feat: concourse

Signed-off-by: jolheiser <john.olheiser@gmail.com>

machines/dragonwell/concourse/concourse.nix

@@ -0,0 +1,121 @@
+# Auto-generated using compose2nix v0.2.0-pre.
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  # Runtime
+  virtualisation.docker = {
+    enable = true;
+    autoPrune.enable = true;
+  };
+  virtualisation.oci-containers.backend = "docker";
+
+  # Containers
+  virtualisation.oci-containers.containers."concourse-concourse" = {
+    image = "concourse/concourse";
+    environment = {
+      CONCOURSE_ADD_LOCAL_USER = "test:test";
+      CONCOURSE_CLIENT_SECRET = "Y29uY291cnNlLXdlYgo=";
+      CONCOURSE_CLUSTER_NAME = "tutorial";
+      CONCOURSE_CONTENT_SECURITY_POLICY = "*";
+      CONCOURSE_EXTERNAL_URL = "http://localhost:8080";
+      CONCOURSE_MAIN_TEAM_LOCAL_USER = "test";
+      CONCOURSE_POSTGRES_DATABASE = "concourse";
+      CONCOURSE_POSTGRES_HOST = "concourse-db";
+      CONCOURSE_POSTGRES_PASSWORD = "concourse_pass";
+      CONCOURSE_POSTGRES_USER = "concourse_user";
+      CONCOURSE_TSA_CLIENT_SECRET = "Y29uY291cnNlLXdvcmtlcgo=";
+      CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER = "overlay";
+      CONCOURSE_WORKER_CONTAINERD_DNS_SERVER = "8.8.8.8";
+      CONCOURSE_WORKER_RUNTIME = "containerd";
+      CONCOURSE_X_FRAME_OPTIONS = "allow";
+    };
+    ports = [
+      "8080:8080/tcp"
+    ];
+    cmd = ["quickstart"];
+    dependsOn = [
+      "concourse-concourse-db"
+    ];
+    log-driver = "journald";
+    extraOptions = [
+      "--network-alias=concourse"
+      "--network=concourse_default"
+      "--privileged"
+    ];
+  };
+  systemd.services."docker-concourse-concourse" = {
+    serviceConfig = {
+      Restart = lib.mkForce "no";
+    };
+    after = [
+      "docker-network-concourse_default.service"
+    ];
+    requires = [
+      "docker-network-concourse_default.service"
+    ];
+    partOf = [
+      "docker-compose-concourse-root.target"
+    ];
+    wantedBy = [
+      "docker-compose-concourse-root.target"
+    ];
+  };
+  virtualisation.oci-containers.containers."concourse-concourse-db" = {
+    image = "postgres";
+    environment = {
+      PGDATA = "/database";
+      POSTGRES_DB = "concourse";
+      POSTGRES_PASSWORD = "concourse_pass";
+      POSTGRES_USER = "concourse_user";
+    };
+    log-driver = "journald";
+    extraOptions = [
+      "--network-alias=concourse-db"
+      "--network=concourse_default"
+    ];
+  };
+  systemd.services."docker-concourse-concourse-db" = {
+    serviceConfig = {
+      Restart = lib.mkForce "no";
+    };
+    after = [
+      "docker-network-concourse_default.service"
+    ];
+    requires = [
+      "docker-network-concourse_default.service"
+    ];
+    partOf = [
+      "docker-compose-concourse-root.target"
+    ];
+    wantedBy = [
+      "docker-compose-concourse-root.target"
+    ];
+  };
+
+  # Networks
+  systemd.services."docker-network-concourse_default" = {
+    path = [pkgs.docker];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStop = "${pkgs.docker}/bin/docker network rm -f concourse_default";
+    };
+    script = ''
+      docker network inspect concourse_default || docker network create concourse_default
+    '';
+    partOf = ["docker-compose-concourse-root.target"];
+    wantedBy = ["docker-compose-concourse-root.target"];
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."docker-compose-concourse-root" = {
+    unitConfig = {
+      Description = "Root target generated by compose2nix.";
+    };
+    wantedBy = ["multi-user.target"];
+  };
+}

machines/dragonwell/concourse/concourse.yml

@@ -0,0 +1,34 @@
+name: concourse
+services:
+  concourse-db:
+    image: postgres
+    environment:
+      POSTGRES_DB: concourse
+      POSTGRES_PASSWORD: concourse_pass
+      POSTGRES_USER: concourse_user
+      PGDATA: /database
+
+  concourse:
+    image: concourse/concourse
+    command: quickstart
+    privileged: true
+    depends_on: [concourse-db]
+    ports: ["8080:8080"]
+    environment:
+      CONCOURSE_POSTGRES_HOST: concourse-db
+      CONCOURSE_POSTGRES_USER: concourse_user
+      CONCOURSE_POSTGRES_PASSWORD: concourse_pass
+      CONCOURSE_POSTGRES_DATABASE: concourse
+      CONCOURSE_EXTERNAL_URL: https://concourse.serval-vibes.ts.net/
+      CONCOURSE_ADD_LOCAL_USER: test:test
+      CONCOURSE_MAIN_TEAM_LOCAL_USER: test
+      # instead of relying on the default "detect"
+      CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER: overlay
+      CONCOURSE_CLIENT_SECRET: Y29uY291cnNlLXdlYgo=
+      CONCOURSE_TSA_CLIENT_SECRET: Y29uY291cnNlLXdvcmtlcgo=
+      CONCOURSE_X_FRAME_OPTIONS: allow
+      CONCOURSE_CONTENT_SECURITY_POLICY: "*"
+      CONCOURSE_CLUSTER_NAME: concourse
+      CONCOURSE_WORKER_CONTAINERD_DNS_SERVER: "8.8.8.8"
+      # For ARM-based machine, change the Concourse runtime to "houdini"
+      CONCOURSE_WORKER_RUNTIME: "containerd"

machines/dragonwell/concourse/default.nix

@@ -0,0 +1,3 @@
+{
+  imports = [./concourse.nix];
+}

machines/dragonwell/default.nix

@@ -2,7 +2,7 @@ let
   username = "jolheiser";
   key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
 in {
-  imports = [./caddy.nix ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix];
+  imports = [./caddy.nix ./concourse ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;