diff options
author | Alex Auvolat <alex@adnab.me> | 2022-11-29 21:19:57 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-11-29 21:19:57 +0100 |
commit | 55e407a3a431b9fc2a50f97076c17dda1f758045 (patch) | |
tree | 1134c3197f6f9cfe6f9d640b918ae4e5d38a0775 | |
parent | 4036a2d951fb239f8d29f9227bc94dfb942e5e6e (diff) | |
download | nixcfg-55e407a3a431b9fc2a50f97076c17dda1f758045.tar.gz nixcfg-55e407a3a431b9fc2a50f97076c17dda1f758045.zip |
First version of Matrix-synapse in Nix
-rw-r--r-- | cluster/staging/app/im/deploy/flake.lock | 27 | ||||
-rw-r--r-- | cluster/staging/app/im/deploy/flake.nix | 39 | ||||
-rw-r--r-- | cluster/staging/app/im/deploy/im-nix.hcl | 196 | ||||
-rw-r--r-- | cluster/staging/app/im/deploy/python-packages.nix | 338 |
4 files changed, 600 insertions, 0 deletions
diff --git a/cluster/staging/app/im/deploy/flake.lock b/cluster/staging/app/im/deploy/flake.lock new file mode 100644 index 0000000..bde4085 --- /dev/null +++ b/cluster/staging/app/im/deploy/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1669546925, + "narHash": "sha256-Gvtk9agz88tBgqmCdHl5U7gYttTkiuEd8/Rq1Im0pTg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/cluster/staging/app/im/deploy/flake.nix b/cluster/staging/app/im/deploy/flake.nix new file mode 100644 index 0000000..180e91b --- /dev/null +++ b/cluster/staging/app/im/deploy/flake.nix @@ -0,0 +1,39 @@ +{ + description = "Synapse packaging for Deuxfleurs"; + + # nixpkgs 22.05 at 2022-11-29 + inputs.nixpkgs.url = "github:nixos/nixpkgs/fecf05d4861f3985e8dee73f08bc82668ef75125"; + + outputs = { self, nixpkgs }: + let + pkgs = import nixpkgs { + system = "x86_64-linux"; + }; + pypkgsOverlay = import ./python-packages.nix { + inherit pkgs; + fetchurl = builtins.fetchurl; + fetchgit = pkgs.fetchgit; + fetchhg = pkgs.fetchhg; + }; + pkgs2 = import nixpkgs { + system = "x86_64-linux"; + overlays = [ + (self: super: { + python3 = super.python3.override { + self = self.python3; + packageOverrides = pypkgsOverlay; + }; + }) + ]; + }; + synapseWithS3 = pkgs2.matrix-synapse.overridePythonAttrs (old: rec { + propagatedBuildInputs = old.propagatedBuildInputs ++ [ + pkgs2.python3.pkgs.synapse-s3-storage-provider + ]; + }); + in + { + packages.x86_64-linux.default = synapseWithS3; + #packages.x86_64-linux.default = pkgs2.python3.pkgs.synapse-s3-storage-provider; + }; +} diff --git a/cluster/staging/app/im/deploy/im-nix.hcl b/cluster/staging/app/im/deploy/im-nix.hcl new file mode 100644 index 0000000..7f53136 --- /dev/null +++ b/cluster/staging/app/im/deploy/im-nix.hcl @@ -0,0 +1,196 @@ +job "im" { + datacenters = ["neptune"] + type = "service" + + group "synapse" { + count = 1 + + network { + port "http" { + to = 8008 + } + } + + ephemeral_disk { + size = 10000 + } + + restart { + attempts = 10 + delay = "30s" + } + + constraint { + attribute = "${attr.unique.hostname}" + operator = "!=" + value = "caribou" + } + + task "restore-db" { + lifecycle { + hook = "prestart" + sidecar = false + } + + driver = "nix2" + config { + packages = [ + "#litestream" + ] + command = "litestream" + args = [ + "restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db", "-v" + ] + bind = { + "../alloc/data" = "/ephemeral", + "secrets/litestream.yml" = "/etc/litestream.yml" + } + } + user = "root" + + template { + data = file("../config/litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 100 + memory_max = 1000 + cpu = 1000 + } + } + + task "synapse" { + driver = "nix2" + config { + nixpkgs = "github:nixos/nixpkgs/ce6aa13369b667ac2542593170993504932eb836" + packages = [ + ".", + ] + command = "synapse_homeserver" + args = [ + "-n", + "-c", "/etc/matrix-synapse/homeserver.yaml" + ] + bind = { + "./secrets" = "/etc/matrix-synapse", + "../alloc/data" = "/ephemeral", + } + } + user = "root" + + template { + data = file("flake.nix") + destination = "flake.nix" + } + template { + data = file("python-packages.nix") + destination = "python-packages.nix" + } + template { + data = file("flake.lock") + destination = "flake.lock" + } + + template { + data = file("../config/homeserver.yaml") + destination = "secrets/homeserver.yaml" + } + + template { + data = file("../config/synapse.log.config.yaml") + destination = "secrets/synapse.log.config.yaml" + } + + template { + data = "{{ key \"secrets/synapse/signing_key\" }}" + destination = "secrets/signing_key" + } + + resources { + memory = 2000 + memory_max = 3000 + cpu = 1000 + } + + service { + port = "http" + tags = [ + "tricot matrix.home.adnab.me 100", + "tricot matrix.home.adnab.me:443 100", + "tricot-add-header Access-Control-Allow-Origin *", + ] + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + } + } + + task "media-async-upload" { + driver = "docker" + + config { + image = "lxpz/amd64_synapse:1.49.2-4" + readonly_rootfs = true + command = "/usr/local/bin/matrix-s3-async-sqlite" + work_dir = "/ephemeral" + volumes = [ + "../alloc/data:/ephemeral", + ] + } + + resources { + cpu = 100 + memory = 100 + memory_max = 500 + } + + template { + data = <<EOH +SYNAPSE_SQLITE_DB=/ephemeral/homeserver.db +SYNAPSE_MEDIA_STORE=/ephemeral/media_store +SYNAPSE_MEDIA_S3_BUCKET=synapse-data +AWS_ACCESS_KEY_ID={{ key "secrets/synapse/s3_access_key" | trimSpace }} +AWS_SECRET_ACCESS_KEY={{ key "secrets/synapse/s3_secret_key" | trimSpace }} +AWS_DEFAULT_REGION=garage-staging +S3_ENDPOINT=http://{{ env "attr.unique.network.ip-address" }}:3990 + +EOH + destination = "secrets/env" + env = true + } + } + + task "replicate-db" { + driver = "nix2" + config { + packages = [ + "#litestream" + ] + command = "litestream" + args = [ + "replicate", "-config", "/etc/litestream.yml" + ] + bind = { + "../alloc/data" = "/ephemeral", + "secrets/litestream.yml" = "/etc/litestream.yml" + } + } + user = "root" + + template { + data = file("../config/litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 200 + memory_max = 1000 + cpu = 100 + } + } + } +} diff --git a/cluster/staging/app/im/deploy/python-packages.nix b/cluster/staging/app/im/deploy/python-packages.nix new file mode 100644 index 0000000..92a37be --- /dev/null +++ b/cluster/staging/app/im/deploy/python-packages.nix @@ -0,0 +1,338 @@ +# Generated by pip2nix 0.8.0.dev1 +# See https://github.com/nix-community/pip2nix + +{ pkgs, fetchurl, fetchgit, fetchhg }: + +self: super: { + # "Automat" = super.buildPythonPackage rec { + # pname = "Automat"; + # version = "22.10.0"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/29/90/64aabce6c1b820395452cc5472b8f11cd98320f40941795b8069aef4e0e0/Automat-22.10.0-py2.py3-none-any.whl"; + # sha256 = "1021ns3f579zaccd03blf4zvayzzm8r2sj426q7l9p5r8a3ly5n3"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = [ + # self."attrs" + # self."six" + # ]; + # }; + "pyyaml" = super.buildPythonPackage rec { + pname = "pyyaml"; + version = "5.4.1"; + src = fetchurl { + url = "https://files.pythonhosted.org/packages/a0/a4/d63f2d7597e1a4b55aa3b4d6c5b029991d3b824b5bd331af8d4ab1ed687d/PyYAML-5.4.1.tar.gz"; + sha256 = "0pm440pmpvgv5rbbnm8hk4qga5a292kvlm1bh3x2nwr8pb5p8xv0"; + }; + format = "setuptools"; + doCheck = false; + buildInputs = []; + checkInputs = []; + nativeBuildInputs = []; + propagatedBuildInputs = []; + }; + # "Twisted" = super.buildPythonPackage rec { + # pname = "Twisted"; + # version = "22.10.0"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/ac/63/b5540d15dfeb7388fbe12fa55a902c118fd2b324be5430cdeac0c0439489/Twisted-22.10.0-py3-none-any.whl"; + # sha256 = "1l6brjpq0h3ldl4pkw6lcq7l1w344hsh69g0cinnzay55iqmzic6"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = [ + # self."Automat" + # self."attrs" + # self."constantly" + # self."hyperlink" + # self."incremental" + # self."typing-extensions" + # self."zope.interface" + # ]; + # }; + # "attrs" = super.buildPythonPackage rec { + # pname = "attrs"; + # version = "22.1.0"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/f2/bc/d817287d1aa01878af07c19505fafd1165cd6a119e9d0821ca1d1c20312d/attrs-22.1.0-py2.py3-none-any.whl"; + # sha256 = "072mv8qgvas8sagx7f021l9yrca6ry3m8cqsylsdzwkvyq1a9vw6"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = []; + # }; + # "boto3" = super.buildPythonPackage rec { + # pname = "boto3"; + # version = "1.26.18"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/d1/16/c16895c1dc416ce332d48aa9442123fbe42e714266a93a826dc034d16522/boto3-1.26.18-py3-none-any.whl"; + # sha256 = "05y504z3lxybms0plmay36fn9pdrjl7z17nlhbfmyahii6qqhg4k"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = [ + # self."botocore" + # self."jmespath" + # self."s3transfer" + # ]; + # }; + # "botocore" = super.buildPythonPackage rec { + # pname = "botocore"; + # version = "1.29.18"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/cc/13/fcc5221a782f81b07aeb5fca676e07a2a2f2b250804763c89d1a66a17395/botocore-1.29.18-py3-none-any.whl"; + # sha256 = "14ir4ydx13f45w22g9f10wrq8yidbscg54yg28x6vb3f7d1l9fia"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = [ + # self."jmespath" + # self."python-dateutil" + # self."urllib3" + # ]; + # }; + # "constantly" = super.buildPythonPackage rec { + # pname = "constantly"; + # version = "15.1.0"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/b9/65/48c1909d0c0aeae6c10213340ce682db01b48ea900a7d9fce7a7910ff318/constantly-15.1.0-py2.py3-none-any.whl"; + # sha256 = "0pbwnc78hi3y7gizcjrqdqbslij0fcyjjxnxszq866m5n7bajbyx"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = []; + # }; + "humanize" = super.buildPythonPackage rec { + pname = "humanize"; + version = "0.5.1"; + src = fetchurl { + url = "https://files.pythonhosted.org/packages/8c/e0/e512e4ac6d091fc990bbe13f9e0378f34cf6eecd1c6c268c9e598dcf5bb9/humanize-0.5.1.tar.gz"; + sha256 = "06dvhm3k8lf2rayn1gxbd46y0fy1db26m3h9vrq7rb1ib08mfgx4"; + }; + format = "setuptools"; + doCheck = false; + buildInputs = []; + checkInputs = []; + nativeBuildInputs = []; + propagatedBuildInputs = []; + }; + # "hyperlink" = super.buildPythonPackage rec { + # pname = "hyperlink"; + # version = "21.0.0"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/6e/aa/8caf6a0a3e62863cbb9dab27135660acba46903b703e224f14f447e57934/hyperlink-21.0.0-py2.py3-none-any.whl"; + # sha256 = "1d7ibbr81vglky0kynswi2dbagwgrk1b9kbqgp3qjgmpxhvlrcg6"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = [ + # self."idna" + # ]; + # }; + # "idna" = super.buildPythonPackage rec { + # pname = "idna"; + # version = "3.4"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/fc/34/3030de6f1370931b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl"; + # sha256 = "1hn54ps4kgv2fmyvfaks38sgrvjc1cn4834sh7gadsx3x9wpxdwh"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = []; + # }; + # "incremental" = super.buildPythonPackage rec { + # pname = "incremental"; + # version = "22.10.0"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/77/51/8073577012492fcd15628e811db585f447c500fa407e944ab3a18ec55fb7/incremental-22.10.0-py2.py3-none-any.whl"; + # sha256 = "0l9yiml04ri84z7wm5ckig1ak2pyp1hsfd98mk2p5vl513rs2r5q"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = []; + # }; + # "jmespath" = super.buildPythonPackage rec { + # pname = "jmespath"; + # version = "1.0.1"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/31/b4/b9b800c45527aadd64d5b442f9b932b00648617eb5d63d2c7a6587b7cafc/jmespath-1.0.1-py3-none-any.whl"; + # sha256 = "10194nk0641vz2kpy442dsgdv44ia43zksrf6f4apg5mf76f9qh2"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = []; + # }; + # "psycopg2" = super.buildPythonPackage rec { + # pname = "psycopg2"; + # version = "2.9.5"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/89/d6/cd8c46417e0f7a16b4b0fc321f4ab676a59250d08fce5b64921897fb07cc/psycopg2-2.9.5.tar.gz"; + # sha256 = "0ni4kq6p7hbkm2qsky998q36q5gq5if4nwd8hwhjx5rsd0p6s955"; + # }; + # format = "setuptools"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = [ pkgs.postgresql ]; + # propagatedBuildInputs = []; + # }; + # "python-dateutil" = super.buildPythonPackage rec { + # pname = "python-dateutil"; + # version = "2.8.2"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/36/7a/87837f39d0296e723bb9b62bbb257d0355c7f6128853c78955f57342a56d/python_dateutil-2.8.2-py2.py3-none-any.whl"; + # sha256 = "1aaxjfp4lrz8c6qls3vdhw554lan3khy9afyvdcvrssk6kf067cn"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = [ + # self."six" + # ]; + # }; + # "s3transfer" = super.buildPythonPackage rec { + # pname = "s3transfer"; + # version = "0.6.0"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/5e/c6/af903b5fab3f9b5b1e883f49a770066314c6dcceb589cf938d48c89556c1/s3transfer-0.6.0-py3-none-any.whl"; + # sha256 = "1kayip95pym87m33l4s7fq5h8aa4kb11ynpjnkqn2px1yds6n5q6"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = [ + # self."botocore" + # ]; + # }; + # "six" = super.buildPythonPackage rec { + # pname = "six"; + # version = "1.16.0"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl"; + # sha256 = "0m02dsi8lvrjf4bi20ab6lm7rr6krz7pg6lzk3xjs2l9hqfjzfwa"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = []; + # }; + "synapse-s3-storage-provider" = super.buildPythonPackage rec { + pname = "synapse-s3-storage-provider"; + version = "1.1.2"; + src = fetchurl { + url = "https://github.com/matrix-org/synapse-s3-storage-provider/archive/refs/tags/v1.1.2.zip"; + sha256 = "0xd5icfvnvdd3qadlsmqvj2qjm6rsvk1vbpiycdc7ypr9dp7x9z8"; + }; + format = "setuptools"; + doCheck = false; + buildInputs = []; + checkInputs = []; + nativeBuildInputs = [ + pkgs."unzip" + ]; + propagatedBuildInputs = [ + self."pyyaml" + self."twisted" # Twisted + self."boto3" + self."botocore" + self."humanize" + self."psycopg2" + self."tqdm" + ]; + }; + # "tqdm" = super.buildPythonPackage rec { + # pname = "tqdm"; + # version = "4.64.1"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/47/bb/849011636c4da2e44f1253cd927cfb20ada4374d8b3a4e425416e84900cc/tqdm-4.64.1-py2.py3-none-any.whl"; + # sha256 = "18d68ickjbf5jb73aqvj0722p0r2kj14rwb5ik3b3lgwdw6idvkg"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = []; + # }; + #"typing-extensions" = super.buildPythonPackage rec { + # pname = "typing-extensions"; + # version = "4.4.0"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/0b/8e/f1a0a5a76cfef77e1eb6004cb49e5f8d72634da638420b9ea492ce8305e8/typing_extensions-4.4.0-py3-none-any.whl"; + # sha256 = "17j8jbywq5cjgh6354wyh9y47cvrbyw1hqj9xhsmsrcg81j4iyhn"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = []; + #}; + # "urllib3" = super.buildPythonPackage rec { + # pname = "urllib3"; + # version = "1.26.13"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/65/0c/cc6644eaa594585e5875f46f3c83ee8762b647b51fc5b0fb253a242df2dc/urllib3-1.26.13-py2.py3-none-any.whl"; + # sha256 = "1z21pgc451h1qcx1g74wnmj4wddswxh9p06m5vkwj2dakbchbk27"; + # }; + # format = "wheel"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = []; + # }; + # "zope.interface" = super.buildPythonPackage rec { + # pname = "zope.interface"; + # version = "5.5.2"; + # src = fetchurl { + # url = "https://files.pythonhosted.org/packages/38/6f/fbfb7dde38be7e5644bb342c4c7cdc444cd5e2ffbd70d091263b3858a8cb/zope.interface-5.5.2.tar.gz"; + # sha256 = "0wg6vicx14bkmvfy19dcz5ch5apklywgaj73k6a82hr1yqzizvmz"; + # }; + # format = "setuptools"; + # doCheck = false; + # buildInputs = []; + # checkInputs = []; + # nativeBuildInputs = []; + # propagatedBuildInputs = [ + # self."setuptools" + # ]; + # }; +} |