Revert "{modules,test}/jitsi-meet: Init"

This reverts commit 8040a61b373621e3e8a3684aecbb5cbf66d895c7. Jitsi did not work, and I think that it will need a better approach than this (i.e., updates to the NixOS module).
author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-08-03 13:43:21 +0200
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-08-04 20:48:32 +0200
commit: 017baa8d9bf137f1539ac953a33891835a61066c (patch)
tree: 28886f7a713f6cd6490b58766d0efb8daba31e77
parent: modules/grocy: Init (diff)
download: nixos-server-017baa8d9bf137f1539ac953a33891835a61066c.zip
3 files changed, 0 insertions, 215 deletions
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix
index a492aed..65e3b24 100644
--- a/hosts/by-name/server2/configuration.nix
+++ b/hosts/by-name/server2/configuration.nix
@@ -57,10 +57,6 @@
         "invidious-router.sils.li"
       ];
     };
-    jitsi-meet = {
-      enable = true;
-      domain = "jitsi-meet.vhack.eu";
-    };
     mail = {
       enable = true;
       fqdn = "mail.foss-syndicate.org";
diff --git a/modules/by-name/ji/jitsi-meet/module.nix b/modules/by-name/ji/jitsi-meet/module.nix
deleted file mode 100644
index d5844be..0000000
--- a/modules/by-name/ji/jitsi-meet/module.nix
+++ /dev/null
@@ -1,108 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.vhack.jitsi-meet;
-in {
-  options.vhack.jitsi-meet = {
-    enable = lib.mkEnableOption "jitsi-meet";
-
-    domain = lib.mkOption {
-      type = lib.types.str;
-      description = "The domain jitsi-meet should be served on.";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    nixpkgs.config.permittedInsecurePackages = [
-      # Jitsi uses libolm for E2EE, which is no longer maintained upstream by the element
-      # team (as they switch to a rust new based crypto library.)
-      #
-      # libolm has two CVEs about timing based side-channel attacks in their crypt
-      # primitives. This is not ideal, but it has not (yet) been exploited in the wild and
-      # upstream (i.e. the matrix/element team) claims, that the CVEs are very difficult to
-      # exploit (they have been know _long_ before element switched to the rust version).
-      #
-      # Considering the lack of deployable video conferencing alternatives, the active
-      # interest in upstream to resolve this issue [1] and the fact, that we are unlikely
-      # to be attacked via a target attack, permitting this package seems viable.
-      #
-      # [1]: https://github.com/jitsi/jitsi-meet/issues/15107
-      "jitsi-meet-1.0.8043"
-    ];
-
-    services = {
-      nginx.virtualHosts.${cfg.domain} = {
-        enableACME = true;
-        forceSSL = true;
-      };
-
-      jitsi-meet = {
-        enable = true;
-        hostName = cfg.domain;
-
-        nginx.enable = true;
-
-        config = {
-          enableWelcomePage = true;
-          requireDisplayName = true;
-          analytics.disabled = true;
-
-          # Don't try to GET gravata stuff.
-          disableThirdPartyRequests = true;
-
-          # Avoids a heavy load on conference start.
-          startAudioOnly = true;
-
-          # Only transmit the last four members.
-          channelLastN = 4;
-
-          constraints.video.height = {
-            ideal = 720;
-            max = 1080;
-            min = 240;
-          };
-
-          remoteVideoMenu.disabled = false;
-          breakoutRooms.hideAddRoomButton = false;
-          maxFullResolutionParticipants = 1;
-
-          prejoinPageEnabled = true;
-          defaultLang = "sv";
-        };
-
-        interfaceConfig = {
-          GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false;
-          DISABLE_PRESENCE_STATUS = true;
-
-          SHOW_CHROME_EXTENSION_BANNER = false;
-
-          # The default google play android apps comes with trackers.
-          MOBILE_DOWNLOAD_LINK_ANDROID = "https://f-droid.org/en/packages/org.jitsi.meet/";
-
-          # Don't try to promote the mobile app.
-          MOBILE_APP_PROMO = false;
-
-          SHOW_JITSI_WATERMARK = false;
-          SHOW_WATERMARK_FOR_GUESTS = false;
-        };
-
-        prosody = {
-          enable = true;
-
-          # We only use prosody for jitsi XMPP communication, and therefore can remove support
-          # for general XMPP server stuff.
-          lockdown = true;
-        };
-      };
-
-      jitsi-videobridge = {
-        openFirewall = true;
-        config.videobridge = {
-          cc.assumed-bandwidth-limit = "1000 Mbps";
-        };
-      };
-    };
-  };
-}
diff --git a/tests/by-name/ji/jitsi-meet/test.nix b/tests/by-name/ji/jitsi-meet/test.nix
deleted file mode 100644
index 76d8539..0000000
--- a/tests/by-name/ji/jitsi-meet/test.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{
-  nixos-lib,
-  pkgsUnstable,
-  nixpkgs-unstable,
-  vhackPackages,
-  pkgs,
-  extraModules,
-  nixLib,
-  ...
-}:
-nixos-lib.runTest {
-  hostPkgs = pkgs;
-
-  name = "jitsi-meet";
-
-  node = {
-    specialArgs = {inherit pkgsUnstable extraModules vhackPackages nixpkgs-unstable nixLib;};
-
-    # Use the nixpkgs as constructed by the `nixpkgs.*` options
-    pkgs = null;
-  };
-
-  nodes = {
-    acme = {...}: {
-      imports = [
-        ../../../common/acme/server.nix
-        ../../../common/dns/client.nix
-      ];
-    };
-    name_server = {nodes, ...}: {
-      imports =
-        extraModules
-        ++ [
-          ../../../common/acme/client.nix
-          ../../../common/dns/server.nix
-        ];
-
-      vhack.dns.zones = {
-        "jitsi-meet.server" = {
-          SOA = {
-            nameServer = "ns";
-            adminEmail = "admin@server.com";
-            serial = 2025012301;
-          };
-          useOrigin = false;
-
-          A = [
-            nodes.server.networking.primaryIPAddress
-          ];
-          AAAA = [
-            nodes.server.networking.primaryIPv6Address
-          ];
-        };
-      };
-    };
-
-    server = {config, ...}: {
-      imports =
-        extraModules
-        ++ [
-          ../../../../modules
-          ../../../common/acme/client.nix
-          ../../../common/dns/client.nix
-        ];
-
-      vhack = {
-        nginx.enable = true;
-        jitsi-meet = {
-          enable = true;
-          domain = "jitsi-meet.server";
-        };
-      };
-    };
-
-    client = {...}: {
-      imports = [
-        ../../../common/acme/client.nix
-        ../../../common/dns/client.nix
-      ];
-    };
-  };
-
-  testScript = {nodes, ...}: let
-    acme = import ../../../common/acme {inherit pkgs;};
-  in
-    acme.prepare ["server" "client"]
-    # Python
-    ''
-      server.wait_for_unit("jitsi-videobridge.service")
-      server.wait_for_unit("jitsi-videobridge2.service")
-
-      with subtest("All services running"):
-        import json
-        def all_services_running(host):
-          (status, output) = host.systemctl("list-units --state=failed --plain --no-pager --output=json")
-          host_failed = json.loads(output)
-          assert len(host_failed) == 0, f"Expected zero failing services, but found: {json.dumps(host_failed, indent=4)}"
-        all_services_running(server)
-
-      client.wait_until_succeeds("curl --silent https://jitsi-meet.server")
-      client.succeed("curl --silent https://jitsi-meet.server | grep 'Join a WebRTC video conference'")
-    '';
-}
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-08-03 13:43:21 +0200
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-08-04 20:48:32 +0200
commit	017baa8d9bf137f1539ac953a33891835a61066c (patch)
tree	28886f7a713f6cd6490b58766d0efb8daba31e77
parent	modules/grocy: Init (diff)
download	nixos-server-017baa8d9bf137f1539ac953a33891835a61066c.zip