From 83f1c71c190972a681b41502a62497360fc6bae3 Mon Sep 17 00:00:00 2001 From: forest Date: Sun, 12 Jun 2022 03:09:46 +0000 Subject: [PATCH 1/4] get rid of concourse pipelines --- concourse-pipelines/capsul-archlinux.yml | 52 ------------------------ 1 file changed, 52 deletions(-) delete mode 100644 concourse-pipelines/capsul-archlinux.yml diff --git a/concourse-pipelines/capsul-archlinux.yml b/concourse-pipelines/capsul-archlinux.yml deleted file mode 100644 index 690aa60..0000000 --- a/concourse-pipelines/capsul-archlinux.yml +++ /dev/null @@ -1,52 +0,0 @@ -# to update the pipeline, run: -# fly -t cyberia set-pipeline -c capsul-archlinux.yml -p capsul-archlinux -# see https://man.cyberia.club/services/concourse-ci.md -resources: -- name: capsul-images - source: - uri: https://git.sr.ht/~j3s/capsul-images - type: git -- name: time-interval-24h - source: - interval: 24h - type: time -jobs: -- name: capsul-archlinux - plan: - - get: time-interval-24h - trigger: true - - get: capsul-images - - config: - image_resource: - name: "" - source: - repository: archlinux - tag: latest - type: docker-image - inputs: - - name: capsul-images - platform: linux - run: - args: - - -c - - | - # see https://bugs.archlinux.org/task/69563 - printf "patching glibc...\n" - patched_glibc=glibc-linux4-2.33-4-x86_64.pkg.tar.zst - curl -LO "https://repo.archlinuxcn.org/x86_64/$patched_glibc" > /dev/null - bsdtar -C / -xvf "$patched_glibc" > /dev/null - - printf "updating repos...\n" - pacman -Sy --noconfirm > /dev/null - - printf "installing deps...\n" - pacman -S --noconfirm arch-install-scripts qemu-headless procps-ng reflector syslinux pacman-contrib > /dev/null - - printf "building image...\n" - # build the image - cd capsul-images/archlinux - ./build - path: sh - task: build-image - public: true - -- 2.40.1 From 0a9f810228cf19cda93b0452fc95dc1711ec96ef Mon Sep 17 00:00:00 2001 From: forest Date: Sun, 12 Jun 2022 03:09:58 +0000 Subject: [PATCH 2/4] get rid of concourse pipelines --- concourse-pipelines/capsul-guixsystem.yml | 66 ----------------------- 1 file changed, 66 deletions(-) delete mode 100644 concourse-pipelines/capsul-guixsystem.yml diff --git a/concourse-pipelines/capsul-guixsystem.yml b/concourse-pipelines/capsul-guixsystem.yml deleted file mode 100644 index e904d8b..0000000 --- a/concourse-pipelines/capsul-guixsystem.yml +++ /dev/null @@ -1,66 +0,0 @@ -# to update the pipeline, run: -# fly -t cyberia set-pipeline -c capsul-guixsystem.yml -p capsul-guixsystem -# to run the pipeline, run: -# fly -t cyberia trigger-job -j capsul-guixsystem/capsul-guixsystem -# then you should see it in the web UI here: https://concourse.cyberia.club/teams/main/pipelines/capsul-guixsystem/jobs/capsul-guix-system/builds/ -# to get a shell inside the pipeline while its running: -# fly -t cyberia hijack --job capsul-guixsystem/capsul-guixsystem --build 2 --step image sh -# see https://man.cyberia.club/services/concourse-ci.md -resources: -- name: time-interval-24h - type: time - source: - interval: 24h - -jobs: -- name: capsul-guixsystem - plan: - - get: time-interval-24h - trigger: true - - task: capsul-guixsystem-task - config: - image_resource: - name: "" - source: - repository: alpine - tag: '3.14.0' - type: docker-image - platform: linux - run: - path: sh - args: - - '-c' - - | - echo "installing required build deps" - apk add packer qemu-img qemu-system-x86_64 rsync git - - # produced qemu files are sent TO baikal.cyberia.club (the server which hosts capsul) - # - # space separated - servers="192.168.1.246" - - # the following ssh host public keys were obtained with this command: - # cat /etc/ssh/ssh_host_ed25519_key.pub | awk "{ print \"$(echo .cyberia.club) \""'$1" "$2'" }" - mkdir .ssh - echo ' - baikal.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFqtdN4dBInWhmp3oXEkjrMvA/yfI3Lb7tVIK6L7YFi - ' >> .ssh/known_hosts - - # the double parenthesis is concourse syntax for interpolating in a secret. - # See https://man.cyberia.club/services/concourse-ci.md#secrets-and-vault - # - # the deploy user has accounts on all capsul systems, and only has privs - # to write images. - - echo '((deploy_user_ssh_private_key))' > .ssh/id_ed25519 - - # openssh will complain if we don't make the ownership of the private key file exclusive - chmod 400 .ssh/id_ed25519 - - # build the vm with packer - git clone https://git.cyberia.club/services/capsul-images - cd capsul-images/guixsystem - ./build 1.3.0 - - - public: true -- 2.40.1 From 84434b824a69f2ab8c05a78de66fd82fe53e45f1 Mon Sep 17 00:00:00 2001 From: forest Date: Sun, 12 Jun 2022 03:10:36 +0000 Subject: [PATCH 3/4] Delete 'concourse-pipelines/capsul-openbsd.yml' --- concourse-pipelines/capsul-openbsd.yml | 61 -------------------------- 1 file changed, 61 deletions(-) delete mode 100644 concourse-pipelines/capsul-openbsd.yml diff --git a/concourse-pipelines/capsul-openbsd.yml b/concourse-pipelines/capsul-openbsd.yml deleted file mode 100644 index 3ddc15d..0000000 --- a/concourse-pipelines/capsul-openbsd.yml +++ /dev/null @@ -1,61 +0,0 @@ -# to update the pipeline, run: -# fly -t cyberia set-pipeline -c capsul-openbsd.yml -p capsul-openbsd -# see https://man.cyberia.club/services/concourse-ci.md -resources: -- name: time-interval-24h - type: time - source: - interval: 24h - -jobs: -- name: capsul-openbsd - plan: - - get: time-interval-24h - trigger: true - - task: capsul-openbsd-task - config: - image_resource: - name: "" - source: - repository: alpine - tag: '3.14.0' - type: docker-image - platform: linux - run: - path: sh - args: - - '-c' - - | - echo "installing required build deps" - apk add packer qemu-img qemu-system-x86_64 rsync git - - # produced qemu files are sent TO baikal.cyberia.club (the server which hosts capsul) - # - # space separated - servers="192.168.1.246" - - # the following ssh host public keys were obtained with this command: - # cat /etc/ssh/ssh_host_ed25519_key.pub | awk "{ print \"$(echo .cyberia.club) \""'$1" "$2'" }" - mkdir .ssh - echo ' - baikal.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFqtdN4dBInWhmp3oXEkjrMvA/yfI3Lb7tVIK6L7YFi - ' >> .ssh/known_hosts - - # the double parenthesis is concourse syntax for interpolating in a secret. - # See https://man.cyberia.club/services/concourse-ci.md#secrets-and-vault - # - # the deploy user has accounts on all capsul systems, and only has privs - # to write images. - # echo 'deploy_ssh_private_key' > .ssh/id_ed25519 - echo 'testcrap' > .ssh/id_ed25519 - - # openssh will complain if we don't make the ownership of the private key file exclusive - chmod 400 .ssh/id_ed25519 - - # build the vm with packer - git clone https://git.cyberia.club/services/capsul-images - cd capsul-images/openbsd - ./build 6.9 - - - public: true -- 2.40.1 From f53765f5e72fd8b6a86bf8f829b7013b036336ce Mon Sep 17 00:00:00 2001 From: forest Date: Sun, 12 Jun 2022 03:10:46 +0000 Subject: [PATCH 4/4] get rid of concourse pipelines --- concourse-pipelines/postgres-backup.yml | 84 ------------------------- 1 file changed, 84 deletions(-) delete mode 100644 concourse-pipelines/postgres-backup.yml diff --git a/concourse-pipelines/postgres-backup.yml b/concourse-pipelines/postgres-backup.yml deleted file mode 100644 index cfab630..0000000 --- a/concourse-pipelines/postgres-backup.yml +++ /dev/null @@ -1,84 +0,0 @@ -# to update the pipeline, run: -# fly -t cyberia sp -c ~/Desktop/git/cyberia-ops-handbook/concourse-pipelines/postgres-backup.yml -p postgres-backup -# (see https://man.cyberia.club/services/concourse-ci.md) -resources: -- name: time-interval-24h - type: time - source: - interval: 24h - -jobs: -- name: postgres-backup - plan: - - get: time-interval-24h - trigger: true - - task: postgres-backup-task - config: - image_resource: - name: "" - source: - repository: alpine - tag: '3.13.5' - type: docker-image - platform: linux - run: - path: sh - args: - - '-c' - - | - - # alpine image does not come with ssh client by default :\ - - echo "installing openssh-client..." - apk add -q openssh-client 2>&1 > apk-log - - # https://en.wikibooks.org/wiki/Bourne_Shell_Scripting/Appendix_C:_Quick_Reference#IF_statement - if [ "$?" = "1" ] - then - echo 'failed to install openssh-client:' - cat apk-log - fi - - echo '.' - echo '.' - echo '.' - - # backups are sent FROM the postgres dbs on the following servers - servers='matrix.cyberia.club legion.cyberia.club rosewater.cyberia.club' - - # backups are sent TO magnataur.cyberia.club (the server which hosts jitsi and btcpay server) - magnataur_lan_ip="192.168.1.246" - - # the following ssh host public keys were obtained with this command: - # cat /etc/ssh/ssh_host_ed25519_key.pub | awk "{ print \"$(echo .cyberia.club) \""'$1" "$2'" }" - echo ' - rosewater.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkQzQcJUMl0Yb0MPgvkIFa5vVEuhyg2F+DCn8BWr/FN - matrix.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFA3Z/hLRYNysAA06x6DFOC8Bm1V6qdGKuJMbpedPO/r - legion.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjP99CUIMvER+D/OFkaJtxx1bjcv2Xz+dX6Q8O0wxqv - magnataur.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPPrQcmbXOLUDhSISU6PJxdhTTZYQv+tgAO9iLNWvMI - '"$magnataur_lan_ip"' ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPPrQcmbXOLUDhSISU6PJxdhTTZYQv+tgAO9iLNWvMI - ' > /tmp/known_hosts - - # the double parenthesis is concourse syntax for interpolating in a secret. - # See https://man.cyberia.club/services/concourse-ci.md#secrets-and-vault - echo '((backups_ssh_private_key))' > /tmp/backups_ssh_private_key - - # openssh will complain if we don't make the ownership of the private key file exclusive - chmod 700 /tmp/backups_ssh_private_key - - # https://en.wikibooks.org/wiki/Bourne_Shell_Scripting/Appendix_C:_Quick_Reference#Loop_statements - for server in $servers - do - - echo "backing up /var/lib/postgresql/pgbackup.gz from $server..." - scp -3 -i /tmp/backups_ssh_private_key -o UserKnownHostsFile=/tmp/known_hosts -o HostKeyAlgorithms=ssh-ed25519 \ - "backups@$server:/var/lib/postgresql/pgbackup.gz" \ - "backups@$magnataur_lan_ip:/tank/backups/postgres/$server-pgbackup.gz" - - echo "writing postgresql_offsite_backup_last_run_seconds metric for $server..." - ssh -i /tmp/backups_ssh_private_key -o UserKnownHostsFile=/tmp/known_hosts -o HostKeyAlgorithms=ssh-ed25519 \ - "backups@$server" prom-collect postgresql_offsite_backup_last_run_seconds $(date +%s) - - done - - public: true -- 2.40.1