diff --git a/terranix/containers/syncthing/default.nix b/terranix/containers/syncthing/default.nix new file mode 100644 index 0000000..e0c5dfe --- /dev/null +++ b/terranix/containers/syncthing/default.nix @@ -0,0 +1,46 @@ +{ pkgs, elib, ... }: +let + inherit (elib) + nfsVolume + nomadJob; + + sharePrefix = "/mnt/kyle/infrastructure/syncthing"; + + flake_host = ""; + flake_rev = ""; + flake_ref = ""; + flake_sha = ""; +in +{ + resource."nomad_volume"."syncthing-data" = nfsVolume { + access_mode = "single-node-writer"; + volume_name = "syncthing-data"; + server = "blowhole.hosts.in.redalder.org"; + share = sharePrefix + "/data"; + mount_flags = [ "hard" "vers=4.2" "rsize=131072" "wsize=131072" "async" ]; + }; + + resource."nomad_volume"."syncthing-storage" = nfsVolume { + access_mode = "single-node-writer"; + volume_name = "syncthing-storage"; + server = "blowhole.hosts.in.redalder.org"; + share = sharePrefix + "/data"; + mount_flags = [ "hard" "vers=4.2" "rsize=131072" "wsize=131072" "async" ]; + }; + + resource."nomad_volume"."syncthing-config" = nfsVolume { + access_mode = "single-node-writer"; + volume_name = "syncthing-config"; + server = "blowhole.hosts.in.redalder.org"; + share = sharePrefix + "/data"; + mount_flags = [ "hard" "vers=4.2" "rsize=131072" "wsize=131072" "async" ]; + }; + + resource."nomad_job"."syncthing" = nomadJob { + jobspec = ./job.hcl; + vars = { + flake_ref = "${flake_host}?rev=${flake_rev}&ref=${flake_ref}"; + flake_sha = flake_sha; + }; + }; +} diff --git a/terranix/containers/syncthing/job.hcl b/terranix/containers/syncthing/job.hcl new file mode 100644 index 0000000..2653e8b --- /dev/null +++ b/terranix/containers/syncthing/job.hcl @@ -0,0 +1,109 @@ +variable "flake_ref" { + type = string +} + +variable "flake_sha" { + type = string +} + +job "syncthing" { + datacenters = [ "homelab-1" ] + type = "service" + + group "syncthing" { + count = 1 + + volume "syncthing-data" { + type = "csi" + source = "syncthing-data" + read_only = false + + attachment_mode = "file-system" + access_mode = "single-node-writer" + } + + volume "syncthing-config" { + type = "csi" + source = "syncthing-config" + read_only = false + + attachment_mode = "file-system" + access_mode = "single-node-writer" + } + + volume "syncthing-storage" { + type = "csi" + source = "syncthing-storage" + read_only = false + + attachment_mode = "file-system" + access_mode = "single-node-writer" + } + + network { + mode = "bridge" + } + + service { + name = "syncthing" + port = "8384" + + ## Syncthing with auth returns 402: Unauthorized and Nomad interprets it as + ## service failure. + # check { + # type = "http" + # address_mode = "alloc" + # path = "/" + # port = "8384" + # interval = "10s" + # timeout = "10s" + # } + + connect { + sidecar_service {} + + sidecar_task { + resources { + cpu = 75 + memory = 48 + memory_max = 96 + } + } + } + } + + task "syncthing" { + driver = "docker" + + config { + nix_flake_ref = "\\\\${var.flake_ref}#nixngSystems.syncthing.config.system.build.toplevel" + nix_flake_sha = var.flake_sha + entrypoint = [ "init" ] + } + + resources { + cpu = 512 + memory = 512 + memory_max = 1024 + } + + volume_mount { + volume = "syncthing-data" + destination = "/var/syncthing/data" + read_only = false + } + + volume_mount { + volume = "syncthing-config" + destination = "/var/syncthing/config" + read_only = false + } + + volume_mount { + volume = "syncthing-storage" + destination = "/var/syncthing/storage" + read_only = false + } + } + } +}