New host: meet.services.privatevoid.net

flake.nix

@@ -49,7 +49,7 @@
     in {
       nixosModules = aspect.modules;
       nixosConfigurations = 
-      (lib.genAttrs [ "styx" ] mkNixOS);
+      (lib.genAttrs [ "styx" "meet" ] mkNixOS);
 
       deploy.nodes = with deploy-rs-lib; {
         styx = {
@@ -59,6 +59,13 @@
             path = activate.nixos self.nixosConfigurations.styx;
           };
         };
+        meet = {
+          hostname = "meet.services.privatevoid.net";
+          profiles.system = {
+            user = "root";
+            path = activate.nixos self.nixosConfigurations.meet;
+          };
+        };
       };
 
       packages.${system} = import ./packages {

hosts/default.nix

@@ -4,6 +4,7 @@ in with tools.dns; {
 
   # NixOS machines
   styx = import ./styx tools;
+  meet = import ./meet tools;
 
   # Non-NixOS machine metadata
   VEGAS = {

hosts/meet/default.nix

@@ -0,0 +1,7 @@
+tools: {
+  ssh.id = with tools.dns; {
+    publicKey = "ssh-invalid";
+    hostNames = subResolve "meet" "services";
+  };
+  nixos = import ./system.nix;
+}

hosts/meet/system.nix

@@ -0,0 +1,34 @@
+{ config, pkgs, modulesPath, aspect, inputs, ... }:
+{
+  imports = [
+    (modulesPath + "/virtualisation/lxc-container.nix")
+    inputs.agenix.nixosModules.age
+  ]
+  ++ (import ../../users "server").groups.admin
+  ++ aspect.sets.server
+  ++ (with aspect.modules; [ ]);
+
+  networking.hostName = "meet";
+  networking.firewall.enable = false;
+
+  nix.trustedUsers = [ "root" "@wheel" ];
+
+  security.sudo.wheelNeedsPassword = false;
+
+  services.jitsi-meet = {
+    enable = true;
+    hostName = "meet.privatevoid.net";
+    nginx.enable = true;
+    jicofo.enable = true;
+    videobridge.enable = true;
+    prosody.enable = true;
+  };
+  services.nginx.virtualHosts."meet.privatevoid.net" = {
+    enableACME = false;
+    forceSSL = false;
+    locations."=/images/watermark.svg" = {
+      return = "200";
+    };
+  };
+  environment.noXlibs = false;
+}