{ config, pkgs, ... }:

let
  workDir = "/srv/containers/jitsi";
in
{
  # --- directories ---
  systemd.tmpfiles.rules = [
    "d ${workDir}/web 2775 root admin -"
    "d ${workDir}/prosody 2775 root admin -"
    "d ${workDir}/jicofo 2775 root admin -"
    "d ${workDir}/jvb 2775 root admin -"
  ];

  # --- containers ---
  virtualisation.oci-containers.containers = {

    jitsi-web = {
      image = "docker.io/jitsi/web:stable";
      autoStart = true;

      ports = [
        "0.0.0.0:10006:80"
      ];

      environmentFiles = [
        config.age.secrets.jitsi-env.path
      ];

      volumes = [
        "${workDir}/web:/config"
      ];
    };

    jitsi-prosody = {
      image = "docker.io/jitsi/prosody:stable";
      autoStart = true;

      environmentFiles = [
        config.age.secrets.jitsi-env.path
      ];

      volumes = [
        "${workDir}/prosody:/config"
      ];
    };

    jitsi-jicofo = {
      image = "docker.io/jitsi/jicofo:stable";
      autoStart = true;

      environmentFiles = [
        config.age.secrets.jitsi-env.path
      ];

      volumes = [
        "${workDir}/jicofo:/config"
      ];
    };

    jitsi-jvb = {
      image = "docker.io/jitsi/jvb:stable";
      autoStart = true;

      ports = [
        "10000:10000/udp"  # ONLY exposed media port
      ];

      environmentFiles = [
        config.age.secrets.jitsi-env.path
      ];

      volumes = [
        "${workDir}/jvb:/config"
      ];
    };
  };
}