diff --git a/cluster/staging/app/im/deploy/flake.lock b/cluster/staging/app/im/deploy/flake.lock
new file mode 100644
index 0000000..bde4085
--- /dev/null
+++ b/cluster/staging/app/im/deploy/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1669546925,
+        "narHash": "sha256-Gvtk9agz88tBgqmCdHl5U7gYttTkiuEd8/Rq1Im0pTg=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/cluster/staging/app/im/deploy/flake.nix b/cluster/staging/app/im/deploy/flake.nix
new file mode 100644
index 0000000..180e91b
--- /dev/null
+++ b/cluster/staging/app/im/deploy/flake.nix
@@ -0,0 +1,39 @@
+{
+  description = "Synapse packaging for Deuxfleurs";
+
+  # nixpkgs 22.05 at 2022-11-29
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/fecf05d4861f3985e8dee73f08bc82668ef75125";
+
+  outputs = { self, nixpkgs }:
+  let
+    pkgs = import nixpkgs {
+      system = "x86_64-linux";
+    };
+    pypkgsOverlay = import ./python-packages.nix {
+      inherit pkgs;
+      fetchurl = builtins.fetchurl;
+      fetchgit = pkgs.fetchgit;
+      fetchhg = pkgs.fetchhg;
+    };
+    pkgs2 = import nixpkgs {
+      system = "x86_64-linux";
+      overlays = [
+        (self: super: {
+          python3 = super.python3.override {
+            self = self.python3;
+            packageOverrides = pypkgsOverlay;
+          };
+        })
+      ];
+    };
+    synapseWithS3 = pkgs2.matrix-synapse.overridePythonAttrs (old: rec {
+      propagatedBuildInputs = old.propagatedBuildInputs ++ [
+        pkgs2.python3.pkgs.synapse-s3-storage-provider
+      ];
+    });
+  in
+  {
+    packages.x86_64-linux.default = synapseWithS3;
+    #packages.x86_64-linux.default = pkgs2.python3.pkgs.synapse-s3-storage-provider;
+  };
+}
diff --git a/cluster/staging/app/im/deploy/im-nix.hcl b/cluster/staging/app/im/deploy/im-nix.hcl
new file mode 100644
index 0000000..7f53136
--- /dev/null
+++ b/cluster/staging/app/im/deploy/im-nix.hcl
@@ -0,0 +1,196 @@
+job "im" {
+  datacenters = ["neptune"]
+  type = "service"
+  
+  group "synapse" {
+    count = 1
+
+    network {
+      port "http" {
+        to = 8008
+      }
+    }
+
+    ephemeral_disk {
+      size    = 10000
+    }
+
+    restart {
+      attempts = 10
+      delay    = "30s"
+    }
+
+    constraint {
+      attribute = "${attr.unique.hostname}"
+      operator = "!="
+      value = "caribou"
+    }
+
+    task "restore-db" {
+      lifecycle {
+        hook = "prestart"
+        sidecar = false
+      }
+
+      driver = "nix2"
+      config {
+        packages = [
+          "#litestream"
+          ]
+        command = "litestream"
+        args = [
+          "restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db", "-v"
+        ]
+        bind = {
+          "../alloc/data" = "/ephemeral",
+          "secrets/litestream.yml" = "/etc/litestream.yml"
+        }
+      }
+      user = "root"
+
+      template {
+        data = file("../config/litestream.yml")
+        destination = "secrets/litestream.yml"
+      }
+
+      resources {
+        memory = 100
+        memory_max = 1000
+        cpu = 1000
+      }
+    }
+
+    task "synapse" {
+      driver = "nix2"
+      config {
+        nixpkgs = "github:nixos/nixpkgs/ce6aa13369b667ac2542593170993504932eb836"
+        packages = [
+          ".",
+        ]
+        command = "synapse_homeserver"
+        args = [
+          "-n",
+          "-c", "/etc/matrix-synapse/homeserver.yaml"
+        ]
+        bind = {
+          "./secrets" = "/etc/matrix-synapse",
+          "../alloc/data" = "/ephemeral",
+        }
+      }
+      user = "root"
+
+      template {
+        data = file("flake.nix")
+        destination = "flake.nix"
+      }
+      template {
+        data = file("python-packages.nix")
+        destination = "python-packages.nix"
+      }
+      template {
+        data = file("flake.lock")
+        destination = "flake.lock"
+      }
+
+      template {
+        data = file("../config/homeserver.yaml")
+        destination = "secrets/homeserver.yaml"
+      }
+
+      template {
+        data = file("../config/synapse.log.config.yaml")
+        destination = "secrets/synapse.log.config.yaml"
+      }
+
+      template {
+        data = "{{ key \"secrets/synapse/signing_key\" }}"
+        destination = "secrets/signing_key"
+      }
+
+      resources {
+        memory = 2000
+        memory_max = 3000
+        cpu = 1000
+      }
+
+      service {
+        port = "http"
+        tags = [
+          "tricot matrix.home.adnab.me 100",
+          "tricot matrix.home.adnab.me:443 100",
+          "tricot-add-header Access-Control-Allow-Origin *",
+        ]
+        check {
+          type = "http"
+          path = "/"
+          interval = "10s"
+          timeout = "2s"
+        }
+      }
+    }
+
+    task "media-async-upload" {
+      driver = "docker"
+
+      config {
+        image = "lxpz/amd64_synapse:1.49.2-4"
+        readonly_rootfs = true
+        command = "/usr/local/bin/matrix-s3-async-sqlite"
+        work_dir = "/ephemeral"
+        volumes = [
+          "../alloc/data:/ephemeral",
+        ]
+      }
+
+      resources {
+        cpu = 100
+        memory = 100
+        memory_max = 500
+      }
+
+      template {
+        data = <<EOH
+SYNAPSE_SQLITE_DB=/ephemeral/homeserver.db
+SYNAPSE_MEDIA_STORE=/ephemeral/media_store
+SYNAPSE_MEDIA_S3_BUCKET=synapse-data
+AWS_ACCESS_KEY_ID={{ key "secrets/synapse/s3_access_key" | trimSpace }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/synapse/s3_secret_key" | trimSpace }}
+AWS_DEFAULT_REGION=garage-staging
+S3_ENDPOINT=http://{{ env "attr.unique.network.ip-address" }}:3990
+
+EOH
+        destination = "secrets/env"
+        env = true
+      }
+    }
+
+    task "replicate-db" {
+      driver = "nix2"
+      config {
+        packages = [
+          "#litestream"
+        ]
+        command = "litestream"
+        args = [
+          "replicate", "-config", "/etc/litestream.yml"
+        ]
+        bind = {
+          "../alloc/data" = "/ephemeral",
+          "secrets/litestream.yml" = "/etc/litestream.yml"
+        }
+      }
+      user = "root"
+
+      template {
+        data = file("../config/litestream.yml")
+        destination = "secrets/litestream.yml"
+      }
+
+      resources {
+        memory = 200
+        memory_max = 1000
+        cpu = 100
+      }
+    }
+  }
+}
diff --git a/cluster/staging/app/im/deploy/python-packages.nix b/cluster/staging/app/im/deploy/python-packages.nix
new file mode 100644
index 0000000..92a37be
--- /dev/null
+++ b/cluster/staging/app/im/deploy/python-packages.nix
@@ -0,0 +1,338 @@
+# Generated by pip2nix 0.8.0.dev1
+# See https://github.com/nix-community/pip2nix
+
+{ pkgs, fetchurl, fetchgit, fetchhg }:
+
+self: super: {
+  # "Automat" = super.buildPythonPackage rec {
+  #   pname = "Automat";
+  #   version = "22.10.0";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/29/90/64aabce6c1b820395452cc5472b8f11cd98320f40941795b8069aef4e0e0/Automat-22.10.0-py2.py3-none-any.whl";
+  #     sha256 = "1021ns3f579zaccd03blf4zvayzzm8r2sj426q7l9p5r8a3ly5n3";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [
+  #     self."attrs"
+  #     self."six"
+  #   ];
+  # };
+  "pyyaml" = super.buildPythonPackage rec {
+    pname = "pyyaml";
+    version = "5.4.1";
+    src = fetchurl {
+      url = "https://files.pythonhosted.org/packages/a0/a4/d63f2d7597e1a4b55aa3b4d6c5b029991d3b824b5bd331af8d4ab1ed687d/PyYAML-5.4.1.tar.gz";
+      sha256 = "0pm440pmpvgv5rbbnm8hk4qga5a292kvlm1bh3x2nwr8pb5p8xv0";
+    };
+    format = "setuptools";
+    doCheck = false;
+    buildInputs = [];
+    checkInputs = [];
+    nativeBuildInputs = [];
+    propagatedBuildInputs = [];
+  };
+  # "Twisted" = super.buildPythonPackage rec {
+  #   pname = "Twisted";
+  #   version = "22.10.0";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/ac/63/b5540d15dfeb7388fbe12fa55a902c118fd2b324be5430cdeac0c0439489/Twisted-22.10.0-py3-none-any.whl";
+  #     sha256 = "1l6brjpq0h3ldl4pkw6lcq7l1w344hsh69g0cinnzay55iqmzic6";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [
+  #     self."Automat"
+  #     self."attrs"
+  #     self."constantly"
+  #     self."hyperlink"
+  #     self."incremental"
+  #     self."typing-extensions"
+  #     self."zope.interface"
+  #   ];
+  # };
+  # "attrs" = super.buildPythonPackage rec {
+  #   pname = "attrs";
+  #   version = "22.1.0";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/f2/bc/d817287d1aa01878af07c19505fafd1165cd6a119e9d0821ca1d1c20312d/attrs-22.1.0-py2.py3-none-any.whl";
+  #     sha256 = "072mv8qgvas8sagx7f021l9yrca6ry3m8cqsylsdzwkvyq1a9vw6";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [];
+  # };
+  # "boto3" = super.buildPythonPackage rec {
+  #   pname = "boto3";
+  #   version = "1.26.18";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/d1/16/c16895c1dc416ce332d48aa9442123fbe42e714266a93a826dc034d16522/boto3-1.26.18-py3-none-any.whl";
+  #     sha256 = "05y504z3lxybms0plmay36fn9pdrjl7z17nlhbfmyahii6qqhg4k";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [
+  #     self."botocore"
+  #     self."jmespath"
+  #     self."s3transfer"
+  #   ];
+  # };
+  # "botocore" = super.buildPythonPackage rec {
+  #   pname = "botocore";
+  #   version = "1.29.18";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/cc/13/fcc5221a782f81b07aeb5fca676e07a2a2f2b250804763c89d1a66a17395/botocore-1.29.18-py3-none-any.whl";
+  #     sha256 = "14ir4ydx13f45w22g9f10wrq8yidbscg54yg28x6vb3f7d1l9fia";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [
+  #     self."jmespath"
+  #     self."python-dateutil"
+  #     self."urllib3"
+  #   ];
+  # };
+  # "constantly" = super.buildPythonPackage rec {
+  #   pname = "constantly";
+  #   version = "15.1.0";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/b9/65/48c1909d0c0aeae6c10213340ce682db01b48ea900a7d9fce7a7910ff318/constantly-15.1.0-py2.py3-none-any.whl";
+  #     sha256 = "0pbwnc78hi3y7gizcjrqdqbslij0fcyjjxnxszq866m5n7bajbyx";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [];
+  # };
+  "humanize" = super.buildPythonPackage rec {
+    pname = "humanize";
+    version = "0.5.1";
+    src = fetchurl {
+      url = "https://files.pythonhosted.org/packages/8c/e0/e512e4ac6d091fc990bbe13f9e0378f34cf6eecd1c6c268c9e598dcf5bb9/humanize-0.5.1.tar.gz";
+      sha256 = "06dvhm3k8lf2rayn1gxbd46y0fy1db26m3h9vrq7rb1ib08mfgx4";
+    };
+    format = "setuptools";
+    doCheck = false;
+    buildInputs = [];
+    checkInputs = [];
+    nativeBuildInputs = [];
+    propagatedBuildInputs = [];
+  };
+  # "hyperlink" = super.buildPythonPackage rec {
+  #   pname = "hyperlink";
+  #   version = "21.0.0";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/6e/aa/8caf6a0a3e62863cbb9dab27135660acba46903b703e224f14f447e57934/hyperlink-21.0.0-py2.py3-none-any.whl";
+  #     sha256 = "1d7ibbr81vglky0kynswi2dbagwgrk1b9kbqgp3qjgmpxhvlrcg6";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [
+  #     self."idna"
+  #   ];
+  # };
+  # "idna" = super.buildPythonPackage rec {
+  #   pname = "idna";
+  #   version = "3.4";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/fc/34/3030de6f1370931b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl";
+  #     sha256 = "1hn54ps4kgv2fmyvfaks38sgrvjc1cn4834sh7gadsx3x9wpxdwh";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [];
+  # };
+  # "incremental" = super.buildPythonPackage rec {
+  #   pname = "incremental";
+  #   version = "22.10.0";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/77/51/8073577012492fcd15628e811db585f447c500fa407e944ab3a18ec55fb7/incremental-22.10.0-py2.py3-none-any.whl";
+  #     sha256 = "0l9yiml04ri84z7wm5ckig1ak2pyp1hsfd98mk2p5vl513rs2r5q";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [];
+  # };
+  # "jmespath" = super.buildPythonPackage rec {
+  #   pname = "jmespath";
+  #   version = "1.0.1";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/31/b4/b9b800c45527aadd64d5b442f9b932b00648617eb5d63d2c7a6587b7cafc/jmespath-1.0.1-py3-none-any.whl";
+  #     sha256 = "10194nk0641vz2kpy442dsgdv44ia43zksrf6f4apg5mf76f9qh2";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [];
+  # };
+  # "psycopg2" = super.buildPythonPackage rec {
+  #   pname = "psycopg2";
+  #   version = "2.9.5";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/89/d6/cd8c46417e0f7a16b4b0fc321f4ab676a59250d08fce5b64921897fb07cc/psycopg2-2.9.5.tar.gz";
+  #     sha256 = "0ni4kq6p7hbkm2qsky998q36q5gq5if4nwd8hwhjx5rsd0p6s955";
+  #   };
+  #   format = "setuptools";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [ pkgs.postgresql ];
+  #   propagatedBuildInputs = [];
+  # };
+  # "python-dateutil" = super.buildPythonPackage rec {
+  #   pname = "python-dateutil";
+  #   version = "2.8.2";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/36/7a/87837f39d0296e723bb9b62bbb257d0355c7f6128853c78955f57342a56d/python_dateutil-2.8.2-py2.py3-none-any.whl";
+  #     sha256 = "1aaxjfp4lrz8c6qls3vdhw554lan3khy9afyvdcvrssk6kf067cn";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [
+  #     self."six"
+  #   ];
+  # };
+  # "s3transfer" = super.buildPythonPackage rec {
+  #   pname = "s3transfer";
+  #   version = "0.6.0";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/5e/c6/af903b5fab3f9b5b1e883f49a770066314c6dcceb589cf938d48c89556c1/s3transfer-0.6.0-py3-none-any.whl";
+  #     sha256 = "1kayip95pym87m33l4s7fq5h8aa4kb11ynpjnkqn2px1yds6n5q6";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [
+  #     self."botocore"
+  #   ];
+  # };
+  # "six" = super.buildPythonPackage rec {
+  #   pname = "six";
+  #   version = "1.16.0";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl";
+  #     sha256 = "0m02dsi8lvrjf4bi20ab6lm7rr6krz7pg6lzk3xjs2l9hqfjzfwa";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [];
+  # };
+  "synapse-s3-storage-provider" = super.buildPythonPackage rec {
+    pname = "synapse-s3-storage-provider";
+    version = "1.1.2";
+    src = fetchurl {
+      url = "https://github.com/matrix-org/synapse-s3-storage-provider/archive/refs/tags/v1.1.2.zip";
+      sha256 = "0xd5icfvnvdd3qadlsmqvj2qjm6rsvk1vbpiycdc7ypr9dp7x9z8";
+    };
+    format = "setuptools";
+    doCheck = false;
+    buildInputs = [];
+    checkInputs = [];
+    nativeBuildInputs = [
+      pkgs."unzip"
+    ];
+    propagatedBuildInputs = [
+      self."pyyaml"
+      self."twisted" # Twisted
+      self."boto3"
+      self."botocore"
+      self."humanize"
+      self."psycopg2"
+      self."tqdm"
+    ];
+  };
+  # "tqdm" = super.buildPythonPackage rec {
+  #   pname = "tqdm";
+  #   version = "4.64.1";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/47/bb/849011636c4da2e44f1253cd927cfb20ada4374d8b3a4e425416e84900cc/tqdm-4.64.1-py2.py3-none-any.whl";
+  #     sha256 = "18d68ickjbf5jb73aqvj0722p0r2kj14rwb5ik3b3lgwdw6idvkg";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [];
+  # };
+  #"typing-extensions" = super.buildPythonPackage rec {
+  #  pname = "typing-extensions";
+  #  version = "4.4.0";
+  #  src = fetchurl {
+  #    url = "https://files.pythonhosted.org/packages/0b/8e/f1a0a5a76cfef77e1eb6004cb49e5f8d72634da638420b9ea492ce8305e8/typing_extensions-4.4.0-py3-none-any.whl";
+  #    sha256 = "17j8jbywq5cjgh6354wyh9y47cvrbyw1hqj9xhsmsrcg81j4iyhn";
+  #  };
+  #  format = "wheel";
+  #  doCheck = false;
+  #  buildInputs = [];
+  #  checkInputs = [];
+  #  nativeBuildInputs = [];
+  #  propagatedBuildInputs = [];
+  #};
+  # "urllib3" = super.buildPythonPackage rec {
+  #   pname = "urllib3";
+  #   version = "1.26.13";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/65/0c/cc6644eaa594585e5875f46f3c83ee8762b647b51fc5b0fb253a242df2dc/urllib3-1.26.13-py2.py3-none-any.whl";
+  #     sha256 = "1z21pgc451h1qcx1g74wnmj4wddswxh9p06m5vkwj2dakbchbk27";
+  #   };
+  #   format = "wheel";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [];
+  # };
+  # "zope.interface" = super.buildPythonPackage rec {
+  #   pname = "zope.interface";
+  #   version = "5.5.2";
+  #   src = fetchurl {
+  #     url = "https://files.pythonhosted.org/packages/38/6f/fbfb7dde38be7e5644bb342c4c7cdc444cd5e2ffbd70d091263b3858a8cb/zope.interface-5.5.2.tar.gz";
+  #     sha256 = "0wg6vicx14bkmvfy19dcz5ch5apklywgaj73k6a82hr1yqzizvmz";
+  #   };
+  #   format = "setuptools";
+  #   doCheck = false;
+  #   buildInputs = [];
+  #   checkInputs = [];
+  #   nativeBuildInputs = [];
+  #   propagatedBuildInputs = [
+  #     self."setuptools"
+  #   ];
+  # };
+}