aboutsummaryrefslogtreecommitdiff
path: root/app/drone-ci
diff options
context:
space:
mode:
Diffstat (limited to 'app/drone-ci')
-rw-r--r--app/drone-ci/deploy/drone.hcl123
-rw-r--r--app/drone-ci/secrets/drone-ci/cookie_secret1
-rw-r--r--app/drone-ci/secrets/drone-ci/db_enc_secret1
-rw-r--r--app/drone-ci/secrets/drone-ci/db_pass1
-rw-r--r--app/drone-ci/secrets/drone-ci/db_user1
-rw-r--r--app/drone-ci/secrets/drone-ci/oauth_client_id1
-rw-r--r--app/drone-ci/secrets/drone-ci/oauth_client_secret1
-rw-r--r--app/drone-ci/secrets/drone-ci/rpc_secret1
-rw-r--r--app/drone-ci/secrets/drone-ci/s3_ak1
-rw-r--r--app/drone-ci/secrets/drone-ci/s3_bucket1
-rw-r--r--app/drone-ci/secrets/drone-ci/s3_sk1
11 files changed, 133 insertions, 0 deletions
diff --git a/app/drone-ci/deploy/drone.hcl b/app/drone-ci/deploy/drone.hcl
new file mode 100644
index 0000000..8d39422
--- /dev/null
+++ b/app/drone-ci/deploy/drone.hcl
@@ -0,0 +1,123 @@
+job "drone-ci" {
+ datacenters = ["dc1"]
+ type = "service"
+
+ group "server" {
+ count = 1
+
+ network {
+ port "web_port" {
+ to = 80
+ }
+ }
+
+ task "drone_server" {
+ driver = "docker"
+ config {
+ image = "drone/drone:1.10.1"
+ ports = [ "web_port" ]
+ }
+
+ template {
+ data = <<EOH
+DRONE_GITEA_SERVER=https://git.deuxfleurs.fr
+DRONE_GITEA_CLIENT_ID={{ key "secrets/drone-ci/oauth_client_id" }}
+DRONE_GITEA_CLIENT_SECRET={{ key "secrets/drone-ci/oauth_client_secret" }}
+DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" }}
+DRONE_SERVER_HOST=drone.deuxfleurs.fr
+DRONE_SERVER_PROTO=https
+DRONE_DATABASE_SECRET={{ key "secrets/drone-ci/db_enc_secret" }}
+DRONE_COOKIE_SECRET={{ key "secrets/drone-ci/cookie_secret" }}
+AWS_ACCESS_KEY_ID={{ key "secrets/drone-ci/s3_ak" }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/drone-ci/s3_sk" }}
+AWS_DEFAULT_REGION=garage
+AWS_REGION=garage
+DRONE_S3_BUCKET={{ key "secrets/drone-ci/s3_bucket" }}
+DRONE_S3_ENDPOINT=https://garage.deuxfleurs.fr
+DRONE_S3_PATH_STYLE=true
+DRONE_DATABASE_DRIVER=postgres
+DRONE_DATABASE_DATASOURCE=postgres://{{ key "secrets/drone-ci/db_user" }}:{{ key "secrets/drone-ci/db_pass" }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/postgres?sslmode=disable
+DRONE_USER_CREATE=username:lx-admin,admin:true
+DRONE_LOGS_TEXT=true
+DRONE_LOGS_PRETTY=true
+DRONE_LOGS_DEBUG=true
+DOCKER_API_VERSION=1.39
+EOH
+ destination = "secrets/env"
+ env = true
+ }
+
+ resources {
+ memory = 100
+ cpu = 100
+ }
+
+ service {
+ name = "drone"
+ tags = [
+ "drone",
+ "traefik.enable=true",
+ "traefik.frontend.entryPoints=https,http",
+ "traefik.frontend.rule=Host:drone.deuxfleurs.fr",
+ ]
+ port = "web_port"
+ address_mode = "host"
+ check {
+ type = "http"
+ protocol = "http"
+ port = "web_port"
+ path = "/"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "600s"
+ ignore_warnings = false
+ }
+ }
+ }
+ }
+ }
+
+ group "runner" {
+ count = 3
+
+ constraint {
+ operator = "distinct_hosts"
+ value = "true"
+ }
+
+ task "drone_runner" {
+ driver = "docker"
+ config {
+ network_mode = "host"
+
+ #image = "drone/drone-runner-nomad:latest"
+
+ image = "drone/drone-runner-docker:latest"
+ volumes = [
+ "/var/run/docker.sock:/var/run/docker.sock"
+ ]
+ }
+
+ template {
+ data = <<EOH
+DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" }}
+DRONE_RPC_HOST=drone.deuxfleurs.fr
+DRONE_RPC_PROTO=https
+DRONE_RUNNER_NAME={{ env "node.unique.name" }}
+DRONE_DEBUG=true
+NOMAD_ADDR=http://nomad-client.service.2.cluster.deuxfleurs.fr:4646
+DOCKER_API_VERSION=1.39
+EOH
+ destination = "secrets/env"
+ env = true
+ }
+
+ resources {
+ memory = 100
+ cpu = 100
+ }
+ }
+ }
+}
diff --git a/app/drone-ci/secrets/drone-ci/cookie_secret b/app/drone-ci/secrets/drone-ci/cookie_secret
new file mode 100644
index 0000000..04c819e
--- /dev/null
+++ b/app/drone-ci/secrets/drone-ci/cookie_secret
@@ -0,0 +1 @@
+CMD openssl rand -hex 16
diff --git a/app/drone-ci/secrets/drone-ci/db_enc_secret b/app/drone-ci/secrets/drone-ci/db_enc_secret
new file mode 100644
index 0000000..3f9e696
--- /dev/null
+++ b/app/drone-ci/secrets/drone-ci/db_enc_secret
@@ -0,0 +1 @@
+CMD_ONCE openssl rand -hex 16
diff --git a/app/drone-ci/secrets/drone-ci/db_pass b/app/drone-ci/secrets/drone-ci/db_pass
new file mode 100644
index 0000000..0c971a6
--- /dev/null
+++ b/app/drone-ci/secrets/drone-ci/db_pass
@@ -0,0 +1 @@
+SERVICE_PASSWORD drone
diff --git a/app/drone-ci/secrets/drone-ci/db_user b/app/drone-ci/secrets/drone-ci/db_user
new file mode 100644
index 0000000..dc07c5d
--- /dev/null
+++ b/app/drone-ci/secrets/drone-ci/db_user
@@ -0,0 +1 @@
+CONST drone
diff --git a/app/drone-ci/secrets/drone-ci/oauth_client_id b/app/drone-ci/secrets/drone-ci/oauth_client_id
new file mode 100644
index 0000000..c801b28
--- /dev/null
+++ b/app/drone-ci/secrets/drone-ci/oauth_client_id
@@ -0,0 +1 @@
+USER OAuth client ID (on Gitea)
diff --git a/app/drone-ci/secrets/drone-ci/oauth_client_secret b/app/drone-ci/secrets/drone-ci/oauth_client_secret
new file mode 100644
index 0000000..b79b688
--- /dev/null
+++ b/app/drone-ci/secrets/drone-ci/oauth_client_secret
@@ -0,0 +1 @@
+USER OAuth client secret (for gitea)
diff --git a/app/drone-ci/secrets/drone-ci/rpc_secret b/app/drone-ci/secrets/drone-ci/rpc_secret
new file mode 100644
index 0000000..04c819e
--- /dev/null
+++ b/app/drone-ci/secrets/drone-ci/rpc_secret
@@ -0,0 +1 @@
+CMD openssl rand -hex 16
diff --git a/app/drone-ci/secrets/drone-ci/s3_ak b/app/drone-ci/secrets/drone-ci/s3_ak
new file mode 100644
index 0000000..3a8e4a2
--- /dev/null
+++ b/app/drone-ci/secrets/drone-ci/s3_ak
@@ -0,0 +1 @@
+USER S3 (garage) access key for Drone
diff --git a/app/drone-ci/secrets/drone-ci/s3_bucket b/app/drone-ci/secrets/drone-ci/s3_bucket
new file mode 100644
index 0000000..dc07c5d
--- /dev/null
+++ b/app/drone-ci/secrets/drone-ci/s3_bucket
@@ -0,0 +1 @@
+CONST drone
diff --git a/app/drone-ci/secrets/drone-ci/s3_sk b/app/drone-ci/secrets/drone-ci/s3_sk
new file mode 100644
index 0000000..46fd9fa
--- /dev/null
+++ b/app/drone-ci/secrets/drone-ci/s3_sk
@@ -0,0 +1 @@
+USER S3 (garage) secret key for Drone