add albatros

This commit is contained in:
Quentin 2023-03-16 15:52:05 +01:00
parent 81d3c0e03a
commit 7bf1467cb1
Signed by untrusted user: quentin
GPG key ID: E9602264D639FF68
2 changed files with 105 additions and 4 deletions

View file

@ -0,0 +1,90 @@
job "albatros" {
datacenters = ["neptune", "jupiter", "corrin", "bespin"]
type = "service"
priority = 90
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "main" {
network {
port "http" { to = 8080 }
}
task "controller" {
driver = "docker"
config {
image = "dxflrs/albatros:28f44e5778235ef4eb88ad9050aeddbe80f3129d"
ports = [ "http" ]
volumes = [
"secrets/certs:/var/run/secrets/albatros"
]
}
env {
ALBATROS_URL = "https://albatros.staging.deuxfleurs.org"
NOMAD_ADDR = "https://nomad.service.staging.consul:4646"
NOMAD_CACERT = "/var/run/secrets/albatros/nomad-ca.crt"
NOMAD_CLIENT_CERT = "/var/run/secrets/albatros/nomad-client.crt"
NOMAD_CLIENT_KEY = "/var/run/secrets/albatros/nomad-client.key"
CONSUL_HTTP_ADDR = "https://consul.service.staging.consul:8500"
CONSUL_CACERT = "/var/run/secrets/albatros/consul-ca.crt"
CONSUL_CLIENT_CERT = "/var/run/secrets/albatros/consul-client.crt"
CONSUL_CLIENT_KEY = "/var/run/secrets/albatros/consul-client.key"
}
template {
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
destination = "secrets/certs/consul-ca.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
destination = "secrets/certs/consul-client.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.key\" }}"
destination = "secrets/certs/consul-client.key"
}
template {
data = "{{ key \"secrets/nomad/nomad-ca.crt\" }}"
destination = "secrets/certs/nomad-ca.crt"
}
template {
data = "{{ key \"secrets/nomad/nomad-client.crt\" }}"
destination = "secrets/certs/nomad-client.crt"
}
template {
data = "{{ key \"secrets/nomad/nomad-client.key\" }}"
destination = "secrets/certs/nomad-client.key"
}
resources {
cpu = 200
memory = 200
}
service {
name = "albatros"
tags = [
"albatros",
"tricot albatros.staging.deuxfleurs.org",
"d53-cname albatros.staging.deuxfleurs.org",
]
port = "http"
check {
type = "tcp"
port = "http"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
}
}
}

View file

@ -6,8 +6,8 @@ job "builder" {
priority = 100
parameterized {
payload = "forbidden"
meta_required = [ "REPO_URL", "COMMIT", "BRANCH" ]
payload = "optional"
meta_required = [ "REPO_URL", "COMMIT", "BRANCH", "FLAVOR" ]
}
reschedule {
@ -22,10 +22,15 @@ job "builder" {
args = [ "/tmp/builder.sh" ]
volumes = [
"local/builder.sh:/tmp/builder.sh",
"local/nix.conf:/etc/nix/nix.conf"
"local/nix.conf:/etc/nix/nix.conf",
"local/secrets:/var/run/secrets/albatros",
]
}
dispatch_payload {
file = "secrets/secret.txt"
}
template {
data = <<EOH
#!/usr/bin/env bash
@ -39,7 +44,12 @@ git fetch origin ${NOMAD_META_COMMIT}
git checkout ${NOMAD_META_COMMIT} -b ${NOMAD_META_BRANCH}
export COMMIT=${NOMAD_META_COMMIT}
export BRANCH=${NOMAD_META_BRANCH}
./build.sh
export REPO_URL=${NOMAD_META_REPO_URL}
export FLAVOR=${NOMAD_META_FLAVOR}
if [[ -s /var/run/secrets/albatros/secret.txt ]]; then
export SECRET_PATH=/var/run/secrets/albatros/secret.txt
fi
./.albatros
EOH
destination = "local/builder.sh"
@ -57,6 +67,7 @@ filter-syscalls = false
sandbox = false
keep-outputs = true
keep-derivations = true
experimental-features = nix-command flakes
EOH
destination = "local/nix.conf"
}