Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-27 06:10:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added drone module

Browse source
This commit is contained in:
Julien Malka 2021-12-25 12:53:48 +01:00
parent 16b5175acb
commit f9450c2e81
No known key found for this signature in database
GPG key ID: 3C68E13964FEA07F
4 changed files with 111 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
machines/newton/default.nix
View file

@ -13,6 +13,11 @@ in
luj = {
filerun.enable = true;
drone.enable = true;
drone.nginx = {
enable = true;
subdomain = "ci";
};
zfs-mails.enable = true;
hydra = {
enable = true;
@ -30,8 +35,8 @@ in
networking.interfaces.enp2s0f0.useDHCP = true;
networking.interfaces.enp2s0f1.useDHCP = true;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
networking.firewall.allowedUDPPorts = [ 22 80 443 ];
networking.firewall.allowedTCPPorts = [ 22 80 8080 443 ];
networking.firewall.allowedUDPPorts = [ 22 80 8080 443 ];
networking.firewall.allowedUDPPortRanges = [{ from = 60000; to = 61000; }];

100
modules/drone/default.nix Normal file
View file

@ -0,0 +1,100 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.luj.drone;
droneserver = config.users.users.droneserver.name;
port = 3030;
in
{
options.luj.drone = {
enable = mkEnableOption "activate drone CI";
nginx.enable = mkEnableOption "activate nginx";
nginx.subdomain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable (
mkMerge [{
sops.secrets.drone = { };
systemd.services.drone-server = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
EnvironmentFile = [ config.sops.secrets.drone.path ];
Environment = [
"DRONE_SERVER_HOST=${cfg.nginx.subdomain}.julienmalka.me"
"DRONE_SERVER_PROTO=https"
"DRONE_DATABASE_DATASOURCE=postgres:///droneserver?host=/run/postgresql"
"DRONE_DATABASE_DRIVER=postgres"
"DRONE_SERVER_PORT=:3030"
"DRONE_USER_CREATE=username:Julien,admin:true"
];
ExecStart = "${pkgs.drone}/bin/drone-server";
User = droneserver;
Group = droneserver;
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ droneserver ];
ensureUsers = [{
name = droneserver;
ensurePermissions = {
"DATABASE ${droneserver}" = "ALL PRIVILEGES";
};
}];
};
users.users.droneserver = {
isSystemUser = true;
createHome = true;
group = droneserver;
};
users.groups.droneserver = { };
#environment.etc.drone-runner-exec = {
# target = "drone-runner-exec/config";
# text = ''
# DRONE_RPC_PROTO=https
# DRONE_RPC_HOST=${cfg.nginx.subdomain}.julienmalka.me
# DRONE_RPC_SECRET=JIJ1pfTgJldCMAgKtGLOnbQE5e8oUPSo2DqlWayVLQFVXDe3898DYvixRiprddY1M
# DRONE_UI_USERNAME=root
# DRONE_UI_PASSWORD=root
# '';
#};
systemd.services.drone-runner-exec = {
description = "Drone Exec Runner";
startLimitIntervalSec = 5;
serviceConfig = {
EnvironmentFile = [ config.sops.secrets.drone.path ];
Environment = [
"DRONE_SERVER_HOST=${cfg.nginx.subdomain}.julienmalka.me"
"DRONE_SERVER_PROTO=https"
"CLIENT_DRONE_RPC_HOST=127.0.0.1:3030"
];
ExecStart = "${pkgs.drone-runner-exec}/bin/drone-runner-exec service run";
};
wantedBy = [ "multi-user.target" ];
path = [ pkgs.git pkgs.docker pkgs.docker-compose ];
};
}
(mkIf cfg.nginx.enable {
luj.nginx.enable = true;
services.nginx.virtualHosts."${cfg.nginx.subdomain}.julienmalka.me" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}";
};
};
})]);
}

1
modules/nix/default.nix
View file

@ -10,6 +10,7 @@ with lib;
config = mkIf cfg.enable
{
nixpkgs.config.allowUnfree = true;
nix = {
autoOptimiseStore = true;
allowedUsers = [ "julien" "hydra" ];

5
secrets/secrets.yaml
View file

@ -3,6 +3,7 @@ user-root-password: ENC[AES256_GCM,data:RPdunJvhHm7jKVCjtUEjrWvICCMUy/iMNgu/ApE+
ens-mail-passwd: ENC[AES256_GCM,data:NLJ2D09xUNXVdA==,iv:rql17Ox9QIVtfkZWUS7+M3rgEOOd02hn390zNdSBAj0=,tag:SbajW6RjNWIJsiikFMliww==,type:str]
sendinblue-mail-passwd: ENC[AES256_GCM,data:XpB255skeWKwwK2AqMwqEw==,iv:cuS58ISY9J1qMkAAjxWdHpEYHPFBBmCS8hwNX4BBV4w=,tag:dhJSN6ozThH4wKsw8M8Mug==,type:str]
git-gpg-private-key: ENC[AES256_GCM,data:5F2sfu9zRKRyqL3eQa2XAqmBPuOwRSPT/LZVfyaLWvOcWYE1dkcB/mxerU/PF9LTh9q7jZVLAsr8k/NceCKg5sKbeBItxiQ6W40vf7GOOxySVczwmEqcSviffyyPBYbXkcBn//1nD6cyoCk23TOKKey8kWzB7O7fKyg4Bt8a1siCXp1HLdfPHLu7Ppk8qMlWE67c1HN9b3oLAXPA4dXG3Yl3vcflTZtjZkhstLf1sesgLPwPNVPaVVHW7WzlIbN8/jtTOiXJagdCbFF/XU9awJLsmy82fN6ip6e83EhE9Ej+B2Wvqb30nRtj85fFMIlkgbRrdJyQRe8p2CajRvcztn9GrEI3LFTLvE+yGxKcCJ/96IJOInqWhJf5f1Kc8qimxBHdloPQKI+iMgfcmnLIIfL6azs7SKNkRGzs9YInl5xOxsH3w/r9qz58l1dk1o+kZsSIDrU9XAx9x6u8RyNTAjue8aJ2Knqg8NrmoRat0IKIFiaymGvxnxEm9JNM4M8JAgYbsuT8Vx9oF9N/D8emd3Ue0FAlObIs4Aw2P8wcSVwbq2dWcFW+LTJ2+Iye9XE2E3+AZg9IiVU1Ik5gs3jxK+HKnZdv2HcnUd1pxTzrIhsyxnWZHBbZqM2gtg9kUaSBUhNZh59DoNtuP3g2PO+krsnnNT/wt2r7oP1SZm63ldkKk6mI+IDyiqo72UuI8ipgWicFvpJnhk06pbt+Z5hb1w4u/e4AkJ/Htv+RGRsZFJbtfH66nFkvagW981BKQ8IsHIUMXqP7qpufUT3ERmcYEoKp9hx3zUPpY6PasqKSlJecRJi4hhUty9C9BqrUP7v4+3n5Cf747HiL58nFUQ1YlRo8McAfRCrBtLwtsGys1EJzM8VKHXj7bQjtOj/apkEkW45Krp8MP+lOctx51t/J+uidF0xTq5DOeBIpl/et6+j8knyBA/qTkgvG12uxhD1L3Ya9MhAjRiycmbe0N0995lLkFsg4Dp02RGEcDujKg92vc4TINJHUey/91GSBlNN6yGa/ZHFvnGr0/pY3Ecc96QkYosGuy7pH4qVHwYJot4+nlctSwuMbbS1ptiawH2/O9qy8SHeH3RiTfUj7qZko2dRzW2E565ykCaOBu9f2iXMwjEGwg0b4v2xzN+BufvCWbvhI6U7bXEjO0PWG+a7ay7+x5Cb1OWC4xRUeWsyzAbtSsGLrpoaiEAR90eWiP8nlVNSJBErDIyK62N5zpb+iCcPAZi05DS2qFRL70VMstK8/Nkwe8QnZIkCrNURAX9sp03/u3EviB9RfdG118ib8ExgODNo9pkgQhYSTiq2wX8e2nmXCGDsyCtYIc3LMpSHtL2YVElBUM8aqncBuoO/XZ/EbrqDpzmXfvd/nXhGmoWY+nI48j1Ek5hvs6jXermA3A8qciUfgvwTha8LaBYggJrjnSsqS9dgTEMrQUUhsf/iT3rSp54AoIxKdyXvGwxZVLGDr8pEExLBC5kkv6o75VJ3MCX3QHnAoLpMXlRpghwYGHstRDKkOeaWmdvaj6a+KuJfbPRi5wz4DgygVYB4133uqC54RLsR8SOF6Y1AN6JCwj21SmHXOGmfKQKkl2P7vs95qWYo63Nykr7bUkh4+Vh/wt4ZwJR5MJXpALn1C70iZCV1bmEYWi4ktW3UHkMX/jUArHiC9QE0r5ND7XwcNbCjKIvyR8IjtbKlQRK5zMI/9hu74rn9cklMaKxEdvVOUVxZZn3d97FWgDjyjqdPbfEbn9eqyl3BdzUERAhHLqUTQ25dn4K+x4CvPMSgRZX1aLY4ZAns2ebXExC55Qf6rx+eqPn57Wq3ZFjSgG26VeB3KSDCP5amwnWyXb+jOOoC02VfrXx9gPcEaBZg6N0X4+sqi9acvtNe8KNBaH1Lcs7Ckdcfkm1HEbAHZ+kP++x7+sR4OBQkvUMXONrxMz9aGHMAMLf1vki2EW5uvOO/AHXraLrji6htcNPF47ZRDBh2IMzMn3DzVREFCjhm0c6mFV8976MpmfpAZfG89Bu2dDGS6N6q/oFRmdfbUKbq8CLvii+YtMljsGJRJo8i8RbuF70HvuH9okXZvIEXsM8U5LN4cM4H03MXuz6V3FFTvB31pgDQHfURpgUakqL6mv8UpxatFCcStIFc0SWENHriIXDRCpk47mxw31roCIlrqKmnI22wVEtmVWw+pXk2sPudY3PRgwvP//1vP0GtxJJLuPFDXEfpuMCdMmyI8egn3kGuaUzh4AiXLPB+CnXWmN0kRBBJiOJ3h74g0TwHCqaWrKthTyxFTi4wC7TVgBXPwkavxctWtAFfHsJYQb6MK0Bj38v4bMR5SPC3uTZSNgOs2Nbh6c6rnnGCOuSwgmM3KFBBTnRn7a6LuhcisFODijDE6n1dsCpAZ4onkMwVHJuP6iExdygZ9lhmnc+pPFvmhf/XqlyuRSsDEzbZa2m3g3ZU757Wbwch64ITNS9JcHoBT+/1g50SBra/xhS3nic1psTAy5tSuRCcFcyc/zp7hAB9Y+rLHYwu2kFqDvkefCibPZTNUNXRm0UBCNHT+5bLvh3x5q2FCljYy75++w6hHammoIydFYfY+MR7HPDUJU+rFAcNLARf8ixxzkcG+uzpmSTvkGIx80Ydehjmgim9HtWi1i0T5U8ouJAQJ/PhBOZGNDdbGSwvt7Zqvqtf6pj2KSPaIQ/SsQ5l+mdSiM5y+F0fUNHRA1ck9VGI9mvP924z8Fv/GCjSVBv9HTs7tQX9LtELTxrnbqd+pvMQ4Hg5Cwzg9yhwMI1NCY9N/xu7hR5CWXIGHGTaoSRWUgFbOOAS3a6o0S7ZKJuRBikTjIIvHon4CucmGz5G3aJBkaBIme1bmQ85e6PpXRztKnxYbGR16kR/OTqs0cpIoFUabRdpgajlEjbJUL3wJpKnm7iGjd3s4jBbzMe8DQ05UnT+IKwOm4pIKOGbSAUIS1N8OBPxiQU9eyDKzKdc6yHrEg322sbsQ3zq0Yv2P9PoJRD3IX6TseRYGcwL/S6sWn4oS76wrli+DmpmOHi7DUFX+B67U3VMlZy8UmE+TYJyEsZINvDJqvxqr7DB1Hm/DjRVdA5Djwgkd0gTTDrMPmsSWcJk3Ft51s/sGw+GJq7gYIBBtb3updzEazdNqsHvwmWo0E3hpMRrXhHfO+ErOoCCLKLY1koIlglawqBBnySS7J7qBlV+KpEIw4aNVPdmavPTDUmuI2WhsNS8U5S/+A1aMkHaC7G5sQGiuHVKBlyFj6nvEsiaK/6+rBcTD7NFWWK8PvNgCukEUUGnNswERqBVAOsthegtLqlY6Y86DfmS2PjiuZMdRbaqKAfL+LMt+7sK/x4hJXUXtDuxKl0G4U2bOr/eEAEe6pJLHdrFEE6RjbYdHli05SJzfm8D/o2Vep+JuhxSTv4VRUVOa/6h3ow+S6OXQAIwNUSlzQCJj2r0T/4kfRssNaxugIYy/90kHs+zoQDG921+T1QABpRBtxKTDDmk3idoo1pc1CuSmoCa5pAIkUSni3i5jfOb/hdZwBXcokLqlUYtEoV8P8RrK5cfAIV01UobR81538RhMecdjcvzAHT8Ewnj2Mah6HlybbWcDyQi6J4akQ4ucMpBIbXZic67d/iO72tpBQZ2lJq9tUae2Yaoj5GN5aWk4yFfe2ZaVa4kYDY7rbiSgnlm/s1A7U0d9bXp2XK9G/8bg5FoZislsTkPJpnrtcybVKM+678B0gKCfP/kHwVp2q0w5EGP3IbuQKsaYuJwuA9kuZyWb42ggpTlQhitaRMHvPs+3MydnD870t1nY6et3bp8rso/OJhBPIM9Bpjf884CkoKe+jDM4qGhi+fRBiR7xYZwhcAEnld190LBYCadXX9QQcXEQa9VQjXxfKYyaWF6llwSbG5FAiHjPUQ76jKX0JUkgYJnEQ00RBF1PxkfewpxyWU1RgYHnHeMFSIfNnmq6dw5vesKY3cpRmOdM2eCJ4Hxs2oLnr+egTZKpK7BbRsHJCkh0aefjKx12/SfbZ7SLTfBjY8qcBMW+a2BIaugDV+lcVHJ2lNtQ0kLKxVRCapLmXLv9KvoDrTs5kuSNsgzdM2QUVCJNGIdlg6qQg3FGbEUDWSPjspQGlDj5+RNDBK+3t789FeyTOocI/7IyNsoY6rx6sMS4u0B2+3SFRYEfnmULWVjw3eWsgYDRT4apt7ncMwTbpjxTzhdET0gxoH914AWRDLky2BXL2NWOX70nPB1Xe2NmH6UUwv7iI6Ovx9UIM/3ngEqDpH8GnjptfYkMo2OFbA4yn1DxnP0sT+nFtNeRqK/d246bA6UQJuYcvxKUx7cKDFmpWGC5SCFs1g977nBlUAuFS+RGvmAPTNgxBO+Vpu/UApOQMEOAqv174PlPkEQqt1paVR3KKnaocOh4hnmb8T/GvJ1MAMTngOfgqHU9l0SGE2y05/KyPWbD23wzC4IGks6DR6rICVRsaRpyrWogX5qi003ac0yG/PaDeL3zzmuR8/0WCcDPNAGc59p+nPeb0KSqcZ0iyS9FIk+hJ5upPhO2siQ=,iv:6fgJYa40Lc1SAOG7Uik4GY67yPcup5B3KBGSoud7lEc=,tag:ExvyrzrUuGLM7x6Di1/jAw==,type:str]
drone: ENC[AES256_GCM,data:3xuu0Lo8hmzobCxcLNXbi9t6o8oc3huKzaORPeTQGv4q4DUei4XxoTYmTvav7gc5uZbMQJbGr63tFn8sxUMwHMKYlh0jsMbgZudb5L9nIPYUlGCXZPkMEo/MTKG9N5lrUNpg18PoJTv0BjBa9P/AizJi++YJBJ5Ae3iL6OeV7kfpDkiO1z1DtgwpEh0svlz7wKsxzalrQlHPxGrp1FbFNE2x1vIW236ZRZsPly/rrCXHk4OJ0w+oFXs/e68/r0Fdrxrn,iv:0RGnjEoAe6DbSr5JU1cyOxnM7poR8HJeyJQQ98oA9Bk=,tag:rvAHCevD/i0/xRDbFkiUaA==,type:str]
sops:
kms: []
gcp_kms: []
@ -36,8 +37,8 @@ sops:
YlZjaTNZL29VcHlReGxWRENobHcyUDgK1518yGevHiTP1WiaIvqeqYBi8Y9ZhoJZ
okemTbpj3Svv/TVIjKp3iO/KHHPYrCZPOQAmvxf/PP14ahOmEv255g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2021-12-22T23:36:22Z"
mac: ENC[AES256_GCM,data:UxTkr0AI60BOv0NQAjUbO0PerpQCT1S0V5DOP8JprfucY0aJgekFCcKLuCN6gjNsEFW7Y2Ze1C9dz6YN91XpMGr7twjHLijAVZy3xjWfuoAuuQ76lpSase5IhVwCoAYDYdXJ6iG+8Xko6U9OEch+T4bK2oMj67Jj6zPjkFDgnIo=,iv:noV6Cbaz5vO6EesXanw/dSkPPLPN70OhiNaTM43l3FE=,tag:FTeUasBHnXDxDG3iw/4l0A==,type:str]
lastmodified: "2021-12-25T11:28:53Z"
mac: ENC[AES256_GCM,data:xkWioBftczFuIAUhLg+hxhHW2/GTaGs9jbJi8uorjFkQlFdRf8UtKUOqWjv1pS88SuVaRh4Lrb2GYIqRE/EjVVxxBBKTBOCFUu5gbUV9tjqbAq4wZSsZRJvWKvzNdwEmJvbLA0GynyDsZEIN+QdyxVGl+ElDHlqlwJChNDjzMLo=,iv:TuqPv+FGw9Hqc2mxxsTIh0qlX3rSn0QbGj9G97GZwsw=,tag:y6ybgxAHP4qmUsF3piXhow==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1