Add Drone CI

README.md

@@ -14,7 +14,7 @@ You can configure Ansible-NAS to set up any (or all!) of the applications listed
 
 If you have a spare domain name you can configure applications to be accessible externally to your home LAN too; they'll be configured with a sensible hostname and DNS gets updated accordingly if your home IP address changes.
 
-### Available Applications
+## Available Applications
 
 * [Airsonic](https://airsonic.github.io/) - catalog and stream music
 * [Bazarr](https://github.com/morpheus65535/bazarr) - companion to Radarr and Sonarr for downloading subtitles
@@ -28,6 +28,7 @@ If you have a spare domain name you can configure applications to be accessible
 * [Dashy](https://dashy.to/) - A self-hosted startpage for your server. Easy to use visual editor, status checking, widgets, themes and tons more!
 * [Deluge](https://dev.deluge-torrent.org/) - A lightweight, Free Software, cross-platform BitTorrent client.
 * [DokuWiki](https://www.dokuwiki.org/) - A simple to use and highly versatile Open Source wiki software that doesn't require a database.
+* [Drone CI](https://drone.io) - A self-service Continuous Integration platform for busy development teams.
 * [Duplicacy](https://duplicacy.com/) - A web UI for the Duplicacy cloud backup program, which provides lock-free deduplication backups to multiple providers
 * [Duplicati](https://www.duplicati.com/) - for backing up your stuff
 * [Emby](https://emby.media/) - Media streaming and management

nas.yml

@@ -89,6 +89,10 @@
       tags:
         - dokuwiki
 
+    - role: drone-ci
+      tags:
+        - drone_ci
+
     - role: duplicacy
       tags:
         - duplicacy
@@ -257,6 +261,10 @@
         - nextcloud
       when: (nextcloud_enabled | default(False))
 
+    - role: nomad
+      tags:
+        - nomad
+
     - role: nzbget
       tags:
         - nzbget

roles/drone-ci/defaults/main.yml

@@ -0,0 +1,43 @@
+---
+drone_ci_enabled: false
+drone_ci_available_externally: false
+
+# directories
+drone_ci_data_directory: "{{ docker_home }}/drone-ci"
+
+# network
+drone_ci_port_http: 8001
+drone_ci_runner_port_http: 8002
+drone_ci_address: "http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ drone_ci_port_http }}"
+drone_ci_hostname: drone-ci
+
+# memory
+drone_ci_memory: 1g
+drone_ci_agent_memory: 1g
+
+# docker
+drone_ci_container_name: drone-ci
+drone_ci_runner_container_name: drone-ci-runner
+
+# Drone-CI Application Config
+# the users that'll be granted admin, comma separated. Should match a gitea user.
+drone_ci_admin_user: david
+
+# shared secret - use openssl rand -hex 16 to generate your own
+drone_ci_agent_secret: d052ab29a86a02c6b6ff1e5851ee15e1
+
+# debug logging
+drone_ci_debug_logging: false
+
+# the url to your gitea server
+drone_ci_gitea_url: "http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ gitea_port_http }}"
+
+# gitea auth credentials. see https://drone-ci.org/docs/administration/forges/gitea for more info
+drone_ci_gitea_client_id: notset
+drone_ci_gitea_client_secret: notset
+
+# how many drone runners to run
+drone_ci_runner_capacity: 2
+
+# name of the Drone runner
+drone_ci_runner_name: "{{ ansible_nas_hostname }}"

roles/drone-ci/molecule/default/molecule.yml

@@ -0,0 +1,10 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        drone_ci_enabled: true
+        drone_ci_gitea_client_id: asdfasdf12341234
+        drone_ci_gitea_client_secret: asdfasd12341234
+        gitea_port_http: 3001
+        ansible_nas_hostname: ansible-nas-ci

roles/drone-ci/molecule/default/side_effect.yml

@@ -0,0 +1,10 @@
+---
+- name: Stop
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role"
+      include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        drone_ci_enabled: false

roles/drone-ci/molecule/default/verify.yml

@@ -0,0 +1,26 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Get container state
+      docker_container_info:
+        name: "{{ drone_ci_container_name }}"
+      register: result
+
+    - name: Get container state
+      docker_container_info:
+        name: "{{ drone_ci_runner_container_name }}"
+      register: result_runner
+
+
+    - name: Check Drone CI is running
+      assert:
+        that:
+          - result.container['State']['Status'] == "running"
+          - result.container['State']['Restarting'] == false
+          - result_runner.container['State']['Status'] == "running"
+          - result_runner.container['State']['Restarting'] == false

roles/drone-ci/molecule/default/verify_stopped.yml

@@ -0,0 +1,25 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Try and stop and remove Drone CI
+      docker_container:
+        name: "{{ drone_ci_container_name }}"
+        state: absent
+      register: result
+
+    - name: Try and stop and remove Drone CI runner
+      docker_container:
+        name: "{{ drone_ci_runner_container_name }}"
+        state: absent
+      register: result_runner
+
+    - name: Check Drone CI is stopped
+      assert:
+        that:
+          - not result.changed
+          - not result_runner.changed

roles/drone-ci/tasks/main.yml

@@ -0,0 +1,88 @@
+---
+- name: Start Drone-CI
+  block:
+    - name: Check for Gitea installation
+      fail:
+        msg: "Drone-CI requires Gitea enabled and running for authentication, please set that up first."
+      when: gitea_enabled is false
+
+    - name: Check for Gitea config
+      fail:
+        msg: "Missing Gitea Oauth2 config! Read https://docs.drone.io/server/provider/gitea/ and set drone_ci_gitea_client_id and drone_ci_gitea_client_secret."
+      when: drone_ci_gitea_client_id == "notset"
+
+    - name: Create Drone-CI Directories
+      file:
+        path: "{{ item }}"
+        state: directory
+      with_items:
+        - "{{ drone_ci_data_directory }}"
+
+    - name: Create Drone-CI container
+      docker_container:
+        name: "{{ drone_ci_container_name }}"
+        image: drone/drone:2
+        pull: true
+        volumes:
+          - "{{ drone_ci_data_directory }}:/var/lib/drone:rw"
+        ports:
+          - "{{ drone_ci_port_http }}:80"
+        env:
+          DRONE_USER_CREATE: "username:{{ drone_ci_admin_user }},admin:true"
+          DRONE_SERVER_HOST: "{{ drone_ci_address }}"
+          DRONE_RPC_SECRET: "{{ drone_ci_agent_secret }}"
+          DRONE_GITEA_SERVER: "{{ drone_ci_gitea_url }}"
+          DRONE_GITEA_CLIENT_ID: "{{ drone_ci_gitea_client_id }}"
+          DRONE_GITEA_CLIENT_SECRET: "{{ drone_ci_gitea_client_secret }}"
+          DRONE_LOGS_DEBUG: "{{ drone_ci_debug_logging | string }}"
+          DRONE_SERVER_PROTO: "http"
+        restart_policy: unless-stopped
+        memory: "{{ drone_ci_memory }}"
+        labels:
+          traefik.enable: "{{ drone_ci_available_externally | string }}"
+          traefik.http.routers.drone_ci.rule: "Host(`{{ drone_ci_hostname }}.{{ ansible_nas_domain }}`)"
+          traefik.http.routers.drone_ci.tls.certresolver: "letsencrypt"
+          traefik.http.routers.drone_ci.tls.domains[0].main: "{{ ansible_nas_domain }}"
+          traefik.http.routers.drone_ci.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.services.drone_ci.loadbalancer.server.port: "80"
+
+    - name: Create Drone-CI Runner container
+      docker_container:
+        name: "{{ drone_ci_runner_container_name }}"
+        image: drone/drone-runner-docker:1
+        pull: true
+        volumes:
+          - "/var/run/docker.sock:/var/run/docker.sock:rw"
+        ports:
+          - "{{ drone_ci_runner_port_http }}:3000"
+        env:
+          DRONE_RPC_HOST: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ drone_ci_port_http }}"
+          DRONE_RPC_SECRET: "{{ drone_ci_agent_secret }}"
+          DRONE_RPC_PROTO: "http"
+          DRONE_RUNNER_CAPACITY: "{{ drone_ci_runner_capacity | string }}"
+          DRONE_RUNNER_NAME: "{{ drone_ci_runner_name }}"
+        restart_policy: unless-stopped
+        memory: "{{ drone_ci_agent_memory }}"
+
+    # - name: Add webhook allowed hosts to Gitea
+    #   blockinfile:
+    #     path: "{{ gitea_data_directory }}/gitea/gitea/conf/app.ini"
+    #     block: |
+    #     [webhook]
+    #     ALLOWED_HOST_LIST=private
+    #     SKIP_TLS_VERIFY=true
+    #   notify: restart gitea
+  when: drone_ci_enabled is true
+
+- name: Stop Drone-CI
+  block:
+    - name: Stop Drone-CI
+      docker_container:
+        name: "{{ drone_ci_container_name }}"
+        state: absent
+
+    - name: Stop Drone-CI Runner
+      docker_container:
+        name: "{{ drone_ci_runner_container_name }}"
+        state: absent
+  when: drone_ci_enabled is false

website/docs/applications/development-tools/drone_ci.md

@@ -0,0 +1,19 @@
+---
+title: "Drone CI"
+---
+
+Drone is a self-service Continuous Integration platform for busy development teams.
+
+Check it out at <https://drone.io>.
+
+## Usage
+
+Set `drone_ci_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+Gitea (`gitea_enabled: true`) must be set up and running before attempting to set up Drone CI.
+
+## Setup Tasks
+
+An Oauth2 application must be set up in Gitea. Visit <https://docs.drone.io/server/provider/gitea/> for more info, then set `drone_ci_gitea_client_id` and `drone_ci_gitea_client_secret` accordingly. The Gitea Redirect URL will be `http://<ansible_nas_ip>:{{ drone_ci_port_http }}/login`
+
+Set `drone_ci_admin_user` to the same username as your user in Gitea.