From 959359d19c7a7766137ae7c54ddc1dbd6e8dd427 Mon Sep 17 00:00:00 2001
From: Marcel <me@m4rc3l.de>
Date: Thu, 14 Dec 2023 17:57:02 +0100
Subject: [PATCH] added flake

---
 derivation.nix | 11 ++++++
 flake.lock     | 61 +++++++++++++++++++++++++++++++
 flake.nix      | 33 +++++++++++++++++
 module.nix     | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 204 insertions(+)
 create mode 100644 derivation.nix
 create mode 100644 flake.lock
 create mode 100644 flake.nix
 create mode 100644 module.nix

diff --git a/derivation.nix b/derivation.nix
new file mode 100644
index 0000000..710e5f8
--- /dev/null
+++ b/derivation.nix
@@ -0,0 +1,11 @@
+{ pkgs, cargoToml, ... }:
+let
+  manifest = (pkgs.lib.importTOML cargoToml).package;
+in
+pkgs.rustPlatform.buildRustPackage {
+  pname = manifest.name;
+  version = manifest.version;
+  cargoLock.lockFile = ./Cargo.lock;
+  src = pkgs.lib.cleanSource ./.;
+  cargoBuildFlags = "-p ${manifest.name}";
+}
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..60a208a
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1706373441,
+        "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..346fcdd
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,33 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem
+      (system:
+        let
+          pkgs = (import nixpkgs) {
+            inherit system;
+          };
+        in
+        {
+          packages = rec {
+            jitsi-openid = pkgs.callPackage ./derivation.nix {
+              cargoToml = ./Cargo.toml;
+            };
+            default = jitsi-openid;
+          };
+        }
+      ) // {
+      overlays.default = _: prev: {
+        jitsi-openid = self.packages."${prev.system}".default;
+      };
+
+      nixosModules = rec {
+        jitsi-openid = import ./nixos-modules/default.nix;
+        default = jitsi-openid;
+      };
+    };
+}
diff --git a/module.nix b/module.nix
new file mode 100644
index 0000000..de9a8a7
--- /dev/null
+++ b/module.nix
@@ -0,0 +1,99 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.jitsi-openid;
+in
+{
+  options = {
+    services.jitsi-openid = {
+      package = lib.mkOption {
+        type = lib.types.package;
+        default = pkgs.jitsi-openid;
+        defaultText = lib.literalExpression "pkgs.jitsi-openid";
+        description = lib.mdDoc "Which Jitsi OpenID derivation to use.";
+      };
+      enable = lib.mkEnableOption (lib.mdDoc "Jitsi OpenID.");
+      listen = {
+        addr = lib.mkOption {
+          type = lib.types.str;
+          description = lib.mkDoc "The ip address Jitsi OpenID should be listening on.";
+          default = "0.0.0.0";
+        };
+        port = lib.mkOption {
+          type = lib.types.port;
+          description = lib.mkDoc "The port Jitsi OpenID shuld be listening on.";
+          default = 6031;
+        };
+      };
+      jitsiSecretFile = lib.mkOption {
+        type = lib.types.str;
+        description = lib.mkDoc "The socket address of the udp upstream zia should redirect all traffic to.";
+        default = null;
+      };
+      jitsiUrl = lib.mkOption {
+        type = lib.types.str;
+        description = lib.mkDoc "The socket address of the udp upstream zia should redirect all traffic to.";
+        default = null;
+      };
+      jitsiSub = lib.mkOption {
+        type = lib.types.str;
+        description = lib.mkDoc "The socket address of the udp upstream zia should redirect all traffic to.";
+        default = null;
+      };
+      issuerUrl = lib.mkOption {
+        type = lib.types.str;
+        description = lib.mkDoc "The socket address of the udp upstream zia should redirect all traffic to.";
+        default = null;
+      };
+      baseUrl = lib.mkOption {
+        type = lib.types.str;
+        description = lib.mkDoc "The socket address of the udp upstream zia should redirect all traffic to.";
+        default = null;
+      };
+      clientId = lib.mkOption {
+        type = lib.types.str;
+        description = lib.mkDoc "The socket address of the udp upstream zia should redirect all traffic to.";
+        default = null;
+      };
+      clientSecretFile = lib.mkOption {
+        type = lib.types.str;
+        description = lib.mkDoc "The socket address of the udp upstream zia should redirect all traffic to.";
+        default = null;
+      };
+      openFirewall = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = lib.mdDoc "Whether to open ports in the firewall for the server.";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [ cfg.package ];
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.listen.port ];
+
+    systemd.services.jitsi-openid = {
+      description = "Jitsi OpenID";
+
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        ExecStart = "${cfg.package}/bin/jitsi-openid";
+        DynamicUser = true;
+        User = "jitsi-openid";
+
+        Environment = [
+          "JITSI_OPENID_LISTEN_ADDR=${cfg.listen.addr}:${toString cfg.listen.port}"
+          "JITSI_OPENID_JITSI_SECRET_FILE=${cfg.jitsiSecretFile}"
+          "JITSI_OPENID_JITSI_URL=${cfg.jitsiUrl}"
+          "JITSI_OPENID_JITSI_SUB=${cfg.jitsiSub}"
+          "JITSI_OPENID_ISSUER_URL=${cfg.issuerUrl}"
+          "JITSI_OPENID_BASE_URL=${cfg.baseUrl}"
+          "JITSI_OPENID_CLIENT_ID=${cfg.clientId}"
+          "JITSI_OPENID_CLIENT_SECRET_FILE=${cfg.clientSecretFile}"
+        ];
+      };
+    };
+  };
+}