diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-08-24 15:42:47 +0200 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-08-24 15:42:47 +0200 |
| commit | 2e8923b383eb06c53261eee8e5c442b857fb67e4 (patch) | |
| tree | 0ad148f75f7b54dfed2dbac8f43f6df9badc502a /cluster/prod/app/drone-ci/deploy/server.hcl | |
| parent | 9848f3090f77363a2fda0f9fa673ebcf1fb8228c (diff) | |
| download | nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.tar.gz nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.zip | |
Move app files into cluster subdirectories; add prod garage
Diffstat (limited to 'cluster/prod/app/drone-ci/deploy/server.hcl')
| -rw-r--r-- | cluster/prod/app/drone-ci/deploy/server.hcl | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/cluster/prod/app/drone-ci/deploy/server.hcl b/cluster/prod/app/drone-ci/deploy/server.hcl new file mode 100644 index 0000000..85eb776 --- /dev/null +++ b/cluster/prod/app/drone-ci/deploy/server.hcl @@ -0,0 +1,139 @@ +job "drone-ci" { + datacenters = ["neptune"] + type = "service" + + group "server" { + count = 1 + + network { + port "web_port" { + to = 80 + } + } + + task "restore-db" { + lifecycle { + hook = "prestart" + sidecar = false + } + + driver = "docker" + config { + image = "litestream/litestream:0.3.9" + args = [ + "restore", "-config", "/etc/litestream.yml", "/ephemeral/drone.db" + ] + volumes = [ + "../alloc/data:/ephemeral", + "secrets/litestream.yml:/etc/litestream.yml" + ] + } + + template { + data = file("../config/litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 200 + cpu = 1000 + } + } + + task "drone_server" { + driver = "docker" + config { + image = "drone/drone:2.12.0" + ports = [ "web_port" ] + + volumes = [ + "../alloc/data:/ephemeral", + ] + } + + template { + data = <<EOH +DRONE_GITEA_SERVER=https://git.deuxfleurs.fr +DRONE_GITEA_CLIENT_ID={{ key "secrets/drone-ci/oauth_client_id" }} +DRONE_GITEA_CLIENT_SECRET={{ key "secrets/drone-ci/oauth_client_secret" }} +DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" }} +DRONE_SERVER_HOST=drone.deuxfleurs.fr +DRONE_SERVER_PROTO=https +DRONE_DATABASE_SECRET={{ key "secrets/drone-ci/db_enc_secret" }} +DRONE_COOKIE_SECRET={{ key "secrets/drone-ci/cookie_secret" }} +AWS_ACCESS_KEY_ID={{ key "secrets/drone-ci/s3_ak" }} +AWS_SECRET_ACCESS_KEY={{ key "secrets/drone-ci/s3_sk" }} +AWS_DEFAULT_REGION=garage +AWS_REGION=garage +DRONE_S3_BUCKET={{ key "secrets/drone-ci/s3_storage_bucket" }} +DRONE_S3_ENDPOINT=https://garage.deuxfleurs.fr +DRONE_S3_PATH_STYLE=true +DRONE_DATABASE_DRIVER=sqlite3 +DRONE_DATABASE_DATASOURCE=/ephemeral/drone.db +DRONE_USER_CREATE=username:lx-admin,admin:true +__DRONE_REGISTRATION_CLOSED=true +DRONE_LOGS_TEXT=true +DRONE_LOGS_PRETTY=true +DRONE_LOGS_DEBUG=true +DOCKER_API_VERSION=1.39 +EOH + destination = "secrets/env" + env = true + } + + resources { + cpu = 100 + memory = 100 + } + + service { + name = "drone" + tags = [ + "drone", + "tricot drone.deuxfleurs.fr", + ] + port = "web_port" + address_mode = "host" + check { + type = "http" + protocol = "http" + port = "web_port" + path = "/" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "600s" + ignore_warnings = false + } + } + } + } + + task "replicate-db" { + driver = "docker" + config { + image = "litestream/litestream:0.3.9" + entrypoint = [ "/bin/sh" ] + args = [ + "-c", + "echo sleeping; sleep 60; echo launching; litestream replicate -config /etc/litestream.yml" + ] + volumes = [ + "../alloc/data:/ephemeral", + "secrets/litestream.yml:/etc/litestream.yml" + ] + } + + template { + data = file("../config/litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 250 + cpu = 100 + } + } + } +} |