init: copy from lawndale-infra

2022-05-26 01:29:23 +02:00
commit 478b173c7b
11 changed files with 343 additions and 0 deletions
--- a/drone.tf
+++ b/drone.tf
@@ -0,0 +1,66 @@
+
+resource "helm_release" "drone_server" {
+  name             = "drone"
+  chart            = "drone"
+  repository       = "https://charts.drone.io"
+  namespace        = kubernetes_namespace.server.metadata.0.name
+  create_namespace = false
+
+  values = [
+    jsonencode({
+      env = {
+        DRONE_SERVER_HOST  = local.ingress_domain
+        DRONE_SERVER_PROTO = "https"
+        DRONE_GITEA_SERVER = "https://${local.gitea_server}/"
+      }
+    }),
+    jsonencode({
+      ingress = {
+        enabled = true
+        annotations = {
+          "kubernetes.io/ingress.class"                             = "traefik"
+          "traefik.ingress.kubernetes.io/router.entrypoints"        = "websecure"
+          "traefik.ingress.kubernetes.io/router.tls"                = "true"
+          "traefik.ingress.kubernetes.io/router.tls.certresolver"   = "acme-thomasklein-me"
+          "traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
+        }
+        hosts = [
+          {
+            host = local.ingress_domain
+            paths = [
+              {
+                path     = "/"
+                pathType = "Prefix"
+              }
+            ]
+          }
+        ]
+      }
+    }),
+    jsonencode({
+      persistentVolume = {
+        enabled       = true
+        existingClaim = module.drone_persistance.pvc_name
+      }
+    })
+  ]
+
+  set_sensitive {
+    name  = "env.DRONE_RPC_SECRET"
+    value = random_password.drone_rpc_secret.result
+  }
+
+  set_sensitive {
+    name  = "env.DRONE_GITEA_CLIENT_ID"
+    value = gitea_oauth2_app.this.client_id
+  }
+  set_sensitive {
+    name  = "env.DRONE_GITEA_CLIENT_SECRET"
+    value = gitea_oauth2_app.this.client_secret
+  }
+}
+
+resource "random_password" "drone_rpc_secret" {
+  special = true
+  length  = 32
+}