From fa0cb9cc5988c05fd50b96e2bb0bec6f12f38685 Mon Sep 17 00:00:00 2001
From: DerGrumpf <phil.keier@hotmail.com>
Date: Mon, 27 Apr 2026 09:55:54 +0200
Subject: [PATCH] Added Jitsi

---
 hosts/cyper-proxy/configuration.nix |  32 +++++---
 nixos/roles/jitsi.nix               | 117 ++++++++++++++++++++++++++++
 2 files changed, 138 insertions(+), 11 deletions(-)
 create mode 100644 nixos/roles/jitsi.nix

diff --git a/hosts/cyper-proxy/configuration.nix b/hosts/cyper-proxy/configuration.nix
index 1ce5bfa..3611dc8 100644
--- a/hosts/cyper-proxy/configuration.nix
+++ b/hosts/cyper-proxy/configuration.nix
@@ -3,22 +3,32 @@
   imports = [
     ./hardware-configuration.nix
     ../../nixos/roles/nginx.nix
+    ../../nixos/roles/jitsi.nix
   ];
 
   networking = {
-  hostName = "cyper-proxy";
-  useDHCP = false;
-  interfaces.ens3 = {
-    ipv4.addresses = [
-      { address = "178.254.8.35"; prefixLength = 23; }
+    hostName = "cyper-proxy";
+    useDHCP = false;
+    interfaces.ens3 = {
+      ipv4.addresses = [
+        {
+          address = "178.254.8.35";
+          prefixLength = 23;
+        }
+      ];
+    };
+    defaultGateway = "178.254.8.1";
+    nameservers = [
+      "178.254.16.151"
+      "178.254.16.141"
     ];
+
+    firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+
   };
-  defaultGateway = "178.254.8.1";
-  nameservers = [ "178.254.16.151" "178.254.16.141" ];
-
-  firewall.allowedTCPPorts = [ 80 443 ];
-
-};
 
   system.stateVersion = "26.05";
 }
diff --git a/nixos/roles/jitsi.nix b/nixos/roles/jitsi.nix
new file mode 100644
index 0000000..fe28e16
--- /dev/null
+++ b/nixos/roles/jitsi.nix
@@ -0,0 +1,117 @@
+{
+  pkgs,
+  ...
+}:
+
+let
+  domain = "jitsi.cyperpunk.de";
+in
+{
+  nixpkgs.config.permittedInsecurePackages = [
+    "jitsi-meet-1.0.8792"
+  ];
+
+  services.jitsi-meet = {
+    enable = true;
+    hostName = domain;
+
+    config = {
+      enableWelcomePage = true;
+      prejoinPageEnabled = true;
+      enableInsecureRoomNameWarning = true;
+      disableAudioLevels = false;
+      enableLayerSuspension = true;
+      p2p.enabled = true;
+      analytics.disabled = true;
+    };
+
+    interfaceConfig = {
+      SHOW_JITSI_WATERMARK = false;
+      SHOW_WATERMARK_FOR_GUESTS = false;
+      DEFAULT_REMOTE_DISPLAY_NAME = "Meeting @ Virtual";
+      TOOLBAR_BUTTONS = [
+        "microphone"
+        "camera"
+        "desktop"
+        "fullscreen"
+        "fodeviceselection"
+        "hangup"
+        "profile"
+        "chat"
+        "recording"
+        "livestreaming"
+        "etherpad"
+        "sharedvideo"
+        "settings"
+        "raisehand"
+        "videoquality"
+        "filmstrip"
+        "invite"
+        "feedback"
+        "stats"
+        "shortcuts"
+        "tileview"
+        "select-background"
+        "mute-everyone"
+        "security"
+      ];
+    };
+
+    # Enable Jibri for recording/livestreaming support
+    jibri = {
+      enable = true;
+    };
+
+    # Enable Jigasi for SIP/telephony support (optional, comment out if not needed)
+    # jigasi.enable = true;
+
+    nginx.enable = true;
+    prosody.enable = true;
+  };
+
+  # Jitsi Videobridge — handles the actual media routing
+  services.jitsi-videobridge = {
+    enable = true;
+    openFirewall = true;
+
+    config = {
+      videobridge = {
+        ice.udp.port = 10000;
+        apis.rest.enabled = true;
+      };
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      5222 # XMPP client (Prosody)
+      5269 # XMPP federation (Prosody)
+    ];
+    allowedUDPPorts = [
+      10000 # Jitsi Videobridge RTP media
+    ];
+    allowedUDPPortRanges = [
+      {
+        from = 49152;
+        to = 65535;
+      } # WebRTC ephemeral ports
+    ];
+  };
+
+  # Prosody needs this for XMPP
+  networking.extraHosts = ''
+    127.0.0.1 ${domain}
+    127.0.0.1 auth.${domain}
+    127.0.0.1 focus.${domain}
+    127.0.0.1 jitsi-videobridge.${domain}
+  '';
+
+  # Jibri requires Chromium for recording
+  environment.systemPackages = with pkgs; [
+    chromium
+    ffmpeg
+  ];
+
+  # ALSA loopback device — required by Jibri for audio capture during recording
+  boot.kernelModules = [ "snd-aloop" ];
+}