From cdcd4f7b6704cccb1f762a94e0898f6e7acd8ffb Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sat, 12 Jun 2021 22:28:09 +0200
Subject: [PATCH] New host: meet.services.privatevoid.net

---
 flake.nix              |  9 ++++++++-
 hosts/default.nix      |  1 +
 hosts/meet/default.nix |  7 +++++++
 hosts/meet/system.nix  | 34 ++++++++++++++++++++++++++++++++++
 4 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 hosts/meet/default.nix
 create mode 100644 hosts/meet/system.nix

diff --git a/flake.nix b/flake.nix
index 24d1827..6854754 100644
--- a/flake.nix
+++ b/flake.nix
@@ -49,7 +49,7 @@
     in {
       nixosModules = aspect.modules;
       nixosConfigurations = 
-      (lib.genAttrs [ "styx" ] mkNixOS);
+      (lib.genAttrs [ "styx" "meet" ] mkNixOS);
 
       deploy.nodes = with deploy-rs-lib; {
         styx = {
@@ -59,6 +59,13 @@
             path = activate.nixos self.nixosConfigurations.styx;
           };
         };
+        meet = {
+          hostname = "meet.services.privatevoid.net";
+          profiles.system = {
+            user = "root";
+            path = activate.nixos self.nixosConfigurations.meet;
+          };
+        };
       };
 
       packages.${system} = import ./packages {
diff --git a/hosts/default.nix b/hosts/default.nix
index 3ffe3ef..8080e94 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -4,6 +4,7 @@ in with tools.dns; {
 
   # NixOS machines
   styx = import ./styx tools;
+  meet = import ./meet tools;
 
   # Non-NixOS machine metadata
   VEGAS = {
diff --git a/hosts/meet/default.nix b/hosts/meet/default.nix
new file mode 100644
index 0000000..a5b14a8
--- /dev/null
+++ b/hosts/meet/default.nix
@@ -0,0 +1,7 @@
+tools: {
+  ssh.id = with tools.dns; {
+    publicKey = "ssh-invalid";
+    hostNames = subResolve "meet" "services";
+  };
+  nixos = import ./system.nix;
+}
diff --git a/hosts/meet/system.nix b/hosts/meet/system.nix
new file mode 100644
index 0000000..f0656e3
--- /dev/null
+++ b/hosts/meet/system.nix
@@ -0,0 +1,34 @@
+{ config, pkgs, modulesPath, aspect, inputs, ... }:
+{
+  imports = [
+    (modulesPath + "/virtualisation/lxc-container.nix")
+    inputs.agenix.nixosModules.age
+  ]
+  ++ (import ../../users "server").groups.admin
+  ++ aspect.sets.server
+  ++ (with aspect.modules; [ ]);
+
+  networking.hostName = "meet";
+  networking.firewall.enable = false;
+
+  nix.trustedUsers = [ "root" "@wheel" ];
+
+  security.sudo.wheelNeedsPassword = false;
+
+  services.jitsi-meet = {
+    enable = true;
+    hostName = "meet.privatevoid.net";
+    nginx.enable = true;
+    jicofo.enable = true;
+    videobridge.enable = true;
+    prosody.enable = true;
+  };
+  services.nginx.virtualHosts."meet.privatevoid.net" = {
+    enableACME = false;
+    forceSSL = false;
+    locations."=/images/watermark.svg" = {
+      return = "200";
+    };
+  };
+  environment.noXlibs = false;
+}