From 1b41632c2d3ee14c6f4185f311f4d4460217eb5c Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Sun, 26 Dec 2021 22:55:09 +0100 Subject: [PATCH] Tried to add docker exec runner --- .drone.yml | 49 +++++++++++++++++++++++++++++++++++++++ base.nix | 1 - modules/drone/default.nix | 21 +++++++++++++++++ modules/nix/default.nix | 1 + users/julien.nix | 3 ++- 5 files changed, 73 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 4b69e8e..b8b5530 100644 --- a/.drone.yml +++ b/.drone.yml @@ -39,3 +39,52 @@ trigger: - push - pull_request +--- +kind: pipeline +name: push flake update +type: docker + +steps: +- name: Update flake.lock + image: nixpkgs/nix-flakes + commands: + - nix flake update --inputs-from nixpkgs + - nix flake show + - nix flake metadata + - nix flake check + - nix flake check --show-trace + environment: + NIX_PATH: nixpkgs=channel:nixos-unstable + +- name: Push updated flake.lock + image: appleboy/drone-git-push + settings: + branch: update-flake + remote: git@github.com:JulienMalka/nix-config.git + force: true + commit: true + force: true + commit_message: "Updated flake.lock" + ssh_key: + from_secret: deploy_key + +- name: notify on failure + image: drillster/drone-email + settings: + username: "julien.malka@me.com" + from: + from_secret: email_from + host: + from_secret: email_host + password: + from_secret: email_password + when: + status: + - failure + +trigger: + branch: + - main + event: + - push + - cron diff --git a/base.nix b/base.nix index acf0d91..bb5e52e 100644 --- a/base.nix +++ b/base.nix @@ -30,7 +30,6 @@ rxvt_unicode xorg.xbacklight neovim - tinystatus ]; environment.variables.EDITOR = "nvim"; diff --git a/modules/drone/default.nix b/modules/drone/default.nix index 4389ab1..2be34c6 100644 --- a/modules/drone/default.nix +++ b/modules/drone/default.nix @@ -20,6 +20,8 @@ in sops.secrets.drone = { }; + virtualisation.docker.enable = true; + systemd.services.drone-server = { wantedBy = [ "multi-user.target" ]; serviceConfig = { @@ -72,6 +74,25 @@ in path = [ pkgs.nixUnstable pkgs.git pkgs.docker pkgs.docker-compose ]; }; + systemd.services.drone-runner-docker = { + description = "Drone Docker Runner"; + startLimitIntervalSec = 5; + serviceConfig = { + EnvironmentFile = [ config.sops.secrets.drone.path ]; + Environment = [ + "DRONE_SERVER_HOST=${cfg.nginx.subdomain}.julienmalka.me" + "DRONE_SERVER_PROTO=https" + "CLIENT_DRONE_RPC_HOST=127.0.0.1:3030" + ]; + + ExecStart = "${pkgs.drone-runner-docker}/bin/drone-runner-docker"; + }; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.nixUnstable pkgs.git pkgs.docker pkgs.docker-compose ]; + }; + + + } (mkIf cfg.nginx.enable { diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 3f9c2a3..27eaf3d 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -23,6 +23,7 @@ with lib; ''; nixPath = [ "nixpkgs=${inputs.nixpkgs}" + "nixos=${inputs.nixpkgs}" ]; binaryCaches = [ "https://bin.julienmalka.me" diff --git a/users/julien.nix b/users/julien.nix index ea6d1fb..8da316f 100644 --- a/users/julien.nix +++ b/users/julien.nix @@ -4,10 +4,11 @@ sops.secrets.user-julien-password.neededForUsers = true; + users.groups.docker = {}; users.users.julien = { isNormalUser = true; home = "/home/julien"; - extraGroups = [ "wheel" config.users.groups.keys.name]; + extraGroups = [ "wheel" "docker" config.users.groups.keys.name]; shell = pkgs.fish; passwordFile = config.sops.secrets.user-julien-password.path; openssh.authorizedKeys.keyFiles = [