flora-6: init drone docker runner
This commit is contained in:
parent
90b182e499
commit
7a7ff7b1df
GPG key ID:
4FA1D3FA524F22C1
|
|
@ -1,10 +1,10 @@
|
||||||
{ config
|
|
||||||
, lib
|
|
||||||
, pkgs
|
|
||||||
, self
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
age.secrets.drone-secrets = {
|
age.secrets.drone-secrets = {
|
||||||
file = "${self}/secrets/drone-secrets.age";
|
file = "${self}/secrets/drone-secrets.age";
|
||||||
mode = "600";
|
mode = "600";
|
||||||
|
|
@ -25,20 +25,18 @@
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups.drone = { };
|
users.groups.drone = {};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d '/var/lib/drone-db' 0750 drone drone - -"
|
"d '/var/lib/drone-db' 0750 drone drone - -"
|
||||||
];
|
];
|
||||||
|
|
||||||
system.activationScripts.mkDroneNet =
|
system.activationScripts.mkDroneNet = let
|
||||||
let
|
docker = config.virtualisation.oci-containers.backend;
|
||||||
docker = config.virtualisation.oci-containers.backend;
|
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
||||||
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
in ''
|
||||||
in
|
${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24
|
||||||
''
|
'';
|
||||||
${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
docker = {
|
docker = {
|
||||||
|
|
@ -68,7 +66,7 @@
|
||||||
ports = [
|
ports = [
|
||||||
"4000:80"
|
"4000:80"
|
||||||
];
|
];
|
||||||
dependsOn = [ "drone-db" ];
|
dependsOn = ["drone-db"];
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--network=drone-net"
|
"--network=drone-net"
|
||||||
];
|
];
|
||||||
|
|
@ -82,6 +80,28 @@
|
||||||
config.age.secrets.drone-secrets.path
|
config.age.secrets.drone-secrets.path
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
containers."drone-docker-runner" = {
|
||||||
|
image = "drone/drone-runner-docker:1";
|
||||||
|
autoStart = true;
|
||||||
|
# needs to run as root
|
||||||
|
#user = "994";
|
||||||
|
volumes = [
|
||||||
|
"/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
];
|
||||||
|
dependsOn = ["drone-db"];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=drone-net"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
DRONE_SERVER_HOST = "ci.pub.solar";
|
||||||
|
DRONE_SERVER_PROTO = "https";
|
||||||
|
DRONE_RUNNER_CAPACITY = "2";
|
||||||
|
DRONE_RUNNER_NAME = "flora-6-docker-runner";
|
||||||
|
};
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.drone-secrets.path
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue