Deuxfleurs/nixcfg
17
6
Fork 2
Code Issues 8 Pull requests 2 Projects Releases Wiki Activity

Synapse sqlite db with litestream

Browse source
This commit is contained in:
Alex 2021-12-30 00:03:41 +01:00
parent 7c775e6017
commit 424e7ae22c
No known key found for this signature in database
GPG key ID: 09EC5284AA804D3C
9 changed files with 2751 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2637
app/im/config/homeserver.yaml Normal file
View file

File diff suppressed because it is too large Load diff

10
app/im/config/litestream.yml Normal file
View file

@ -0,0 +1,10 @@
dbs:
- path: /ephemeral/homeserver.db
replicas:
- url: s3://synapse-db/homeserver.db
region: garage-staging
endpoint: https://garage-staging.home.adnab.me
access-key-id: {{ key "secrets/synapse/s3_db_access_key" | trimSpace }}
secret-access-key: {{ key "secrets/synapse/s3_db_secret_key" | trimSpace }}
force-path-style: true
sync-interval: 60s

111
app/im/deploy/im.hcl
View file

@ -17,31 +17,116 @@ job "im" {
}
}
ephemeral_disk {
size = 1000
}
task "restore-db" {
lifecycle {
hook = "prestart"
sidecar = false
}
driver = "docker"
config {
image = "litestream/litestream"
args = [
"restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db"
]
volumes = [
"../alloc/data:/ephemeral",
"secrets/litestream.yml:/etc/litestream.yml"
]
}
template {
data = file("../config/litestream.yml")
destination = "secrets/litestream.yml"
}
resources {
memory = 1000
cpu = 1000
}
}
task "synapse" {
driver = "docker"
config {
image = "matrixdotorg/synapse:v1.48.0"
ports = [ "http" ]
entrypoint = [ "/usr/local/bin/python" ]
args = [
"-m", "synapse.app.homeserver",
"-n",
"-c", "/etc/matrix-synapse/homeserver.yaml"
]
volumes = [
"secrets:/etc/matrix-synapse",
"../alloc/data:/ephemeral",
"/mnt/ssd/synapse:/data",
]
}
template {
data = file("../config/homeserver.yaml")
destination = "secrets/homeserver.yaml"
}
template {
data = "{{ key \"secrets/synapse/signing_key\" }}"
destination = "secrets/signing_key"
}
resources {
memory = 1500
cpu = 1000
}
restart {
attempts = 3
delay = "30s"
}
service {
port = "http"
tags = [
"tricot matrix.home.adnab.me 100",
"tricot matrix.home.adnab.me:443 100",
"tricot-add-header Access-Control-Allow-Origin *",
]
check {
type = "http"
path = "/"
interval = "10s"
timeout = "2s"
}
}
}
task "replicate-db" {
driver = "docker"
config {
image = "litestream/litestream"
args = [
"replicate", "-config", "/etc/litestream.yml"
]
volumes = [
"../alloc/data:/ephemeral",
"secrets/litestream.yml:/etc/litestream.yml"
]
}
service {
port = "http"
tags = [
"tricot matrix.home.adnab.me 100",
"tricot matrix.home.adnab.me:443 100",
"tricot matrix.home.adnab.me:8448 100",
"tricot-add-header Access-Control-Allow-Origin *",
]
check {
type = "http"
path = "/"
interval = "10s"
timeout = "2s"
template {
data = file("../config/litestream.yml")
destination = "secrets/litestream.yml"
}
resources {
memory = 500
cpu = 100
}
}
}

1
app/im/secrets/synapse/form_secret Normal file
View file

@ -0,0 +1 @@
USER Synapse's `form_secret` configuration parameter

1
app/im/secrets/synapse/macaroon_secret_key Normal file
View file

@ -0,0 +1 @@
USER Synapse's `macaroon_secret_key` parameter

1
app/im/secrets/synapse/registration_shared_secret Normal file
View file

@ -0,0 +1 @@
USER Synapse's `registration_shared_secret` parameter

1
app/im/secrets/synapse/s3_db_access_key Normal file
View file

@ -0,0 +1 @@
USER S3 access key ID for database storage

1
app/im/secrets/synapse/s3_db_secret_key Normal file
View file

@ -0,0 +1 @@
USER S3 secret key for database storage

1
app/im/secrets/synapse/signing_key Normal file
View file

@ -0,0 +1 @@
USER Signing key for messages