This commit is contained in:
parent
f291e88d86
commit
5f1b91a81b
|
@ -17,6 +17,7 @@ in {
|
||||||
|
|
||||||
./caddy.nix
|
./caddy.nix
|
||||||
./keycloak.nix
|
./keycloak.nix
|
||||||
|
./nextcloud.nix
|
||||||
./gitea.nix
|
./gitea.nix
|
||||||
./mailman.nix
|
./mailman.nix
|
||||||
|
|
||||||
|
|
|
@ -1,110 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
self,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
age.secrets.drone-secrets = {
|
|
||||||
file = "${self}/secrets/drone-secrets.age";
|
|
||||||
mode = "600";
|
|
||||||
owner = "drone";
|
|
||||||
};
|
|
||||||
age.secrets.drone-db-secrets = {
|
|
||||||
file = "${self}/secrets/drone-db-secrets.age";
|
|
||||||
mode = "600";
|
|
||||||
owner = "drone";
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.drone = {
|
|
||||||
description = "Drone Service";
|
|
||||||
home = "/var/lib/drone";
|
|
||||||
useDefaultShell = true;
|
|
||||||
uid = 994;
|
|
||||||
group = "drone";
|
|
||||||
isSystemUser = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.groups.drone = {};
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d '/var/lib/drone-db' 0750 drone drone - -"
|
|
||||||
];
|
|
||||||
|
|
||||||
system.activationScripts.mkDroneNet = let
|
|
||||||
docker = config.virtualisation.oci-containers.backend;
|
|
||||||
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
|
||||||
in ''
|
|
||||||
${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation = {
|
|
||||||
docker = {
|
|
||||||
enable = true; # sadly podman is not supported rightnow
|
|
||||||
extraOptions = ''
|
|
||||||
--data-root /data/docker
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
oci-containers = {
|
|
||||||
backend = "docker";
|
|
||||||
containers."drone-db" = {
|
|
||||||
image = "postgres:14";
|
|
||||||
autoStart = true;
|
|
||||||
user = "994";
|
|
||||||
volumes = [
|
|
||||||
"/var/lib/drone-db:/var/lib/postgresql/data"
|
|
||||||
];
|
|
||||||
extraOptions = [
|
|
||||||
"--network=drone-net"
|
|
||||||
];
|
|
||||||
environmentFiles = [
|
|
||||||
config.age.secrets.drone-db-secrets.path
|
|
||||||
];
|
|
||||||
};
|
|
||||||
containers."drone-server" = {
|
|
||||||
image = "drone/drone:2";
|
|
||||||
autoStart = true;
|
|
||||||
user = "994";
|
|
||||||
ports = [
|
|
||||||
"4000:80"
|
|
||||||
];
|
|
||||||
dependsOn = ["drone-db"];
|
|
||||||
extraOptions = [
|
|
||||||
"--network=drone-net"
|
|
||||||
];
|
|
||||||
environment = {
|
|
||||||
DRONE_GITEA_SERVER = "https://git.pub.solar";
|
|
||||||
DRONE_SERVER_HOST = "ci.pub.solar";
|
|
||||||
DRONE_SERVER_PROTO = "https";
|
|
||||||
DRONE_DATABASE_DRIVER = "postgres";
|
|
||||||
};
|
|
||||||
environmentFiles = [
|
|
||||||
config.age.secrets.drone-secrets.path
|
|
||||||
];
|
|
||||||
};
|
|
||||||
containers."drone-docker-runner" = {
|
|
||||||
image = "drone/drone-runner-docker:1";
|
|
||||||
autoStart = true;
|
|
||||||
# needs to run as root
|
|
||||||
#user = "994";
|
|
||||||
volumes = [
|
|
||||||
"/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
];
|
|
||||||
dependsOn = ["drone-db"];
|
|
||||||
extraOptions = [
|
|
||||||
"--network=drone-net"
|
|
||||||
];
|
|
||||||
environment = {
|
|
||||||
DRONE_RPC_HOST = "ci.pub.solar";
|
|
||||||
DRONE_RPC_PROTO = "https";
|
|
||||||
DRONE_RUNNER_CAPACITY = "2";
|
|
||||||
DRONE_RUNNER_NAME = "flora-6-docker-runner";
|
|
||||||
};
|
|
||||||
environmentFiles = [
|
|
||||||
config.age.secrets.drone-secrets.path
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -8,22 +8,20 @@
|
||||||
psCfg = config.pub-solar;
|
psCfg = config.pub-solar;
|
||||||
in {
|
in {
|
||||||
config = {
|
config = {
|
||||||
home-manager.users = {inherit (hmUsers) barkeeper;};
|
home-manager.users = {inherit (hmUsers) momo;};
|
||||||
|
|
||||||
pub-solar = {
|
pub-solar = {
|
||||||
# These are your personal settings
|
# These are your personal settings
|
||||||
# The only required settings are `name` and `password`,
|
# The only required settings are `name` and `password`,
|
||||||
# The rest is used for programs like git
|
# The rest is used for programs like git
|
||||||
user = {
|
user = {
|
||||||
name = "barkeeper";
|
name = "momo";
|
||||||
description = "pub.solar infra user";
|
description = "momo.koeln infra user";
|
||||||
password = "$6$MCJ28kLwfNl9SNDq$Oh9eT6Sn6z4xGrQsLlIBI7cvJzX3P5As59OSZ.hoeBWc79Un2YdwH/hRIC.4ZDOuwQp0lHI82dNn/xeTaCn631";
|
password = "$6$MCJ28kLwfNl9SNDq$Oh9eT6Sn6z4xGrQsLlIBI7cvJzX3P5As59OSZ.hoeBWc79Un2YdwH/hRIC.4ZDOuwQp0lHI82dNn/xeTaCn631";
|
||||||
fullName = "pub.solar infra barkeeper";
|
fullName = "momo infra user";
|
||||||
email = "admins@pub.solar";
|
email = "admins@momo.koeln";
|
||||||
gpgKeyId = "";
|
gpgKeyId = "";
|
||||||
publicKeys = [
|
publicKeys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc"
|
|
||||||
|
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main"
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main"
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup"
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup"
|
||||||
|
|
||||||
|
@ -33,7 +31,6 @@ in {
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
|
||||||
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue