Skip to content

Commit

Permalink
Merge branch 'concourse' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
@BrianHicks
BrianHicks committed Sep 26, 2020
2 parents 1a0305d + 7b9adfe commit fc5f093
Show file tree
Hide file tree
Showing 5 changed files with 100 additions and 5 deletions.
1 change: 1 addition & 0 deletions .envrc
View file
@@ -1 +1,2 @@
use nix
PATH="$(pwd)/.bin:$PATH"
3 changes: 3 additions & 0 deletions .gitignore
View file
@@ -1,6 +1,9 @@
/.bin/fly
/gitea/backups-*.key
/gitea/concourse_password
/gitea/result
/gitea/smtp_password
/result
/rpg/backups-*.key
/terraform/.terraform/
/terraform/terraform.tfvars
80 changes: 75 additions & 5 deletions gitea/configuration.nix
View file
Expand Up @@ -46,16 +46,23 @@ in {
nixos root postgres
nixos postgres postgres
nixos gitea gitea
nixos root concourse
'';
authentication = "local all all ident map=nixos";

# I could have done all this by hand, but I didn't have to because Nixos is
# nice. ❤️
ensureDatabases = [ "gitea" ];
ensureUsers = [{
name = "gitea";
ensurePermissions = { "DATABASE gitea" = "ALL PRIVILEGES"; };
}];
ensureDatabases = [ "gitea" "concourse" ];
ensureUsers = [
{
name = "gitea";
ensurePermissions = { "DATABASE gitea" = "ALL PRIVILEGES"; };
}
{
name = "concourse";
ensurePermissions = { "DATABASE concourse" = "ALL PRIVILEGES"; };
}
];
};

## Redis
Expand Down Expand Up @@ -175,13 +182,76 @@ in {

root = "${elo-anything}/share/elo-anything";
};

virtualHosts."ci.bytes.zone" = {
forceSSL = true;
enableACME = true;

locations."/".proxyPass = "http://localhost:8080";
};
};

security.acme = {
email = "brian@brianthicks.com";
acceptTerms = true;
};

## CI with Concourse
users.groups.concourse = { };
users.users.concourse = {
group = "concourse";
home = "/home/concourse";
createHome = true;
};
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};

docker-containers = let concourse-image = "concourse/concourse:6.5.1";
in {
concourse-web = {
image = "${concourse-image}";
cmd = [ "web" ];
ports = [ "8079:8079" "8080:8080" ];
volumes = [
"/home/concourse:/home/concourse:ro"
"/var/run/postgresql:/var/run/postgresql"
];
environment = {
CONCOURSE_CLUSTER_NAME = "bytes.zone";
CONCOURSE_ADD_LOCAL_USER =
"brian:${builtins.readFile ./concourse_password}";
CONCOURSE_MAIN_TEAM_LOCAL_USER = "brian";
CONCOURSE_EXTERNAL_URL = "https://ci.bytes.zone";

# keys
CONCOURSE_SESSION_SIGNING_KEY = "/home/concourse/session_signing_key";
CONCOURSE_TSA_HOST_KEY = "/home/concourse/tsa_host_key";
CONCOURSE_TSA_AUTHORIZED_KEYS =
"/home/concourse/authorized_worker_keys";

# database
CONCOURSE_POSTGRES_SOCKET = "/var/run/postgresql";
CONCOURSE_POSTGRES_USER = "concourse";
CONCOURSE_POSTGRES_DATABASE = "concourse";
};
};

concourse-worker = {
image = "${concourse-image}";
cmd = [ "worker" ];
ports = [ "7777:7777" "7788:7788" ];
extraDockerOptions = [ "--privileged" "--link=concourse-web" ];
volumes = [ "/home/concourse:/home/concourse:ro" ];
environment = {
CONCOURSE_TSA_HOST = "concourse-web:2222";
CONCOURSE_TSA_PUBLIC_KEY = "/home/concourse/tsa_host_key.pub";
CONCOURSE_TSA_WORKER_PRIVATE_KEY = "/home/concourse/worker_key";
};
};
};

## backups
services.postgresqlBackup = {
enable = true;
Expand Down
12 changes: 12 additions & 0 deletions nix/sources.json
View file
@@ -1,4 +1,16 @@
{
"concourse": {
"branch": "v6.5.1",
"description": "Concourse is a container-based continuous thing-doer written in Go and Elm.",
"homepage": "https://concourse-ci.org",
"owner": "concourse",
"repo": "concourse",
"rev": "5edc00f848aa6c3659b25c1900e1be31a6c82b4e",
"sha256": "0ldw40xn9nb5picly32nq558x0klvkyrr9af0jfngbvm4l5209bc",
"type": "tarball",
"url": "https://github.com/concourse/concourse/archive/5edc00f848aa6c3659b25c1900e1be31a6c82b4e.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"elo-anything": {
"branch": "main",
"repo": "ssh://git@git.bytes.zone:2222/brian/elo-anything.git",
Expand Down
9 changes: 9 additions & 0 deletions terraform/main.tf
View file
Expand Up @@ -113,6 +113,15 @@ resource "cloudflare_record" "elo_bytes_zone" {
proxied = false
}

resource "cloudflare_record" "ci_bytes_zone" {
zone_id = data.cloudflare_zones.bytes_zone.zones[0].id
name = "ci"
type = "A"
value = digitalocean_droplet.gitea.ipv4_address
ttl = 1 # automatic
proxied = false # git push over SSH doesn't work otherwise
}

# Mail

resource "mailgun_domain" "git_bytes_zone" {
Expand Down

0 comments on commit fc5f093

Please sign in to comment.