_address = "focus@auth.${cfg.hostName}"
261
+
extraConfig = lib.mkMerge [
263
+
Component "focus.${cfg.hostName}" "client_proxy"
264
+
target_address = "focus@auth.${cfg.hostName}"
266
+
Component "speakerstats.${cfg.hostName}" "speakerstats_component"
267
+
muc_component = "conference.${cfg.hostName}"
269
+
Component "conferenceduration.${cfg.hostName}" "conference_duration_component"
270
+
muc_component = "conference.${cfg.hostName}"
272
+
Component "endconference.${cfg.hostName}" "end_conference"
273
+
muc_component = "conference.${cfg.hostName}"
275
+
Component "avmoderation.${cfg.hostName}" "av_moderation_component"
276
+
muc_component = "conference.${cfg.hostName}"
278
+
Component "metadata.${cfg.hostName}" "room_metadata_component"
279
+
muc_component = "conference.${cfg.hostName}"
280
+
breakout_rooms_component = "breakout.${cfg.hostName}"
283
+
muc_mapper_domain_base = "${cfg.hostName}"
cross_domain_websocket = true;
consider_websocket_secure = true;
289
+
"focus@auth.${cfg.hostName}",
290
+
"jvb@auth.${cfg.hostName}"
virtualHosts.${cfg.hostName} = {
223
-
authentication = "anonymous"
298
+
authentication = ${if cfg.secureDomain.enable then "\"internal_hashed\"" else "\"jitsi-anonymous\""}
c2s_require_encryption = false
admins = { "focus@auth.${cfg.hostName}" }
smacks_max_unacked_stanzas = 5
smacks_hibernation_time = 60
smacks_max_hibernated_sessions = 1
smacks_max_old_sessions = 1
306
+
av_moderation_component = "avmoderation.${cfg.hostName}"
307
+
speakerstats_component = "speakerstats.${cfg.hostName}"
308
+
conference_duration_component = "conferenceduration.${cfg.hostName}"
309
+
end_conference_component = "endconference.${cfg.hostName}"
311
+
c2s_require_encryption = false
312
+
lobby_muc = "lobby.${cfg.hostName}"
313
+
breakout_rooms_muc = "breakout.${cfg.hostName}"
314
+
room_metadata_component = "metadata.${cfg.hostName}"
315
+
main_muc = "conference.${cfg.hostName}"
cert = "/var/lib/jitsi-meet/jitsi-meet.crt";
···
domain = "auth.${cfg.hostName}";
240
-
authentication = "internal_plain"
326
+
authentication = "internal_hashed"
cert = "/var/lib/jitsi-meet/jitsi-meet.crt";
···
c2s_require_encryption = false
341
+
virtualHosts."guest.${cfg.hostName}" = {
343
+
domain = "guest.${cfg.hostName}";
345
+
authentication = "anonymous"
346
+
c2s_require_encryption = false
systemd.services.prosody = mkIf cfg.prosody.enable {
···
273
-
users.groups.jitsi-meet = {};
367
+
users.groups.jitsi-meet = { };
systemd.tmpfiles.rules = [
"d '/var/lib/jitsi-meet' 0750 root jitsi-meet - -"
···
414
+
systemd.services.jitsi-excalidraw = mkIf cfg.excalidraw.enable {
415
+
description = "Excalidraw collaboration backend for Jitsi";
416
+
after = [ "network.target" ];
417
+
wantedBy = [ "multi-user.target" ];
418
+
environment.PORT = toString cfg.excalidraw.port;
422
+
ExecStart = "${pkgs.jitsi-excalidraw}/bin/jitsi-excalidraw-backend";
423
+
Restart = "on-failure";
424
+
Group = "jitsi-meet";
services.nginx = mkIf cfg.nginx.enable {
virtualHosts.${cfg.hostName} = {
···
locations."=/external_api.js" = mkDefault {
alias = "${pkgs.jitsi-meet}/libs/external_api.min.js";
456
+
locations."=/_api/room-info" = {
457
+
proxyPass = "http://localhost:5280/room-info";
459
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
460
+
proxy_set_header Host $host;
locations."=/config.js" = mkDefault {
alias = overrideJs "${pkgs.jitsi-meet}/config.js" "config" (recursiveUpdate defaultCfg cfg.config) cfg.extraConfig;
locations."=/interface_config.js" = mkDefault {
alias = overrideJs "${pkgs.jitsi-meet}/interface_config.js" "interfaceConfig" cfg.interfaceConfig "";
469
+
locations."/socket.io/" = mkIf cfg.excalidraw.enable {
470
+
proxyPass = "http://127.0.0.1:${toString cfg.excalidraw.port}";
471
+
proxyWebsockets = true;
···
virtualHosts.${cfg.hostName} = {
362
-
templatedJitsiMeet = pkgs.runCommand "templated-jitsi-meet" {} ''
481
+
templatedJitsiMeet = pkgs.runCommand "templated-jitsi-meet" { } ''
cp -R ${pkgs.jitsi-meet}/* .
for file in *.html **/*.html ; do
${pkgs.sd}/bin/sd '<!--#include virtual="(.*)" -->' '{{ include "$1" }}' $file
···
512
+
services.jitsi-meet.config = recursiveUpdate
513
+
(mkIf cfg.excalidraw.enable {
516
+
collabServerBaseUrl = "https://${cfg.hostName}";
519
+
(mkIf cfg.secureDomain.enable {
520
+
hosts.anonymousdomain = "guest.${cfg.hostName}";
services.jitsi-videobridge = mkIf cfg.videobridge.enable {
xmppConfigs."localhost" = {
domain = "auth.${cfg.hostName}";
passwordFile = "/var/lib/jitsi-meet/videobridge-secret";
399
-
mucJids = "jvbbrewery@internal.${cfg.hostName}";
529
+
mucJids = "jvbbrewery@internal.auth.${cfg.hostName}";
disableCertificateVerification = true;
···
userPasswordFile = "/var/lib/jitsi-meet/jicofo-user-secret";
componentPasswordFile = "/var/lib/jitsi-meet/jicofo-component-secret";
412
-
bridgeMuc = "jvbbrewery@internal.${cfg.hostName}";
542
+
bridgeMuc = "jvbbrewery@internal.auth.${cfg.hostName}";
jicofo.xmpp.service.disable-certificate-verification = true;
jicofo.xmpp.client.disable-certificate-verification = true;
416
-
#} (lib.mkIf cfg.jibri.enable {
417
-
} (lib.mkIf (config.services.jibri.enable || cfg.jibri.enable) {
419
-
brewery-jid = "JibriBrewery@internal.${cfg.hostName}";
420
-
pending-timeout = "90";
547
+
(lib.mkIf (config.services.jibri.enable || cfg.jibri.enable) {
549
+
brewery-jid = "JibriBrewery@internal.auth.${cfg.hostName}";
550
+
pending-timeout = "90";
553
+
(lib.mkIf cfg.secureDomain.enable {
558
+
login-url = cfg.hostName;
560
+
xmpp.client.client-proxy = "focus.${cfg.hostName}";
services.jibri = mkIf cfg.jibri.enable {
···
xmppDomain = cfg.hostName;
433
-
domain = "internal.${cfg.hostName}";
573
+
domain = "internal.auth.${cfg.hostName}";
roomName = "JibriBrewery";
pyrox.dev