Rename to repo and allow custom job name
This commit is contained in:
parent
211c5d74ec
commit
a4c1a8dd13
|
@ -5,7 +5,7 @@ This job is made to expose an RPMS (or anything else) repository. It's composed
|
|||
|
||||
To use it, you just need to push the SSH public keys (comma separated) to access the SSH service on vault
|
||||
```
|
||||
vault kv put kv/service/rpms-repo ssh_keys="ssh-rsa AAAA.....,ssh-rsa AAAAA"
|
||||
vault kv put kv/service/repo ssh_keys="ssh-rsa AAAA.....,ssh-rsa AAAAA"
|
||||
```
|
||||
|
||||
Then just adjust variables.yml to your need
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
Kind = "service-intentions"
|
||||
Name = "repo-rsync[[ .env.suffix ]]"
|
||||
Sources = [
|
||||
{
|
||||
Name = [[ .traefik.instance | toJSON ]]
|
||||
Action = "allow"
|
||||
}
|
||||
]
|
|
@ -1 +1 @@
|
|||
Subproject commit 8cfe263f274b066e8021e5f821ef6fd465f645f9
|
||||
Subproject commit a1738a81645748892a34d990c6df07cd1b4815ad
|
|
@ -0,0 +1 @@
|
|||
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "repo-web" printf "%s%s" .repo.job_name "-web" "repo-rsync" .repo.job_name "-rsync" ]]
|
|
@ -1,4 +1,4 @@
|
|||
job "rpms-repo" {
|
||||
job [[ .repo.job_name | toJSON ]]{
|
||||
|
||||
[[- template "common/job_start.tpl" . ]]
|
||||
|
||||
|
@ -11,8 +11,8 @@ job "rpms-repo" {
|
|||
}
|
||||
|
||||
volume "repo" {
|
||||
type = [[ .repo.volumes.rpms.type | toJSON ]]
|
||||
source = [[ .repo.volumes.rpms.source | toJSON ]]
|
||||
type = [[ .repo.volumes.repo.type | toJSON ]]
|
||||
source = [[ .repo.volumes.repo.source | toJSON ]]
|
||||
attachment_mode = "file-system"
|
||||
access_mode = "multi-node-single-writer"
|
||||
read_only = true
|
||||
|
@ -50,7 +50,7 @@ job "rpms-repo" {
|
|||
|
||||
template {
|
||||
data = <<_EOF
|
||||
[[ template "rpms-repo/nginx.conf.tpl" ]]
|
||||
[[ template "repo/nginx.conf.tpl" ]]
|
||||
_EOF
|
||||
destination = "local/nginx.conf"
|
||||
}
|
||||
|
@ -61,7 +61,7 @@ _EOF
|
|||
read_only = true
|
||||
}
|
||||
|
||||
[[ template "common/resources.tpl" .repo.nginx.resources ]]
|
||||
[[ template "common/resources.tpl" .repo.nginx.resources ]]
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -73,8 +73,8 @@ _EOF
|
|||
}
|
||||
|
||||
volume "repo" {
|
||||
type = [[ .repo.volumes.rpms.type | toJSON ]]
|
||||
source = [[ .repo.volumes.rpms.source | toJSON ]]
|
||||
type = [[ .repo.volumes.repo.type | toJSON ]]
|
||||
source = [[ .repo.volumes.repo.source | toJSON ]]
|
||||
attachment_mode = "file-system"
|
||||
access_mode = "multi-node-single-writer"
|
||||
}
|
||||
|
@ -115,14 +115,14 @@ _EOF
|
|||
}
|
||||
|
||||
vault {
|
||||
policies = ["rpms-repo[[ .env.suffix ]]"]
|
||||
policies = ["repo[[ .env.suffix ]]"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
|
||||
template {
|
||||
data = <<-_EOF
|
||||
{{ with secret "[[ .vault.prefix ]]kv/service/rpms-repo" }}
|
||||
{{ with secret "[[ .vault.prefix ]]kv/service/repo" }}
|
||||
{{- range $idx, $key := .Data.data.ssh_keys | split "," -}}
|
||||
SSH_AUTH_KEY_{{ $idx }}={{ $key }}
|
||||
{{ end }}{{ end }}
|
||||
|
@ -141,7 +141,7 @@ _EOF
|
|||
destination = "/config"
|
||||
}
|
||||
|
||||
[[ template "common/resources.tpl" .repo.rsync.resources ]]
|
||||
[[ template "common/resources.tpl" .repo.rsync.resources ]]
|
||||
}
|
||||
}
|
||||
}
|
|
@ -3,6 +3,9 @@ server {
|
|||
listen 127.0.0.1:8080;
|
||||
server_name _;
|
||||
server_tokens off;
|
||||
set_real_ip_from 127.0.0.1;
|
||||
real_ip_header X-Forwarded-For;
|
||||
real_ip_recursive on;
|
||||
root /data/repo;
|
||||
autoindex on;
|
||||
autoindex_localtime on;
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
---
|
||||
|
||||
repo:
|
||||
# Name of the Noamd job
|
||||
job_name: repo
|
||||
|
||||
nginx:
|
||||
# Image to use
|
||||
image: nginxinc/nginx-unprivileged:alpine
|
||||
|
@ -14,7 +17,7 @@ repo:
|
|||
memory: 40
|
||||
|
||||
# Public URL of the repo
|
||||
public_url: https://rpms.example.org
|
||||
public_url: https://repo.example.org
|
||||
|
||||
# Driver to use for the task (docker or podman)
|
||||
driver: docker
|
||||
|
@ -53,11 +56,11 @@ repo:
|
|||
# Volumes used
|
||||
volumes:
|
||||
# This on holds the repo itself
|
||||
rpms:
|
||||
repo:
|
||||
type: csi
|
||||
source: rpms-repo
|
||||
source: repo
|
||||
|
||||
# This one is a very small volume, just to persist SSH host keys
|
||||
ssh:
|
||||
type: csi
|
||||
source: rpms-ssh
|
||||
source: repo-ssh
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
path "[[ .vault.prefix ]]kv/data/service/repo" {
|
||||
capabilities = ["read"]
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
path "[[ .vault.prefix ]]kv/data/service/rpms-repo" {
|
||||
capabilities = ["read"]
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
id = "rpms-ssh"
|
||||
name = "rpms-ssh[[ .env.suffix ]]"
|
||||
id = "repo-ssh"
|
||||
name = "repo-ssh[[ .env.suffix ]]"
|
||||
type = "csi"
|
||||
plugin_id = "org.democratic-csi.nfs"
|
||||
min_capacity = "1M"
|
|
@ -1,5 +1,5 @@
|
|||
id = "rpms-repo"
|
||||
name = "rpms-repo[[ .env.suffix ]]"
|
||||
id = "repo"
|
||||
name = "repo[[ .env.suffix ]]"
|
||||
type = "csi"
|
||||
plugin_id = "org.democratic-csi.nfs"
|
||||
min_capacity = "15G"
|
Loading…
Reference in New Issue