pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

flora-6: init drone ci

Browse source
This commit is contained in:
teutat3s 2023-01-28 21:26:13 +01:00
parent 291edb6b52
commit f375843f43
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
7 changed files with 112 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
hosts/flora-6/caddy.nix
View file

@ -63,6 +63,14 @@
reverse_proxy :3000
'';
};
"ci.pub.solar" = {
logFormat = lib.mkForce ''
output discard
'';
extraConfig = ''
reverse_proxy :4000
'';
};
"obs-portal.pub.solar" = {
logFormat = lib.mkForce ''
output discard

87
hosts/flora-6/drone.nix Normal file
View file

@ -0,0 +1,87 @@
{ config
, lib
, pkgs
, self
, ...
}:
{
age.secrets.drone-secrets = {
file = "${self}/secrets/drone-secrets.age";
mode = "600";
owner = "drone";
};
age.secrets.drone-db-secrets = {
file = "${self}/secrets/drone-db-secrets.age";
mode = "600";
owner = "drone";
};
users.users.drone = {
description = "Drone Service";
home = "/var/lib/drone";
useDefaultShell = true;
uid = 994;
group = "drone";
isSystemUser = true;
};
users.groups.drone = { };
systemd.tmpfiles.rules = [
"d '/var/lib/drone-db' 0750 drone drone - -"
];
system.activationScripts.mkDroneNet =
let
docker = config.virtualisation.oci-containers.backend;
dockerBin = "${pkgs.${docker}}/bin/${docker}";
in
''
${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24
'';
virtualisation = {
docker = {
enable = true; # sadly podman is not supported rightnow
};
oci-containers = {
backend = "docker";
containers."drone-db" = {
image = "postgres:14";
autoStart = true;
user = "994";
volumes = [
"/var/lib/drone-db:/var/lib/postgresql/data"
];
extraOptions = [
"--network=drone-net"
];
environmentFiles = [
config.age.secrets.drone-db-secrets.path
];
};
containers."drone-server" = {
image = "drone/drone:2";
autoStart = true;
user = "994";
ports = [
"4000:80"
];
dependsOn = [ "drone-db" ];
extraOptions = [
"--network=drone-net"
];
environment = {
DRONE_GITEA_SERVER = "https://git.pub.solar";
DRONE_SERVER_HOST = "ci.pub.solar";
DRONE_SERVER_PROTO = "https";
DRONE_DATABASE_DRIVER = "postgres";
};
environmentFiles = [
config.age.secrets.drone-secrets.path
];
};
};
};
}

1
hosts/flora-6/flora-6.nix
View file

@ -17,6 +17,7 @@ in
./triton-vmtools.nix
./caddy.nix
./drone.nix
./keycloak.nix
./gitea.nix

4
hosts/flora-6/gitea.nix
View file

@ -7,12 +7,12 @@
{
age.secrets.gitea-database-password = {
file = "${self}/secrets/gitea-database-password.age";
mode = "700";
mode = "600";
owner = "gitea";
};
age.secrets.gitea-mailer-password = {
file = "${self}/secrets/gitea-mailer-password.age";
mode = "700";
mode = "600";
owner = "gitea";
};

BIN
secrets/drone-db-secrets.age Normal file
View file

Binary file not shown.

12
secrets/drone-secrets.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 Y0ZZaw 42VrEEM/4WcKKp5NZfycnkhsrkSUGGrjwrIPz9O8LhY
CrkgGDCypRzevuT5YQBZxXwdJnvlkOH1xgxgRFf2wH8
-> ssh-ed25519 BVsyTA hUQDxkdOQxsOrB/afZWXUWSgNXfDy0W3nl13aXSmvyA
cf5WfwKKOabBR7qqYblpplSxZqvFmxKCPys8Zz6ZVnU
-> #-grease B PYdk)b5 D\, z&3Vyw9u
kJnYpRA6aL4bQQA4ihI5bFl41vIzG2gOaKCJzjxnqK9DndETSoSkhWk4AX0uT0NQ
tw
--- QloJDsaDcj08NIy5j8hPMFhHZ4DyZFDR+CNtBUSbhQ0
ͼ¨Š()¯çÛµkMÀs·JÊ-d»láÈföžhj¤6yÕè—º4[<5B>É}»`Nµ)¸á *Æ×H-˜œÔä²c¨³mPEdZ²|´ÄFñF4ƒò<>´ƒÞ­½<C2AD>0ä@·š7¢„;Oûwã=èÔ÷Rº:JA¦‰3ÃØOýbã0{“ÌsóG6OËʯ1yd¼…e ðÿ,÷NÀîVÎ"y4Í8Pª º_hw?¸¦Ótüã­Z"»W~Å5śˈª"ÔÝ#à4,OA¶e
#<23>]»sŒ.|ˆag¨ˆ÷K†QΨM¢¤ž/ác
ÞîäwÂÀ¼pêp=”èÏz\ÈÉÖôH«ðâ”Wñô¯Ÿv¬î¤Ó%zhL¹ˆå7··ìB¡Á.F `+ÿ;e²$z¥Ýçï¡Š•qÉ<07>™qzÑS6Ä8eC£Ê=ãŒÙ#à|YŽ]÷  ònV”éçJ"êV†©æ+

2
secrets/secrets.nix
View file

@ -9,4 +9,6 @@ in
"gitea-database-password.age".publicKeys = deployKeys;
"gitea-mailer-password.age".publicKeys = deployKeys;
"keycloak-database-password.age".publicKeys = deployKeys;
"drone-secrets.age".publicKeys = deployKeys;
"drone-db-secrets.age".publicKeys = deployKeys;
}