Configuration for cloud things.
This repo doesn't contain my machine configurations, those are in nixfiles.
Terraform configuration I use for:
- backups, described in this memo
- concourse secrets management
- notifications, used for my monitoring, described in this memo
- dns, described below
Concourse resource types and pipelines for my CI/CD server.
Read-only access to an atom or RSS feed.
Source parameters:
uri
Read/write access to another filesystem over rsync.
Source parameters:
serveruser(defaultconcourse-deploy-robot)remote_dirprivate_keyport(default22)
Put parameters:
rsync_args(default[]): extra arguments to pass to rsyncpath(default""): path to copy from
Pipelines mostly live in the repo they relate to, for example this pipeline for testing & publishing new dejafu versions, or this pipeline for publishing my RPG blog, but a few live here.
There are three to deploy things from this repo:
- aws, for running Terraform
- concourse, for building the resource type docker images and for adding secrets
- dns, for running OctoDNS
- github, for running my GitHub configurator daily
And also one which doesn't have another repo to call home:
- www-uzbl-org, for deploying www.uzbl.org, which I host, but don't own the repo of
OctoDNS configuration for all of my domain names, which are hosted in AWS Route53.
For domains which don't send email, I follow this guidance on GOV.UK.
A script to set some default permissions on my GitHub repos:
PR merging rules for all repos:
- allow a PR to be merged by commit, but not by squash or rebase
- delete a PR branch after merge
Branch protection for master, if there are GitHub Actions defined:
- require the lint & test actions to pass
- don't require up-to-date branches before merging
- don't allow force pushes
- don't require a linear history
- include admins in these restrictions