Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Concourse #53691

Closed
wants to merge 33 commits into from
Closed

Concourse #53691

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
20b01bb
Linux concourse build (#1)
dingxiangfei2009 Oct 25, 2018
11f4538
use `fetchSubmodules` instead of `deepClone` (#2)
dingxiangfei2009 Nov 7, 2018
30bf6ba
support boolean flags
dingxiangfei2009 Nov 8, 2018
1f00f17
allow repeating arguments (#3)
dingxiangfei2009 Nov 9, 2018
b8f3e92
include `/etc/{passwd,group,nsswitch.conf}` into resources (#6)
dingxiangfei2009 Nov 10, 2018
c8836c2
add `github-release` and `s3` resource types
dingxiangfei2009 Nov 10, 2018
5a95065
add libnss to elm runtime dependencies
dingxiangfei2009 Nov 12, 2018
4e166ef
bump concourse to next unstable master (#10)
dingxiangfei2009 Jan 7, 2019
245f569
Separate concourse and fly (#11)
dingxiangfei2009 Jan 8, 2019
be878d1
add metadata
dingxiangfei2009 Jan 9, 2019
04b26cf
add back preBuild hook
dingxiangfei2009 Feb 7, 2019
394e98b
fix sha for sonde-go
dingxiangfei2009 Feb 7, 2019
092b46f
make garden and asset dir overridable
dingxiangfei2009 Feb 14, 2019
2836341
fix garden-bin type
dingxiangfei2009 Feb 18, 2019
3a32cb1
fix resource-types type
dingxiangfei2009 Feb 21, 2019
53cbd33
populate nix store database in resource images
dingxiangfei2009 Feb 25, 2019
6627492
update the concourse registry-image resource
edude03 Mar 12, 2019
22144da
concourse 5.0.0
dingxiangfei2009 Mar 13, 2019
75ec9c1
semver resource and concourse-pipeline resource
dingxiangfei2009 Mar 14, 2019
f2c3e44
escape dollar sign ($) in password for systemd
dingxiangfei2009 Mar 15, 2019
2211f80
include fly into pipeline resource
dingxiangfei2009 Mar 20, 2019
2a19d2a
stop concourse-pipeline-resource from syncing fly with concourse
dingxiangfei2009 Mar 20, 2019
d3d6921
add fly to /opt/resource in concourse-pipeline resource
dingxiangfei2009 Mar 20, 2019
43841b3
escape unit specifier
dingxiangfei2009 Mar 21, 2019
8a15ff3
version = 5.0.0
dingxiangfei2009 Mar 21, 2019
e25ee1a
set home folder for building garden-runc
dingxiangfei2009 Mar 28, 2019
19fe90f
wip
dingxiangfei2009 Apr 5, 2019
8596581
stop using yarn2nix
dingxiangfei2009 Apr 8, 2019
ec69a8b
fix hashes
dingxiangfei2009 Apr 8, 2019
b74d7d0
fix more hashes
dingxiangfei2009 Apr 8, 2019
c3faf20
fix more hashes
dingxiangfei2009 Apr 8, 2019
15c738d
unvendor lib/pq in concourse/dex
dingxiangfei2009 Apr 9, 2019
7ff6bb0
stop building yarn modules
dingxiangfei2009 Apr 9, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 5 additions & 0 deletions maintainers/maintainer-list.nix
View file
Open in desktop
Expand Up @@ -1308,6 +1308,11 @@
github = "dtzWill";
name = "Will Dietz";
};
dxf = {
email = "dingxiangfei2009@gmail.com";
github = "dingxiangfei2009";
name = "Ding Xiang Fei";
};
dysinger = {
email = "tim@dysinger.net";
github = "dysinger";
Expand Down
2 changes: 2 additions & 0 deletions nixos/modules/misc/ids.nix
View file
Open in desktop
Expand Up @@ -339,6 +339,7 @@
rss2email = 312;
cockroachdb = 313;
zoneminder = 314;
concourse = 315;

# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

Expand Down Expand Up @@ -638,6 +639,7 @@
rss2email = 312;
cockroachdb = 313;
zoneminder = 314;
concourse = 315;

# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal
Expand Down
2 changes: 2 additions & 0 deletions nixos/modules/module-list.nix
View file
Open in desktop
Expand Up @@ -220,6 +220,8 @@
./services/continuous-integration/buildbot/master.nix
./services/continuous-integration/buildbot/worker.nix
./services/continuous-integration/buildkite-agent.nix
./services/continuous-integration/concourse/web.nix
./services/continuous-integration/concourse/worker.nix
./services/continuous-integration/hail.nix
./services/continuous-integration/hydra/default.nix
./services/continuous-integration/gitlab-runner.nix
Expand Down
252 changes: 252 additions & 0 deletions nixos/modules/services/continuous-integration/concourse/web.nix
View file
Open in desktop
@@ -0,0 +1,252 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.concourse-web;
in
{
options = {
services.concourse-web = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the Concourse continuous integration web server.
'';
};

user = mkOption {
default = "concourse";
type = types.str;
description = ''
User the Concourse web server should execute under.
'';
};

group = mkOption {
default = "concourse";
type = types.str;
description = ''
Group the Concourse web server should execute under.
'';
};

extraGroups = mkOption {
type = with types; listOf str;
default = [];
description = ''
List of extra groups that Concourse user should be a part of.
'';
};

bind-ip = mkOption {
default = "0.0.0.0";
example = "localhost";
type = types.str;
description = ''
Specifies the bind address on which the Concourse web interface listens.
Defaults to the wildcard IPv4 address.
'';
};

bind-port = mkOption {
default = 8080;
type = types.int;
description = ''
Specifies the bind port on which the Concourse web interface listens.
'';
};

session-signing-key = mkOption {
type = types.str;
example = "/root/session-signing-key";
description = ''
Specifies the session signing key.
'';
};

tsa-host-key = mkOption {
type = types.str;
example = "/root/tsa-host-key";
description = ''
Specifies the TSA host key.
'';
};

tsa-authorized-keys = mkOption {
type = types.str;
example = "/root/tsa-authorized-keys";
description = ''
Specifies the file containing the list of public keys of workers acceptable by TSA.
'';
};

postgres-host = mkOption {
default = "127.0.0.1";
type = with types; nullOr str;
example = "localhost";
description = ''
Specifies the PostgreSQL host containing ATC database.
Defaults to "127.0.0.1".
'';
};

postgres-port = mkOption {
default = 5432;
type = with types; nullOr int;
example = 5432;
description = ''
Specifies the PostgreSQL port containing ATC database.
Defaults to 5432.
'';
};

postgres-user = mkOption {
default = "postgres";
type = types.str;
example = "postgres";
description = ''
Specifies the PostgreSQL user.
'';
};

postgres-password = mkOption {
default = null;
type = with types; nullOr str;
example = "password";
description = ''
Specifies the PostgreSQL password.
'';
};

postgres-socket = mkOption {
default = null;
type = with types; nullOr str;
example = "/var/postgres/postgres.sock";
description = ''
Specifies the PostgreSQL Unix socket.
'';
};

postgres-database = mkOption {
default = "atc";
type = types.str;
description = ''
Specifies the PostgreSQL ATC database.
Defaults to "atc";
'';
};

extraArgs = mkOption {
default = {};
type = with types; attrsOf (either (listOf str) str);
example = ''
{
tsa-bind-ip = "0.0.0.0";
tsa-bind-port = "2222";
}
'';
description = ''
Specifies the extra arguments supplied to `concourse web` invocation.
This will be transformed into `systemd` arguments.
'';
};

extraFlags = mkOption {
default = [];
type = with types; listOf str;
example = [ "vault-insecure-skip-verify" ];
description = ''
Specifies the extra flags supplied to `concourse web` invocation.
These flags are command line arguments that does not supply any value and acts like switches.
'';
};

environment = mkOption {
default = {};
type = with types; attrsOf str;
example = ''
{
CONCOURSE_TSA_BIND_IP = "0.0.0.0";
CONCOURSE_TSA_BIND_PORT = "2222";
}
'';
description = ''
Specifies the extra environment variables supplied to `concourse web` invocation.
'';
};
};
};

#### implementation
config =
let
tryEvalListArg = name: value:
if isList value then
concatMap (value: [ "--${name}" value ]) value
else
[ "--${name}" value ];

extraFlags =
map (flag: "--${flag}") cfg.extraFlags;

extraArgs =
concatMap
(x: x)
(mapAttrsToList tryEvalListArg cfg.extraArgs);

regularArgs =
concatMap
(arg: [ "--${arg}" cfg.${arg} ])
[
"bind-ip"
"bind-port"
"session-signing-key"
"tsa-host-key"
"tsa-authorized-keys"
"postgres-user"
"postgres-database"
]
++ (
if isNull cfg.postgres-socket then
[
"--postgres-host" cfg.postgres-host
"--postgres-port" cfg.postgres-port
]
else
[ "--postgres-socket" cfg.postgres-socket ]
)
++ optionals
(!isNull cfg.postgres-password)
[
"--postgres-password"
(replaceChars ["$" "%"] ["$$" "%%"] cfg.postgres-password)
];
args = concatStringsSep " " (map escapeShellArgs [regularArgs extraArgs extraFlags]);
in
mkIf cfg.enable {
users.groups = optional (cfg.group == "concourse") {
name = "concourse";
gid = config.ids.gids.concourse;
};

users.users = optional (cfg.user == "concourse") {
name = "concourse";
description = "concourse user";
createHome = false;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = false;
uid = config.ids.uids.concourse;
};

systemd.services.concourse-web = {
description = "Concourse CI Web Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.User = cfg.user;
environment = config.environment.sessionVariables // cfg.environment;

serviceConfig.ExecStart = "${pkgs.concourse}/bin/concourse web ${builtins.replaceStrings [ "'" ] [ "\"" ] args}";
};
};
}