237 lines
5.7 KiB
HCL
237 lines
5.7 KiB
HCL
job "jitsi" {
|
|
datacenters = ["dc1"]
|
|
type = "service"
|
|
|
|
constraint {
|
|
attribute = "${attr.cpu.arch}"
|
|
value = "amd64"
|
|
}
|
|
|
|
group "core" {
|
|
task "xmpp" {
|
|
driver = "docker"
|
|
config {
|
|
image = "superboum/amd64_jitsi_xmpp:v4"
|
|
network_mode = "host"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
|
|
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
|
|
}
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
|
|
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
|
|
}
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
|
|
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
|
|
}
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
|
|
destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
|
|
}
|
|
artifact {
|
|
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
|
|
destination = "secrets/global_env.tpl"
|
|
mode = "file"
|
|
}
|
|
template {
|
|
source = "secrets/global_env.tpl"
|
|
destination = "secrets/global_env"
|
|
env = true
|
|
}
|
|
|
|
resources {
|
|
cpu = 300
|
|
memory = 200
|
|
}
|
|
|
|
service {
|
|
tags = [ "jitsi", "bosh" ]
|
|
port = 5280
|
|
address_mode = "driver"
|
|
name = "jitsi-xmpp-bosh"
|
|
check {
|
|
type = "tcp"
|
|
address_mode = "driver"
|
|
port = 5280
|
|
interval = "60s"
|
|
timeout = "5s"
|
|
check_restart {
|
|
limit = 3
|
|
grace = "90s"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
}
|
|
|
|
service {
|
|
tags = [ "jitsi", "ext" ]
|
|
port = 5347
|
|
address_mode = "driver"
|
|
name = "jitsi-ext"
|
|
}
|
|
|
|
service {
|
|
tags = [ "jitsi", "xmpp" ]
|
|
port = 5222
|
|
address_mode = "driver"
|
|
name = "jitsi-xmpp"
|
|
}
|
|
}
|
|
|
|
task "front" {
|
|
driver = "docker"
|
|
config {
|
|
image = "superboum/amd64_jitsi_meet:v1"
|
|
network_mode = "host"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
|
|
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
|
|
}
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
|
|
destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
|
|
}
|
|
artifact {
|
|
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
|
|
destination = "secrets/global_env.tpl"
|
|
mode = "file"
|
|
}
|
|
template {
|
|
source = "secrets/global_env.tpl"
|
|
destination = "secrets/global_env"
|
|
env = true
|
|
}
|
|
|
|
resources {
|
|
cpu = 300
|
|
memory = 200
|
|
}
|
|
|
|
service {
|
|
tags = [
|
|
"jitsi",
|
|
"traefik.enable=true",
|
|
"traefik.frontend.entryPoints=https,http",
|
|
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
|
|
"traefik.protocol=https"
|
|
]
|
|
port = 443
|
|
address_mode = "driver"
|
|
name = "jitsi-front-https"
|
|
check {
|
|
type = "tcp"
|
|
port = 443
|
|
address_mode = "driver"
|
|
interval = "60s"
|
|
timeout = "5s"
|
|
check_restart {
|
|
limit = 3
|
|
grace = "90s"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
task "jicofo" {
|
|
driver = "docker"
|
|
config {
|
|
image = "superboum/amd64_jitsi_conference_focus:v5"
|
|
network_mode = "host"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
|
|
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
|
|
}
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
|
|
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
|
|
}
|
|
artifact {
|
|
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
|
|
destination = "secrets/global_env.tpl"
|
|
mode = "file"
|
|
}
|
|
template {
|
|
source = "secrets/global_env.tpl"
|
|
destination = "secrets/global_env"
|
|
env = true
|
|
}
|
|
|
|
resources {
|
|
cpu = 300
|
|
memory = 400
|
|
}
|
|
}
|
|
|
|
task "videobridge" {
|
|
driver = "docker"
|
|
config {
|
|
image = "superboum/amd64_jitsi_videobridge:v15"
|
|
network_mode = "host"
|
|
port_map { video1_port = 8080 } # this is a hack, check secrets/jitsi/global_env to understand why
|
|
ulimit {
|
|
nofile = "1048576:1048576"
|
|
nproc = "65536:65536"
|
|
}
|
|
}
|
|
|
|
env {
|
|
#JITSI_DEBUG = 1
|
|
JITSI_VIDEO_TCP = 8080
|
|
}
|
|
|
|
artifact {
|
|
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
|
|
destination = "secrets/global_env.tpl"
|
|
mode = "file"
|
|
}
|
|
template {
|
|
source = "secrets/global_env.tpl"
|
|
destination = "secrets/global_env"
|
|
env = true
|
|
}
|
|
|
|
resources {
|
|
cpu = 900
|
|
memory = 1500
|
|
network {
|
|
port "video1_port" { static = "8080" } # this is a hack
|
|
}
|
|
}
|
|
|
|
service {
|
|
tags = [ "jitsi", "(diplonat (tcp_port 8080))" ]
|
|
port = 8080
|
|
address_mode = "driver"
|
|
name = "jitsi-videobridge-video1"
|
|
check {
|
|
type = "tcp"
|
|
port = 8080
|
|
address_mode = "driver"
|
|
interval = "60s"
|
|
timeout = "5s"
|
|
check_restart {
|
|
limit = 3
|
|
grace = "90s"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
}
|
|
|
|
service {
|
|
tags = [ "jitsi", "(diplonat (udp_port 10000))" ]
|
|
port = 10000
|
|
address_mode = "driver"
|
|
name = "jitsi-videobridge-video2"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|