unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
0bed8ba4f4
puppet-prod/hieradata/roles/infra/droneci/server.yaml
Ben Vincent 91d9a073d6 feat: add droneadmin 
- add environment variable to assign primary admin
2024-08-25 14:58:56 +10:00

80 lines
2.8 KiB
YAML
Raw Blame History

---
# additional altnames
profiles::pki::vault::alt_names:
- droneci.main.unkin.net
- droneci.service.consul
- droneci.query.consul
- "droneci.service.%{facts.country}-%{facts.region}.consul"
profiles::ssh::sign::principals:
- droneci.main.unkin.net
- droneci.service.consul
- droneci.query.consul
hiera_include:
- docker
- profiles::sql::postgresdb
- droneci
docker::version: latest
docker::curl_ensure: false
profiles::sql::postgresdb::dbname: droneci
profiles::sql::postgresdb::dbuser: droneci
profiles::sql::postgresdb::dbpass: "%{hiera('droneci_server::postgres_password')}"
profiles::sql::postgresdb::members_lookup: true
profiles::sql::postgresdb::members_role: roles::infra::droneci::server
droneci::ports:
- 80:80
- 443:443
droneci::volumes:
- type=bind,source=/var/lib/drone,target=/data
- type=bind,source=/etc/pki/tls/vault/certificate.crt,target=/etc/pki/tls/vault/certificate.crt,readonly
- type=bind,source=/etc/pki/tls/vault/private.key,target=/etc/pki/tls/vault/private.key,readonly
- type=bind,source=/etc/pki/tls/certs/ca-bundle.crt,target=/etc/pki/tls/certs/ca-bundle.crt,readonly
- type=bind,source=/etc/pki/tls/certs/ca-bundle.crt,target=/etc/ssl/certs/ca-certificates.crt,readonly
droneci::env_vars:
DRONE_GITEA_SERVER: https://git.query.consul
DRONE_GITEA_CLIENT_ID: dda67581-86df-4e65-88ae-1e505b849082
DRONE_USER_CREATE: username:unkinben,admin:true
DRONE_GITEA_CLIENT_SECRET: "%{hiera('droneci_server::gitea_client_secret')}"
DRONE_RPC_SECRET: "%{hiera('droneci_server::rpc_secret')}"
DRONE_SERVER_HOST: droneci.query.consul
DRONE_SERVER_PROTO: https
DRONE_TLS_CERT: /etc/pki/tls/vault/certificate.crt
DRONE_TLS_KEY: /etc/pki/tls/vault/private.key
DRONE_COOKIE_SECRET: "%{hiera('droneci_server::cookie_secret')}"
DRONE_COOKIE_TIMEOUT: 720h
DRONE_HTTP_SSL_REDIRECT: true
DRONE_HTTP_SSL_TEMPORARY_REDIRECT: true
DRONE_HTTP_SSL_HOST: droneci.query.consul
DRONE_LOGS_TEXT: true
DRONE_LOGS_PRETTY: true
DRONE_LOGS_COLOR: true
DRONE_DATABASE_SECRET: "%{hiera('droneci_server::database_secret')}"
DRONE_DATABASE_DRIVER: postgres
DRONE_DATABASE_DATASOURCE: "postgres://droneci:%{hiera('droneci_server::postgres_password')}@master.patroni-prod.service.au-syd1.consul:5432/droneci?sslmode=disable"
DRONE_REDIS_CONNECTION: "redis://%{hiera('droneci_server::redis_password')}@redis-master-prod.service.au-syd1.consul:6379/2"
consul::services:
droneci:
service_name: 'droneci'
tags:
- 'drone'
- 'droneci'
address: "%{facts.networking.ip}"
port: 443
checks:
- id: 'droneci_https_check'
name: 'droneci HTTPS Check'
http: "https://%{facts.networking.fqdn}:443"
method: 'GET'
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: droneci
disposition: write
Reference in New Issue View Git Blame Copy Permalink