···
off if you want to configure it manually.
+
excalidraw.enable = mkEnableOption (lib.mdDoc "Excalidraw collaboration backend for Jitsi");
+
excalidraw.port = mkOption {
+
description = lib.mdDoc ''The port which the Excalidraw backend for Jitsi should listen to.'';
+
secureDomain.enable = mkEnableOption (lib.mdDoc "Authenticated room creation");
config = mkIf cfg.enable {
···
roomDefaultPublicJids = true;
+
restrict_room_creation = true
+
admins = { "focus@auth.${cfg.hostName}" }
+
domain = "breakout.${cfg.hostName}";
+
name = "Jitsi Meet Breakout MUC";
+
roomDefaultPublicJids = true;
+
restrict_room_creation = true
+
admins = { "focus@auth.${cfg.hostName}" }
+
domain = "internal.auth.${cfg.hostName}";
name = "Jitsi Meet Videobridge MUC";
+
roomDefaultPublicJids = true;
admins = { "focus@auth.${cfg.hostName}", "jvb@auth.${cfg.hostName}" }
#-- muc_room_cache_size = 1000
+
domain = "lobby.${cfg.hostName}";
+
name = "Jitsi Meet Lobby MUC";
+
roomDefaultPublicJids = true;
+
restrict_room_creation = true
extraPluginPaths = [ "${pkgs.jitsi-meet-prosody}/share/prosody-plugins" ];
+
extraConfig = lib.mkMerge [
+
Component "focus.${cfg.hostName}" "client_proxy"
+
target_address = "focus@auth.${cfg.hostName}"
+
Component "speakerstats.${cfg.hostName}" "speakerstats_component"
+
muc_component = "conference.${cfg.hostName}"
+
Component "conferenceduration.${cfg.hostName}" "conference_duration_component"
+
muc_component = "conference.${cfg.hostName}"
+
Component "endconference.${cfg.hostName}" "end_conference"
+
muc_component = "conference.${cfg.hostName}"
+
Component "avmoderation.${cfg.hostName}" "av_moderation_component"
+
muc_component = "conference.${cfg.hostName}"
+
Component "metadata.${cfg.hostName}" "room_metadata_component"
+
muc_component = "conference.${cfg.hostName}"
+
breakout_rooms_component = "breakout.${cfg.hostName}"
+
muc_mapper_domain_base = "${cfg.hostName}"
cross_domain_websocket = true;
consider_websocket_secure = true;
+
"focus@auth.${cfg.hostName}",
+
"jvb@auth.${cfg.hostName}"
virtualHosts.${cfg.hostName} = {
+
authentication = ${if cfg.secureDomain.enable then "\"internal_hashed\"" else "\"jitsi-anonymous\""}
c2s_require_encryption = false
admins = { "focus@auth.${cfg.hostName}" }
smacks_max_unacked_stanzas = 5
smacks_hibernation_time = 60
smacks_max_hibernated_sessions = 1
smacks_max_old_sessions = 1
+
av_moderation_component = "avmoderation.${cfg.hostName}"
+
speakerstats_component = "speakerstats.${cfg.hostName}"
+
conference_duration_component = "conferenceduration.${cfg.hostName}"
+
end_conference_component = "endconference.${cfg.hostName}"
+
c2s_require_encryption = false
+
lobby_muc = "lobby.${cfg.hostName}"
+
breakout_rooms_muc = "breakout.${cfg.hostName}"
+
room_metadata_component = "metadata.${cfg.hostName}"
+
main_muc = "conference.${cfg.hostName}"
cert = "/var/lib/jitsi-meet/jitsi-meet.crt";
···
domain = "auth.${cfg.hostName}";
+
authentication = "internal_hashed"
cert = "/var/lib/jitsi-meet/jitsi-meet.crt";
···
c2s_require_encryption = false
+
virtualHosts."guest.${cfg.hostName}" = {
+
domain = "guest.${cfg.hostName}";
+
authentication = "anonymous"
+
c2s_require_encryption = false
systemd.services.prosody = mkIf cfg.prosody.enable {
···
+
users.groups.jitsi-meet = { };
systemd.tmpfiles.rules = [
"d '/var/lib/jitsi-meet' 0750 root jitsi-meet - -"
···
+
systemd.services.jitsi-excalidraw = mkIf cfg.excalidraw.enable {
+
description = "Excalidraw collaboration backend for Jitsi";
+
after = [ "network.target" ];
+
wantedBy = [ "multi-user.target" ];
+
environment.PORT = toString cfg.excalidraw.port;
+
ExecStart = "${pkgs.jitsi-excalidraw}/bin/jitsi-excalidraw-backend";
+
Restart = "on-failure";
services.nginx = mkIf cfg.nginx.enable {
virtualHosts.${cfg.hostName} = {
···
locations."=/external_api.js" = mkDefault {
alias = "${pkgs.jitsi-meet}/libs/external_api.min.js";
+
locations."=/_api/room-info" = {
+
proxyPass = "http://localhost:5280/room-info";
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
proxy_set_header Host $host;
locations."=/config.js" = mkDefault {
alias = overrideJs "${pkgs.jitsi-meet}/config.js" "config" (recursiveUpdate defaultCfg cfg.config) cfg.extraConfig;
locations."=/interface_config.js" = mkDefault {
alias = overrideJs "${pkgs.jitsi-meet}/interface_config.js" "interfaceConfig" cfg.interfaceConfig "";
+
locations."/socket.io/" = mkIf cfg.excalidraw.enable {
+
proxyPass = "http://127.0.0.1:${toString cfg.excalidraw.port}";
+
proxyWebsockets = true;
···
virtualHosts.${cfg.hostName} = {
+
templatedJitsiMeet = pkgs.runCommand "templated-jitsi-meet" { } ''
cp -R ${pkgs.jitsi-meet}/* .
for file in *.html **/*.html ; do
${pkgs.sd}/bin/sd '<!--#include virtual="(.*)" -->' '{{ include "$1" }}' $file
···
+
services.jitsi-meet.config = recursiveUpdate
+
(mkIf cfg.excalidraw.enable {
+
collabServerBaseUrl = "https://${cfg.hostName}";
+
(mkIf cfg.secureDomain.enable {
+
hosts.anonymousdomain = "guest.${cfg.hostName}";
services.jitsi-videobridge = mkIf cfg.videobridge.enable {
xmppConfigs."localhost" = {
domain = "auth.${cfg.hostName}";
passwordFile = "/var/lib/jitsi-meet/videobridge-secret";
+
mucJids = "jvbbrewery@internal.auth.${cfg.hostName}";
disableCertificateVerification = true;
···
userPasswordFile = "/var/lib/jitsi-meet/jicofo-user-secret";
componentPasswordFile = "/var/lib/jitsi-meet/jicofo-component-secret";
+
bridgeMuc = "jvbbrewery@internal.auth.${cfg.hostName}";
jicofo.xmpp.service.disable-certificate-verification = true;
jicofo.xmpp.client.disable-certificate-verification = true;
+
(lib.mkIf (config.services.jibri.enable || cfg.jibri.enable) {
+
brewery-jid = "JibriBrewery@internal.auth.${cfg.hostName}";
+
pending-timeout = "90";
+
(lib.mkIf cfg.secureDomain.enable {
+
login-url = cfg.hostName;
+
xmpp.client.client-proxy = "focus.${cfg.hostName}";
services.jibri = mkIf cfg.jibri.enable {
···
xmppDomain = cfg.hostName;
+
domain = "internal.auth.${cfg.hostName}";
roomName = "JibriBrewery";
pyrox.dev