## Install Debian We recommend Debian Bullseye ## Install Docker CE from docker.io Do not use the docker engine shipped by Debian Doc: - https://docs.docker.com/engine/install/debian/ - https://docs.docker.com/compose/install/ On a fresh install, as root: ```bash apt-get remove -y docker docker-engine docker.io containerd runc apt-get update apt-get install apt-transport-https ca-certificates curl gnupg lsb-release curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt-get update apt-get install -y docker-ce docker-ce-cli containerd.io curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose ``` ## Prepare the runner Nix folder must be populated before launching any build. ```bash docker run --rm -it -v /var/lib/drone/nix:/mnt nixpkgs/nix:nixos-21.05 cp -r /nix/{store,var} /mnt/ ``` This folder will grow over time and might need to be garbage collected. As a rule of thumb, after running a full release of Garage, this folder will require 10GB. Consider provisioning it with at least 20GB. ## Launch the runner Because we use a shared nix folder, we set the number of concurrent builds to 1. For more details and customizations, see `docker-compose.yml`. ```bash DRONE_NAME=lheureduthe DRONE_OWNER=quentin DRONE_SECRET=xxx docker-compose up -d ``` That's all folks. ## Random note This setup is done mainly to allow nix builds with some cache. To use the cache in Drone, you must set your repository as trusted. The command line tool does not work (it says it successfully set your repository as trusted but it did nothing): the only way to set your repository as trusted is to connect on the DB and set the `repo_trusted` field of your repo to true.