nixos/jitsi-meet: move prosodyctl calls into prosody preStart

pyrox.dev / nixpkgs

fork atom

lol

fork atom

ajs124 3 years ago aea940da bf4912f3

+14 -11

1 changed file

expand all

nixos

modules

services

web-apps

jitsi-meet.nix

+14 -11

nixos/modules/services/web-apps/jitsi-meet.nix

··· 253 253 ''; 254 254 }; 255 255 }; 256 - systemd.services.prosody.serviceConfig = mkIf cfg.prosody.enable { 257 - EnvironmentFile = [ "/var/lib/jitsi-meet/secrets-env" ]; 258 - SupplementaryGroups = [ "jitsi-meet" ]; 256 + systemd.services.prosody = mkIf cfg.prosody.enable { 257 + preStart = let 258 + videobridgeSecret = if cfg.videobridge.passwordFile != null then cfg.videobridge.passwordFile else "/var/lib/jitsi-meet/videobridge-secret"; 259 + in '' 260 + ${config.services.prosody.package}/bin/prosodyctl register focus auth.${cfg.hostName} "$(cat /var/lib/jitsi-meet/jicofo-user-secret)" 261 + ${config.services.prosody.package}/bin/prosodyctl register jvb auth.${cfg.hostName} "$(cat ${videobridgeSecret})" 262 + ${config.services.prosody.package}/bin/prosodyctl mod_roster_command subscribe focus.${cfg.hostName} focus@auth.${cfg.hostName} 263 + ${config.services.prosody.package}/bin/prosodyctl register jibri auth.${cfg.hostName} "$(cat /var/lib/jitsi-meet/jibri-auth-secret)" 264 + ${config.services.prosody.package}/bin/prosodyctl register recorder recorder.${cfg.hostName} "$(cat /var/lib/jitsi-meet/jibri-recorder-secret)" 265 + ''; 266 + serviceConfig = { 267 + EnvironmentFile = [ "/var/lib/jitsi-meet/secrets-env" ]; 268 + SupplementaryGroups = [ "jitsi-meet" ]; 269 + }; 259 270 }; 260 271 261 272 users.groups.jitsi-meet = {}; ··· 266 277 systemd.services.jitsi-meet-init-secrets = { 267 278 wantedBy = [ "multi-user.target" ]; 268 279 before = [ "jicofo.service" "jitsi-videobridge2.service" ] ++ (optional cfg.prosody.enable "prosody.service"); 269 - path = [ config.services.prosody.package ]; 270 280 serviceConfig = { 271 281 Type = "oneshot"; 272 282 }; 273 283 274 284 script = let 275 285 secrets = [ "jicofo-component-secret" "jicofo-user-secret" "jibri-auth-secret" "jibri-recorder-secret" ] ++ (optional (cfg.videobridge.passwordFile == null) "videobridge-secret"); 276 - videobridgeSecret = if cfg.videobridge.passwordFile != null then cfg.videobridge.passwordFile else "/var/lib/jitsi-meet/videobridge-secret"; 277 286 in 278 287 '' 279 288 cd /var/lib/jitsi-meet ··· 291 300 chmod 640 secrets-env 292 301 '' 293 302 + optionalString cfg.prosody.enable '' 294 - prosodyctl register focus auth.${cfg.hostName} "$(cat /var/lib/jitsi-meet/jicofo-user-secret)" 295 - prosodyctl register jvb auth.${cfg.hostName} "$(cat ${videobridgeSecret})" 296 - prosodyctl mod_roster_command subscribe focus.${cfg.hostName} focus@auth.${cfg.hostName} 297 - prosodyctl register jibri auth.${cfg.hostName} "$(cat /var/lib/jitsi-meet/jibri-auth-secret)" 298 - prosodyctl register recorder recorder.${cfg.hostName} "$(cat /var/lib/jitsi-meet/jibri-recorder-secret)" 299 - 300 303 # generate self-signed certificates 301 304 if [ ! -f /var/lib/jitsi-meet.crt ]; then 302 305 ${getBin pkgs.openssl}/bin/openssl req \