aboutsummaryrefslogtreecommitdiff
path: root/app/drone-ci/deploy
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-08-24 15:42:47 +0200
committerAlex Auvolat <alex@adnab.me>2022-08-24 15:42:47 +0200
commit2e8923b383eb06c53261eee8e5c442b857fb67e4 (patch)
tree0ad148f75f7b54dfed2dbac8f43f6df9badc502a /app/drone-ci/deploy
parent9848f3090f77363a2fda0f9fa673ebcf1fb8228c (diff)
downloadnixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.tar.gz
nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.zip
Move app files into cluster subdirectories; add prod garage
Diffstat (limited to 'app/drone-ci/deploy')
-rw-r--r--app/drone-ci/deploy/bad-runner-vm.hcl48
-rw-r--r--app/drone-ci/deploy/runner-docker.hcl91
-rw-r--r--app/drone-ci/deploy/server.hcl139
3 files changed, 0 insertions, 278 deletions
diff --git a/app/drone-ci/deploy/bad-runner-vm.hcl b/app/drone-ci/deploy/bad-runner-vm.hcl
deleted file mode 100644
index 7c3a7e2..0000000
--- a/app/drone-ci/deploy/bad-runner-vm.hcl
+++ /dev/null
@@ -1,48 +0,0 @@
-job "drone-runner" {
- datacenters = ["neptune"]
- type = "system"
-
- group "runner-vm" {
- network {
- port "ssh" {
- static = 22544
- }
- }
-
- task "drone-runner-vm" {
- driver = "qemu"
-
- config {
- image_path = "local/drone-runner.qcow2"
- accelerator = "kvm"
- args = [
- "-drive", "index=1,file=fat:rw:/var/lib/nomad/alloc/${NOMAD_ALLOC_ID}/${NOMAD_TASK_NAME}/secrets,format=raw,media=disk",
- "-device", "e1000,netdev=user.0",
- "-netdev", "user,id=user.0,hostfwd=tcp::${NOMAD_PORT_ssh}-:22",
- "-smp", "2",
- ]
- port_map {
- ssh = 22
- }
- }
-
- artifact {
- source = "https://alex.web.deuxfleurs.fr/drone-runner.qcow2.zst"
- destination = "local/drone-runner.qcow2"
- mode = "file"
- }
-
- template {
- data = <<EOH
-DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" | trimSpace }}
-DRONE_RUNNER_NAME={{ env "attr.unique.hostname" }}
-EOH
- destination = "secrets/secret_env"
- }
-
- resources {
- memory = 2000
- }
- }
- }
-}
diff --git a/app/drone-ci/deploy/runner-docker.hcl b/app/drone-ci/deploy/runner-docker.hcl
deleted file mode 100644
index d7c6ef4..0000000
--- a/app/drone-ci/deploy/runner-docker.hcl
+++ /dev/null
@@ -1,91 +0,0 @@
-job "drone-runner" {
- datacenters = ["neptune"]
- type = "system"
-
- group "runner" {
-
- task "populate-nix-store" {
- lifecycle {
- hook = "prestart"
- sidecar = false
- }
-
- driver = "docker"
- config {
- image = "nixpkgs/nix:nixos-21.05"
- command = "sh"
- args = [
- "-c", "test -d /mnt/store || cp -rv /nix/{store,var} /mnt/"
- ]
- volumes = [
- "/var/lib/drone/nix:/mnt",
- ]
- }
-
- resources {
- memory = 100
- cpu = 100
- }
- }
-
- task "drone-runner" {
- driver = "docker"
- config {
- image = "drone/drone-runner-docker:1.8.1"
-
- volumes = [
- "/var/lib/drone/nix:/nix",
- "/var/run/docker.sock:/var/run/docker.sock"
- ]
- }
-
- template {
- data = <<EOH
-DRONE_RPC_PROTO=https
-DRONE_RPC_HOST=drone.deuxfleurs.fr
-DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" | trimSpace }}
-DRONE_RUNNER_CAPACITY=1
-DRONE_DEBUG=true
-DRONE_LOGS_TRACE=true
-DRONE_RPC_DUMP_HTTP=true
-DRONE_RPC_DUMP_HTTP_BODY=true
-DRONE_RUNNER_NAME={{ env "attr.unique.hostname" }}
-DRONE_RUNNER_LABELS=nix:1
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 200
- cpu = 100
- }
- }
-
- task "drone-gc" {
- driver = "docker"
- config {
- image = "drone/gc:latest"
-
- volumes = [
- "/var/run/docker.sock:/var/run/docker.sock"
- ]
- }
-
- template {
- data = <<EOH
-GC_DEBUG=true
-GC_CACHE=10gb
-GC_INTERVAL=10m
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 100
- cpu = 100
- }
- }
- }
-}
diff --git a/app/drone-ci/deploy/server.hcl b/app/drone-ci/deploy/server.hcl
deleted file mode 100644
index 85eb776..0000000
--- a/app/drone-ci/deploy/server.hcl
+++ /dev/null
@@ -1,139 +0,0 @@
-job "drone-ci" {
- datacenters = ["neptune"]
- type = "service"
-
- group "server" {
- count = 1
-
- network {
- port "web_port" {
- to = 80
- }
- }
-
- task "restore-db" {
- lifecycle {
- hook = "prestart"
- sidecar = false
- }
-
- driver = "docker"
- config {
- image = "litestream/litestream:0.3.9"
- args = [
- "restore", "-config", "/etc/litestream.yml", "/ephemeral/drone.db"
- ]
- volumes = [
- "../alloc/data:/ephemeral",
- "secrets/litestream.yml:/etc/litestream.yml"
- ]
- }
-
- template {
- data = file("../config/litestream.yml")
- destination = "secrets/litestream.yml"
- }
-
- resources {
- memory = 200
- cpu = 1000
- }
- }
-
- task "drone_server" {
- driver = "docker"
- config {
- image = "drone/drone:2.12.0"
- ports = [ "web_port" ]
-
- volumes = [
- "../alloc/data:/ephemeral",
- ]
- }
-
- template {
- data = <<EOH
-DRONE_GITEA_SERVER=https://git.deuxfleurs.fr
-DRONE_GITEA_CLIENT_ID={{ key "secrets/drone-ci/oauth_client_id" }}
-DRONE_GITEA_CLIENT_SECRET={{ key "secrets/drone-ci/oauth_client_secret" }}
-DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" }}
-DRONE_SERVER_HOST=drone.deuxfleurs.fr
-DRONE_SERVER_PROTO=https
-DRONE_DATABASE_SECRET={{ key "secrets/drone-ci/db_enc_secret" }}
-DRONE_COOKIE_SECRET={{ key "secrets/drone-ci/cookie_secret" }}
-AWS_ACCESS_KEY_ID={{ key "secrets/drone-ci/s3_ak" }}
-AWS_SECRET_ACCESS_KEY={{ key "secrets/drone-ci/s3_sk" }}
-AWS_DEFAULT_REGION=garage
-AWS_REGION=garage
-DRONE_S3_BUCKET={{ key "secrets/drone-ci/s3_storage_bucket" }}
-DRONE_S3_ENDPOINT=https://garage.deuxfleurs.fr
-DRONE_S3_PATH_STYLE=true
-DRONE_DATABASE_DRIVER=sqlite3
-DRONE_DATABASE_DATASOURCE=/ephemeral/drone.db
-DRONE_USER_CREATE=username:lx-admin,admin:true
-__DRONE_REGISTRATION_CLOSED=true
-DRONE_LOGS_TEXT=true
-DRONE_LOGS_PRETTY=true
-DRONE_LOGS_DEBUG=true
-DOCKER_API_VERSION=1.39
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- cpu = 100
- memory = 100
- }
-
- service {
- name = "drone"
- tags = [
- "drone",
- "tricot drone.deuxfleurs.fr",
- ]
- port = "web_port"
- address_mode = "host"
- check {
- type = "http"
- protocol = "http"
- port = "web_port"
- path = "/"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "600s"
- ignore_warnings = false
- }
- }
- }
- }
-
- task "replicate-db" {
- driver = "docker"
- config {
- image = "litestream/litestream:0.3.9"
- entrypoint = [ "/bin/sh" ]
- args = [
- "-c",
- "echo sleeping; sleep 60; echo launching; litestream replicate -config /etc/litestream.yml"
- ]
- volumes = [
- "../alloc/data:/ephemeral",
- "secrets/litestream.yml:/etc/litestream.yml"
- ]
- }
-
- template {
- data = file("../config/litestream.yml")
- destination = "secrets/litestream.yml"
- }
-
- resources {
- memory = 250
- cpu = 100
- }
- }
- }
-}