mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-11 20:25:32 +03:00
jitsi-meet: Add option to disable Prosody services not used by Jitsi Meet
The default Prosody config assumes that Prosody will be used as a federated XMPP server, while the usecase for Jitsi Meet is much narrower.
This commit is contained in:
parent
7ab8f255b9
commit
56581588c3
2 changed files with 31 additions and 2 deletions
|
@ -19,6 +19,13 @@ A minimal configuration using Let's Encrypt for TLS certificates looks like this
|
|||
}
|
||||
```
|
||||
|
||||
Jitsi Meet depends on the Prosody XMPP server only for message passing from
|
||||
the web browser while the default Prosody configuration is intended for use
|
||||
with standalone XMPP clients and XMPP federation. If you only use Prosody as
|
||||
a backend for Jitsi Meet it is therefore recommended to also enable
|
||||
{option}`services.jitsi-meet.prosody.lockdown` option to disable unnecessary
|
||||
Prosody features such as federation or the file proxy.
|
||||
|
||||
## Configuration {#module-services-jitsi-configuration}
|
||||
|
||||
Here is the minimal configuration with additional configurations:
|
||||
|
@ -27,6 +34,7 @@ Here is the minimal configuration with additional configurations:
|
|||
services.jitsi-meet = {
|
||||
enable = true;
|
||||
hostName = "jitsi.example.com";
|
||||
prosody.lockdown = true;
|
||||
config = {
|
||||
enableWelcomePage = false;
|
||||
prejoinPageEnabled = true;
|
||||
|
|
|
@ -175,11 +175,26 @@ in
|
|||
prosody.enable = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
example = false;
|
||||
description = ''
|
||||
Whether to configure Prosody to relay XMPP messages between Jitsi Meet components. Turn this
|
||||
off if you want to configure it manually.
|
||||
'';
|
||||
};
|
||||
prosody.lockdown = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
Whether to disable Prosody features not needed by Jitsi Meet.
|
||||
|
||||
The default Prosody configuration assumes that it will be used as a
|
||||
general-purpose XMPP server rather than as a companion service for
|
||||
Jitsi Meet. This option reconfigures Prosody to only listen on
|
||||
localhost without support for TLS termination, XMPP federation or
|
||||
the file transfer proxy.
|
||||
'';
|
||||
};
|
||||
|
||||
excalidraw.enable = mkEnableOption "Excalidraw collaboration backend for Jitsi";
|
||||
excalidraw.port = mkOption {
|
||||
|
@ -211,7 +226,10 @@ in
|
|||
smacks = mkDefault true;
|
||||
tls = mkDefault true;
|
||||
websocket = mkDefault true;
|
||||
proxy65 = mkIf cfg.prosody.lockdown (mkDefault false);
|
||||
};
|
||||
httpInterfaces = mkIf cfg.prosody.lockdown (mkDefault [ "127.0.0.1" ]);
|
||||
httpsPorts = mkIf cfg.prosody.lockdown (mkDefault []);
|
||||
muc = [
|
||||
{
|
||||
domain = "conference.${cfg.hostName}";
|
||||
|
@ -300,7 +318,7 @@ in
|
|||
muc_component = "conference.${cfg.hostName}"
|
||||
breakout_rooms_component = "breakout.${cfg.hostName}"
|
||||
'')
|
||||
(mkBefore ''
|
||||
(mkBefore (''
|
||||
muc_mapper_domain_base = "${cfg.hostName}"
|
||||
|
||||
cross_domain_websocket = true;
|
||||
|
@ -310,7 +328,10 @@ in
|
|||
"focus@auth.${cfg.hostName}",
|
||||
"jvb@auth.${cfg.hostName}"
|
||||
}
|
||||
'')
|
||||
'' + optionalString cfg.prosody.lockdown ''
|
||||
c2s_interfaces = { "127.0.0.1" };
|
||||
modules_disabled = { "s2s" };
|
||||
''))
|
||||
];
|
||||
virtualHosts.${cfg.hostName} = {
|
||||
enabled = true;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue