diff options
author | Alex Auvolat <alex@adnab.me> | 2022-08-24 15:42:47 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-08-24 15:42:47 +0200 |
commit | 2e8923b383eb06c53261eee8e5c442b857fb67e4 (patch) | |
tree | 0ad148f75f7b54dfed2dbac8f43f6df9badc502a /app/jitsi/deploy/jitsi.hcl | |
parent | 9848f3090f77363a2fda0f9fa673ebcf1fb8228c (diff) | |
download | nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.tar.gz nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.zip |
Move app files into cluster subdirectories; add prod garage
Diffstat (limited to 'app/jitsi/deploy/jitsi.hcl')
-rw-r--r-- | app/jitsi/deploy/jitsi.hcl | 257 |
1 files changed, 0 insertions, 257 deletions
diff --git a/app/jitsi/deploy/jitsi.hcl b/app/jitsi/deploy/jitsi.hcl deleted file mode 100644 index 7e12ae3..0000000 --- a/app/jitsi/deploy/jitsi.hcl +++ /dev/null @@ -1,257 +0,0 @@ -job "jitsi" { - datacenters = ["neptune"] - type = "service" - - priority = "10" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "core" { - - network { - port "bosh_port" { } - port "xmpp_port" { } - port "https_port" { } - port "video_port" { static = 8080 } - } - - task "xmpp" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_xmpp:v10" - ports = [ "bosh_port", "xmpp_port" ] - network_mode = "host" - volumes = [ - "secrets/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua", - "secrets/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt", - "secrets/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key", - "secrets/certs/jitsi.crt:/var/lib/prosody/jitsi.crt", - "secrets/certs/jitsi.key:/var/lib/prosody/jitsi.key" - ] - } - - template { - data = <<EOF -JICOFO_AUTH_PASSWORD={{ key "secrets/jitsi/jicofo_pass" | trimSpace }} -JVB_AUTH_PASSWORD={{ key "secrets/jitsi/jvb_pass" | trimSpace }} -EOF - destination = "secrets/global_env" - env = true - } - - template { - data = file("../config/prosody.cfg.lua") - destination = "secrets/prosody.cfg.lua" - } - - # --- secrets --- - template { - data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}" - destination = "secrets/certs/auth.jitsi.crt" - } - - template { - data = "{{ key \"secrets/jitsi/auth.jitsi.key\" }}" - destination = "secrets/certs/auth.jitsi.key" - } - - template { - data = "{{ key \"secrets/jitsi/jitsi.crt\" }}" - destination = "secrets/certs/jitsi.crt" - } - - template { - data = "{{ key \"secrets/jitsi/jitsi.key\" }}" - destination = "secrets/certs/jitsi.key" - } - - resources { - cpu = 300 - memory = 200 - } - - service { - tags = [ "jitsi", "bosh" ] - port = "bosh_port" - address_mode = "host" - name = "bosh-jitsi" - check { - type = "tcp" - port = "bosh_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - tags = [ "jitsi", "xmpp" ] - port = "xmpp_port" - address_mode = "host" - name = "xmpp-jitsi" - } - } - - task "front" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_meet:v5" - network_mode = "host" - ports = [ "https_port" ] - volumes = [ - "secrets/certs/jitsi.crt:/etc/nginx/jitsi.crt", - "secrets/certs/jitsi.key:/etc/nginx/jitsi.key", - "secrets/config.js:/srv/jitsi-meet/config.js", - "secrets/nginx.conf:/etc/nginx/nginx.conf" - ] - } - - template { - data = file("../config/config.js") - destination = "secrets/config.js" - } - - template { - data = file("../config/nginx.conf") - destination = "secrets/nginx.conf" - } - - # --- secrets --- - template { - data = "{{ key \"secrets/jitsi/jitsi.crt\" }}" - destination = "secrets/certs/jitsi.crt" - } - template { - data = "{{ key \"secrets/jitsi/jitsi.key\" }}" - destination = "secrets/certs/jitsi.key" - } - - resources { - cpu = 300 - memory = 200 - } - - service { - tags = [ - "jitsi", - "tricot jitsi.deuxfleurs.fr", - ] - port = "https_port" - address_mode = "host" - name = "https-jitsi" - check { - type = "tcp" - port = "https_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - - task "jicofo" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_conference_focus:v9" - network_mode = "host" - volumes = [ - "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt", - "secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt", - "secrets/jicofo.conf:/etc/jitsi/jicofo.conf" - ] - } - - template { - data = file("../config/jicofo.conf") - destination = "secrets/jicofo.conf" - } - - #--- secrets --- - template { - data = "{{ key \"secrets/jitsi/jitsi.crt\" }}" - destination = "secrets/certs/jitsi.crt" - } - - template { - data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}" - destination = "secrets/certs/auth.jitsi.crt" - } - - resources { - cpu = 300 - memory = 400 - } - } - - task "videobridge" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_videobridge:v20" - network_mode = "host" - ports = [ "video_port" ] - ulimit { - nofile = "1048576:1048576" - nproc = "65536:65536" - } - volumes = [ - "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt", - "secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt", - "secrets/videobridge.conf:/etc/jitsi/videobridge.conf" - ] - } - - env { - # Our container can autodetect the public IP with the ifconfig.me service - # However we would like to avoid relying on a 3rd party service for production use - # That's why I am setting the public IP address statically here VVVV - JITSI_NAT_PUBLIC_IP = "77.207.15.215" - } - - template { - data = file("../config/videobridge.conf") - destination = "secrets/videobridge.conf" - } - - # --- secrets --- - template { - data = "{{ key \"secrets/jitsi/jitsi.crt\" }}" - destination = "secrets/certs/jitsi.crt" - } - - template { - data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}" - destination = "secrets/certs/auth.jitsi.crt" - } - - resources { - cpu = 900 - memory = 3000 - } - - service { - tags = [ "jitsi", "(diplonat (tcp_port 8080) (udp_port 8080))" ] - port = "video_port" - address_mode = "host" - name = "video-jitsi" - check { - type = "tcp" - port = "video_port" - interval = "60s" - timeout = "5s" - } - } - } - } -} - |