diff options
| author | genesis <camillemondon@free.fr> | 2023-04-22 10:39:02 +0200 |
|---|---|---|
| committer | genesis <camillemondon@free.fr> | 2023-05-02 11:45:10 +0200 |
| commit | 1f438f858fea2cb895c337ff22e5d9c199e31176 (patch) | |
| tree | 307f31e877824c80c86e320f8f6fbbfd78bca110 /nixos | |
| parent | 84ab09c3b12ce4691b8ab5a2c48b8a8801f1d72a (diff) | |
| download | nixpkgs-1f438f858fea2cb895c337ff22e5d9c199e31176.tar nixpkgs-1f438f858fea2cb895c337ff22e5d9c199e31176.tar.gz nixpkgs-1f438f858fea2cb895c337ff22e5d9c199e31176.tar.bz2 nixpkgs-1f438f858fea2cb895c337ff22e5d9c199e31176.tar.lz nixpkgs-1f438f858fea2cb895c337ff22e5d9c199e31176.tar.xz nixpkgs-1f438f858fea2cb895c337ff22e5d9c199e31176.tar.zst nixpkgs-1f438f858fea2cb895c337ff22e5d9c199e31176.zip | |
nixos/jitsi-meet: support secure domain setup
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/web-apps/jitsi-meet.nix | 52 |
1 files changed, 38 insertions, 14 deletions
diff --git a/nixos/modules/services/web-apps/jitsi-meet.nix b/nixos/modules/services/web-apps/jitsi-meet.nix index 6f60b9d057a..f2cfdf10fc7 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.nix +++ b/nixos/modules/services/web-apps/jitsi-meet.nix @@ -176,6 +176,8 @@ in default = 3002; description = lib.mdDoc ''The port which the Excalidraw backend for Jitsi should listen to.''; }; + + secureDomain.enable = mkEnableOption (lib.mdDoc "Authenticated room creation"); }; config = mkIf cfg.enable { @@ -293,7 +295,7 @@ in enabled = true; domain = cfg.hostName; extraConfig = '' - authentication = "jitsi-anonymous" + authentication = ${if cfg.secureDomain.enable then "\"internal_hashed\"" else "\"jitsi-anonymous\""} c2s_require_encryption = false admins = { "focus@auth.${cfg.hostName}" } smacks_max_unacked_stanzas = 5 @@ -336,6 +338,14 @@ in c2s_require_encryption = false ''; }; + virtualHosts."guest.${cfg.hostName}" = { + enabled = true; + domain = "guest.${cfg.hostName}"; + extraConfig = '' + authentication = "anonymous" + c2s_require_encryption = false + ''; + }; }; systemd.services.prosody = mkIf cfg.prosody.enable { preStart = let @@ -499,12 +509,16 @@ in }; }; - services.jitsi-meet.config = mkIf cfg.excalidraw.enable { - whiteboard = { - enabled = true; - collabServerBaseUrl = "https://${cfg.hostName}"; - }; - }; + services.jitsi-meet.config = recursiveUpdate + (mkIf cfg.excalidraw.enable { + whiteboard = { + enabled = true; + collabServerBaseUrl = "https://${cfg.hostName}"; + }; + }) + (mkIf cfg.secureDomain.enable { + hosts.anonymousdomain = "guest.${cfg.hostName}"; + }); services.jitsi-videobridge = mkIf cfg.videobridge.enable { enable = true; @@ -529,13 +543,23 @@ in config = mkMerge [{ jicofo.xmpp.service.disable-certificate-verification = true; jicofo.xmpp.client.disable-certificate-verification = true; - #} (lib.mkIf cfg.jibri.enable { - } (lib.mkIf (config.services.jibri.enable || cfg.jibri.enable) { - jicofo.jibri = { - brewery-jid = "JibriBrewery@internal.auth.${cfg.hostName}"; - pending-timeout = "90"; - }; - })]; + } + (lib.mkIf (config.services.jibri.enable || cfg.jibri.enable) { + jicofo.jibri = { + brewery-jid = "JibriBrewery@internal.auth.${cfg.hostName}"; + pending-timeout = "90"; + }; + }) + (lib.mkIf cfg.secureDomain.enable { + jicofo = { + authentication = { + enabled = "true"; + type = "XMPP"; + login-url = cfg.hostName; + }; + xmpp.client.client-proxy = "focus.${cfg.hostName}"; + }; + })]; }; services.jibri = mkIf cfg.jibri.enable { |