drone: migrate drone server to vm.strangervm

2023-02-04 23:12:22 +00:00 · 2023-02-04 23:12:22 +00:00 · 3da9306b40
commit 3da9306b40
parent e6dae966fd
6 changed files with 55 additions and 0 deletions
--- a/hosts/vm.strangervm.ts.hillion.co.uk/default.nix
+++ b/hosts/vm.strangervm.ts.hillion.co.uk/default.nix
@ -8,6 +8,7 @@

  imports = [
    ../../modules/common/default.nix
+    ../../modules/drone/server.nix
    ../../modules/matrix/default.nix
    ../../modules/resilio/default.nix
    ../../modules/www/global.nix
--- a/modules/drone/server.nix
+++ b/modules/drone/server.nix
@ -0,0 +1,25 @@
+{ config, pkgs, lib, ... }:
+
+{
+  config.age.secrets."drone/gitea_client_secret".file = ../../secrets/drone/gitea_client_secret.age;
+  config.age.secrets."drone/rpc_secret".file = ../../secrets/drone/rpc_secret.age;
+
+  config.virtualisation.oci-containers.containers."drone" = {
+    image = "drone/drone:2.16.0";
+    volumes = [ "/data/drone:/data" ];
+    ports = [ "18733:80" ];
+    environment = {
+      DRONE_AGENTS_ENABLED = "true";
+      DRONE_GITEA_SERVER = "https://gitea.hillion.co.uk";
+      DRONE_GITEA_CLIENT_ID = "687ee331-ad9e-44fd-9e02-7f1c652754bb";
+      DRONE_SERVER_HOST = "drone.hillion.co.uk";
+      DRONE_SERVER_PROTO = "https";
+      DRONE_LOGS_DEBUG = "true";
+      DRONE_USER_CREATE = "username:JakeHillion,admin:true";
+    };
+    environmentFiles = [
+      config.age.secrets."drone/gitea_client_secret".path
+      config.age.secrets."drone/rpc_secret".path
+    ];
+  };
+}
--- a/modules/www/global.nix
+++ b/modules/www/global.nix
@ -49,6 +49,9 @@
        }
      }
    '';
+    virtualHosts."drone.hillion.co.uk".extraConfig = ''
+      reverse_proxy http://vm.strangervm.ts.hillion.co.uk:18733
+    '';
  };
 }

--- a/secrets/drone/gitea_client_secret.age
+++ b/secrets/drone/gitea_client_secret.age
--- a/secrets/drone/rpc_secret.age
+++ b/secrets/drone/rpc_secret.age
@ -0,0 +1,22 @@
+age-encryption.org/v1
+-> ssh-rsa GxPFJQ
+B1tLU+ypxVOlO9jSZUvUwb69QrNk/rqJoYjdNSOJxSWk7+iX0jli0TrU8AePnfSn
+NjemcJJCoaSf5q7RQJK9Gfvq6BE1z4EoablA3Sx9un/qqUJuIy3SiQhR5+y5bPD0
+8FzLznorSQR5tc1mQo82S1lv0ec8hqw2q13Kqm/09NIiZNKSLoHkp031q3VZbjC
+XL2naNUqX4lNADqDxESbY5au3CsnBJGN2gX0syj0d1iRx0At2HJSR7gANCEYpWKI
+nBF+5mlX7lbpb61CoDUiQSW4JiXCULz1kiR7WWJQBrlFryn4CJ2PAUJTKUfzKO8t
+sgi02DX7frP4jMOt/Z5VMA
+-> ssh-rsa K9mW1w
+sPxe/ErVYvJmogtrhHikq7lz2c5jSYxb/mhDHdSAIQIV3b7zWOreEbLOxDnzr/K7
+pSHTLTIWXxiCEWxunrhUccGHiBEoP40MkcYJnxyuG49Fu42I9K8Gsq4GI05zF9Kl
+HKwVOwD7gF3QMgkDCxFuqCsmQLB11Evwc7NnbR0+Z3Y9o4FfP4SCXc87Ye+C9zn8
+9dRxjpRo1Qz9WtW2VG+qdaWldwo0BLtQILDQoR08GW8D1CZvsqXuHsoGLCMoPcgk
+H2TEwawh1V/bY/j0Y509sVQWn3FF27taqeEQYZOQOwUWNf10cAsDTDUjdYyc9fjJ
+Hx62FPHP9wmGsViNhn4gbg
+-> ssh-ed25519 O0LMHg 9CZI1FtkDLXaIdP9Qlx8O0hUfbdzfrJdK67ifPVDjQM
+Zqd5xtiaDBi7IFnab2bZQVzzEX0YQDrPYfvur9N6JT8
+-> I-grease V-d-})j
+mxJ1WhR/NqdMpIbCaM2jxxmffNAy/t9vByK+c9FNIzb3t87VUcALJxuSmswdNVqs
+1iL6
+--- ZJ3HoKn0QVAGVsB57bTaCEU19BuLas9SLRjczmomG1g
+ë>Ÿ‚xæÀ(¤G–$_¤ßWbw
›-]³UŸ<55>q~ˆS·ˆö`“ê¹ÄŽÌ-pQ,ID‰À@ÛïÞvf£FäøHÙ0Ù-ù:ð·ÄOñèÆA
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -61,4 +61,8 @@ in

  # Spotify Secrets
  "spotify/11132032266.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
+
+  # Drone Secrets
+  "drone/gitea_client_secret.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
+  "drone/rpc_secret.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
 }