diff options
Diffstat (limited to 'cluster/prod/app/drone-ci/integration/docker-compose.yml')
-rw-r--r-- | cluster/prod/app/drone-ci/integration/docker-compose.yml | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/cluster/prod/app/drone-ci/integration/docker-compose.yml b/cluster/prod/app/drone-ci/integration/docker-compose.yml index 1e37255..57fdd09 100644 --- a/cluster/prod/app/drone-ci/integration/docker-compose.yml +++ b/cluster/prod/app/drone-ci/integration/docker-compose.yml @@ -1,5 +1,14 @@ version: '3.4' services: + nix-daemon: + image: nixpkgs/nix:nixos-22.05 + restart: always + command: nix-daemon + privileged: true + volumes: + - "nix:/nix" + - "./nix.conf:/etc/nix/nix.conf:ro" + drone-runner: image: drone/drone-runner-docker:latest restart: always @@ -7,21 +16,32 @@ services: - DRONE_RPC_PROTO=https - DRONE_RPC_HOST=drone.deuxfleurs.fr - DRONE_RPC_SECRET=${DRONE_SECRET} - - DRONE_RUNNER_CAPACITY=1 + - DRONE_RUNNER_CAPACITY=3 - DRONE_DEBUG=true - DRONE_LOGS_TRACE=true - DRONE_RPC_DUMP_HTTP=true - DRONE_RPC_DUMP_HTTP_BODY=true - - DRONE_RUNNER_NAME=${DRONE_NAME} - - DRONE_RUNNER_LABELS=nix:1 - #- DRONE_RUNNER_VOLUMES=/var/lib/drone/nix:/nix + - DRONE_RUNNER_NAME=i_forgot_to_change_my_runner_name + - DRONE_RUNNER_LABELS=nix-daemon:1 + # we should put "nix:/nix:ro but it is not supported by + # drone-runner-docker because the dependency envconfig does + # not support having two colons (:) in the same stanza. + # Without the RO flag (or using docker userns), build isolation + # is broken. + # https://discourse.drone.io/t/allow-mounting-a-host-volume-as-read-only/10071 + # https://github.com/kelseyhightower/envconfig/pull/153 + # + # A workaround for isolation is to configure docker with a userns, + # so even if the folder is writable to root, it is not to any non + # privileged docker daemon ran by drone! + - DRONE_RUNNER_VOLUMES=drone_nix:/nix + - DRONE_RUNNER_ENVIRON=NIX_REMOTE:daemon ports: - "3000:3000/tcp" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - - "/var/lib/drone/nix:/var/lib/drone/nix" - drone-gc: + drone-gc: image: drone/gc:latest restart: always environment: @@ -30,3 +50,5 @@ services: - GC_INTERVAL=10m volumes: - "/var/run/docker.sock:/var/run/docker.sock" +volumes: + nix: |