cluster/nomad/regions/homelab-1/job/conduit.hcl
main 28a55269d3 Transfer Matrix Synapse to PostgreSQL from SQLite
Signed-off-by: main <magic_rb@redalder.org>
2022-10-30 14:21:04 +01:00

325 lines
6.5 KiB
HCL

variable "flake_ref" {
type = string
}
variable "flake_sha" {
type = string
}
job "matrix" {
datacenters = [ "homelab-1" ]
type = "service"
group "mautrix-facebook" {
count = 1
volume "matrix-mautrix-facebook" {
type = "csi"
source = "matrix-mautrix-facebook"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
volume "matrix-registrations" {
type = "csi"
source = "matrix-registrations"
read_only = false
attachment_mode = "file-system"
access_mode = "multi-node-multi-writer"
}
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
}
service {
name = "matrix-mautrix-facebook"
port = "29319"
# check {
# type = "http"
# address_mode = "alloc"
# path = "/public"
# port = "29319"
# interval = "2s"
# timeout = "2s"
# }
connect {
sidecar_service {}
}
}
task "mautrix-facebook" {
driver = "docker"
volume_mount {
volume = "matrix-mautrix-facebook"
destination = "/var/lib/mautrix-facebook"
read_only = false
}
volume_mount {
volume = "matrix-registrations"
destination = "/var/lib/registrations"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.mautrix-facebook.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
vault {
policies = ["matrix-mautrix-facebook-policy"]
}
template {
data = <<EOF
{{ with secret "kv/data/matrix/mautrix-facebook" }}
MAUTRIX_FACEBOOK_APPSERVICE_AS_TOKEN={{ .Data.data.as_token }}
MAUTRIX_FACEBOOK_APPSERVICE_HS_TOKEN={{ .Data.data.hs_token }}
{{ end }}
EOF
destination = "secrets/environment"
env = true
}
resources {
cpu = 256
memory = 256
}
}
}
group "heisenbridge" {
count = 1
volume "matrix-registrations" {
type = "csi"
source = "matrix-registrations"
read_only = false
attachment_mode = "file-system"
access_mode = "multi-node-multi-writer"
}
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
}
service {
name = "matrix-heisenbridge"
port = "9898"
connect {
sidecar_service {}
}
}
task "heisenbridge" {
driver = "docker"
volume_mount {
volume = "matrix-registrations"
destination = "/var/lib/registrations"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.heisenbridge.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 128
memory = 128
}
}
}
group "synapse" {
count = 1
volume "matrix-synapse" {
type = "csi"
source = "matrix-synapse"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
volume "matrix-postgresql" {
type = "csi"
source = "matrix-postgresql"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
volume "matrix-registrations" {
type = "csi"
source = "matrix-registrations"
read_only = false
attachment_mode = "file-system"
access_mode = "multi-node-multi-writer"
}
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
}
service {
name = "matrix-synapse"
port = "6167"
check {
type = "http"
address_mode = "alloc"
path = "/_matrix/client/versions"
port = "6167"
interval = "2s"
timeout = "2s"
}
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "matrix-mautrix-facebook"
local_bind_port = 29319
}
upstreams {
destination_name = "matrix-heisenbridge"
local_bind_port = 9898
}
}
}
}
}
task "postgresql" {
driver = "docker"
volume_mount {
volume = "matrix-postgresql"
destination = "/var/lib/postgresql"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.conduitPostgresql.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 500
memory = 128
memory_max = 256
}
template {
data = <<EOF
alter user synapse with encrypted password '{{ with secret "kv/data/matrix/synapse" }}{{ .Data.data.pgpass }}{{ end }}';
\c synapse;
SELECT setval('application_services_txn_id_seq', (
SELECT GREATEST(MAX(txn_id), 0) FROM application_services_txns
));
EOF
destination = "secrets/init.sql"
}
vault {
policies = ["matrix-synapse-policy"]
}
}
task "synapse" {
driver = "docker"
volume_mount {
volume = "matrix-synapse"
destination = "/var/lib/synapse"
read_only = false
}
volume_mount {
volume = "matrix-registrations"
destination = "/var/lib/registrations"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.conduit.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 2048
memory = 2048
}
vault {
policies = ["matrix-synapse-policy"]
}
template {
data = <<EOF
{{ with secret "kv/data/matrix/synapse" }}
PSQL_PASSWORD={{ .Data.data.pgpass }}
{{ end }}
EOF
destination = "secrets/environment"
env = true
perms = "400"
}
template {
data = <<EOF
{{ with secret "kv/data/matrix/synapse" }}
registration_shared_secret: "{{ .Data.data.registration_shared_secret }}"
macaroon_secret_key: "{{ .Data.data.macaroon_secret_key }}"
form_secret: "{{ .Data.data.form_secret }}"
database:
name: "psycopg2"
args:
user: "synapse"
password: "{{ .Data.data.pgpass }}"
database: "synapse"
host: "127.0.0.1"
cp_min: 5
cp_max: 10
{{ end }}
EOF
destination = "/secrets/extra.yaml"
}
}
}
}