diff --git a/hosts/flora-6/drone.nix b/hosts/flora-6/drone.nix index c6a04f89..43ca56f2 100644 --- a/hosts/flora-6/drone.nix +++ b/hosts/flora-6/drone.nix @@ -1,10 +1,10 @@ -{ config -, lib -, pkgs -, self -, ... -}: { + config, + lib, + pkgs, + self, + ... +}: { age.secrets.drone-secrets = { file = "${self}/secrets/drone-secrets.age"; mode = "600"; @@ -25,20 +25,18 @@ isSystemUser = true; }; - users.groups.drone = { }; + users.groups.drone = {}; systemd.tmpfiles.rules = [ "d '/var/lib/drone-db' 0750 drone drone - -" ]; - system.activationScripts.mkDroneNet = - let - docker = config.virtualisation.oci-containers.backend; - dockerBin = "${pkgs.${docker}}/bin/${docker}"; - in - '' - ${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24 - ''; + system.activationScripts.mkDroneNet = let + docker = config.virtualisation.oci-containers.backend; + dockerBin = "${pkgs.${docker}}/bin/${docker}"; + in '' + ${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24 + ''; virtualisation = { docker = { @@ -68,7 +66,7 @@ ports = [ "4000:80" ]; - dependsOn = [ "drone-db" ]; + dependsOn = ["drone-db"]; extraOptions = [ "--network=drone-net" ]; @@ -82,6 +80,28 @@ config.age.secrets.drone-secrets.path ]; }; + containers."drone-docker-runner" = { + image = "drone/drone-runner-docker:1"; + autoStart = true; + # needs to run as root + #user = "994"; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + ]; + dependsOn = ["drone-db"]; + extraOptions = [ + "--network=drone-net" + ]; + environment = { + DRONE_SERVER_HOST = "ci.pub.solar"; + DRONE_SERVER_PROTO = "https"; + DRONE_RUNNER_CAPACITY = "2"; + DRONE_RUNNER_NAME = "flora-6-docker-runner"; + }; + environmentFiles = [ + config.age.secrets.drone-secrets.path + ]; + }; }; }; }