deploy drone

flux/cluster/apps/gitops/drone/external-secret.yaml

@@ -0,0 +1,27 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: drone
+  namespace: gitops
+spec:
+  refreshInterval: "5m"
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: drone
+  data:
+  - secretKey: DRONE_RPC_SECRET
+    remoteRef:
+      key: gitops/drone
+      property: drone_rpc_secret
+
+  - secretKey: DRONE_GITEA_CLIENT_ID 
+    remoteRef:
+      key: gitops/drone
+      property: drone_gitea_client_id
+
+  - secretKey: DRONE_GITEA_CLIENT_SECRET
+    remoteRef:
+      key: gitops/drone
+      property: drone_gitea_client_secret

flux/cluster/apps/gitops/drone/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - server.yaml
+  - runner.yaml
+  - external-secret.yaml

flux/cluster/apps/gitops/drone/runner.yaml

@@ -0,0 +1,35 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: drone-runner-kube
+  namespace: gitops
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: drone-runner-kube
+      version: 0.1.8
+      sourceRef:
+        kind: HelmRepository
+        name: drone-charts
+        namespace: flux-system
+  valuesFrom:
+    - kind: Secret
+      name: drone
+      valuesKey: DRONE_RPC_SECRET
+      targetPath: env.DRONE_RPC_SECRET
+  values:
+    image:
+      repository: drone/drone-runner-kube
+      tag: 1.0.0-rc.3
+    ingress:
+      enabled: true
+      host: drone.0x76.dev
+      paths:
+        - path: /
+          pathType: Prefix
+    rbac:
+      buildNamespaces:
+      - drone-build
+    env:
+      DRONE_NAMESPACE_DEFAULT: drone-build

flux/cluster/apps/gitops/drone/server.yaml

@@ -0,0 +1,30 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: drone
+  namespace: gitops
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: drone
+      version: 0.2.5
+      sourceRef:
+        kind: HelmRepository
+        name: drone-charts
+        namespace: flux-system
+  values:
+    image:
+      repository: drone/drone
+      tag: 2.12.0
+    persistentVolume:
+      enabled: false
+    extraSecretNamesForEnvFrom:
+      - drone
+    env:
+      DRONE_DATABASE_DRIVER: postgres
+      DRONE_DATABASE_DATASOURCE: postgres://drone@10.42.42.26/drone?sslmode=disable
+      DRONE_GIT_ALWAYS_AUTH: true
+      DRONE_GITEA_SERVER: https://git.0x76.dev
+      DRONE_SERVER_HOST: drone.0x76.dev
+      DRONE_SERVER_PROTO: https

flux/cluster/base/flux-system/charts/helm/drone-charts.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: drone-charts
+  namespace: flux-system
+spec:
+  interval: 15m
+  url: https://charts.drone.io
+  timeout: 3m

flux/cluster/base/flux-system/charts/helm/kustomization.yaml

@@ -6,3 +6,4 @@ resources:
   - external-secrets-charts.yaml
   - authentik-charts.yaml
   - fairwinds-charts.yaml
+  - drone-charts.yaml

flux/cluster/core/namespaces/drone-build.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: drone-build

flux/cluster/core/namespaces/kustomization.yaml

@@ -8,3 +8,4 @@ resources:
   - gitops.yaml
   - monitoring.yaml
   - olympus.yaml
+  - drone-build.yaml

nixos/hosts/database/configuration.nix

@@ -4,8 +4,7 @@
 
 { config, pkgs, ... }:
 let
-  databases = [ "authentik" "umami" ];
-
+  databases = [ "authentik" "umami" "drone" ];
 in
 {
   imports = [ ];

nixos/hosts/nginx/configuration.nix

@@ -45,6 +45,7 @@ in
 
     # Kubernetes endpoints
     virtualHosts."0x76.dev" = k8s_proxy;
+    virtualHosts."drone.0x76.dev" = k8s_proxy;
     virtualHosts."id.0x76.dev" = k8s_proxy;
     virtualHosts."msg.0x76.dev" = k8s_proxy;
     virtualHosts."zookeeper.0x76.dev" = k8s_proxy;