From f6862a194473d6e1f662e2f538fe2e92b65371b9 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Thu, 5 Jan 2023 17:15:06 +0100 Subject: [PATCH] Updated nix for 22.11 (4) --- modules/bincache/default.nix | 5 +- modules/drone/default.nix | 153 ++++++++++++++++++----------------- 2 files changed, 81 insertions(+), 77 deletions(-) diff --git a/modules/bincache/default.nix b/modules/bincache/default.nix index 96b2d91..244891f 100644 --- a/modules/bincache/default.nix +++ b/modules/bincache/default.nix @@ -18,7 +18,7 @@ with lib; users.users.nix-serve = { isSystemUser = true; }; - nix.allowedUsers = [ "nix-serve" ]; + nix.settings.allowed-users = [ "nix-serve" ]; users.users.nix-serve.group = "nix-serve"; users.groups.nix-serve = { }; @@ -32,5 +32,6 @@ with lib; port = port; }; - } (mkSubdomain cfg.subdomain port)); + } + (mkSubdomain cfg.subdomain port)); } diff --git a/modules/drone/default.nix b/modules/drone/default.nix index 05a18a7..478570f 100644 --- a/modules/drone/default.nix +++ b/modules/drone/default.nix @@ -14,85 +14,88 @@ in }; }; - config = mkIf cfg.enable (recursiveUpdate { + config = mkIf cfg.enable (recursiveUpdate + { - users.users.drone = { - isNormalUser = true; - createHome = true; - home = "/home/drone"; - extraGroups = [ drone config.users.groups.keys.name ]; - passwordFile = config.sops.secrets.user-julien-password.path; - }; - users.groups.drone = { }; - luj.hmgr.drone.luj.programs.git.enable = true; - nix.allowedUsers = [ drone ]; - - sops.secrets.drone = { }; - - sops.secrets.ssh-drone-pub = { - owner = drone; - path = "/home/drone/.ssh/id_ed25519.pub"; - mode = "0644"; - format = "binary"; - sopsFile = ../../secrets/ssh-drone-pub; - }; - - sops.secrets.ssh-drone-priv = { - owner = drone; - path = "/home/drone/.ssh/id_ed25519"; - mode = "0600"; - format = "binary"; - sopsFile = ../../secrets/ssh-drone-priv; - }; - - - systemd.services.drone-server = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - EnvironmentFile = [ config.sops.secrets.drone.path ]; - Environment = [ - "DRONE_SERVER_HOST=${cfg.subdomain}.julienmalka.me" - "DRONE_SERVER_PROTO=https" - "DRONE_DATABASE_DATASOURCE=postgres:///drone?host=/run/postgresql" - "DRONE_DATABASE_DRIVER=postgres" - "DRONE_SERVER_PORT=:3030" - "DRONE_USER_CREATE=username:JulienMalka,admin:true" - "DRONE_REGISTRATION_CLOSED=true" - ]; - ExecStart = "${pkgs.drone}/bin/drone-server"; - User = drone; - Group = drone; + users.users.drone = { + isNormalUser = true; + createHome = true; + home = "/home/drone"; + extraGroups = [ drone config.users.groups.keys.name ]; + passwordFile = config.sops.secrets.user-julien-password.path; }; - }; + users.groups.drone = { }; + luj.hmgr.drone.luj.programs.git.enable = true; + nix.settings.allowed-users = [ drone ]; - services.postgresql = { - enable = true; - ensureDatabases = [ drone ]; - ensureUsers = [{ - name = drone; - ensurePermissions = { - "DATABASE ${drone}" = "ALL PRIVILEGES"; + sops.secrets.drone = { }; + + sops.secrets.ssh-drone-pub = { + owner = drone; + path = "/home/drone/.ssh/id_ed25519.pub"; + mode = "0644"; + format = "binary"; + sopsFile = ../../secrets/ssh-drone-pub; + }; + + sops.secrets.ssh-drone-priv = { + owner = drone; + path = "/home/drone/.ssh/id_ed25519"; + mode = "0600"; + format = "binary"; + sopsFile = ../../secrets/ssh-drone-priv; + }; + + + systemd.services.drone-server = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + EnvironmentFile = [ config.sops.secrets.drone.path ]; + Environment = [ + "DRONE_SERVER_HOST=${cfg.subdomain}.julienmalka.me" + "DRONE_SERVER_PROTO=https" + "DRONE_DATABASE_DATASOURCE=postgres:///drone?host=/run/postgresql" + "DRONE_DATABASE_DRIVER=postgres" + "DRONE_SERVER_PORT=:3030" + "DRONE_USER_CREATE=username:JulienMalka,admin:true" + "DRONE_USER_CREATE=username:camillemndn, admin:true" + "DRONE_REGISTRATION_CLOSED=true" + ]; + ExecStart = "${pkgs.drone}/bin/drone-server"; + User = drone; + Group = drone; }; - }]; - }; - - systemd.services.drone-runner-exec = { - description = "Drone Exec Runner"; - startLimitIntervalSec = 5; - serviceConfig = { - User = drone; - Group = drone; - EnvironmentFile = [ config.sops.secrets.drone.path ]; - Environment = [ - "DRONE_SERVER_HOST=${cfg.subdomain}.julienmalka.me" - "DRONE_SERVER_PROTO=https" - "CLIENT_DRONE_RPC_HOST=127.0.0.1:3030" - ]; - ExecStart = "${pkgs.drone-runner-exec}/bin/drone-runner-exec service run"; }; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.nixUnstable pkgs.git pkgs.openssh ]; - }; - } (recursiveUpdate (mkSubdomain cfg.subdomain port) (mkVPNSubdomain cfg.subdomain port))); + services.postgresql = { + enable = true; + ensureDatabases = [ drone ]; + ensureUsers = [{ + name = drone; + ensurePermissions = { + "DATABASE ${drone}" = "ALL PRIVILEGES"; + }; + }]; + }; + + systemd.services.drone-runner-exec = { + description = "Drone Exec Runner"; + startLimitIntervalSec = 5; + serviceConfig = { + User = drone; + Group = drone; + EnvironmentFile = [ config.sops.secrets.drone.path ]; + Environment = [ + "DRONE_SERVER_HOST=${cfg.subdomain}.julienmalka.me" + "DRONE_SERVER_PROTO=https" + "CLIENT_DRONE_RPC_HOST=127.0.0.1:3030" + ]; + ExecStart = "${pkgs.drone-runner-exec}/bin/drone-runner-exec service run"; + }; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.nixUnstable pkgs.git pkgs.openssh ]; + }; + + } + (recursiveUpdate (mkSubdomain cfg.subdomain port) (mkVPNSubdomain cfg.subdomain port))); }