diff --git a/main.tf b/main.tf index f64e736..bc3ec61 100644 --- a/main.tf +++ b/main.tf @@ -33,3 +33,7 @@ module "plugin-csi" { module "home-assistant" { source = "./modules/home-assistant" } + +module "forgejo" { + source = "./modules/forgejo" +} diff --git a/modules/forgejo/jobspec.nomad.hcl b/modules/forgejo/jobspec.nomad.hcl new file mode 100644 index 0000000..1666a7d --- /dev/null +++ b/modules/forgejo/jobspec.nomad.hcl @@ -0,0 +1,270 @@ +job "forgejo" { + group "forgejo" { + + network { + mode = "bridge" + port "forgejo" { + to = 3000 + } + port "envoy_metrics" { + to = 9102 + } + } + + task "forgejo" { + driver = "docker" + + config { + image = "codeberg.org/forgejo/forgejo:9.0.3" + + volumes = [ + "/etc/timezone:/etc/timezone:ro", + "/etc/localtime:/etc/localtime:ro" + ] + } + + volume_mount { + volume = "data" + destination = "/data" + } + + resources { + cpu = 500 + memory = 512 + } + + env { + USER_UID = "1000" + USER_GID = "1000" + } + } + + volume "data" { + type = "csi" + read_only = false + source = "martinibar_prod_forgejo_data" + attachment_mode = "file-system" + access_mode = "single-node-writer" + } + + service { + port = "3000" + provider = "consul" + + meta { + envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}" + } + + connect { + sidecar_service { + proxy { + expose { + path { + path = "/metrics" + protocol = "http" + local_path_port = 9102 + listener_port = "envoy_metrics" + } + } + transparent_proxy {} + } + } + } + } + } + + group "runner" { + + network { + mode = "bridge" + port "envoy_metrics" { + to = 9102 + } + } + + task "runner" { + driver = "docker" + + config { + image = "data.forgejo.org/forgejo/runner:4.0.0" + + command = "forgejo-runner" + args = ["daemon", "--config=${NOMAD_TASK_DIR}/config.yml"] + + volumes = ["/var/run/docker.sock:/var/run/docker.sock"] + } + + volume_mount { + volume = "data" + destination = "/data" + } + + resources { + cpu = 500 + memory = 512 + } + + template { + data = <<-EOF + log: + level: info + runner: + file: .runner + capacity: 3 + timeout: 3h + shutdown_timeout: 3h + insecure: false + fetch_timeout: 5s + fetch_interval: 2s + report_interval: 1s + labels: [] + cache: + enabled: true + dir: "" + host: "" + port: 0 + external_server: "" + container: + network: "host" + enable_ipv6: false + privileged: true + options: + workdir_parent: + valid_volumes: [] + docker_host: "-" + force_pull: false + host: + workdir_parent: + EOF + + destination = "local/config.yml" + } + + env { + DOCKER_HOST = "tcp://forgejo-docker-in-docker.virtual.consul:2375" + } + } + + volume "data" { + type = "csi" + read_only = false + source = "martinibar_prod_forgejo-runner_data" + attachment_mode = "file-system" + access_mode = "single-node-writer" + } + + service { + provider = "consul" + + meta { + envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}" + } + + connect { + sidecar_service { + proxy { + expose { + path { + path = "/metrics" + protocol = "http" + local_path_port = 9102 + listener_port = "envoy_metrics" + } + } + transparent_proxy {} + } + } + } + } + } + + group "docker-in-docker" { + + network { + mode = "bridge" + port "websocket" { + to = 2375 + } + port "envoy_metrics" { + to = 9102 + } + } + + task "docker-in-docker" { + driver = "docker" + + config { + image = "docker:dind" + privileged = true + + command = "dockerd" + args = ["-H=tcp://0.0.0.0:2375", "--tls=false"] + } + + resources { + cpu = 500 + memory = 512 + } + } + + service { + port = "2375" + provider = "consul" + + meta { + envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}" + } + + connect { + sidecar_service { + proxy { + expose { + path { + path = "/metrics" + protocol = "http" + local_path_port = 9102 + listener_port = "envoy_metrics" + } + } + transparent_proxy {} + } + } + } + } + } + + group "forgejo-ingress-group" { + + network { + mode = "bridge" + port "inbound" { + to = 8080 + } + } + + service { + port = "inbound" + tags = [ + "traefik.enable=true", + + "traefik.http.routers.forgejo.entrypoints=websecure", + "traefik.http.routers.forgejo.rule=Host(`git.brmartin.co.uk`)" + ] + + connect { + gateway { + ingress { + listener { + port = 8080 + protocol = "http" + service { + name = "forgejo-forgejo" + hosts = ["*"] + } + } + } + } + } + } + } +} diff --git a/modules/forgejo/main.tf b/modules/forgejo/main.tf new file mode 100644 index 0000000..51bcc43 --- /dev/null +++ b/modules/forgejo/main.tf @@ -0,0 +1,3 @@ +resource "nomad_job" "forgejo" { + jobspec = file("${path.module}/jobspec.nomad.hcl") +}