Simon Bruder
4a8a7e0a4f
Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added.
63 lines
1.7 KiB
Nix
63 lines
1.7 KiB
Nix
# adapted from https://github.com/Mic92/dotfiles/blob/master/nixos/eve/modules/drone/server.nix
|
|
{ config, lib, pkgs, ... }:
|
|
let
|
|
user = "drone-server";
|
|
group = "drone-server";
|
|
in
|
|
{
|
|
sops.secrets = {
|
|
drone-rpc-environment.sopsFile = ../../secrets.yaml;
|
|
drone-server-environment.sopsFile = ../../secrets.yaml;
|
|
};
|
|
|
|
systemd.services.drone-server = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "postgres.service" ];
|
|
environment = {
|
|
DRONE_DATABASE_DATASOURCE = "postgres:///drone-server?host=/run/postgresql";
|
|
DRONE_DATABASE_DRIVER = "postgres";
|
|
DRONE_GITEA_SERVER = "https://git.sbruder.de";
|
|
DRONE_PROMETHEUS_ANONYMOUS_ACCESS = "true";
|
|
DRONE_SERVER_HOST = "ci.sbruder.de";
|
|
DRONE_SERVER_PORT = "127.0.0.1:8011";
|
|
DRONE_SERVER_PROTO = "https";
|
|
DRONE_USER_CREATE = "username:simon,admin:true";
|
|
};
|
|
serviceConfig = {
|
|
EnvironmentFile = with config.sops.secrets; [
|
|
drone-rpc-environment.path
|
|
drone-server-environment.path
|
|
];
|
|
ExecStart = "${pkgs.unstable.drone}/bin/drone-server";
|
|
Restart = "on-failure";
|
|
User = user;
|
|
Group = group;
|
|
};
|
|
};
|
|
|
|
services.postgresql = {
|
|
ensureDatabases = [ "drone-server" ];
|
|
ensureUsers = [{
|
|
name = user;
|
|
ensurePermissions = {
|
|
"DATABASE \"drone-server\"" = "ALL PRIVILEGES";
|
|
};
|
|
}];
|
|
};
|
|
|
|
services.nginx.virtualHosts."ci.sbruder.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations = {
|
|
"/".proxyPass = "http://${config.systemd.services.drone-server.environment.DRONE_SERVER_PORT}";
|
|
"/metrics".return = "403";
|
|
};
|
|
};
|
|
|
|
users.users."${user}" = {
|
|
isSystemUser = true;
|
|
inherit group;
|
|
};
|
|
users.groups."${group}" = { };
|
|
}
|