chaos/nomad-nummer5
2
0
Fork 0
Code Issues 2 Pull Requests Activity

Compare commits

base: chaos:3f600574088119edc1fde054a41e5d31bc3ba265
Branches Tags
chaos:main
...
compare: chaos:d9cb34016914aff404ab6ee82200f00c9c653a86
Branches Tags
chaos:main

4 Commits
3f60057408 ... d9cb340169

Author SHA1 Message Date
Udo Waechter
d9cb340169 drone runner fron docker.io again
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-11-30 17:18:03 +01:00
Udo Waechter
63f1bab168 podman runner for droneci 2023-11-16 12:07:15 +01:00
Udo Waechter
aa3961ba31 initial vault config 2023-11-16 12:06:57 +01:00
Udo Waechter
40b85e58cb acl allow for now 2023-11-16 12:06:30 +01:00
7 changed files with 106 additions and 17 deletions
Expand all files Collapse all files

5
_sys/etc_consul.d/acl.hcl Normal file
View File

@@ -0,0 +1,5 @@
acl = {
enabled = true
default_policy = "allow"
enable_token_persistence = true
}

13
_sys/vault/vault-service-policy.hcl Normal file
View File

@@ -0,0 +1,13 @@
https://developer.hashicorp.com/vault/tutorials/day-one-consul/deployment-guide
#consul acl policy create -name vault-service -rules @vault-service-policy.hcl
#consul acl token create \
# -description "Vault Service Token" \
# -policy-name vault-service
service "vault" { policy = "write" }
key_prefix "vault/" { policy = "write" }
agent_prefix "" { policy = "read" }
session_prefix "" { policy = "write" }

73
apps/drone/live-runner-podman.hcl Normal file
View File

@@ -0,0 +1,73 @@
job "drone-runner" {
datacenters = [
"nummer5",
]
type = "service"
group "apps" {
count = 1
network {
mode = "host"
port "http" {
to = 3000
}
}
service {
name = "drone-runner"
port = "http"
}
volume "drone-runner" {
type = "csi"
source = "drone-runner"
read_only = false
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
restart {
attempts = 5
delay = "30s"
}
task "drone-runner" {
driver = "podman"
volume_mount {
volume = "drone-runner"
destination = "/data"
read_only = false
}
config {
image = "cr.wks/drone/drone-runner-podman:latest"
force_pull = true
ports = ["http"]
volumes = [
"/run/podman/podman.sock:/run/podman/podman.sock",
"/run/podman/podman.sock:/var/run/docker.sock",
"/etc/containers:/etc/containers"
]
}
env {
TZ = "Europe/Berlin"
DRONE_RUNNER_NAME = "drone-runner01"
DRONE_RPC_SECRET = "7eb685ed81d0c34bafc5efa7783c20b2"
DRONE_RPC_HOST = "drone.service.nr5"
DRONE_RPC_PROTO = "http"
DRONE_LOGS_DEBUG = true
DRONE_LOGS_TRACE = true
}
resources {
cpu = 500
memory = 128
}
}
}
}

20
apps/drone/live-runner.hcl
View File

@@ -20,14 +20,6 @@ job "drone-runner" {
port = "http" port = "http"
} }
volume "drone-runner" {
type = "csi"
source = "drone-runner"
read_only = false
access_mode = "single-node-writer"
attachment_mode = "file-system"
}
restart { restart {
attempts = 5 attempts = 5
delay = "30s" delay = "30s"
@@ -35,14 +27,10 @@ job "drone-runner" {
task "drone-runner" { task "drone-runner" {
driver = "podman" driver = "podman"
volume_mount {
volume = "drone-runner"
destination = "/drone"
read_only = false
}
config { config {
image = "docker.io/drone/drone-runner-docker:latest" image = "drone/drone-runner-docker:latest"
force_pull = true
ports = ["http"] ports = ["http"]
volumes = [ volumes = [
"/var/run/podman/podman.sock:/var/run/docker.sock", "/var/run/podman/podman.sock:/var/run/docker.sock",
@@ -62,8 +50,8 @@ job "drone-runner" {
} }
resources { resources {
cpu = 500 cpu = 100
memory = 128 memory = 64
} }
} }

7
apps/drone/live.hcl
View File

@@ -23,6 +23,13 @@ job "drone" {
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.drone.rule=Host(`drone.service.nr5`)", "traefik.http.routers.drone.rule=Host(`drone.service.nr5`)",
] ]
check {
type = "http"
path = "/welcome"
interval = "120s"
timeout = "5s"
}
} }
volume "drone-data" { volume "drone-data" {

3
apps/gitea/live.hcl
View File

@@ -51,6 +51,7 @@ job "gitea" {
task "gitea" { task "gitea" {
driver = "podman" driver = "podman"
volume_mount { volume_mount {
volume = "gitea-data" volume = "gitea-data"
destination = "/data" destination = "/data"
@@ -60,6 +61,7 @@ job "gitea" {
config { config {
image = "docker.io/gitea/gitea:latest" image = "docker.io/gitea/gitea:latest"
ports = ["ssh", "http"] ports = ["ssh", "http"]
force_pull = true
} }
env { env {
@@ -80,6 +82,7 @@ job "gitea" {
GITEA__packages__ENABLED = "true" GITEA__packages__ENABLED = "true"
GITEA__log__LEVEL = "warn" GITEA__log__LEVEL = "warn"
GITEA__actions__ENABLED = "true" GITEA__actions__ENABLED = "true"
GITEA__webhook__ALLOWED_HOST_LIST = "private"
} }

2
apps/postgresql/live.hcl
View File

@@ -48,7 +48,7 @@ job "postgres" {
resources { resources {
cpu = 1000 cpu = 1000
memory = 1024 memory = 512
} }