More changes
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Benjamin Bädorf 2023-02-25 21:33:34 +01:00
parent f291e88d86
commit 5f1b91a81b
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
3 changed files with 6 additions and 118 deletions

View file

@ -17,6 +17,7 @@ in {
./caddy.nix ./caddy.nix
./keycloak.nix ./keycloak.nix
./nextcloud.nix
./gitea.nix ./gitea.nix
./mailman.nix ./mailman.nix

View file

@ -1,110 +0,0 @@
{
config,
lib,
pkgs,
self,
...
}: {
age.secrets.drone-secrets = {
file = "${self}/secrets/drone-secrets.age";
mode = "600";
owner = "drone";
};
age.secrets.drone-db-secrets = {
file = "${self}/secrets/drone-db-secrets.age";
mode = "600";
owner = "drone";
};
users.users.drone = {
description = "Drone Service";
home = "/var/lib/drone";
useDefaultShell = true;
uid = 994;
group = "drone";
isSystemUser = true;
};
users.groups.drone = {};
systemd.tmpfiles.rules = [
"d '/var/lib/drone-db' 0750 drone drone - -"
];
system.activationScripts.mkDroneNet = let
docker = config.virtualisation.oci-containers.backend;
dockerBin = "${pkgs.${docker}}/bin/${docker}";
in ''
${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24
'';
virtualisation = {
docker = {
enable = true; # sadly podman is not supported rightnow
extraOptions = ''
--data-root /data/docker
'';
};
oci-containers = {
backend = "docker";
containers."drone-db" = {
image = "postgres:14";
autoStart = true;
user = "994";
volumes = [
"/var/lib/drone-db:/var/lib/postgresql/data"
];
extraOptions = [
"--network=drone-net"
];
environmentFiles = [
config.age.secrets.drone-db-secrets.path
];
};
containers."drone-server" = {
image = "drone/drone:2";
autoStart = true;
user = "994";
ports = [
"4000:80"
];
dependsOn = ["drone-db"];
extraOptions = [
"--network=drone-net"
];
environment = {
DRONE_GITEA_SERVER = "https://git.pub.solar";
DRONE_SERVER_HOST = "ci.pub.solar";
DRONE_SERVER_PROTO = "https";
DRONE_DATABASE_DRIVER = "postgres";
};
environmentFiles = [
config.age.secrets.drone-secrets.path
];
};
containers."drone-docker-runner" = {
image = "drone/drone-runner-docker:1";
autoStart = true;
# needs to run as root
#user = "994";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
dependsOn = ["drone-db"];
extraOptions = [
"--network=drone-net"
];
environment = {
DRONE_RPC_HOST = "ci.pub.solar";
DRONE_RPC_PROTO = "https";
DRONE_RUNNER_CAPACITY = "2";
DRONE_RUNNER_NAME = "flora-6-docker-runner";
};
environmentFiles = [
config.age.secrets.drone-secrets.path
];
};
};
};
}

View file

@ -8,22 +8,20 @@
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in {
config = { config = {
home-manager.users = {inherit (hmUsers) barkeeper;}; home-manager.users = {inherit (hmUsers) momo;};
pub-solar = { pub-solar = {
# These are your personal settings # These are your personal settings
# The only required settings are `name` and `password`, # The only required settings are `name` and `password`,
# The rest is used for programs like git # The rest is used for programs like git
user = { user = {
name = "barkeeper"; name = "momo";
description = "pub.solar infra user"; description = "momo.koeln infra user";
password = "$6$MCJ28kLwfNl9SNDq$Oh9eT6Sn6z4xGrQsLlIBI7cvJzX3P5As59OSZ.hoeBWc79Un2YdwH/hRIC.4ZDOuwQp0lHI82dNn/xeTaCn631"; password = "$6$MCJ28kLwfNl9SNDq$Oh9eT6Sn6z4xGrQsLlIBI7cvJzX3P5As59OSZ.hoeBWc79Un2YdwH/hRIC.4ZDOuwQp0lHI82dNn/xeTaCn631";
fullName = "pub.solar infra barkeeper"; fullName = "momo infra user";
email = "admins@pub.solar"; email = "admins@momo.koeln";
gpgKeyId = ""; gpgKeyId = "";
publicKeys = [ publicKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup"
@ -33,7 +31,6 @@ in {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix"
]; ];
}; };