From f6862a194473d6e1f662e2f538fe2e92b65371b9 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Thu, 5 Jan 2023 17:15:06 +0100
Subject: [PATCH] Updated nix for 22.11 (4)
---
modules/bincache/default.nix | 5 +-
modules/drone/default.nix | 153 ++++++++++++++++++-----------------
2 files changed, 81 insertions(+), 77 deletions(-)
diff --git a/modules/bincache/default.nix b/modules/bincache/default.nix
index 96b2d91..244891f 100644
--- a/modules/bincache/default.nix
+++ b/modules/bincache/default.nix
@@ -18,7 +18,7 @@ with lib;
users.users.nix-serve = {
isSystemUser = true;
};
- nix.allowedUsers = [ "nix-serve" ];
+ nix.settings.allowed-users = [ "nix-serve" ];
users.users.nix-serve.group = "nix-serve";
users.groups.nix-serve = { };
@@ -32,5 +32,6 @@ with lib;
port = port;
};
- } (mkSubdomain cfg.subdomain port));
+ }
+ (mkSubdomain cfg.subdomain port));
}
diff --git a/modules/drone/default.nix b/modules/drone/default.nix
index 05a18a7..478570f 100644
--- a/modules/drone/default.nix
+++ b/modules/drone/default.nix
@@ -14,85 +14,88 @@ in
};
};
- config = mkIf cfg.enable (recursiveUpdate {
+ config = mkIf cfg.enable (recursiveUpdate
+ {
- users.users.drone = {
- isNormalUser = true;
- createHome = true;
- home = "/home/drone";
- extraGroups = [ drone config.users.groups.keys.name ];
- passwordFile = config.sops.secrets.user-julien-password.path;
- };
- users.groups.drone = { };
- luj.hmgr.drone.luj.programs.git.enable = true;
- nix.allowedUsers = [ drone ];
-
- sops.secrets.drone = { };
-
- sops.secrets.ssh-drone-pub = {
- owner = drone;
- path = "/home/drone/.ssh/id_ed25519.pub";
- mode = "0644";
- format = "binary";
- sopsFile = ../../secrets/ssh-drone-pub;
- };
-
- sops.secrets.ssh-drone-priv = {
- owner = drone;
- path = "/home/drone/.ssh/id_ed25519";
- mode = "0600";
- format = "binary";
- sopsFile = ../../secrets/ssh-drone-priv;
- };
-
-
- systemd.services.drone-server = {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- EnvironmentFile = [ config.sops.secrets.drone.path ];
- Environment = [
- "DRONE_SERVER_HOST=${cfg.subdomain}.julienmalka.me"
- "DRONE_SERVER_PROTO=https"
- "DRONE_DATABASE_DATASOURCE=postgres:///drone?host=/run/postgresql"
- "DRONE_DATABASE_DRIVER=postgres"
- "DRONE_SERVER_PORT=:3030"
- "DRONE_USER_CREATE=username:JulienMalka,admin:true"
- "DRONE_REGISTRATION_CLOSED=true"
- ];
- ExecStart = "${pkgs.drone}/bin/drone-server";
- User = drone;
- Group = drone;
+ users.users.drone = {
+ isNormalUser = true;
+ createHome = true;
+ home = "/home/drone";
+ extraGroups = [ drone config.users.groups.keys.name ];
+ passwordFile = config.sops.secrets.user-julien-password.path;
};
- };
+ users.groups.drone = { };
+ luj.hmgr.drone.luj.programs.git.enable = true;
+ nix.settings.allowed-users = [ drone ];
- services.postgresql = {
- enable = true;
- ensureDatabases = [ drone ];
- ensureUsers = [{
- name = drone;
- ensurePermissions = {
- "DATABASE ${drone}" = "ALL PRIVILEGES";
+ sops.secrets.drone = { };
+
+ sops.secrets.ssh-drone-pub = {
+ owner = drone;
+ path = "/home/drone/.ssh/id_ed25519.pub";
+ mode = "0644";
+ format = "binary";
+ sopsFile = ../../secrets/ssh-drone-pub;
+ };
+
+ sops.secrets.ssh-drone-priv = {
+ owner = drone;
+ path = "/home/drone/.ssh/id_ed25519";
+ mode = "0600";
+ format = "binary";
+ sopsFile = ../../secrets/ssh-drone-priv;
+ };
+
+
+ systemd.services.drone-server = {
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ EnvironmentFile = [ config.sops.secrets.drone.path ];
+ Environment = [
+ "DRONE_SERVER_HOST=${cfg.subdomain}.julienmalka.me"
+ "DRONE_SERVER_PROTO=https"
+ "DRONE_DATABASE_DATASOURCE=postgres:///drone?host=/run/postgresql"
+ "DRONE_DATABASE_DRIVER=postgres"
+ "DRONE_SERVER_PORT=:3030"
+ "DRONE_USER_CREATE=username:JulienMalka,admin:true"
+ "DRONE_USER_CREATE=username:camillemndn, admin:true"
+ "DRONE_REGISTRATION_CLOSED=true"
+ ];
+ ExecStart = "${pkgs.drone}/bin/drone-server";
+ User = drone;
+ Group = drone;
};
- }];
- };
-
- systemd.services.drone-runner-exec = {
- description = "Drone Exec Runner";
- startLimitIntervalSec = 5;
- serviceConfig = {
- User = drone;
- Group = drone;
- EnvironmentFile = [ config.sops.secrets.drone.path ];
- Environment = [
- "DRONE_SERVER_HOST=${cfg.subdomain}.julienmalka.me"
- "DRONE_SERVER_PROTO=https"
- "CLIENT_DRONE_RPC_HOST=127.0.0.1:3030"
- ];
- ExecStart = "${pkgs.drone-runner-exec}/bin/drone-runner-exec service run";
};
- wantedBy = [ "multi-user.target" ];
- path = [ pkgs.nixUnstable pkgs.git pkgs.openssh ];
- };
- } (recursiveUpdate (mkSubdomain cfg.subdomain port) (mkVPNSubdomain cfg.subdomain port)));
+ services.postgresql = {
+ enable = true;
+ ensureDatabases = [ drone ];
+ ensureUsers = [{
+ name = drone;
+ ensurePermissions = {
+ "DATABASE ${drone}" = "ALL PRIVILEGES";
+ };
+ }];
+ };
+
+ systemd.services.drone-runner-exec = {
+ description = "Drone Exec Runner";
+ startLimitIntervalSec = 5;
+ serviceConfig = {
+ User = drone;
+ Group = drone;
+ EnvironmentFile = [ config.sops.secrets.drone.path ];
+ Environment = [
+ "DRONE_SERVER_HOST=${cfg.subdomain}.julienmalka.me"
+ "DRONE_SERVER_PROTO=https"
+ "CLIENT_DRONE_RPC_HOST=127.0.0.1:3030"
+ ];
+ ExecStart = "${pkgs.drone-runner-exec}/bin/drone-runner-exec service run";
+ };
+ wantedBy = [ "multi-user.target" ];
+ path = [ pkgs.nixUnstable pkgs.git pkgs.openssh ];
+ };
+
+ }
+ (recursiveUpdate (mkSubdomain cfg.subdomain port) (mkVPNSubdomain cfg.subdomain port)));
}