nix-config/modules/nixos/services/drone/server/default.nix
Bruno BELANYI b48d81451d
All checks were successful
ci/woodpecker/push/check Pipeline was successful
nixos: services: migrate to 'ensureDBOwnership'
`ensurePermissions` is deprecated, and doesn't work on PostgreSQL 15.
2023-11-21 00:22:44 +01:00

56 lines
1.4 KiB
Nix

{ config, lib, pkgs, ... }:
let
cfg = config.my.services.drone;
in
{
config = lib.mkIf cfg.enable {
systemd.services.drone-server = {
wantedBy = [ "multi-user.target" ];
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = [
cfg.secretFile
cfg.sharedSecretFile
];
Environment = [
"DRONE_DATABASE_DATASOURCE=postgres:///drone?host=/run/postgresql"
"DRONE_SERVER_HOST=drone.${config.networking.domain}"
"DRONE_SERVER_PROTO=https"
"DRONE_DATABASE_DRIVER=postgres"
"DRONE_SERVER_PORT=:${toString cfg.port}"
"DRONE_USER_CREATE=username:${cfg.admin},admin:true"
"DRONE_JSONNET_ENABLED=true"
"DRONE_STARLARK_ENABLED=true"
];
ExecStart = "${pkgs.drone}/bin/drone-server";
User = "drone";
Group = "drone";
};
};
users.users.drone = {
isSystemUser = true;
createHome = true;
group = "drone";
};
users.groups.drone = { };
services.postgresql = {
enable = true;
ensureDatabases = [ "drone" ];
ensureUsers = [{
name = "drone";
ensureDBOwnership = true;
}];
};
my.services.nginx.virtualHosts = [
{
subdomain = "drone";
inherit (cfg) port;
}
];
};
}