job "[[ .instance ]]" {
[[- $c := merge .matrix . -]]

[[ template "common/job_start" $c ]]

  group "matrix" {
[[- $c := merge $c.synapse $c ]]

[[ template "common/group_start" $c ]]

    network {
      mode = "bridge"
[[- if conv.ToBool $c.prometheus.enabled ]]
      port "metrics" {}
[[- end ]]
    }

[[ template "common/volumes" $c ]]

    service {
      name = "[[ .instance ]][[ .consul.suffix ]]"
      port = 8008

[[ template "common/service_meta" $c ]]

      check {
        type     = "http"
        path     = "/health"
        expose   = true
[[ template "common/check_settings" $c ]]
        check_restart {
          limit = 12
          grace = "10m"
        }
      }

      tags = [
[[- $w := merge .matrix.nginx .matrix . ]]
[[- $a := merge .matrix.nginx.admin $w ]]
[[- $sa := merge .matrix.nginx.synapse_admin $w ]]
        "[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_synapse/admin`)",
[[ template "common/traefik_tags" $a ]]
        "[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_admin`)",
[[ template "common/traefik_tags" $sa ]]
        "[[ $w.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) || (Host(`[[ .matrix.server_name ]]`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
[[ template "common/traefik_tags" $w ]]
      ]

[[ template "common/connect" $c ]]
    }

[[ template "common/task.wait_for" $c ]]
[[ template "common/task.metrics_proxy" $c ]]
[[ template "common/task.pgpooler" $c ]]

    task "synapse" {
      driver = "[[ $c.nomad.driver ]]"
      leader = true

      config {
        image           = "[[ $c.image ]]"
        pids_limit      = 200
        readonly_rootfs = true
      }

[[ template "common/vault.policies" $c ]]

      env {
        SYNAPSE_CONFIG = "/secrets/homeserver.yml"
        TMPDIR         = "/data/tmp"
      }

[[ template "common/file_env" $c ]]

      template {
        data =<<_EOT
[[ (merge $c.config ((tmpl.Exec "matrix/homeserver.yml.tpl" $c) | yaml)) | toYAML ]]
_EOT
        destination = "secrets/homeserver.yml"
        uid = 100000
        gid = 108008
        perms = 0640
      }

      template {
        data =<<_EOT
[[ template "matrix/logging.conf.tpl" . ]]
_EOT
        destination = "secrets/logging.conf"
      }

      volume_mount {
        volume      = "data"
        destination = "/data"
      }

[[ template "common/resources" $c ]]
    }

[[ $c = merge .matrix.nginx . ]]
    task "nginx" {
      driver = "[[ $c.nomad.driver ]]"

      config {
        image           = "[[ $c.image ]]"
        readonly_rootfs = true
        pids_limit      = 100
        volumes         = [
          "local/nginx.conf:/etc/nginx/conf.d/default.conf:ro",
        ]
[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]
      }

      template {
        data =<<_EOT
[[ template "matrix/nginx.conf.tpl" $c ]]
_EOT
        destination = "local/nginx.conf"
      }

      template {
        data =<<_EOT
[[ template "matrix/element.json.tpl" $c ]]
_EOT
        destination = "local/element.json"
      }

[[ template "common/resources" $c ]]
    }
  }
}