flora-6: init drone docker runner

This commit is contained in:
teutat3s 2023-01-28 23:50:31 +01:00
parent 90b182e499
commit 7a7ff7b1df
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1

View file

@ -1,10 +1,10 @@
{ config
, lib
, pkgs
, self
, ...
}:
{ {
config,
lib,
pkgs,
self,
...
}: {
age.secrets.drone-secrets = { age.secrets.drone-secrets = {
file = "${self}/secrets/drone-secrets.age"; file = "${self}/secrets/drone-secrets.age";
mode = "600"; mode = "600";
@ -25,18 +25,16 @@
isSystemUser = true; isSystemUser = true;
}; };
users.groups.drone = { }; users.groups.drone = {};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '/var/lib/drone-db' 0750 drone drone - -" "d '/var/lib/drone-db' 0750 drone drone - -"
]; ];
system.activationScripts.mkDroneNet = system.activationScripts.mkDroneNet = let
let
docker = config.virtualisation.oci-containers.backend; docker = config.virtualisation.oci-containers.backend;
dockerBin = "${pkgs.${docker}}/bin/${docker}"; dockerBin = "${pkgs.${docker}}/bin/${docker}";
in in ''
''
${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24 ${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24
''; '';
@ -68,7 +66,7 @@
ports = [ ports = [
"4000:80" "4000:80"
]; ];
dependsOn = [ "drone-db" ]; dependsOn = ["drone-db"];
extraOptions = [ extraOptions = [
"--network=drone-net" "--network=drone-net"
]; ];
@ -82,6 +80,28 @@
config.age.secrets.drone-secrets.path config.age.secrets.drone-secrets.path
]; ];
}; };
containers."drone-docker-runner" = {
image = "drone/drone-runner-docker:1";
autoStart = true;
# needs to run as root
#user = "994";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
dependsOn = ["drone-db"];
extraOptions = [
"--network=drone-net"
];
environment = {
DRONE_SERVER_HOST = "ci.pub.solar";
DRONE_SERVER_PROTO = "https";
DRONE_RUNNER_CAPACITY = "2";
DRONE_RUNNER_NAME = "flora-6-docker-runner";
};
environmentFiles = [
config.age.secrets.drone-secrets.path
];
};
}; };
}; };
} }