From 222f1e92dbc10aa389f712ae0d345befe4e5423f Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Wed, 22 Feb 2023 07:27:10 +0100
Subject: l orange.r: add coms service, proxy via neoprism.r

---
 lass/2configs/services/coms/jitsi.nix | 43 +++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 lass/2configs/services/coms/jitsi.nix

(limited to 'lass/2configs/services/coms/jitsi.nix')

diff --git a/lass/2configs/services/coms/jitsi.nix b/lass/2configs/services/coms/jitsi.nix
new file mode 100644
index 000000000..bbcb36166
--- /dev/null
+++ b/lass/2configs/services/coms/jitsi.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+{
+
+  services.jitsi-meet = {
+    enable = true;
+    hostName = "jitsi.lassul.us";
+    config = {
+      enableWelcomePage = true;
+      requireDisplayName = true;
+      analytics.disabled = true;
+      startAudioOnly = true;
+      channelLastN = 4;
+      stunServers = [
+        # - https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/
+        { urls = "turn:turn.matrix.org:3478?transport=udp"; }
+        { urls = "turn:turn.matrix.org:3478?transport=tcp"; }
+        # - services.coturn:
+        #{ urls = "turn:turn.${domainName}:3479?transport=udp"; }
+        #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; }
+      ];
+      constraints.video.height = {
+        ideal = 720;
+        max = 1080;
+        min = 240;
+      };
+    };
+    interfaceConfig = {
+      SHOW_JITSI_WATERMARK = false;
+      SHOW_WATERMARK_FOR_GUESTS = false;
+      DISABLE_PRESENCE_STATUS = true;
+      GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false;
+    };
+  };
+
+  services.jitsi-videobridge.config = {
+    org.jitsi.videobridge.TRUST_BWE = false;
+  };
+
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; }
+    { predicate = "-p udp --dport 10000"; target = "ACCEPT"; }
+  ];
+}
-- 
cgit v1.2.3