{ config, lib, ... }:

with lib;
let
  cfg = config.modules.services.jitsi;
in
{
  options.modules.services.jitsi = {
    enable = mkEnableOption "jitsi";
    hostName = mkOption { type = types.str; default = config.networking.hostName; };
    tls.acmeHost = mkOption { type = types.str; default = cfg.hostName; };
  };

  config = mkIf cfg.enable {
    services.jitsi-meet = {
      enable = true;
      hostName = cfg.hostName;

      config = {
        prejoinPageEnabled = true;
      };

      interfaceConfig = {
        SHOW_JITSI_WATERMARK = false;
      };
    };

    services.jitsi-videobridge.openFirewall = true;

    services.nginx.virtualHosts.${cfg.hostName} = {
      enableACME = mkForce false;
      useACMEHost = cfg.tls.acmeHost;
      forceSSL = true;
    };

    networking.firewall.allowedTCPPorts = [ 80 443 ];

    modules.persistence.directories = [
      "/var/lib/prosody"
      "/var/lib/jitsi-meet"
    ];
  };
}