initial commit

.envrc

@@ -0,0 +1 @@
+dotenv

.gitignore

@@ -0,0 +1 @@
+.env

jitsi/deployment.yaml

@@ -0,0 +1,81 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/serviceaccount.json
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: jitsi
+  namespace: jitsi
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/deployment.json
+apiVersion: apps/v1
+kind: Deployment
+
+metadata:
+  labels:
+    app: jitsi
+  name: jitsi
+
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+
+  selector:
+    matchLabels:
+      app: jitsi
+
+  template:
+    metadata:
+      labels:
+        app: jitsi
+
+    spec:
+      serviceAccountName: jitsi
+
+      securityContext:
+        fsGroup: 65532
+        fsGroupChangePolicy: OnRootMismatch
+        runAsGroup: 65532
+        runAsNonRoot: true
+        runAsUser: 65532
+        seccompProfile:
+          type: RuntimeDefault
+
+      containers:
+        - name: jicofo
+          image: jicofo
+          imagePullPolicy: IfNotPresent
+          envFrom: &DefaultEnvFrom
+            - secretRef:
+                name: jitsi-secrets
+            - configMapRef:
+                name: envs
+          securityContext: &DefaultContainerSecurityContext
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+
+        - name: prosody
+          image: prosody
+          imagePullPolicy: IfNotPresent
+          envFrom: *DefaultEnvFrom
+          securityContext: *DefaultContainerSecurityContext
+
+        - name: jitsi
+          image: jitsi
+          imagePullPolicy: IfNotPresent
+          envFrom: *DefaultEnvFrom
+          securityContext: *DefaultContainerSecurityContext
+
+        - name: jvb
+          image: jvb
+          imagePullPolicy: IfNotPresent
+          envFrom: *DefaultEnvFrom
+          securityContext: *DefaultContainerSecurityContext
+
+      volumes:
+        - name: ephemeral
+          emptyDir:
+            sizeLimit: 256Mi

jitsi/files/jitsi.env

@@ -0,0 +1,12 @@
+JVB_AUTH_USER=jvb
+JVB_PORT="30300"
+JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
+JVB_TCP_HARVESTER_DISABLED="true"
+JICOFO_AUTH_USER=focus
+XMPP_AUTH_DOMAIN=auth.meet.jitsi
+XMPP_BOSH_URL_BASE=http://127.0.0.1:5280
+
+XMPP_DOMAIN=meet.jitsi
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
+XMPP_MUC_DOMAIN=muc.meet.jitsi
+XMPP_SERVER=localhost

jitsi/ingress.yaml

@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/ingress.json
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jitsi
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: web
+                port:
+                  name: http
+  tls:
+    - hosts:
+        - example.com
+      secretName: jitsi-tls

jitsi/kustomization.yaml

@@ -0,0 +1,43 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: jitsi
+
+labels:
+  - includeSelectors: true
+    includeTemplates: true
+    pairs:
+      app.kubernetes.io/name: jitsi
+      app.kubernetes.io/version: stable-9955
+      app.kubernetes.io/part-of: jitsi
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configMapGenerator:
+  - name: envs
+    env: ./files/jitsi.env
+
+secretGenerator:
+  - name: jitsi-secrets
+    env: ./secrets/secrets.env
+
+resources:
+  - ./deployment.yaml
+  - ./namespace.yaml
+
+images:
+  - name: jicofo
+    newName: jitsi/jicofo
+    newTag: stable-9955@sha256:473e7994018d61d29cf296ef6bca03c6ac71ae697a15e3ecff5d39cc569e7a39
+  - name: prosody
+    newName: jitsi/prosody
+    newTag: stable-9955@sha256:27d5f83b1989a7fc699e40f16b1d97e45be5c22507dc5e56eca59f80f106e385
+  - name: jitsi
+    newName: jitsi/web
+    newTag: stable-955@sha256:23458904c9e9ff391df42567a3e667710754c584ab77db7abfe432a6ebd0fcec
+  - name: jvb
+    newName: jitsi/jvb
+    newTag: stable-9955@sha256:9f57b4bd09a94e68a57bba6c30070cca801cd8e9466e31bc7361e081cc625980

jitsi/namespace.yaml

@@ -0,0 +1,5 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/namespace.json
+apiVersion: v1
+metadata:
+  name: jitsi

jitsi/secrets/secrets.env.example

@@ -0,0 +1,3 @@
+JICOFO_COMPONENT_SECRET=
+JICOFO_AUTH_PASSWORD=
+JVB_AUTH_PASSWORD=

jitsi/services.yaml

@@ -0,0 +1,47 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/service.json
+apiVersion: v1
+kind: Service
+
+metadata:
+  name: jvb
+
+  labels:
+    service: jvb
+
+spec:
+  type: NodePort
+  externalTrafficPolicy: Cluster
+
+  selector:
+    app: jitsi1
+  ports:
+    - port: 30300
+      protocol: UDP
+      targetPort: 30300
+      nodePort: 30300
+
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.32.0/service.json
+apiVersion: v1
+kind: Service
+
+metadata:
+  name: web
+
+  labels:
+    service: web
+
+spec:
+  type: NodePort
+  externalTrafficPolicy: Cluster
+
+  selector:
+    app: jitsi1
+  ports:
+    - name: "http"
+      port: 80
+      targetPort: 80
+    - name: "https"
+      port: 443
+      targetPort: 443