services: drone: add 'docker' runner
This commit is contained in:
parent
819521eef9
commit
03f7cc8551
|
@ -12,12 +12,33 @@ let
|
||||||
hasRunner = (name: builtins.elem name cfg.runners);
|
hasRunner = (name: builtins.elem name cfg.runners);
|
||||||
|
|
||||||
execPkg = pkgs.nur.repos.mic92.drone-runner-exec;
|
execPkg = pkgs.nur.repos.mic92.drone-runner-exec;
|
||||||
|
|
||||||
|
dockerPkg = with pkgs; with stdenv; buildGoModule rec {
|
||||||
|
pname = "drone-runner-docker";
|
||||||
|
version = "2020-04-19";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "drone-runners";
|
||||||
|
repo = "drone-runner-docker";
|
||||||
|
rev = "v1.6.3";
|
||||||
|
sha256 = "sha256-WI3pr0t6EevIBOQwCAI+CY2O8Q7+W/CLDT/5Y0+tduQ=";
|
||||||
|
};
|
||||||
|
|
||||||
|
vendorSha256 = "sha256-tQPM91jMH2/nJ2pq8ExS/dneeLNb/vcL9kmEjyNtl5Y=";
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "Drone pipeline runner that executes builds using docker";
|
||||||
|
homepage = "https://github.com/drone-runners/drone-runner-docker";
|
||||||
|
# https://polyformproject.org/licenses/small-business/1.0.0/
|
||||||
|
license = licenses.unfree;
|
||||||
|
};
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.my.services.drone = with lib; {
|
options.my.services.drone = with lib; {
|
||||||
enable = mkEnableOption "Drone CI";
|
enable = mkEnableOption "Drone CI";
|
||||||
runners = mkOption {
|
runners = mkOption {
|
||||||
type = with types; listOf (enum [ "exec" ]); # NOTE: add docker
|
type = with types; listOf (enum [ "exec" "docker" ]);
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = [ "exec" "docker" ];
|
example = [ "exec" "docker" ];
|
||||||
description = "Types of runners to enable";
|
description = "Types of runners to enable";
|
||||||
|
@ -92,6 +113,41 @@ in
|
||||||
locations."/".proxyPass = "http://localhost:${toString cfg.port}";
|
locations."/".proxyPass = "http://localhost:${toString cfg.port}";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Docker runner
|
||||||
|
systemd.services.drone-runner-docker = lib.mkIf (hasRunner "docker") {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
# might break deployment
|
||||||
|
restartIfChanged = false;
|
||||||
|
confinement.enable = true;
|
||||||
|
serviceConfig = {
|
||||||
|
Environment = [
|
||||||
|
"DRONE_SERVER_HOST=${droneDomain}"
|
||||||
|
"DRONE_SERVER_PROTO=https"
|
||||||
|
"DRONE_RUNNER_CAPACITY=10"
|
||||||
|
"CLIENT_DRONE_RPC_HOST=127.0.0.1:${toString cfg.port}"
|
||||||
|
];
|
||||||
|
BindPaths = [
|
||||||
|
"/var/run/docker.sock"
|
||||||
|
];
|
||||||
|
EnvironmentFile = [
|
||||||
|
cfg.sharedSecretFile
|
||||||
|
];
|
||||||
|
ExecStart = "${dockerPkg}/bin/drone-runner-docker";
|
||||||
|
User = "drone-runner-docker";
|
||||||
|
Group = "drone-runner-docker";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Make sure it is activated in that case
|
||||||
|
virtualisation.docker.enable = lib.mkIf (hasRunner "docker") true;
|
||||||
|
|
||||||
|
users.users.drone-runner-docker = lib.mkIf (hasRunner "docker") {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "drone-runner-docker";
|
||||||
|
extraGroups = [ "docker" ]; # Give access to the daemon
|
||||||
|
};
|
||||||
|
users.groups.drone-runner-docker = lib.mkIf (hasRunner "docker") { };
|
||||||
|
|
||||||
# Exec runner
|
# Exec runner
|
||||||
systemd.services.drone-runner-exec = lib.mkIf (hasRunner "exec") {
|
systemd.services.drone-runner-exec = lib.mkIf (hasRunner "exec") {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
Loading…
Reference in a new issue