From 61e2ddc881bc581dec8b4b56743f896c855add00 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Mon, 27 Dec 2021 22:14:37 +0100 Subject: [PATCH] Cleaned drone a little bit --- machines/lisa/default.nix | 5 +- modules/drone/default.nix | 143 ++++++++++++++++++-------------------- 2 files changed, 68 insertions(+), 80 deletions(-) diff --git a/machines/lisa/default.nix b/machines/lisa/default.nix index 7c9842b..2406acc 100644 --- a/machines/lisa/default.nix +++ b/machines/lisa/default.nix @@ -20,10 +20,7 @@ }; drone = { enable = true; - nginx = { - enable = true; - subdomain = "ci"; - }; + subdomain = "ci"; }; status = { enable = true; diff --git a/modules/drone/default.nix b/modules/drone/default.nix index a8a4beb..4ac92a4 100644 --- a/modules/drone/default.nix +++ b/modules/drone/default.nix @@ -2,97 +2,88 @@ with lib; let cfg = config.luj.drone; - droneserver = config.users.users.droneserver.name; + drone = config.users.users.drone.name; port = 3030; in { options.luj.drone = { enable = mkEnableOption "activate drone CI"; - nginx.enable = mkEnableOption "activate nginx"; - nginx.subdomain = mkOption { + subdomain = mkOption { type = types.str; }; }; - config = mkIf cfg.enable ( - mkMerge [{ + config = mkIf cfg.enable { - luj.hmgr.droneserver.luj.programs.git.enable = true; - sops.secrets.drone = { }; - nix.allowedUsers = [ "droneserver"]; + users.users.droneserver = { + isNormalUser = true; + createHome = true; + home = "/home/droneserver"; + extraGroups = [ droneserver config.users.groups.keys.name ]; + passwordFile = config.sops.secrets.user-julien-password.path; + }; + users.groups.droneserver = { }; + luj.hmgr.droneserver.luj.programs.git.enable = true; + nix.allowedUsers = [ drone ]; - systemd.services.drone-server = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - EnvironmentFile = [ config.sops.secrets.drone.path ]; - Environment = [ - "DRONE_SERVER_HOST=${cfg.nginx.subdomain}.julienmalka.me" - "DRONE_SERVER_PROTO=https" - "DRONE_DATABASE_DATASOURCE=postgres:///droneserver?host=/run/postgresql" - "DRONE_DATABASE_DRIVER=postgres" - "DRONE_SERVER_PORT=:3030" - "DRONE_USER_CREATE=username:Julien,admin:true" - ]; - ExecStart = "${pkgs.drone}/bin/drone-server"; - User = droneserver; - Group = droneserver; + sops.secrets.drone = { }; + + + systemd.services.drone-server = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + EnvironmentFile = [ config.sops.secrets.drone.path ]; + Environment = [ + "DRONE_SERVER_HOST=${cfg.nginx.subdomain}.julienmalka.me" + "DRONE_SERVER_PROTO=https" + "DRONE_DATABASE_DATASOURCE=postgres:///droneserver?host=/run/postgresql" + "DRONE_DATABASE_DRIVER=postgres" + "DRONE_SERVER_PORT=:3030" + "DRONE_USER_CREATE=username:Julien,admin:true" + ]; + ExecStart = "${pkgs.drone}/bin/drone-server"; + User = drone; + Group = drone; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ drone ]; + ensureUsers = [{ + name = drone; + ensurePermissions = { + "DATABASE ${drone}" = "ALL PRIVILEGES"; }; - }; - services.postgresql = { - enable = true; - ensureDatabases = [ droneserver ]; - ensureUsers = [{ - name = droneserver; - ensurePermissions = { - "DATABASE ${droneserver}" = "ALL PRIVILEGES"; - }; - }]; - }; - users.users.droneserver = { - isNormalUser = true; - createHome = true; - home = "/home/droneserver"; - extraGroups = [ droneserver config.users.groups.keys.name ]; - passwordFile = config.sops.secrets.user-julien-password.path; - }; - users.groups.droneserver = { }; + }]; + }; + systemd.services.drone-runner-exec = { + description = "Drone Exec Runner"; + startLimitIntervalSec = 5; + serviceConfig = { + User = drone; + Group = drone; + EnvironmentFile = [ config.sops.secrets.drone.path ]; + Environment = [ + "DRONE_SERVER_HOST=${cfg.nginx.subdomain}.julienmalka.me" + "DRONE_SERVER_PROTO=https" + "CLIENT_DRONE_RPC_HOST=127.0.0.1:3030" + ]; + ExecStart = "${pkgs.drone-runner-exec}/bin/drone-runner-exec service run"; + }; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.nixUnstable pkgs.git pkgs.openssh ]; + }; - systemd.services.drone-runner-exec = { - description = "Drone Exec Runner"; - startLimitIntervalSec = 5; - serviceConfig = { - User = droneserver; - Group = droneserver; - EnvironmentFile = [ config.sops.secrets.drone.path ]; - Environment = [ - "DRONE_SERVER_HOST=${cfg.nginx.subdomain}.julienmalka.me" - "DRONE_SERVER_PROTO=https" - "CLIENT_DRONE_RPC_HOST=127.0.0.1:3030" - ]; - - ExecStart = "${pkgs.drone-runner-exec}/bin/drone-runner-exec service run"; - }; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.nixUnstable pkgs.git pkgs.docker pkgs.docker-compose pkgs.openssh ]; + services.nginx.virtualHosts."${cfg.nginx.subdomain}.julienmalka.me" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; }; - - - } - - (mkIf cfg.nginx.enable { - luj.nginx.enable = true; - services.nginx.virtualHosts."${cfg.nginx.subdomain}.julienmalka.me" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString port}"; - }; - }; - - })]); - - + }; + }; }