2021-04-12 14:02:17 +02:00
|
|
|
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts."drone.entr0py.de" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/".proxyPass = "http://localhost:2380/";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
services.postgresql = {
|
|
|
|
enable = false;
|
|
|
|
package = pkgs.postgresql_12;
|
|
|
|
ensureDatabases = [ "drone" ];
|
|
|
|
authentication = lib.mkForce ''
|
|
|
|
# Generated file; do not edit!
|
|
|
|
# TYPE DATABASE USER ADDRESS METHOD
|
|
|
|
local all all trust
|
|
|
|
host all drone trust
|
|
|
|
'';
|
|
|
|
ensureUsers = [
|
|
|
|
{
|
|
|
|
name = "drone";
|
|
|
|
ensurePermissions."DATABASE drone" = "ALL PRIVILEGES";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
users.users.drone = {
|
2021-06-14 16:31:21 +02:00
|
|
|
isSystemUser = true;
|
2021-04-12 14:02:17 +02:00
|
|
|
};
|
|
|
|
virtualisation.oci-containers.backend = "podman";
|
|
|
|
virtualisation.oci-containers.containers = {
|
|
|
|
drone-server = {
|
|
|
|
autoStart = true;
|
|
|
|
image = "drone/drone:latest";
|
|
|
|
environment = {
|
|
|
|
/*DRONE_DATABASE_DRIVER="postgres";
|
|
|
|
DRONE_DATABASE_DATASOURCE="postgresql:///drone?host=/run/postgresql";*/
|
2021-04-12 14:03:26 +02:00
|
|
|
DRONE_DATABASE_SECRET= (builtins.readFile ./drone_database.secret);
|
2021-04-12 14:02:17 +02:00
|
|
|
DRONE_GITEA_SERVER="https://git.entr0py.de";
|
|
|
|
DRONE_GITEA_CLIENT_ID="07f3c25c-4f9d-4642-afcf-c419976cfaac";
|
2021-04-12 14:03:26 +02:00
|
|
|
DRONE_GITEA_CLIENT_SECRET= (builtins.readFile ./gitea_client.secret);
|
|
|
|
DRONE_RPC_SECRET= (builtins.readFile ./drone_rpc.secret);
|
2021-04-12 14:02:17 +02:00
|
|
|
DRONE_SERVER_HOST="drone.entr0py.de";
|
|
|
|
DRONE_SERVER_PROTO="https";
|
|
|
|
DRONE_USER_CREATE="username:garionion,admin:true";
|
|
|
|
};
|
|
|
|
ports = [
|
|
|
|
"2380:80"
|
|
|
|
];
|
|
|
|
volumes = [
|
|
|
|
"/var/lib/drone:/data"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
drone-runner-docker = {
|
|
|
|
autoStart = true;
|
|
|
|
dependsOn = [ "drone-server" ];
|
|
|
|
image = "drone/drone-runner-docker:1";
|
|
|
|
environment = {
|
2021-04-12 14:03:26 +02:00
|
|
|
DRONE_RPC_SECRET= (builtins.readFile ./drone_rpc.secret);
|
2021-04-12 14:02:17 +02:00
|
|
|
DRONE_RPC_PROTO="https";
|
|
|
|
DRONE_RPC_HOST="drone.entr0py.de";
|
|
|
|
DRONE_RUNNER_CAPACITY="4";
|
|
|
|
DRONE_RUNNER_NAME="nebula";
|
2021-06-14 16:31:21 +02:00
|
|
|
DRONE_TMATE_ENABLED="true";
|
2021-04-12 14:02:17 +02:00
|
|
|
};
|
|
|
|
ports = [
|
|
|
|
"3000:3000"
|
|
|
|
];
|
|
|
|
volumes = [
|
|
|
|
"/var/run/podman/podman.sock:/var/run/docker.sock"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|