commit 4c99cbbde705f75bf2f33f30789bc657356d60d7
Author: xyhhx <xyhhx@tuta.io>
Date:   Wed Jan 22 14:02:36 2025 -0500

    initial commit

diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..fe7c01a
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+dotenv
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4c49bd7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/jitsi/deployment.yaml b/jitsi/deployment.yaml
new file mode 100644
index 0000000..62842bc
--- /dev/null
+++ b/jitsi/deployment.yaml
@@ -0,0 +1,81 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/serviceaccount.json
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: jitsi
+  namespace: jitsi
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/deployment.json
+apiVersion: apps/v1
+kind: Deployment
+
+metadata:
+  labels:
+    app: jitsi
+  name: jitsi
+
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+
+  selector:
+    matchLabels:
+      app: jitsi
+
+  template:
+    metadata:
+      labels:
+        app: jitsi
+
+    spec:
+      serviceAccountName: jitsi
+
+      securityContext:
+        fsGroup: 65532
+        fsGroupChangePolicy: OnRootMismatch
+        runAsGroup: 65532
+        runAsNonRoot: true
+        runAsUser: 65532
+        seccompProfile:
+          type: RuntimeDefault
+
+      containers:
+        - name: jicofo
+          image: jicofo
+          imagePullPolicy: IfNotPresent
+          envFrom: &DefaultEnvFrom
+            - secretRef:
+                name: jitsi-secrets
+            - configMapRef:
+                name: envs
+          securityContext: &DefaultContainerSecurityContext
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+
+        - name: prosody
+          image: prosody
+          imagePullPolicy: IfNotPresent
+          envFrom: *DefaultEnvFrom
+          securityContext: *DefaultContainerSecurityContext
+
+        - name: jitsi
+          image: jitsi
+          imagePullPolicy: IfNotPresent
+          envFrom: *DefaultEnvFrom
+          securityContext: *DefaultContainerSecurityContext
+
+        - name: jvb
+          image: jvb
+          imagePullPolicy: IfNotPresent
+          envFrom: *DefaultEnvFrom
+          securityContext: *DefaultContainerSecurityContext
+
+      volumes:
+        - name: ephemeral
+          emptyDir:
+            sizeLimit: 256Mi
diff --git a/jitsi/files/jitsi.env b/jitsi/files/jitsi.env
new file mode 100644
index 0000000..2cfdd8b
--- /dev/null
+++ b/jitsi/files/jitsi.env
@@ -0,0 +1,12 @@
+JVB_AUTH_USER=jvb
+JVB_PORT="30300"
+JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
+JVB_TCP_HARVESTER_DISABLED="true"
+JICOFO_AUTH_USER=focus
+XMPP_AUTH_DOMAIN=auth.meet.jitsi
+XMPP_BOSH_URL_BASE=http://127.0.0.1:5280
+
+XMPP_DOMAIN=meet.jitsi
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
+XMPP_MUC_DOMAIN=muc.meet.jitsi
+XMPP_SERVER=localhost
diff --git a/jitsi/ingress.yaml b/jitsi/ingress.yaml
new file mode 100644
index 0000000..83c13fa
--- /dev/null
+++ b/jitsi/ingress.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/ingress.json
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jitsi
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: web
+                port:
+                  name: http
+  tls:
+    - hosts:
+        - example.com
+      secretName: jitsi-tls
diff --git a/jitsi/kustomization.yaml b/jitsi/kustomization.yaml
new file mode 100644
index 0000000..373ff18
--- /dev/null
+++ b/jitsi/kustomization.yaml
@@ -0,0 +1,43 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: jitsi
+
+labels:
+  - includeSelectors: true
+    includeTemplates: true
+    pairs:
+      app.kubernetes.io/name: jitsi
+      app.kubernetes.io/version: stable-9955
+      app.kubernetes.io/part-of: jitsi
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configMapGenerator:
+  - name: envs
+    env: ./files/jitsi.env
+
+secretGenerator:
+  - name: jitsi-secrets
+    env: ./secrets/secrets.env
+
+resources:
+  - ./deployment.yaml
+  - ./namespace.yaml
+
+images:
+  - name: jicofo
+    newName: jitsi/jicofo
+    newTag: stable-9955@sha256:473e7994018d61d29cf296ef6bca03c6ac71ae697a15e3ecff5d39cc569e7a39
+  - name: prosody
+    newName: jitsi/prosody
+    newTag: stable-9955@sha256:27d5f83b1989a7fc699e40f16b1d97e45be5c22507dc5e56eca59f80f106e385
+  - name: jitsi
+    newName: jitsi/web
+    newTag: stable-955@sha256:23458904c9e9ff391df42567a3e667710754c584ab77db7abfe432a6ebd0fcec
+  - name: jvb
+    newName: jitsi/jvb
+    newTag: stable-9955@sha256:9f57b4bd09a94e68a57bba6c30070cca801cd8e9466e31bc7361e081cc625980
diff --git a/jitsi/namespace.yaml b/jitsi/namespace.yaml
new file mode 100644
index 0000000..f0d30d3
--- /dev/null
+++ b/jitsi/namespace.yaml
@@ -0,0 +1,5 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/namespace.json
+apiVersion: v1
+metadata:
+  name: jitsi
diff --git a/jitsi/secrets/secrets.env.example b/jitsi/secrets/secrets.env.example
new file mode 100644
index 0000000..b5ba39e
--- /dev/null
+++ b/jitsi/secrets/secrets.env.example
@@ -0,0 +1,3 @@
+JICOFO_COMPONENT_SECRET=
+JICOFO_AUTH_PASSWORD=
+JVB_AUTH_PASSWORD=
diff --git a/jitsi/services.yaml b/jitsi/services.yaml
new file mode 100644
index 0000000..4caa666
--- /dev/null
+++ b/jitsi/services.yaml
@@ -0,0 +1,47 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/service.json
+apiVersion: v1
+kind: Service
+
+metadata:
+  name: jvb
+
+  labels:
+    service: jvb
+
+spec:
+  type: NodePort
+  externalTrafficPolicy: Cluster
+
+  selector:
+    app: jitsi1
+  ports:
+    - port: 30300
+      protocol: UDP
+      targetPort: 30300
+      nodePort: 30300
+
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/service.json
+apiVersion: v1
+kind: Service
+
+metadata:
+  name: web
+
+  labels:
+    service: web
+
+spec:
+  type: NodePort
+  externalTrafficPolicy: Cluster
+
+  selector:
+    app: jitsi1
+  ports:
+    - name: "http"
+      port: 80
+      targetPort: 80
+    - name: "https"
+      port: 443
+      targetPort: 443