bundlewrap/bundles/woodpecker-server/metadata.py

from bundlewrap.metadata import atomic

defaults = {
    'postgresql': {
        'roles': {
            'woodpecker': {
                'password': repo.vault.password_for(f'{node.name} postgresql woodpecker'),
            },
        },
        'databases': {
            'woodpecker': {
                'owner': 'woodpecker',
            },
        },
    },
    'woodpecker-server': {
        'environment': {
            'WOODPECKER_AGENT_SECRET': repo.vault.password_for(f'{node.name} WOODPECKER_AGENT_SECRET'),
            'WOODPECKER_DATABASE_DATASOURCE': repo.vault.password_for(f'{node.name} postgresql woodpecker').format_into(
                'postgres://woodpecker:{}@localhost/woodpecker?sslmode=disable'
            ),
            'WOODPECKER_DATABASE_DRIVER': 'postgres',
            'WOODPECKER_GRPC_ADDR': ':22101',
            'WOODPECKER_LOG_LEVEL': 'warn',
            'WOODPECKER_OPEN': 'true',
            'WOODPECKER_SERVER_ADDR': ':22100',
        },
    },
}


@metadata_reactor.provides(
    'nginx/vhosts/woodpecker-server',
    'woodpecker-server/environment/WOODPECKER_HOST',
)
def nginx(metadata):
    if not node.has_bundle('nginx'):
        raise DoNotRunAgain

    ssl = metadata.get('nginx/vhosts/woodpecker-server/ssl', 'letsencrypt')
    domain = metadata.get('woodpecker-server/domain')
    prefix = 'https' if ssl else 'http'

    return {
        'nginx': {
            'vhosts': {
                'woodpecker-server': {
                    'domain': domain,
                    'locations': {
                        '/': {
                            'target': 'http://127.0.0.1:22100',
                            'additional_config': {
                                'proxy_redirect off',
                                'chunked_transfer_encoding off',
                            },
                        },
                        '/metrics': {
                            'return': 403,
                        },
                        '/debug': {
                            'return': 403,
                        },
                    },
                    'website_check_path': '/do-login',
                    'website_check_string': 'Woodpecker',
                },
            },
        },
        'woodpecker-server': {
            'environment': {
                'WOODPECKER_HOST': f'{prefix}://{domain}',
            },
        },
    }


@metadata_reactor.provides(
    'firewall/port_rules',
)
def firewall(metadata):
    port = metadata.get('woodpecker-server/environment/WOODPECKER_GRPC_ADDR')[1:]
    agents = set()

    for node in repo.nodes:
        if node.has_bundle('woodpecker-agent'):
            agents.add(node.name)

    return {
        'firewall': {
            'port_rules': {
                port: atomic(agents),
            },
        },
    }
add bundle:woodpecker-server 2022-12-22 18:02:52 +00:00			`from bundlewrap.metadata import atomic`

			`defaults = {`
			`'postgresql': {`
			`'roles': {`
			`'woodpecker': {`
			`'password': repo.vault.password_for(f'{node.name} postgresql woodpecker'),`
			`},`
			`},`
			`'databases': {`
			`'woodpecker': {`
			`'owner': 'woodpecker',`
			`},`
			`},`
			`},`
			`'woodpecker-server': {`
			`'environment': {`
			`'WOODPECKER_AGENT_SECRET': repo.vault.password_for(f'{node.name} WOODPECKER_AGENT_SECRET'),`
			`'WOODPECKER_DATABASE_DATASOURCE': repo.vault.password_for(f'{node.name} postgresql woodpecker').format_into(`
			`'postgres://woodpecker:{}@localhost/woodpecker?sslmode=disable'`
			`),`
			`'WOODPECKER_DATABASE_DRIVER': 'postgres',`
			`'WOODPECKER_GRPC_ADDR': ':22101',`
			`'WOODPECKER_LOG_LEVEL': 'warn',`
			`'WOODPECKER_OPEN': 'true',`
			`'WOODPECKER_SERVER_ADDR': ':22100',`
			`},`
			`},`
			`}`


			`@metadata_reactor.provides(`
			`'nginx/vhosts/woodpecker-server',`
			`'woodpecker-server/environment/WOODPECKER_HOST',`
			`)`
			`def nginx(metadata):`
			`if not node.has_bundle('nginx'):`
			`raise DoNotRunAgain`

			`ssl = metadata.get('nginx/vhosts/woodpecker-server/ssl', 'letsencrypt')`
			`domain = metadata.get('woodpecker-server/domain')`
			`prefix = 'https' if ssl else 'http'`

			`return {`
			`'nginx': {`
			`'vhosts': {`
			`'woodpecker-server': {`
			`'domain': domain,`
			`'locations': {`
			`'/': {`
			`'target': 'http://127.0.0.1:22100',`
			`'additional_config': {`
			`'proxy_redirect off',`
			`'chunked_transfer_encoding off',`
			`},`
			`},`
			`'/metrics': {`
			`'return': 403,`
			`},`
			`'/debug': {`
			`'return': 403,`
			`},`
			`},`
			`'website_check_path': '/do-login',`
			`'website_check_string': 'Woodpecker',`
			`},`
			`},`
			`},`
			`'woodpecker-server': {`
			`'environment': {`
			`'WOODPECKER_HOST': f'{prefix}://{domain}',`
			`},`
			`},`
			`}`


			`@metadata_reactor.provides(`
			`'firewall/port_rules',`
			`)`
			`def firewall(metadata):`
			`port = metadata.get('woodpecker-server/environment/WOODPECKER_GRPC_ADDR')[1:]`
			`agents = set()`

			`for node in repo.nodes:`
			`if node.has_bundle('woodpecker-agent'):`
			`agents.add(node.name)`

			`return {`
			`'firewall': {`
			`'port_rules': {`
			`port: atomic(agents),`
			`},`
			`},`
			`}`