diff options
Diffstat (limited to 'cluster/staging')
| -rw-r--r-- | cluster/staging/app/ci/deploy/albatros.hcl | 90 | ||||
| -rw-r--r-- | cluster/staging/app/ci/deploy/builder.hcl | 19 |
2 files changed, 105 insertions, 4 deletions
diff --git a/cluster/staging/app/ci/deploy/albatros.hcl b/cluster/staging/app/ci/deploy/albatros.hcl new file mode 100644 index 0000000..cf32b08 --- /dev/null +++ b/cluster/staging/app/ci/deploy/albatros.hcl @@ -0,0 +1,90 @@ +job "albatros" { + datacenters = ["neptune", "jupiter", "corrin", "bespin"] + type = "service" + priority = 90 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + network { + port "http" { to = 8080 } + } + + task "controller" { + driver = "docker" + config { + image = "dxflrs/albatros:28f44e5778235ef4eb88ad9050aeddbe80f3129d" + ports = [ "http" ] + volumes = [ + "secrets/certs:/var/run/secrets/albatros" + ] + } + env { + ALBATROS_URL = "https://albatros.staging.deuxfleurs.org" + NOMAD_ADDR = "https://nomad.service.staging.consul:4646" + NOMAD_CACERT = "/var/run/secrets/albatros/nomad-ca.crt" + NOMAD_CLIENT_CERT = "/var/run/secrets/albatros/nomad-client.crt" + NOMAD_CLIENT_KEY = "/var/run/secrets/albatros/nomad-client.key" + CONSUL_HTTP_ADDR = "https://consul.service.staging.consul:8500" + CONSUL_CACERT = "/var/run/secrets/albatros/consul-ca.crt" + CONSUL_CLIENT_CERT = "/var/run/secrets/albatros/consul-client.crt" + CONSUL_CLIENT_KEY = "/var/run/secrets/albatros/consul-client.key" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/certs/consul-ca.crt" + } + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/certs/consul-client.crt" + } + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/certs/consul-client.key" + } + + template { + data = "{{ key \"secrets/nomad/nomad-ca.crt\" }}" + destination = "secrets/certs/nomad-ca.crt" + } + template { + data = "{{ key \"secrets/nomad/nomad-client.crt\" }}" + destination = "secrets/certs/nomad-client.crt" + } + template { + data = "{{ key \"secrets/nomad/nomad-client.key\" }}" + destination = "secrets/certs/nomad-client.key" + } + + resources { + cpu = 200 + memory = 200 + } + + service { + name = "albatros" + tags = [ + "albatros", + "tricot albatros.staging.deuxfleurs.org", + "d53-cname albatros.staging.deuxfleurs.org", + ] + port = "http" + check { + type = "tcp" + port = "http" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} diff --git a/cluster/staging/app/ci/deploy/builder.hcl b/cluster/staging/app/ci/deploy/builder.hcl index a7b3ddf..ad7a716 100644 --- a/cluster/staging/app/ci/deploy/builder.hcl +++ b/cluster/staging/app/ci/deploy/builder.hcl @@ -6,8 +6,8 @@ job "builder" { priority = 100 parameterized { - payload = "forbidden" - meta_required = [ "REPO_URL", "COMMIT", "BRANCH" ] + payload = "optional" + meta_required = [ "REPO_URL", "COMMIT", "BRANCH", "FLAVOR" ] } reschedule { @@ -22,10 +22,15 @@ job "builder" { args = [ "/tmp/builder.sh" ] volumes = [ "local/builder.sh:/tmp/builder.sh", - "local/nix.conf:/etc/nix/nix.conf" + "local/nix.conf:/etc/nix/nix.conf", + "local/secrets:/var/run/secrets/albatros", ] } + dispatch_payload { + file = "secrets/secret.txt" + } + template { data = <<EOH #!/usr/bin/env bash @@ -39,7 +44,12 @@ git fetch origin ${NOMAD_META_COMMIT} git checkout ${NOMAD_META_COMMIT} -b ${NOMAD_META_BRANCH} export COMMIT=${NOMAD_META_COMMIT} export BRANCH=${NOMAD_META_BRANCH} -./build.sh +export REPO_URL=${NOMAD_META_REPO_URL} +export FLAVOR=${NOMAD_META_FLAVOR} +if [[ -s /var/run/secrets/albatros/secret.txt ]]; then + export SECRET_PATH=/var/run/secrets/albatros/secret.txt +fi +./.albatros EOH destination = "local/builder.sh" @@ -57,6 +67,7 @@ filter-syscalls = false sandbox = false keep-outputs = true keep-derivations = true +experimental-features = nix-command flakes EOH destination = "local/nix.conf" } |