containers: added jitsi

hosts/isengard.nix

@@ -18,6 +18,7 @@
         ../modules/containers/nextcloud.nix
         ../modules/containers/actualbudget.nix
         ../modules/containers/ai.nix
+        ../modules/containers/jitsi.nix
 
     ];
     # Disks

modules/containers/jitsi.nix

@@ -0,0 +1,78 @@
+{ config, pkgs, ... }:
+
+let
+  workDir = "/srv/containers/jitsi";
+in
+{
+  # --- directories ---
+  systemd.tmpfiles.rules = [
+    "d ${workDir}/web 2775 root admin -"
+    "d ${workDir}/prosody 2775 root admin -"
+    "d ${workDir}/jicofo 2775 root admin -"
+    "d ${workDir}/jvb 2775 root admin -"
+  ];
+
+  # --- containers ---
+  virtualisation.oci-containers.containers = {
+
+    jitsi-web = {
+      image = "docker.io/jitsi/web:stable";
+      autoStart = true;
+
+      ports = [
+        "0.0.0.0:10006:80"
+      ];
+
+      environmentFiles = [
+        config.age.secrets.jitsi-env.path
+      ];
+
+      volumes = [
+        "${workDir}/web:/config"
+      ];
+    };
+
+    jitsi-prosody = {
+      image = "docker.io/jitsi/prosody:stable";
+      autoStart = true;
+
+      environmentFiles = [
+        config.age.secrets.jitsi-env.path
+      ];
+
+      volumes = [
+        "${workDir}/prosody:/config"
+      ];
+    };
+
+    jitsi-jicofo = {
+      image = "docker.io/jitsi/jicofo:stable";
+      autoStart = true;
+
+      environmentFiles = [
+        config.age.secrets.jitsi-env.path
+      ];
+
+      volumes = [
+        "${workDir}/jicofo:/config"
+      ];
+    };
+
+    jitsi-jvb = {
+      image = "docker.io/jitsi/jvb:stable";
+      autoStart = true;
+
+      ports = [
+        "10000:10000/udp"  # ONLY exposed media port
+      ];
+
+      environmentFiles = [
+        config.age.secrets.jitsi-env.path
+      ];
+
+      volumes = [
+        "${workDir}/jvb:/config"
+      ];
+    };
+  };
+}

modules/containers/nextcloud.nix

@@ -5,14 +5,14 @@ let
 in
 {
     systemd.tmpfiles.rules = [
-        "d ${workDir}/html 2700 999 999"
+        "d ${workDir}/html 2700 33 33"
         "d ${workDir}/db 2700 999 999"
     ];
 
     virtualisation.oci-containers.containers = {
         nextcloud = {
             autoStart = true;
-            image = "nextcloud:31-apache";
+            image = "nextcloud:32";
 
             ports = [
                 "0.0.0.0:10003:80"