├── .gitignore ├── LICENSE ├── README.md ├── bin ├── kgd ├── kgi ├── kgo └── kld ├── do ├── .gitignore ├── dns.tf ├── gitea │ └── gitea.yml ├── ingress_test.yaml ├── main.tf ├── nginx-values.yaml ├── openfaas │ ├── setup_openfaas.sh │ ├── tls.yaml │ └── values.yaml ├── setup.sh └── variables.tf ├── dyson ├── .dockerignore ├── .gitignore ├── Dockerfile ├── dyson.nimble ├── gh_actions.sh └── src │ ├── dyson.nim │ └── dysonPkg │ ├── Dockerfile.slug │ ├── deployment_with_ingress.yaml │ └── hacks.nim └── kube_manifests ├── christine.website.sh ├── h.sh ├── idp.sh ├── olin.sh ├── tulpaforce.xyz.sh └── within.website.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .terraform 2 | dyson.ini 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2019 Christine Dodrill 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # within-terraform 2 | 3 | Test repo, please ignore 4 | -------------------------------------------------------------------------------- /bin/kgd: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | exec kubectl get deployment $* 4 | -------------------------------------------------------------------------------- /bin/kgi: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | exec kubectl get ingress $* 4 | -------------------------------------------------------------------------------- /bin/kgo: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | kubectl get onionservices -o=custom-columns=NAME:.metadata.name,HOSTNAME:.status.hostname $* 4 | -------------------------------------------------------------------------------- /bin/kld: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | [ -z "$1" ] && echo "kld ..." && exit 2 4 | 5 | exec kubectl logs deployment/$* 6 | -------------------------------------------------------------------------------- /do/.gitignore: -------------------------------------------------------------------------------- 1 | tf.plan 2 | terraform.tfstate* 3 | .kubeconfig 4 | .kube 5 | .helm 6 | *.pem 7 | *.srl 8 | gateway-password.txt 9 | -------------------------------------------------------------------------------- /do/dns.tf: -------------------------------------------------------------------------------- 1 | provider "cloudflare" {} 2 | 3 | -------------------------------------------------------------------------------- /do/gitea/gitea.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: gitea 5 | --- 6 | apiVersion: v1 7 | kind: PersistentVolumeClaim 8 | metadata: 9 | name: gitea-storage 10 | namespace: gitea 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: do-block-storage 18 | --- 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: gitea 23 | namespace: gitea 24 | labels: 25 | app: gitea 26 | spec: 27 | replicas: 1 28 | template: 29 | metadata: 30 | name: gitea 31 | labels: 32 | app: gitea 33 | spec: 34 | containers: 35 | - name: gitea 36 | image: xena/gitea:1.10.1 37 | imagePullPolicy: Always 38 | env: 39 | - name: INSTALL_LOCK 40 | value: "false" 41 | - name: APP_NAME 42 | value: "tulpa.dev: git in plurality" 43 | - name: SSH_DOMAIN 44 | value: git.tulpa.dev 45 | volumeMounts: 46 | - mountPath: "/data" 47 | name: "data" 48 | ports: 49 | - containerPort: 2222 50 | name: ssh 51 | protocol: TCP 52 | - containerPort: 3000 53 | name: http 54 | protocol: TCP 55 | restartPolicy: Always 56 | volumes: 57 | # Set up a data directory for gitea 58 | # For production usage, you should consider using PV/PVC instead(or simply using storage like NAS) 59 | # For more details, please see https://kubernetes.io/docs/concepts/storage/volumes/ 60 | - name: "data" 61 | persistentVolumeClaim: 62 | claimName: gitea-storage 63 | selector: 64 | matchLabels: 65 | app: gitea 66 | --- 67 | # Using cluster mode 68 | apiVersion: v1 69 | kind: Service 70 | metadata: 71 | name: gitea-web 72 | namespace: gitea 73 | labels: 74 | app: gitea 75 | annotations: 76 | external-dns.alpha.kubernetes.io/hostname: tulpa.dev 77 | external-dns.alpha.kubernetes.io/ttl: "120" #optional 78 | external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" 79 | spec: 80 | ports: 81 | - port: 80 82 | targetPort: 3000 83 | name: http 84 | selector: 85 | app: gitea 86 | --- 87 | # Using node-port mode 88 | # This mainly open a specific TCP port for SSH usage on each host, 89 | # so you can use a proxy layer to handle it(e.g. slb, nginx) 90 | apiVersion: v1 91 | kind: Service 92 | metadata: 93 | name: gitea-ssh 94 | namespace: gitea 95 | labels: 96 | app: gitea-ssh 97 | annotations: 98 | external-dns.alpha.kubernetes.io/hostname: ssh.tulpa.dev 99 | external-dns.alpha.kubernetes.io/ttl: "120" #optional 100 | external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" 101 | spec: 102 | ports: 103 | - port: 22 104 | targetPort: 2222 105 | protocol: TCP 106 | name: ssh 107 | selector: 108 | app: gitea 109 | type: NodePort 110 | --- 111 | # Ingress is always suitable for HTTP usage, 112 | # we suggest using an proxy layer such as slb to send traffic to different ports. 113 | # Usually 80/443 for web and 22 directly for SSH. 114 | apiVersion: extensions/v1beta1 115 | kind: Ingress 116 | metadata: 117 | name: gitea 118 | namespace: gitea 119 | annotations: 120 | kubernetes.io/ingress.class: nginx 121 | certmanager.k8s.io/cluster-issuer: "letsencrypt-prod" 122 | spec: 123 | rules: 124 | - host: tulpa.dev 125 | http: 126 | paths: 127 | - backend: 128 | serviceName: gitea-web 129 | servicePort: 80 130 | -------------------------------------------------------------------------------- /do/ingress_test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hello-kubernetes-first 5 | annotations: 6 | external-dns.alpha.kubernetes.io/hostname: exanple.within.website 7 | external-dns.alpha.kubernetes.io/ttl: "120" #optional 8 | external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" 9 | spec: 10 | type: ClusterIP 11 | ports: 12 | - port: 80 13 | targetPort: 8080 14 | selector: 15 | app: hello-kubernetes-first 16 | --- 17 | apiVersion: apps/v1 18 | kind: Deployment 19 | metadata: 20 | name: hello-kubernetes-first 21 | spec: 22 | replicas: 1 23 | selector: 24 | matchLabels: 25 | app: hello-kubernetes-first 26 | template: 27 | metadata: 28 | labels: 29 | app: hello-kubernetes-first 30 | spec: 31 | containers: 32 | - name: hello-kubernetes 33 | image: paulbouwer/hello-kubernetes:1.5 34 | ports: 35 | - containerPort: 8080 36 | env: 37 | - name: MESSAGE 38 | value: Henlo this are an exanple deployment 39 | --- 40 | apiVersion: extensions/v1beta1 41 | kind: Ingress 42 | metadata: 43 | name: hello-kubernetes-ingress 44 | annotations: 45 | kubernetes.io/ingress.class: nginx 46 | certmanager.k8s.io/cluster-issuer: "letsencrypt-prod" 47 | spec: 48 | tls: 49 | - hosts: 50 | - exanple.within.website 51 | secretName: prod-certs 52 | rules: 53 | - host: exanple.within.website 54 | http: 55 | paths: 56 | - backend: 57 | serviceName: hello-kubernetes-first 58 | servicePort: 80 59 | -------------------------------------------------------------------------------- /do/main.tf: -------------------------------------------------------------------------------- 1 | provider "digitalocean" {} 2 | 3 | resource "digitalocean_kubernetes_cluster" "main" { 4 | name = "kubermemes" 5 | region = "${var.region}" 6 | version = "${var.kubernetes_version}" 7 | 8 | node_pool { 9 | name = "worker-pool" 10 | size = "${var.node_size}" 11 | node_count = 2 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /do/nginx-values.yaml: -------------------------------------------------------------------------------- 1 | tcp: 2 | 22: "gitea/gitea-ssh:22" 3 | 6667: "ircd/ircd:6667" 4 | controller: 5 | config: 6 | use-forwarded-headers: "true" 7 | compute-full-forwarded-for: "true" 8 | use-proxy-protocol: "true" 9 | -------------------------------------------------------------------------------- /do/openfaas/setup_openfaas.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | kubectl apply -f https://raw.githubusercontent.com/openfaas/faas-netes/master/namespaces.yml 4 | 5 | helm repo add openfaas https://openfaas.github.io/faas-netes/ 6 | 7 | PASSWORD=$(head -c 12 /dev/urandom | shasum| cut -d' ' -f1) 8 | 9 | kubectl -n openfaas apply secret generic basic-auth \ 10 | --from-literal=basic-auth-user=admin \ 11 | --from-literal=basic-auth-password="$PASSWORD" 12 | 13 | echo $PASSWORD > gateway-password.txt 14 | 15 | helm repo update \ 16 | && helm upgrade --tls openfaas --install openfaas/openfaas \ 17 | --namespace openfaas \ 18 | --set basic_auth=true \ 19 | --set functionNamespace=openfaas-fn \ 20 | --set faasIdler.dryRun=false \ 21 | --values tls.yaml \ 22 | --values values.yaml 23 | 24 | 25 | -------------------------------------------------------------------------------- /do/openfaas/tls.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | annotations: 4 | kubernetes.io/ingress.class: "nginx" 5 | certmanager.k8s.io/cluster-issuer: letsencrypt-prod 6 | tls: 7 | - hosts: 8 | - gw.within.website 9 | secretName: openfaas-crt 10 | hosts: 11 | - host: gw.within.website 12 | serviceName: gateway 13 | servicePort: 8080 14 | path: / 15 | -------------------------------------------------------------------------------- /do/openfaas/values.yaml: -------------------------------------------------------------------------------- 1 | faasnetes: 2 | readinessProbe: 3 | initialDelaySeconds: 0 4 | timeoutSeconds: 1 5 | periodSeconds: 1 6 | livenessProbe: 7 | initialDelaySeconds: 0 8 | timeoutSeconds: 1 9 | periodSeconds: 1 10 | imagePullPolicy: "Always" 11 | -------------------------------------------------------------------------------- /do/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | set -x 5 | 6 | doctl kubernetes cluster kubeconfig save kubermemes 7 | 8 | kubectl apply -f- < dyson.env 30 | source dyson.env 31 | rm dyson.env 32 | 33 | openssl genrsa -out ./ca.key.pem 4096 34 | openssl req -key ca.key.pem -new -x509 -days 7300 -sha256 -out ca.cert.pem -extensions v3_ca 35 | openssl genrsa -out ./tiller.key.pem 4096 36 | openssl genrsa -out ./helm.key.pem 4096 37 | openssl req -key tiller.key.pem -new -sha256 -out tiller.csr.pem 38 | openssl req -key helm.key.pem -new -sha256 -out helm.csr.pem 39 | openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in tiller.csr.pem -out tiller.cert.pem -days 365 40 | openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in helm.csr.pem -out helm.cert.pem -days 365 41 | 42 | helm init \ 43 | --tiller-tls \ 44 | --tiller-tls-cert ./tiller.cert.pem \ 45 | --tiller-tls-key ./tiller.key.pem \ 46 | --tiller-tls-verify \ 47 | --tls-ca-cert ca.cert.pem \ 48 | --upgrade \ 49 | --service-account tiller \ 50 | --force-upgrade 51 | 52 | sleep 2 53 | 54 | helm install stable/nginx-ingress \ 55 | --name nginx \ 56 | --tls \ 57 | --set controller.publishService.enabled=true \ 58 | --set rbac.create=true \ 59 | --values nginx-values.yaml 60 | 61 | helm install stable/external-dns \ 62 | --tls \ 63 | --name edns \ 64 | --set provider=cloudflare \ 65 | --set cloudflare.apiKey=$CLOUDFLARE_TOKEN \ 66 | --set cloudflare.email=$CLOUDFLARE_EMAIL \ 67 | --set rbac.create=true \ 68 | --set cloudflare.proxied=false 69 | 70 | kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.10/deploy/manifests/00-crds.yaml 71 | kubectl create namespace cert-manager 72 | helm repo add jetstack https://charts.jetstack.io 73 | helm install jetstack/cert-manager \ 74 | --namespace cert-manager \ 75 | --tls 76 | 77 | sleep 10 78 | 79 | kubectl apply --namespace cert-manager -f- <= 0.20.0", "cligen", "tempdir", "dotenv" 14 | 15 | task package, "builds a tarball package": 16 | echo getCurrentDir() 17 | mode = ScriptMode.Verbose 18 | exec "nimble build" 19 | let folderName = "dyson-" & buildOS & "-" & buildCPU & "-" & version 20 | rmDir folderName 21 | defer: rmDir folderName 22 | mkDir folderName 23 | cpFile "../LICENSE", folderName & "/LICENSE" 24 | cpFile "./bin/dyson", folderName & "/dyson" 25 | exec "chmod 744 " & folderName & "/dyson" 26 | exec "tar czf " & folderName & ".tgz " & folderName 27 | 28 | task docker, "build & push docker image": 29 | let imgName = "xena/dyson:" & version 30 | exec "docker build -t " & imgName & " ." 31 | exec "docker push " & imgName 32 | 33 | -------------------------------------------------------------------------------- /dyson/gh_actions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | mkdir -p $HOME/.config/dyson 4 | echo '[DigitalOcean] 5 | Token = "" 6 | 7 | [Cloudflare] 8 | Email = "" 9 | Token = "" 10 | 11 | [Secrets] 12 | GitCheckout = "/github/workspace/within-terraform-secret"' > $HOME/.config/dyson/dyson.ini 13 | 14 | set -e 15 | set -x 16 | exec dyson $* 17 | -------------------------------------------------------------------------------- /dyson/src/dyson.nim: -------------------------------------------------------------------------------- 1 | import cligen, os, osproc, parsecfg, rdstdin, strformat, strtabs, tempdir 2 | import dysonPkg/[hacks] 3 | 4 | include "dysonPkg/deployment_with_ingress.yaml" 5 | include "dysonPkg/Dockerfile.slug" 6 | 7 | type 8 | Config = object 9 | doToken: string 10 | cfEmail: string 11 | cfToken: string 12 | secretsLoc: string 13 | 14 | proc toMap(conf: Config): StringTableRef = 15 | result = newStringTable() 16 | result["DIGITALOCEAN_TOKEN"] = conf.doToken 17 | result["TF_VAR_do_token"] = conf.doToken 18 | result["CLOUDFLARE_EMAIL"] = conf.cfEmail 19 | result["TF_VAR_cf_email"] = conf.cfEmail 20 | result["CLOUDFLARE_TOKEN"] = conf.cfToken 21 | result["TF_VAR_cf_token"] = conf.cfToken 22 | result["PATH"] = "PATH".getEnv 23 | result["HOME"] = "HOME".getEnv 24 | 25 | proc load(fname: string): Config = 26 | var dict = parsecfg.loadConfig(fname) 27 | result.doToken = dict.getSectionValue("DigitalOcean", "Token") 28 | result.cfEmail = dict.getSectionValue("Cloudflare", "Email") 29 | result.cfToken = dict.getSectionValue("Cloudflare", "Token") 30 | result.secretsLoc = dict.getSectionValue("Secrets", "GitCheckout") 31 | 32 | proc save(conf: Config, fname: string) = 33 | var dict = newConfig() 34 | dict.setSectionKey "DigitalOcean", "Token", conf.doToken 35 | dict.setSectionKey "Cloudflare", "Email", conf.cfEmail 36 | dict.setSectionKey "Cloudflare", "Token", conf.cfToken 37 | dict.setSectionKey "Secrets", "GitCheckout", conf.secretsLoc 38 | dict.writeConfig fname 39 | 40 | proc confirm(msg: string, want: string) = 41 | var done = false 42 | while not done: 43 | echo msg 44 | let reply = readLineFromStdin("|reply: ") 45 | if reply == want: 46 | done = true 47 | else: 48 | echo fmt"wanted: {want}, got: {reply}" 49 | 50 | proc runCommand(bin: string, args: openarray[string], env: StringTableRef) = 51 | let 52 | subp = startProcess( 53 | bin, 54 | args = args, 55 | env = env, 56 | options = {poParentStreams, poUsePath}, 57 | ) 58 | exitCode = subp.waitForExit() 59 | 60 | if exitCode != 0: 61 | echo fmt"unexpected exit code: {exitCode}" 62 | quit exitCode 63 | 64 | const 65 | planFname = "tf.plan" 66 | 67 | let 68 | configFname = getConfigDir() / "dyson" / "dyson.ini" 69 | 70 | proc destroy() = 71 | ## destroy resources managed by Terraform 72 | let cfg = configFname.load 73 | runCommand "terraform", ["destroy"], cfg.toMap 74 | 75 | proc init() = 76 | ## init Terraform 77 | let cfg = configFname.load 78 | runCommand "terraform", ["init"], cfg.toMap 79 | 80 | proc plan() = 81 | ## plan a future Terraform run 82 | let cfg = configFname.load 83 | runCommand "terraform", ["plan", "-out=" & planFname], cfg.toMap 84 | 85 | proc env() = 86 | ## dump envvars 87 | let cfg = configFname.load 88 | for key, val in cfg.toMap.pairs: 89 | echo fmt"export {key}='{val}'" 90 | 91 | proc apply() = 92 | ## apply Terraform code to production 93 | let cfg = configFname.load 94 | 95 | if not planFname.fileExists: 96 | plan() 97 | confirm( 98 | "Please stop and take a moment to scroll up and confirm this plan. Only 'yes' will be accepted.", 99 | "yes") 100 | defer: planFname.removeFile 101 | runCommand "terraform", ["apply", planFname], cfg.toMap 102 | 103 | proc manifest(name, domain, dockerImage: string, containerPort, replicas: int, useProdLE: bool) = 104 | ## generate a somewhat sane manifest for a kubernetes app based on the arguments. 105 | var 106 | envvars = newseq[Envvar]() 107 | let 108 | cfg = configFname.load 109 | secretsFname = cfg.secretsLoc / fmt"{name}.env" 110 | 111 | if secretsFname.existsFile: 112 | for keyval in secretsFname.loadFromFile: 113 | envvars.add keyval 114 | 115 | echo genDeploymentWithIngress(name, domain, dockerImage, containerPort, replicas, useProdLE, envvars) 116 | 117 | proc slug2docker(slugUrl: string, imageName: string) = 118 | ## converts a heroku/dokku slug to a docker image 119 | withTempDirectory(dir, "slug2docker"): 120 | assert execCmd(fmt"curl -o slug.tar.gz {slugUrl}") == 0 121 | writeFile "Dockerfile", genDockerfile("slug.tar.gz") 122 | assert execCmd(fmt"docker build -t {imageName} .") == 0 123 | assert execCmd(fmt"docker push {imageName}") == 0 124 | 125 | when isMainModule: 126 | dispatchMulti [apply], [destroy], [env], [init], [manifest], [plan], [slug2docker] 127 | -------------------------------------------------------------------------------- /dyson/src/dysonPkg/Dockerfile.slug: -------------------------------------------------------------------------------- 1 | #? stdtmpl(subsChar = '%', metaChar = '#') 2 | # proc genDockerfile(slug: string): string = 3 | # result = "" 4 | FROM heroku/heroku:18 5 | ADD %slug /app 6 | ENV PORT 5000 7 | ENV HOME /app 8 | ENV PATH $PATH:/app/bin 9 | WORKDIR /app 10 | CMD /app/bin/web 11 | -------------------------------------------------------------------------------- /dyson/src/dysonPkg/deployment_with_ingress.yaml: -------------------------------------------------------------------------------- 1 | #? stdtmpl(subsChar = '$', metaChar = '#') 2 | # proc genDeploymentWithIngress(name, domain, dockerImage: string, containerPort, replicas: int, useProdLE: bool, envvars: seq[Envvar] = @[]): string = 3 | # result = "" 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: $name 8 | annotations: 9 | external-dns.alpha.kubernetes.io/hostname: $domain 10 | external-dns.alpha.kubernetes.io/ttl: "120" #optional 11 | external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" 12 | spec: 13 | type: ClusterIP 14 | ports: 15 | - port: 80 16 | targetPort: $containerPort 17 | selector: 18 | app: $name 19 | 20 | --- 21 | 22 | apiVersion: apps/v1 23 | kind: Deployment 24 | metadata: 25 | name: $name 26 | spec: 27 | replicas: $replicas 28 | selector: 29 | matchLabels: 30 | app: $name 31 | template: 32 | metadata: 33 | labels: 34 | app: $name 35 | spec: 36 | containers: 37 | - name: $name-web 38 | image: $dockerImage 39 | imagePullPolicy: Always 40 | # if envvars.len != 0: 41 | env: 42 | # for val in envvars: 43 | - name: $val.name 44 | value: "$val.value" 45 | # end for 46 | # end if 47 | ports: 48 | - containerPort: $containerPort 49 | imagePullSecrets: 50 | - name: regcred 51 | 52 | --- 53 | 54 | apiVersion: extensions/v1beta1 55 | kind: Ingress 56 | metadata: 57 | name: $name 58 | annotations: 59 | kubernetes.io/ingress.class: nginx 60 | # if useProdLe: 61 | certmanager.k8s.io/cluster-issuer: "letsencrypt-prod" 62 | # else: 63 | certmanager.k8s.io/cluster-issuer: "letsencrypt-staging" 64 | # end if 65 | 66 | spec: 67 | tls: 68 | - hosts: 69 | - $domain 70 | # if useProdLe: 71 | secretName: prod-certs-$name 72 | # else: 73 | secretName: staging-certs-$name 74 | # end if 75 | rules: 76 | - host: $domain 77 | http: 78 | paths: 79 | - backend: 80 | serviceName: $name 81 | servicePort: 80 82 | -------------------------------------------------------------------------------- /dyson/src/dysonPkg/hacks.nim: -------------------------------------------------------------------------------- 1 | import os, streams, dotenv, dotenv/private/envparser 2 | 3 | proc concat*[I1, I2: static[int]; T](a: array[I1, T], b: array[I2, T]): array[I1 + I2, T] = 4 | result[0..a.high] = a 5 | result[a.len..result.high] = b 6 | 7 | template withDir*(dir: string; body: untyped): untyped = 8 | ## Changes the current directory temporarily. 9 | ## 10 | ## If you need a permanent change, use the `cd() <#cd>`_ proc. Usage example: 11 | ## 12 | ## .. code-block:: nim 13 | ## withDir "foo": 14 | ## # inside foo 15 | ## #back to last dir 16 | var curDir = getCurrentDir() 17 | try: 18 | setCurrentDir(dir) 19 | body 20 | finally: 21 | setCurrentDir(curDir) 22 | 23 | type Envvar* = tuple[name: string, value: string] 24 | 25 | iterator loadFromStream(s: Stream, filePath: string = ""): EnvVar {.raises: [DotEnvParseError, ref ValueError, Exception].} = 26 | ## Read all of the environment variables from the given stream. 27 | var parser: EnvParser 28 | envparser.open(parser, s, filePath) 29 | defer: close(parser) 30 | while true: 31 | var e = parser.next() 32 | case e.kind 33 | of EnvEventKind.Eof: 34 | break 35 | of EnvEventKind.KeyValuePair: 36 | yield (name: e.key, value: e.value) 37 | of EnvEventKind.Error: 38 | raise newException(DotEnvParseError, e.msg) 39 | 40 | iterator loadFromFile*(filePath: string): EnvVar {.tags: [ReadDirEffect, ReadIOEffect, RootEffect], raises: [DotEnvReadError, DotEnvParseError, ref ValueError, Exception].} = 41 | ## Load the environment variables from a file at the given `filePath`. 42 | let f = newFileStream(filePath, fmRead) 43 | 44 | if isNil(f): 45 | raise newException(DotEnvReadError, "Failed to read env file") 46 | 47 | for entry in loadFromStream(f, filePath): 48 | yield entry 49 | 50 | 51 | -------------------------------------------------------------------------------- /kube_manifests/christine.website.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | latest_commit=$(git ls-remote git://github.com/Xe/site \ 4 | | grep refs/heads/master \ 5 | | cut -f 1 \ 6 | | head -c7) 7 | 8 | echo "deploying xena/christinewebsite:$latest_commit" 9 | 10 | kubens apps 11 | dyson manifest \ 12 | --name=christinewebsite \ 13 | --domain=christine.website \ 14 | --dockerImage=xena/christinewebsite:$latest_commit \ 15 | --containerPort=5000 \ 16 | --replicas=1 \ 17 | --useProdLE=true | kubectl apply -f- 18 | -------------------------------------------------------------------------------- /kube_manifests/h.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | dyson manifest \ 4 | --name=hlang \ 5 | --domain=h.christine.website \ 6 | --dockerImage=docker.pkg.github.com/xe/x/h:v1.1.8 \ 7 | --containerPort=5000 \ 8 | --replicas=1 \ 9 | --useProdLE=true | kubectl apply -f- 10 | -------------------------------------------------------------------------------- /kube_manifests/idp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | dyson manifest \ 4 | --name=idp \ 5 | --domain=idp.christine.website \ 6 | --dockerImage=xena/idp:031320190918 \ 7 | --containerPort=5000 \ 8 | --replicas=1 \ 9 | --useProdLE=true | kubectl apply -f- 10 | -------------------------------------------------------------------------------- /kube_manifests/olin.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | dyson manifest \ 4 | --name=olin \ 5 | --domain=olin.within.website \ 6 | --dockerImage=xena/olin \ 7 | --containerPort=5000 \ 8 | --replicas=1 \ 9 | --useProdLE=true | kubectl apply -f- 10 | -------------------------------------------------------------------------------- /kube_manifests/tulpaforce.xyz.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | dyson manifest \ 4 | --name=tulpaforcexyz \ 5 | --domain=tulpaforce.xyz \ 6 | --dockerImage=xena/tulpaforce:20190906 \ 7 | --containerPort=80 \ 8 | --replicas=1 \ 9 | --useProdLE=true | kubectl apply -f- 10 | -------------------------------------------------------------------------------- /kube_manifests/within.website.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | dyson manifest \ 4 | --name=withinwebsite \ 5 | --domain=within.website \ 6 | --dockerImage=xena/within.website:091120192252 \ 7 | --containerPort=5000 \ 8 | --replicas=1 \ 9 | --useProdLE=true | kubectl apply -f- 10 | --------------------------------------------------------------------------------