diff --git a/terranix/containers/matrix/default.nix b/terranix/containers/matrix/default.nix new file mode 100644 index 0000000..bb634bf --- /dev/null +++ b/terranix/containers/matrix/default.nix @@ -0,0 +1,183 @@ +{ config, elib, ... }: +let + inherit (elib) + nfsVolume + nomadJob; + + flake_host = ""; + flake_sha = ""; + flake_ref = ""; + flake_rev= ""; +in +{ + resource."nomad_volume"."matrix-synapse" = nfsVolume { + volume_name = "matrix-synapse"; + access_mode = "multi-node-multi-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/mnt/kyle/infrastructure/matrix/synapse"; + mount_flags = [ "hard" "vers=4.2" "rsize=16384" "wsize=16384" "async" ]; + }; + + resource."nomad_volume"."matrix-postgresql" = nfsVolume { + volume_name = "matrix-postgresql"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/mnt/kyle/infrastructure/matrix/postgresql"; + mount_flags = [ "hard" "vers=4.2" "rsize=16384" "wsize=16384" "async" ]; + }; + + resource."nomad_volume"."matrix-registrations" = nfsVolume { + volume_name = "matrix-registrations"; + access_mode = "multi-node-multi-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/mnt/kyle/infrastructure/matrix/registrations"; + mount_flags = [ "hard" "vers=4.2" "rsize=16384" "wsize=16384" "async" ]; + }; + + resource."nomad_volume"."matrix-mautrix-discord" = nfsVolume { + volume_name = "matrix-mautrix-discord"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/mnt/kyle/infrastructure/matrix/mautrix-discord"; + mount_flags = [ "hard" "vers=4.2" "rsize=16384" "wsize=16384" "async" ]; + }; + + resource."nomad_volume"."matrix-mautrix-facebook" = nfsVolume { + volume_name = "matrix-mautrix-facebook"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/mnt/kyle/infrastructure/matrix/mautrix-facebook"; + mount_flags = [ "hard" "vers=4.2" "rsize=16384" "wsize=16384" "async" ]; + }; + + resource."nomad_volume"."matrix-mautrix-signal" = nfsVolume { + volume_name = "matrix-mautrix-signal"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/mnt/kyle/infrastructure/matrix/mautrix-signal"; + mount_flags = [ "hard" "vers=4.2" "rsize=16384" "wsize=16384" "async" ]; + }; + + resource."nomad_volume"."matrix-signald" = nfsVolume { + volume_name = "matrix-signald"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/mnt/kyle/infrastructure/matrix/signald"; + mount_flags = [ "hard" "vers=4.2" "rsize=16384" "wsize=16384" "async" ]; + }; + + resource."nomad_volume"."matrix-redis" = nfsVolume { + volume_name = "matrix-redis"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/mnt/kyle/infrastructure/matrix/redis"; + mount_flags = [ "hard" "vers=4.2" "rsize=16384" "wsize=16384" "async" ]; + }; + + resource."vault_policy"."matrix-mautrix-signal-policy" = { + name = "matrix-mautrix-signal-policy"; + policy = '' + path "kv/data/cluster/matrix/mautrix-signal/main" { + capabilities = ["read"] + } + path "kv/data/cluster/matrix/mautrix-signal/postgresql" { + capabilities = ["read"] + } + ''; + }; + + resource."vault_policy"."matrix-mautrix-discord-policy" = { + name = "matrix-mautrix-discord-policy"; + policy = '' + path "kv/data/cluster/matrix/mautrix-discord/main" { + capabilities = ["read"] + } + path "kv/data/cluster/matrix/mautrix-discord/postgresql" { + capabilities = ["read"] + } + ''; + }; + + resource."vault_policy"."matrix-mautrix-facebook-policy" = { + name = "matrix-mautrix-facebook-policy"; + policy = '' + path "kv/data/cluster/matrix/mautrix-facebook/main" { + capabilities = ["read"] + } + path "kv/data/cluster/matrix/mautrix-facebook/postgresql" { + capabilities = ["read"] + } + ''; + }; + + resource."vault_policy"."matrix-synapse-policy" = { + name = "matrix-synapse-policy"; + policy = '' + path "kv/data/cluster/matrix/synapse" { + capabilities = ["read"] + } + ''; + }; + + resource."vault_policy"."matrix-postgresql-policy" = { + name = "matrix-postgresql-policy"; + policy = '' + path "kv/data/cluster/matrix/synapse" { + capabilities = ["read"] + } + + path "kv/data/cluster/matrix/mautrix-facebook/postgresql" { + capabilities = ["read"] + } + + path "kv/data/cluster/matrix/mautrix-signal/postgresql" { + capabilities = ["read"] + } + + path "kv/data/cluster/matrix/mautrix-discord/postgresql" { + capabilities = ["read"] + } + ''; + }; + + resource."nomad_job"."matrix-synapse" = nomadJob { + jobspec = ./matrix-synapse.hcl; + vars = { + flake_ref = "${flake_host}?ref=${flake_ref}&rev=${flake_rev}"; + flake_sha = flake_sha; + }; + }; + + resource."nomad_job"."matrix-mautrix-discord" = nomadJob { + jobspec = ./matrix-mautrix-discord.hcl; + vars = { + flake_ref = "${flake_host}?ref=${flake_ref}&rev=${flake_rev}"; + flake_sha = flake_sha; + }; + }; + + resource."nomad_job"."matrix-mautrix-facebook" = nomadJob { + jobspec = ./matrix-mautrix-facebook.hcl; + vars = { + flake_ref = "${flake_host}?ref=${flake_ref}&rev=${flake_rev}"; + flake_sha = flake_sha; + }; + }; + + resource."nomad_job"."matrix-mautrix-signal" = nomadJob { + jobspec = ./matrix-mautrix-signal.hcl; + vars = { + flake_ref = "${flake_host}?ref=${flake_ref}&rev=${flake_rev}"; + flake_sha = flake_sha; + }; + }; + + resource."nomad_job"."matrix-heisenbridge" = nomadJob { + jobspec = ./matrix-heisenbridge.hcl; + + vars = { + flake_ref = "${flake_host}?ref=${flake_ref}&rev=${flake_rev}"; + flake_sha = flake_sha; + }; + }; +} diff --git a/terranix/containers/matrix/matrix-heisenbridge.hcl b/terranix/containers/matrix/matrix-heisenbridge.hcl new file mode 100644 index 0000000..a092228 --- /dev/null +++ b/terranix/containers/matrix/matrix-heisenbridge.hcl @@ -0,0 +1,64 @@ +variable "flake_ref" { + type = string +} + +variable "flake_sha" { + type = string +} + +job "matrix-heisenbridge" { + datacenters = [ "homelab-1" ] + type = "service" + + group "heisenbridge" { + count = 1 + + volume "matrix-registrations" { + type = "csi" + source = "matrix-registrations" + read_only = false + + attachment_mode = "file-system" + access_mode = "multi-node-multi-writer" + } + + restart { + attempts = 5 + delay = "5s" + } + + network { + mode = "bridge" + } + + service { + name = "matrix-heisenbridge" + port = "9898" + + connect { + sidecar_service {} + } + } + + task "heisenbridge" { + driver = "docker" + + volume_mount { + volume = "matrix-registrations" + destination = "/var/lib/registrations" + read_only = false + } + + config { + nix_flake_ref = "${var.flake_ref}#nixngSystems.heisenbridge.config.system.build.toplevel" + nix_flake_sha = var.flake_sha + entrypoint = [ "init" ] + } + + resources { + cpu = 128 + memory = 128 + } + } + } +} diff --git a/terranix/containers/matrix/matrix-mautrix-discord.hcl b/terranix/containers/matrix/matrix-mautrix-discord.hcl new file mode 100644 index 0000000..2c4835f --- /dev/null +++ b/terranix/containers/matrix/matrix-mautrix-discord.hcl @@ -0,0 +1,113 @@ +variable "flake_ref" { + type = string +} + +variable "flake_sha" { + type = string +} + +job "matrix-mautrix-discord" { + datacenters = [ "homelab-1" ] + type = "service" + + group "mautrix-discord" { + count = 1 + + volume "matrix-mautrix-discord" { + type = "csi" + source = "matrix-mautrix-discord" + read_only = false + + attachment_mode = "file-system" + access_mode = "single-node-writer" + } + + volume "matrix-registrations" { + type = "csi" + source = "matrix-registrations" + read_only = false + + attachment_mode = "file-system" + access_mode = "multi-node-multi-writer" + } + + restart { + attempts = 5 + delay = "5s" + } + + network { + mode = "bridge" + } + + service { + name = "matrix-mautrix-discord" + port = "29334" + + # check { + # type = "http" + # address_mode = "alloc" + # path = "/public" + # port = "29319" + # interval = "2s" + # timeout = "2s" + # } + + connect { + sidecar_service { + proxy { + upstreams { + destination_name = "matrix-postgresql" + local_bind_port = 5432 + } + } + } + } + } + + task "mautrix-discord" { + driver = "docker" + + volume_mount { + volume = "matrix-mautrix-discord" + destination = "/var/lib/mautrix-discord" + read_only = false + } + + volume_mount { + volume = "matrix-registrations" + destination = "/var/lib/registrations" + read_only = false + } + + config { + nix_flake_ref = "${var.flake_ref}#nixngSystems.mautrix-discord.config.system.build.toplevel" + nix_flake_sha = var.flake_sha + entrypoint = [ "init" ] + } + + vault { + policies = ["matrix-mautrix-discord-policy"] + } + + template { + data = <