From 9038f3998dcc66f2ca091100f857a518fe201212 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 5 Nov 2022 13:26:49 -0700
Subject: fix(services/drone): enable drone

The URL for drone changed to https://ci.fcuny.net. The secrets also
changed (and we remove the unencrypted file with secrets).
---
 hosts/tahoe/secrets/drone/secrets.age    | Bin 697 -> 703 bytes
 hosts/tahoe/secrets/drone/shared-secrets |   5 -----
 hosts/tahoe/secrets/secrets.nix          |   5 +++++
 hosts/tahoe/services.nix                 |   6 ++++++
 4 files changed, 11 insertions(+), 5 deletions(-)
 delete mode 100644 hosts/tahoe/secrets/drone/shared-secrets

(limited to 'hosts/tahoe')

diff --git a/hosts/tahoe/secrets/drone/secrets.age b/hosts/tahoe/secrets/drone/secrets.age
index 618bbc6..c0eb97b 100644
Binary files a/hosts/tahoe/secrets/drone/secrets.age and b/hosts/tahoe/secrets/drone/secrets.age differ
diff --git a/hosts/tahoe/secrets/drone/shared-secrets b/hosts/tahoe/secrets/drone/shared-secrets
deleted file mode 100644
index 47612be..0000000
--- a/hosts/tahoe/secrets/drone/shared-secrets
+++ /dev/null
@@ -1,5 +0,0 @@
-DRONE_GITEA_CLIENT_ID=21ef7412-a58a-493c-beec-2e1dc27ebe79
-DRONE_GITEA_CLIENT_SECRET=GCXGi97PXxAoMTpHveMtNJXDyzdvI8jeC0TaEtCgpPab
-DRONE_GITEA_SERVER=https://git.fcuny.net
-DRONE_GIT_ALWAYS_AUTH=1
-DRONE_RPC_SECRET=d3daa6782d0f4ed66f7f557fa384ff8f
diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 390f2b6..7b9500f 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -22,6 +22,11 @@ in
     mode = "0440";
   };
 
+  "drone/secrets.age" = {
+    publicKeys = all;
+    owner = "drone";
+  };
+
   "buildkite/graphql.age" = {
     publicKeys = all;
     owner = "buildkite-agent-builder-1";
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index f7edfa4..e5f53ab 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -20,6 +20,12 @@ in
       enable = true;
       stateDir = "/var/lib/gitea";
     };
+    drone = {
+      enable = true;
+      vhostName = "ci.fcuny.net";
+      runners = [ "docker" "exec" ];
+      sharedSecretFile = secrets."drone/secrets".path;
+    };
     prometheus = { enable = true; };
     grafana = {
       enable = true;
-- 
cgit 1.4.1