-
Notifications
You must be signed in to change notification settings - Fork 5
/
drone.yml
199 lines (174 loc) · 6.19 KB
/
drone.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
---
- hosts: homelab
vars:
application: drone
drone_rpc_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
34306631313438636131316533633863643933633736353939316131333937613537613931343734
3163633963666235343435663035653464663630613430660a306236323634636138653630653637
62336431323933333164616631636437343666613963653563303439393430376137613838633166
3766316135386264350a633064303534386231653266303066656431656661396365323463656238
39643636303930363363303466396339643736393861393538376237323339343035633732613732
6131623939663130316337613264383863326535303534303839
docker_network: "{{ networks.user }}"
handlers:
- name: Restart
community.docker.docker_container:
name: "{{ application }}"
restart: true
comparisons:
'*': ignore
tasks:
- name: Create config folder
ansible.builtin.file:
path: "{{ config_directory }}"
state: directory
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0771"
tags:
- ssh
- name: Create SSH folder
ansible.builtin.file:
path: "{{ config_directory }}/ssh"
state: directory
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0700"
tags:
- ssh
- name: Create SSH key
community.crypto.openssh_keypair:
path: "{{ config_directory }}/ssh/id_ed25519"
type: ed25519
register: _drone_ssh_key
tags:
- ssh
- name: Set SSH variable
ansible.builtin.set_fact:
drone_ssh_public_key: "{{ _drone_ssh_key.public_key }}"
tags:
- ssh
- name: Allow SSH
ansible.posix.authorized_key:
user: "{{ common_user }}"
state: present
key: "{{ drone_ssh_public_key }}"
comment: drone
tags:
- ssh
- name: Create server container
ansible.builtin.include_role:
name: docker_container
vars:
name: "{{ application }}-server"
image: drone/drone:2.25.0
volumes:
- "{{ config_directory }}/data:/data"
env:
DRONE_GITEA_CLIENT_ID: 3328af50-7b57-42cd-a490-df2162228042
DRONE_GITEA_CLIENT_SECRET: !vault |
$ANSIBLE_VAULT;1.1;AES256
63636263356135386532346331393033343031623130383965633230316438666639656164653638
6163343735323133366465653030613964656331363466360a336464336566333032663936323034
64363338326232383762373139653762393137333232613332663362616335326164623237663136
3963373034343638310a343765623433363635353534643238663136663539613237326130373130
33373931303265653330383536623839353131623037656532336232636339376537313933386166
35626435366164373339373433656633656531646434383035666639333263346562663934393133
353537363766303937323262383436366462
DRONE_GITEA_SERVER: "https://gitea.{{ common_tld }}"
DRONE_GIT_ALWAYS_AUTH: "true"
DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
DRONE_SERVER_HOST: "{{ application }}.{{ common_tld }}"
DRONE_SERVER_PROTO: "https"
DRONE_USER_FILTER: calvinbui
DRONE_USER_CREATE: username:calvinbui,admin:true
# set to false on first run
DRONE_REGISTRATION_CLOSED: "true"
traefik:
- port: 80
rule: Host(`{{ application }}.{{ common_tld }}`)
homepage:
name: "{{ application | title }} Server"
group: Programming
weight: 400
description: "CI"
href: "https://{{ application }}.{{ common_tld }}"
blackbox:
path: /healthz
- name: Create runner container
ansible.builtin.include_role:
name: docker_container
vars:
name: "{{ application }}-runner"
image: drone/drone-runner-docker:1.8.3
volumes:
- /var/run/docker.sock:/var/run/docker.sock
env:
DRONE_RPC_PROTO: "http"
DRONE_RPC_HOST: "{{ application }}-server.{{ docker_network.name }}"
DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
DRONE_RUNNER_CAPACITY: "2"
DRONE_RUNNER_NAME: "runner-01"
DRONE_RUNNER_CLONE_IMAGE: "calvinbui/git:localhost"
DRONE_UI_USERNAME: "{{ htpasswd.username }}"
DRONE_UI_PASSWORD: "{{ htpasswd.password }}"
DRONE_RUNNER_NETWORKS: "{{ docker_network.name }}"
traefik:
- port: 3000
rule: Host(`{{ application }}-runner.{{ common_tld }}`)
homepage:
name: "{{ application | title }} Runner"
href: "https://{{ application }}-runner.{{ common_tld }}"
group: Programming
weight: 400
description: "CI"
blackbox:
path: /healthz
- name: Copy Dockerfiles
ansible.builtin.copy:
src: "{{ files_directory }}/Dockerfiles"
dest: "{{ config_directory }}/"
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0751"
register: _drone_dockerfiles_copy
- name: Locate all Dockerfile folders
ansible.builtin.find:
paths: "{{ config_directory }}/Dockerfiles"
recurse: false
file_type: directory
register: _drone_dockerfiles_location
- name: Build local Docker images
community.docker.docker_image:
build:
path: "{{ item.path }}"
name: "calvinbui/{{ item.path.split('/') | last }}:localhost"
tag: latest
push: false
source: build
state: present
force_source: "{{ true if _drone_dockerfiles_copy.changed else false }}"
loop: "{{ _drone_dockerfiles_location.files }}"
- hosts: nvr
gather_facts: false
tasks:
- name: Set authorized keys
ansible.posix.authorized_key:
user: root
state: present
key: "{{ hostvars['homelab.' + common_local_tld]['drone_ssh_public_key'] }}"
comment: drone
tags:
- ssh
- hosts: octopi
gather_facts: false
tasks:
- name: Set authorized keys
ansible.posix.authorized_key:
user: pi
state: present
key: "{{ hostvars['homelab.' + common_local_tld]['drone_ssh_public_key'] }}"
comment: drone
tags:
- ssh