homelab/nomad-job/drone.nomad

job "drone" {
  datacenters = ["homelab"]
  priority    = 50
  type        = "service"
  vault {
    policies = ["droneci"]
  }


  group "droneCI" {
    network {
      mode = "host"
      port "http" {
        to = 80
      }
      port "vault" {
        to= 3000
      }
    }
    constraint {
      attribute = "${attr.cpu.arch}"
      value     = "amd64"
    }
    task "drone-server" {
      driver = "docker"
      service {
        name = "drone"
        port = "http"
        tags = [
          "homer.enable=true",
          "homer.name=DroneCI",
          "homer.service=Platform",
          "homer.logo=https://drone.ducamps.win/static/media/logo.76c744d4.svg",
          "homer.target=_blank",
          "homer.url=https://${NOMAD_JOB_NAME}.ducamps.win",

          "traefik.enable=true",
          "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
          "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
          "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
          "traefik.http.middlewares.httpsRedirect.redirectscheme.scheme=https",
          "traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=httpsRedirect",
          "traefik.http.routers.${NOMAD_JOB_NAME}.entrypoints=web,websecure",

        ]
      }
      config {
        image = "drone/drone:latest"
        ports = [
          "http"
        ]
      }
      env {

      }
      template {
        data        = <<EOH
          {{ with secret "secrets/data/nomad/droneci"}}
          DRONE_GITEA_SERVER="https://git.ducamps.win"
          DRONE_GITEA_CLIENT_ID="{{ .Data.data.DRONE_GITEA_CLIENT_ID }}"
          DRONE_GITEA_CLIENT_SECRET="{{ .Data.data.DRONE_GITEA_CLIENT_SECRET }}"
          DRONE_GITEA_ALWAYS_AUTH="True"
          DRONE_USER_CREATE="username:vincent,admin:true"
          DRONE_DATABASE_DRIVER="postgres"
          DRONE_RPC_SECRET="{{ .Data.data.DRONE_RPC_SECRET }}"
          DRONE_SERVER_HOST="drone.ducamps.win"
          DRONE_SERVER_PROTO="https"
          {{end}}

          {{ with secret "secrets/data/database/droneci"}}
          DRONE_DATABASE_DATASOURCE="postgres://drone:{{ .Data.data.password }}@db1.ducamps.win:5432/drone?sslmode=disable"
          {{end}}
          EOH
        destination = "secrets/drone.env"
        env         = true
      }
      resources {
        memory = 100
      }
    }
    task "vault" {
      driver = "docker"
      service {
        name = "drone-vault"
        port = "vault"
      }
      config {
        ports = ["vault"]
        image = "drone/vault:latest"
      }
      template {
        data= <<EOH
        DRONE_DEBUG=true
        {{ with secret "secrets/data/nomad/droneci"}}
        DRONE_SECRET= {{ .Data.data.DRONE_VAULT_SECRET}}
        {{end}}
        VAULT_TOKEN=
        VAULT_ADDR=http://active.vault.service.consul:8200
        VAULT_AUTH_TYPE=approle
        VAULT_TOKEN_TTL=72h
        VAULT_TOKEN_RENEWAL=24h
        {{ with secret "secrets/data/nomad/droneci/approle"}}
        VAULT_APPROLE_ID=  {{ .Data.data.approleID}}
        VAULT_APPROLE_SECRET=  {{ .Data.data.approleSecretID}}
        {{end}}

        EOH
        destination = "secrets/drone-vault.env"
        env = true

      }


    }
  }
}
add drone job 2022-04-24 10:47:17 +00:00			`job "drone" {`
			`datacenters = ["homelab"]`
perf: set nomad priority 2022-12-10 16:10:32 +00:00			`priority = 50`
formatting 2022-10-29 08:40:01 +00:00			`type = "service"`
add drone arm runner 2022-05-10 08:35:33 +00:00			`vault {`
vault policy segmentation 2022-10-30 08:33:39 +00:00			`policies = ["droneci"]`
add amd64 contrainst to drone 2022-04-27 18:22:49 +00:00			`}`
add drone job 2022-04-24 10:47:17 +00:00
add drone arm runner 2022-05-10 08:35:33 +00:00
add drone job 2022-04-24 10:47:17 +00:00			`group "droneCI" {`
			`network {`
			`mode = "host"`
			`port "http" {`
			`to = 80`
			`}`
feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00			`port "vault" {`
fix drone: add mappind to 3000 on vault-drone 2022-11-29 19:05:11 +00:00			`to= 3000`
feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00			`}`
add drone job 2022-04-24 10:47:17 +00:00			`}`
add drone arm runner 2022-05-10 08:35:33 +00:00			`constraint {`
			`attribute = "${attr.cpu.arch}"`
formatting 2022-10-29 08:40:01 +00:00			`value = "amd64"`
add drone job 2022-04-24 10:47:17 +00:00			`}`
			`task "drone-server" {`
			`driver = "docker"`
			`service {`
			`name = "drone"`
			`port = "http"`
			`tags = [`
add homer cnfig 2022-05-23 19:44:34 +00:00			`"homer.enable=true",`
			`"homer.name=DroneCI",`
			`"homer.service=Platform",`
			`"homer.logo=https://drone.ducamps.win/static/media/logo.76c744d4.svg",`
			`"homer.target=_blank",`
			`"homer.url=https://${NOMAD_JOB_NAME}.ducamps.win",`

add drone job 2022-04-24 10:47:17 +00:00			`"traefik.enable=true",`
implement TLS 2022-04-24 20:19:18 +00:00			"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
add drone job 2022-04-24 10:47:17 +00:00			`"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",`
implement TLS 2022-04-24 20:19:18 +00:00			`"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",`
			`"traefik.http.middlewares.httpsRedirect.redirectscheme.scheme=https",`
fix: proxy smtp port 25 issue 2023-10-07 16:40:40 +00:00			`"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=httpsRedirect",`
			`"traefik.http.routers.${NOMAD_JOB_NAME}.entrypoints=web,websecure",`
implement TLS 2022-04-24 20:19:18 +00:00
add drone job 2022-04-24 10:47:17 +00:00			`]`
			`}`
			`config {`
			`image = "drone/drone:latest"`
			`ports = [`
			`"http"`
			`]`
			`}`
			`env {`

			`}`
			`template {`
formatting 2022-10-29 08:40:01 +00:00			`data = <<EOH`
fix vault: lowercase in drone secret path 2023-08-25 08:15:06 +00:00			`{{ with secret "secrets/data/nomad/droneci"}}`
add drone job 2022-04-24 10:47:17 +00:00			`DRONE_GITEA_SERVER="https://git.ducamps.win"`
			`DRONE_GITEA_CLIENT_ID="{{ .Data.data.DRONE_GITEA_CLIENT_ID }}"`
			`DRONE_GITEA_CLIENT_SECRET="{{ .Data.data.DRONE_GITEA_CLIENT_SECRET }}"`
			`DRONE_GITEA_ALWAYS_AUTH="True"`
			`DRONE_USER_CREATE="username:vincent,admin:true"`
			`DRONE_DATABASE_DRIVER="postgres"`
			`DRONE_RPC_SECRET="{{ .Data.data.DRONE_RPC_SECRET }}"`
			`DRONE_SERVER_HOST="drone.ducamps.win"`
			`DRONE_SERVER_PROTO="https"`
			`{{end}}`
vault policy segmentation 2022-10-30 08:33:39 +00:00
fix vault: lowercase in drone secret path 2023-08-25 08:15:06 +00:00			`{{ with secret "secrets/data/database/droneci"}}`
vault policy segmentation 2022-10-30 08:33:39 +00:00			`DRONE_DATABASE_DATASOURCE="postgres://drone:{{ .Data.data.password }}@db1.ducamps.win:5432/drone?sslmode=disable"`
			`{{end}}`
add drone job 2022-04-24 10:47:17 +00:00			`EOH`
feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00			`destination = "secrets/drone.env"`
formatting 2022-10-29 08:40:01 +00:00			`env = true`
add drone job 2022-04-24 10:47:17 +00:00			`}`
update ressource memory 2022-05-12 09:36:04 +00:00			`resources {`
			`memory = 100`
			`}`
add drone job 2022-04-24 10:47:17 +00:00			`}`
feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00			`task "vault" {`
add drone job 2022-04-24 10:47:17 +00:00			`driver = "docker"`
feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00			`service {`
			`name = "drone-vault"`
			`port = "vault"`
add drone job 2022-04-24 10:47:17 +00:00			`}`
feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00			`config {`
			`ports = ["vault"]`
			`image = "drone/vault:latest"`
add drone job 2022-04-24 10:47:17 +00:00			`}`
			`template {`
feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00			`data= <<EOH`
			`DRONE_DEBUG=true`
fix vault: lowercase in drone secret path 2023-08-25 08:15:06 +00:00			`{{ with secret "secrets/data/nomad/droneci"}}`
feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00			`DRONE_SECRET= {{ .Data.data.DRONE_VAULT_SECRET}}`
feat: add secretID automaticaly in KV for DroneCI 2022-11-29 17:10:25 +00:00			`{{end}}`
fix drone: move approle in tempalte 2022-11-29 20:03:12 +00:00			`VAULT_TOKEN=`
feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00			`VAULT_ADDR=http://active.vault.service.consul:8200`
			`VAULT_AUTH_TYPE=approle`
			`VAULT_TOKEN_TTL=72h`
			`VAULT_TOKEN_RENEWAL=24h`
fix vault: lowercase in drone secret path 2023-08-25 08:15:06 +00:00			`{{ with secret "secrets/data/nomad/droneci/approle"}}`
fix drone: move approle in tempalte 2022-11-29 20:03:12 +00:00			`VAULT_APPROLE_ID= {{ .Data.data.approleID}}`
			`VAULT_APPROLE_SECRET= {{ .Data.data.approleSecretID}}`
			`{{end}}`

feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00			`EOH`
			`destination = "secrets/drone-vault.env"`
			`env = true`
add drone arm runner 2022-05-10 08:35:33 +00:00
			`}`

feat: vault secret in droneCI 2022-11-27 14:25:26 +00:00
			`}`
add drone arm runner 2022-05-10 08:35:33 +00:00			`}`
add drone job 2022-04-24 10:47:17 +00:00			`}`