forked from Deuxfleurs/nixcfg
165 lines
3.4 KiB
HCL
165 lines
3.4 KiB
HCL
job "im" {
|
|
datacenters = ["neptune"]
|
|
type = "service"
|
|
|
|
group "synapse" {
|
|
count = 1
|
|
|
|
network {
|
|
port "http" {
|
|
to = 8008
|
|
}
|
|
}
|
|
|
|
ephemeral_disk {
|
|
size = 10000
|
|
}
|
|
|
|
restart {
|
|
attempts = 10
|
|
delay = "30s"
|
|
}
|
|
|
|
task "restore-db" {
|
|
lifecycle {
|
|
hook = "prestart"
|
|
sidecar = false
|
|
}
|
|
|
|
driver = "docker"
|
|
config {
|
|
image = "litestream/litestream:0.3.7"
|
|
args = [
|
|
"restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db"
|
|
]
|
|
volumes = [
|
|
"../alloc/data:/ephemeral",
|
|
"secrets/litestream.yml:/etc/litestream.yml"
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = file("../config/litestream.yml")
|
|
destination = "secrets/litestream.yml"
|
|
}
|
|
|
|
resources {
|
|
memory = 200
|
|
cpu = 1000
|
|
}
|
|
}
|
|
|
|
task "synapse" {
|
|
driver = "docker"
|
|
config {
|
|
image = "lxpz/amd64_synapse:1.49.2-4"
|
|
ports = [ "http" ]
|
|
|
|
command = "python"
|
|
args = [
|
|
"-m", "synapse.app.homeserver",
|
|
"-n",
|
|
"-c", "/etc/matrix-synapse/homeserver.yaml"
|
|
]
|
|
|
|
volumes = [
|
|
"secrets:/etc/matrix-synapse",
|
|
"../alloc/data:/ephemeral",
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = file("../config/homeserver.yaml")
|
|
destination = "secrets/homeserver.yaml"
|
|
}
|
|
|
|
template {
|
|
data = file("../config/synapse.log.config.yaml")
|
|
destination = "secrets/synapse.log.config.yaml"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/synapse/signing_key\" }}"
|
|
destination = "secrets/signing_key"
|
|
}
|
|
|
|
resources {
|
|
memory = 2000
|
|
cpu = 1000
|
|
}
|
|
|
|
service {
|
|
port = "http"
|
|
tags = [
|
|
"tricot matrix.home.adnab.me 100",
|
|
"tricot matrix.home.adnab.me:443 100",
|
|
"tricot-add-header Access-Control-Allow-Origin *",
|
|
]
|
|
check {
|
|
type = "http"
|
|
path = "/"
|
|
interval = "10s"
|
|
timeout = "2s"
|
|
}
|
|
}
|
|
}
|
|
|
|
task "media-async-upload" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "lxpz/amd64_synapse:1.49.2-4"
|
|
readonly_rootfs = true
|
|
command = "/usr/local/bin/matrix-s3-async-sqlite"
|
|
work_dir = "/ephemeral"
|
|
volumes = [
|
|
"../alloc/data:/ephemeral",
|
|
]
|
|
}
|
|
|
|
resources {
|
|
cpu = 100
|
|
memory = 100
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
SYNAPSE_SQLITE_DB=/ephemeral/homeserver.db
|
|
SYNAPSE_MEDIA_STORE=/ephemeral/media_store
|
|
SYNAPSE_MEDIA_S3_BUCKET=synapse-data
|
|
AWS_ACCESS_KEY_ID={{ key "secrets/synapse/s3_access_key" | trimSpace }}
|
|
AWS_SECRET_ACCESS_KEY={{ key "secrets/synapse/s3_secret_key" | trimSpace }}
|
|
AWS_DEFAULT_REGION=garage-staging
|
|
S3_ENDPOINT=http://{{ env "attr.unique.network.ip-address" }}:3990
|
|
|
|
EOH
|
|
destination = "secrets/env"
|
|
env = true
|
|
}
|
|
}
|
|
|
|
task "replicate-db" {
|
|
driver = "docker"
|
|
config {
|
|
image = "litestream/litestream:0.3.7"
|
|
args = [
|
|
"replicate", "-config", "/etc/litestream.yml"
|
|
]
|
|
volumes = [
|
|
"../alloc/data:/ephemeral",
|
|
"secrets/litestream.yml:/etc/litestream.yml"
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = file("../config/litestream.yml")
|
|
destination = "secrets/litestream.yml"
|
|
}
|
|
|
|
resources {
|
|
memory = 250
|
|
cpu = 100
|
|
}
|
|
}
|
|
}
|
|
}
|