{ pkgs, lib, ... }: with lib; { imports = [ ]; config = { fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; autoResize = true; }; fileSystems."/secrets" = { device = "/dev/disk/by-label/QEMU\\x20VVFAT"; fsType = "vfat"; }; boot.growPartition = true; boot.kernelParams = [ "console=ttyS0" ]; boot.loader.grub.device = "/dev/vda"; boot.loader.timeout = 0; environment.systemPackages = with pkgs; [ iotop jnettop htop ]; users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy" ]; services.openssh.enable = true; services.openssh.permitRootLogin = "prohibit-password"; networking.firewall = { enable = true; allowedTCPPorts = [ 22 ]; }; virtualisation.docker.enable = true; virtualisation.oci-containers.backend = "docker"; systemd.services.drone_nix_setup = { enable = true; path = [ pkgs.docker ]; script = '' docker run --rm -v /var/lib/drone/nix:/mnt nixpkgs/nix:nixos-21.05 cp -r /nix/{store,var} /mnt/ ''; wantedBy = [ "multi-user.target" ]; }; virtualisation.oci-containers.containers = { drone_runner = { image = "drone/drone-runner-docker:1.4.0"; volumes = [ "/var/lib/drone/nix:/nix" "/var/run/docker.sock:/var/run/docker.sock" ]; environment = { DRONE_RPC_PROTO = "https"; DRONE_RPC_HOST = "drone.deuxfleurs.fr"; DRONE_RUNNER_CAPACITY = "1"; DRONE_DEBUG = "true"; DRONE_LOGS_TRACE = "true"; DRONE_RPC_DUMP_HTTP = "true"; DRONE_RPC_DUMP_HTTP_BODY = "true"; DRONE_RUNNER_LABELS = "nix:1"; }; environmentFiles = [ "/secrets/secret_env" ]; }; drone_gc = { image = "drone/gc:latest"; volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ]; environment = { GC_DEBUG = "true"; GC_CACHE = "10gb"; GC_INTERVAL = "10m"; }; }; }; }; }