diff options
| -rw-r--r-- | flake.nix | 2 | ||||
| -rw-r--r-- | ops/buildkite/.gitignore | 3 | ||||
| -rw-r--r-- | ops/buildkite/README.org | 5 | ||||
| -rw-r--r-- | ops/buildkite/buildkite.tf | 29 | ||||
| -rw-r--r-- | ops/buildkite/default.nix | 25 | ||||
| -rw-r--r-- | ops/buildkite/steps.yml | 6 | ||||
| -rw-r--r-- | ops/default.nix | 5 |
7 files changed, 74 insertions, 1 deletions
@@ -60,7 +60,7 @@ inherit home-manager; tools = import ./tools { inherit pkgs; }; - + ops = import ./ops { inherit pkgs; }; users.fcuny = import ./users/fcuny { inherit pkgs; }; }; diff --git a/ops/buildkite/.gitignore b/ops/buildkite/.gitignore new file mode 100644 index 0000000..112bb96 --- /dev/null +++ b/ops/buildkite/.gitignore @@ -0,0 +1,3 @@ +# ignore the various terraform files that are generate. The state is +# stored in a GCS bucket. +.terraform* diff --git a/ops/buildkite/README.org b/ops/buildkite/README.org new file mode 100644 index 0000000..f3a09ef --- /dev/null +++ b/ops/buildkite/README.org @@ -0,0 +1,5 @@ +This is to configure the pipelines in buildkite. + +To upload them, run =nix run .#ops.buildkite.upload=. + +The state is stored in a GCS bucket. The GCS bucket needs to be created before this can be run. The credentials are expected to be stored in =pass= under =gcloud/terraform/fcuny-homelab=. diff --git a/ops/buildkite/buildkite.tf b/ops/buildkite/buildkite.tf new file mode 100644 index 0000000..e663adb --- /dev/null +++ b/ops/buildkite/buildkite.tf @@ -0,0 +1,29 @@ +provider "google" { + project = "fcuny-homelab" + region = "us-west1" + zone = "us-west1-c" +} + +terraform { + required_providers { + buildkite = { + source = "buildkite/buildkite" + } + } + + backend "gcs" { + bucket = "world-tf-state" + prefix = "buildkite/state" + } +} + +provider "buildkite" { + organization = "fcuny-dot-xyz" +} + +resource "buildkite_pipeline" "world" { + name = "world" + description = "CI pipeline for the world repository." + repository = "https://cl.fcuny.net/world" + steps = file("./steps.yml") +} diff --git a/ops/buildkite/default.nix b/ops/buildkite/default.nix new file mode 100644 index 0000000..7daf7c2 --- /dev/null +++ b/ops/buildkite/default.nix @@ -0,0 +1,25 @@ +{ pkgs }: +let + terraform = pkgs.terraform.withPlugins (p: [ + p.buildkite + p.google + ]); +in +pkgs.stdenv.mkDerivation rec { + name = "tf-buildkite"; + src = ./.; + + upload = pkgs.writeShellScriptBin "tf-buildkite-upload" '' + set -ueo pipefail + + cd $(git rev-parse --show-toplevel)/ops/buildkite + pass gcloud/terraform/fcuny-homelab > /dev/shm/tf-fcuny-homelab + + export BUILDKITE_API_TOKEN=$(pass api/buildkite-terraform-token) + export GOOGLE_APPLICATION_CREDENTIALS=/dev/shm/tf-fcuny-homelab + + ${terraform}/bin/terraform init + ${terraform}/bin/terraform plan + ${terraform}/bin/terraform apply + ''; +} diff --git a/ops/buildkite/steps.yml b/ops/buildkite/steps.yml new file mode 100644 index 0000000..9f30b8a --- /dev/null +++ b/ops/buildkite/steps.yml @@ -0,0 +1,6 @@ +--- +steps: + - label: ":buildkite:" + key: ":init:" + command: | + buildkite-agent pipeline upload ops/ci/pipeline.yml diff --git a/ops/default.nix b/ops/default.nix new file mode 100644 index 0000000..500f9ec --- /dev/null +++ b/ops/default.nix @@ -0,0 +1,5 @@ +{ pkgs }: + +pkgs.lib.makeScope pkgs.newScope (pkgs: { + buildkite = pkgs.callPackage ./buildkite { }; +}) |