From 85d06f4c71a83412ca6d8bd4a5d8f02a4fd61d02 Mon Sep 17 00:00:00 2001 From: Magic_RB Date: Thu, 15 Jun 2023 23:09:40 +0200 Subject: [PATCH] Add terranix config for Gitea Signed-off-by: Magic_RB --- terranix/containers/gitea/default.nix | 46 +++++++++ terranix/containers/gitea/job.hcl | 139 ++++++++++++++++++++++++++ 2 files changed, 185 insertions(+) create mode 100644 terranix/containers/gitea/default.nix create mode 100644 terranix/containers/gitea/job.hcl diff --git a/terranix/containers/gitea/default.nix b/terranix/containers/gitea/default.nix new file mode 100644 index 0000000..a6ec256 --- /dev/null +++ b/terranix/containers/gitea/default.nix @@ -0,0 +1,46 @@ +{ elib, ... }: +let + inherit (elib) + nfsVolume + nomadJob; + + flake_host = ""; + flake_rev = ""; + flake_ref = ""; + flake_sha = ""; +in +{ + resource."nomad_volume"."gitea-db" = nfsVolume { + volume_name = "gitea-db"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/var/nfs/gitea-db"; + mount_flags = [ "nfsvers=3" "nolock" "async" ]; + }; + + resource."nomad_volume"."gitea-data" = nfsVolume { + volume_name = "gitea-data"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/var/nfs/gitea-data"; + mount_flags = [ "nfsvers=3" "nolock" "async" ]; + }; + + resource."vault_policy"."gitea-policy" = { + name = "gitea-policy"; + policy = '' + path "kv/data/gitea" { + capabilities = ["read"] + } + ''; + }; + + resource."nomad_job"."gitea" = nomadJob { + jobspec = ./job.hcl; + + vars = { + flake_ref = "${flake_host}?rev=${flake_rev}&ref=${flake_ref}"; + flake_sha = flake_sha; + }; + }; +} diff --git a/terranix/containers/gitea/job.hcl b/terranix/containers/gitea/job.hcl new file mode 100644 index 0000000..a744e5c --- /dev/null +++ b/terranix/containers/gitea/job.hcl @@ -0,0 +1,139 @@ +variable "flake_ref" { + type = string +} + +variable "flake_sha" { + type = string +} + +job "gitea" { + datacenters = [ "homelab-1" ] + type = "service" + + constraint { + attribute = "${attr.unique.hostname}" + value = "blowhole" + } + + group "svc" { + count = 1 + + volume "gitea-data" { + type = "csi" + source = "gitea-data" + read_only = false + + attachment_mode = "file-system" + access_mode = "single-node-writer" + } + + volume "gitea-db" { + type = "csi" + source = "gitea-db" + read_only = false + + attachment_mode = "file-system" + access_mode = "single-node-writer" + } + + restart { + attempts = 5 + delay = "5s" + } + + network { + mode = "bridge" + } + + service { + name = "gitea" + port = "3000" + + check { + type = "http" + address_mode = "alloc" + path = "/" + port = "3000" + interval = "2s" + timeout = "2s" + } + + connect { + sidecar_service {} + } + } + + task "app" { + driver = "docker" + + volume_mount { + volume = "gitea-data" + destination = "/data/gitea" + read_only = false + } + + volume_mount { + volume = "gitea-db" + destination = "/var/lib/mysql" + read_only = false + } + + config { + nix_flake_ref = "${var.flake_ref}#nixngSystems.gitea.config.system.build.toplevel" + nix_flake_sha = var.flake_sha + entrypoint = [ "init" ] + + # mounts = [ + # { + # type = "bind" + # target = "/var/nfs/gitea-data" + # source = "/data/gitea" + # options = ["rbind","rw","x-mount.mkdir"] + # } + # ] + } + + env { + USER_UID = "5001" + USER_GID = "5001" + } + + resources { + cpu = 500 + memory = 1024 + } + + vault { + policies = ["gitea-policy"] + } + + template { + data = <