dotnix @main -
refs -
log -
-
https://git.jolheiser.com/dotnix.git
Signature
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgqEQpE3xoo1QwJO/uFOtpdp7v3oFAmaHWSAACgkQuFOtpdp7
v3p3ig/+MkV1SZ+E08/svBzuG1xUhRDuLNhqv5ZTvatMAUDe/wWb7/LlyyzIUIHL
0gUd2z7xjwZX2t5dh34E9N4W+9QEVejEiwr1+XLSRvnYqC+jlVYSqcymW9l62u+g
26GnyMcaGFnfzObZ61pw9XkIlJmNsDSLywUF6/IyNcQgUoPhdp/g+y5txmCXZRUp
kxsB/JN+NrUyqG6rBx9E9GHbZ7VW5/+iGfUvqq8RBcrlLw3aJrbwtHEYEds7z8zX
8D/kzuH/FlQxWeYiooUtQzzQVdvCAtTAnw8ro2hVNajj/zaWG4K2qJHQM9yhvG2I
Xgamu5iLw33T1DxFMsSTXAByoGIMyYrfmDGg9nhDYiPP2rCzSjNDqTWFQWY33qCx
OXjvsp3qDxXTnZeRbbbPj9/eAUvwDE4Rv3TR9IB/CuCTVm16PMvlsS0sZ4F6YoWU
SM62VBLrhOJ4Na+3oig+EmNDivOjgpBdvrSq7pD3gIUja6SOhy8wd94lHAxdH3Sg
0JYRgHr6T7WZ+c4Rc6katbD06+iO/KCvmyASWRqvUGoQ5nYr0LTHR/cw2Ze/c48L
bpMYwv5ccNK3GU6Ie1GFtqF5OP4N7CU8VQcqC8QCAGil9awuYWBj0/F/0eI/NsCD
VQr7JK8G66s3QbRXmdFwmVt53nrk8pCmye75az29nLokt3yVD7Q=
=pXVm
-----END PGP SIGNATURE-----
diff --git a/machines/dragonwell/concourse/concourse.nix b/machines/dragonwell/concourse/concourse.nix
new file mode 100644
index 0000000000000000000000000000000000000000..ea7649760b52526af78fb4153da47a5785b3a097
--- /dev/null
+++ b/machines/dragonwell/concourse/concourse.nix
@@ -0,0 +1,121 @@
+# Auto-generated using compose2nix v0.2.0-pre.
+{
+ pkgs,
+ lib,
+ ...
+}: {
+ # Runtime
+ virtualisation.docker = {
+ enable = true;
+ autoPrune.enable = true;
+ };
+ virtualisation.oci-containers.backend = "docker";
+
+ # Containers
+ virtualisation.oci-containers.containers."concourse-concourse" = {
+ image = "concourse/concourse";
+ environment = {
+ CONCOURSE_ADD_LOCAL_USER = "test:test";
+ CONCOURSE_CLIENT_SECRET = "Y29uY291cnNlLXdlYgo=";
+ CONCOURSE_CLUSTER_NAME = "tutorial";
+ CONCOURSE_CONTENT_SECURITY_POLICY = "*";
+ CONCOURSE_EXTERNAL_URL = "http://localhost:8080";
+ CONCOURSE_MAIN_TEAM_LOCAL_USER = "test";
+ CONCOURSE_POSTGRES_DATABASE = "concourse";
+ CONCOURSE_POSTGRES_HOST = "concourse-db";
+ CONCOURSE_POSTGRES_PASSWORD = "concourse_pass";
+ CONCOURSE_POSTGRES_USER = "concourse_user";
+ CONCOURSE_TSA_CLIENT_SECRET = "Y29uY291cnNlLXdvcmtlcgo=";
+ CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER = "overlay";
+ CONCOURSE_WORKER_CONTAINERD_DNS_SERVER = "8.8.8.8";
+ CONCOURSE_WORKER_RUNTIME = "containerd";
+ CONCOURSE_X_FRAME_OPTIONS = "allow";
+ };
+ ports = [
+ "8080:8080/tcp"
+ ];
+ cmd = ["quickstart"];
+ dependsOn = [
+ "concourse-concourse-db"
+ ];
+ log-driver = "journald";
+ extraOptions = [
+ "--network-alias=concourse"
+ "--network=concourse_default"
+ "--privileged"
+ ];
+ };
+ systemd.services."docker-concourse-concourse" = {
+ serviceConfig = {
+ Restart = lib.mkForce "no";
+ };
+ after = [
+ "docker-network-concourse_default.service"
+ ];
+ requires = [
+ "docker-network-concourse_default.service"
+ ];
+ partOf = [
+ "docker-compose-concourse-root.target"
+ ];
+ wantedBy = [
+ "docker-compose-concourse-root.target"
+ ];
+ };
+ virtualisation.oci-containers.containers."concourse-concourse-db" = {
+ image = "postgres";
+ environment = {
+ PGDATA = "/database";
+ POSTGRES_DB = "concourse";
+ POSTGRES_PASSWORD = "concourse_pass";
+ POSTGRES_USER = "concourse_user";
+ };
+ log-driver = "journald";
+ extraOptions = [
+ "--network-alias=concourse-db"
+ "--network=concourse_default"
+ ];
+ };
+ systemd.services."docker-concourse-concourse-db" = {
+ serviceConfig = {
+ Restart = lib.mkForce "no";
+ };
+ after = [
+ "docker-network-concourse_default.service"
+ ];
+ requires = [
+ "docker-network-concourse_default.service"
+ ];
+ partOf = [
+ "docker-compose-concourse-root.target"
+ ];
+ wantedBy = [
+ "docker-compose-concourse-root.target"
+ ];
+ };
+
+ # Networks
+ systemd.services."docker-network-concourse_default" = {
+ path = [pkgs.docker];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ ExecStop = "${pkgs.docker}/bin/docker network rm -f concourse_default";
+ };
+ script = ''
+ docker network inspect concourse_default || docker network create concourse_default
+ '';
+ partOf = ["docker-compose-concourse-root.target"];
+ wantedBy = ["docker-compose-concourse-root.target"];
+ };
+
+ # Root service
+ # When started, this will automatically create all resources and start
+ # the containers. When stopped, this will teardown all resources.
+ systemd.targets."docker-compose-concourse-root" = {
+ unitConfig = {
+ Description = "Root target generated by compose2nix.";
+ };
+ wantedBy = ["multi-user.target"];
+ };
+}
diff --git a/machines/dragonwell/concourse/concourse.yml b/machines/dragonwell/concourse/concourse.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b910d48d9cc31514eaa292f17051cb13ffa494da
--- /dev/null
+++ b/machines/dragonwell/concourse/concourse.yml
@@ -0,0 +1,34 @@
+name: concourse
+services:
+ concourse-db:
+ image: postgres
+ environment:
+ POSTGRES_DB: concourse
+ POSTGRES_PASSWORD: concourse_pass
+ POSTGRES_USER: concourse_user
+ PGDATA: /database
+
+ concourse:
+ image: concourse/concourse
+ command: quickstart
+ privileged: true
+ depends_on: [concourse-db]
+ ports: ["8080:8080"]
+ environment:
+ CONCOURSE_POSTGRES_HOST: concourse-db
+ CONCOURSE_POSTGRES_USER: concourse_user
+ CONCOURSE_POSTGRES_PASSWORD: concourse_pass
+ CONCOURSE_POSTGRES_DATABASE: concourse
+ CONCOURSE_EXTERNAL_URL: https://concourse.serval-vibes.ts.net/
+ CONCOURSE_ADD_LOCAL_USER: test:test
+ CONCOURSE_MAIN_TEAM_LOCAL_USER: test
+ # instead of relying on the default "detect"
+ CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER: overlay
+ CONCOURSE_CLIENT_SECRET: Y29uY291cnNlLXdlYgo=
+ CONCOURSE_TSA_CLIENT_SECRET: Y29uY291cnNlLXdvcmtlcgo=
+ CONCOURSE_X_FRAME_OPTIONS: allow
+ CONCOURSE_CONTENT_SECURITY_POLICY: "*"
+ CONCOURSE_CLUSTER_NAME: concourse
+ CONCOURSE_WORKER_CONTAINERD_DNS_SERVER: "8.8.8.8"
+ # For ARM-based machine, change the Concourse runtime to "houdini"
+ CONCOURSE_WORKER_RUNTIME: "containerd"
diff --git a/machines/dragonwell/concourse/default.nix b/machines/dragonwell/concourse/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..9b8076e2c213e85d1f5fe7078cf9e45b9db4f57c
--- /dev/null
+++ b/machines/dragonwell/concourse/default.nix
@@ -0,0 +1,3 @@
+{
+ imports = [./concourse.nix];
+}
diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix
index 9ba27149e6cae14925606122bc2e41141cc05185..6c970dbda199ad7b932ecd16223c86dc9de07249 100644
--- a/machines/dragonwell/default.nix
+++ b/machines/dragonwell/default.nix
@@ -2,7 +2,7 @@ let
username = "jolheiser";
key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
in {
- imports = [./caddy.nix ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix];
+ imports = [./caddy.nix ./concourse ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;