diff options
Diffstat (limited to 'modules/by-name/ji')
| -rw-r--r-- | modules/by-name/ji/jitsi-meet/module.nix | 108 |
1 files changed, 0 insertions, 108 deletions
diff --git a/modules/by-name/ji/jitsi-meet/module.nix b/modules/by-name/ji/jitsi-meet/module.nix deleted file mode 100644 index d5844be..0000000 --- a/modules/by-name/ji/jitsi-meet/module.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.vhack.jitsi-meet; -in { - options.vhack.jitsi-meet = { - enable = lib.mkEnableOption "jitsi-meet"; - - domain = lib.mkOption { - type = lib.types.str; - description = "The domain jitsi-meet should be served on."; - }; - }; - - config = lib.mkIf cfg.enable { - nixpkgs.config.permittedInsecurePackages = [ - # Jitsi uses libolm for E2EE, which is no longer maintained upstream by the element - # team (as they switch to a rust new based crypto library.) - # - # libolm has two CVEs about timing based side-channel attacks in their crypt - # primitives. This is not ideal, but it has not (yet) been exploited in the wild and - # upstream (i.e. the matrix/element team) claims, that the CVEs are very difficult to - # exploit (they have been know _long_ before element switched to the rust version). - # - # Considering the lack of deployable video conferencing alternatives, the active - # interest in upstream to resolve this issue [1] and the fact, that we are unlikely - # to be attacked via a target attack, permitting this package seems viable. - # - # [1]: https://github.com/jitsi/jitsi-meet/issues/15107 - "jitsi-meet-1.0.8043" - ]; - - services = { - nginx.virtualHosts.${cfg.domain} = { - enableACME = true; - forceSSL = true; - }; - - jitsi-meet = { - enable = true; - hostName = cfg.domain; - - nginx.enable = true; - - config = { - enableWelcomePage = true; - requireDisplayName = true; - analytics.disabled = true; - - # Don't try to GET gravata stuff. - disableThirdPartyRequests = true; - - # Avoids a heavy load on conference start. - startAudioOnly = true; - - # Only transmit the last four members. - channelLastN = 4; - - constraints.video.height = { - ideal = 720; - max = 1080; - min = 240; - }; - - remoteVideoMenu.disabled = false; - breakoutRooms.hideAddRoomButton = false; - maxFullResolutionParticipants = 1; - - prejoinPageEnabled = true; - defaultLang = "sv"; - }; - - interfaceConfig = { - GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false; - DISABLE_PRESENCE_STATUS = true; - - SHOW_CHROME_EXTENSION_BANNER = false; - - # The default google play android apps comes with trackers. - MOBILE_DOWNLOAD_LINK_ANDROID = "https://f-droid.org/en/packages/org.jitsi.meet/"; - - # Don't try to promote the mobile app. - MOBILE_APP_PROMO = false; - - SHOW_JITSI_WATERMARK = false; - SHOW_WATERMARK_FOR_GUESTS = false; - }; - - prosody = { - enable = true; - - # We only use prosody for jitsi XMPP communication, and therefore can remove support - # for general XMPP server stuff. - lockdown = true; - }; - }; - - jitsi-videobridge = { - openFirewall = true; - config.videobridge = { - cc.assumed-bandwidth-limit = "1000 Mbps"; - }; - }; - }; - }; -} |