forked from Deuxfleurs/infrastructure
258 lines
6.4 KiB
HCL
258 lines
6.4 KiB
HCL
job "jitsi" {
|
|
datacenters = ["dc1"]
|
|
type = "service"
|
|
|
|
constraint {
|
|
attribute = "${attr.cpu.arch}"
|
|
value = "amd64"
|
|
}
|
|
|
|
group "core" {
|
|
|
|
network {
|
|
port "bosh_port" { }
|
|
port "xmpp_port" { }
|
|
port "https_port" { }
|
|
port "video_port" { static = 8080 }
|
|
}
|
|
|
|
task "xmpp" {
|
|
driver = "docker"
|
|
config {
|
|
image = "superboum/amd64_jitsi_xmpp:v9"
|
|
ports = [ "bosh_port", "xmpp_port" ]
|
|
network_mode = "host"
|
|
volumes = [
|
|
"secrets/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua",
|
|
"secrets/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt",
|
|
"secrets/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key",
|
|
"secrets/certs/jitsi.crt:/var/lib/prosody/jitsi.crt",
|
|
"secrets/certs/jitsi.key:/var/lib/prosody/jitsi.key"
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
JICOFO_AUTH_PASSWORD={{ key "secrets/jitsi/jicofo_pass" }}
|
|
JVB_AUTH_PASSWORD={{ key "secrets/jitsi/jvb_pass" }}
|
|
EOF
|
|
destination = "secrets/global_env"
|
|
env = true
|
|
}
|
|
|
|
template {
|
|
data = file("../config/prosody.cfg.lua")
|
|
destination = "secrets/prosody.cfg.lua"
|
|
}
|
|
|
|
# --- secrets ---
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
|
|
destination = "secrets/certs/auth.jitsi.crt"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/auth.jitsi.key\" }}"
|
|
destination = "secrets/certs/auth.jitsi.key"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
|
destination = "secrets/certs/jitsi.crt"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
|
|
destination = "secrets/certs/jitsi.key"
|
|
}
|
|
|
|
resources {
|
|
cpu = 300
|
|
memory = 200
|
|
}
|
|
|
|
service {
|
|
tags = [ "jitsi", "bosh" ]
|
|
port = "bosh_port"
|
|
address_mode = "host"
|
|
name = "bosh-jitsi"
|
|
check {
|
|
type = "tcp"
|
|
port = "bosh_port"
|
|
interval = "60s"
|
|
timeout = "5s"
|
|
check_restart {
|
|
limit = 3
|
|
grace = "90s"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
}
|
|
|
|
service {
|
|
tags = [ "jitsi", "xmpp" ]
|
|
port = "xmpp_port"
|
|
address_mode = "host"
|
|
name = "xmpp-jitsi"
|
|
}
|
|
}
|
|
|
|
task "front" {
|
|
driver = "docker"
|
|
config {
|
|
image = "superboum/amd64_jitsi_meet:v4"
|
|
network_mode = "host"
|
|
ports = [ "https_port" ]
|
|
volumes = [
|
|
"secrets/certs/jitsi.crt:/etc/nginx/jitsi.crt",
|
|
"secrets/certs/jitsi.key:/etc/nginx/jitsi.key",
|
|
"secrets/config.js:/srv/jitsi-meet/config.js",
|
|
"secrets/nginx.conf:/etc/nginx/nginx.conf"
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = file("../config/config.js")
|
|
destination = "secrets/config.js"
|
|
}
|
|
|
|
template {
|
|
data = file("../config/nginx.conf")
|
|
destination = "secrets/nginx.conf"
|
|
}
|
|
|
|
# --- secrets ---
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
|
destination = "secrets/certs/jitsi.crt"
|
|
}
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
|
|
destination = "secrets/certs/jitsi.key"
|
|
}
|
|
|
|
resources {
|
|
cpu = 300
|
|
memory = 200
|
|
}
|
|
|
|
service {
|
|
tags = [
|
|
"jitsi",
|
|
"traefik.enable=true",
|
|
"traefik.frontend.entryPoints=https,http",
|
|
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
|
|
"traefik.protocol=https"
|
|
]
|
|
port = "https_port"
|
|
address_mode = "host"
|
|
name = "https-jitsi"
|
|
check {
|
|
type = "tcp"
|
|
port = "https_port"
|
|
interval = "60s"
|
|
timeout = "5s"
|
|
check_restart {
|
|
limit = 3
|
|
grace = "90s"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
task "jicofo" {
|
|
driver = "docker"
|
|
config {
|
|
image = "superboum/amd64_jitsi_conference_focus:v7"
|
|
network_mode = "host"
|
|
volumes = [
|
|
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
|
|
"secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt",
|
|
"secrets/jicofo.conf:/etc/jitsi/jicofo.conf"
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = file("../config/jicofo.conf")
|
|
destination = "secrets/jicofo.conf"
|
|
}
|
|
|
|
#--- secrets ---
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
|
destination = "secrets/certs/jitsi.crt"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
|
|
destination = "secrets/certs/auth.jitsi.crt"
|
|
}
|
|
|
|
resources {
|
|
cpu = 300
|
|
memory = 400
|
|
}
|
|
}
|
|
|
|
task "videobridge" {
|
|
driver = "docker"
|
|
config {
|
|
image = "superboum/amd64_jitsi_videobridge:v17"
|
|
network_mode = "host"
|
|
ports = [ "video_port" ]
|
|
ulimit {
|
|
nofile = "1048576:1048576"
|
|
nproc = "65536:65536"
|
|
}
|
|
volumes = [
|
|
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
|
|
"secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt",
|
|
"secrets/videobridge.conf:/etc/jitsi/videobridge.conf"
|
|
]
|
|
}
|
|
|
|
env {
|
|
# Our container can autodetect the public IP with the ifconfig.me service
|
|
# However we would like to avoid relying on a 3rd party service for production use
|
|
# That's why I am setting the public IP address statically here VVVV
|
|
JITSI_NAT_PUBLIC_IP = "78.197.205.190"
|
|
}
|
|
|
|
template {
|
|
data = file("../config/videobridge.conf")
|
|
destination = "secrets/videobridge.conf"
|
|
}
|
|
|
|
# --- secrets ---
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
|
destination = "secrets/certs/jitsi.crt"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
|
|
destination = "secrets/certs/auth.jitsi.crt"
|
|
}
|
|
|
|
resources {
|
|
cpu = 900
|
|
memory = 3000
|
|
}
|
|
|
|
service {
|
|
tags = [ "jitsi", "(diplonat (tcp_port 8080) (udp_port 8080))" ]
|
|
port = "video_port"
|
|
address_mode = "host"
|
|
name = "video-jitsi"
|
|
check {
|
|
type = "tcp"
|
|
port = "video_port"
|
|
interval = "60s"
|
|
timeout = "5s"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|