forked from Deuxfleurs/nixcfg
add albatros
This commit is contained in:
parent
81d3c0e03a
commit
7bf1467cb1
2 changed files with 105 additions and 4 deletions
90
cluster/staging/app/ci/deploy/albatros.hcl
Normal file
90
cluster/staging/app/ci/deploy/albatros.hcl
Normal file
|
@ -0,0 +1,90 @@
|
||||||
|
job "albatros" {
|
||||||
|
datacenters = ["neptune", "jupiter", "corrin", "bespin"]
|
||||||
|
type = "service"
|
||||||
|
priority = 90
|
||||||
|
|
||||||
|
constraint {
|
||||||
|
attribute = "${attr.cpu.arch}"
|
||||||
|
value = "amd64"
|
||||||
|
}
|
||||||
|
|
||||||
|
group "main" {
|
||||||
|
network {
|
||||||
|
port "http" { to = 8080 }
|
||||||
|
}
|
||||||
|
|
||||||
|
task "controller" {
|
||||||
|
driver = "docker"
|
||||||
|
config {
|
||||||
|
image = "dxflrs/albatros:28f44e5778235ef4eb88ad9050aeddbe80f3129d"
|
||||||
|
ports = [ "http" ]
|
||||||
|
volumes = [
|
||||||
|
"secrets/certs:/var/run/secrets/albatros"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
env {
|
||||||
|
ALBATROS_URL = "https://albatros.staging.deuxfleurs.org"
|
||||||
|
NOMAD_ADDR = "https://nomad.service.staging.consul:4646"
|
||||||
|
NOMAD_CACERT = "/var/run/secrets/albatros/nomad-ca.crt"
|
||||||
|
NOMAD_CLIENT_CERT = "/var/run/secrets/albatros/nomad-client.crt"
|
||||||
|
NOMAD_CLIENT_KEY = "/var/run/secrets/albatros/nomad-client.key"
|
||||||
|
CONSUL_HTTP_ADDR = "https://consul.service.staging.consul:8500"
|
||||||
|
CONSUL_CACERT = "/var/run/secrets/albatros/consul-ca.crt"
|
||||||
|
CONSUL_CLIENT_CERT = "/var/run/secrets/albatros/consul-client.crt"
|
||||||
|
CONSUL_CLIENT_KEY = "/var/run/secrets/albatros/consul-client.key"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
|
||||||
|
destination = "secrets/certs/consul-ca.crt"
|
||||||
|
}
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
|
||||||
|
destination = "secrets/certs/consul-client.crt"
|
||||||
|
}
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-client.key\" }}"
|
||||||
|
destination = "secrets/certs/consul-client.key"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/nomad/nomad-ca.crt\" }}"
|
||||||
|
destination = "secrets/certs/nomad-ca.crt"
|
||||||
|
}
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/nomad/nomad-client.crt\" }}"
|
||||||
|
destination = "secrets/certs/nomad-client.crt"
|
||||||
|
}
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/nomad/nomad-client.key\" }}"
|
||||||
|
destination = "secrets/certs/nomad-client.key"
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
cpu = 200
|
||||||
|
memory = 200
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "albatros"
|
||||||
|
tags = [
|
||||||
|
"albatros",
|
||||||
|
"tricot albatros.staging.deuxfleurs.org",
|
||||||
|
"d53-cname albatros.staging.deuxfleurs.org",
|
||||||
|
]
|
||||||
|
port = "http"
|
||||||
|
check {
|
||||||
|
type = "tcp"
|
||||||
|
port = "http"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
check_restart {
|
||||||
|
limit = 3
|
||||||
|
grace = "90s"
|
||||||
|
ignore_warnings = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -6,8 +6,8 @@ job "builder" {
|
||||||
priority = 100
|
priority = 100
|
||||||
|
|
||||||
parameterized {
|
parameterized {
|
||||||
payload = "forbidden"
|
payload = "optional"
|
||||||
meta_required = [ "REPO_URL", "COMMIT", "BRANCH" ]
|
meta_required = [ "REPO_URL", "COMMIT", "BRANCH", "FLAVOR" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
reschedule {
|
reschedule {
|
||||||
|
@ -22,10 +22,15 @@ job "builder" {
|
||||||
args = [ "/tmp/builder.sh" ]
|
args = [ "/tmp/builder.sh" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
"local/builder.sh:/tmp/builder.sh",
|
"local/builder.sh:/tmp/builder.sh",
|
||||||
"local/nix.conf:/etc/nix/nix.conf"
|
"local/nix.conf:/etc/nix/nix.conf",
|
||||||
|
"local/secrets:/var/run/secrets/albatros",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dispatch_payload {
|
||||||
|
file = "secrets/secret.txt"
|
||||||
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = <<EOH
|
data = <<EOH
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
@ -39,7 +44,12 @@ git fetch origin ${NOMAD_META_COMMIT}
|
||||||
git checkout ${NOMAD_META_COMMIT} -b ${NOMAD_META_BRANCH}
|
git checkout ${NOMAD_META_COMMIT} -b ${NOMAD_META_BRANCH}
|
||||||
export COMMIT=${NOMAD_META_COMMIT}
|
export COMMIT=${NOMAD_META_COMMIT}
|
||||||
export BRANCH=${NOMAD_META_BRANCH}
|
export BRANCH=${NOMAD_META_BRANCH}
|
||||||
./build.sh
|
export REPO_URL=${NOMAD_META_REPO_URL}
|
||||||
|
export FLAVOR=${NOMAD_META_FLAVOR}
|
||||||
|
if [[ -s /var/run/secrets/albatros/secret.txt ]]; then
|
||||||
|
export SECRET_PATH=/var/run/secrets/albatros/secret.txt
|
||||||
|
fi
|
||||||
|
./.albatros
|
||||||
|
|
||||||
EOH
|
EOH
|
||||||
destination = "local/builder.sh"
|
destination = "local/builder.sh"
|
||||||
|
@ -57,6 +67,7 @@ filter-syscalls = false
|
||||||
sandbox = false
|
sandbox = false
|
||||||
keep-outputs = true
|
keep-outputs = true
|
||||||
keep-derivations = true
|
keep-derivations = true
|
||||||
|
experimental-features = nix-command flakes
|
||||||
EOH
|
EOH
|
||||||
destination = "local/nix.conf"
|
destination = "local/nix.conf"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue