feat: concourse

Signed-off-by: jolheiser <john.olheiser@gmail.com>
concourse
jolheiser 2024-07-04 21:23:28 -05:00
parent 4c9de84663
commit 54258b9e84
Signed by: jolheiser
GPG Key ID: B853ADA5DA7BBF7A
4 changed files with 159 additions and 1 deletions

View File

@ -0,0 +1,121 @@
# Auto-generated using compose2nix v0.2.0-pre.
{
pkgs,
lib,
...
}: {
# Runtime
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
# Containers
virtualisation.oci-containers.containers."concourse-concourse" = {
image = "concourse/concourse";
environment = {
CONCOURSE_ADD_LOCAL_USER = "test:test";
CONCOURSE_CLIENT_SECRET = "Y29uY291cnNlLXdlYgo=";
CONCOURSE_CLUSTER_NAME = "tutorial";
CONCOURSE_CONTENT_SECURITY_POLICY = "*";
CONCOURSE_EXTERNAL_URL = "http://localhost:8080";
CONCOURSE_MAIN_TEAM_LOCAL_USER = "test";
CONCOURSE_POSTGRES_DATABASE = "concourse";
CONCOURSE_POSTGRES_HOST = "concourse-db";
CONCOURSE_POSTGRES_PASSWORD = "concourse_pass";
CONCOURSE_POSTGRES_USER = "concourse_user";
CONCOURSE_TSA_CLIENT_SECRET = "Y29uY291cnNlLXdvcmtlcgo=";
CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER = "overlay";
CONCOURSE_WORKER_CONTAINERD_DNS_SERVER = "8.8.8.8";
CONCOURSE_WORKER_RUNTIME = "containerd";
CONCOURSE_X_FRAME_OPTIONS = "allow";
};
ports = [
"8080:8080/tcp"
];
cmd = ["quickstart"];
dependsOn = [
"concourse-concourse-db"
];
log-driver = "journald";
extraOptions = [
"--network-alias=concourse"
"--network=concourse_default"
"--privileged"
];
};
systemd.services."docker-concourse-concourse" = {
serviceConfig = {
Restart = lib.mkForce "no";
};
after = [
"docker-network-concourse_default.service"
];
requires = [
"docker-network-concourse_default.service"
];
partOf = [
"docker-compose-concourse-root.target"
];
wantedBy = [
"docker-compose-concourse-root.target"
];
};
virtualisation.oci-containers.containers."concourse-concourse-db" = {
image = "postgres";
environment = {
PGDATA = "/database";
POSTGRES_DB = "concourse";
POSTGRES_PASSWORD = "concourse_pass";
POSTGRES_USER = "concourse_user";
};
log-driver = "journald";
extraOptions = [
"--network-alias=concourse-db"
"--network=concourse_default"
];
};
systemd.services."docker-concourse-concourse-db" = {
serviceConfig = {
Restart = lib.mkForce "no";
};
after = [
"docker-network-concourse_default.service"
];
requires = [
"docker-network-concourse_default.service"
];
partOf = [
"docker-compose-concourse-root.target"
];
wantedBy = [
"docker-compose-concourse-root.target"
];
};
# Networks
systemd.services."docker-network-concourse_default" = {
path = [pkgs.docker];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.docker}/bin/docker network rm -f concourse_default";
};
script = ''
docker network inspect concourse_default || docker network create concourse_default
'';
partOf = ["docker-compose-concourse-root.target"];
wantedBy = ["docker-compose-concourse-root.target"];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-concourse-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = ["multi-user.target"];
};
}

View File

@ -0,0 +1,34 @@
name: concourse
services:
concourse-db:
image: postgres
environment:
POSTGRES_DB: concourse
POSTGRES_PASSWORD: concourse_pass
POSTGRES_USER: concourse_user
PGDATA: /database
concourse:
image: concourse/concourse
command: quickstart
privileged: true
depends_on: [concourse-db]
ports: ["8080:8080"]
environment:
CONCOURSE_POSTGRES_HOST: concourse-db
CONCOURSE_POSTGRES_USER: concourse_user
CONCOURSE_POSTGRES_PASSWORD: concourse_pass
CONCOURSE_POSTGRES_DATABASE: concourse
CONCOURSE_EXTERNAL_URL: https://concourse.serval-vibes.ts.net/
CONCOURSE_ADD_LOCAL_USER: test:test
CONCOURSE_MAIN_TEAM_LOCAL_USER: test
# instead of relying on the default "detect"
CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER: overlay
CONCOURSE_CLIENT_SECRET: Y29uY291cnNlLXdlYgo=
CONCOURSE_TSA_CLIENT_SECRET: Y29uY291cnNlLXdvcmtlcgo=
CONCOURSE_X_FRAME_OPTIONS: allow
CONCOURSE_CONTENT_SECURITY_POLICY: "*"
CONCOURSE_CLUSTER_NAME: concourse
CONCOURSE_WORKER_CONTAINERD_DNS_SERVER: "8.8.8.8"
# For ARM-based machine, change the Concourse runtime to "houdini"
CONCOURSE_WORKER_RUNTIME: "containerd"

View File

@ -0,0 +1,3 @@
{
imports = [./concourse.nix];
}

View File

@ -2,7 +2,7 @@ let
username = "jolheiser";
key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
in {
imports = [./caddy.nix ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix];
imports = [./caddy.nix ./concourse ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;