forked from pub-solar/os
flora-6: init drone ci
This commit is contained in:
parent
291edb6b52
commit
f375843f43
|
@ -63,6 +63,14 @@
|
|||
reverse_proxy :3000
|
||||
'';
|
||||
};
|
||||
"ci.pub.solar" = {
|
||||
logFormat = lib.mkForce ''
|
||||
output discard
|
||||
'';
|
||||
extraConfig = ''
|
||||
reverse_proxy :4000
|
||||
'';
|
||||
};
|
||||
"obs-portal.pub.solar" = {
|
||||
logFormat = lib.mkForce ''
|
||||
output discard
|
||||
|
|
87
hosts/flora-6/drone.nix
Normal file
87
hosts/flora-6/drone.nix
Normal file
|
@ -0,0 +1,87 @@
|
|||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, self
|
||||
, ...
|
||||
}:
|
||||
{
|
||||
age.secrets.drone-secrets = {
|
||||
file = "${self}/secrets/drone-secrets.age";
|
||||
mode = "600";
|
||||
owner = "drone";
|
||||
};
|
||||
age.secrets.drone-db-secrets = {
|
||||
file = "${self}/secrets/drone-db-secrets.age";
|
||||
mode = "600";
|
||||
owner = "drone";
|
||||
};
|
||||
|
||||
users.users.drone = {
|
||||
description = "Drone Service";
|
||||
home = "/var/lib/drone";
|
||||
useDefaultShell = true;
|
||||
uid = 994;
|
||||
group = "drone";
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
users.groups.drone = { };
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '/var/lib/drone-db' 0750 drone drone - -"
|
||||
];
|
||||
|
||||
system.activationScripts.mkDroneNet =
|
||||
let
|
||||
docker = config.virtualisation.oci-containers.backend;
|
||||
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
||||
in
|
||||
''
|
||||
${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24
|
||||
'';
|
||||
|
||||
virtualisation = {
|
||||
docker = {
|
||||
enable = true; # sadly podman is not supported rightnow
|
||||
};
|
||||
|
||||
oci-containers = {
|
||||
backend = "docker";
|
||||
containers."drone-db" = {
|
||||
image = "postgres:14";
|
||||
autoStart = true;
|
||||
user = "994";
|
||||
volumes = [
|
||||
"/var/lib/drone-db:/var/lib/postgresql/data"
|
||||
];
|
||||
extraOptions = [
|
||||
"--network=drone-net"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.age.secrets.drone-db-secrets.path
|
||||
];
|
||||
};
|
||||
containers."drone-server" = {
|
||||
image = "drone/drone:2";
|
||||
autoStart = true;
|
||||
user = "994";
|
||||
ports = [
|
||||
"4000:80"
|
||||
];
|
||||
dependsOn = [ "drone-db" ];
|
||||
extraOptions = [
|
||||
"--network=drone-net"
|
||||
];
|
||||
environment = {
|
||||
DRONE_GITEA_SERVER = "https://git.pub.solar";
|
||||
DRONE_SERVER_HOST = "ci.pub.solar";
|
||||
DRONE_SERVER_PROTO = "https";
|
||||
DRONE_DATABASE_DRIVER = "postgres";
|
||||
};
|
||||
environmentFiles = [
|
||||
config.age.secrets.drone-secrets.path
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -17,6 +17,7 @@ in
|
|||
./triton-vmtools.nix
|
||||
|
||||
./caddy.nix
|
||||
./drone.nix
|
||||
./keycloak.nix
|
||||
./gitea.nix
|
||||
|
||||
|
|
|
@ -7,12 +7,12 @@
|
|||
{
|
||||
age.secrets.gitea-database-password = {
|
||||
file = "${self}/secrets/gitea-database-password.age";
|
||||
mode = "700";
|
||||
mode = "600";
|
||||
owner = "gitea";
|
||||
};
|
||||
age.secrets.gitea-mailer-password = {
|
||||
file = "${self}/secrets/gitea-mailer-password.age";
|
||||
mode = "700";
|
||||
mode = "600";
|
||||
owner = "gitea";
|
||||
};
|
||||
|
||||
|
|
BIN
secrets/drone-db-secrets.age
Normal file
BIN
secrets/drone-db-secrets.age
Normal file
Binary file not shown.
12
secrets/drone-secrets.age
Normal file
12
secrets/drone-secrets.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 Y0ZZaw 42VrEEM/4WcKKp5NZfycnkhsrkSUGGrjwrIPz9O8LhY
|
||||
CrkgGDCypRzevuT5YQBZxXwdJnvlkOH1xgxgRFf2wH8
|
||||
-> ssh-ed25519 BVsyTA hUQDxkdOQxsOrB/afZWXUWSgNXfDy0W3nl13aXSmvyA
|
||||
cf5WfwKKOabBR7qqYblpplSxZqvFmxKCPys8Zz6ZVnU
|
||||
-> #-grease B PYdk)b5 D\, z&3Vyw9u
|
||||
kJnYpRA6aL4bQQA4ihI5bFl41vIzG2gOaKCJzjxnqK9DndETSoSkhWk4AX0uT0NQ
|
||||
tw
|
||||
--- QloJDsaDcj08NIy5j8hPMFhHZ4DyZFDR+CNtBUSbhQ0
|
||||
ͼ¨Š()¯çÛµkMÀs·JÊ-d‚»láÈföžhj¤6yÕè—º4[<5B>É}»`Nµ)¸á
*Æ×H-˜œÔä²c¨³m’PEdZ²|´ÄFñF4ƒò<>´ƒÞ½<C2AD>0ä@·š7¢„;Oûwã=èÔ÷Rº:JA¦‰3ÃØOýbã0{“Ìs–ó›G6OËʯ1yd¼…e
ðÿ,÷NÀîVÎ"y4Í8Pª º_hw?¸¦ÓtüãZ"»W~Å5śˈª"ÔÝ#à4,OA¶e
|
||||
#<23>]»sŒ.|ˆag¨ˆ÷K†QΨM¢¤ž/ác
|
||||
ÞîäwÂÀ¼pêp=”èÏz\È›ÉÖôH«ðâ”Wñô¯Ÿv¬î¤Ó%zhL¹ˆå7··›ìB‚¡Á.F `+ÿ;e²$z¥Ýçï¡Š•qÉ<07>™qzÑS6Ä8eC£Ê=ãŒÙ#à|YŽ]÷‡ ònV”éçJ"êV†©æ+›Uï
|
|
@ -9,4 +9,6 @@ in
|
|||
"gitea-database-password.age".publicKeys = deployKeys;
|
||||
"gitea-mailer-password.age".publicKeys = deployKeys;
|
||||
"keycloak-database-password.age".publicKeys = deployKeys;
|
||||
"drone-secrets.age".publicKeys = deployKeys;
|
||||
"drone-db-secrets.age".publicKeys = deployKeys;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue