{ config, pkgs, lib, ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts."drone.entr0py.de" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://localhost:2380/"; }; }; services.postgresql = { enable = false; package = pkgs.postgresql_12; ensureDatabases = [ "drone" ]; authentication = lib.mkForce '' # Generated file; do not edit! # TYPE DATABASE USER ADDRESS METHOD local all all trust host all drone trust ''; ensureUsers = [ { name = "drone"; ensurePermissions."DATABASE drone" = "ALL PRIVILEGES"; } ]; }; users.users.drone = { isSystemUser = true; }; virtualisation.oci-containers.backend = "podman"; virtualisation.oci-containers.containers = { drone-server = { autoStart = true; image = "drone/drone:latest"; environment = { /*DRONE_DATABASE_DRIVER="postgres"; DRONE_DATABASE_DATASOURCE="postgresql:///drone?host=/run/postgresql";*/ DRONE_DATABASE_SECRET= (builtins.readFile ./drone_database.secret); DRONE_GITEA_SERVER="https://git.entr0py.de"; DRONE_GITEA_CLIENT_ID="07f3c25c-4f9d-4642-afcf-c419976cfaac"; DRONE_GITEA_CLIENT_SECRET= (builtins.readFile ./gitea_client.secret); DRONE_RPC_SECRET= (builtins.readFile ./drone_rpc.secret); DRONE_SERVER_HOST="drone.entr0py.de"; DRONE_SERVER_PROTO="https"; DRONE_USER_CREATE="username:garionion,admin:true"; }; ports = [ "2380:80" ]; volumes = [ "/var/lib/drone:/data" ]; }; drone-runner-docker = { autoStart = true; dependsOn = [ "drone-server" ]; image = "drone/drone-runner-docker:1"; environment = { DRONE_RPC_SECRET= (builtins.readFile ./drone_rpc.secret); DRONE_RPC_PROTO="https"; DRONE_RPC_HOST="drone.entr0py.de"; DRONE_RUNNER_CAPACITY="4"; DRONE_RUNNER_NAME="nebula"; DRONE_TMATE_ENABLED="true"; }; ports = [ "3000:3000" ]; volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock" ]; }; }; }