Move app files into cluster subdirectories; add prod garage

1 files changed, 257 insertions, 0 deletions

diff --git a/cluster/prod/app/jitsi/deploy/jitsi.hcl b/cluster/prod/app/jitsi/deploy/jitsi.hcl
new file mode 100644
index 0000000..7e12ae3
--- /dev/null
+++ b/cluster/prod/app/jitsi/deploy/jitsi.hcl
@@ -0,0 +1,257 @@
+job "jitsi" {
+  datacenters = ["neptune"]
+  type = "service"
+
+  priority = "10"
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  group "core" {
+
+    network {
+      port "bosh_port" { }
+      port "xmpp_port" { }
+      port "https_port" { }
+      port "video_port" { static = 8080 }
+    }
+
+    task "xmpp" {
+      driver = "docker"
+      config {
+        image = "superboum/amd64_jitsi_xmpp:v10"
+        ports = [ "bosh_port", "xmpp_port" ]
+        network_mode = "host"
+        volumes = [
+          "secrets/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua",
+          "secrets/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt",
+          "secrets/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key",
+          "secrets/certs/jitsi.crt:/var/lib/prosody/jitsi.crt",
+          "secrets/certs/jitsi.key:/var/lib/prosody/jitsi.key"
+        ]
+      }
+
+      template {
+        data = <<EOF
+JICOFO_AUTH_PASSWORD={{ key "secrets/jitsi/jicofo_pass" | trimSpace }}
+JVB_AUTH_PASSWORD={{ key "secrets/jitsi/jvb_pass" | trimSpace }}
+EOF
+        destination = "secrets/global_env"
+        env = true
+      }
+
+     template {
+       data = file("../config/prosody.cfg.lua")
+       destination = "secrets/prosody.cfg.lua"
+     }
+
+      # --- secrets ---
+      template {
+        data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
+        destination = "secrets/certs/auth.jitsi.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/jitsi/auth.jitsi.key\" }}"
+        destination = "secrets/certs/auth.jitsi.key"
+      }
+
+      template {
+        data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
+        destination = "secrets/certs/jitsi.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
+        destination = "secrets/certs/jitsi.key"
+      }
+
+      resources {
+        cpu = 300
+        memory = 200
+      }
+
+      service {
+        tags = [ "jitsi", "bosh" ]
+        port = "bosh_port"
+        address_mode = "host"
+        name = "bosh-jitsi"
+        check {
+          type = "tcp"
+          port = "bosh_port"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "90s"
+            ignore_warnings = false
+          }
+        }
+      }
+
+      service {
+        tags = [ "jitsi", "xmpp" ]
+        port = "xmpp_port"
+        address_mode = "host"
+        name = "xmpp-jitsi"
+      }
+    }
+
+    task "front" {
+      driver = "docker"
+      config {
+        image = "superboum/amd64_jitsi_meet:v5"
+        network_mode = "host"
+        ports = [ "https_port" ]
+        volumes = [
+          "secrets/certs/jitsi.crt:/etc/nginx/jitsi.crt",
+          "secrets/certs/jitsi.key:/etc/nginx/jitsi.key",
+          "secrets/config.js:/srv/jitsi-meet/config.js",
+          "secrets/nginx.conf:/etc/nginx/nginx.conf"
+        ]
+      }
+
+      template {
+        data = file("../config/config.js")
+        destination = "secrets/config.js"
+      }
+
+      template {
+        data = file("../config/nginx.conf")
+        destination = "secrets/nginx.conf"
+      }
+
+      # --- secrets ---
+      template {
+        data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
+        destination = "secrets/certs/jitsi.crt"
+      }
+      template {
+        data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
+        destination = "secrets/certs/jitsi.key"
+      }
+
+      resources {
+        cpu = 300
+        memory = 200
+      } 
+
+     service {
+        tags = [
+          "jitsi",
+          "tricot jitsi.deuxfleurs.fr",
+        ]
+        port = "https_port"
+        address_mode = "host"
+        name = "https-jitsi"
+        check {
+          type = "tcp"
+          port = "https_port"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "90s"
+            ignore_warnings = false
+          }
+        }
+      }
+    }
+
+    task "jicofo" {
+      driver = "docker"
+      config {
+        image = "superboum/amd64_jitsi_conference_focus:v9"
+        network_mode = "host"
+        volumes = [
+          "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
+          "secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt",
+          "secrets/jicofo.conf:/etc/jitsi/jicofo.conf"
+        ]
+      }
+
+      template {
+        data = file("../config/jicofo.conf")
+        destination = "secrets/jicofo.conf"
+      }
+
+      #--- secrets ---
+      template {
+        data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
+        destination = "secrets/certs/jitsi.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
+        destination = "secrets/certs/auth.jitsi.crt"
+      }
+
+      resources {
+        cpu = 300
+        memory = 400
+      } 
+    }
+
+    task "videobridge" {
+      driver = "docker"
+      config {
+        image = "superboum/amd64_jitsi_videobridge:v20"
+        network_mode = "host"
+        ports = [ "video_port" ] 
+        ulimit {
+          nofile = "1048576:1048576"
+          nproc = "65536:65536"
+        }
+        volumes = [
+          "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
+          "secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt",
+          "secrets/videobridge.conf:/etc/jitsi/videobridge.conf"
+        ]
+      }
+
+      env {
+        # Our container can autodetect the public IP with the ifconfig.me service
+        # However we would like to avoid relying on a 3rd party service for production use
+        # That's why I am setting the public IP address statically here VVVV
+        JITSI_NAT_PUBLIC_IP = "77.207.15.215"
+      }
+
+      template {
+        data = file("../config/videobridge.conf")
+        destination = "secrets/videobridge.conf"
+      }
+
+      # --- secrets ---
+      template {
+        data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
+        destination = "secrets/certs/jitsi.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
+        destination = "secrets/certs/auth.jitsi.crt"
+      }
+
+      resources {
+        cpu = 900
+        memory = 3000
+      } 
+
+      service {
+        tags = [ "jitsi", "(diplonat (tcp_port 8080) (udp_port 8080))" ]
+        port = "video_port"
+        address_mode = "host"
+        name = "video-jitsi"
+        check {
+          type = "tcp"
+          port = "video_port"
+          interval = "60s"
+          timeout = "5s"
+        }
+      }
+    }
+  }
+}
+