2022-11-29 20:19:57 +00:00
|
|
|
job "im" {
|
|
|
|
datacenters = ["neptune"]
|
|
|
|
type = "service"
|
|
|
|
|
|
|
|
group "synapse" {
|
|
|
|
count = 1
|
|
|
|
|
|
|
|
network {
|
|
|
|
port "http" {
|
2022-11-29 21:02:21 +00:00
|
|
|
static = 8008
|
2022-11-29 20:19:57 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ephemeral_disk {
|
|
|
|
size = 10000
|
|
|
|
}
|
|
|
|
|
|
|
|
restart {
|
|
|
|
attempts = 10
|
|
|
|
delay = "30s"
|
|
|
|
}
|
|
|
|
|
|
|
|
task "restore-db" {
|
|
|
|
lifecycle {
|
|
|
|
hook = "prestart"
|
|
|
|
sidecar = false
|
|
|
|
}
|
|
|
|
|
|
|
|
driver = "nix2"
|
|
|
|
config {
|
|
|
|
packages = [
|
|
|
|
"#litestream"
|
|
|
|
]
|
|
|
|
command = "litestream"
|
|
|
|
args = [
|
2024-01-22 22:21:26 +00:00
|
|
|
"restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db"
|
2022-11-29 20:19:57 +00:00
|
|
|
]
|
|
|
|
bind = {
|
|
|
|
"../alloc/data" = "/ephemeral",
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = file("../config/litestream.yml")
|
2022-12-01 16:35:19 +00:00
|
|
|
destination = "etc/litestream.yml"
|
2022-11-29 20:19:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
|
|
|
memory = 100
|
2022-11-30 09:04:42 +00:00
|
|
|
memory_max = 500
|
2022-11-29 20:19:57 +00:00
|
|
|
cpu = 1000
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
task "synapse" {
|
|
|
|
driver = "nix2"
|
|
|
|
config {
|
2024-01-22 16:15:29 +00:00
|
|
|
nixpkgs = "github:nixos/nixpkgs/nixos-23.11"
|
2022-11-29 20:19:57 +00:00
|
|
|
packages = [
|
2022-11-29 21:02:21 +00:00
|
|
|
"#cacert",
|
|
|
|
"#bash",
|
|
|
|
"#coreutils",
|
2023-08-27 11:36:29 +00:00
|
|
|
"#sqlite",
|
2022-11-29 21:02:21 +00:00
|
|
|
".#synapse",
|
2022-11-29 20:19:57 +00:00
|
|
|
]
|
|
|
|
command = "synapse_homeserver"
|
|
|
|
args = [
|
|
|
|
"-n",
|
|
|
|
"-c", "/etc/matrix-synapse/homeserver.yaml"
|
|
|
|
]
|
|
|
|
bind = {
|
|
|
|
"./secrets" = "/etc/matrix-synapse",
|
|
|
|
"../alloc/data" = "/ephemeral",
|
|
|
|
}
|
|
|
|
}
|
2022-11-29 21:02:21 +00:00
|
|
|
env = {
|
|
|
|
SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
|
|
|
|
}
|
2022-11-29 20:19:57 +00:00
|
|
|
|
|
|
|
template {
|
|
|
|
data = file("flake.nix")
|
|
|
|
destination = "flake.nix"
|
|
|
|
}
|
|
|
|
template {
|
|
|
|
data = file("flake.lock")
|
|
|
|
destination = "flake.lock"
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = file("../config/homeserver.yaml")
|
|
|
|
destination = "secrets/homeserver.yaml"
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = file("../config/synapse.log.config.yaml")
|
|
|
|
destination = "secrets/synapse.log.config.yaml"
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = "{{ key \"secrets/synapse/signing_key\" }}"
|
|
|
|
destination = "secrets/signing_key"
|
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
|
|
|
memory = 2000
|
|
|
|
memory_max = 3000
|
|
|
|
cpu = 1000
|
|
|
|
}
|
|
|
|
|
|
|
|
service {
|
|
|
|
port = "http"
|
|
|
|
tags = [
|
|
|
|
"tricot matrix.home.adnab.me 100",
|
|
|
|
"tricot matrix.home.adnab.me:443 100",
|
|
|
|
"tricot-add-header Access-Control-Allow-Origin *",
|
|
|
|
]
|
|
|
|
check {
|
|
|
|
type = "http"
|
|
|
|
path = "/"
|
|
|
|
interval = "10s"
|
|
|
|
timeout = "2s"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
task "media-async-upload" {
|
2022-11-29 21:02:21 +00:00
|
|
|
driver = "nix2"
|
2022-11-29 20:19:57 +00:00
|
|
|
|
|
|
|
config {
|
2022-11-29 21:02:21 +00:00
|
|
|
packages = [
|
|
|
|
"#bash",
|
|
|
|
"#coreutils",
|
|
|
|
".#matrix_s3_async_sqlite",
|
2022-11-29 20:19:57 +00:00
|
|
|
]
|
2022-11-29 21:02:21 +00:00
|
|
|
command = "sh"
|
|
|
|
args = [
|
|
|
|
"-c",
|
|
|
|
"cd /ephemeral; matrix-s3-async-sqlite"
|
|
|
|
]
|
|
|
|
bind = {
|
|
|
|
"../alloc/data" = "/ephemeral",
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = file("flake.nix")
|
|
|
|
destination = "flake.nix"
|
|
|
|
}
|
|
|
|
template {
|
|
|
|
data = file("flake.lock")
|
|
|
|
destination = "flake.lock"
|
2022-11-29 20:19:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
|
|
|
cpu = 100
|
|
|
|
memory = 100
|
|
|
|
memory_max = 500
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOH
|
|
|
|
SYNAPSE_SQLITE_DB=/ephemeral/homeserver.db
|
|
|
|
SYNAPSE_MEDIA_STORE=/ephemeral/media_store
|
|
|
|
SYNAPSE_MEDIA_S3_BUCKET=synapse-data
|
|
|
|
AWS_ACCESS_KEY_ID={{ key "secrets/synapse/s3_access_key" | trimSpace }}
|
|
|
|
AWS_SECRET_ACCESS_KEY={{ key "secrets/synapse/s3_secret_key" | trimSpace }}
|
|
|
|
AWS_DEFAULT_REGION=garage-staging
|
|
|
|
S3_ENDPOINT=http://{{ env "attr.unique.network.ip-address" }}:3990
|
|
|
|
EOH
|
|
|
|
destination = "secrets/env"
|
|
|
|
env = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
task "replicate-db" {
|
|
|
|
driver = "nix2"
|
|
|
|
config {
|
|
|
|
packages = [
|
|
|
|
"#litestream"
|
|
|
|
]
|
|
|
|
command = "litestream"
|
|
|
|
args = [
|
|
|
|
"replicate", "-config", "/etc/litestream.yml"
|
|
|
|
]
|
|
|
|
bind = {
|
|
|
|
"../alloc/data" = "/ephemeral",
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = file("../config/litestream.yml")
|
2022-12-01 16:35:19 +00:00
|
|
|
destination = "etc/litestream.yml"
|
2022-11-29 20:19:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
2024-01-16 15:30:33 +00:00
|
|
|
memory = 500
|
|
|
|
memory_max = 500
|
2022-11-29 20:19:57 +00:00
|
|
|
cpu = 100
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|