gitea ci

bundles/build-ci/items.py

@@ -0,0 +1,9 @@
+for project, options in node.metadata.get('build-ci').items():
+    directories[options['path']] = {
+        'owner': 'build-ci',
+        'group': options['group'],
+        'mode': '770',
+        'needs': [
+            'user:build-ci',
+        ],
+    }

bundles/build-ci/metadata.py

@@ -0,0 +1,24 @@
+from shlex import quote
+
+
+@metadata_reactor.provides(
+    'users/build-ci/authorized_users',
+)
+def ssh_keys(metadata):
+    return {
+        'users': {
+            'build-ci': {
+                'authorized_users': {
+                    f'build-server@{other_node.name}'
+                        for other_node in repo.nodes
+                        if other_node.has_bundle('build-server')
+                },
+            },
+        },
+        'sudoers': {
+            'build-ci': {
+                f"/usr/bin/chown -R build-ci\:{quote(ci['group'])} {quote(ci['path'])}"
+                    for ci in metadata.get('build-ci').values()
+            }
+        },
+    }

bundles/build-server/files/ci

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -xu
+
+
+CONFIG_PATH=${config_path}
+JSON="$1"
+REPO_NAME=$(jq -r .repository.name <<< $JSON)
+CLONE_URL=$(jq -r .repository.clone_url <<< $JSON)
+SSH_OPTIONS='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
+
+for INTEGRATION in "$(cat $CONFIG_PATH | jq -r '.ci | values[]')"
+do
+  
+  echo '-----------------------'
+  echo $INTEGRATION
+  
+  [[ $(jq -r '.repo' <<< $INTEGRATION) = $REPO_NAME ]] || continue
+  
+  HOSTNAME=$(jq -r '.hostname' <<< $INTEGRATION)
+  DESTINATION_PATH=$(jq -r '.path' <<< $INTEGRATION)
+  DESTINATION_GROUP=$(jq -r '.group' <<< $INTEGRATION)
+
+  cd ~
+  rm -rf "$REPO_NAME"
+  git clone "$CLONE_URL" "$REPO_NAME"
+
+  ssh $SSH_OPTIONS "build-ci@$HOSTNAME" "find \"$DESTINATION_PATH\" -mindepth 1 -delete"
+  scp -r $SSH_OPTIONS "$REPO_NAME"/* "build-ci@$HOSTNAME:$DESTINATION_PATH"
+  ssh $SSH_OPTIONS "build-ci@$HOSTNAME" "sudo chown -R build-ci:$DESTINATION_GROUP $(printf "%q" "$DESTINATION_PATH")"
+done

bundles/build-server/items.py

@@ -10,7 +10,7 @@ directories = {
 files = {
     '/etc/build-server.json': {
         'owner': 'build-server',
-        'content': json.dumps(node.metadata.get('build-server'), indent=4, cls=MetadataJSONEncoder)
+        'content': json.dumps(node.metadata.get('build-server'), indent=4, sort_keys=True, cls=MetadataJSONEncoder)
     },
     '/opt/build-server/strategies/crystal': {
         'content_type': 'mako',
@@ -21,4 +21,12 @@ files = {
             'download_server': node.metadata.get('build-server/download_server_ip'),
         },
     },
+    '/opt/build-server/strategies/ci': {
+        'content_type': 'mako',
+        'owner': 'build-server',
+        'mode': '0777', # FIXME
+        'context': {
+            'config_path': '/etc/build-server.json',
+        },
+    },
 }

bundles/build-server/metadata.py

@@ -40,6 +40,24 @@ def agent_conf(metadata):
         },
     }
 
+@metadata_reactor.provides(
+    'build-server',
+)
+def ci(metadata):
+    return {
+        'build-server': {
+            'ci': {
+                f'{repo}@{other_node.name}': {
+                    'hostname': other_node.metadata.get('hostname'),
+                    'repo': repo,
+                    **options,
+                }
+                    for other_node in repo.nodes
+                    if other_node.has_bundle('build-ci')
+                    for repo, options in other_node.metadata.get('build-ci').items()
+            },
+        },
+    }
 
 @metadata_reactor.provides(
     'nginx/vhosts',

bundles/lonercrew/metadata.py

@@ -0,0 +1,28 @@
+if not node.has_bundle('build-ci'):
+    raise Exception('lownercrew needs bundle build-ci')
+
+
+defaults = {
+    'build-ci': {
+        'lonercrew': {
+            'path': '/opt/lonercrew',
+            'group': 'www-data',
+            'rev': 'master',
+        },
+    },
+}
+
+
+@metadata_reactor.provides(
+    'nginx/vhosts',
+)
+def nginx(metadata):
+    return {
+        'nginx': {
+            'vhosts': {
+                'lonercrew.io': {
+                    'content': 'lonercrew/vhost.conf',
+                },
+            },
+        },
+    }

data/lonercrew/vhost.conf

@@ -0,0 +1,11 @@
+server {
+    listen 443      ssl http2;
+    listen [::]:443 ssl http2;
+
+    ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
+    ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
+
+    server_name ${server_name};
+    index index.html;
+    root /opt/lonercrew;
+}

nodes/netcup.mails.py

@@ -14,6 +14,8 @@
         'islamicstate.eu',
         'wireguard',
         'zfs',
+        'lonercrew',
+        'build-ci',
     ],
     'metadata': {
         'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae',
@@ -45,6 +47,7 @@
                 'islamicstate.eu',
                 'hausamsilberberg.de',
                 'wiegand.tel',
+                'lonercrew.io',
             },
         },
         'dns': {