135 lines
3.3 KiB
HCL
135 lines
3.3 KiB
HCL
job "[[ .instance ]]" {
|
|
[[- $c := merge .matrix . -]]
|
|
|
|
[[ template "common/job_start" $c ]]
|
|
|
|
group "matrix" {
|
|
[[- $c := merge $c.synapse $c ]]
|
|
|
|
[[ template "common/group_start" $c ]]
|
|
|
|
network {
|
|
mode = "bridge"
|
|
[[- if conv.ToBool $c.prometheus.enabled ]]
|
|
port "metrics" {}
|
|
[[- end ]]
|
|
}
|
|
|
|
[[ template "common/volumes" $c ]]
|
|
|
|
service {
|
|
name = "[[ .instance ]][[ .consul.suffix ]]"
|
|
port = 8008
|
|
|
|
[[ template "common/service_meta" $c ]]
|
|
|
|
check {
|
|
type = "http"
|
|
path = "/health"
|
|
expose = true
|
|
interval = "10s"
|
|
timeout = "5s"
|
|
task = "synapse"
|
|
|
|
check_restart {
|
|
limit = 12
|
|
grace = "10m"
|
|
}
|
|
}
|
|
|
|
tags = [
|
|
[[- $w := merge .matrix.nginx .matrix . ]]
|
|
[[- $a := merge .matrix.nginx.admin $w ]]
|
|
[[- $sa := merge .matrix.nginx.synapse_admin $w ]]
|
|
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_synapse/admin`)",
|
|
[[ template "common/traefik_tags" $a ]]
|
|
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_admin`)",
|
|
[[ template "common/traefik_tags" $sa ]]
|
|
"[[ $w.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) || (Host(`[[ .matrix.server_name ]]`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
|
|
[[ template "common/traefik_tags" $w ]]
|
|
]
|
|
|
|
[[ template "common/connect" $c ]]
|
|
}
|
|
|
|
[[ template "common/task.wait_for" $c ]]
|
|
[[ template "common/task.metrics_proxy" $c ]]
|
|
[[ template "common/task.pgpooler" $c ]]
|
|
|
|
task "synapse" {
|
|
driver = "[[ $c.nomad.driver ]]"
|
|
leader = true
|
|
|
|
config {
|
|
image = "[[ $c.image ]]"
|
|
pids_limit = 200
|
|
readonly_rootfs = true
|
|
}
|
|
|
|
[[ template "common/vault.policies" $c ]]
|
|
|
|
env {
|
|
SYNAPSE_CONFIG = "/secrets/homeserver.yml"
|
|
TMPDIR = "/data/tmp"
|
|
}
|
|
|
|
[[ template "common/file_env" $c ]]
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[ (merge $c.config ((tmpl.Exec "matrix/homeserver.yml.tpl" $c) | yaml)) | toYAML ]]
|
|
_EOT
|
|
destination = "secrets/homeserver.yml"
|
|
uid = 100000
|
|
gid = 108008
|
|
perms = 0640
|
|
}
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[ template "matrix/logging.conf.tpl" . ]]
|
|
_EOT
|
|
destination = "secrets/logging.conf"
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "data"
|
|
destination = "/data"
|
|
}
|
|
|
|
[[ template "common/resources" $c ]]
|
|
}
|
|
|
|
[[ $c = merge .matrix.nginx . ]]
|
|
task "nginx" {
|
|
driver = "[[ $c.nomad.driver ]]"
|
|
|
|
config {
|
|
image = "[[ $c.image ]]"
|
|
readonly_rootfs = true
|
|
pids_limit = 100
|
|
volumes = [
|
|
"local/nginx.conf:/etc/nginx/conf.d/default.conf:ro",
|
|
]
|
|
[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]
|
|
}
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[ template "matrix/nginx.conf.tpl" $c ]]
|
|
_EOT
|
|
destination = "local/nginx.conf"
|
|
}
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[ template "matrix/element.json.tpl" $c ]]
|
|
_EOT
|
|
destination = "local/element.json"
|
|
}
|
|
|
|
[[ template "common/resources" $c ]]
|
|
}
|
|
}
|
|
}
|