This repository has been archived on 2023-03-15. You can view files and clone it, but cannot push or open issues or pull requests.
infrastructure/app/deployment/jitsi.hcl

238 lines
5.8 KiB
HCL

job "jitsi" {
datacenters = ["dc1"]
type = "service"
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "core" {
task "xmpp" {
driver = "docker"
config {
image = "superboum/amd64_jitsi_xmpp:v4"
network_mode = "host"
}
template {
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
}
template {
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
}
template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
}
template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
}
artifact {
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
destination = "secrets/global_env.tpl"
mode = "file"
}
template {
source = "secrets/global_env.tpl"
destination = "secrets/global_env"
env = true
}
resources {
cpu = 300
memory = 200
}
service {
tags = [ "jitsi", "bosh" ]
port = 5280
address_mode = "driver"
name = "jitsi-xmpp-bosh"
check {
type = "tcp"
address_mode = "driver"
port = 5280
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
tags = [ "jitsi", "ext" ]
port = 5347
address_mode = "driver"
name = "jitsi-ext"
}
service {
tags = [ "jitsi", "xmpp" ]
port = 5222
address_mode = "driver"
name = "jitsi-xmpp"
}
}
task "front" {
driver = "docker"
config {
image = "superboum/amd64_jitsi_meet:v1"
network_mode = "host"
}
template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
}
template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
}
artifact {
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
destination = "secrets/global_env.tpl"
mode = "file"
}
template {
source = "secrets/global_env.tpl"
destination = "secrets/global_env"
env = true
}
resources {
cpu = 300
memory = 200
}
service {
tags = [
"jitsi",
"traefik.enable=true",
"traefik.frontend.entryPoints=https,http",
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
"traefik.protocol=https"
]
port = 443
address_mode = "driver"
name = "jitsi-front-https"
check {
type = "tcp"
port = 443
address_mode = "driver"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
}
task "jicofo" {
driver = "docker"
config {
image = "superboum/amd64_jitsi_conference_focus:v5"
network_mode = "host"
}
template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
}
template {
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
}
artifact {
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
destination = "secrets/global_env.tpl"
mode = "file"
}
template {
source = "secrets/global_env.tpl"
destination = "secrets/global_env"
env = true
}
resources {
cpu = 300
memory = 400
}
}
task "videobridge" {
driver = "docker"
config {
image = "superboum/amd64_jitsi_videobridge:v15"
network_mode = "host"
port_map { video1_port = 8080 } # this is a hack, check secrets/jitsi/global_env to understand why
ulimit {
nofile = "1048576:1048576"
nproc = "65536:65536"
}
}
env {
#JITSI_DEBUG = 1
JITSI_VIDEO_TCP = 8080
VIDEOBRIDGE_MAX_MEMORY = "1450m"
}
artifact {
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
destination = "secrets/global_env.tpl"
mode = "file"
}
template {
source = "secrets/global_env.tpl"
destination = "secrets/global_env"
env = true
}
resources {
cpu = 900
memory = 1500
network {
port "video1_port" { static = "8080" } # this is a hack
}
}
service {
tags = [ "jitsi", "(diplonat (tcp_port 8080))" ]
port = 8080
address_mode = "driver"
name = "jitsi-videobridge-video1"
check {
type = "tcp"
port = 8080
address_mode = "driver"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
tags = [ "jitsi", "(diplonat (udp_port 10000))" ]
port = 10000
address_mode = "driver"
name = "jitsi-videobridge-video2"
}
}
}
}