Logs
Patchsets
Patchset ps-1
feat: add pico
Andreas Gruhler
hcl/default/pico/pico.nomad
+135
-0
feat: add pico
This adds pico, a simplistic git collaboration service: * https://github.com/picosh/git-pr I hope that it is useful for other people that would like to contribute some part of code or documentation, but hesitate to open an account with any code "forge" or service like Github, Gitlab, etc..
hcl/default/pico/pico.nomad
+135
-0
1diff --git a/hcl/default/pico/pico.nomad b/hcl/default/pico/pico.nomad
2new file mode 100644
3index 0000000..63c05d8
4--- /dev/null
5+++ b/hcl/default/pico/pico.nomad
6@@ -0,0 +1,135 @@
7+# https://github.com/picosh/git-pr/blob/main/docker-compose.prod.yml
8+job "pico" {
9+ datacenters = ["dc1"]
10+
11+ priority = 80
12+
13+ group "server" {
14+ count = 1
15+
16+ volume "pico" {
17+ type = "csi"
18+ source = "pico"
19+ access_mode = "multi-node-multi-writer"
20+ attachment_mode = "file-system"
21+ }
22+ volume "tls" {
23+ type = "csi"
24+ source = "certbot"
25+ access_mode = "multi-node-multi-writer"
26+ attachment_mode = "file-system"
27+ }
28+
29+ network {
30+ port "web" {
31+ to = 3000
32+ }
33+ port "ssh" {
34+ to = 2222
35+ static = 44405
36+ }
37+ port "https" {
38+ static = 44406
39+ }
40+ }
41+
42+ task "web" {
43+ driver = "podman"
44+
45+ config {
46+ image = "ghcr.io/picosh/pico/git-web:latest"
47+ ports = ["web"]
48+ volumes = [
49+ # mount the templated config from the task directory to the container
50+ "local/git-pr.toml:/app/git-pr.toml",
51+ ]
52+ }
53+
54+ template {
55+ destination = "${NOMAD_TASK_DIR}/.env"
56+ data = file("./templates/.env.tmpl")
57+ env = true
58+ }
59+
60+ template {
61+ destination = "${NOMAD_TASK_DIR}/git-pr.toml"
62+ data = file("./templates/git-pr.toml.tmpl")
63+ }
64+
65+ volume_mount {
66+ volume = "pico"
67+ destination = "/app/data"
68+ }
69+
70+ resources {
71+ memory = 256
72+ memory_max = 512
73+ cpu = 250
74+ }
75+ }
76+
77+ task "ssh" {
78+ driver = "podman"
79+
80+ config {
81+ image = "ghcr.io/picosh/pico/git-ssh:latest"
82+ ports = ["ssh"]
83+ volumes = [
84+ # mount the templated config from the task directory to the container
85+ "local/git-pr.toml:/app/git-pr.toml",
86+ ]
87+ }
88+
89+ template {
90+ destination = "${NOMAD_TASK_DIR}/.env"
91+ data = file("./templates/.env.tmpl")
92+ env = true
93+ }
94+
95+ template {
96+ destination = "${NOMAD_TASK_DIR}/git-pr.toml"
97+ data = file("./templates/git-pr.toml.tmpl")
98+ }
99+
100+ volume_mount {
101+ volume = "pico"
102+ destination = "/app/data"
103+ }
104+
105+ resources {
106+ memory = 256
107+ memory_max = 512
108+ cpu = 250
109+ }
110+ }
111+
112+ task "nginx" {
113+ driver = "podman"
114+
115+ config {
116+ image = "docker.io/library/nginx:stable-alpine"
117+ ports = ["https"]
118+ volumes = [
119+ # mount the templated config from the task directory to the container
120+ "local/pico.conf:/etc/nginx/conf.d/pico.conf",
121+ ]
122+ }
123+
124+ volume_mount {
125+ volume = "tls"
126+ destination = "/etc/letsencrypt"
127+ }
128+
129+ template {
130+ destination = "${NOMAD_TASK_DIR}/pico.conf"
131+ data = file("./templates/nginx.conf.tmpl")
132+ }
133+
134+ resources {
135+ memory = 50
136+ memory_max = 128
137+ cpu = 200
138+ }
139+ }
140+ }
141+}
1diff --git a/hcl/default/pico/templates/.env.tmpl b/hcl/default/pico/templates/.env.tmpl
2new file mode 100644
3index 0000000..79e46f0
4--- /dev/null
5+++ b/hcl/default/pico/templates/.env.tmpl
6@@ -0,0 +1,14 @@
7+# https://github.com/picosh/git-pr/blob/main/.env.example
8+CF_API_TOKEN=
9+
10+GITPR_V4=
11+GITPR_V6=
12+GITPR_HTTP_V4=$GIT_V4:80
13+GITPR_HTTP_V6=[$GIT_V6]:80
14+GITPR_HTTPS_V4=$GIT_V4:443
15+GITPR_HTTPS_V6=[$GIT_V6]:443
16+GITPR_SSH_V4=$GIT_V4:22
17+GITPR_SSH_V6=[$GIT_V6]:22
18+GITPR_HOST=
19+GITPR_SSH_PORT=2222
20+GITPR_WEB_PORT=3000
1diff --git a/hcl/default/pico/templates/git-pr.toml.tmpl b/hcl/default/pico/templates/git-pr.toml.tmpl
2new file mode 100644
3index 0000000..9e84843
4--- /dev/null
5+++ b/hcl/default/pico/templates/git-pr.toml.tmpl
6@@ -0,0 +1,15 @@
7+# url is used for help commands, exclude protocol
8+url = "-p 2222 pr.in0rdr.ch"
9+# where we store the sqlite db, this toml file, git repos, and ssh host keys
10+data_dir = "./data"
11+# this gives users the ability to submit reviews and other admin permissions
12+admins = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SnNAxEnre9hcPD74wNAouuXMgfIzwsB7qr88xSb8WS8CKqZGXzaQgebc0YExfV7PGyV6KUfu4KUvS1xDboRbU6ZLU4HdGlAi+hdv8dVVzdzCgFmdv5BEGam0SMhlzReWRiDvae0pObAPvAFg5ab6B/t1LjOosBOpPo2JfEkR6zfjDrMCYdEjWB5To1p5AX0BJneTiIeiEqR/05mZUk5L8hMFmwvm8QThd+SzpLY3zgWlWG7TlUQwx78xvell9KC0GChhwlkeEAwE3q1tq/LbgzvtY140Fg0bbBGcYQI4UvG85xfTfpbHeQ1RkSB8Rb8pMkaN7mT+3qhe08cHT9v3"]
13+# set datetime format for our clients
14+time_format = "2006-01-02"
15+
16+# add as many repos as you want
17+[[repo]]
18+id = "nomad"
19+default_branch = "master"
20+clone_addr = "https://git.in0rdr.ch/nomad.git"
21+desc = "HCL and Docker files for Nomad deployments"
1diff --git a/hcl/default/pico/templates/nginx.conf.tmpl b/hcl/default/pico/templates/nginx.conf.tmpl
2new file mode 100644
3index 0000000..35c123b
4--- /dev/null
5+++ b/hcl/default/pico/templates/nginx.conf.tmpl
6@@ -0,0 +1,10 @@
7+server {
8+ listen {{ env "NOMAD_PORT_https" }} ssl;
9+
10+ ssl_certificate /etc/letsencrypt/live/pr.in0rdr.ch/fullchain.pem;
11+ ssl_certificate_key /etc/letsencrypt/live/pr.in0rdr.ch/privkey.pem;
12+
13+ location / {
14+ proxy_pass http://{{ env "NOMAD_ADDR_web" }};
15+ }
16+}
1diff --git a/hcl/default/pico/volume-pico.hcl b/hcl/default/pico/volume-pico.hcl
2new file mode 100644
3index 0000000..9e42145
4--- /dev/null
5+++ b/hcl/default/pico/volume-pico.hcl
6@@ -0,0 +1,31 @@
7+# Register external nfs volume with Nomad CSI
8+# https://www.nomadproject.io/docs/commands/volume/register
9+type = "csi"
10+# Unique ID of the volume, volume.source field in a job
11+id = "pico"
12+# Display name of the volume.
13+name = "pico"
14+# ID of the physical volume from the storage provider
15+external_id = "csi-pico"
16+plugin_id = "nfs"
17+
18+# You must provide at least one capability block
19+# You must provide a block for each capability
20+# youintend to use in a job's volume block
21+# https://www.nomadproject.io/docs/commands/volume/register
22+capability {
23+ access_mode = "multi-node-multi-writer"
24+ attachment_mode = "file-system"
25+}
26+
27+# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md
28+context {
29+ server = "turris"
30+ share = "csi-pico"
31+}
32+
33+mount_options {
34+ # mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
35+ mount_flags = ["nolock"]
36+}
37+