From a68f3a329a7f73d7a3b174838d744c2b36d95cd1 Mon Sep 17 00:00:00 2001 From: yukkop Date: Wed, 27 May 2026 18:51:18 +0000 Subject: [PATCH] fix!: `matrix-cluster`: +jitsy --- nixos/module/generic/matrix-cluster.nix | 9 +++++++++ nixos/module/hectic/service/element.nix | 8 ++++++++ nixos/module/hectic/service/jitsi.nix | 4 ++-- nixos/system/bfs.poland.xray/bfs.poland.xray.nix | 11 +++++++++++ nixos/system/bfs.poland.xray/default.nix | 4 ++++ sus/matrix-cluster.yaml | 6 +++--- 6 files changed, 37 insertions(+), 5 deletions(-) diff --git a/nixos/module/generic/matrix-cluster.nix b/nixos/module/generic/matrix-cluster.nix index 9fac7c7..eec0662 100644 --- a/nixos/module/generic/matrix-cluster.nix +++ b/nixos/module/generic/matrix-cluster.nix @@ -231,6 +231,15 @@ in { description = "File containing PORKBUN_SECRET_API_KEY value."; }; }; + + jitsi.preferredDomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = '' + Optional self-hosted Jitsi Meet domain to advertise to Matrix/Element + clients alongside the cluster-managed homeserver. + ''; + }; }; config = lib.mkIf cfg.enable (lib.mkMerge [ diff --git a/nixos/module/hectic/service/element.nix b/nixos/module/hectic/service/element.nix index 09a9f84..fe8e9a6 100644 --- a/nixos/module/hectic/service/element.nix +++ b/nixos/module/hectic/service/element.nix @@ -16,6 +16,10 @@ && (if clusterCfg.overrideEnableSynapse != null then clusterCfg.overrideEnableSynapse else clusterCfg.role == "primary"); enabled = legacyCfg.enable || clusterSynapseEnabled; matrixDomain = if legacyCfg.enable then legacyCfg.matrixDomain else clusterCfg.matrixDomain; + jitsiPreferredDomain = + if legacyCfg.enable && config.hectic.services.jitsi.enable + then config.hectic.services.jitsi.hostName + else clusterCfg.jitsi.preferredDomain; in { config = lib.mkIf enabled { services.nginx.virtualHosts."element.${matrixDomain}" = { @@ -36,6 +40,10 @@ in { matrixDomain ]; + jitsi = lib.optionalAttrs (jitsiPreferredDomain != null) { + preferred_domain = jitsiPreferredDomain; + }; + default_theme = "dark"; show_labs_settings = true; }; diff --git a/nixos/module/hectic/service/jitsi.nix b/nixos/module/hectic/service/jitsi.nix index 5130203..b4cb94a 100644 --- a/nixos/module/hectic/service/jitsi.nix +++ b/nixos/module/hectic/service/jitsi.nix @@ -82,8 +82,8 @@ in { security.acme = { acceptTerms = true; defaults = { - email = "hectic.yukkop.it@gmail.com"; - enableDebugLogs = true; + email = lib.mkDefault "hectic.yukkop.it@gmail.com"; + enableDebugLogs = lib.mkDefault true; }; }; diff --git a/nixos/system/bfs.poland.xray/bfs.poland.xray.nix b/nixos/system/bfs.poland.xray/bfs.poland.xray.nix index c0e3dc4..a57c25f 100644 --- a/nixos/system/bfs.poland.xray/bfs.poland.xray.nix +++ b/nixos/system/bfs.poland.xray/bfs.poland.xray.nix @@ -11,6 +11,7 @@ }: let matrixBackend = "https://128.140.75.58"; matrixHost = "accord.tube"; + jitsiHost = "meet.bfs.band"; elementEntryDomain = "element.bfs.band"; polandEntryDomain = "bfs.band"; backendProxyConfig = '' @@ -53,6 +54,12 @@ in { porkbunApiKeyFile = config.sops.secrets."matrix/porkbun-api-key".path; porkbunSecretApiKeyFile = config.sops.secrets."matrix/porkbun-secret-api-key".path; }; + jitsi.preferredDomain = jitsiHost; + }; + + hectic.services.jitsi = { + enable = true; + hostName = jitsiHost; }; security.acme = { @@ -156,6 +163,10 @@ in { "m.identity_server".base_url = "https://vector.im"; }; + jitsi = { + preferred_domain = jitsiHost; + }; + room_directory.servers = [ matrixHost ]; default_theme = "dark"; diff --git a/nixos/system/bfs.poland.xray/default.nix b/nixos/system/bfs.poland.xray/default.nix index e668ee5..6bcac2e 100644 --- a/nixos/system/bfs.poland.xray/default.nix +++ b/nixos/system/bfs.poland.xray/default.nix @@ -13,6 +13,10 @@ in self.lib.nixpkgs-lib.nixosSystem { pkgs = import inputs.nixpkgs { inherit system; overlays = [ self.overlays.default ]; + # jitsi-meet depends on libolm which is marked insecure (CVE-2024-4519x) + config.permittedInsecurePackages = [ + "jitsi-meet-1.0.8792" + ]; }; modules = [ { networking.hostName = hostName; } diff --git a/sus/matrix-cluster.yaml b/sus/matrix-cluster.yaml index 3d38072..278583d 100644 --- a/sus/matrix-cluster.yaml +++ b/sus/matrix-cluster.yaml @@ -17,7 +17,7 @@ matrix: vismajor: password: ENC[AES256_GCM,data:AOAxZgY6mmw=,iv:RCEqeI/jL1n9oGREFR3zUTcQRQuupqMsoTVxBWaMvf0=,tag:tYv4X1iXkol3I2Qr0oaY5g==,type:str] snuff: - password: ENC[AES256_GCM,data:gM2BV4xD2lZ860c7VSYRlcgFIwyD,iv:pMb0dzCfYcsrx4ReeI4/4jsCoUj+BKucP9eOFag+vWI=,tag:dPVvXIWOqPi0yAxjmaPE8g==,type:str] + password: ENC[AES256_GCM,data:vP7fc0DlhM559c38KIHQswd4WV2RGCtQk/I=,iv:FAsdJz85AklfAKL8K6SrBsZ1wMIFebj0mS7noB7HkfA=,tag:9z5edXIeCDz7mGTZG9Vx5A==,type:str] MrAlex0O: password: ENC[AES256_GCM,data:aq6wYy1OxXPmHVdE926Q79pARzwaKX1ieE0=,iv:vNV0Gm2DlgLuZpEDm1q4+iltNJOtRechdaXUNfDrfpc=,tag:bECr7NWnOEv7DgZ7OIQMcg==,type:str] Антоша: @@ -87,7 +87,7 @@ sops: cGtrUDRlUUliSVVjU1o4VUVMOE0ySFEKnjBAqifgYnaJ6LPWzDcopqQxUJ0d9vhe F2fIVq8LmO0Nuu7JMhJAvTJgkEyVUAQVTTAtrnhUf2RmILOb72BTKQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-05-27T12:45:32Z" - mac: ENC[AES256_GCM,data:a0Tr6uAP8tPma7ErK57L4pJUMp29e4+Q+HzsZjGVhIonpmlhAkBDUZz4Mny7kAb9HHW8TKUzsTkvp/PV/hi3EG7OAYQk00D976bDvbMo6bwm/IXFjS9G0ecrN8x+tR8huaApiQyZCseU2I8JtzyFVBIrOsDUFzwUIPbNtmE50h8=,iv:fSB0ATCYdR/Ldsh353OquCFE3IGW64g9qNW5EOXd/1w=,tag:W+6gVxon6xL/LtgYKF/Cxw==,type:str] + lastmodified: "2026-05-27T18:49:35Z" + mac: ENC[AES256_GCM,data:HHjUJxE+iSwoM7YjwV4djlvFwtt9/xw/2kQ8otoCsoGieuUh+NFL5FUJsz3vYOhxsWcN3sC5y6PxEjH6/DuJvt15CLR3bjZ5ZBj8db3gBHApTBm87D31zPbpZFtyT5EBUcA+MwiFhMfE5TLRvx8g2eO2mOG2o7Ve63tVNoPvVYQ=,iv:VblCJjE4oDrekbDis8YITqnVD7DpjcowlvusxwXvf9E=,tag:dfXoMODelKDQN7uiPv1a9g==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2