1
0
Fork 0
forked from pub-solar/infra
pub-solar-infra-new/modules/drone/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

115 lines
3.2 KiB
Nix
Raw Normal View History

2024-05-08 20:57:07 +00:00
{
config,
lib,
pkgs,
flake,
...
}:
{
2023-11-06 20:28:05 +00:00
age.secrets.drone-secrets = {
file = "${flake.self}/secrets/drone-secrets.age";
mode = "600";
owner = "drone";
};
age.secrets.drone-db-secrets = {
file = "${flake.self}/secrets/drone-db-secrets.age";
mode = "600";
owner = "drone";
};
users.users.drone = {
description = "Drone Service";
home = "/var/lib/drone";
useDefaultShell = true;
uid = 994;
group = "drone";
isSystemUser = true;
};
users.groups.drone = { };
2024-05-08 20:57:07 +00:00
systemd.tmpfiles.rules = [ "d '/var/lib/drone-db' 0750 drone drone - -" ];
2023-11-06 20:28:05 +00:00
services.caddy.virtualHosts."ci.${config.pub-solar-os.networking.domain}" = {
2024-04-28 15:25:40 +00:00
logFormat = lib.mkForce ''
output discard
'';
extraConfig = ''
reverse_proxy :4000
'';
};
2023-11-06 20:28:05 +00:00
systemd.services."docker-network-drone" =
let
docker = config.virtualisation.oci-containers.backend;
dockerBin = "${pkgs.${docker}}/bin/${docker}";
in
{
serviceConfig.Type = "oneshot";
before = [ "docker-drone-server.service" ];
script = ''
${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24
'';
};
virtualisation = {
docker = {
enable = true; # sadly podman is not supported rightnow
extraOptions = ''
--data-root /data/docker
'';
};
oci-containers = {
backend = "docker";
containers."drone-db" = {
image = "postgres:14";
autoStart = true;
user = "994";
2024-05-08 20:57:07 +00:00
volumes = [ "/var/lib/drone-db:/var/lib/postgresql/data" ];
extraOptions = [ "--network=drone-net" ];
environmentFiles = [ config.age.secrets.drone-db-secrets.path ];
2023-11-06 20:28:05 +00:00
};
containers."drone-server" = {
image = "drone/drone:2";
autoStart = true;
user = "994";
2024-05-08 20:57:07 +00:00
ports = [ "127.0.0.1:4000:80" ];
2023-11-06 20:28:05 +00:00
dependsOn = [ "drone-db" ];
extraOptions = [
"--network=drone-net"
"--pull=always"
"--add-host=nachtigall.${config.pub-solar-os.networking.domain}:10.7.6.1"
2023-11-06 20:28:05 +00:00
];
environment = {
DRONE_GITEA_SERVER = "https://git.${config.pub-solar-os.networking.domain}";
DRONE_SERVER_HOST = "ci.${config.pub-solar-os.networking.domain}";
2023-11-06 20:28:05 +00:00
DRONE_SERVER_PROTO = "https";
DRONE_DATABASE_DRIVER = "postgres";
};
2024-05-08 20:57:07 +00:00
environmentFiles = [ config.age.secrets.drone-secrets.path ];
2023-11-06 20:28:05 +00:00
};
containers."drone-docker-runner" = {
image = "drone/drone-runner-docker:1";
autoStart = true;
# needs to run as root
#user = "994";
2024-05-08 20:57:07 +00:00
volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
2023-11-06 20:28:05 +00:00
dependsOn = [ "drone-db" ];
extraOptions = [
"--network=drone-net"
"--pull=always"
"--add-host=nachtigall.${config.pub-solar-os.networking.domain}:10.7.6.1"
2023-11-06 20:28:05 +00:00
];
environment = {
DRONE_RPC_HOST = "ci.${config.pub-solar-os.networking.domain}";
2023-11-06 20:28:05 +00:00
DRONE_RPC_PROTO = "https";
DRONE_RUNNER_CAPACITY = "2";
DRONE_RUNNER_NAME = "flora-6-docker-runner";
};
2024-05-08 20:57:07 +00:00
environmentFiles = [ config.age.secrets.drone-secrets.path ];
2023-11-06 20:28:05 +00:00
};
};
};
}