This repository has been archived on 2023-03-15. You can view files and clone it, but cannot push or open issues or pull requests.
infrastructure/app/jitsi/deploy/jitsi.hcl

262 lines
6.5 KiB
HCL
Raw Normal View History

2020-03-27 09:49:51 +01:00
job "jitsi" {
datacenters = ["dc1"]
type = "service"
2021-03-08 16:34:41 +01:00
priority = "10"
2020-03-27 09:49:51 +01:00
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "core" {
2020-12-23 15:55:17 +01:00
network {
port "bosh_port" { }
2021-02-01 09:50:38 +01:00
port "xmpp_port" { }
2020-12-23 15:55:17 +01:00
port "https_port" { }
2021-02-01 09:50:38 +01:00
port "video_port" { static = 8080 }
2020-12-23 15:55:17 +01:00
}
2020-03-27 09:49:51 +01:00
task "xmpp" {
driver = "docker"
config {
2021-02-01 09:50:38 +01:00
image = "superboum/amd64_jitsi_xmpp:v9"
ports = [ "bosh_port", "xmpp_port" ]
2020-03-27 09:49:51 +01:00
network_mode = "host"
2021-02-01 09:50:38 +01:00
volumes = [
2021-02-01 10:26:26 +01:00
"secrets/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua",
"secrets/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt",
"secrets/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key",
"secrets/certs/jitsi.crt:/var/lib/prosody/jitsi.crt",
2021-02-01 09:50:38 +01:00
"secrets/certs/jitsi.key:/var/lib/prosody/jitsi.key"
]
2020-03-27 09:49:51 +01:00
}
2020-12-23 15:55:17 +01:00
template {
2021-02-01 09:50:38 +01:00
data = <<EOF
JICOFO_AUTH_PASSWORD={{ key "secrets/jitsi/jicofo_pass" | trimSpace }}
JVB_AUTH_PASSWORD={{ key "secrets/jitsi/jvb_pass" | trimSpace }}
2021-02-01 09:50:38 +01:00
EOF
2020-12-23 15:55:17 +01:00
destination = "secrets/global_env"
env = true
}
2021-02-01 09:50:38 +01:00
template {
data = file("../config/prosody.cfg.lua")
destination = "secrets/prosody.cfg.lua"
}
2020-12-23 15:55:17 +01:00
# --- secrets ---
2020-03-27 21:50:00 +01:00
template {
2021-02-01 09:50:38 +01:00
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
destination = "secrets/certs/auth.jitsi.crt"
2020-03-27 21:50:00 +01:00
}
2020-12-23 15:55:17 +01:00
2020-03-27 21:50:00 +01:00
template {
2021-02-01 09:50:38 +01:00
data = "{{ key \"secrets/jitsi/auth.jitsi.key\" }}"
destination = "secrets/certs/auth.jitsi.key"
2020-03-27 21:50:00 +01:00
}
2020-12-23 15:55:17 +01:00
2020-03-27 21:50:00 +01:00
template {
2021-02-01 09:50:38 +01:00
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
destination = "secrets/certs/jitsi.crt"
2020-03-27 21:50:00 +01:00
}
2020-12-23 15:55:17 +01:00
2020-03-27 21:50:00 +01:00
template {
2021-02-01 09:50:38 +01:00
data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
destination = "secrets/certs/jitsi.key"
2020-03-27 21:50:00 +01:00
}
2020-03-27 09:49:51 +01:00
resources {
cpu = 300
memory = 200
}
service {
2020-10-28 14:12:15 +01:00
tags = [ "jitsi", "bosh" ]
2020-12-23 15:55:17 +01:00
port = "bosh_port"
address_mode = "host"
2021-02-01 09:50:38 +01:00
name = "bosh-jitsi"
2020-03-27 09:49:51 +01:00
check {
type = "tcp"
2020-12-23 15:55:17 +01:00
port = "bosh_port"
2020-03-27 09:49:51 +01:00
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
2020-10-28 14:12:15 +01:00
service {
tags = [ "jitsi", "xmpp" ]
2020-12-23 15:55:17 +01:00
port = "xmpp_port"
address_mode = "host"
2021-02-01 09:50:38 +01:00
name = "xmpp-jitsi"
2020-10-28 14:12:15 +01:00
}
2020-03-27 09:49:51 +01:00
}
task "front" {
driver = "docker"
config {
2021-02-01 09:50:38 +01:00
image = "superboum/amd64_jitsi_meet:v4"
2020-03-27 09:49:51 +01:00
network_mode = "host"
2020-12-23 15:55:17 +01:00
ports = [ "https_port" ]
2021-02-01 09:50:38 +01:00
volumes = [
2021-02-01 10:26:26 +01:00
"secrets/certs/jitsi.crt:/etc/nginx/jitsi.crt",
"secrets/certs/jitsi.key:/etc/nginx/jitsi.key",
"secrets/config.js:/srv/jitsi-meet/config.js",
2021-02-01 09:50:38 +01:00
"secrets/nginx.conf:/etc/nginx/nginx.conf"
]
2020-03-27 09:49:51 +01:00
}
2020-12-23 15:55:17 +01:00
template {
2021-02-01 09:50:38 +01:00
data = file("../config/config.js")
destination = "secrets/config.js"
}
template {
data = file("../config/nginx.conf")
destination = "secrets/nginx.conf"
2020-12-23 15:55:17 +01:00
}
# --- secrets ---
2020-03-27 21:50:00 +01:00
template {
2021-02-01 09:50:38 +01:00
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
destination = "secrets/certs/jitsi.crt"
2020-03-27 21:50:00 +01:00
}
template {
2021-02-01 09:50:38 +01:00
data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
destination = "secrets/certs/jitsi.key"
2020-03-27 21:50:00 +01:00
}
2020-03-27 09:49:51 +01:00
resources {
cpu = 300
memory = 200
}
service {
tags = [
"jitsi",
"traefik.enable=true",
2021-02-01 12:42:29 +01:00
"traefik.frontend.entryPoints=https",
2021-02-11 11:57:12 +01:00
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
2021-12-08 12:42:48 +01:00
"traefik.protocol=https",
"tricot jitsi.deuxfleurs.fr",
2020-03-27 09:49:51 +01:00
]
2020-12-23 15:55:17 +01:00
port = "https_port"
address_mode = "host"
2021-02-01 09:50:38 +01:00
name = "https-jitsi"
2020-03-27 09:49:51 +01:00
check {
type = "tcp"
2020-12-23 15:55:17 +01:00
port = "https_port"
2020-03-27 09:49:51 +01:00
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
}
task "jicofo" {
driver = "docker"
config {
2021-02-01 09:50:38 +01:00
image = "superboum/amd64_jitsi_conference_focus:v7"
2020-03-27 09:49:51 +01:00
network_mode = "host"
2021-02-01 09:50:38 +01:00
volumes = [
2021-02-01 10:26:26 +01:00
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
"secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt",
2021-02-01 09:50:38 +01:00
"secrets/jicofo.conf:/etc/jitsi/jicofo.conf"
]
2020-03-27 09:49:51 +01:00
}
2020-12-23 15:55:17 +01:00
template {
2021-02-01 09:50:38 +01:00
data = file("../config/jicofo.conf")
destination = "secrets/jicofo.conf"
2020-12-23 15:55:17 +01:00
}
#--- secrets ---
2020-03-27 21:50:00 +01:00
template {
2021-02-01 09:50:38 +01:00
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
destination = "secrets/certs/jitsi.crt"
2020-03-27 21:50:00 +01:00
}
2020-12-23 15:55:17 +01:00
2020-03-27 21:50:00 +01:00
template {
2021-02-01 09:50:38 +01:00
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
destination = "secrets/certs/auth.jitsi.crt"
2020-03-27 21:50:00 +01:00
}
2020-03-27 09:49:51 +01:00
resources {
cpu = 300
2020-06-14 11:48:53 +02:00
memory = 400
2020-03-27 09:49:51 +01:00
}
}
task "videobridge" {
driver = "docker"
config {
2021-02-01 09:50:38 +01:00
image = "superboum/amd64_jitsi_videobridge:v17"
2020-03-27 09:49:51 +01:00
network_mode = "host"
2021-02-01 09:50:38 +01:00
ports = [ "video_port" ]
2020-03-28 08:39:02 +01:00
ulimit {
nofile = "1048576:1048576"
nproc = "65536:65536"
}
2021-02-01 09:50:38 +01:00
volumes = [
2021-02-01 10:26:26 +01:00
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
"secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt",
2021-02-01 09:50:38 +01:00
"secrets/videobridge.conf:/etc/jitsi/videobridge.conf"
]
2020-03-27 09:49:51 +01:00
}
2020-04-02 20:24:50 +02:00
env {
2021-02-01 09:50:38 +01:00
# Our container can autodetect the public IP with the ifconfig.me service
# However we would like to avoid relying on a 3rd party service for production use
# That's why I am setting the public IP address statically here VVVV
2021-04-04 19:15:29 +02:00
JITSI_NAT_PUBLIC_IP = "82.64.119.240"
2020-04-02 20:24:50 +02:00
}
2020-03-27 21:50:00 +01:00
template {
2021-02-01 09:50:38 +01:00
data = file("../config/videobridge.conf")
destination = "secrets/videobridge.conf"
2020-03-27 21:50:00 +01:00
}
2021-02-01 09:50:38 +01:00
# --- secrets ---
template {
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
destination = "secrets/certs/jitsi.crt"
}
template {
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
destination = "secrets/certs/auth.jitsi.crt"
}
2020-03-27 09:49:51 +01:00
resources {
2020-03-28 08:39:02 +01:00
cpu = 900
2021-02-01 09:50:38 +01:00
memory = 3000
2020-03-27 09:49:51 +01:00
}
service {
2021-02-01 09:50:38 +01:00
tags = [ "jitsi", "(diplonat (tcp_port 8080) (udp_port 8080))" ]
port = "video_port"
2020-12-23 15:55:17 +01:00
address_mode = "host"
2021-02-01 09:50:38 +01:00
name = "video-jitsi"
2020-03-27 09:49:51 +01:00
check {
type = "tcp"
2021-02-01 09:50:38 +01:00
port = "video_port"
2020-03-27 09:49:51 +01:00
interval = "60s"
timeout = "5s"
}
}
2020-10-28 14:12:15 +01:00
}
2020-03-27 09:49:51 +01:00
}
}