Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-04-04 03:01:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Help is on the way

Browse source
This commit is contained in:
Julien Malka 2021-12-27 16:33:19 +01:00
parent 8a94329533
commit 3e07adbb49
No known key found for this signature in database
GPG key ID: 3C68E13964FEA07F
3 changed files with 16 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
.drone.yml
View file

@ -130,6 +130,14 @@ steps:
- echo "newton:" && nix store diff-closures $(readlink -f newton-old) $(readlink -f newton-new) - echo "newton:" && nix store diff-closures $(readlink -f newton-old) $(readlink -f newton-new)
- echo "macintosh:" && nix store diff-closures $(readlink -f macintosh-old) $(readlink -f macintosh-new) - echo "macintosh:" && nix store diff-closures $(readlink -f macintosh-old) $(readlink -f macintosh-new)
- name: Push update
commands:
- git checkout -b flake-update
- git add flake.lock
- git commit -m "Updated flake lock"
- git push --force
trigger: trigger:
branch: branch:
- main - main
@ -137,61 +145,3 @@ trigger:
- pull_request - pull_request
- cron - cron
- push - push
---
kind: pipeline
name: Push flake update
type: docker
steps:
- name: Update flake.lock
image: nixpkgs/nix-flakes
commands:
- nix flake update --inputs-from nixpkgs
- nix flake show
- nix flake metadata
- nix flake check
- nix flake check --show-trace
environment:
NIX_PATH: nixpkgs=channel:nixos-unstable
- name: Push updated flake.lock
image: appleboy/drone-git-push
settings:
branch: update-flake
remote: git@github.com:JulienMalka/nix-config.git
force: true
commit: true
force: true
commit_message: "Updated flake.lock"
ssh_key:
from_secret: deploy_key
- name: notify on failure
image: drillster/drone-email
settings:
username: "julien.malka@me.com"
from:
from_secret: email_from
host:
from_secret: email_host
password:
from_secret: email_password
when:
status:
- failure
depends_on:
- Update flake
trigger:
branch:
- main
event:
- cron
- push

6
modules/drone/default.nix
View file

@ -19,8 +19,10 @@ in
mkMerge [{ mkMerge [{
luj.hmgr.droneserver.luj.programs.git.enable = true;
users.groups.docker = {}; users.groups.docker = {};
sops.secrets.drone = { }; sops.secrets.drone = { };
nix.allowedUsers = [ "droneserver"];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
@ -54,7 +56,9 @@ in
users.users.droneserver = { users.users.droneserver = {
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
home = "/home/droneserver";
group = droneserver; group = droneserver;
extraGroups = [ config.users.groups.keys.name ];
}; };
users.groups.droneserver = { }; users.groups.droneserver = { };
@ -63,6 +67,8 @@ in
description = "Drone Exec Runner"; description = "Drone Exec Runner";
startLimitIntervalSec = 5; startLimitIntervalSec = 5;
serviceConfig = { serviceConfig = {
User = droneserver;
Group = droneserver;
EnvironmentFile = [ config.sops.secrets.drone.path ]; EnvironmentFile = [ config.sops.secrets.drone.path ];
Environment = [ Environment = [
"DRONE_SERVER_HOST=${cfg.nginx.subdomain}.julienmalka.me" "DRONE_SERVER_HOST=${cfg.nginx.subdomain}.julienmalka.me"

2
modules/secrets/default.nix
View file

@ -18,6 +18,8 @@ with lib;
sops.secrets.sendinblue-mail-passwd = {}; sops.secrets.sendinblue-mail-passwd = {};
sops.secrets.git-gpg-private-key = { sops.secrets.git-gpg-private-key = {
owner = "julien"; owner = "julien";
mode = "0440";
group = config.users.groups.keys.name;
}; };
}; };