jitsi-meet nix docker

jitsi-meet.nix

{ config, pkgs, lib, ... }:
with lib;
let
  dockerDir = "${config.hostParams.jitsiMeetUser.home}/docker-jitsi-meet";
  configDir = "${config.hostParams.jitsiMeetUser.home}/jitsi-meet-cfg";

  setupJitsiMeet = pkgs.writeShellScriptBin "setupJitsiMeet" ''
    if test -e ${dockerDir}; then
      rm -rf ${dockerDir}
    fi
    ${pkgs.git}/bin/git clone https://github.com/jitsi/docker-jitsi-meet.git --branch stable-9111 --single-branch \
      ${dockerDir}
    mkdir -p ${configDir}/{web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
  '';

  jitsiMeetConfFile = pkgs.writeTextFile {
    name = "jitsiMeetConfFile";
    text = builtins.readFile ./env.conf;
    destination = "/conf/env.conf";
  };

  writeJitsiConf = pkgs.writeShellScriptBin "writeJitsiConf" ''
    jicofo_auth_password=$(cat "${config.sops.secrets.jicofo_auth_password.path}")
    jvb_auth_passwword=$(cat "${config.sops.secrets.jvb_auth_passwword.path}")
    jigasi_xmpp_password=$(cat "${config.sops.secrets.jigasi_xmpp_password.path}")
    jibri_recorder_password=$(cat "${config.sops.secrets.jibri_recorder_password.path}")
    jibri_xmpp_password=$(cat "${config.sops.secrets.jibri_xmpp_password.path}")
    jwt_app_id=$(cat "${config.sops.secrets.jwt_app_id.path}")
    jwt_app_secret=$(cat "${config.sops.secrets.jwt_app_secret.path}")
    ${pkgs.gnused}/bin/sed \
      -e "s#@jicofo_auth_password@#$jicofo_auth_password#" \
      -e "s#@jvb_auth_passwword@#$jvb_auth_passwword#" \
      -e "s#@jigasi_xmpp_password@#$jigasi_xmpp_password#" \
      -e "s#@jibri_recorder_password@#$jibri_recorder_password#" \
      -e "s#@jibri_xmpp_password@#$jibri_xmpp_password#" \
      -e "s#@jwt_app_id@#$jwt_app_id#" \
      -e "s#@jwt_app_secret@#$jwt_app_secret#" \
      -e "s#@configDir@#${configDir}#" \
      -e "s#@jitsiMeetHostname@#${config.hostParams.jitsiMeetHostname}#" \
      ${jitsiMeetConfFile}/conf/env.conf > ${dockerDir}/.env
    chown ${config.hostParams.jitsiMeetUser.name}:users ${dockerDir}/.env
  '';
in
{

  networking.firewall = {
    allowedTCPPorts = [
      80
      443
    ];
    allowedUDPPorts = [
      10000
    ];
  };

  environment.systemPackages = [
    setupJitsiMeet
    jitsiMeetConfFile
    writeJitsiConf
  ];

  sops.secrets.jicofo_auth_password = {};
  sops.secrets.jvb_auth_passwword = {};
  sops.secrets.jigasi_xmpp_password = {};
  sops.secrets.jibri_recorder_password = {};
  sops.secrets.jibri_xmpp_password = {};
  sops.secrets.jwt_app_id = {};
  sops.secrets.jwt_app_secret = {};

  systemd.services.setupJitsiMeet = {
    enable = true;
    wantedBy = [ "multi-user.target" ];
    description = "setup Jitsi Meet (docker)";
    after = [
      "network-online.target"
    ];
    requires = [
      "network-online.target"
    ];
    serviceConfig = {
      Type = "oneshot";
      User = "${config.hostParams.jitsiMeetUser.name}";
      RemainAfterExit = "yes";
      ExecStart = "${setupJitsiMeet}/bin/setupJitsiMeet";
    };
  };

  systemd.services.writeJitsiConf = {
    enable = true;
    wantedBy = [ "multi-user.target" ];
    description = "write jitsi-meet conf file";
    after = [ "setupJitsiMeet.service" ];
    requires = [ "setupJitsiMeet.service" ];
    serviceConfig = {
      Type = "oneshot";
      User = "root";
      RemainAfterExit = "yes";
      ExecStart = "${writeJitsiConf}/bin/writeJitsiConf";
    };
  };

}