From 9b62cda8c0fa81ca74212e1d3d9a9d0f7d94f54e Mon Sep 17 00:00:00 2001 From: "Janik H." Date: Fri, 22 Mar 2024 11:47:23 +0100 Subject: [PATCH] non-critical-infra: init jitsi This commit sets up jitsi for the nixos-org. The jitsi config has the lobby enabled for every-room by-default, this means only people that get access will be able to join. Access control is done using the `Secure Domain Lobby Bypass` plugin and should be changed to `Token Lobby Bypass` once we have a IDP. --- .../hosts/caliban.nixos.org/default.nix | 1 + non-critical-infra/modules/jitsi.nix | 59 +++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 non-critical-infra/modules/jitsi.nix diff --git a/non-critical-infra/hosts/caliban.nixos.org/default.nix b/non-critical-infra/hosts/caliban.nixos.org/default.nix index d56965e7..d1abaa06 100644 --- a/non-critical-infra/hosts/caliban.nixos.org/default.nix +++ b/non-critical-infra/hosts/caliban.nixos.org/default.nix @@ -9,6 +9,7 @@ ../../modules/first-time-contribution-tagger.nix ../../modules/backup.nix ../../modules/vaultwarden.nix + ../../modules/jitsi.nix ]; # Bootloader. diff --git a/non-critical-infra/modules/jitsi.nix b/non-critical-infra/modules/jitsi.nix new file mode 100644 index 00000000..6d4475b1 --- /dev/null +++ b/non-critical-infra/modules/jitsi.nix @@ -0,0 +1,59 @@ +{ pkgs, ... }: +{ + services.jitsi-meet = { + enable = true; + hostName = "jitsi.nixos.org"; + config = { + enableWelcomePage = true; + requireDisplayName = true; + analytics.disabled = true; + startAudioOnly = true; + channelLastN = 4; + lobby = { + autoKnock = true; + enableChat = false; + }; + stunServers = [ + { urls = "turn:turn.matrix.org:3478?transport=udp"; } + { urls = "turn:turn.matrix.org:3478?transport=tcp"; } + ]; + constraints.video.height = { + ideal = 720; + max = 1080; + min = 240; + }; + remoteVideoMenu.disabled = false; + breakoutRooms.hideAddRoomButton = false; + maxFullResolutionParticipants = 1; + }; + updateMucs = { + "conference.jitsi.nixos.org".extraModules = [ + "muc_mam" + "vcard_muc" + "lobby_autostart" + "secure_domain_lobby_bypass" + ]; + }; + + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false; + DISABLE_PRESENCE_STATUS = true; + }; + secureDomain.enable = true; + }; + + services.prosody.extraPluginPaths = [ + "${pkgs.jitsi-prosody-plugins}/lobby_autostart" + "${pkgs.jitsi-prosody-plugins}/secure_domain_lobby_bypass" + ]; + + services.prosody.extraModules = [ "muc_lobby_rooms" "persistent_lobby" "lobby_autostart" ]; + services.prosody.virtualHosts."jitsi.nixos.org".extraConfig = '' + modules_enabled = { + "muc_lobby_rooms"; + "persistent_lobby"; + } + ''; +}