add drone
This commit is contained in:
parent
c5781c067c
commit
8bf33e50c6
GPG key ID:
AB2BD8DAF2E37122
7 changed files with 84 additions and 3 deletions
|
|
@ -33,6 +33,7 @@
|
|||
./services/github-runner.nix
|
||||
./services/iscsi.nix
|
||||
./services/samba.nix
|
||||
./services/drone.nix
|
||||
];
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
|
|
|||
65
config/services/drone.nix
Normal file
65
config/services/drone.nix
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
split-system = pkgs.lib.strings.splitString "-" pkgs.system;
|
||||
envFile =
|
||||
pkgs.writeText "drone-server.env" ''
|
||||
'';
|
||||
in {
|
||||
systemd.services.drone-server = {
|
||||
wantedBy = ["multi-user.target"];
|
||||
after = ["network.target"];
|
||||
environment = {
|
||||
DRONE_DATABASE_DATASOURCE = "postgres:///drone-server?sslmode=disable&host=/run/postgresql";
|
||||
DRONE_DATABASE_DRIVER = "postgres";
|
||||
DRONE_SERVER_HOST = "drone.chir.rs";
|
||||
DRONE_SERVER_PROTO = "https";
|
||||
DRONE_REGISTRATION_CLOSED = "true";
|
||||
DRONE_RUNNER_OS = builtins.elemAt split-system 1;
|
||||
DRONE_RUNNER_ARCH = builtins.replaceStrings ["x86_64"] ["amd64"] (builtins.elemAt split-system 0);
|
||||
DRONE_SERVER_PORT = ":47927";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = "drone-server";
|
||||
Group = "drone-server";
|
||||
ExecStart = "${pkgs.drone}/bin/drone-server";
|
||||
Restart = "always";
|
||||
EnvironmentFile = config.sops.secrets."services/drone".path;
|
||||
};
|
||||
};
|
||||
users.users.drone-server = {
|
||||
description = "Drone Server Service";
|
||||
home = "/run/drone";
|
||||
useDefaultShell = true;
|
||||
group = "drone-server";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.drone-server = {};
|
||||
sops.secrets."services/drone" = {};
|
||||
services.postgresql.ensureDatabases = ["drone-server"];
|
||||
services.postgresql.ensureUsers = [
|
||||
{
|
||||
name = "drone-server";
|
||||
ensurePermissions = {"DATABASE drone-server" = "ALL PRIVILEGES";};
|
||||
}
|
||||
];
|
||||
services.nginx.virtualHosts."drone.chir.rs" = {
|
||||
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:47927";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."drone.int.chir.rs" = {
|
||||
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:47927";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -73,4 +73,15 @@
|
|||
'';
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."drone.chir.rs" = {
|
||||
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
||||
locations."/" = {
|
||||
proxyPass = "https://drone.int.chir.rs";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_ssl_server_name on;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -113,6 +113,7 @@ rec {
|
|||
python3Packages.yapf
|
||||
github-cli
|
||||
statix
|
||||
backblaze-b2
|
||||
];
|
||||
};
|
||||
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ network:
|
|||
services:
|
||||
github-runner:
|
||||
nixos.token: ENC[AES256_GCM,data:qqtjAKCDxX0+Hvl5n9nglwYW4JdHlkEcu0cot4Y=,iv:m8Dd2QYYmwaVoGu8BB/JA3Ii0Y3fP3GhZaR8tpZmXcw=,tag:w8J8kw3KxwbxxCsKgBc3+Q==,type:str]
|
||||
drone: ENC[AES256_GCM,data:WEmOXeePe1Augvt3NqGhVd+PXzmlpybC/tpZe4z4KQmocwPXBznh0qCNrooWPJkOEK1vvJRJACry2iiiex3hxsJcetxSIRuzB6TfHBWWpcubGgOG42CaCoov7f3aPn0vn0uXdyt4fk76b095KhdYnYs4oo6cQ94bNaoTCYiGHvghSMb423iE/hm+xf3PBlfo/wrvF2IbZYWSjzVjmUdSr8K5KT3INTMMjKWj1fn+ecs7HIRpntGajrxjtwiq3Rm0WYzZL5gnUpYO8wW9Lt8xqF/aD9vnSTKvnjguqcaPVOxtGMdAEM2HAVZPecULdcDmt/WuiSww4YKAK/vSxHGlHmmQxBbn/Juygf3JhgTXgXtstBes84d++L4kMuNC5pXJKBBYSHOJ3r3JAUl1SMx4HaaK3PoBP4KOMOVifb5C6cNsaBRU2IABWXV+Q8q0+mhY7oFx7r1v8HIxhPRTkwcVWi5mV2McJEFDesiu3bN21RsLb1MNHEdj44N9o3l6faVGQqfa1EmDZdp57YCJIVg6ouAdioFf6niUoBZoOd2Qi/HlKcuiymIrLedXLQTtyQfjZiNRBh67AvOH8Ujls2tn7EH9dauNZ15FP3ANtji6MuGySDrKJmPxs9WjVYQ6cC29XkfVoZi8AttmRcKWFH5eaxhY9nzpbAel8dvc4++2q8ZG1PWZ+hZT0Qe1eisV2AR5vbSnKjnJ4dQ5eFvc+GZkndWqPucHPV41MMueOit22XYiA6tKJOZS58VK/A==,iv:3txeikQoc3zzNgcGyhgvkAog4S5taD5oEbSegVZ7cC4=,tag:H09zV519go3RIQfLvZ2S6Q==,type:str]
|
||||
synapse:
|
||||
private_key: ENC[AES256_GCM,data:yU7yftN4QRbNgoR3MKeZeZMAlZP/WLIuO11SDmovyot1siq8sfS6enWlHdpxOurB0PWqsLSbkDoPO9g=,iv:GvIBst7+m8gWLhFpou2NJ5Sx7zNNURcumGbjYiCBTK0=,tag:whbtqezK7MHr3+veCHAzcw==,type:str]
|
||||
discord-dev-registration.yaml: ENC[AES256_GCM,data:gWZmExd/SiHRWY7fnwsmGzubVpPVxdSbjzwJBHPOO1G9icB+htjIlSdnRAdDCUEMz66As2mNAW6yMb9l8JCvyN6+54hxKMAHFBb0M2fcCnH3/ZYOEb8uW6HJ1lASRhM05BwTRkSXwESe4IJHexzVMAg8+cL+zfXNJCGi2ii1Y3gzKNfaUHo+plevkeVTINzh0bqFeaOsAl9SOTAoCgLEJ/VxUpsyIzvXly2GoGSAcp01D8FSmNbNLZctZ885oKmgc9cO6Hy1u0DSaaq6Z8VMhyzbIYtOTuaA4Y5Du0f5PN9HfmFJbagy4Kjjfedx6woxG58OzHQ/6dx0qGnlXUp7oguAZzb4IUXFR/zGLRdAtBXkAZ5Iz1si1jkMgP68MkSwwQb3VvFcDVQ6WlYP3puP6w6iTUxpG17R1o47WWENOf/AoaHwpbzpjYY/U46hrt3F5P+mBTigO5TnnunO/DOWNCGbff7wohX7XdVN6hV1jchYlVKtFLldVGGSkDFqbSYHPaDiNSQ2MZICQWqT34cDzqEFXh6Xv74I+9jAy2tW1aRIwowRIvWJpOHSL5csbOzKMRfdyenoti0Yv4qadIbaKsOvhxHS5Sr5jodSrry6fdDd98unrOyCvXTsY//Hli5WNXAiXjpnUR79hR6od26WbfW7LgRp0BQvSviaR6+oJkOyNTUMkg19da2BdWAQnLYo6KmivF1/ZBdAgMsMwdqvPU3D2nLCPXxT5IPPC8i4OSh5a36yvvE9H9nUMuMfo2yEIvCdjpYJp/rU,iv:DdY/L7QZOTBH/2ZX2+C57YSB5ChlbOLypCzNoS8tTv4=,tag:MObnLxAf9MYdIKoLbsRl/w==,type:str]
|
||||
|
|
@ -62,8 +63,8 @@ sops:
|
|||
WnV3QWxtalIzWFdoQmpDTmJsNGdNOW8K++rFGXy0G6Gcu2gQwSP6xfXInQ/y5nh5
|
||||
2oGp8sfOLFWnNI4SWL0ChP47K3C/9ysUHwQnUYPbRafZ/4X6cN40ZQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-06-05T10:50:34Z"
|
||||
mac: ENC[AES256_GCM,data:vT0mNRHyDBEa9TOAC73vzFSpYAonLZ/sxIAl2hlN1+fPDM2WKfBjJKFWvPDYtzdgiKXTBcuZAp6ehol37L9tFXhbPg8mpo9yXh+3MKpZTr2RxxG6+vJTid2wvHKY3eoas6SEiRDE7+AAX9W6UPISjyzw9Tq0D7XRDJJ3yFjAAfg=,iv:wGmNBgK01sImRpYwuykVMvVhy8h6qokKuAfGWVyBLSI=,tag:ihGELMrbHmtKbLSYYRSKIg==,type:str]
|
||||
lastmodified: "2022-06-22T21:02:55Z"
|
||||
mac: ENC[AES256_GCM,data:iBFzpgxIa/o5nKPzdYz8mh+USzoaFJhzEJXJBnYAj4LCUHfAHh7XCqJjf31QD8GYR22G/1huRiyk7vkwFFDaqFywPRFKK7Ygn+9fbe9S69xlN+vWLFSDkBtqXK6bZcXG1xD94NXfEFhUIeKhGWAbRri7uFGyJFrZbxJevrs6O68=,iv:OsT86OEefXeY2irYXbz/OwpcUf48/lNkF8Wv0pHFFUs=,tag:E/1uF8dc3KbZ11qalKxV2g==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-04-24T10:34:20Z"
|
||||
enc: |
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ with dns.lib.combinators; let
|
|||
SOA = {
|
||||
nameServer = "ns1.chir.rs.";
|
||||
adminEmail = "lotte@chir.rs";
|
||||
serial = 11;
|
||||
serial = 12;
|
||||
};
|
||||
NS = [
|
||||
"ns1.chir.rs."
|
||||
|
|
@ -183,6 +183,7 @@ with dns.lib.combinators; let
|
|||
mastodon = createZone {};
|
||||
mastodon-assets = createZone {};
|
||||
matrix = createZone {};
|
||||
drone = createZone {};
|
||||
|
||||
int =
|
||||
delegateTo [
|
||||
|
|
|
|||
|
|
@ -261,6 +261,7 @@ in {
|
|||
mastodon.CNAME = [(ttl zoneTTL (cname "nas"))];
|
||||
matrix.CNAME = [(ttl zoneTTL (cname "nas"))];
|
||||
rspamd.CNAME = [(ttl zoneTTL (cname "nas"))];
|
||||
drone.CNAME = [(ttl zoneTTL (cname "nas"))];
|
||||
_acme-challenge = delegateTo [
|
||||
"ns1.chir.rs."
|
||||
"ns2.chir.rs."
|
||||
|
|
|
|||
Loading…
Reference in a new issue