buildfarm

9 files changed, 218 insertions, 0 deletions

diff --git a/terraform/buildfarm/.terraform.lock.hcl b/terraform/buildfarm/.terraform.lock.hcl
new file mode 100644
index 0000000..378c8ed
--- /dev/null
+++ b/terraform/buildfarm/.terraform.lock.hcl
@@ -0,0 +1,43 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/kreuzwerker/docker" {
+  version     = "2.24.0"
+  constraints = "2.24.0"
+  hashes = [
+    "h1:1z0/qA77T3PS/1m4vRO8UgWjHjk5/v+f3JfGbMyzX18=",
+    "zh:181fefd55c8eb75efe9815c43fdd76422b57951ef53b5d5f19273a00fdf0e2e2",
+    "zh:2ec84e029d169f188be2addf7f45c2555f226f67d4b6fb66c1749ed5b2c4a76a",
+    "zh:6f5cf945148485f57b919d31a30f1a5a93d45f4e8edfdb0b80b22258d51795d8",
+    "zh:8d00c2c459a48453f52a00a8d1ffdb7bcf72fe4b3b09ffcfd52218c4646fa7fa",
+    "zh:9bd6e06601e0a972b9ce01150e32e76b76b4caf1d9798daf4cf16d06e2a8d4a3",
+    "zh:af72591132dc8cd338f293e458403851e6b8a6ac4c4d25a3268940f9763df7aa",
+    "zh:c4a47c5c7ad2ff1fc5212e69c5ef837a127346264e46ce7b5d13362545e4aa70",
+    "zh:c6d68f33efcd3372331ed0d58ec49e8b01ddc132934b14d2d45977076950e4b3",
+    "zh:db228855ae7235095d367f3597719747e5be0dd9ce2206ea02062560b518c08a",
+    "zh:e8d6ce89642925f2e813d0b829bd5562582de37eaa39351e231ab474383e703a",
+    "zh:ec83d8c86a918d25eb824cc99f98924ef8949eb69aa40cb5ff2db24369e52d9c",
+    "zh:ee0032d3d86adeeca7fdd4922bb8db87dbb5cd0093c054ff8efe2260de0b624c",
+    "zh:f033b70f342f32eeb98c213e6fc7098d7afd22b3146a5cb6173c128b0e86d732",
+    "zh:f1bc3a2c4f152f8adc9a1f9c852496232ef31073b149945756c13bc9688cf08b",
+  ]
+}
+
+provider "registry.terraform.io/lokkersp/sops" {
+  version     = "0.6.10"
+  constraints = "0.6.10"
+  hashes = [
+    "h1:atU8NIBxpNTWY+qBubvEOfjOn4K1aCDoq1iUFocgIHQ=",
+    "zh:0f053a26392a581b1f1ce6316cb7ed8ec4cc75e7f5f1cf7cfd45050b6b3c87ea",
+    "zh:207bb96c4471fce9aeb1b3c217d772692c3d865d294cf4d2501dad41de36a15e",
+    "zh:28506e8f1f3b9eaa95d99043440328044ee6340143535e5751538328a529d001",
+    "zh:3cae3bcea9e35fdc5b3f2af1b4580cd625c996448ad0c676c772260e46b25289",
+    "zh:3e44daaf82986c2b0028aeb17b867f3c68ed5dd8ac8625ba0406cf2a5fd3d92e",
+    "zh:457fb8ca2e677af24f9a4bdd8b613b1d7b604ad7133541657e5757c19268da71",
+    "zh:473d727c228f021a3df8cc8dcc6231ad7f90ed63f9e47c36b597d591e76228da",
+    "zh:48c4c1df39fd76ec8bd5fe9ac70cdc0927ac8be95582dbe46458b3442ce0fcd9",
+    "zh:728b19cb5c07e5e9d8b78fd94cc57d4c13582ecd24b7eb7c4cc2bf73b12fe4d1",
+    "zh:c51ed9af591779bb0910b82addeebb10f53428b994f8db653dd1dedcec60916c",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/terraform/buildfarm/backend.tf b/terraform/buildfarm/backend.tf
new file mode 100644
index 0000000..4c06fb8
--- /dev/null
+++ b/terraform/buildfarm/backend.tf
@@ -0,0 +1,12 @@
+# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
+terraform {
+  backend "s3" {
+    bucket                      = "terraform-a6726272-73ff-11ed-8bdd-c79eb8376e05"
+    key                         = "buildfarm/terraform.tfstate"
+    skip_region_validation      = true
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    region                      = "eu-central-1"
+    endpoint                    = "eu-central-1.linodeobjects.com"
+  }
+}
diff --git a/terraform/buildfarm/buildfarm-redis.tf b/terraform/buildfarm/buildfarm-redis.tf
new file mode 100644
index 0000000..231e6aa
--- /dev/null
+++ b/terraform/buildfarm/buildfarm-redis.tf
@@ -0,0 +1,9 @@
+resource "docker_container" "redis" {
+  image    = docker_image.redis.image_id
+  name     = "buildfarm-redis"
+  must_run = true
+
+  networks_advanced {
+    name = docker_network.buildfarm.name
+  }
+}
diff --git a/terraform/buildfarm/buildfarm-server.tf b/terraform/buildfarm/buildfarm-server.tf
new file mode 100644
index 0000000..3399cb8
--- /dev/null
+++ b/terraform/buildfarm/buildfarm-server.tf
@@ -0,0 +1,41 @@
+resource "docker_container" "server" {
+  image    = docker_image.server.image_id
+  name     = "buildfarm-server"
+  must_run = true
+
+  networks_advanced {
+    name = docker_network.buildfarm.name
+  }
+
+  networks_advanced {
+    name = data.docker_network.traefik.name
+  }
+
+  #  ports {
+  #   internal = 8090
+  #   external = 8090
+  #   protocol = "tcp"
+  #   ip       = "fdf3:aad9:a885:77dd::2"
+  #  }
+
+  #      { label = "traefik.tcp.routers.buildfarm-server.rule", value = "Host(`buildfarm-server.vpn.trygvis.io`)" },
+
+  dynamic "labels" {
+    for_each = [
+      { label = "traefik.enable", value = "true" },
+      { label = "traefik.docker.network", value = data.docker_network.traefik.name },
+      { label = "traefik.tcp.routers.buildfarm-server.rule", value = "HostSNI(`*`)" },
+      { label = "traefik.tcp.routers.buildfarm-server.entrypoints", value = "buildfarm" },
+      { label = "traefik.tcp.routers.buildfarm-server.service", value = "buildfarm-server" },
+      { label = "traefik.tcp.services.buildfarm-server.loadbalancer.server.port", value = "8980" },
+    ]
+    content {
+      label = labels.value["label"]
+      value = labels.value["value"]
+    }
+  }
+
+  env = [
+    "REDIS_URI=redis://${docker_container.redis.name}:6379",
+  ]
+}
diff --git a/terraform/buildfarm/buildfarm-worker01.tf b/terraform/buildfarm/buildfarm-worker01.tf
new file mode 100644
index 0000000..e5da9e2
--- /dev/null
+++ b/terraform/buildfarm/buildfarm-worker01.tf
@@ -0,0 +1,50 @@
+locals {
+  worker01_name = "buildfarm-worker01"
+}
+
+resource "docker_volume" "worker01" {
+  name = local.worker01_name
+
+  driver_opts = {
+    type   = "none"
+    device = "/pool1/buildfarm-worker01"
+    o      = "bind"
+  }
+}
+
+resource "docker_container" "worker01" {
+  image    = docker_image.worker.image_id
+  name     = local.worker01_name
+  must_run = true
+
+  networks_advanced {
+    name = docker_network.buildfarm.name
+  }
+
+  #  dynamic "labels" {
+  #    for_each = [
+  #      { label = "traefik.enable", value = "true" },
+  #      { label = "traefik.docker.network", value = data.docker_network.traefik.name },
+  #      { label = "traefik.http.routers.buildfarm-worker01.rule", value = "Host(`buildfarm-worker01.vpn.trygvis.io`)" },
+  #      { label = "traefik.http.routers.buildfarm-worker01.entrypoints", value = "websecure" },
+  #      { label = "traefik.http.routers.buildfarm-worker01.tls.certresolver", value = "linode" },
+  #    ]
+  #    content {
+  #      label = labels.value["label"]
+  #      value = labels.value["value"]
+  #    }
+  #  }
+
+  command = [
+    "--public_name=${local.worker01_name}:8981"
+  ]
+
+  env = [
+    "REDIS_URI=redis://${docker_container.redis.name}:6379",
+  ]
+
+  volumes {
+    volume_name    = docker_volume.worker01.name
+    container_path = "/tmp/worker"
+  }
+}
diff --git a/terraform/buildfarm/main.tf b/terraform/buildfarm/main.tf
new file mode 100644
index 0000000..d135adf
--- /dev/null
+++ b/terraform/buildfarm/main.tf
@@ -0,0 +1,38 @@
+terraform {
+  required_version = "~> 1.3.5"
+
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "2.24.0"
+    }
+    sops = {
+      source  = "lokkersp/sops"
+      version = "0.6.10"
+    }
+  }
+}
+
+provider "docker" {
+  host = "ssh://conflatorio.vpn.trygvis.io"
+}
+
+resource "docker_image" "redis" {
+  name = "redis:5.0.9"
+}
+
+resource "docker_image" "server" {
+  name = "bazelbuild/buildfarm-server:v2.6.1"
+}
+
+resource "docker_image" "worker" {
+  name = "bazelbuild/buildfarm-worker:v2.6.1"
+}
+
+resource "docker_network" "buildfarm" {
+  name = "buildfarm"
+}
+
+data "docker_network" "traefik" {
+  name = "traefik"
+}
diff --git a/terraform/buildfarm/terragrunt.hcl b/terraform/buildfarm/terragrunt.hcl
new file mode 100644
index 0000000..e147285
--- /dev/null
+++ b/terraform/buildfarm/terragrunt.hcl
@@ -0,0 +1,3 @@
+include "root" {
+  path = find_in_parent_folders()
+}
diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf
index 8613394..d15ac5c 100644
--- a/terraform/conflatorio-docker/traefik.tf
+++ b/terraform/conflatorio-docker/traefik.tf
@@ -32,6 +32,13 @@ resource "docker_container" "traefik" {
     ip       = "fdf3:aad9:a885:77dd::2"
   }
 
+  # for buildfarm-server
+  ports {
+    internal = 8980
+    external = 8980
+    ip       = "fdf3:aad9:a885:77dd::2"
+  }
+
   command = [
     "--log.level=DEBUG",
     "--api=true",
@@ -44,6 +51,7 @@ resource "docker_container" "traefik" {
     "--entrypoints.web.address=:80",
     "--entrypoints.web.http.redirections.entrypoint.to=websecure",
     "--entrypoints.web.http.redirections.entrypoint.scheme=https",
+    "--entrypoints.buildfarm.address=:8980",
     "--certificatesresolvers.linode.acme.dnschallenge.provider=linode",
     "--certificatesresolvers.linode.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53",
     "--certificatesresolvers.linode.acme.email=root@trygvis.io",
diff --git a/terraform/dns/vpn-cname.tf b/terraform/dns/vpn-cname.tf
index 1fcf29d..629d295 100644
--- a/terraform/dns/vpn-cname.tf
+++ b/terraform/dns/vpn-cname.tf
@@ -18,3 +18,17 @@ resource "linode_domain_record" "vpn-grafana" {
   record_type = "CNAME"
   target      = "${linode_domain_record.vpn-conflatorio.name}.trygvis.io"
 }
+
+resource "linode_domain_record" "vpn-influxdb" {
+  domain_id   = linode_domain.root.id
+  name        = "influxdb.vpn"
+  record_type = "CNAME"
+  target      = "${linode_domain_record.vpn-conflatorio.name}.trygvis.io"
+}
+
+resource "linode_domain_record" "vpn-buildfarm-server" {
+  domain_id   = linode_domain.root.id
+  name        = "buildfarm-server.vpn"
+  record_type = "CNAME"
+  target      = "${linode_domain_record.vpn-conflatorio.name}.trygvis.io"
+}