Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-26 05:40:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Tried to add docker exec runner

Browse source
This commit is contained in:
Julien Malka 2021-12-26 22:55:09 +01:00
parent 0b006a916a
commit 1b41632c2d
No known key found for this signature in database
GPG key ID: 3C68E13964FEA07F
5 changed files with 73 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
.drone.yml
View file

@ -39,3 +39,52 @@ trigger:
- push - push
- pull_request - pull_request
---
kind: pipeline
name: push flake update
type: docker
steps:
- name: Update flake.lock
image: nixpkgs/nix-flakes
commands:
- nix flake update --inputs-from nixpkgs
- nix flake show
- nix flake metadata
- nix flake check
- nix flake check --show-trace
environment:
NIX_PATH: nixpkgs=channel:nixos-unstable
- name: Push updated flake.lock
image: appleboy/drone-git-push
settings:
branch: update-flake
remote: git@github.com:JulienMalka/nix-config.git
force: true
commit: true
force: true
commit_message: "Updated flake.lock"
ssh_key:
from_secret: deploy_key
- name: notify on failure
image: drillster/drone-email
settings:
username: "julien.malka@me.com"
from:
from_secret: email_from
host:
from_secret: email_host
password:
from_secret: email_password
when:
status:
- failure
trigger:
branch:
- main
event:
- push
- cron

1
base.nix
View file

@ -30,7 +30,6 @@
rxvt_unicode rxvt_unicode
xorg.xbacklight xorg.xbacklight
neovim neovim
tinystatus
]; ];
environment.variables.EDITOR = "nvim"; environment.variables.EDITOR = "nvim";

21
modules/drone/default.nix
View file

@ -20,6 +20,8 @@ in
sops.secrets.drone = { }; sops.secrets.drone = { };
virtualisation.docker.enable = true;
systemd.services.drone-server = { systemd.services.drone-server = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
@ -72,6 +74,25 @@ in
path = [ pkgs.nixUnstable pkgs.git pkgs.docker pkgs.docker-compose ]; path = [ pkgs.nixUnstable pkgs.git pkgs.docker pkgs.docker-compose ];
}; };
systemd.services.drone-runner-docker = {
description = "Drone Docker Runner";
startLimitIntervalSec = 5;
serviceConfig = {
EnvironmentFile = [ config.sops.secrets.drone.path ];
Environment = [
"DRONE_SERVER_HOST=${cfg.nginx.subdomain}.julienmalka.me"
"DRONE_SERVER_PROTO=https"
"CLIENT_DRONE_RPC_HOST=127.0.0.1:3030"
];
ExecStart = "${pkgs.drone-runner-docker}/bin/drone-runner-docker";
};
wantedBy = [ "multi-user.target" ];
path = [ pkgs.nixUnstable pkgs.git pkgs.docker pkgs.docker-compose ];
};
} }
(mkIf cfg.nginx.enable { (mkIf cfg.nginx.enable {

1
modules/nix/default.nix
View file

@ -23,6 +23,7 @@ with lib;
''; '';
nixPath = [ nixPath = [
"nixpkgs=${inputs.nixpkgs}" "nixpkgs=${inputs.nixpkgs}"
"nixos=${inputs.nixpkgs}"
]; ];
binaryCaches = [ binaryCaches = [
"https://bin.julienmalka.me" "https://bin.julienmalka.me"

3
users/julien.nix
View file

@ -4,10 +4,11 @@
sops.secrets.user-julien-password.neededForUsers = true; sops.secrets.user-julien-password.neededForUsers = true;
users.groups.docker = {};
users.users.julien = { users.users.julien = {
isNormalUser = true; isNormalUser = true;
home = "/home/julien"; home = "/home/julien";
extraGroups = [ "wheel" config.users.groups.keys.name]; extraGroups = [ "wheel" "docker" config.users.groups.keys.name];
shell = pkgs.fish; shell = pkgs.fish;
passwordFile = config.sops.secrets.user-julien-password.path; passwordFile = config.sops.secrets.user-julien-password.path;
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [