diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-08-25 01:02:16 +0200 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-08-25 01:02:16 +0200 |
commit | e37c1f9057ed986ac50b86463a4dbe6bf5d77f02 (patch) | |
tree | 5f5757bde3cf8a694a70bd11afdcdf9b87806db8 /cluster/prod/app/matrix/deploy/im.hcl | |
parent | 3be2659aa19abfb7e676d33e9e7e1357c790a383 (diff) | |
download | nixcfg-e37c1f9057ed986ac50b86463a4dbe6bf5d77f02.tar.gz nixcfg-e37c1f9057ed986ac50b86463a4dbe6bf5d77f02.zip |
Deploy Matrix
Diffstat (limited to 'cluster/prod/app/matrix/deploy/im.hcl')
-rw-r--r-- | cluster/prod/app/matrix/deploy/im.hcl | 200 |
1 files changed, 200 insertions, 0 deletions
diff --git a/cluster/prod/app/matrix/deploy/im.hcl b/cluster/prod/app/matrix/deploy/im.hcl new file mode 100644 index 0000000..0e219dd --- /dev/null +++ b/cluster/prod/app/matrix/deploy/im.hcl @@ -0,0 +1,200 @@ +job "matrix" { + datacenters = ["orion"] + type = "service" + priority = 60 + + group "matrix" { + count = 1 + + network { + port "api_port" { static = 8008 } + } + + task "synapse" { + driver = "docker" + + config { + image = "superboum/amd64_synapse:v54" + network_mode = "host" + readonly_rootfs = true + ports = [ "api_port" ] + command = "python" + args = [ + "-m", "synapse.app.homeserver", + "-n", + "-c", "/etc/matrix-synapse/homeserver.yaml" + ] + volumes = [ + "secrets/conf:/etc/matrix-synapse", + "/tmp/synapse-media:/var/lib/matrix-synapse/media", + "/tmp/synapse-uploads:/var/lib/matrix-synapse/uploads", + "/tmp/synapse-logs:/var/log/matrix-synapse", + "/tmp/synapse:/tmp" + ] + } + + template { + data = file("../config/synapse/homeserver.yaml") + destination = "secrets/conf/homeserver.yaml" + } + + template { + data = file("../config/synapse/log.yaml") + destination = "secrets/conf/log.yaml" + } + + template { + data = file("../config/synapse/conf.d/server_name.yaml") + destination = "secrets/conf/server_name.yaml" + } + + template { + data = file("../config/synapse/conf.d/report_stats.yaml") + destination = "secrets/conf/report_stats.yaml" + } + + # --- secrets --- + template { + data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}" + destination = "secrets/conf/homeserver.tls.crt" + } + + template { + data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}" + destination = "secrets/conf/homeserver.tls.dh" + } + + template { + data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}" + destination = "secrets/conf/homeserver.tls.key" + } + + template { + data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}" + destination = "secrets/conf/homeserver.signing.key" + } + + env { + SYNAPSE_CACHE_FACTOR = 1 + } + + resources { + cpu = 1000 + memory = 1000 + } + + service { + name = "synapse" + port = "api_port" + address_mode = "host" + tags = [ + "matrix", + "tricot im.deuxfleurs.fr/_matrix 100", + "tricot im.deuxfleurs.fr:443/_matrix 100", + "tricot im.deuxfleurs.fr/_synapse 100", + "tricot-add-header Access-Control-Allow-Origin *", + ] + check { + type = "tcp" + port = "api_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + + + task "media-async-upload" { + driver = "docker" + + config { + image = "superboum/amd64_synapse:v54" + readonly_rootfs = true + command = "/usr/local/bin/matrix-s3-async" + work_dir = "/tmp" + volumes = [ + "/tmp/synapse-media:/var/lib/matrix-synapse/media", + "/tmp/synapse-uploads:/var/lib/matrix-synapse/uploads", + "/tmp/synapse:/tmp" + ] + } + + resources { + cpu = 100 + memory = 100 + } + + template { + data = <<EOH +AWS_ACCESS_KEY_ID={{ key "secrets/chat/synapse/s3_access_key" | trimSpace }} +AWS_SECRET_ACCESS_KEY={{ key "secrets/chat/synapse/s3_secret_key" | trimSpace }} +AWS_DEFAULT_REGION=garage +PG_USER={{ key "secrets/chat/synapse/postgres_user" | trimSpace }} +PG_PASS={{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }} +PG_DB={{ key "secrets/chat/synapse/postgres_db" | trimSpace }} +PG_HOST=psql-proxy.service.2.cluster.deuxfleurs.fr +PG_PORT=5432 +EOH + destination = "secrets/env" + env = true + } + } + } + + + group "riotweb" { + count = 1 + + network { + port "web_port" { to = 8043 } + } + + task "server" { + driver = "docker" + config { + image = "superboum/amd64_riotweb:v31" + ports = [ "web_port" ] + volumes = [ + "secrets/config.json:/srv/http/config.json" + ] + } + + template { + data = file("../config/riot_web/config.json") + destination = "secrets/config.json" + } + + resources { + memory = 21 + } + + service { + tags = [ + "webstatic", + "tricot im.deuxfleurs.fr 10", + "tricot riot.deuxfleurs.fr 10", + ] + port = "web_port" + address_mode = "host" + name = "webstatic" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + |