From d1437de4b17d5a5c279bc4b69b96faed601e5557 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 27 Nov 2023 00:48:55 +0100 Subject: [PATCH] fix drone to podman and add dovecot secret --- hosts/fw.cloonar.com/modules/drone/runner.nix | 22 ++++++++++++------- hosts/fw.cloonar.com/modules/drone/server.nix | 18 ++++++++++----- hosts/mail.cloonar.com/modules/dovecot.nix | 2 ++ 3 files changed, 28 insertions(+), 14 deletions(-) diff --git a/hosts/fw.cloonar.com/modules/drone/runner.nix b/hosts/fw.cloonar.com/modules/drone/runner.nix index 0b2c4a0..8211a36 100644 --- a/hosts/fw.cloonar.com/modules/drone/runner.nix +++ b/hosts/fw.cloonar.com/modules/drone/runner.nix @@ -1,7 +1,13 @@ { config, pkgs, ... }: { - virtualisation.docker.enable = true; + virtualisation = { + podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + }; users.users.drone-runner = { isSystemUser = true; @@ -16,7 +22,7 @@ description = "Drone Runner (CI CD Service)"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.docker ]; + path = [ pkgs.podman ]; serviceConfig = { # Type = "simple"; @@ -25,18 +31,18 @@ Group = "drone-runner"; Restart = "always"; ExecStartPre= '' - -${pkgs.docker}/bin/docker stop %n \ - -${pkgs.docker}/bin/docker rm %n \ - ${pkgs.docker}/bin/docker pull drone/drone:2.20.0 + -${pkgs.podman}/bin/podman stop %n \ + -${pkgs.podman}/bin/podman rm %n \ + ${pkgs.podman}/bin/podman pull drone/drone:2.20.0 ''; ExecStart= '' - ${pkgs.docker}/bin/docker run --rm --name %n \ - --volume=/var/run/docker.sock:/var/run/docker.sock \ + ${pkgs.podman}/bin/podman run --rm --name %n \ + --volume=/var/run/podman.sock:/var/run/podman.sock \ --env-file=/run/secrets/drone-runner \ --env=DRONE_RPC_PROTO=https \ --env=DRONE_RPC_HOST=drone.cloonar.com \ --env=DRONE_RUNNER_CAPACITY=2 \ - drone/drone-runner-docker:1.8.3 + drone/drone-runner-podman:1.8.3 ''; }; }; diff --git a/hosts/fw.cloonar.com/modules/drone/server.nix b/hosts/fw.cloonar.com/modules/drone/server.nix index d13f349..4982ce3 100644 --- a/hosts/fw.cloonar.com/modules/drone/server.nix +++ b/hosts/fw.cloonar.com/modules/drone/server.nix @@ -1,7 +1,13 @@ { config, pkgs, ... }: { - virtualisation.docker.enable = true; + virtualisation = { + podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + }; users.users.drone-server = { isSystemUser = true; @@ -16,7 +22,7 @@ description = "Drone Server (CI CD Service)"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.docker ]; + path = [ pkgs.podman ]; serviceConfig = { # Type = "simple"; @@ -25,12 +31,12 @@ Group = "drone-server"; Restart = "always"; ExecStartPre= '' - -${pkgs.docker}/bin/docker stop %n \ - -${pkgs.docker}/bin/docker rm %n \ - ${pkgs.docker}/bin/docker pull drone/drone:2.20.0 + -${pkgs.podman}/bin/podman stop %n \ + -${pkgs.podman}/bin/podman rm %n \ + ${pkgs.podman}/bin/podman pull drone/drone:2.20.0 ''; ExecStart= '' - ${pkgs.docker}/bin/docker run --rm --name %n \ + ${pkgs.podman}/bin/podman run --rm --name %n \ --env-file=/run/secrets/drone-server \ --env=DRONE_AGENTS_ENABLED=true \ --env=DRONE_GITEA_SERVER=https://git.cloonar.com \ diff --git a/hosts/mail.cloonar.com/modules/dovecot.nix b/hosts/mail.cloonar.com/modules/dovecot.nix index c8dd47f..c8e25ed 100644 --- a/hosts/mail.cloonar.com/modules/dovecot.nix +++ b/hosts/mail.cloonar.com/modules/dovecot.nix @@ -232,6 +232,8 @@ in params.dovecot2 = { }; }; + sops.secrets.dovecot-ldap-password = { }; + systemd.services.dovecot2.preStart = '' sed -e "s/@ldap-password@/$(cat ${config.sops.secrets.dovecot-ldap-password.path})/" ${ldapConfig} > /run/dovecot2/ldap.conf '';