dashboard / nomad / feat: add pico #1 rss

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

diff --git a/hcl/default/pico/pico.nomad b/hcl/default/pico/pico.nomad
new file mode 100644
index 0000000..63c05d8
--- /dev/null
+++ b/hcl/default/pico/pico.nomad
@@ -0,0 +1,135 @@
+# https://github.com/picosh/git-pr/blob/main/docker-compose.prod.yml
+job "pico" {
+  datacenters = ["dc1"]
+
+  priority = 80
+
+  group "server" {
+    count = 1
+
+    volume "pico" {
+      type = "csi"
+      source = "pico"
+      access_mode = "multi-node-multi-writer"
+      attachment_mode = "file-system"
+    }
+    volume "tls" {
+      type = "csi"
+      source = "certbot"
+      access_mode = "multi-node-multi-writer"
+      attachment_mode = "file-system"
+    }
+
+    network {
+      port "web" {
+        to = 3000
+      }
+      port "ssh" {
+        to = 2222
+        static = 44405
+      }
+      port "https" {
+        static = 44406
+      }
+    }
+
+    task "web" {
+      driver = "podman"
+
+      config {
+        image = "ghcr.io/picosh/pico/git-web:latest"
+        ports = ["web"]
+        volumes = [
+          # mount the templated config from the task directory to the container
+          "local/git-pr.toml:/app/git-pr.toml",
+        ]
+      }
+
+      template {
+        destination = "${NOMAD_TASK_DIR}/.env"
+        data = file("./templates/.env.tmpl")
+        env = true
+      }
+
+      template {
+        destination = "${NOMAD_TASK_DIR}/git-pr.toml"
+        data = file("./templates/git-pr.toml.tmpl")
+      }
+
+      volume_mount {
+        volume = "pico"
+        destination = "/app/data"
+      }
+
+      resources {
+        memory = 256
+        memory_max = 512
+        cpu    = 250
+      }
+    }
+
+    task "ssh" {
+      driver = "podman"
+
+      config {
+        image = "ghcr.io/picosh/pico/git-ssh:latest"
+        ports = ["ssh"]
+        volumes = [
+          # mount the templated config from the task directory to the container
+          "local/git-pr.toml:/app/git-pr.toml",
+        ]
+      }
+
+      template {
+        destination = "${NOMAD_TASK_DIR}/.env"
+        data = file("./templates/.env.tmpl")
+        env = true
+      }
+
+      template {
+        destination = "${NOMAD_TASK_DIR}/git-pr.toml"
+        data = file("./templates/git-pr.toml.tmpl")
+      }
+
+      volume_mount {
+        volume = "pico"
+        destination = "/app/data"
+      }
+
+      resources {
+        memory = 256
+        memory_max = 512
+        cpu    = 250
+      }
+    }
+
+    task "nginx" {
+      driver = "podman"
+
+      config {
+        image = "docker.io/library/nginx:stable-alpine"
+        ports = ["https"]
+        volumes = [
+          # mount the templated config from the task directory to the container
+          "local/pico.conf:/etc/nginx/conf.d/pico.conf",
+        ]
+      }
+
+      volume_mount {
+        volume = "tls"
+        destination = "/etc/letsencrypt"
+      }
+
+      template {
+        destination = "${NOMAD_TASK_DIR}/pico.conf"
+        data = file("./templates/nginx.conf.tmpl")
+      }
+
+      resources {
+        memory = 50
+        memory_max = 128
+        cpu    = 200
+      }
+    }
+  }
+}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

diff --git a/hcl/default/pico/templates/.env.tmpl b/hcl/default/pico/templates/.env.tmpl
new file mode 100644
index 0000000..79e46f0
--- /dev/null
+++ b/hcl/default/pico/templates/.env.tmpl
@@ -0,0 +1,14 @@
+# https://github.com/picosh/git-pr/blob/main/.env.example
+CF_API_TOKEN=
+
+GITPR_V4=
+GITPR_V6=
+GITPR_HTTP_V4=$GIT_V4:80
+GITPR_HTTP_V6=[$GIT_V6]:80
+GITPR_HTTPS_V4=$GIT_V4:443
+GITPR_HTTPS_V6=[$GIT_V6]:443
+GITPR_SSH_V4=$GIT_V4:22
+GITPR_SSH_V6=[$GIT_V6]:22
+GITPR_HOST=
+GITPR_SSH_PORT=2222
+GITPR_WEB_PORT=3000

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

diff --git a/hcl/default/pico/templates/git-pr.toml.tmpl b/hcl/default/pico/templates/git-pr.toml.tmpl
new file mode 100644
index 0000000..9e84843
--- /dev/null
+++ b/hcl/default/pico/templates/git-pr.toml.tmpl
@@ -0,0 +1,15 @@
+# url is used for help commands, exclude protocol
+url = "-p 2222 pr.in0rdr.ch"
+# where we store the sqlite db, this toml file, git repos, and ssh host keys
+data_dir = "./data"
+# this gives users the ability to submit reviews and other admin permissions
+admins = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SnNAxEnre9hcPD74wNAouuXMgfIzwsB7qr88xSb8WS8CKqZGXzaQgebc0YExfV7PGyV6KUfu4KUvS1xDboRbU6ZLU4HdGlAi+hdv8dVVzdzCgFmdv5BEGam0SMhlzReWRiDvae0pObAPvAFg5ab6B/t1LjOosBOpPo2JfEkR6zfjDrMCYdEjWB5To1p5AX0BJneTiIeiEqR/05mZUk5L8hMFmwvm8QThd+SzpLY3zgWlWG7TlUQwx78xvell9KC0GChhwlkeEAwE3q1tq/LbgzvtY140Fg0bbBGcYQI4UvG85xfTfpbHeQ1RkSB8Rb8pMkaN7mT+3qhe08cHT9v3"]
+# set datetime format for our clients
+time_format = "2006-01-02"
+
+# add as many repos as you want
+[[repo]]
+id = "nomad"
+default_branch = "master"
+clone_addr = "https://git.in0rdr.ch/nomad.git"
+desc = "HCL and Docker files for Nomad deployments"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

diff --git a/hcl/default/pico/templates/nginx.conf.tmpl b/hcl/default/pico/templates/nginx.conf.tmpl
new file mode 100644
index 0000000..35c123b
--- /dev/null
+++ b/hcl/default/pico/templates/nginx.conf.tmpl
@@ -0,0 +1,10 @@
+server {
+    listen               {{ env "NOMAD_PORT_https" }} ssl;
+
+    ssl_certificate      /etc/letsencrypt/live/pr.in0rdr.ch/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/pr.in0rdr.ch/privkey.pem;
+
+    location / {
+        proxy_pass       http://{{ env "NOMAD_ADDR_web" }};
+    }
+}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

diff --git a/hcl/default/pico/volume-pico.hcl b/hcl/default/pico/volume-pico.hcl
new file mode 100644
index 0000000..9e42145
--- /dev/null
+++ b/hcl/default/pico/volume-pico.hcl
@@ -0,0 +1,31 @@
+# Register external nfs volume with Nomad CSI
+# https://www.nomadproject.io/docs/commands/volume/register
+type = "csi"
+# Unique ID of the volume, volume.source field in a job
+id = "pico"
+# Display name of the volume.
+name = "pico"
+# ID of the physical volume from the storage provider
+external_id = "csi-pico"
+plugin_id = "nfs"
+
+# You must provide at least one capability block
+# You must provide a block for each capability
+# youintend to use in a job's volume block
+# https://www.nomadproject.io/docs/commands/volume/register
+capability {
+  access_mode = "multi-node-multi-writer"
+  attachment_mode = "file-system"
+}
+
+# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md
+context {
+  server = "turris"
+  share = "csi-pico"
+}
+
+mount_options {
+  # mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
+  mount_flags = ["nolock"]
+}
+