aboutsummaryrefslogtreecommitdiff
path: root/app/jitsi/deploy/jitsi.hcl
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-08-24 15:42:47 +0200
committerAlex Auvolat <alex@adnab.me>2022-08-24 15:42:47 +0200
commit2e8923b383eb06c53261eee8e5c442b857fb67e4 (patch)
tree0ad148f75f7b54dfed2dbac8f43f6df9badc502a /app/jitsi/deploy/jitsi.hcl
parent9848f3090f77363a2fda0f9fa673ebcf1fb8228c (diff)
downloadnixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.tar.gz
nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.zip
Move app files into cluster subdirectories; add prod garage
Diffstat (limited to 'app/jitsi/deploy/jitsi.hcl')
-rw-r--r--app/jitsi/deploy/jitsi.hcl257
1 files changed, 0 insertions, 257 deletions
diff --git a/app/jitsi/deploy/jitsi.hcl b/app/jitsi/deploy/jitsi.hcl
deleted file mode 100644
index 7e12ae3..0000000
--- a/app/jitsi/deploy/jitsi.hcl
+++ /dev/null
@@ -1,257 +0,0 @@
-job "jitsi" {
- datacenters = ["neptune"]
- type = "service"
-
- priority = "10"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "core" {
-
- network {
- port "bosh_port" { }
- port "xmpp_port" { }
- port "https_port" { }
- port "video_port" { static = 8080 }
- }
-
- task "xmpp" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_xmpp:v10"
- ports = [ "bosh_port", "xmpp_port" ]
- network_mode = "host"
- volumes = [
- "secrets/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua",
- "secrets/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt",
- "secrets/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key",
- "secrets/certs/jitsi.crt:/var/lib/prosody/jitsi.crt",
- "secrets/certs/jitsi.key:/var/lib/prosody/jitsi.key"
- ]
- }
-
- template {
- data = <<EOF
-JICOFO_AUTH_PASSWORD={{ key "secrets/jitsi/jicofo_pass" | trimSpace }}
-JVB_AUTH_PASSWORD={{ key "secrets/jitsi/jvb_pass" | trimSpace }}
-EOF
- destination = "secrets/global_env"
- env = true
- }
-
- template {
- data = file("../config/prosody.cfg.lua")
- destination = "secrets/prosody.cfg.lua"
- }
-
- # --- secrets ---
- template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
- destination = "secrets/certs/auth.jitsi.crt"
- }
-
- template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.key\" }}"
- destination = "secrets/certs/auth.jitsi.key"
- }
-
- template {
- data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
- destination = "secrets/certs/jitsi.crt"
- }
-
- template {
- data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
- destination = "secrets/certs/jitsi.key"
- }
-
- resources {
- cpu = 300
- memory = 200
- }
-
- service {
- tags = [ "jitsi", "bosh" ]
- port = "bosh_port"
- address_mode = "host"
- name = "bosh-jitsi"
- check {
- type = "tcp"
- port = "bosh_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- tags = [ "jitsi", "xmpp" ]
- port = "xmpp_port"
- address_mode = "host"
- name = "xmpp-jitsi"
- }
- }
-
- task "front" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_meet:v5"
- network_mode = "host"
- ports = [ "https_port" ]
- volumes = [
- "secrets/certs/jitsi.crt:/etc/nginx/jitsi.crt",
- "secrets/certs/jitsi.key:/etc/nginx/jitsi.key",
- "secrets/config.js:/srv/jitsi-meet/config.js",
- "secrets/nginx.conf:/etc/nginx/nginx.conf"
- ]
- }
-
- template {
- data = file("../config/config.js")
- destination = "secrets/config.js"
- }
-
- template {
- data = file("../config/nginx.conf")
- destination = "secrets/nginx.conf"
- }
-
- # --- secrets ---
- template {
- data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
- destination = "secrets/certs/jitsi.crt"
- }
- template {
- data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
- destination = "secrets/certs/jitsi.key"
- }
-
- resources {
- cpu = 300
- memory = 200
- }
-
- service {
- tags = [
- "jitsi",
- "tricot jitsi.deuxfleurs.fr",
- ]
- port = "https_port"
- address_mode = "host"
- name = "https-jitsi"
- check {
- type = "tcp"
- port = "https_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
-
- task "jicofo" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_conference_focus:v9"
- network_mode = "host"
- volumes = [
- "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
- "secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt",
- "secrets/jicofo.conf:/etc/jitsi/jicofo.conf"
- ]
- }
-
- template {
- data = file("../config/jicofo.conf")
- destination = "secrets/jicofo.conf"
- }
-
- #--- secrets ---
- template {
- data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
- destination = "secrets/certs/jitsi.crt"
- }
-
- template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
- destination = "secrets/certs/auth.jitsi.crt"
- }
-
- resources {
- cpu = 300
- memory = 400
- }
- }
-
- task "videobridge" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_videobridge:v20"
- network_mode = "host"
- ports = [ "video_port" ]
- ulimit {
- nofile = "1048576:1048576"
- nproc = "65536:65536"
- }
- volumes = [
- "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
- "secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt",
- "secrets/videobridge.conf:/etc/jitsi/videobridge.conf"
- ]
- }
-
- env {
- # Our container can autodetect the public IP with the ifconfig.me service
- # However we would like to avoid relying on a 3rd party service for production use
- # That's why I am setting the public IP address statically here VVVV
- JITSI_NAT_PUBLIC_IP = "77.207.15.215"
- }
-
- template {
- data = file("../config/videobridge.conf")
- destination = "secrets/videobridge.conf"
- }
-
- # --- secrets ---
- template {
- data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
- destination = "secrets/certs/jitsi.crt"
- }
-
- template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
- destination = "secrets/certs/auth.jitsi.crt"
- }
-
- resources {
- cpu = 900
- memory = 3000
- }
-
- service {
- tags = [ "jitsi", "(diplonat (tcp_port 8080) (udp_port 8080))" ]
- port = "video_port"
- address_mode = "host"
- name = "video-jitsi"
- check {
- type = "tcp"
- port = "video_port"
- interval = "60s"
- timeout = "5s"
- }
- }
- }
- }
-}
-