about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--flake.nix2
-rw-r--r--ops/buildkite/.gitignore3
-rw-r--r--ops/buildkite/README.org5
-rw-r--r--ops/buildkite/buildkite.tf29
-rw-r--r--ops/buildkite/default.nix25
-rw-r--r--ops/buildkite/steps.yml6
-rw-r--r--ops/default.nix5
7 files changed, 74 insertions, 1 deletions
diff --git a/flake.nix b/flake.nix
index 6e48370..76e6369 100644
--- a/flake.nix
+++ b/flake.nix
@@ -60,7 +60,7 @@
             inherit home-manager;
 
             tools = import ./tools { inherit pkgs; };
-
+            ops = import ./ops { inherit pkgs; };
             users.fcuny = import ./users/fcuny { inherit pkgs; };
           };
 
diff --git a/ops/buildkite/.gitignore b/ops/buildkite/.gitignore
new file mode 100644
index 0000000..112bb96
--- /dev/null
+++ b/ops/buildkite/.gitignore
@@ -0,0 +1,3 @@
+# ignore the various terraform files that are generate. The state is
+# stored in a GCS bucket.
+.terraform*
diff --git a/ops/buildkite/README.org b/ops/buildkite/README.org
new file mode 100644
index 0000000..f3a09ef
--- /dev/null
+++ b/ops/buildkite/README.org
@@ -0,0 +1,5 @@
+This is to configure the pipelines in buildkite.
+
+To upload them, run =nix run .#ops.buildkite.upload=.
+
+The state is stored in a GCS bucket. The GCS bucket needs to be created before this can be run. The credentials are expected to be stored in =pass= under =gcloud/terraform/fcuny-homelab=.
diff --git a/ops/buildkite/buildkite.tf b/ops/buildkite/buildkite.tf
new file mode 100644
index 0000000..e663adb
--- /dev/null
+++ b/ops/buildkite/buildkite.tf
@@ -0,0 +1,29 @@
+provider "google" {
+  project = "fcuny-homelab"
+  region  = "us-west1"
+  zone    = "us-west1-c"
+}
+
+terraform {
+  required_providers {
+    buildkite = {
+      source = "buildkite/buildkite"
+    }
+  }
+
+  backend "gcs" {
+    bucket = "world-tf-state"
+    prefix = "buildkite/state"
+  }
+}
+
+provider "buildkite" {
+  organization = "fcuny-dot-xyz"
+}
+
+resource "buildkite_pipeline" "world" {
+  name        = "world"
+  description = "CI pipeline for the world repository."
+  repository  = "https://cl.fcuny.net/world"
+  steps       = file("./steps.yml")
+}
diff --git a/ops/buildkite/default.nix b/ops/buildkite/default.nix
new file mode 100644
index 0000000..7daf7c2
--- /dev/null
+++ b/ops/buildkite/default.nix
@@ -0,0 +1,25 @@
+{ pkgs }:
+let
+  terraform = pkgs.terraform.withPlugins (p: [
+    p.buildkite
+    p.google
+  ]);
+in
+pkgs.stdenv.mkDerivation rec {
+  name = "tf-buildkite";
+  src = ./.;
+
+  upload = pkgs.writeShellScriptBin "tf-buildkite-upload" ''
+    set -ueo pipefail
+
+    cd $(git rev-parse --show-toplevel)/ops/buildkite
+    pass gcloud/terraform/fcuny-homelab > /dev/shm/tf-fcuny-homelab
+
+    export BUILDKITE_API_TOKEN=$(pass api/buildkite-terraform-token)
+    export GOOGLE_APPLICATION_CREDENTIALS=/dev/shm/tf-fcuny-homelab
+
+    ${terraform}/bin/terraform init
+    ${terraform}/bin/terraform plan
+    ${terraform}/bin/terraform apply
+  '';
+}
diff --git a/ops/buildkite/steps.yml b/ops/buildkite/steps.yml
new file mode 100644
index 0000000..9f30b8a
--- /dev/null
+++ b/ops/buildkite/steps.yml
@@ -0,0 +1,6 @@
+---
+steps:
+  - label: ":buildkite:"
+    key: ":init:"
+    command: |
+      buildkite-agent pipeline upload ops/ci/pipeline.yml
diff --git a/ops/default.nix b/ops/default.nix
new file mode 100644
index 0000000..500f9ec
--- /dev/null
+++ b/ops/default.nix
@@ -0,0 +1,5 @@
+{ pkgs }:
+
+pkgs.lib.makeScope pkgs.newScope (pkgs: {
+  buildkite = pkgs.callPackage ./buildkite { };
+})