diff options
Diffstat (limited to 'app/drone-ci/build/machine-config.nix')
| -rw-r--r-- | app/drone-ci/build/machine-config.nix | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/app/drone-ci/build/machine-config.nix b/app/drone-ci/build/machine-config.nix new file mode 100644 index 0000000..3b55078 --- /dev/null +++ b/app/drone-ci/build/machine-config.nix @@ -0,0 +1,68 @@ +{ pkgs, lib, ... }: + +with lib; + +{ + imports = [ + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + ]; + + config = { + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + autoResize = true; + }; + + boot.growPartition = true; + boot.kernelParams = [ "console=ttyS0" ]; + boot.loader.grub.device = "/dev/vda"; + boot.loader.timeout = 0; + + users.extraUsers.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy" + ]; + services.openssh.enable = true; + services.openssh.permitRootLogin = "prohibit-password"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 ]; + }; + + virtualisation.docker.enable = true; + virtualisation.oci-containers.backend = "docker"; + virtualisation.oci-containers.containers = { + drone_runner = { + image = "drone/drone-runner-docker:1.4.0"; + volumes = [ + "/nix:/nix" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + DRONE_RPC_PROTO = "https"; + DRONE_RPC_HOST = "drone.deuxfleurs.fr"; + DRONE_RUNNER_CAPACITY = "1"; + DRONE_DEBUG = "true"; + DRONE_LOGS_TRACE = "true"; + DRONE_RPC_DUMP_HTTP = "true"; + DRONE_RPC_DUMP_HTTP_BODY = "true"; + DRONE_RUNNER_LABELS = "nix:1"; + }; + environmentFiles = [ + "/dev/qemu/dronesecret0" + ]; + }; + drone_gc = { + image = "drone/gc:latest"; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + GC_DEBUG = "true"; + GC_CACHE = "10gb"; + GC_INTERVAL = "10m"; + }; + }; + }; + }; +} |