{ config, pkgs, ... }:

let
  workDir = "/srv/containers/jitsi";
in
{
  systemd.tmpfiles.rules = [
    "d ${workDir}/web 2775 root admin -"
    "d ${workDir}/prosody 2775 root admin -"
    "d ${workDir}/jicofo 2775 root admin -"
    "d ${workDir}/jvb 2775 root admin -"
  ];

  systemd.targets.jitsi = {
    description = "Jitsi containers";
    wants = [
      "podman-jitsi-web.service"
      "podman-jitsi-prosody.service"
      "podman-jitsi-jicofo.service"
      "podman-jitsi-jvb.service"
    ];
  };

  virtualisation.oci-containers.containers = {

    jitsi-web = {
      image = "docker.io/jitsi/web:stable";
      autoStart = true;

      ports = [
        "0.0.0.0:10006:80"
      ];

      environmentFiles = [
        config.age.secrets.jitsi-env.path
      ];

      volumes = [
        "${workDir}/web:/config"
      ];
    };

    jitsi-prosody = {
      image = "docker.io/jitsi/prosody:stable";
      autoStart = true;

      hostname = "xmpp.meet.jitsi"; # Shit doesn't work otherwise

      environmentFiles = [
        config.age.secrets.jitsi-env.path
      ];

      volumes = [
        "${workDir}/prosody:/config"
      ];
    };

    jitsi-jicofo = {
      image = "docker.io/jitsi/jicofo:stable";
      autoStart = true;

      environmentFiles = [
        config.age.secrets.jitsi-env.path
      ];

      volumes = [
        "${workDir}/jicofo:/config"
      ];
    };

    jitsi-jvb = {
      image = "docker.io/jitsi/jvb:stable";
      autoStart = true;

      ports = [
        "10000:10000/udp"  # ONLY exposed media port
      ];

      environmentFiles = [
        config.age.secrets.jitsi-env.path
      ];

      volumes = [
        "${workDir}/jvb:/config"
      ];
    };
  };
}