forked from pub-solar/os
flora-6: init drone ci
This commit is contained in:
parent
291edb6b52
commit
f375843f43
|
@ -63,6 +63,14 @@
|
||||||
reverse_proxy :3000
|
reverse_proxy :3000
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
"ci.pub.solar" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
reverse_proxy :4000
|
||||||
|
'';
|
||||||
|
};
|
||||||
"obs-portal.pub.solar" = {
|
"obs-portal.pub.solar" = {
|
||||||
logFormat = lib.mkForce ''
|
logFormat = lib.mkForce ''
|
||||||
output discard
|
output discard
|
||||||
|
|
87
hosts/flora-6/drone.nix
Normal file
87
hosts/flora-6/drone.nix
Normal file
|
@ -0,0 +1,87 @@
|
||||||
|
{ config
|
||||||
|
, lib
|
||||||
|
, pkgs
|
||||||
|
, self
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
age.secrets.drone-secrets = {
|
||||||
|
file = "${self}/secrets/drone-secrets.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "drone";
|
||||||
|
};
|
||||||
|
age.secrets.drone-db-secrets = {
|
||||||
|
file = "${self}/secrets/drone-db-secrets.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "drone";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.drone = {
|
||||||
|
description = "Drone Service";
|
||||||
|
home = "/var/lib/drone";
|
||||||
|
useDefaultShell = true;
|
||||||
|
uid = 994;
|
||||||
|
group = "drone";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.drone = { };
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '/var/lib/drone-db' 0750 drone drone - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
system.activationScripts.mkDroneNet =
|
||||||
|
let
|
||||||
|
docker = config.virtualisation.oci-containers.backend;
|
||||||
|
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
||||||
|
in
|
||||||
|
''
|
||||||
|
${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualisation = {
|
||||||
|
docker = {
|
||||||
|
enable = true; # sadly podman is not supported rightnow
|
||||||
|
};
|
||||||
|
|
||||||
|
oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
containers."drone-db" = {
|
||||||
|
image = "postgres:14";
|
||||||
|
autoStart = true;
|
||||||
|
user = "994";
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/drone-db:/var/lib/postgresql/data"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=drone-net"
|
||||||
|
];
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.drone-db-secrets.path
|
||||||
|
];
|
||||||
|
};
|
||||||
|
containers."drone-server" = {
|
||||||
|
image = "drone/drone:2";
|
||||||
|
autoStart = true;
|
||||||
|
user = "994";
|
||||||
|
ports = [
|
||||||
|
"4000:80"
|
||||||
|
];
|
||||||
|
dependsOn = [ "drone-db" ];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=drone-net"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
DRONE_GITEA_SERVER = "https://git.pub.solar";
|
||||||
|
DRONE_SERVER_HOST = "ci.pub.solar";
|
||||||
|
DRONE_SERVER_PROTO = "https";
|
||||||
|
DRONE_DATABASE_DRIVER = "postgres";
|
||||||
|
};
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.drone-secrets.path
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -17,6 +17,7 @@ in
|
||||||
./triton-vmtools.nix
|
./triton-vmtools.nix
|
||||||
|
|
||||||
./caddy.nix
|
./caddy.nix
|
||||||
|
./drone.nix
|
||||||
./keycloak.nix
|
./keycloak.nix
|
||||||
./gitea.nix
|
./gitea.nix
|
||||||
|
|
||||||
|
|
|
@ -7,12 +7,12 @@
|
||||||
{
|
{
|
||||||
age.secrets.gitea-database-password = {
|
age.secrets.gitea-database-password = {
|
||||||
file = "${self}/secrets/gitea-database-password.age";
|
file = "${self}/secrets/gitea-database-password.age";
|
||||||
mode = "700";
|
mode = "600";
|
||||||
owner = "gitea";
|
owner = "gitea";
|
||||||
};
|
};
|
||||||
age.secrets.gitea-mailer-password = {
|
age.secrets.gitea-mailer-password = {
|
||||||
file = "${self}/secrets/gitea-mailer-password.age";
|
file = "${self}/secrets/gitea-mailer-password.age";
|
||||||
mode = "700";
|
mode = "600";
|
||||||
owner = "gitea";
|
owner = "gitea";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
BIN
secrets/drone-db-secrets.age
Normal file
BIN
secrets/drone-db-secrets.age
Normal file
Binary file not shown.
12
secrets/drone-secrets.age
Normal file
12
secrets/drone-secrets.age
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 Y0ZZaw 42VrEEM/4WcKKp5NZfycnkhsrkSUGGrjwrIPz9O8LhY
|
||||||
|
CrkgGDCypRzevuT5YQBZxXwdJnvlkOH1xgxgRFf2wH8
|
||||||
|
-> ssh-ed25519 BVsyTA hUQDxkdOQxsOrB/afZWXUWSgNXfDy0W3nl13aXSmvyA
|
||||||
|
cf5WfwKKOabBR7qqYblpplSxZqvFmxKCPys8Zz6ZVnU
|
||||||
|
-> #-grease B PYdk)b5 D\, z&3Vyw9u
|
||||||
|
kJnYpRA6aL4bQQA4ihI5bFl41vIzG2gOaKCJzjxnqK9DndETSoSkhWk4AX0uT0NQ
|
||||||
|
tw
|
||||||
|
--- QloJDsaDcj08NIy5j8hPMFhHZ4DyZFDR+CNtBUSbhQ0
|
||||||
|
ͼ¨Š()¯çÛµkMÀs·JÊ-d‚»láÈföžhj¤6yÕè—º4[<5B>É}»`Nµ)¸á
*Æ×H-˜œÔä²c¨³m’PEdZ²|´ÄFñF4ƒò<>´ƒÞ½<C2AD>0ä@·š7¢„;Oûwã=èÔ÷Rº:JA¦‰3ÃØOýbã0{“Ìs–ó›G6OËʯ1yd¼…e
ðÿ,÷NÀîVÎ"y4Í8Pª º_hw?¸¦ÓtüãZ"»W~Å5śˈª"ÔÝ#à4,OA¶e
|
||||||
|
#<23>]»sŒ.|ˆag¨ˆ÷K†QΨM¢¤ž/ác
|
||||||
|
ÞîäwÂÀ¼pêp=”èÏz\È›ÉÖôH«ðâ”Wñô¯Ÿv¬î¤Ó%zhL¹ˆå7··›ìB‚¡Á.F `+ÿ;e²$z¥Ýçï¡Š•qÉ<07>™qzÑS6Ä8eC£Ê=ãŒÙ#à|YŽ]÷‡ ònV”éçJ"êV†©æ+›Uï
|
|
@ -9,4 +9,6 @@ in
|
||||||
"gitea-database-password.age".publicKeys = deployKeys;
|
"gitea-database-password.age".publicKeys = deployKeys;
|
||||||
"gitea-mailer-password.age".publicKeys = deployKeys;
|
"gitea-mailer-password.age".publicKeys = deployKeys;
|
||||||
"keycloak-database-password.age".publicKeys = deployKeys;
|
"keycloak-database-password.age".publicKeys = deployKeys;
|
||||||
|
"drone-secrets.age".publicKeys = deployKeys;
|
||||||
|
"drone-db-secrets.age".publicKeys = deployKeys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue