{
  config,
  pkgs,
  lib,
  ...
}:

let
  overrideJs =
    filePath: varName: newContent: appendExtra:
    let
      oldContent = builtins.readFile filePath;
      regex = "var ${varName} = {[^}]*};";
      newJs = builtins.replaceStrings [ regex ] [ "var ${varName} = ${newContent};" ] oldContent;
    in
    builtins.writeFile filePath newJs;

  cfg = config.services.jitsi-meet;
in
{
  enableACME = true;
  addSSL = true;
  extraConfig = ''
    ssi on;
  '';
  locations."@root_path".extraConfig = ''
    rewrite ^/(.*)$ / break;
  '';
  locations."~ ^/([^/\\?&:'\"]+)$".tryFiles = "$uri @root_path";
  locations."^~ /xmpp-websocket" = {
    priority = 100;
    proxyPass = "http://localhost:5280/xmpp-websocket";
    proxyWebsockets = true;
  };
  locations."=/http-bind" = {
    proxyPass = "http://localhost:5280/http-bind";
    extraConfig = ''
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $host;
    '';
  };
  locations."=/external_api.js" = lib.mkDefault { alias = "${pkgs.jitsi-meet}/libs/external_api.min.js"; };
  locations."=/config.js" = lib.mkDefault { alias = overrideJs "${pkgs.jitsi-meet}/config.js" "config" (lib.recursiveUpdate defaultCfg cfg.config) cfg.extraConfig; };
  locations."=/interface_config.js" = lib.mkDefault { alias = overrideJs "${pkgs.jitsi-meet}/interface_config.js" "interfaceConfig" cfg.interfaceConfig ""; };
}