From e37c1f9057ed986ac50b86463a4dbe6bf5d77f02 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Thu, 25 Aug 2022 01:02:16 +0200
Subject: Deploy Matrix

---
 cluster/prod/app/matrix/deploy/im.hcl | 200 ++++++++++++++++++++++++++++++++++
 1 file changed, 200 insertions(+)
 create mode 100644 cluster/prod/app/matrix/deploy/im.hcl

(limited to 'cluster/prod/app/matrix/deploy/im.hcl')

diff --git a/cluster/prod/app/matrix/deploy/im.hcl b/cluster/prod/app/matrix/deploy/im.hcl
new file mode 100644
index 0000000..0e219dd
--- /dev/null
+++ b/cluster/prod/app/matrix/deploy/im.hcl
@@ -0,0 +1,200 @@
+job "matrix" {
+  datacenters = ["orion"]
+  type = "service"
+  priority = 60
+
+  group "matrix" {
+    count = 1
+
+    network {
+      port "api_port" { static = 8008 }
+    }
+
+    task "synapse" {
+      driver = "docker"
+
+      config {
+        image = "superboum/amd64_synapse:v54"
+        network_mode = "host"
+        readonly_rootfs = true
+        ports = [ "api_port" ]
+        command = "python"
+        args = [
+          "-m", "synapse.app.homeserver",
+          "-n",
+          "-c", "/etc/matrix-synapse/homeserver.yaml"
+        ]
+        volumes = [
+          "secrets/conf:/etc/matrix-synapse",
+          "/tmp/synapse-media:/var/lib/matrix-synapse/media",
+          "/tmp/synapse-uploads:/var/lib/matrix-synapse/uploads",
+          "/tmp/synapse-logs:/var/log/matrix-synapse",
+          "/tmp/synapse:/tmp"
+        ]
+      }
+
+      template {
+        data = file("../config/synapse/homeserver.yaml")
+        destination = "secrets/conf/homeserver.yaml"
+      }
+
+      template {
+        data = file("../config/synapse/log.yaml")
+        destination = "secrets/conf/log.yaml"
+      }
+
+      template {
+        data = file("../config/synapse/conf.d/server_name.yaml")
+        destination = "secrets/conf/server_name.yaml"
+      }
+
+      template {
+        data = file("../config/synapse/conf.d/report_stats.yaml")
+        destination = "secrets/conf/report_stats.yaml"
+      }
+
+      # --- secrets ---
+      template {
+        data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}"
+        destination = "secrets/conf/homeserver.tls.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}"
+        destination = "secrets/conf/homeserver.tls.dh"
+      }
+
+      template {
+        data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}"
+        destination = "secrets/conf/homeserver.tls.key"
+      }
+
+      template {
+        data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}"
+        destination = "secrets/conf/homeserver.signing.key"
+      }
+
+      env {
+        SYNAPSE_CACHE_FACTOR = 1
+      }
+
+      resources {
+        cpu = 1000
+        memory = 1000
+      }
+
+      service {
+        name = "synapse"
+        port = "api_port"
+        address_mode = "host"
+        tags = [
+          "matrix",
+          "tricot im.deuxfleurs.fr/_matrix 100",
+          "tricot im.deuxfleurs.fr:443/_matrix 100",
+          "tricot im.deuxfleurs.fr/_synapse 100",
+          "tricot-add-header Access-Control-Allow-Origin *",
+        ]
+        check {
+          type = "tcp"
+          port = "api_port"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "90s"
+            ignore_warnings = false
+          }
+        }
+      }
+    }
+
+
+    task "media-async-upload" {
+      driver = "docker"
+
+      config {
+        image = "superboum/amd64_synapse:v54"
+        readonly_rootfs = true
+        command = "/usr/local/bin/matrix-s3-async"
+        work_dir = "/tmp"
+        volumes = [
+          "/tmp/synapse-media:/var/lib/matrix-synapse/media",
+          "/tmp/synapse-uploads:/var/lib/matrix-synapse/uploads",
+          "/tmp/synapse:/tmp"
+        ]
+      }
+
+      resources {
+        cpu = 100
+        memory = 100
+      }
+
+      template {
+        data = <<EOH
+AWS_ACCESS_KEY_ID={{ key "secrets/chat/synapse/s3_access_key" | trimSpace }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/chat/synapse/s3_secret_key" | trimSpace }}
+AWS_DEFAULT_REGION=garage
+PG_USER={{ key "secrets/chat/synapse/postgres_user" | trimSpace }}
+PG_PASS={{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }}
+PG_DB={{ key "secrets/chat/synapse/postgres_db" | trimSpace }}
+PG_HOST=psql-proxy.service.2.cluster.deuxfleurs.fr
+PG_PORT=5432
+EOH
+        destination = "secrets/env"
+        env = true
+      }
+    }
+  }
+
+
+  group "riotweb" {
+    count = 1
+
+    network {
+      port "web_port" { to = 8043 }
+    }
+
+    task "server" {
+      driver = "docker"
+      config {
+        image = "superboum/amd64_riotweb:v31"
+        ports = [ "web_port" ]
+        volumes = [
+          "secrets/config.json:/srv/http/config.json"
+        ]
+      }
+
+      template {
+        data = file("../config/riot_web/config.json")
+        destination   = "secrets/config.json"
+      }
+
+      resources {
+        memory = 21
+      }
+
+      service {
+        tags = [
+          "webstatic",
+          "tricot im.deuxfleurs.fr 10",
+          "tricot riot.deuxfleurs.fr 10",
+        ]
+        port = "web_port"
+        address_mode = "host"
+        name = "webstatic"
+        check {
+          type = "tcp"
+          port = "web_port"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "90s"
+            ignore_warnings = false
+          }
+        }
+      }
+    }
+  }
+}
+
-- 
cgit v1.2.3