diff options
author | Alex Auvolat <alex@adnab.me> | 2022-08-23 12:10:25 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-08-23 12:10:25 +0200 |
commit | 8cd804a8c06dc97bca3101917aba1bfc90f3f0d2 (patch) | |
tree | f6e59f65a65c0d8b5ba10735326a6a973d871737 /app/drone-ci/deploy/server.hcl | |
parent | 7d7efab9ee6b45b62e8966bbb56a5cf90397b179 (diff) | |
download | nixcfg-8cd804a8c06dc97bca3101917aba1bfc90f3f0d2.tar.gz nixcfg-8cd804a8c06dc97bca3101917aba1bfc90f3f0d2.zip |
Add Drone CI server with sqlite-on-s3 thing
Diffstat (limited to 'app/drone-ci/deploy/server.hcl')
-rw-r--r-- | app/drone-ci/deploy/server.hcl | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/app/drone-ci/deploy/server.hcl b/app/drone-ci/deploy/server.hcl new file mode 100644 index 0000000..85eb776 --- /dev/null +++ b/app/drone-ci/deploy/server.hcl @@ -0,0 +1,139 @@ +job "drone-ci" { + datacenters = ["neptune"] + type = "service" + + group "server" { + count = 1 + + network { + port "web_port" { + to = 80 + } + } + + task "restore-db" { + lifecycle { + hook = "prestart" + sidecar = false + } + + driver = "docker" + config { + image = "litestream/litestream:0.3.9" + args = [ + "restore", "-config", "/etc/litestream.yml", "/ephemeral/drone.db" + ] + volumes = [ + "../alloc/data:/ephemeral", + "secrets/litestream.yml:/etc/litestream.yml" + ] + } + + template { + data = file("../config/litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 200 + cpu = 1000 + } + } + + task "drone_server" { + driver = "docker" + config { + image = "drone/drone:2.12.0" + ports = [ "web_port" ] + + volumes = [ + "../alloc/data:/ephemeral", + ] + } + + template { + data = <<EOH +DRONE_GITEA_SERVER=https://git.deuxfleurs.fr +DRONE_GITEA_CLIENT_ID={{ key "secrets/drone-ci/oauth_client_id" }} +DRONE_GITEA_CLIENT_SECRET={{ key "secrets/drone-ci/oauth_client_secret" }} +DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" }} +DRONE_SERVER_HOST=drone.deuxfleurs.fr +DRONE_SERVER_PROTO=https +DRONE_DATABASE_SECRET={{ key "secrets/drone-ci/db_enc_secret" }} +DRONE_COOKIE_SECRET={{ key "secrets/drone-ci/cookie_secret" }} +AWS_ACCESS_KEY_ID={{ key "secrets/drone-ci/s3_ak" }} +AWS_SECRET_ACCESS_KEY={{ key "secrets/drone-ci/s3_sk" }} +AWS_DEFAULT_REGION=garage +AWS_REGION=garage +DRONE_S3_BUCKET={{ key "secrets/drone-ci/s3_storage_bucket" }} +DRONE_S3_ENDPOINT=https://garage.deuxfleurs.fr +DRONE_S3_PATH_STYLE=true +DRONE_DATABASE_DRIVER=sqlite3 +DRONE_DATABASE_DATASOURCE=/ephemeral/drone.db +DRONE_USER_CREATE=username:lx-admin,admin:true +__DRONE_REGISTRATION_CLOSED=true +DRONE_LOGS_TEXT=true +DRONE_LOGS_PRETTY=true +DRONE_LOGS_DEBUG=true +DOCKER_API_VERSION=1.39 +EOH + destination = "secrets/env" + env = true + } + + resources { + cpu = 100 + memory = 100 + } + + service { + name = "drone" + tags = [ + "drone", + "tricot drone.deuxfleurs.fr", + ] + port = "web_port" + address_mode = "host" + check { + type = "http" + protocol = "http" + port = "web_port" + path = "/" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "600s" + ignore_warnings = false + } + } + } + } + + task "replicate-db" { + driver = "docker" + config { + image = "litestream/litestream:0.3.9" + entrypoint = [ "/bin/sh" ] + args = [ + "-c", + "echo sleeping; sleep 60; echo launching; litestream replicate -config /etc/litestream.yml" + ] + volumes = [ + "../alloc/data:/ephemeral", + "secrets/litestream.yml:/etc/litestream.yml" + ] + } + + template { + data = file("../config/litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 250 + cpu = 100 + } + } + } +} |