diff options
author | Alex Auvolat <alex@adnab.me> | 2022-11-29 22:02:21 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-11-29 22:02:21 +0100 |
commit | ab7a7701682074e2f074c3195fcb138305db8f0e (patch) | |
tree | 0fba6445563640ea4a95fcf2bf6bc137976dbdcd | |
parent | 55e407a3a431b9fc2a50f97076c17dda1f758045 (diff) | |
download | nixcfg-ab7a7701682074e2f074c3195fcb138305db8f0e.tar.gz nixcfg-ab7a7701682074e2f074c3195fcb138305db8f0e.zip |
Synapse on Nix works great
-rw-r--r-- | cluster/staging/app/im/deploy/flake.nix | 115 | ||||
-rw-r--r-- | cluster/staging/app/im/deploy/im-nix.hcl | 47 | ||||
-rw-r--r-- | cluster/staging/app/im/deploy/python-packages.nix | 338 |
3 files changed, 133 insertions, 367 deletions
diff --git a/cluster/staging/app/im/deploy/flake.nix b/cluster/staging/app/im/deploy/flake.nix index 180e91b..e5f260d 100644 --- a/cluster/staging/app/im/deploy/flake.nix +++ b/cluster/staging/app/im/deploy/flake.nix @@ -6,34 +6,121 @@ outputs = { self, nixpkgs }: let - pkgs = import nixpkgs { - system = "x86_64-linux"; + # Generated with the help of pip2nix 0.8.0.dev1 + # See https://github.com/nix-community/pip2nix + pypkgsOverlay = pkgs: self: super: { + "pyyaml" = super.buildPythonPackage rec { + pname = "pyyaml"; + version = "5.4.1"; + src = builtins.fetchurl { + url = "https://files.pythonhosted.org/packages/a0/a4/d63f2d7597e1a4b55aa3b4d6c5b029991d3b824b5bd331af8d4ab1ed687d/PyYAML-5.4.1.tar.gz"; + sha256 = "0pm440pmpvgv5rbbnm8hk4qga5a292kvlm1bh3x2nwr8pb5p8xv0"; + }; + format = "setuptools"; + doCheck = false; + buildInputs = []; + checkInputs = []; + nativeBuildInputs = []; + propagatedBuildInputs = []; + }; + "humanize" = super.buildPythonPackage rec { + pname = "humanize"; + version = "0.5.1"; + src = builtins.fetchurl { + url = "https://files.pythonhosted.org/packages/8c/e0/e512e4ac6d091fc990bbe13f9e0378f34cf6eecd1c6c268c9e598dcf5bb9/humanize-0.5.1.tar.gz"; + sha256 = "06dvhm3k8lf2rayn1gxbd46y0fy1db26m3h9vrq7rb1ib08mfgx4"; + }; + format = "setuptools"; + doCheck = false; + buildInputs = []; + checkInputs = []; + nativeBuildInputs = []; + propagatedBuildInputs = []; + }; + "synapse-s3-storage-provider" = super.buildPythonPackage rec { + pname = "synapse-s3-storage-provider"; + version = "1.1.2"; + src = builtins.fetchurl { + url = "https://github.com/matrix-org/synapse-s3-storage-provider/archive/refs/tags/v1.1.2.zip"; + sha256 = "0xd5icfvnvdd3qadlsmqvj2qjm6rsvk1vbpiycdc7ypr9dp7x9z8"; + }; + format = "setuptools"; + doCheck = false; + buildInputs = []; + checkInputs = []; + nativeBuildInputs = [ + pkgs."unzip" + ]; + propagatedBuildInputs = [ + self."pyyaml" + self."twisted" + self."boto3" + self."botocore" + self."humanize" + self."psycopg2" + self."tqdm" + ]; + }; }; - pypkgsOverlay = import ./python-packages.nix { - inherit pkgs; - fetchurl = builtins.fetchurl; - fetchgit = pkgs.fetchgit; - fetchhg = pkgs.fetchhg; - }; - pkgs2 = import nixpkgs { + pkgs = import nixpkgs { system = "x86_64-linux"; overlays = [ (self: super: { python3 = super.python3.override { self = self.python3; - packageOverrides = pypkgsOverlay; + packageOverrides = (pypkgsOverlay super); }; }) ]; }; - synapseWithS3 = pkgs2.matrix-synapse.overridePythonAttrs (old: rec { + + synapse = pkgs.matrix-synapse.overridePythonAttrs (old: rec { propagatedBuildInputs = old.propagatedBuildInputs ++ [ - pkgs2.python3.pkgs.synapse-s3-storage-provider + pkgs.python3.pkgs.synapse-s3-storage-provider ]; }); + + s3_provider = pkgs.python3.withPackages(ps: [ps.synapse-s3-storage-provider]); + + matrix_s3_async = pkgs.writeScriptBin "matrix-s3-async" '' +#!${pkgs.bash}/bin/bash + +${pkgs.coreutils}/bin/cat > database.yaml <<EOF +user: ''$PG_USER +password: ''$PG_PASS +database: ''$PG_DB +host: ''$PG_HOST +port: ''$PG_PORT +EOF + +while true; do + ${s3_provider}/bin/s3_media_upload update-db 0d + ${s3_provider}/bin/s3_media_upload --no-progress check-deleted ''$SYNAPSE_MEDIA_STORE + ${s3_provider}/bin/s3_media_upload --no-progress upload ''$SYNAPSE_MEDIA_STORE ''$SYNAPSE_MEDIA_S3_BUCKET --delete --endpoint-url ''$S3_ENDPOINT + ${pkgs.coreutils}/bin/sleep 600 +done + ''; + + matrix_s3_async_sqlite = pkgs.writeScriptBin "matrix-s3-async-sqlite" '' +#!${pkgs.bash}/bin/bash + +${pkgs.coreutils}/bin/cat > database.yaml <<EOF +sqlite: + database: ''$SYNAPSE_SQLITE_DB +EOF + +while true; do + ${s3_provider}/bin/s3_media_upload update-db 0d + ${s3_provider}/bin/s3_media_upload --no-progress check-deleted ''$SYNAPSE_MEDIA_STORE + ${s3_provider}/bin/s3_media_upload --no-progress upload ''$SYNAPSE_MEDIA_STORE ''$SYNAPSE_MEDIA_S3_BUCKET --delete --endpoint-url ''$S3_ENDPOINT + ${pkgs.coreutils}/bin/sleep 600 +done + ''; + in { - packages.x86_64-linux.default = synapseWithS3; - #packages.x86_64-linux.default = pkgs2.python3.pkgs.synapse-s3-storage-provider; + packages.x86_64-linux = { + inherit synapse s3_provider matrix_s3_async matrix_s3_async_sqlite; + }; }; } diff --git a/cluster/staging/app/im/deploy/im-nix.hcl b/cluster/staging/app/im/deploy/im-nix.hcl index 7f53136..9cf78e5 100644 --- a/cluster/staging/app/im/deploy/im-nix.hcl +++ b/cluster/staging/app/im/deploy/im-nix.hcl @@ -7,7 +7,7 @@ job "im" { network { port "http" { - to = 8008 + static = 8008 } } @@ -39,7 +39,7 @@ job "im" { ] command = "litestream" args = [ - "restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db", "-v" + "restore", "-v", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db" ] bind = { "../alloc/data" = "/ephemeral", @@ -63,9 +63,11 @@ job "im" { task "synapse" { driver = "nix2" config { - nixpkgs = "github:nixos/nixpkgs/ce6aa13369b667ac2542593170993504932eb836" packages = [ - ".", + "#cacert", + "#bash", + "#coreutils", + ".#synapse", ] command = "synapse_homeserver" args = [ @@ -77,6 +79,9 @@ job "im" { "../alloc/data" = "/ephemeral", } } + env = { + SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt" + } user = "root" template { @@ -84,10 +89,6 @@ job "im" { destination = "flake.nix" } template { - data = file("python-packages.nix") - destination = "python-packages.nix" - } - template { data = file("flake.lock") destination = "flake.lock" } @@ -130,16 +131,32 @@ job "im" { } task "media-async-upload" { - driver = "docker" + driver = "nix2" config { - image = "lxpz/amd64_synapse:1.49.2-4" - readonly_rootfs = true - command = "/usr/local/bin/matrix-s3-async-sqlite" - work_dir = "/ephemeral" - volumes = [ - "../alloc/data:/ephemeral", + packages = [ + "#bash", + "#coreutils", + ".#matrix_s3_async_sqlite", ] + command = "sh" + args = [ + "-c", + "cd /ephemeral; matrix-s3-async-sqlite" + ] + bind = { + "../alloc/data" = "/ephemeral", + } + } + user = "root" + + template { + data = file("flake.nix") + destination = "flake.nix" + } + template { + data = file("flake.lock") + destination = "flake.lock" } resources { diff --git a/cluster/staging/app/im/deploy/python-packages.nix b/cluster/staging/app/im/deploy/python-packages.nix deleted file mode 100644 index 92a37be..0000000 --- a/cluster/staging/app/im/deploy/python-packages.nix +++ /dev/null @@ -1,338 +0,0 @@ -# Generated by pip2nix 0.8.0.dev1 -# See https://github.com/nix-community/pip2nix - -{ pkgs, fetchurl, fetchgit, fetchhg }: - -self: super: { - # "Automat" = super.buildPythonPackage rec { - # pname = "Automat"; - # version = "22.10.0"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/29/90/64aabce6c1b820395452cc5472b8f11cd98320f40941795b8069aef4e0e0/Automat-22.10.0-py2.py3-none-any.whl"; - # sha256 = "1021ns3f579zaccd03blf4zvayzzm8r2sj426q7l9p5r8a3ly5n3"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = [ - # self."attrs" - # self."six" - # ]; - # }; - "pyyaml" = super.buildPythonPackage rec { - pname = "pyyaml"; - version = "5.4.1"; - src = fetchurl { - url = "https://files.pythonhosted.org/packages/a0/a4/d63f2d7597e1a4b55aa3b4d6c5b029991d3b824b5bd331af8d4ab1ed687d/PyYAML-5.4.1.tar.gz"; - sha256 = "0pm440pmpvgv5rbbnm8hk4qga5a292kvlm1bh3x2nwr8pb5p8xv0"; - }; - format = "setuptools"; - doCheck = false; - buildInputs = []; - checkInputs = []; - nativeBuildInputs = []; - propagatedBuildInputs = []; - }; - # "Twisted" = super.buildPythonPackage rec { - # pname = "Twisted"; - # version = "22.10.0"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/ac/63/b5540d15dfeb7388fbe12fa55a902c118fd2b324be5430cdeac0c0439489/Twisted-22.10.0-py3-none-any.whl"; - # sha256 = "1l6brjpq0h3ldl4pkw6lcq7l1w344hsh69g0cinnzay55iqmzic6"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = [ - # self."Automat" - # self."attrs" - # self."constantly" - # self."hyperlink" - # self."incremental" - # self."typing-extensions" - # self."zope.interface" - # ]; - # }; - # "attrs" = super.buildPythonPackage rec { - # pname = "attrs"; - # version = "22.1.0"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/f2/bc/d817287d1aa01878af07c19505fafd1165cd6a119e9d0821ca1d1c20312d/attrs-22.1.0-py2.py3-none-any.whl"; - # sha256 = "072mv8qgvas8sagx7f021l9yrca6ry3m8cqsylsdzwkvyq1a9vw6"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = []; - # }; - # "boto3" = super.buildPythonPackage rec { - # pname = "boto3"; - # version = "1.26.18"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/d1/16/c16895c1dc416ce332d48aa9442123fbe42e714266a93a826dc034d16522/boto3-1.26.18-py3-none-any.whl"; - # sha256 = "05y504z3lxybms0plmay36fn9pdrjl7z17nlhbfmyahii6qqhg4k"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = [ - # self."botocore" - # self."jmespath" - # self."s3transfer" - # ]; - # }; - # "botocore" = super.buildPythonPackage rec { - # pname = "botocore"; - # version = "1.29.18"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/cc/13/fcc5221a782f81b07aeb5fca676e07a2a2f2b250804763c89d1a66a17395/botocore-1.29.18-py3-none-any.whl"; - # sha256 = "14ir4ydx13f45w22g9f10wrq8yidbscg54yg28x6vb3f7d1l9fia"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = [ - # self."jmespath" - # self."python-dateutil" - # self."urllib3" - # ]; - # }; - # "constantly" = super.buildPythonPackage rec { - # pname = "constantly"; - # version = "15.1.0"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/b9/65/48c1909d0c0aeae6c10213340ce682db01b48ea900a7d9fce7a7910ff318/constantly-15.1.0-py2.py3-none-any.whl"; - # sha256 = "0pbwnc78hi3y7gizcjrqdqbslij0fcyjjxnxszq866m5n7bajbyx"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = []; - # }; - "humanize" = super.buildPythonPackage rec { - pname = "humanize"; - version = "0.5.1"; - src = fetchurl { - url = "https://files.pythonhosted.org/packages/8c/e0/e512e4ac6d091fc990bbe13f9e0378f34cf6eecd1c6c268c9e598dcf5bb9/humanize-0.5.1.tar.gz"; - sha256 = "06dvhm3k8lf2rayn1gxbd46y0fy1db26m3h9vrq7rb1ib08mfgx4"; - }; - format = "setuptools"; - doCheck = false; - buildInputs = []; - checkInputs = []; - nativeBuildInputs = []; - propagatedBuildInputs = []; - }; - # "hyperlink" = super.buildPythonPackage rec { - # pname = "hyperlink"; - # version = "21.0.0"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/6e/aa/8caf6a0a3e62863cbb9dab27135660acba46903b703e224f14f447e57934/hyperlink-21.0.0-py2.py3-none-any.whl"; - # sha256 = "1d7ibbr81vglky0kynswi2dbagwgrk1b9kbqgp3qjgmpxhvlrcg6"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = [ - # self."idna" - # ]; - # }; - # "idna" = super.buildPythonPackage rec { - # pname = "idna"; - # version = "3.4"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/fc/34/3030de6f1370931b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl"; - # sha256 = "1hn54ps4kgv2fmyvfaks38sgrvjc1cn4834sh7gadsx3x9wpxdwh"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = []; - # }; - # "incremental" = super.buildPythonPackage rec { - # pname = "incremental"; - # version = "22.10.0"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/77/51/8073577012492fcd15628e811db585f447c500fa407e944ab3a18ec55fb7/incremental-22.10.0-py2.py3-none-any.whl"; - # sha256 = "0l9yiml04ri84z7wm5ckig1ak2pyp1hsfd98mk2p5vl513rs2r5q"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = []; - # }; - # "jmespath" = super.buildPythonPackage rec { - # pname = "jmespath"; - # version = "1.0.1"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/31/b4/b9b800c45527aadd64d5b442f9b932b00648617eb5d63d2c7a6587b7cafc/jmespath-1.0.1-py3-none-any.whl"; - # sha256 = "10194nk0641vz2kpy442dsgdv44ia43zksrf6f4apg5mf76f9qh2"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = []; - # }; - # "psycopg2" = super.buildPythonPackage rec { - # pname = "psycopg2"; - # version = "2.9.5"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/89/d6/cd8c46417e0f7a16b4b0fc321f4ab676a59250d08fce5b64921897fb07cc/psycopg2-2.9.5.tar.gz"; - # sha256 = "0ni4kq6p7hbkm2qsky998q36q5gq5if4nwd8hwhjx5rsd0p6s955"; - # }; - # format = "setuptools"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = [ pkgs.postgresql ]; - # propagatedBuildInputs = []; - # }; - # "python-dateutil" = super.buildPythonPackage rec { - # pname = "python-dateutil"; - # version = "2.8.2"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/36/7a/87837f39d0296e723bb9b62bbb257d0355c7f6128853c78955f57342a56d/python_dateutil-2.8.2-py2.py3-none-any.whl"; - # sha256 = "1aaxjfp4lrz8c6qls3vdhw554lan3khy9afyvdcvrssk6kf067cn"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = [ - # self."six" - # ]; - # }; - # "s3transfer" = super.buildPythonPackage rec { - # pname = "s3transfer"; - # version = "0.6.0"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/5e/c6/af903b5fab3f9b5b1e883f49a770066314c6dcceb589cf938d48c89556c1/s3transfer-0.6.0-py3-none-any.whl"; - # sha256 = "1kayip95pym87m33l4s7fq5h8aa4kb11ynpjnkqn2px1yds6n5q6"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = [ - # self."botocore" - # ]; - # }; - # "six" = super.buildPythonPackage rec { - # pname = "six"; - # version = "1.16.0"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl"; - # sha256 = "0m02dsi8lvrjf4bi20ab6lm7rr6krz7pg6lzk3xjs2l9hqfjzfwa"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = []; - # }; - "synapse-s3-storage-provider" = super.buildPythonPackage rec { - pname = "synapse-s3-storage-provider"; - version = "1.1.2"; - src = fetchurl { - url = "https://github.com/matrix-org/synapse-s3-storage-provider/archive/refs/tags/v1.1.2.zip"; - sha256 = "0xd5icfvnvdd3qadlsmqvj2qjm6rsvk1vbpiycdc7ypr9dp7x9z8"; - }; - format = "setuptools"; - doCheck = false; - buildInputs = []; - checkInputs = []; - nativeBuildInputs = [ - pkgs."unzip" - ]; - propagatedBuildInputs = [ - self."pyyaml" - self."twisted" # Twisted - self."boto3" - self."botocore" - self."humanize" - self."psycopg2" - self."tqdm" - ]; - }; - # "tqdm" = super.buildPythonPackage rec { - # pname = "tqdm"; - # version = "4.64.1"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/47/bb/849011636c4da2e44f1253cd927cfb20ada4374d8b3a4e425416e84900cc/tqdm-4.64.1-py2.py3-none-any.whl"; - # sha256 = "18d68ickjbf5jb73aqvj0722p0r2kj14rwb5ik3b3lgwdw6idvkg"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = []; - # }; - #"typing-extensions" = super.buildPythonPackage rec { - # pname = "typing-extensions"; - # version = "4.4.0"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/0b/8e/f1a0a5a76cfef77e1eb6004cb49e5f8d72634da638420b9ea492ce8305e8/typing_extensions-4.4.0-py3-none-any.whl"; - # sha256 = "17j8jbywq5cjgh6354wyh9y47cvrbyw1hqj9xhsmsrcg81j4iyhn"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = []; - #}; - # "urllib3" = super.buildPythonPackage rec { - # pname = "urllib3"; - # version = "1.26.13"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/65/0c/cc6644eaa594585e5875f46f3c83ee8762b647b51fc5b0fb253a242df2dc/urllib3-1.26.13-py2.py3-none-any.whl"; - # sha256 = "1z21pgc451h1qcx1g74wnmj4wddswxh9p06m5vkwj2dakbchbk27"; - # }; - # format = "wheel"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = []; - # }; - # "zope.interface" = super.buildPythonPackage rec { - # pname = "zope.interface"; - # version = "5.5.2"; - # src = fetchurl { - # url = "https://files.pythonhosted.org/packages/38/6f/fbfb7dde38be7e5644bb342c4c7cdc444cd5e2ffbd70d091263b3858a8cb/zope.interface-5.5.2.tar.gz"; - # sha256 = "0wg6vicx14bkmvfy19dcz5ch5apklywgaj73k6a82hr1yqzizvmz"; - # }; - # format = "setuptools"; - # doCheck = false; - # buildInputs = []; - # checkInputs = []; - # nativeBuildInputs = []; - # propagatedBuildInputs = [ - # self."setuptools" - # ]; - # }; -} |