aboutsummaryrefslogtreecommitdiff
path: root/app/jitsi/deploy
diff options
context:
space:
mode:
authorQuentin <quentin@dufour.io>2021-01-18 08:18:21 +0100
committerQuentin <quentin@dufour.io>2021-01-18 08:18:21 +0100
commitad6017eea058f7cb6fdf078783f992a4f45a3e15 (patch)
tree6620bcc9e1ea61a5689b763b9ad8280275e35e76 /app/jitsi/deploy
parent79b7273ff2a487d6721d393682c8ad3927467a75 (diff)
parentc642370def01f09d966b3b9c643cfe416ea115cf (diff)
downloadinfrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.tar.gz
infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.zip
Merge pull request 'Reorganize app/ and add script for secret management' (#29) from test_reorganize into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/29
Diffstat (limited to 'app/jitsi/deploy')
-rw-r--r--app/jitsi/deploy/jitsi.hcl234
1 files changed, 234 insertions, 0 deletions
diff --git a/app/jitsi/deploy/jitsi.hcl b/app/jitsi/deploy/jitsi.hcl
new file mode 100644
index 0000000..852e1e6
--- /dev/null
+++ b/app/jitsi/deploy/jitsi.hcl
@@ -0,0 +1,234 @@
+job "jitsi" {
+ datacenters = ["dc1"]
+ type = "service"
+
+ constraint {
+ attribute = "${attr.cpu.arch}"
+ value = "amd64"
+ }
+
+ group "core" {
+
+ network {
+ port "bosh_port" { }
+ port "ext_port" { static = 5347 }
+ port "xmpp_port" { static = 5222 }
+ port "https_port" { }
+ port "video1_port" { static = 8080 }
+ port "video2_port" { static = 10000 }
+ }
+
+ task "xmpp" {
+ driver = "docker"
+ config {
+ image = "superboum/amd64_jitsi_xmpp:v8"
+ ports = [ "bosh_port", "ext_port", "xmpp_port" ]
+ network_mode = "host"
+ }
+
+ template {
+ data = file("../config/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ # --- secrets ---
+ template {
+ data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
+ destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
+ }
+
+ template {
+ data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
+ destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
+ }
+
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
+ destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
+ }
+
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
+ destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
+ }
+
+ resources {
+ cpu = 300
+ memory = 200
+ }
+
+ service {
+ tags = [ "jitsi", "bosh" ]
+ port = "bosh_port"
+ address_mode = "host"
+ name = "jitsi-xmpp-bosh"
+ check {
+ type = "tcp"
+ port = "bosh_port"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+
+ service {
+ tags = [ "jitsi", "ext" ]
+ port = "ext_port"
+ address_mode = "host"
+ name = "jitsi-ext"
+ }
+
+ service {
+ tags = [ "jitsi", "xmpp" ]
+ port = "xmpp_port"
+ address_mode = "host"
+ name = "jitsi-xmpp"
+ }
+ }
+
+ task "front" {
+ driver = "docker"
+ config {
+ image = "superboum/amd64_jitsi_meet:v3"
+ network_mode = "host"
+ ports = [ "https_port" ]
+ }
+
+ template {
+ data = file("../config/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ # --- secrets ---
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
+ destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
+ }
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
+ destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
+ }
+
+ resources {
+ cpu = 300
+ memory = 200
+ }
+
+ service {
+ tags = [
+ "jitsi",
+ "traefik.enable=true",
+ "traefik.frontend.entryPoints=https,http",
+ "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
+ "traefik.protocol=https"
+ ]
+ port = "https_port"
+ address_mode = "host"
+ name = "jitsi-front-https"
+ check {
+ type = "tcp"
+ port = "https_port"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+ }
+
+ task "jicofo" {
+ driver = "docker"
+ config {
+ image = "superboum/amd64_jitsi_conference_focus:v6"
+ network_mode = "host"
+ }
+
+ template {
+ data = file("../config/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ #--- secrets ---
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
+ destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
+ }
+
+ template {
+ data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
+ destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
+ }
+
+ resources {
+ cpu = 300
+ memory = 400
+ }
+ }
+
+ task "videobridge" {
+ driver = "docker"
+ config {
+ image = "superboum/amd64_jitsi_videobridge:v16"
+ network_mode = "host"
+ ports = [ "video1_port", "video2_port" ]
+ ulimit {
+ nofile = "1048576:1048576"
+ nproc = "65536:65536"
+ }
+ }
+
+ env {
+ #JITSI_DEBUG = 1
+ JITSI_VIDEO_TCP = 8080
+ VIDEOBRIDGE_MAX_MEMORY = "1450m"
+ }
+
+ template {
+ data = file("../config/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ resources {
+ cpu = 900
+ memory = 1500
+ }
+
+ service {
+ tags = [ "jitsi", "(diplonat (tcp_port 8080))" ]
+ port = "video1_port"
+ address_mode = "host"
+ name = "jitsi-videobridge-video1"
+ check {
+ type = "tcp"
+ port = "video1_port"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+
+ service {
+ tags = [ "jitsi", "(diplonat (udp_port 10000))" ]
+ port = "video2_port"
+ address_mode = "host"
+ name = "jitsi-videobridge-video2"
+ }
+ }
+ }
+}
+