dotfiles/terranix/containers/matrix/matrix-mautrix-signal.hcl

129 lines
2.6 KiB
HCL
Raw Normal View History

variable "flake_ref" {
type = string
}
variable "flake_sha" {
type = string
}
job "matrix-mautrix-signal" {
datacenters = [ "homelab-1" ]
type = "service"
group "mautrix-signal" {
count = 1
volume "matrix-mautrix-signal" {
type = "csi"
source = "matrix-mautrix-signal"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
volume "matrix-signald" {
type = "csi"
source = "matrix-signald"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
volume "matrix-registrations" {
type = "csi"
source = "matrix-registrations"
read_only = false
attachment_mode = "file-system"
access_mode = "multi-node-multi-writer"
}
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
}
service {
name = "matrix-mautrix-signal"
port = "29328"
# check {
# type = "http"
# address_mode = "alloc"
# path = "/public"
# port = "29319"
# interval = "2s"
# timeout = "2s"
# }
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "matrix-postgresql"
local_bind_port = 5432
}
}
}
}
}
task "mautrix-signal" {
driver = "docker"
volume_mount {
volume = "matrix-mautrix-signal"
destination = "/var/lib/mautrix-signal"
read_only = false
}
volume_mount {
volume = "matrix-signald"
destination = "/var/lib/signald"
read_only = false
}
volume_mount {
volume = "matrix-registrations"
destination = "/var/lib/registrations"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.mautrix-signal.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
vault {
policies = ["matrix-mautrix-signal-policy"]
}
template {
data = <<EOF
{{ with secret "kv/data/cluster/matrix/mautrix-signal/main" }}
MAUTRIX_SIGNAL_APPSERVICE_AS_TOKEN={{ .Data.data.as_token }}
MAUTRIX_SIGNAL_APPSERVICE_HS_TOKEN={{ .Data.data.hs_token }}
{{ end }}
{{ with secret "kv/data/cluster/matrix/mautrix-signal/postgresql" }}
PGPASSWORD={{ .Data.data.pgpass }}
{{ end }}
EOF
destination = "secrets/environment"
env = true
}
resources {
cpu = 256
memory = 256
}
}
}
}