job "drone-ci" { datacenters = ["neptune", "orion"] type = "service" group "server" { count = 1 network { port "web_port" { to = 80 } } task "restore-db" { lifecycle { hook = "prestart" sidecar = false } driver = "docker" config { image = "litestream/litestream:0.3.9" args = [ "restore", "-config", "/etc/litestream.yml", "/ephemeral/drone.db" ] volumes = [ "../alloc/data:/ephemeral", "secrets/litestream.yml:/etc/litestream.yml" ] } template { data = file("../config/litestream.yml") destination = "secrets/litestream.yml" } resources { memory = 200 cpu = 100 } } task "drone_server" { driver = "docker" config { image = "drone/drone:2.14.0" ports = [ "web_port" ] volumes = [ "../alloc/data:/ephemeral", ] } template { data = <<EOH DRONE_GITEA_SERVER=https://git.deuxfleurs.fr DRONE_GITEA_CLIENT_ID={{ key "secrets/drone-ci/oauth_client_id" }} DRONE_GITEA_CLIENT_SECRET={{ key "secrets/drone-ci/oauth_client_secret" }} DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" }} DRONE_SERVER_HOST=drone.deuxfleurs.fr DRONE_SERVER_PROTO=https DRONE_DATABASE_SECRET={{ key "secrets/drone-ci/db_enc_secret" }} DRONE_COOKIE_SECRET={{ key "secrets/drone-ci/cookie_secret" }} AWS_ACCESS_KEY_ID={{ key "secrets/drone-ci/s3_ak" }} AWS_SECRET_ACCESS_KEY={{ key "secrets/drone-ci/s3_sk" }} AWS_DEFAULT_REGION=garage AWS_REGION=garage DRONE_S3_BUCKET={{ key "secrets/drone-ci/s3_storage_bucket" }} DRONE_S3_ENDPOINT=https://garage.deuxfleurs.fr DRONE_S3_PATH_STYLE=true DRONE_DATABASE_DRIVER=sqlite3 DRONE_DATABASE_DATASOURCE=/ephemeral/drone.db DRONE_USER_CREATE=username:lx-admin,admin:true DRONE_REGISTRATION_CLOSED=true DRONE_LOGS_DEBUG=true DRONE_LOGS_TRACE=true EOH destination = "secrets/env" env = true } resources { cpu = 100 memory = 200 } service { name = "drone" tags = [ "drone", "tricot drone.deuxfleurs.fr", "d53-cname drone.deuxfleurs.fr", ] port = "web_port" address_mode = "host" check { type = "http" protocol = "http" port = "web_port" path = "/" interval = "60s" timeout = "5s" check_restart { limit = 3 grace = "600s" ignore_warnings = false } } } } task "replicate-db" { driver = "docker" config { image = "litestream/litestream:0.3.9" entrypoint = [ "/bin/sh" ] args = [ "-c", "echo sleeping; sleep 60; echo launching; litestream replicate -config /etc/litestream.yml" ] volumes = [ "../alloc/data:/ephemeral", "secrets/litestream.yml:/etc/litestream.yml" ] } template { data = file("../config/litestream.yml") destination = "secrets/litestream.yml" } resources { memory = 200 cpu = 100 } } } }