job "im" {
  datacenters = ["neptune"]
  type = "service"
  
  group "synapse" {
    count = 1

    network {
      port "http" {
        to = 8008
      }
    }

    ephemeral_disk {
      size    = 10000
    }

    restart {
      attempts = 10
      delay    = "30s"
    }

    constraint {
      attribute = "${attr.unique.hostname}"
      operator = "!="
      value = "caribou"
    }

    task "restore-db" {
      lifecycle {
        hook = "prestart"
        sidecar = false
      }

      driver = "nix2"
      config {
        packages = [
          "#litestream"
          ]
        command = "litestream"
        args = [
          "restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db", "-v"
        ]
        bind = {
          "../alloc/data" = "/ephemeral",
          "secrets/litestream.yml" = "/etc/litestream.yml"
        }
      }
      user = "root"

      template {
        data = file("../config/litestream.yml")
        destination = "secrets/litestream.yml"
      }

      resources {
        memory = 100
        memory_max = 1000
        cpu = 1000
      }
    }

    task "synapse" {
      driver = "nix2"
      config {
        nixpkgs = "github:nixos/nixpkgs/ce6aa13369b667ac2542593170993504932eb836"
        packages = [
          ".",
        ]
        command = "synapse_homeserver"
        args = [
          "-n",
          "-c", "/etc/matrix-synapse/homeserver.yaml"
        ]
        bind = {
          "./secrets" = "/etc/matrix-synapse",
          "../alloc/data" = "/ephemeral",
        }
      }
      user = "root"

      template {
        data = file("flake.nix")
        destination = "flake.nix"
      }
      template {
        data = file("python-packages.nix")
        destination = "python-packages.nix"
      }
      template {
        data = file("flake.lock")
        destination = "flake.lock"
      }

      template {
        data = file("../config/homeserver.yaml")
        destination = "secrets/homeserver.yaml"
      }

      template {
        data = file("../config/synapse.log.config.yaml")
        destination = "secrets/synapse.log.config.yaml"
      }

      template {
        data = "{{ key \"secrets/synapse/signing_key\" }}"
        destination = "secrets/signing_key"
      }

      resources {
        memory = 2000
        memory_max = 3000
        cpu = 1000
      }

      service {
        port = "http"
        tags = [
          "tricot matrix.home.adnab.me 100",
          "tricot matrix.home.adnab.me:443 100",
          "tricot-add-header Access-Control-Allow-Origin *",
        ]
        check {
          type = "http"
          path = "/"
          interval = "10s"
          timeout = "2s"
        }
      }
    }

    task "media-async-upload" {
      driver = "docker"

      config {
        image = "lxpz/amd64_synapse:1.49.2-4"
        readonly_rootfs = true
        command = "/usr/local/bin/matrix-s3-async-sqlite"
        work_dir = "/ephemeral"
        volumes = [
          "../alloc/data:/ephemeral",
        ]
      }

      resources {
        cpu = 100
        memory = 100
        memory_max = 500
      }

      template {
        data = <<EOH
SYNAPSE_SQLITE_DB=/ephemeral/homeserver.db
SYNAPSE_MEDIA_STORE=/ephemeral/media_store
SYNAPSE_MEDIA_S3_BUCKET=synapse-data
AWS_ACCESS_KEY_ID={{ key "secrets/synapse/s3_access_key" | trimSpace }}
AWS_SECRET_ACCESS_KEY={{ key "secrets/synapse/s3_secret_key" | trimSpace }}
AWS_DEFAULT_REGION=garage-staging
S3_ENDPOINT=http://{{ env "attr.unique.network.ip-address" }}:3990

EOH
        destination = "secrets/env"
        env = true
      }
    }

    task "replicate-db" {
      driver = "nix2"
      config {
        packages = [
          "#litestream"
        ]
        command = "litestream"
        args = [
          "replicate", "-config", "/etc/litestream.yml"
        ]
        bind = {
          "../alloc/data" = "/ephemeral",
          "secrets/litestream.yml" = "/etc/litestream.yml"
        }
      }
      user = "root"

      template {
        data = file("../config/litestream.yml")
        destination = "secrets/litestream.yml"
      }

      resources {
        memory = 200
        memory_max = 1000
        cpu = 100
      }
    }
  }
}