mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git
synced 2024-11-26 21:01:31 +00:00
Revert "Merge pull request 'Fixed Jitsi functionality and Jitsi certificate resolution' (#14) from jitsi-fixes into master"
This reverts commitdc767677d8
, reversing changes made tod4bb381693
.
This commit is contained in:
parent
471eb89795
commit
059ce9fce2
|
@ -35,8 +35,8 @@ in
|
||||||
networking = {
|
networking = {
|
||||||
hostName = config.services.userdata.hostname;
|
hostName = config.services.userdata.hostname;
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 4443 8443 ];
|
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
|
||||||
allowedUDPPorts = lib.mkForce [ 8443 10000 ];
|
allowedUDPPorts = lib.mkForce [ 8443 ];
|
||||||
};
|
};
|
||||||
nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -17,12 +17,6 @@ in
|
||||||
dnsProvider = "cloudflare";
|
dnsProvider = "cloudflare";
|
||||||
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
||||||
};
|
};
|
||||||
"meet.${cfg.domain}" = {
|
|
||||||
domain = "meet.${cfg.domain}";
|
|
||||||
group = "acmerecievers";
|
|
||||||
dnsProvider = "cloudflare";
|
|
||||||
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,7 @@ in
|
||||||
services.jitsi-meet = {
|
services.jitsi-meet = {
|
||||||
enable = config.services.userdata.jitsi.enable;
|
enable = config.services.userdata.jitsi.enable;
|
||||||
hostName = "meet.${domain}";
|
hostName = "meet.${domain}";
|
||||||
nginx.enable = true;
|
nginx.enable = false;
|
||||||
interfaceConfig = {
|
interfaceConfig = {
|
||||||
SHOW_JITSI_WATERMARK = false;
|
SHOW_JITSI_WATERMARK = false;
|
||||||
SHOW_WATERMARK_FOR_GUESTS = false;
|
SHOW_WATERMARK_FOR_GUESTS = false;
|
||||||
|
|
|
@ -89,6 +89,49 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
"meet.${domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
|
||||||
|
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
|
||||||
|
root = pkgs.jitsi-meet;
|
||||||
|
extraConfig = ''
|
||||||
|
ssi on;
|
||||||
|
add_header Strict-Transport-Security $hsts_header;
|
||||||
|
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||||
|
add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
||||||
|
add_header X-Frame-Options DENY;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
||||||
|
expires 10m;
|
||||||
|
'';
|
||||||
|
locations = {
|
||||||
|
"@root_path" = {
|
||||||
|
extraConfig = ''
|
||||||
|
rewrite ^/(.*)$ / break;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"~ ^/([^/\\?&:'\"]+)$" = {
|
||||||
|
tryFiles = "$uri @root_path";
|
||||||
|
};
|
||||||
|
"=/http-bind" = {
|
||||||
|
proxyPass = "http://localhost:5280/http-bind";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"=/external_api.js" = {
|
||||||
|
alias = "${pkgs.jitsi-meet}/libs/external_api.min.js";
|
||||||
|
};
|
||||||
|
"=/config.js" = {
|
||||||
|
alias = "${pkgs.jitsi-meet}/config.js";
|
||||||
|
};
|
||||||
|
"=/interface_config.js" = {
|
||||||
|
alias = "${pkgs.jitsi-meet}/interface_config.js";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
"password.${domain}" = {
|
"password.${domain}" = {
|
||||||
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
|
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
|
||||||
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
|
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
|
||||||
|
|
Loading…
Reference in a new issue