diff options
Diffstat (limited to 'nixos/modules/services/web-apps/jitsi-meet.nix')
-rw-r--r-- | nixos/modules/services/web-apps/jitsi-meet.nix | 71 |
1 files changed, 66 insertions, 5 deletions
diff --git a/nixos/modules/services/web-apps/jitsi-meet.nix b/nixos/modules/services/web-apps/jitsi-meet.nix index 2eacd87ae6f..8dc611c32e3 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.nix +++ b/nixos/modules/services/web-apps/jitsi-meet.nix @@ -38,6 +38,10 @@ let }; bosh = "//${cfg.hostName}/http-bind"; websocket = "wss://${cfg.hostName}/xmpp-websocket"; + + fileRecordingsEnabled = true; + liveStreamingEnabled = true; + hiddenDomain = "recorder.${cfg.hostName}"; }; in { @@ -130,6 +134,18 @@ in ''; }; + jibri.enable = mkOption { + type = bool; + default = false; + description = '' + Whether to enable a Jibri instance and configure it to connect to Prosody. + + Although additional configuration is possible with <option>services.jibri</option>, this is + currently not very supported and most users will only want to edit the finalize recordings + script at <option>services.jibri.finalizeScript</option>. + ''; + }; + nginx.enable = mkOption { type = bool; default = true; @@ -229,6 +245,14 @@ in key = "/var/lib/jitsi-meet/jitsi-meet.key"; }; }; + virtualHosts."recorder.${cfg.hostName}" = { + enabled = true; + domain = "recorder.${cfg.hostName}"; + extraConfig = '' + authentication = "internal_plain" + c2s_require_encryption = false + ''; + }; }; systemd.services.prosody.serviceConfig = mkIf cfg.prosody.enable { EnvironmentFile = [ "/var/lib/jitsi-meet/secrets-env" ]; @@ -243,12 +267,13 @@ in systemd.services.jitsi-meet-init-secrets = { wantedBy = [ "multi-user.target" ]; before = [ "jicofo.service" "jitsi-videobridge2.service" ] ++ (optional cfg.prosody.enable "prosody.service"); + path = [ config.services.prosody.package ]; serviceConfig = { Type = "oneshot"; }; script = let - secrets = [ "jicofo-component-secret" "jicofo-user-secret" ] ++ (optional (cfg.videobridge.passwordFile == null) "videobridge-secret"); + secrets = [ "jicofo-component-secret" "jicofo-user-secret" "jibri-auth-secret" "jibri-recorder-secret" ] ++ (optional (cfg.videobridge.passwordFile == null) "videobridge-secret"); videobridgeSecret = if cfg.videobridge.passwordFile != null then cfg.videobridge.passwordFile else "/var/lib/jitsi-meet/videobridge-secret"; in '' @@ -267,9 +292,11 @@ in chmod 640 secrets-env '' + optionalString cfg.prosody.enable '' - ${config.services.prosody.package}/bin/prosodyctl register focus auth.${cfg.hostName} "$(cat /var/lib/jitsi-meet/jicofo-user-secret)" - ${config.services.prosody.package}/bin/prosodyctl register jvb auth.${cfg.hostName} "$(cat ${videobridgeSecret})" - ${config.services.prosody.package}/bin/prosodyctl mod_roster_command subscribe focus.${cfg.hostName} focus@auth.${cfg.hostName} + prosodyctl register focus auth.${cfg.hostName} "$(cat /var/lib/jitsi-meet/jicofo-user-secret)" + prosodyctl register jvb auth.${cfg.hostName} "$(cat ${videobridgeSecret})" + prosodyctl mod_roster_command subscribe focus.${cfg.hostName} focus@auth.${cfg.hostName} + prosodyctl register jibri auth.${cfg.hostName} "$(cat /var/lib/jitsi-meet/jibri-auth-secret)" + prosodyctl register recorder recorder.${cfg.hostName} "$(cat /var/lib/jitsi-meet/jibri-recorder-secret)" # generate self-signed certificates if [ ! -f /var/lib/jitsi-meet.crt ]; then @@ -380,8 +407,42 @@ in userPasswordFile = "/var/lib/jitsi-meet/jicofo-user-secret"; componentPasswordFile = "/var/lib/jitsi-meet/jicofo-component-secret"; bridgeMuc = "jvbbrewery@internal.${cfg.hostName}"; - config = { + config = mkMerge [{ "org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED" = "true"; + } (lib.mkIf cfg.jibri.enable { + "org.jitsi.jicofo.jibri.BREWERY" = "JibriBrewery@internal.${cfg.hostName}"; + "org.jitsi.jicofo.jibri.PENDING_TIMEOUT" = "90"; + })]; + }; + + services.jibri = mkIf cfg.jibri.enable { + enable = true; + + xmppEnvironments."jitsi-meet" = { + xmppServerHosts = [ "localhost" ]; + xmppDomain = cfg.hostName; + + control.muc = { + domain = "internal.${cfg.hostName}"; + roomName = "JibriBrewery"; + nickname = "jibri"; + }; + + control.login = { + domain = "auth.${cfg.hostName}"; + username = "jibri"; + passwordFile = "/var/lib/jitsi-meet/jibri-auth-secret"; + }; + + call.login = { + domain = "recorder.${cfg.hostName}"; + username = "recorder"; + passwordFile = "/var/lib/jitsi-meet/jibri-recorder-secret"; + }; + + usageTimeout = "0"; + disableCertificateVerification = true; + stripFromRoomDomain = "conference."; }; }; }; |