2 files changed, 51 insertions, 0 deletions

diff --git a/roles/drone/tasks/main.yml b/roles/drone/tasks/main.yml
new file mode 100644
index 0000000..25f0dbb
--- /dev/null
+++ b/roles/drone/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: ensure drone docker/compose exist
+  file:
+    path: /etc/docker/compose/drone
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: build drone docker-compose.yml.j2
+  template:
+    src: ../templates/docker-compose.yml.j2
+    dest: /etc/docker/compose/drone/docker-compose.yml
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+
+- name: daemon-reload and enable drone
+  ansible.builtin.systemd_service:
+    state: restarted
+    enabled: true
+    name: docker-compose@drone
diff --git a/roles/drone/templates/docker-compose.yml.j2 b/roles/drone/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..8c5e31e
--- /dev/null
+++ b/roles/drone/templates/docker-compose.yml.j2
@@ -0,0 +1,29 @@
+version: '3'
+
+services:
+  drone:
+    container_name: drone
+    image: drone/drone:latest
+    volumes:
+      - ./drone:/data
+    ports:
+      - "127.0.0.1:2201:80"
+    environment:
+      - DRONE_GITEA_SERVER=https://git.simponic.xyz
+      - DRONE_GITEA_CLIENT_ID={{ drone_gitea_client_id }}
+      - DRONE_GITEA_CLIENT_SECRET={{ drone_gitea_client_secret }}
+      - DRONE_GIT_ALWAYS_AUTH=true
+      - DRONE_SERVER_PROTO=https
+      - DRONE_SERVER_HOST=drone.internal.simponic.xyz
+      - DRONE_RPC_SECRET={{ drone_rpc_secret }}
+  drone-runner:
+    container_name: drone_runner
+    image: drone/drone-runner-docker:latest
+    userns_mode: 'host' # Needed to get access to docker socket
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - DRONE_RPC_SECRET={{ drone_rpc_secret }}
+      - DRONE_RPC_HOST=drone:80
+      - DRONE_RPC_PROTO=http
+      - DRONE_RUNNER_CAPACITY=4