cyberia
/
ops-handbook
6
0
Fork 5
Code Issues 8 Pull Requests Projects Releases Wiki Activity

get rid of concourse pipelines #13

Merged
forest merged 4 commits from forest/ops-handbook:master into master 2022-06-12 03:11:52 +00:00
Conversation 0 Commits 4 Files Changed 4 -263
4 changed files with 0 additions and 263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
concourse-pipelines/capsul-archlinux.yml
View File

@ -1,52 +0,0 @@
# to update the pipeline, run:
# fly -t cyberia set-pipeline -c capsul-archlinux.yml -p capsul-archlinux
# see https://man.cyberia.club/services/concourse-ci.md
resources:
- name: capsul-images
source:
uri: https://git.sr.ht/~j3s/capsul-images
type: git
- name: time-interval-24h
source:
interval: 24h
type: time
jobs:
- name: capsul-archlinux
plan:
- get: time-interval-24h
trigger: true
- get: capsul-images
- config:
image_resource:
name: ""
source:
repository: archlinux
tag: latest
type: docker-image
inputs:
- name: capsul-images
platform: linux
run:
args:
- -c
- |
# see https://bugs.archlinux.org/task/69563
printf "patching glibc...\n"
patched_glibc=glibc-linux4-2.33-4-x86_64.pkg.tar.zst
curl -LO "https://repo.archlinuxcn.org/x86_64/$patched_glibc" > /dev/null
bsdtar -C / -xvf "$patched_glibc" > /dev/null
printf "updating repos...\n"
pacman -Sy --noconfirm > /dev/null
printf "installing deps...\n"
pacman -S --noconfirm arch-install-scripts qemu-headless procps-ng reflector syslinux pacman-contrib > /dev/null
printf "building image...\n"
# build the image
cd capsul-images/archlinux
./build
path: sh
task: build-image
public: true

66
concourse-pipelines/capsul-guixsystem.yml
View File

@ -1,66 +0,0 @@
# to update the pipeline, run:
# fly -t cyberia set-pipeline -c capsul-guixsystem.yml -p capsul-guixsystem
# to run the pipeline, run:
# fly -t cyberia trigger-job -j capsul-guixsystem/capsul-guixsystem
# then you should see it in the web UI here: https://concourse.cyberia.club/teams/main/pipelines/capsul-guixsystem/jobs/capsul-guix-system/builds/
# to get a shell inside the pipeline while its running:
# fly -t cyberia hijack --job capsul-guixsystem/capsul-guixsystem --build 2 --step image sh
# see https://man.cyberia.club/services/concourse-ci.md
resources:
- name: time-interval-24h
type: time
source:
interval: 24h
jobs:
- name: capsul-guixsystem
plan:
- get: time-interval-24h
trigger: true
- task: capsul-guixsystem-task
config:
image_resource:
name: ""
source:
repository: alpine
tag: '3.14.0'
type: docker-image
platform: linux
run:
path: sh
args:
- '-c'
- |
echo "installing required build deps"
apk add packer qemu-img qemu-system-x86_64 rsync git
# produced qemu files are sent TO baikal.cyberia.club (the server which hosts capsul)
#
# space separated
servers="192.168.1.246"
# the following ssh host public keys were obtained with this command:
# cat /etc/ssh/ssh_host_ed25519_key.pub | awk "{ print \"$(echo <servername>.cyberia.club) \""'$1" "$2'" }"
mkdir .ssh
echo '
baikal.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFqtdN4dBInWhmp3oXEkjrMvA/yfI3Lb7tVIK6L7YFi
' >> .ssh/known_hosts
# the double parenthesis is concourse syntax for interpolating in a secret.
# See https://man.cyberia.club/services/concourse-ci.md#secrets-and-vault
#
# the deploy user has accounts on all capsul systems, and only has privs
# to write images.
echo '((deploy_user_ssh_private_key))' > .ssh/id_ed25519
# openssh will complain if we don't make the ownership of the private key file exclusive
chmod 400 .ssh/id_ed25519
# build the vm with packer
git clone https://git.cyberia.club/services/capsul-images
cd capsul-images/guixsystem
./build 1.3.0
public: true

61
concourse-pipelines/capsul-openbsd.yml
View File

@ -1,61 +0,0 @@
# to update the pipeline, run:
# fly -t cyberia set-pipeline -c capsul-openbsd.yml -p capsul-openbsd
# see https://man.cyberia.club/services/concourse-ci.md
resources:
- name: time-interval-24h
type: time
source:
interval: 24h
jobs:
- name: capsul-openbsd
plan:
- get: time-interval-24h
trigger: true
- task: capsul-openbsd-task
config:
image_resource:
name: ""
source:
repository: alpine
tag: '3.14.0'
type: docker-image
platform: linux
run:
path: sh
args:
- '-c'
- |
echo "installing required build deps"
apk add packer qemu-img qemu-system-x86_64 rsync git
# produced qemu files are sent TO baikal.cyberia.club (the server which hosts capsul)
#
# space separated
servers="192.168.1.246"
# the following ssh host public keys were obtained with this command:
# cat /etc/ssh/ssh_host_ed25519_key.pub | awk "{ print \"$(echo <servername>.cyberia.club) \""'$1" "$2'" }"
mkdir .ssh
echo '
baikal.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFqtdN4dBInWhmp3oXEkjrMvA/yfI3Lb7tVIK6L7YFi
' >> .ssh/known_hosts
# the double parenthesis is concourse syntax for interpolating in a secret.
# See https://man.cyberia.club/services/concourse-ci.md#secrets-and-vault
#
# the deploy user has accounts on all capsul systems, and only has privs
# to write images.
# echo 'deploy_ssh_private_key' > .ssh/id_ed25519
echo 'testcrap' > .ssh/id_ed25519
# openssh will complain if we don't make the ownership of the private key file exclusive
chmod 400 .ssh/id_ed25519
# build the vm with packer
git clone https://git.cyberia.club/services/capsul-images
cd capsul-images/openbsd
./build 6.9
public: true

84
concourse-pipelines/postgres-backup.yml
View File

@ -1,84 +0,0 @@
# to update the pipeline, run:
# fly -t cyberia sp -c ~/Desktop/git/cyberia-ops-handbook/concourse-pipelines/postgres-backup.yml -p postgres-backup
# (see https://man.cyberia.club/services/concourse-ci.md)
resources:
- name: time-interval-24h
type: time
source:
interval: 24h
jobs:
- name: postgres-backup
plan:
- get: time-interval-24h
trigger: true
- task: postgres-backup-task
config:
image_resource:
name: ""
source:
repository: alpine
tag: '3.13.5'
type: docker-image
platform: linux
run:
path: sh
args:
- '-c'
- |
# alpine image does not come with ssh client by default :\
echo "installing openssh-client..."
apk add -q openssh-client 2>&1 > apk-log
# https://en.wikibooks.org/wiki/Bourne_Shell_Scripting/Appendix_C:_Quick_Reference#IF_statement
if [ "$?" = "1" ]
then
echo 'failed to install openssh-client:'
cat apk-log
fi
echo '.'
echo '.'
echo '.'
# backups are sent FROM the postgres dbs on the following servers
servers='matrix.cyberia.club legion.cyberia.club rosewater.cyberia.club'
# backups are sent TO magnataur.cyberia.club (the server which hosts jitsi and btcpay server)
magnataur_lan_ip="192.168.1.246"
# the following ssh host public keys were obtained with this command:
# cat /etc/ssh/ssh_host_ed25519_key.pub | awk "{ print \"$(echo <servername>.cyberia.club) \""'$1" "$2'" }"
echo '
rosewater.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkQzQcJUMl0Yb0MPgvkIFa5vVEuhyg2F+DCn8BWr/FN
matrix.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFA3Z/hLRYNysAA06x6DFOC8Bm1V6qdGKuJMbpedPO/r
legion.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjP99CUIMvER+D/OFkaJtxx1bjcv2Xz+dX6Q8O0wxqv
magnataur.cyberia.club ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPPrQcmbXOLUDhSISU6PJxdhTTZYQv+tgAO9iLNWvMI
'"$magnataur_lan_ip"' ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPPrQcmbXOLUDhSISU6PJxdhTTZYQv+tgAO9iLNWvMI
' > /tmp/known_hosts
# the double parenthesis is concourse syntax for interpolating in a secret.
# See https://man.cyberia.club/services/concourse-ci.md#secrets-and-vault
echo '((backups_ssh_private_key))' > /tmp/backups_ssh_private_key
# openssh will complain if we don't make the ownership of the private key file exclusive
chmod 700 /tmp/backups_ssh_private_key
# https://en.wikibooks.org/wiki/Bourne_Shell_Scripting/Appendix_C:_Quick_Reference#Loop_statements
for server in $servers
do
echo "backing up /var/lib/postgresql/pgbackup.gz from $server..."
scp -3 -i /tmp/backups_ssh_private_key -o UserKnownHostsFile=/tmp/known_hosts -o HostKeyAlgorithms=ssh-ed25519 \
"backups@$server:/var/lib/postgresql/pgbackup.gz" \
"backups@$magnataur_lan_ip:/tank/backups/postgres/$server-pgbackup.gz"
echo "writing postgresql_offsite_backup_last_run_seconds metric for $server..."
ssh -i /tmp/backups_ssh_private_key -o UserKnownHostsFile=/tmp/known_hosts -o HostKeyAlgorithms=ssh-ed25519 \
"backups@$server" prom-collect postgresql_offsite_backup_last_run_seconds $(date +%s)
done
public: true