diff options
author | Alex Auvolat <alex@adnab.me> | 2022-08-24 15:42:47 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-08-24 15:42:47 +0200 |
commit | 2e8923b383eb06c53261eee8e5c442b857fb67e4 (patch) | |
tree | 0ad148f75f7b54dfed2dbac8f43f6df9badc502a /app/drone-ci/deploy | |
parent | 9848f3090f77363a2fda0f9fa673ebcf1fb8228c (diff) | |
download | nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.tar.gz nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.zip |
Move app files into cluster subdirectories; add prod garage
Diffstat (limited to 'app/drone-ci/deploy')
-rw-r--r-- | app/drone-ci/deploy/bad-runner-vm.hcl | 48 | ||||
-rw-r--r-- | app/drone-ci/deploy/runner-docker.hcl | 91 | ||||
-rw-r--r-- | app/drone-ci/deploy/server.hcl | 139 |
3 files changed, 0 insertions, 278 deletions
diff --git a/app/drone-ci/deploy/bad-runner-vm.hcl b/app/drone-ci/deploy/bad-runner-vm.hcl deleted file mode 100644 index 7c3a7e2..0000000 --- a/app/drone-ci/deploy/bad-runner-vm.hcl +++ /dev/null @@ -1,48 +0,0 @@ -job "drone-runner" { - datacenters = ["neptune"] - type = "system" - - group "runner-vm" { - network { - port "ssh" { - static = 22544 - } - } - - task "drone-runner-vm" { - driver = "qemu" - - config { - image_path = "local/drone-runner.qcow2" - accelerator = "kvm" - args = [ - "-drive", "index=1,file=fat:rw:/var/lib/nomad/alloc/${NOMAD_ALLOC_ID}/${NOMAD_TASK_NAME}/secrets,format=raw,media=disk", - "-device", "e1000,netdev=user.0", - "-netdev", "user,id=user.0,hostfwd=tcp::${NOMAD_PORT_ssh}-:22", - "-smp", "2", - ] - port_map { - ssh = 22 - } - } - - artifact { - source = "https://alex.web.deuxfleurs.fr/drone-runner.qcow2.zst" - destination = "local/drone-runner.qcow2" - mode = "file" - } - - template { - data = <<EOH -DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" | trimSpace }} -DRONE_RUNNER_NAME={{ env "attr.unique.hostname" }} -EOH - destination = "secrets/secret_env" - } - - resources { - memory = 2000 - } - } - } -} diff --git a/app/drone-ci/deploy/runner-docker.hcl b/app/drone-ci/deploy/runner-docker.hcl deleted file mode 100644 index d7c6ef4..0000000 --- a/app/drone-ci/deploy/runner-docker.hcl +++ /dev/null @@ -1,91 +0,0 @@ -job "drone-runner" { - datacenters = ["neptune"] - type = "system" - - group "runner" { - - task "populate-nix-store" { - lifecycle { - hook = "prestart" - sidecar = false - } - - driver = "docker" - config { - image = "nixpkgs/nix:nixos-21.05" - command = "sh" - args = [ - "-c", "test -d /mnt/store || cp -rv /nix/{store,var} /mnt/" - ] - volumes = [ - "/var/lib/drone/nix:/mnt", - ] - } - - resources { - memory = 100 - cpu = 100 - } - } - - task "drone-runner" { - driver = "docker" - config { - image = "drone/drone-runner-docker:1.8.1" - - volumes = [ - "/var/lib/drone/nix:/nix", - "/var/run/docker.sock:/var/run/docker.sock" - ] - } - - template { - data = <<EOH -DRONE_RPC_PROTO=https -DRONE_RPC_HOST=drone.deuxfleurs.fr -DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" | trimSpace }} -DRONE_RUNNER_CAPACITY=1 -DRONE_DEBUG=true -DRONE_LOGS_TRACE=true -DRONE_RPC_DUMP_HTTP=true -DRONE_RPC_DUMP_HTTP_BODY=true -DRONE_RUNNER_NAME={{ env "attr.unique.hostname" }} -DRONE_RUNNER_LABELS=nix:1 -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 200 - cpu = 100 - } - } - - task "drone-gc" { - driver = "docker" - config { - image = "drone/gc:latest" - - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock" - ] - } - - template { - data = <<EOH -GC_DEBUG=true -GC_CACHE=10gb -GC_INTERVAL=10m -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 100 - cpu = 100 - } - } - } -} diff --git a/app/drone-ci/deploy/server.hcl b/app/drone-ci/deploy/server.hcl deleted file mode 100644 index 85eb776..0000000 --- a/app/drone-ci/deploy/server.hcl +++ /dev/null @@ -1,139 +0,0 @@ -job "drone-ci" { - datacenters = ["neptune"] - type = "service" - - group "server" { - count = 1 - - network { - port "web_port" { - to = 80 - } - } - - task "restore-db" { - lifecycle { - hook = "prestart" - sidecar = false - } - - driver = "docker" - config { - image = "litestream/litestream:0.3.9" - args = [ - "restore", "-config", "/etc/litestream.yml", "/ephemeral/drone.db" - ] - volumes = [ - "../alloc/data:/ephemeral", - "secrets/litestream.yml:/etc/litestream.yml" - ] - } - - template { - data = file("../config/litestream.yml") - destination = "secrets/litestream.yml" - } - - resources { - memory = 200 - cpu = 1000 - } - } - - task "drone_server" { - driver = "docker" - config { - image = "drone/drone:2.12.0" - ports = [ "web_port" ] - - volumes = [ - "../alloc/data:/ephemeral", - ] - } - - template { - data = <<EOH -DRONE_GITEA_SERVER=https://git.deuxfleurs.fr -DRONE_GITEA_CLIENT_ID={{ key "secrets/drone-ci/oauth_client_id" }} -DRONE_GITEA_CLIENT_SECRET={{ key "secrets/drone-ci/oauth_client_secret" }} -DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" }} -DRONE_SERVER_HOST=drone.deuxfleurs.fr -DRONE_SERVER_PROTO=https -DRONE_DATABASE_SECRET={{ key "secrets/drone-ci/db_enc_secret" }} -DRONE_COOKIE_SECRET={{ key "secrets/drone-ci/cookie_secret" }} -AWS_ACCESS_KEY_ID={{ key "secrets/drone-ci/s3_ak" }} -AWS_SECRET_ACCESS_KEY={{ key "secrets/drone-ci/s3_sk" }} -AWS_DEFAULT_REGION=garage -AWS_REGION=garage -DRONE_S3_BUCKET={{ key "secrets/drone-ci/s3_storage_bucket" }} -DRONE_S3_ENDPOINT=https://garage.deuxfleurs.fr -DRONE_S3_PATH_STYLE=true -DRONE_DATABASE_DRIVER=sqlite3 -DRONE_DATABASE_DATASOURCE=/ephemeral/drone.db -DRONE_USER_CREATE=username:lx-admin,admin:true -__DRONE_REGISTRATION_CLOSED=true -DRONE_LOGS_TEXT=true -DRONE_LOGS_PRETTY=true -DRONE_LOGS_DEBUG=true -DOCKER_API_VERSION=1.39 -EOH - destination = "secrets/env" - env = true - } - - resources { - cpu = 100 - memory = 100 - } - - service { - name = "drone" - tags = [ - "drone", - "tricot drone.deuxfleurs.fr", - ] - port = "web_port" - address_mode = "host" - check { - type = "http" - protocol = "http" - port = "web_port" - path = "/" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "600s" - ignore_warnings = false - } - } - } - } - - task "replicate-db" { - driver = "docker" - config { - image = "litestream/litestream:0.3.9" - entrypoint = [ "/bin/sh" ] - args = [ - "-c", - "echo sleeping; sleep 60; echo launching; litestream replicate -config /etc/litestream.yml" - ] - volumes = [ - "../alloc/data:/ephemeral", - "secrets/litestream.yml:/etc/litestream.yml" - ] - } - - template { - data = file("../config/litestream.yml") - destination = "secrets/litestream.yml" - } - - resources { - memory = 250 - cpu = 100 - } - } - } -} |