From 54258b9e845fedd28a51a2b078fd21108f442b96 Mon Sep 17 00:00:00 2001 From: jolheiser Date: Thu, 4 Jul 2024 21:23:28 -0500 Subject: [PATCH] feat: concourse Signed-off-by: jolheiser --- machines/dragonwell/concourse/concourse.nix | 121 ++++++++++++++++++++ machines/dragonwell/concourse/concourse.yml | 34 ++++++ machines/dragonwell/concourse/default.nix | 3 + machines/dragonwell/default.nix | 2 +- 4 files changed, 159 insertions(+), 1 deletion(-) create mode 100644 machines/dragonwell/concourse/concourse.nix create mode 100644 machines/dragonwell/concourse/concourse.yml create mode 100644 machines/dragonwell/concourse/default.nix diff --git a/machines/dragonwell/concourse/concourse.nix b/machines/dragonwell/concourse/concourse.nix new file mode 100644 index 0000000..ea76497 --- /dev/null +++ b/machines/dragonwell/concourse/concourse.nix @@ -0,0 +1,121 @@ +# Auto-generated using compose2nix v0.2.0-pre. +{ + pkgs, + lib, + ... +}: { + # Runtime + virtualisation.docker = { + enable = true; + autoPrune.enable = true; + }; + virtualisation.oci-containers.backend = "docker"; + + # Containers + virtualisation.oci-containers.containers."concourse-concourse" = { + image = "concourse/concourse"; + environment = { + CONCOURSE_ADD_LOCAL_USER = "test:test"; + CONCOURSE_CLIENT_SECRET = "Y29uY291cnNlLXdlYgo="; + CONCOURSE_CLUSTER_NAME = "tutorial"; + CONCOURSE_CONTENT_SECURITY_POLICY = "*"; + CONCOURSE_EXTERNAL_URL = "http://localhost:8080"; + CONCOURSE_MAIN_TEAM_LOCAL_USER = "test"; + CONCOURSE_POSTGRES_DATABASE = "concourse"; + CONCOURSE_POSTGRES_HOST = "concourse-db"; + CONCOURSE_POSTGRES_PASSWORD = "concourse_pass"; + CONCOURSE_POSTGRES_USER = "concourse_user"; + CONCOURSE_TSA_CLIENT_SECRET = "Y29uY291cnNlLXdvcmtlcgo="; + CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER = "overlay"; + CONCOURSE_WORKER_CONTAINERD_DNS_SERVER = "8.8.8.8"; + CONCOURSE_WORKER_RUNTIME = "containerd"; + CONCOURSE_X_FRAME_OPTIONS = "allow"; + }; + ports = [ + "8080:8080/tcp" + ]; + cmd = ["quickstart"]; + dependsOn = [ + "concourse-concourse-db" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=concourse" + "--network=concourse_default" + "--privileged" + ]; + }; + systemd.services."docker-concourse-concourse" = { + serviceConfig = { + Restart = lib.mkForce "no"; + }; + after = [ + "docker-network-concourse_default.service" + ]; + requires = [ + "docker-network-concourse_default.service" + ]; + partOf = [ + "docker-compose-concourse-root.target" + ]; + wantedBy = [ + "docker-compose-concourse-root.target" + ]; + }; + virtualisation.oci-containers.containers."concourse-concourse-db" = { + image = "postgres"; + environment = { + PGDATA = "/database"; + POSTGRES_DB = "concourse"; + POSTGRES_PASSWORD = "concourse_pass"; + POSTGRES_USER = "concourse_user"; + }; + log-driver = "journald"; + extraOptions = [ + "--network-alias=concourse-db" + "--network=concourse_default" + ]; + }; + systemd.services."docker-concourse-concourse-db" = { + serviceConfig = { + Restart = lib.mkForce "no"; + }; + after = [ + "docker-network-concourse_default.service" + ]; + requires = [ + "docker-network-concourse_default.service" + ]; + partOf = [ + "docker-compose-concourse-root.target" + ]; + wantedBy = [ + "docker-compose-concourse-root.target" + ]; + }; + + # Networks + systemd.services."docker-network-concourse_default" = { + path = [pkgs.docker]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "${pkgs.docker}/bin/docker network rm -f concourse_default"; + }; + script = '' + docker network inspect concourse_default || docker network create concourse_default + ''; + partOf = ["docker-compose-concourse-root.target"]; + wantedBy = ["docker-compose-concourse-root.target"]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."docker-compose-concourse-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = ["multi-user.target"]; + }; +} diff --git a/machines/dragonwell/concourse/concourse.yml b/machines/dragonwell/concourse/concourse.yml new file mode 100644 index 0000000..b910d48 --- /dev/null +++ b/machines/dragonwell/concourse/concourse.yml @@ -0,0 +1,34 @@ +name: concourse +services: + concourse-db: + image: postgres + environment: + POSTGRES_DB: concourse + POSTGRES_PASSWORD: concourse_pass + POSTGRES_USER: concourse_user + PGDATA: /database + + concourse: + image: concourse/concourse + command: quickstart + privileged: true + depends_on: [concourse-db] + ports: ["8080:8080"] + environment: + CONCOURSE_POSTGRES_HOST: concourse-db + CONCOURSE_POSTGRES_USER: concourse_user + CONCOURSE_POSTGRES_PASSWORD: concourse_pass + CONCOURSE_POSTGRES_DATABASE: concourse + CONCOURSE_EXTERNAL_URL: https://concourse.serval-vibes.ts.net/ + CONCOURSE_ADD_LOCAL_USER: test:test + CONCOURSE_MAIN_TEAM_LOCAL_USER: test + # instead of relying on the default "detect" + CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER: overlay + CONCOURSE_CLIENT_SECRET: Y29uY291cnNlLXdlYgo= + CONCOURSE_TSA_CLIENT_SECRET: Y29uY291cnNlLXdvcmtlcgo= + CONCOURSE_X_FRAME_OPTIONS: allow + CONCOURSE_CONTENT_SECURITY_POLICY: "*" + CONCOURSE_CLUSTER_NAME: concourse + CONCOURSE_WORKER_CONTAINERD_DNS_SERVER: "8.8.8.8" + # For ARM-based machine, change the Concourse runtime to "houdini" + CONCOURSE_WORKER_RUNTIME: "containerd" diff --git a/machines/dragonwell/concourse/default.nix b/machines/dragonwell/concourse/default.nix new file mode 100644 index 0000000..9b8076e --- /dev/null +++ b/machines/dragonwell/concourse/default.nix @@ -0,0 +1,3 @@ +{ + imports = [./concourse.nix]; +} diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix index 9ba2714..6c970db 100644 --- a/machines/dragonwell/default.nix +++ b/machines/dragonwell/default.nix @@ -2,7 +2,7 @@ let username = "jolheiser"; key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser''; in { - imports = [./caddy.nix ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix]; + imports = [./caddy.nix ./concourse ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true;