CI: woodpecker #57
15 changed files with 479 additions and 1 deletions
26
.woodpecker/bw-test.yml
Normal file
26
.woodpecker/bw-test.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
pipeline:
|
||||||
|
install-deps:
|
||||||
|
image: python:3.10-slim
|
||||||
|
commands:
|
||||||
|
- pip install -r requirements.txt
|
||||||
|
|
||||||
|
test-dummymode:
|
||||||
|
image: python:3.10-slim
|
||||||
|
commands:
|
||||||
|
- bw test
|
||||||
|
environment:
|
||||||
|
BW_VAULT_DUMMY_MODE: 1
|
||||||
|
BW_PASS_DUMMY_MODE: 1
|
||||||
|
|
||||||
|
test-ignore-missing-faults:
|
||||||
|
image: python:3.10-slim
|
||||||
|
commands:
|
||||||
|
- bw test --ignore-missing-faults
|
||||||
|
|
||||||
|
test-determinism:
|
||||||
|
image: python:3.10-slim
|
||||||
|
commands:
|
||||||
|
- bw test --metadata-determinism 3 --config-determinism 3
|
||||||
|
environment:
|
||||||
|
BW_VAULT_DUMMY_MODE: 1
|
||||||
|
BW_PASS_DUMMY_MODE: 1
|
8
.woodpecker/editorconfig.yml
Normal file
8
.woodpecker/editorconfig.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
pipeline:
|
||||||
|
editorconfig:
|
||||||
|
image: alpine:latest
|
||||||
|
commands:
|
||||||
|
- wget -O ec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/latest/download/ec-linux-amd64.tar.gz
|
||||||
|
- tar -xzf ec-linux-amd64.tar.gz
|
||||||
|
- rm ec-linux-amd64.tar.gz
|
||||||
|
- bin/ec-linux-amd64 -no-color -exclude '^bin/'
|
|
@ -45,6 +45,8 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
|
||||||
| 22060 | pretalx | gunicorn |
|
| 22060 | pretalx | gunicorn |
|
||||||
| 22070 | paperless-ng | gunicorn |
|
| 22070 | paperless-ng | gunicorn |
|
||||||
| 22080 | netbox | gunicorn |
|
| 22080 | netbox | gunicorn |
|
||||||
|
| 22100 | woodpecker-server | http |
|
||||||
|
| 22101 | woodpecker-server | gRPC |
|
||||||
| 22999 | nginx | stub_status |
|
| 22999 | nginx | stub_status |
|
||||||
| 22100 | ntfy | http |
|
| 22100 | ntfy | http |
|
||||||
|
|
||||||
|
|
11
bundles/docker-ce/items.py
Normal file
11
bundles/docker-ce/items.py
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
from bundlewrap.metadata import metadata_to_json
|
||||||
|
|
||||||
|
files['/etc/docker/daemon.json'] = {
|
||||||
|
'content': metadata_to_json({
|
||||||
|
'iptables': False,
|
||||||
|
}),
|
||||||
|
'before': {
|
||||||
|
'pkg_apt:docker-ce',
|
||||||
|
'pkg_apt:docker-ce-cli',
|
||||||
|
}
|
||||||
|
}
|
36
bundles/docker-ce/metadata.py
Normal file
36
bundles/docker-ce/metadata.py
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
defaults = {
|
||||||
|
'apt': {
|
||||||
|
'repos': {
|
||||||
|
'docker': {
|
||||||
|
'items': {
|
||||||
|
'deb https://download.docker.com/linux/debian {os_release} stable',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'packages': {
|
||||||
|
'docker-ce': {},
|
||||||
|
'docker-ce-cli': {},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor.provides(
|
||||||
|
'nftables/rules/00-docker-ce',
|
||||||
|
)
|
||||||
|
def nftables_nat(metadata):
|
||||||
|
rules = {
|
||||||
|
'inet filter forward ct state { related, established } accept',
|
||||||
|
'inet filter forward iifname docker0 accept',
|
||||||
|
}
|
||||||
|
|
||||||
|
for iface in metadata.get('interfaces'):
|
||||||
|
rules.add(f'nat postrouting oifname {iface} masquerade')
|
||||||
|
|
||||||
|
return {
|
||||||
|
'nftables': {
|
||||||
|
'rules': {
|
||||||
|
'00-docker-ce': sorted(rules),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
|
@ -25,7 +25,7 @@ defaults = {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if not node.has_bundle('vmhost'):
|
if not node.has_bundle('vmhost') and not node.has_bundle('docker-ce'):
|
||||||
# see comment in bundles/vmhost/items.py
|
# see comment in bundles/vmhost/items.py
|
||||||
defaults['apt']['packages']['iptables'] = {
|
defaults['apt']['packages']['iptables'] = {
|
||||||
'installed': False,
|
'installed': False,
|
||||||
|
|
42
bundles/woodpecker-agent/files/woodpecker-agent.service
Normal file
42
bundles/woodpecker-agent/files/woodpecker-agent.service
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
[Unit]
|
||||||
|
Description=woodpecker ci agent
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
RestartSec=2s
|
||||||
|
Type=simple
|
||||||
|
User=woodpecker
|
||||||
|
Group=woodpecker
|
||||||
|
WorkingDirectory=/var/lib/woodpecker
|
||||||
|
ExecStart=/usr/local/bin/woodpecker-agent
|
||||||
|
Restart=always
|
||||||
|
ReadWritePaths=/var/lib/woodpecker
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
NoNewPrivileges=true
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectHome=true
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
PrivateUsers=true
|
||||||
|
ProtectHostname=true
|
||||||
|
ProtectClock=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||||
|
LockPersonality=true
|
||||||
|
MemoryDenyWriteExecute=true
|
||||||
|
RestrictRealtime=true
|
||||||
|
RestrictSUIDSGID=true
|
||||||
|
PrivateMounts=true
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap
|
||||||
|
|
||||||
|
% for k, v in sorted(env.items()):
|
||||||
|
Environment=${k}=${v}
|
||||||
|
% endfor
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
43
bundles/woodpecker-agent/items.py
Normal file
43
bundles/woodpecker-agent/items.py
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
version = node.metadata.get('woodpecker-agent/version')
|
||||||
|
|
||||||
|
directories['/var/lib/woodpecker'] = {
|
||||||
|
'owner': 'woodpecker',
|
||||||
|
}
|
||||||
|
|
||||||
|
actions['install_woodpecker-agent'] = {
|
||||||
|
'command': ' && '.join([
|
||||||
|
f'wget -q -O/tmp/woodpecker-agent.deb https://github.com/woodpecker-ci/woodpecker/releases/download/v{version}/woodpecker-agent_{version}_amd64.deb',
|
||||||
|
'dpkg -i /tmp/woodpecker-agent.deb',
|
||||||
|
]),
|
||||||
|
'unless': f'''bash -c "[[ \"$(woodpecker-agent --version | cut -d' ' -f3)\" == "{version}" ]]"''',
|
||||||
|
'triggers': {
|
||||||
|
'svc_systemd:woodpecker-agent:restart',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
files['/usr/local/lib/systemd/system/woodpecker-agent.service'] = {
|
||||||
|
'content_type': 'mako',
|
||||||
|
'context': {
|
||||||
|
'env': node.metadata.get('woodpecker-agent/environment'),
|
||||||
|
},
|
||||||
|
'triggers': {
|
||||||
|
'action:systemd-reload',
|
||||||
|
'svc_systemd:woodpecker-agent:restart',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
svc_systemd['woodpecker-agent'] = {
|
||||||
|
'after': {
|
||||||
|
# to make sure we have docker and other eventual dependencies
|
||||||
|
'pkg_apt:',
|
||||||
|
},
|
||||||
|
'needs': {
|
||||||
|
'action:install_woodpecker-agent',
|
||||||
|
'file:/usr/local/lib/systemd/system/woodpecker-agent.service',
|
||||||
|
'user:woodpecker',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
users['woodpecker'] = {
|
||||||
|
'home': '/var/lib/woodpecker',
|
||||||
|
}
|
30
bundles/woodpecker-agent/metadata.py
Normal file
30
bundles/woodpecker-agent/metadata.py
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
@metadata_reactor.provides(
|
||||||
|
'woodpecker-agent/environment',
|
||||||
|
'woodpecker-agent/version',
|
||||||
|
)
|
||||||
|
def environment(metadata):
|
||||||
|
env = {}
|
||||||
|
server = repo.get_node(metadata.get('woodpecker-agent/server'))
|
||||||
|
|
||||||
|
domain = server.metadata.get('woodpecker-server/domain')
|
||||||
|
port = server.metadata.get('woodpecker-server/environment/WOODPECKER_GRPC_ADDR')
|
||||||
|
env['WOODPECKER_SERVER'] = f'{domain}{port}'
|
||||||
|
|
||||||
|
env['WOODPECKER_AGENT_SECRET'] = server.metadata.get('woodpecker-server/environment/WOODPECKER_AGENT_SECRET')
|
||||||
|
|
||||||
|
env['WOODPECKER_MAX_PROCS'] = int(int(metadata.get('vm/cpu'))/2)
|
||||||
|
|
||||||
|
env['WOODPECKER_HOSTNAME'] = metadata.get('hostname')
|
||||||
|
|
||||||
|
env['WOODPECKER_LOG_LEVEL'] = server.metadata.get('woodpecker-server/environment/WOODPECKER_LOG_LEVEL')
|
||||||
|
|
||||||
|
debug = server.metadata.get('woodpecker-server/environment/GODEBUG', None)
|
||||||
|
if debug:
|
||||||
|
env['GODEBUG'] = debug
|
||||||
|
|
||||||
|
return {
|
||||||
|
'woodpecker-agent': {
|
||||||
|
'environment': env,
|
||||||
|
'version': server.metadata.get('woodpecker-server/version'),
|
||||||
|
},
|
||||||
|
}
|
43
bundles/woodpecker-server/files/woodpecker-server.service
Normal file
43
bundles/woodpecker-server/files/woodpecker-server.service
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
[Unit]
|
||||||
|
Description=woodpecker ci
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
Requires=postgresql.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
RestartSec=2s
|
||||||
|
Type=simple
|
||||||
|
User=woodpecker
|
||||||
|
Group=woodpecker
|
||||||
|
WorkingDirectory=/var/lib/woodpecker
|
||||||
|
ExecStart=/usr/local/bin/woodpecker-server
|
||||||
|
Restart=always
|
||||||
|
ReadWritePaths=/var/lib/woodpecker
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
NoNewPrivileges=true
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectHome=true
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
PrivateUsers=true
|
||||||
|
ProtectHostname=true
|
||||||
|
ProtectClock=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||||
|
LockPersonality=true
|
||||||
|
MemoryDenyWriteExecute=true
|
||||||
|
RestrictRealtime=true
|
||||||
|
RestrictSUIDSGID=true
|
||||||
|
PrivateMounts=true
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap
|
||||||
|
|
||||||
|
% for k, v in sorted(env.items()):
|
||||||
|
Environment=${k}=${v}
|
||||||
|
% endfor
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
41
bundles/woodpecker-server/items.py
Normal file
41
bundles/woodpecker-server/items.py
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
version = node.metadata.get('woodpecker-server/version')
|
||||||
|
|
||||||
|
directories['/var/lib/woodpecker'] = {
|
||||||
|
'owner': 'woodpecker',
|
||||||
|
}
|
||||||
|
|
||||||
|
actions['install_woodpecker-server'] = {
|
||||||
|
'command': ' && '.join([
|
||||||
|
f'wget -q -O/tmp/woodpecker-server.deb https://github.com/woodpecker-ci/woodpecker/releases/download/v{version}/woodpecker-server_{version}_amd64.deb',
|
||||||
|
'dpkg -i /tmp/woodpecker-server.deb',
|
||||||
|
]),
|
||||||
|
'unless': f'''bash -c "[[ \"$(woodpecker-server --version | cut -d' ' -f3)\" == "{version}" ]]"''',
|
||||||
|
'triggers': {
|
||||||
|
'svc_systemd:woodpecker-server:restart',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
files['/usr/local/lib/systemd/system/woodpecker-server.service'] = {
|
||||||
|
'content_type': 'mako',
|
||||||
|
'context': {
|
||||||
|
'env': node.metadata.get('woodpecker-server/environment'),
|
||||||
|
},
|
||||||
|
'triggers': {
|
||||||
|
'action:systemd-reload',
|
||||||
|
'svc_systemd:woodpecker-server:restart',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
svc_systemd['woodpecker-server'] = {
|
||||||
|
'needs': {
|
||||||
|
'action:install_woodpecker-server',
|
||||||
|
'file:/usr/local/lib/systemd/system/woodpecker-server.service',
|
||||||
|
'postgres_db:woodpecker',
|
||||||
|
'postgres_role:woodpecker',
|
||||||
|
'user:woodpecker',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
users['woodpecker'] = {
|
||||||
|
'home': '/var/lib/woodpecker',
|
||||||
|
}
|
98
bundles/woodpecker-server/metadata.py
Normal file
98
bundles/woodpecker-server/metadata.py
Normal file
|
@ -0,0 +1,98 @@
|
||||||
|
from bundlewrap.metadata import atomic
|
||||||
|
|
||||||
|
defaults = {
|
||||||
|
'postgresql': {
|
||||||
|
'roles': {
|
||||||
|
'woodpecker': {
|
||||||
|
'password': repo.vault.password_for(f'{node.name} postgresql woodpecker'),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'databases': {
|
||||||
|
'woodpecker': {
|
||||||
|
'owner': 'woodpecker',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'woodpecker-server': {
|
||||||
|
'environment': {
|
||||||
|
'WOODPECKER_AGENT_SECRET': repo.vault.password_for(f'{node.name} WOODPECKER_AGENT_SECRET'),
|
||||||
|
'WOODPECKER_DATABASE_DATASOURCE': repo.vault.password_for(f'{node.name} postgresql woodpecker').format_into(
|
||||||
|
'postgres://woodpecker:{}@localhost/woodpecker?sslmode=disable'
|
||||||
|
),
|
||||||
|
'WOODPECKER_DATABASE_DRIVER': 'postgres',
|
||||||
|
'WOODPECKER_GRPC_ADDR': ':22101',
|
||||||
|
'WOODPECKER_LOG_LEVEL': 'warn',
|
||||||
|
'WOODPECKER_OPEN': 'true',
|
||||||
|
'WOODPECKER_SERVER_ADDR': ':22100',
|
||||||
|
|
||||||
|
# https://github.com/woodpecker-ci/woodpecker/issues/1497
|
||||||
|
# https://github.com/woodpecker-ci/woodpecker/issues/748
|
||||||
|
'GODEBUG': 'netdns=go'
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor.provides(
|
||||||
|
'nginx/vhosts/woodpecker-server',
|
||||||
|
'woodpecker-server/environment/WOODPECKER_HOST',
|
||||||
|
)
|
||||||
|
def nginx(metadata):
|
||||||
|
if not node.has_bundle('nginx'):
|
||||||
|
raise DoNotRunAgain
|
||||||
|
|
||||||
|
ssl = metadata.get('nginx/vhosts/woodpecker-server/ssl', 'letsencrypt')
|
||||||
|
domain = metadata.get('woodpecker-server/domain')
|
||||||
|
prefix = 'https' if ssl else 'http'
|
||||||
|
|
||||||
|
return {
|
||||||
|
'nginx': {
|
||||||
|
'vhosts': {
|
||||||
|
'woodpecker-server': {
|
||||||
|
'domain': domain,
|
||||||
|
'locations': {
|
||||||
|
'/': {
|
||||||
|
'target': 'http://127.0.0.1:22100',
|
||||||
|
'additional_config': {
|
||||||
|
'proxy_redirect off',
|
||||||
|
'chunked_transfer_encoding off',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'/metrics': {
|
||||||
|
'return': 403,
|
||||||
|
},
|
||||||
|
'/debug': {
|
||||||
|
'return': 403,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'website_check_path': '/do-login',
|
||||||
|
'website_check_string': 'Woodpecker',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'woodpecker-server': {
|
||||||
|
'environment': {
|
||||||
|
'WOODPECKER_HOST': f'{prefix}://{domain}',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor.provides(
|
||||||
|
'firewall/port_rules',
|
||||||
|
)
|
||||||
|
def firewall(metadata):
|
||||||
|
port = metadata.get('woodpecker-server/environment/WOODPECKER_GRPC_ADDR')[1:]
|
||||||
|
agents = set()
|
||||||
|
|
||||||
|
for node in repo.nodes:
|
||||||
|
if node.has_bundle('woodpecker-agent'):
|
||||||
|
agents.add(node.name)
|
||||||
|
|
||||||
|
return {
|
||||||
|
'firewall': {
|
||||||
|
'port_rules': {
|
||||||
|
port: atomic(agents),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
62
data/apt/files/gpg-keys/docker.asc
Normal file
62
data/apt/files/gpg-keys/docker.asc
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
|
||||||
|
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
|
||||||
|
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
|
||||||
|
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
|
||||||
|
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
|
||||||
|
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
|
||||||
|
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
|
||||||
|
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
|
||||||
|
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
|
||||||
|
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
|
||||||
|
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
|
||||||
|
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
|
||||||
|
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
|
||||||
|
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
|
||||||
|
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
|
||||||
|
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
|
||||||
|
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
|
||||||
|
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
|
||||||
|
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
|
||||||
|
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
|
||||||
|
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
|
||||||
|
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
|
||||||
|
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
|
||||||
|
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
|
||||||
|
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
|
||||||
|
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
|
||||||
|
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
|
||||||
|
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
|
||||||
|
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
|
||||||
|
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
|
||||||
|
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
|
||||||
|
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
|
||||||
|
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
|
||||||
|
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
|
||||||
|
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
|
||||||
|
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
|
||||||
|
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
|
||||||
|
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
|
||||||
|
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
|
||||||
|
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
|
||||||
|
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
|
||||||
|
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
|
||||||
|
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
|
||||||
|
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
|
||||||
|
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
|
||||||
|
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
|
||||||
|
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
|
||||||
|
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
|
||||||
|
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
|
||||||
|
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
|
||||||
|
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
|
||||||
|
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
|
||||||
|
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
|
||||||
|
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
|
||||||
|
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
|
||||||
|
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
|
||||||
|
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
|
||||||
|
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
|
||||||
|
=0YYh
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -35,6 +35,7 @@ nodes['rx300'] = {
|
||||||
'travelynx',
|
'travelynx',
|
||||||
'unbound',
|
'unbound',
|
||||||
'vmhost',
|
'vmhost',
|
||||||
|
'woodpecker-server',
|
||||||
'zfs',
|
'zfs',
|
||||||
},
|
},
|
||||||
'groups': {
|
'groups': {
|
||||||
|
@ -334,6 +335,7 @@ nodes['rx300'] = {
|
||||||
'netbox': {'ssl': '_.franzi.business'},
|
'netbox': {'ssl': '_.franzi.business'},
|
||||||
'radicale': {'ssl': '_.franzi.business'},
|
'radicale': {'ssl': '_.franzi.business'},
|
||||||
'travelynx': {'ssl': '_.franzi.business'},
|
'travelynx': {'ssl': '_.franzi.business'},
|
||||||
|
'woodpecker-server': {'ssl': '_.franzi.business'},
|
||||||
'daskritzelt-redirect': {
|
'daskritzelt-redirect': {
|
||||||
'domain': 'die-brontosaurier-waren-es.org',
|
'domain': 'die-brontosaurier-waren-es.org',
|
||||||
'ssl': None,
|
'ssl': None,
|
||||||
|
@ -535,6 +537,16 @@ nodes['rx300'] = {
|
||||||
'enable_linger': True,
|
'enable_linger': True,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
'woodpecker-server': {
|
||||||
|
'domain': 'woodpecker.franzi.business',
|
||||||
|
'version': '0.15.6',
|
||||||
|
'environment': {
|
||||||
|
'WOODPECKER_GITEA': 'true',
|
||||||
|
'WOODPECKER_GITEA_URL': 'https://git.franzi.business',
|
||||||
|
'WOODPECKER_GITEA_CLIENT': vault.decrypt('encrypt$gAAAAABjpJJQkNyG2B2ThT5yrkGnrPoM33bVYNTyLcuaas4_7ewBRrDb-KO2-JIM895fdI6U6NO8wHQ3gKBxBBYUtt-xgbWW1j4iUrzyt7KhqswSNBIBFfce80UmQ5UuOHsaFPVyyd1W'),
|
||||||
|
'WOODPECKER_GITEA_SECRET': vault.decrypt('encrypt$gAAAAABjpJJW95MaCPnK2ngkGf1DLBmV8Y_K6B0Dc8XBM4oN3sPHH54vFbKB1YLODepR-okpXUJGHxqlS7TkTlu4JylRINXiIh7OHRRDaTCkU_bfLSUDnc_VLgDmVULWH09fsveslKw5v1ssl-RBGJg16XXBz1Sq4g=='),
|
||||||
|
},
|
||||||
|
},
|
||||||
'zfs': {
|
'zfs': {
|
||||||
'module_options': {
|
'module_options': {
|
||||||
'zfs_arc_max_gb': 16,
|
'zfs_arc_max_gb': 16,
|
||||||
|
|
24
nodes/woodpecker-agent-1.toml
Normal file
24
nodes/woodpecker-agent-1.toml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
hostname = "31.47.232.108"
|
||||||
|
bundles = [
|
||||||
|
"docker-ce",
|
||||||
|
"woodpecker-agent",
|
||||||
|
]
|
||||||
|
groups = ["debian-bullseye"]
|
||||||
|
|
||||||
|
[metadata.backups]
|
||||||
|
exclude_from_backups = true
|
||||||
|
|
||||||
|
[metadata.interfaces.enp1s0]
|
||||||
|
ips = [
|
||||||
|
"31.47.232.108/29",
|
||||||
|
"2a00:f820:528::5/64",
|
||||||
|
]
|
||||||
|
gateway4 = "31.47.232.105"
|
||||||
|
gateway6 = "2a00:f820:528::1"
|
||||||
|
|
||||||
|
[metadata.woodpecker-agent]
|
||||||
|
server = "rx300"
|
||||||
|
|
||||||
|
[metadata.vm]
|
||||||
|
cpu = 8
|
||||||
|
ram = 16
|
Loading…
Reference in a new issue