diff --git a/flake.lock b/flake.lock index 010425b..ddd8d3e 100644 --- a/flake.lock +++ b/flake.lock @@ -167,11 +167,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1653182293, - "narHash": "sha256-eLl3PHCzpX8eFES+S9WrC8jGhWjczbTvWAPMeuJOd4s=", + "lastModified": 1653372067, + "narHash": "sha256-1+fD3EHTbUSoKcabe9WadVe9fFnG5f2ODWC+WpR8exc=", "owner": "jyooru", "repo": "nix-minecraft-servers", - "rev": "f09d761e4063e9158555817d03b0f2a7f2bff709", + "rev": "6008e29999eb32bd7880ae53e13f83d9181f04bb", "type": "github" }, "original": { @@ -218,11 +218,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1653052942, - "narHash": "sha256-Dt0jodCSLHVqE7yVxIoX1q4jA5uAWbVJHnaDa8HkJ4A=", + "lastModified": 1653427793, + "narHash": "sha256-h6y/I5O/QTawjny6GfovRSUbaEAvswfRXFMuOhVYwBQ=", "owner": "NULLx76", "repo": "nixpkgs", - "rev": "3c55de3b23f016898219cf6b02dd5ef365898023", + "rev": "bef8053f86b8702d57601972f782186b7269db69", "type": "github" }, "original": { @@ -285,11 +285,11 @@ ] }, "locked": { - "lastModified": 1653109065, - "narHash": "sha256-E4kflprq80xWtt/ApTP0lAyi4oryFV/FI53S+VmiI0Q=", + "lastModified": 1653404524, + "narHash": "sha256-Mu3qgXABzAM9T+4dWmV3OOYFydxv28al7cTdiUK6h3s=", "owner": "serokell", "repo": "serokell.nix", - "rev": "bbccb5df8013b1bd86b8445bd8e39c396a0521cc", + "rev": "3b39a9000c7652cf7693b70c13c7e1564b0cf333", "type": "github" }, "original": { diff --git a/flux/cluster/apps/gitops/agola/configmap.yaml b/flux/cluster/apps/gitops/agola/configmap.yaml new file mode 100644 index 0000000..c2b8b53 --- /dev/null +++ b/flux/cluster/apps/gitops/agola/configmap.yaml @@ -0,0 +1,83 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: agola + namespace: gitops +data: + config.yml: | + gateway: + # The api url that clients will call + # Change this to the exposed "agola" service IP + apiExposedURL: "https://agola.0x76.dev" + # The web interface url that clients will use + # Change this to the exposed "agola" service IP + webExposedURL: "https://agola.0x76.dev" + + runserviceURL: "http://agola-internal:4000" + configstoreURL: "http://agola-internal:4002" + gitserverURL: "http://agola-internal:4003" + web: + listenAddress: ":8000" + tokenSigning: + # hmac or rsa (it possible use rsa) + method: hmac + # key to use when signing with hmac + key: $SIGNING_KEY + adminToken: "$ADMIN_TOKEN" + + scheduler: + runserviceURL: "http://agola-internal:4000" + + notification: + webExposedURL: "https://agola.0x76.dev" + runserviceURL: "http://agola-internal:4000" + configstoreURL: "http://agola-internal:4002" + db: + type: postgres + connString: "postgres://agola_notif@database/agola_notif?sslmode=disable" + + configstore: + dataDir: /mnt/agola/local/configstore + db: + type: postgres + connString: "postgres://agola_config@database/agola_config?sslmode=disable" + objectStorage: + type: s3 + endpoint: "http://minio:9000" + bucket: agola-configstore + accessKey: $MINIO_ACCESS_KEY + secretAccessKey: $MINIO_SECRET_ACCESS_KEY + web: + listenAddress: ":4002" + + runservice: + #debug: true + dataDir: /mnt/agola/local/runservice + db: + type: postgres + connString: "postgres://agola_runservice@database/agola_runservice?sslmode=disable" + objectStorage: + type: s3 + endpoint: "http://minio:9000" + bucket: agola-runservice + accessKey: $MINIO_ACCESS_KEY + secretAccessKey: $MINIO_SECRET_ACCESS_KEY + web: + listenAddress: ":4000" + + executor: + dataDir: /mnt/agola/local/executor + # The directory containing the toolbox compiled for the various supported architectures + toolboxPath: ./bin + runserviceURL: "http://agola-internal:4000" + web: + listenAddress: ":4001" + activeTasksLimit: 2 + driver: + type: kubernetes + + gitserver: + dataDir: /mnt/agola/local/gitserver + gatewayURL: "http://agola-internal:8000" + web: + listenAddress: ":4003" diff --git a/flux/cluster/apps/gitops/agola/deployment.yaml b/flux/cluster/apps/gitops/agola/deployment.yaml new file mode 100644 index 0000000..02155c0 --- /dev/null +++ b/flux/cluster/apps/gitops/agola/deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: agola + namespace: gitops +spec: + replicas: 1 + selector: + matchLabels: + app: agola + template: + metadata: + labels: + app: agola + spec: + initContainers: + - name: config + image: 0x76/envsubst + args: ["sh", "-c", "cat /mnt/agola/config/config.yml | envsubst > /mnt/agola/local/config.yml"] + volumeMounts: + - mountPath: /mnt/agola/local + name: agola-localdata + - mountPath: /mnt/agola/config + name: config-volume + envFrom: + - secretRef: + name: agola + containers: + - name: agola + image: sorintlab/agola:v0.7.0 + command: + - /bin/agola + - serve + - "--config" + - /mnt/agola/local/config.yml + - "--components" + - all-base,executor + ports: + - containerPort: 8000 + - containerPort: 4000 + - containerPort: 4002 + - containerPort: 4003 + volumeMounts: + - name: config-volume + mountPath: /mnt/agola/config + - name: agola-localdata + mountPath: /mnt/agola/local + volumes: + - name: config-volume + configMap: + name: agola + - name: agola-localdata + emptyDir: {} diff --git a/flux/cluster/apps/gitops/agola/external-secret.yaml b/flux/cluster/apps/gitops/agola/external-secret.yaml new file mode 100644 index 0000000..1566021 --- /dev/null +++ b/flux/cluster/apps/gitops/agola/external-secret.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: agola + namespace: gitops +spec: + refreshInterval: "5m" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: authentik + data: + - secretKey: ADMIN_TOKEN + remoteRef: + key: gitops/agola + property: admin_token + - secretKey: SIGNING_KEY + remoteRef: + key: gitops/agola + property: signing_key + - secretKey: MINIO_ACCESS_KEY + remoteRef: + key: gitops/agola + property: minio_access_key + - secretKey: MINIO_SECRET_ACCESS_KEY + remoteRef: + key: gitops/agola + property: minio_secret_access_key + \ No newline at end of file diff --git a/flux/cluster/apps/gitops/agola/ingress.yaml b/flux/cluster/apps/gitops/agola/ingress.yaml new file mode 100644 index 0000000..f62024d --- /dev/null +++ b/flux/cluster/apps/gitops/agola/ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: agola + namespace: gitops +spec: + ingressClassName: traefik + rules: + - host: agola.0x76.dev + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: agola + port: + number: 8000 diff --git a/flux/cluster/apps/gitops/agola/kustomization.yaml b/flux/cluster/apps/gitops/agola/kustomization.yaml new file mode 100644 index 0000000..c696da4 --- /dev/null +++ b/flux/cluster/apps/gitops/agola/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - configmap.yaml + - deployment.yaml + - external-secret.yaml + - ingress.yaml + - services.yaml diff --git a/flux/cluster/apps/gitops/agola/services.yaml b/flux/cluster/apps/gitops/agola/services.yaml new file mode 100644 index 0000000..173f69c --- /dev/null +++ b/flux/cluster/apps/gitops/agola/services.yaml @@ -0,0 +1,36 @@ +# The client service. It's a node port for easier testing on minikube. Change +# it to become a LoadBalancer if needed. +apiVersion: v1 +kind: Service +metadata: + name: agola + namespace: gitops +spec: + ports: + - port: 8000 + name: api + selector: + app: agola +--- +# The service for internal components communication. +# We are using an headless service since some k8s deployment doesn't have +# hairpin mode enabled and pods cannot communicate with themself via a +# service +apiVersion: v1 +kind: Service +metadata: + name: agola-internal + namespace: gitops +spec: + ports: + - port: 8000 + name: api + - port: 4000 + name: runservice + - port: 4002 + name: configstore + - port: 4003 + name: gitserver + selector: + app: agola + clusterIP: None diff --git a/flux/cluster/apps/gitops/kustomization.yaml b/flux/cluster/apps/gitops/kustomization.yaml index 4ddab70..b60d1ce 100644 --- a/flux/cluster/apps/gitops/kustomization.yaml +++ b/flux/cluster/apps/gitops/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - renovate + - agola diff --git a/nixos/hosts/database/configuration.nix b/nixos/hosts/database/configuration.nix index 2202240..fc5331b 100644 --- a/nixos/hosts/database/configuration.nix +++ b/nixos/hosts/database/configuration.nix @@ -4,7 +4,7 @@ { config, pkgs, ... }: let - databases = [ "authentik" ]; + databases = [ "authentik" "agola_notif" "agola_config" "agola_runservice"]; in { diff --git a/nixos/hosts/nginx/configuration.nix b/nixos/hosts/nginx/configuration.nix index fc57621..f7b0b75 100644 --- a/nixos/hosts/nginx/configuration.nix +++ b/nixos/hosts/nginx/configuration.nix @@ -46,10 +46,10 @@ in # Kubernetes endpoints virtualHosts."0x76.dev" = k8s_proxy; virtualHosts."id.0x76.dev" = k8s_proxy; + virtualHosts."agola.0x76.dev" = k8s_proxy; virtualHosts."zookeeper.0x76.dev" = k8s_proxy; virtualHosts."wooloofan.club" = k8s_proxy; virtualHosts."whoami.wooloofan.club" = k8s_proxy; - }; services.nginx.commonHttpConfig = ''