get rid of concourse pipelines #13
4 changed files with 0 additions and 263 deletions
|
@ -1,52 +0,0 @@
|
|||
# to update the pipeline, run:
|
||||
# fly -t cyberia set-pipeline -c capsul-archlinux.yml -p capsul-archlinux
|
||||
# see https://man.cyberia.club/services/concourse-ci.md
|
||||
resources:
|
||||
- name: capsul-images
|
||||
source:
|
||||
uri: https://git.sr.ht/~j3s/capsul-images
|
||||
type: git
|
||||
- name: time-interval-24h
|
||||
source:
|
||||
interval: 24h
|
||||
type: time
|
||||
jobs:
|
||||
- name: capsul-archlinux
|
||||
plan:
|
||||
- get: time-interval-24h
|
||||
trigger: true
|
||||
- get: capsul-images
|
||||
- config:
|
||||
image_resource:
|
||||
name: ""
|
||||
source:
|
||||
repository: archlinux
|
||||
tag: latest
|
||||
type: docker-image
|
||||
inputs:
|
||||
- name: capsul-images
|
||||
platform: linux
|
||||
run:
|
||||
args:
|
||||
- -c
|
||||
- |
|
||||
# see https://bugs.archlinux.org/task/69563
|
||||
printf "patching glibc...\n"
|
||||
patched_glibc=glibc-linux4-2.33-4-x86_64.pkg.tar.zst
|
||||
curl -LO "https://repo.archlinuxcn.org/x86_64/$patched_glibc" > /dev/null
|
||||
bsdtar -C / -xvf "$patched_glibc" > /dev/null
|
||||
|
||||
printf "updating repos...\n"
|
||||
pacman -Sy --noconfirm > /dev/null
|
||||
|
||||
printf "installing deps...\n"
|
||||
pacman -S --noconfirm arch-install-scripts qemu-headless procps-ng reflector syslinux pacman-contrib > /dev/null
|
||||
|
||||
printf "building image...\n"
|
||||
# build the image
|
||||
cd capsul-images/archlinux
|
||||
./build
|
||||
path: sh
|
||||
task: build-image
|
||||
public: true
|
||||
|
|
@ -1,66 +0,0 @@
|
|||
# to update the pipeline, run:
|
||||
# fly -t cyberia set-pipeline -c capsul-guixsystem.yml -p capsul-guixsystem
|
||||
# to run the pipeline, run:
|
||||
# fly -t cyberia trigger-job -j capsul-guixsystem/capsul-guixsystem
|
||||
# then you should see it in the web UI here: https://concourse.cyberia.club/teams/main/pipelines/capsul-guixsystem/jobs/capsul-guix-system/builds/
|
||||
# to get a shell inside the pipeline while its running:
|
||||
# fly -t cyberia hijack --job capsul-guixsystem/capsul-guixsystem --build 2 --step image sh
|
||||
# see https://man.cyberia.club/services/concourse-ci.md
|
||||
resources:
|
||||
- name: time-interval-24h
|
||||
type: time
|
||||
source:
|
||||
interval: 24h
|
||||
|
||||
jobs:
|
||||
- name: capsul-guixsystem
|
||||
plan:
|
||||
- get: time-interval-24h
|
||||
trigger: true
|
||||
- task: capsul-guixsystem-task
|
||||
config:
|
||||
image_resource:
|
||||
name: ""
|
||||
source:
|
||||
repository: alpine
|
||||
tag: '3.14.0'
|
||||
type: docker-image
|
||||
platform: linux
|
||||
run:
|
||||
path: sh
|
||||
args:
|
||||
- '-c'
|
||||
- |
|
||||
echo "installing required build deps"
|
||||
apk add packer qemu-img qemu-system-x86_64 rsync git
|
||||
|
||||
# produced qemu files are sent TO baikal.cyberia.club (the server which hosts capsul)
|
||||
#
|
||||
# space separated
|
||||
servers="192.168.1.246"
|
||||
|
||||
# the following ssh host public keys were obtained with this command:
|
||||
# cat /etc/ssh/ssh_host_ed25519_key.pub | awk "{ print \"$(echo <servername>.cyberia.club) \""'$1" "$2'" }"
|
||||
mkdir .ssh
|
||||
echo '
|
||||
baikal.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFqtdN4dBInWhmp3oXEkjrMvA/yfI3Lb7tVIK6L7YFi
|
||||
' >> .ssh/known_hosts
|
||||
|
||||
# the double parenthesis is concourse syntax for interpolating in a secret.
|
||||
# See https://man.cyberia.club/services/concourse-ci.md#secrets-and-vault
|
||||
#
|
||||
# the deploy user has accounts on all capsul systems, and only has privs
|
||||
# to write images.
|
||||
|
||||
echo '((deploy_user_ssh_private_key))' > .ssh/id_ed25519
|
||||
|
||||
# openssh will complain if we don't make the ownership of the private key file exclusive
|
||||
chmod 400 .ssh/id_ed25519
|
||||
|
||||
# build the vm with packer
|
||||
git clone https://git.cyberia.club/services/capsul-images
|
||||
cd capsul-images/guixsystem
|
||||
./build 1.3.0
|
||||
|
||||
|
||||
public: true
|
|
@ -1,61 +0,0 @@
|
|||
# to update the pipeline, run:
|
||||
# fly -t cyberia set-pipeline -c capsul-openbsd.yml -p capsul-openbsd
|
||||
# see https://man.cyberia.club/services/concourse-ci.md
|
||||
resources:
|
||||
- name: time-interval-24h
|
||||
type: time
|
||||
source:
|
||||
interval: 24h
|
||||
|
||||
jobs:
|
||||
- name: capsul-openbsd
|
||||
plan:
|
||||
- get: time-interval-24h
|
||||
trigger: true
|
||||
- task: capsul-openbsd-task
|
||||
config:
|
||||
image_resource:
|
||||
name: ""
|
||||
source:
|
||||
repository: alpine
|
||||
tag: '3.14.0'
|
||||
type: docker-image
|
||||
platform: linux
|
||||
run:
|
||||
path: sh
|
||||
args:
|
||||
- '-c'
|
||||
- |
|
||||
echo "installing required build deps"
|
||||
apk add packer qemu-img qemu-system-x86_64 rsync git
|
||||
|
||||
# produced qemu files are sent TO baikal.cyberia.club (the server which hosts capsul)
|
||||
#
|
||||
# space separated
|
||||
servers="192.168.1.246"
|
||||
|
||||
# the following ssh host public keys were obtained with this command:
|
||||
# cat /etc/ssh/ssh_host_ed25519_key.pub | awk "{ print \"$(echo <servername>.cyberia.club) \""'$1" "$2'" }"
|
||||
mkdir .ssh
|
||||
echo '
|
||||
baikal.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFqtdN4dBInWhmp3oXEkjrMvA/yfI3Lb7tVIK6L7YFi
|
||||
' >> .ssh/known_hosts
|
||||
|
||||
# the double parenthesis is concourse syntax for interpolating in a secret.
|
||||
# See https://man.cyberia.club/services/concourse-ci.md#secrets-and-vault
|
||||
#
|
||||
# the deploy user has accounts on all capsul systems, and only has privs
|
||||
# to write images.
|
||||
# echo 'deploy_ssh_private_key' > .ssh/id_ed25519
|
||||
echo 'testcrap' > .ssh/id_ed25519
|
||||
|
||||
# openssh will complain if we don't make the ownership of the private key file exclusive
|
||||
chmod 400 .ssh/id_ed25519
|
||||
|
||||
# build the vm with packer
|
||||
git clone https://git.cyberia.club/services/capsul-images
|
||||
cd capsul-images/openbsd
|
||||
./build 6.9
|
||||
|
||||
|
||||
public: true
|
|
@ -1,84 +0,0 @@
|
|||
# to update the pipeline, run:
|
||||
# fly -t cyberia sp -c ~/Desktop/git/cyberia-ops-handbook/concourse-pipelines/postgres-backup.yml -p postgres-backup
|
||||
# (see https://man.cyberia.club/services/concourse-ci.md)
|
||||
resources:
|
||||
- name: time-interval-24h
|
||||
type: time
|
||||
source:
|
||||
interval: 24h
|
||||
|
||||
jobs:
|
||||
- name: postgres-backup
|
||||
plan:
|
||||
- get: time-interval-24h
|
||||
trigger: true
|
||||
- task: postgres-backup-task
|
||||
config:
|
||||
image_resource:
|
||||
name: ""
|
||||
source:
|
||||
repository: alpine
|
||||
tag: '3.13.5'
|
||||
type: docker-image
|
||||
platform: linux
|
||||
run:
|
||||
path: sh
|
||||
args:
|
||||
- '-c'
|
||||
- |
|
||||
|
||||
# alpine image does not come with ssh client by default :\
|
||||
|
||||
echo "installing openssh-client..."
|
||||
apk add -q openssh-client 2>&1 > apk-log
|
||||
|
||||
# https://en.wikibooks.org/wiki/Bourne_Shell_Scripting/Appendix_C:_Quick_Reference#IF_statement
|
||||
if [ "$?" = "1" ]
|
||||
then
|
||||
echo 'failed to install openssh-client:'
|
||||
cat apk-log
|
||||
fi
|
||||
|
||||
echo '.'
|
||||
echo '.'
|
||||
echo '.'
|
||||
|
||||
# backups are sent FROM the postgres dbs on the following servers
|
||||
servers='matrix.cyberia.club legion.cyberia.club rosewater.cyberia.club'
|
||||
|
||||
# backups are sent TO magnataur.cyberia.club (the server which hosts jitsi and btcpay server)
|
||||
magnataur_lan_ip="192.168.1.246"
|
||||
|
||||
# the following ssh host public keys were obtained with this command:
|
||||
# cat /etc/ssh/ssh_host_ed25519_key.pub | awk "{ print \"$(echo <servername>.cyberia.club) \""'$1" "$2'" }"
|
||||
echo '
|
||||
rosewater.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkQzQcJUMl0Yb0MPgvkIFa5vVEuhyg2F+DCn8BWr/FN
|
||||
matrix.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFA3Z/hLRYNysAA06x6DFOC8Bm1V6qdGKuJMbpedPO/r
|
||||
legion.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjP99CUIMvER+D/OFkaJtxx1bjcv2Xz+dX6Q8O0wxqv
|
||||
magnataur.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPPrQcmbXOLUDhSISU6PJxdhTTZYQv+tgAO9iLNWvMI
|
||||
'"$magnataur_lan_ip"' ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPPrQcmbXOLUDhSISU6PJxdhTTZYQv+tgAO9iLNWvMI
|
||||
' > /tmp/known_hosts
|
||||
|
||||
# the double parenthesis is concourse syntax for interpolating in a secret.
|
||||
# See https://man.cyberia.club/services/concourse-ci.md#secrets-and-vault
|
||||
echo '((backups_ssh_private_key))' > /tmp/backups_ssh_private_key
|
||||
|
||||
# openssh will complain if we don't make the ownership of the private key file exclusive
|
||||
chmod 700 /tmp/backups_ssh_private_key
|
||||
|
||||
# https://en.wikibooks.org/wiki/Bourne_Shell_Scripting/Appendix_C:_Quick_Reference#Loop_statements
|
||||
for server in $servers
|
||||
do
|
||||
|
||||
echo "backing up /var/lib/postgresql/pgbackup.gz from $server..."
|
||||
scp -3 -i /tmp/backups_ssh_private_key -o UserKnownHostsFile=/tmp/known_hosts -o HostKeyAlgorithms=ssh-ed25519 \
|
||||
"backups@$server:/var/lib/postgresql/pgbackup.gz" \
|
||||
"backups@$magnataur_lan_ip:/tank/backups/postgres/$server-pgbackup.gz"
|
||||
|
||||
echo "writing postgresql_offsite_backup_last_run_seconds metric for $server..."
|
||||
ssh -i /tmp/backups_ssh_private_key -o UserKnownHostsFile=/tmp/known_hosts -o HostKeyAlgorithms=ssh-ed25519 \
|
||||
"backups@$server" prom-collect postgresql_offsite_backup_last_run_seconds $(date +%s)
|
||||
|
||||
done
|
||||
|
||||
public: true
|
Loading…
Reference in a new issue