aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cluster/staging/app/im/deploy/flake.lock27
-rw-r--r--cluster/staging/app/im/deploy/flake.nix39
-rw-r--r--cluster/staging/app/im/deploy/im-nix.hcl196
-rw-r--r--cluster/staging/app/im/deploy/python-packages.nix338
4 files changed, 600 insertions, 0 deletions
diff --git a/cluster/staging/app/im/deploy/flake.lock b/cluster/staging/app/im/deploy/flake.lock
new file mode 100644
index 0000000..bde4085
--- /dev/null
+++ b/cluster/staging/app/im/deploy/flake.lock
@@ -0,0 +1,27 @@
+{
+ "nodes": {
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1669546925,
+ "narHash": "sha256-Gvtk9agz88tBgqmCdHl5U7gYttTkiuEd8/Rq1Im0pTg=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "nixpkgs": "nixpkgs"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/cluster/staging/app/im/deploy/flake.nix b/cluster/staging/app/im/deploy/flake.nix
new file mode 100644
index 0000000..180e91b
--- /dev/null
+++ b/cluster/staging/app/im/deploy/flake.nix
@@ -0,0 +1,39 @@
+{
+ description = "Synapse packaging for Deuxfleurs";
+
+ # nixpkgs 22.05 at 2022-11-29
+ inputs.nixpkgs.url = "github:nixos/nixpkgs/fecf05d4861f3985e8dee73f08bc82668ef75125";
+
+ outputs = { self, nixpkgs }:
+ let
+ pkgs = import nixpkgs {
+ system = "x86_64-linux";
+ };
+ pypkgsOverlay = import ./python-packages.nix {
+ inherit pkgs;
+ fetchurl = builtins.fetchurl;
+ fetchgit = pkgs.fetchgit;
+ fetchhg = pkgs.fetchhg;
+ };
+ pkgs2 = import nixpkgs {
+ system = "x86_64-linux";
+ overlays = [
+ (self: super: {
+ python3 = super.python3.override {
+ self = self.python3;
+ packageOverrides = pypkgsOverlay;
+ };
+ })
+ ];
+ };
+ synapseWithS3 = pkgs2.matrix-synapse.overridePythonAttrs (old: rec {
+ propagatedBuildInputs = old.propagatedBuildInputs ++ [
+ pkgs2.python3.pkgs.synapse-s3-storage-provider
+ ];
+ });
+ in
+ {
+ packages.x86_64-linux.default = synapseWithS3;
+ #packages.x86_64-linux.default = pkgs2.python3.pkgs.synapse-s3-storage-provider;
+ };
+}
diff --git a/cluster/staging/app/im/deploy/im-nix.hcl b/cluster/staging/app/im/deploy/im-nix.hcl
new file mode 100644
index 0000000..7f53136
--- /dev/null
+++ b/cluster/staging/app/im/deploy/im-nix.hcl
@@ -0,0 +1,196 @@
+job "im" {
+ datacenters = ["neptune"]
+ type = "service"
+
+ group "synapse" {
+ count = 1
+
+ network {
+ port "http" {
+ to = 8008
+ }
+ }
+
+ ephemeral_disk {
+ size = 10000
+ }
+
+ restart {
+ attempts = 10
+ delay = "30s"
+ }
+
+ constraint {
+ attribute = "${attr.unique.hostname}"
+ operator = "!="
+ value = "caribou"
+ }
+
+ task "restore-db" {
+ lifecycle {
+ hook = "prestart"
+ sidecar = false
+ }
+
+ driver = "nix2"
+ config {
+ packages = [
+ "#litestream"
+ ]
+ command = "litestream"
+ args = [
+ "restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db", "-v"
+ ]
+ bind = {
+ "../alloc/data" = "/ephemeral",
+ "secrets/litestream.yml" = "/etc/litestream.yml"
+ }
+ }
+ user = "root"
+
+ template {
+ data = file("../config/litestream.yml")
+ destination = "secrets/litestream.yml"
+ }
+
+ resources {
+ memory = 100
+ memory_max = 1000
+ cpu = 1000
+ }
+ }
+
+ task "synapse" {
+ driver = "nix2"
+ config {
+ nixpkgs = "github:nixos/nixpkgs/ce6aa13369b667ac2542593170993504932eb836"
+ packages = [
+ ".",
+ ]
+ command = "synapse_homeserver"
+ args = [
+ "-n",
+ "-c", "/etc/matrix-synapse/homeserver.yaml"
+ ]
+ bind = {
+ "./secrets" = "/etc/matrix-synapse",
+ "../alloc/data" = "/ephemeral",
+ }
+ }
+ user = "root"
+
+ template {
+ data = file("flake.nix")
+ destination = "flake.nix"
+ }
+ template {
+ data = file("python-packages.nix")
+ destination = "python-packages.nix"
+ }
+ template {
+ data = file("flake.lock")
+ destination = "flake.lock"
+ }
+
+ template {
+ data = file("../config/homeserver.yaml")
+ destination = "secrets/homeserver.yaml"
+ }
+
+ template {
+ data = file("../config/synapse.log.config.yaml")
+ destination = "secrets/synapse.log.config.yaml"
+ }
+
+ template {
+ data = "{{ key \"secrets/synapse/signing_key\" }}"
+ destination = "secrets/signing_key"
+ }
+
+ resources {
+ memory = 2000
+ memory_max = 3000
+ cpu = 1000
+ }
+
+ service {
+ port = "http"
+ tags = [
+ "tricot matrix.home.adnab.me 100",
+ "tricot matrix.home.adnab.me:443 100",
+ "tricot-add-header Access-Control-Allow-Origin *",
+ ]
+ check {
+ type = "http"
+ path = "/"
+ interval = "10s"
+ timeout = "2s"
+ }
+ }
+ }
+
+ task "media-async-upload" {
+ driver = "docker"
+
+ config {
+ image = "lxpz/amd64_synapse:1.49.2-4"
+ readonly_rootfs = true
+ command = "/usr/local/bin/matrix-s3-async-sqlite"
+ work_dir = "/ephemeral"
+ volumes = [
+ "../alloc/data:/ephemeral",
+ ]
+ }
+
+ resources {
+ cpu = 100
+ memory = 100
+ memory_max = 500
+ }
+
+ template {
+ data = <<EOH
+SYNAPSE_SQLITE_DB=/ephemeral/homeserver.db
+SYNAPSE_MEDIA_STORE=/ephemeral/media_store
+SYNAPSE_MEDIA_S3_BUCKET=synapse-data
+AWS_ACCESS_KEY_ID={{ key "secrets/synapse/s3_access_key" | trimSpace }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/synapse/s3_secret_key" | trimSpace }}
+AWS_DEFAULT_REGION=garage-staging
+S3_ENDPOINT=http://{{ env "attr.unique.network.ip-address" }}:3990
+
+EOH
+ destination = "secrets/env"
+ env = true
+ }
+ }
+
+ task "replicate-db" {
+ driver = "nix2"
+ config {
+ packages = [
+ "#litestream"
+ ]
+ command = "litestream"
+ args = [
+ "replicate", "-config", "/etc/litestream.yml"
+ ]
+ bind = {
+ "../alloc/data" = "/ephemeral",
+ "secrets/litestream.yml" = "/etc/litestream.yml"
+ }
+ }
+ user = "root"
+
+ template {
+ data = file("../config/litestream.yml")
+ destination = "secrets/litestream.yml"
+ }
+
+ resources {
+ memory = 200
+ memory_max = 1000
+ cpu = 100
+ }
+ }
+ }
+}
diff --git a/cluster/staging/app/im/deploy/python-packages.nix b/cluster/staging/app/im/deploy/python-packages.nix
new file mode 100644
index 0000000..92a37be
--- /dev/null
+++ b/cluster/staging/app/im/deploy/python-packages.nix
@@ -0,0 +1,338 @@
+# Generated by pip2nix 0.8.0.dev1
+# See https://github.com/nix-community/pip2nix
+
+{ pkgs, fetchurl, fetchgit, fetchhg }:
+
+self: super: {
+ # "Automat" = super.buildPythonPackage rec {
+ # pname = "Automat";
+ # version = "22.10.0";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/29/90/64aabce6c1b820395452cc5472b8f11cd98320f40941795b8069aef4e0e0/Automat-22.10.0-py2.py3-none-any.whl";
+ # sha256 = "1021ns3f579zaccd03blf4zvayzzm8r2sj426q7l9p5r8a3ly5n3";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [
+ # self."attrs"
+ # self."six"
+ # ];
+ # };
+ "pyyaml" = super.buildPythonPackage rec {
+ pname = "pyyaml";
+ version = "5.4.1";
+ src = fetchurl {
+ url = "https://files.pythonhosted.org/packages/a0/a4/d63f2d7597e1a4b55aa3b4d6c5b029991d3b824b5bd331af8d4ab1ed687d/PyYAML-5.4.1.tar.gz";
+ sha256 = "0pm440pmpvgv5rbbnm8hk4qga5a292kvlm1bh3x2nwr8pb5p8xv0";
+ };
+ format = "setuptools";
+ doCheck = false;
+ buildInputs = [];
+ checkInputs = [];
+ nativeBuildInputs = [];
+ propagatedBuildInputs = [];
+ };
+ # "Twisted" = super.buildPythonPackage rec {
+ # pname = "Twisted";
+ # version = "22.10.0";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/ac/63/b5540d15dfeb7388fbe12fa55a902c118fd2b324be5430cdeac0c0439489/Twisted-22.10.0-py3-none-any.whl";
+ # sha256 = "1l6brjpq0h3ldl4pkw6lcq7l1w344hsh69g0cinnzay55iqmzic6";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [
+ # self."Automat"
+ # self."attrs"
+ # self."constantly"
+ # self."hyperlink"
+ # self."incremental"
+ # self."typing-extensions"
+ # self."zope.interface"
+ # ];
+ # };
+ # "attrs" = super.buildPythonPackage rec {
+ # pname = "attrs";
+ # version = "22.1.0";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/f2/bc/d817287d1aa01878af07c19505fafd1165cd6a119e9d0821ca1d1c20312d/attrs-22.1.0-py2.py3-none-any.whl";
+ # sha256 = "072mv8qgvas8sagx7f021l9yrca6ry3m8cqsylsdzwkvyq1a9vw6";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [];
+ # };
+ # "boto3" = super.buildPythonPackage rec {
+ # pname = "boto3";
+ # version = "1.26.18";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/d1/16/c16895c1dc416ce332d48aa9442123fbe42e714266a93a826dc034d16522/boto3-1.26.18-py3-none-any.whl";
+ # sha256 = "05y504z3lxybms0plmay36fn9pdrjl7z17nlhbfmyahii6qqhg4k";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [
+ # self."botocore"
+ # self."jmespath"
+ # self."s3transfer"
+ # ];
+ # };
+ # "botocore" = super.buildPythonPackage rec {
+ # pname = "botocore";
+ # version = "1.29.18";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/cc/13/fcc5221a782f81b07aeb5fca676e07a2a2f2b250804763c89d1a66a17395/botocore-1.29.18-py3-none-any.whl";
+ # sha256 = "14ir4ydx13f45w22g9f10wrq8yidbscg54yg28x6vb3f7d1l9fia";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [
+ # self."jmespath"
+ # self."python-dateutil"
+ # self."urllib3"
+ # ];
+ # };
+ # "constantly" = super.buildPythonPackage rec {
+ # pname = "constantly";
+ # version = "15.1.0";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/b9/65/48c1909d0c0aeae6c10213340ce682db01b48ea900a7d9fce7a7910ff318/constantly-15.1.0-py2.py3-none-any.whl";
+ # sha256 = "0pbwnc78hi3y7gizcjrqdqbslij0fcyjjxnxszq866m5n7bajbyx";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [];
+ # };
+ "humanize" = super.buildPythonPackage rec {
+ pname = "humanize";
+ version = "0.5.1";
+ src = fetchurl {
+ url = "https://files.pythonhosted.org/packages/8c/e0/e512e4ac6d091fc990bbe13f9e0378f34cf6eecd1c6c268c9e598dcf5bb9/humanize-0.5.1.tar.gz";
+ sha256 = "06dvhm3k8lf2rayn1gxbd46y0fy1db26m3h9vrq7rb1ib08mfgx4";
+ };
+ format = "setuptools";
+ doCheck = false;
+ buildInputs = [];
+ checkInputs = [];
+ nativeBuildInputs = [];
+ propagatedBuildInputs = [];
+ };
+ # "hyperlink" = super.buildPythonPackage rec {
+ # pname = "hyperlink";
+ # version = "21.0.0";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/6e/aa/8caf6a0a3e62863cbb9dab27135660acba46903b703e224f14f447e57934/hyperlink-21.0.0-py2.py3-none-any.whl";
+ # sha256 = "1d7ibbr81vglky0kynswi2dbagwgrk1b9kbqgp3qjgmpxhvlrcg6";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [
+ # self."idna"
+ # ];
+ # };
+ # "idna" = super.buildPythonPackage rec {
+ # pname = "idna";
+ # version = "3.4";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/fc/34/3030de6f1370931b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl";
+ # sha256 = "1hn54ps4kgv2fmyvfaks38sgrvjc1cn4834sh7gadsx3x9wpxdwh";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [];
+ # };
+ # "incremental" = super.buildPythonPackage rec {
+ # pname = "incremental";
+ # version = "22.10.0";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/77/51/8073577012492fcd15628e811db585f447c500fa407e944ab3a18ec55fb7/incremental-22.10.0-py2.py3-none-any.whl";
+ # sha256 = "0l9yiml04ri84z7wm5ckig1ak2pyp1hsfd98mk2p5vl513rs2r5q";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [];
+ # };
+ # "jmespath" = super.buildPythonPackage rec {
+ # pname = "jmespath";
+ # version = "1.0.1";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/31/b4/b9b800c45527aadd64d5b442f9b932b00648617eb5d63d2c7a6587b7cafc/jmespath-1.0.1-py3-none-any.whl";
+ # sha256 = "10194nk0641vz2kpy442dsgdv44ia43zksrf6f4apg5mf76f9qh2";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [];
+ # };
+ # "psycopg2" = super.buildPythonPackage rec {
+ # pname = "psycopg2";
+ # version = "2.9.5";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/89/d6/cd8c46417e0f7a16b4b0fc321f4ab676a59250d08fce5b64921897fb07cc/psycopg2-2.9.5.tar.gz";
+ # sha256 = "0ni4kq6p7hbkm2qsky998q36q5gq5if4nwd8hwhjx5rsd0p6s955";
+ # };
+ # format = "setuptools";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [ pkgs.postgresql ];
+ # propagatedBuildInputs = [];
+ # };
+ # "python-dateutil" = super.buildPythonPackage rec {
+ # pname = "python-dateutil";
+ # version = "2.8.2";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/36/7a/87837f39d0296e723bb9b62bbb257d0355c7f6128853c78955f57342a56d/python_dateutil-2.8.2-py2.py3-none-any.whl";
+ # sha256 = "1aaxjfp4lrz8c6qls3vdhw554lan3khy9afyvdcvrssk6kf067cn";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [
+ # self."six"
+ # ];
+ # };
+ # "s3transfer" = super.buildPythonPackage rec {
+ # pname = "s3transfer";
+ # version = "0.6.0";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/5e/c6/af903b5fab3f9b5b1e883f49a770066314c6dcceb589cf938d48c89556c1/s3transfer-0.6.0-py3-none-any.whl";
+ # sha256 = "1kayip95pym87m33l4s7fq5h8aa4kb11ynpjnkqn2px1yds6n5q6";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [
+ # self."botocore"
+ # ];
+ # };
+ # "six" = super.buildPythonPackage rec {
+ # pname = "six";
+ # version = "1.16.0";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl";
+ # sha256 = "0m02dsi8lvrjf4bi20ab6lm7rr6krz7pg6lzk3xjs2l9hqfjzfwa";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [];
+ # };
+ "synapse-s3-storage-provider" = super.buildPythonPackage rec {
+ pname = "synapse-s3-storage-provider";
+ version = "1.1.2";
+ src = fetchurl {
+ url = "https://github.com/matrix-org/synapse-s3-storage-provider/archive/refs/tags/v1.1.2.zip";
+ sha256 = "0xd5icfvnvdd3qadlsmqvj2qjm6rsvk1vbpiycdc7ypr9dp7x9z8";
+ };
+ format = "setuptools";
+ doCheck = false;
+ buildInputs = [];
+ checkInputs = [];
+ nativeBuildInputs = [
+ pkgs."unzip"
+ ];
+ propagatedBuildInputs = [
+ self."pyyaml"
+ self."twisted" # Twisted
+ self."boto3"
+ self."botocore"
+ self."humanize"
+ self."psycopg2"
+ self."tqdm"
+ ];
+ };
+ # "tqdm" = super.buildPythonPackage rec {
+ # pname = "tqdm";
+ # version = "4.64.1";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/47/bb/849011636c4da2e44f1253cd927cfb20ada4374d8b3a4e425416e84900cc/tqdm-4.64.1-py2.py3-none-any.whl";
+ # sha256 = "18d68ickjbf5jb73aqvj0722p0r2kj14rwb5ik3b3lgwdw6idvkg";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [];
+ # };
+ #"typing-extensions" = super.buildPythonPackage rec {
+ # pname = "typing-extensions";
+ # version = "4.4.0";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/0b/8e/f1a0a5a76cfef77e1eb6004cb49e5f8d72634da638420b9ea492ce8305e8/typing_extensions-4.4.0-py3-none-any.whl";
+ # sha256 = "17j8jbywq5cjgh6354wyh9y47cvrbyw1hqj9xhsmsrcg81j4iyhn";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [];
+ #};
+ # "urllib3" = super.buildPythonPackage rec {
+ # pname = "urllib3";
+ # version = "1.26.13";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/65/0c/cc6644eaa594585e5875f46f3c83ee8762b647b51fc5b0fb253a242df2dc/urllib3-1.26.13-py2.py3-none-any.whl";
+ # sha256 = "1z21pgc451h1qcx1g74wnmj4wddswxh9p06m5vkwj2dakbchbk27";
+ # };
+ # format = "wheel";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [];
+ # };
+ # "zope.interface" = super.buildPythonPackage rec {
+ # pname = "zope.interface";
+ # version = "5.5.2";
+ # src = fetchurl {
+ # url = "https://files.pythonhosted.org/packages/38/6f/fbfb7dde38be7e5644bb342c4c7cdc444cd5e2ffbd70d091263b3858a8cb/zope.interface-5.5.2.tar.gz";
+ # sha256 = "0wg6vicx14bkmvfy19dcz5ch5apklywgaj73k6a82hr1yqzizvmz";
+ # };
+ # format = "setuptools";
+ # doCheck = false;
+ # buildInputs = [];
+ # checkInputs = [];
+ # nativeBuildInputs = [];
+ # propagatedBuildInputs = [
+ # self."setuptools"
+ # ];
+ # };
+}