diff options
author | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
---|---|---|
committer | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
commit | ad6017eea058f7cb6fdf078783f992a4f45a3e15 (patch) | |
tree | 6620bcc9e1ea61a5689b763b9ad8280275e35e76 /app/jitsi/deploy | |
parent | 79b7273ff2a487d6721d393682c8ad3927467a75 (diff) | |
parent | c642370def01f09d966b3b9c643cfe416ea115cf (diff) | |
download | infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.tar.gz infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.zip |
Merge pull request 'Reorganize app/ and add script for secret management' (#29) from test_reorganize into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/29
Diffstat (limited to 'app/jitsi/deploy')
-rw-r--r-- | app/jitsi/deploy/jitsi.hcl | 234 |
1 files changed, 234 insertions, 0 deletions
diff --git a/app/jitsi/deploy/jitsi.hcl b/app/jitsi/deploy/jitsi.hcl new file mode 100644 index 0000000..852e1e6 --- /dev/null +++ b/app/jitsi/deploy/jitsi.hcl @@ -0,0 +1,234 @@ +job "jitsi" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "core" { + + network { + port "bosh_port" { } + port "ext_port" { static = 5347 } + port "xmpp_port" { static = 5222 } + port "https_port" { } + port "video1_port" { static = 8080 } + port "video2_port" { static = 10000 } + } + + task "xmpp" { + driver = "docker" + config { + image = "superboum/amd64_jitsi_xmpp:v8" + ports = [ "bosh_port", "ext_port", "xmpp_port" ] + network_mode = "host" + } + + template { + data = file("../config/global_env.tpl") + destination = "secrets/global_env" + env = true + } + + # --- secrets --- + template { + data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" + destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" + } + + template { + data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}" + destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key" + } + + template { + data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" + destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" + } + + template { + data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" + destination = "secrets/certs/jitsi.deuxfleurs.fr.key" + } + + resources { + cpu = 300 + memory = 200 + } + + service { + tags = [ "jitsi", "bosh" ] + port = "bosh_port" + address_mode = "host" + name = "jitsi-xmpp-bosh" + check { + type = "tcp" + port = "bosh_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + tags = [ "jitsi", "ext" ] + port = "ext_port" + address_mode = "host" + name = "jitsi-ext" + } + + service { + tags = [ "jitsi", "xmpp" ] + port = "xmpp_port" + address_mode = "host" + name = "jitsi-xmpp" + } + } + + task "front" { + driver = "docker" + config { + image = "superboum/amd64_jitsi_meet:v3" + network_mode = "host" + ports = [ "https_port" ] + } + + template { + data = file("../config/global_env.tpl") + destination = "secrets/global_env" + env = true + } + + # --- secrets --- + template { + data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" + destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" + } + template { + data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" + destination = "secrets/certs/jitsi.deuxfleurs.fr.key" + } + + resources { + cpu = 300 + memory = 200 + } + + service { + tags = [ + "jitsi", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/", + "traefik.protocol=https" + ] + port = "https_port" + address_mode = "host" + name = "jitsi-front-https" + check { + type = "tcp" + port = "https_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + + task "jicofo" { + driver = "docker" + config { + image = "superboum/amd64_jitsi_conference_focus:v6" + network_mode = "host" + } + + template { + data = file("../config/global_env.tpl") + destination = "secrets/global_env" + env = true + } + + #--- secrets --- + template { + data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" + destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" + } + + template { + data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" + destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" + } + + resources { + cpu = 300 + memory = 400 + } + } + + task "videobridge" { + driver = "docker" + config { + image = "superboum/amd64_jitsi_videobridge:v16" + network_mode = "host" + ports = [ "video1_port", "video2_port" ] + ulimit { + nofile = "1048576:1048576" + nproc = "65536:65536" + } + } + + env { + #JITSI_DEBUG = 1 + JITSI_VIDEO_TCP = 8080 + VIDEOBRIDGE_MAX_MEMORY = "1450m" + } + + template { + data = file("../config/global_env.tpl") + destination = "secrets/global_env" + env = true + } + + resources { + cpu = 900 + memory = 1500 + } + + service { + tags = [ "jitsi", "(diplonat (tcp_port 8080))" ] + port = "video1_port" + address_mode = "host" + name = "jitsi-videobridge-video1" + check { + type = "tcp" + port = "video1_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + tags = [ "jitsi", "(diplonat (udp_port 10000))" ] + port = "video2_port" + address_mode = "host" + name = "jitsi-videobridge-video2" + } + } + } +} + |