Add concourse

nix/devshell.nix

@@ -36,7 +36,7 @@ let
  eval "$(sops --output-type dotenv --extract '["env"]' -d "$GIT_ROOT/secrets.yaml")"
  set +o allexport
 
- LD_LIBRARY_PATH = lib.makeLibraryPath [ pkgs.stdenv.cc.cc ];
+ LD_LIBRARY_PATH="${pkgs.lib.makeLibraryPath [ pkgs.stdenv.cc.cc ]}";
  export LD_LIBRARY_PATH
  pulumi up --cwd "$GIT_ROOT/pulumi" --stack albinvass/infra/infra "$@"
  '';

nixos/hosts/devbox/concourse/default.nix

@@ -0,0 +1,69 @@
+{ config, ...}:
+let
+ concourseWebPort = "8008";
+in {
+ services = {
+ cloudflared.tunnels.devbox.ingress = {
+ "concourse.albinvass.se" = "http://localhost:${concourseWebPort}";
+ };
+ postgresql = {
+ ensureDatabases = [ "concourse" ];
+ ensureUsers = [{
+ name = "concourse";
+ ensureDBOwnership = true;
+ ensureClauses = {
+ login = true;
+ };
+ }];
+ };
+ };
+
+ users.groups.concourse = {};
+ users.users.concourse = {
+ isSystemUser = true;
+ home = "/var/lib/concourse";
+ createHome = true;
+ homeMode = "750";
+ group = "concourse";
+ };
+
+ sops.secrets = {
+ "concourse/common/environment" = {
+ owner = "concourse";
+ group = "concourse";
+ mode = "0600";
+ };
+ "concourse/web/environment" = {
+ owner = "concourse";
+ group = "concourse";
+ mode = "0600";
+ };
+ "concourse/worker/environment" = {
+ owner = "concourse";
+ group = "concourse";
+ mode = "0600";
+ };
+ };
+
+ virtualisation.oci-containers.containers = {
+ concourse-web = {
+ image = "concourse/concourse";
+ cmd = ["web"];
+ ports = [
+ "${concourseWebPort}:8080"
+ ];
+ environmentFiles = [
+ config.sops.secrets."concourse/common/environment".path
+ config.sops.secrets."concourse/web/environment".path
+ ];
+ };
+ concourse-worker = {
+ image = "concourse/concourse";
+ cmd = ["worker"];
+ environmentFiles = [
+ config.sops.secrets."concourse/common/environment".path
+ config.sops.secrets."concourse/worker/environment".path
+ ];
+ };
+ };
+}

nixos/hosts/devbox/default.nix

@@ -5,6 +5,7 @@
  ../../modules/development-tools
  ./minio
  ./cloudflared
+ ./concourse
  ./keycloak
  ./davfs2
  ./postgresql

nixos/hosts/devbox/secrets.yaml

@@ -10,6 +10,13 @@ matrix-synapse:
  extraConfSecrets.yaml: ENC[AES256_GCM,data:muCWTykzdaDE1WFojn38rUkYs5hsS2lZDMssQMpFKWQ01MlniNLrH+kfODygwJoxytTu/9bNlKaO2AoGRdStMCkQaunv5eWE26XwoDh3A/IuumN+bW1ou3ydjyAwF/6luE5sNpHaXOLKmJz31IVz0a1vtg418UW+o8U/aVfSllYcVaTjjSvNKLqk6zx+ZXYVxRlixUudZG1D05eOE468zhLg3LJiPfNK+9rxZqishJe9mYtpmiqGZvnusnlUAEgnFRwdJlM3LzywRQnOGZTQo884EiWd/hw=,iv:OYPZMg5aoBZGbm+K7AlYHIPlTev75I6TQ7jY/5KKm5Y=,tag:figU8hjyCOX2+TjRM3OWeQ==,type:str]
 minio:
  root-credentials: ENC[AES256_GCM,data:6T3quN7JjC0/QTydDXl+2SX99na0Mg9RwNxIANez0PuVAR8PhLcCmKCbJMhxp6oUkhISUdcPEhoZ/si0Gdnr4WjIJazZHU5Gow4ukmFkaz26BA==,iv:L+ZEUYX5Rpw6hx7jqzWSoFKr18hHdBQtNMVKAn95+a8=,tag:bJa7cWxsKIrwej3DmkaTKQ==,type:str]
+concourse:
+ common:
+ environment: ENC[AES256_GCM,data:aLGDmkiyoWPEcBnN2QDAJ6E+7Ki1jQ+21vQfueOITCabb0PMaFH01haY4A0nNdyVkUNtH0VQbo2qjeFQqkHBDdaqygspUEKRZwEL08fNHpSX25BL/TxkegLUuePp+Dz9uB7sH3U=,iv:K4r9Pb5/fPz6Co7/sO4G+QyzZHXvHp3Gj61O0Uskds4=,tag:3q02aOqR7cKTltW9umLTjw==,type:str]
+ web:
+ environment: ""
+ worker:
+ environment: ""
 sops:
  kms: []
  gcp_kms: []
@@ -43,8 +50,8 @@ sops:
  NjdJeEJPQ2dPWllFMTAwa1JqQ3YwSm8K/xa+APX7OoIQPDCtrtynbsguddRNz3wP
  VWb2pieOIwQKH2UhreBxEyglg320FgWFSiqGzcsJkXUIWQT2tWqQLQ==
  -----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-12-21T16:46:00Z"
- mac: ENC[AES256_GCM,data:lZ6GvM8v8wShXahSs7ltw3clTZbNPeyLUk4sCi3BuT0JQZh4WLqFUhOO7/jq3udWIqXaIWe4pIhEYrHvvpIX8BSKs4EQF4BcSmJh3mWsOk7o/GuFDoRgskAt8W6wAyCroQWPqaa5Vjwt3ALt33/g08HMmSIYPATgsV+hlxcFIyk=,iv:SDPh7cw+SomVUzgpIFuGuURzAmLf3GuuDK6lJFxxTT4=,tag:EWvWYAcaNdFbozwskfOxFg==,type:str]
+ lastmodified: "2024-04-27T11:33:38Z"
+ mac: ENC[AES256_GCM,data:jIWizxdPc0buR25wVO8vkq6PlxFXqE15nyq2PJxJGjHA4huXz8SeBhh6XDOKdxkYuzidWfYCYhhpRIo9GfpBUgB74gzYuM7q5mR1Kz+Z+qIsIwp8qGspMAzR4Sgy8tBpwJF/FLZxxL7JA7F1Q2zFMzRCla2PTnksu84dv0IsR8Y=,iv:2z97dHe5AvTs86g0O0ekThU/X6JD7xm989swLzXr5A0=,tag:WH8t6j0s+Ha4l/3NXGvCYQ==,type:str]
  pgp: []
  unencrypted_suffix: _unencrypted
  version: 3.8.1