mirror of
https://git.sr.ht/~magic_rb/cluster
synced 2024-11-24 17:16:15 +01:00
28a55269d3
Signed-off-by: main <magic_rb@redalder.org>
325 lines
6.5 KiB
HCL
325 lines
6.5 KiB
HCL
variable "flake_ref" {
|
|
type = string
|
|
}
|
|
|
|
variable "flake_sha" {
|
|
type = string
|
|
}
|
|
|
|
job "matrix" {
|
|
datacenters = [ "homelab-1" ]
|
|
type = "service"
|
|
|
|
group "mautrix-facebook" {
|
|
count = 1
|
|
|
|
volume "matrix-mautrix-facebook" {
|
|
type = "csi"
|
|
source = "matrix-mautrix-facebook"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "single-node-writer"
|
|
}
|
|
|
|
volume "matrix-registrations" {
|
|
type = "csi"
|
|
source = "matrix-registrations"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "multi-node-multi-writer"
|
|
}
|
|
|
|
restart {
|
|
attempts = 5
|
|
delay = "5s"
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "matrix-mautrix-facebook"
|
|
port = "29319"
|
|
|
|
# check {
|
|
# type = "http"
|
|
# address_mode = "alloc"
|
|
# path = "/public"
|
|
# port = "29319"
|
|
# interval = "2s"
|
|
# timeout = "2s"
|
|
# }
|
|
|
|
connect {
|
|
sidecar_service {}
|
|
}
|
|
}
|
|
|
|
task "mautrix-facebook" {
|
|
driver = "docker"
|
|
|
|
volume_mount {
|
|
volume = "matrix-mautrix-facebook"
|
|
destination = "/var/lib/mautrix-facebook"
|
|
read_only = false
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "matrix-registrations"
|
|
destination = "/var/lib/registrations"
|
|
read_only = false
|
|
}
|
|
|
|
config {
|
|
nix_flake_ref = "${var.flake_ref}#nixngSystems.mautrix-facebook.config.system.build.toplevel"
|
|
nix_flake_sha = var.flake_sha
|
|
entrypoint = [ "init" ]
|
|
}
|
|
|
|
vault {
|
|
policies = ["matrix-mautrix-facebook-policy"]
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
{{ with secret "kv/data/matrix/mautrix-facebook" }}
|
|
MAUTRIX_FACEBOOK_APPSERVICE_AS_TOKEN={{ .Data.data.as_token }}
|
|
MAUTRIX_FACEBOOK_APPSERVICE_HS_TOKEN={{ .Data.data.hs_token }}
|
|
{{ end }}
|
|
EOF
|
|
destination = "secrets/environment"
|
|
env = true
|
|
}
|
|
|
|
resources {
|
|
cpu = 256
|
|
memory = 256
|
|
}
|
|
}
|
|
}
|
|
|
|
group "heisenbridge" {
|
|
count = 1
|
|
|
|
volume "matrix-registrations" {
|
|
type = "csi"
|
|
source = "matrix-registrations"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "multi-node-multi-writer"
|
|
}
|
|
|
|
restart {
|
|
attempts = 5
|
|
delay = "5s"
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "matrix-heisenbridge"
|
|
port = "9898"
|
|
|
|
connect {
|
|
sidecar_service {}
|
|
}
|
|
}
|
|
|
|
task "heisenbridge" {
|
|
driver = "docker"
|
|
|
|
volume_mount {
|
|
volume = "matrix-registrations"
|
|
destination = "/var/lib/registrations"
|
|
read_only = false
|
|
}
|
|
|
|
config {
|
|
nix_flake_ref = "${var.flake_ref}#nixngSystems.heisenbridge.config.system.build.toplevel"
|
|
nix_flake_sha = var.flake_sha
|
|
entrypoint = [ "init" ]
|
|
}
|
|
|
|
resources {
|
|
cpu = 128
|
|
memory = 128
|
|
}
|
|
}
|
|
}
|
|
|
|
group "synapse" {
|
|
count = 1
|
|
|
|
volume "matrix-synapse" {
|
|
type = "csi"
|
|
source = "matrix-synapse"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "single-node-writer"
|
|
}
|
|
|
|
volume "matrix-postgresql" {
|
|
type = "csi"
|
|
source = "matrix-postgresql"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "single-node-writer"
|
|
}
|
|
|
|
volume "matrix-registrations" {
|
|
type = "csi"
|
|
source = "matrix-registrations"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "multi-node-multi-writer"
|
|
}
|
|
|
|
restart {
|
|
attempts = 5
|
|
delay = "5s"
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "matrix-synapse"
|
|
port = "6167"
|
|
|
|
check {
|
|
type = "http"
|
|
address_mode = "alloc"
|
|
path = "/_matrix/client/versions"
|
|
port = "6167"
|
|
interval = "2s"
|
|
timeout = "2s"
|
|
}
|
|
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
upstreams {
|
|
destination_name = "matrix-mautrix-facebook"
|
|
local_bind_port = 29319
|
|
}
|
|
|
|
upstreams {
|
|
destination_name = "matrix-heisenbridge"
|
|
local_bind_port = 9898
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
task "postgresql" {
|
|
driver = "docker"
|
|
|
|
volume_mount {
|
|
volume = "matrix-postgresql"
|
|
destination = "/var/lib/postgresql"
|
|
read_only = false
|
|
}
|
|
|
|
config {
|
|
nix_flake_ref = "${var.flake_ref}#nixngSystems.conduitPostgresql.config.system.build.toplevel"
|
|
nix_flake_sha = var.flake_sha
|
|
entrypoint = [ "init" ]
|
|
}
|
|
|
|
resources {
|
|
cpu = 500
|
|
memory = 128
|
|
memory_max = 256
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
alter user synapse with encrypted password '{{ with secret "kv/data/matrix/synapse" }}{{ .Data.data.pgpass }}{{ end }}';
|
|
\c synapse;
|
|
SELECT setval('application_services_txn_id_seq', (
|
|
SELECT GREATEST(MAX(txn_id), 0) FROM application_services_txns
|
|
));
|
|
EOF
|
|
destination = "secrets/init.sql"
|
|
}
|
|
|
|
vault {
|
|
policies = ["matrix-synapse-policy"]
|
|
}
|
|
}
|
|
|
|
task "synapse" {
|
|
driver = "docker"
|
|
|
|
volume_mount {
|
|
volume = "matrix-synapse"
|
|
destination = "/var/lib/synapse"
|
|
read_only = false
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "matrix-registrations"
|
|
destination = "/var/lib/registrations"
|
|
read_only = false
|
|
}
|
|
|
|
config {
|
|
nix_flake_ref = "${var.flake_ref}#nixngSystems.conduit.config.system.build.toplevel"
|
|
nix_flake_sha = var.flake_sha
|
|
entrypoint = [ "init" ]
|
|
}
|
|
|
|
resources {
|
|
cpu = 2048
|
|
memory = 2048
|
|
}
|
|
|
|
vault {
|
|
policies = ["matrix-synapse-policy"]
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
{{ with secret "kv/data/matrix/synapse" }}
|
|
PSQL_PASSWORD={{ .Data.data.pgpass }}
|
|
{{ end }}
|
|
EOF
|
|
destination = "secrets/environment"
|
|
env = true
|
|
perms = "400"
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
{{ with secret "kv/data/matrix/synapse" }}
|
|
registration_shared_secret: "{{ .Data.data.registration_shared_secret }}"
|
|
macaroon_secret_key: "{{ .Data.data.macaroon_secret_key }}"
|
|
form_secret: "{{ .Data.data.form_secret }}"
|
|
database:
|
|
name: "psycopg2"
|
|
args:
|
|
user: "synapse"
|
|
password: "{{ .Data.data.pgpass }}"
|
|
database: "synapse"
|
|
host: "127.0.0.1"
|
|
cp_min: 5
|
|
cp_max: 10
|
|
{{ end }}
|
|
EOF
|
|
destination = "/secrets/extra.yaml"
|
|
}
|
|
}
|
|
}
|
|
}
|