a69334a63e
compose(drone-server): bump to 2.13.0
2022-09-28 17:17:44 +02:00
925602ceef
compose(drone-gc): increase cache size to 59gb
2022-09-28 16:54:16 +02:00
11d32abf1c
compose: add yaml doc start/end markers
2022-09-28 16:52:53 +02:00
a3841d1b40
compose: bump schema version to 3.8
2022-09-28 16:52:25 +02:00
0ec1412556
compose(drone-runner-docker): add mem_limit
2022-09-28 16:51:32 +02:00
789f09f249
compose(drone-runner-docker): stop exposing :5000
2022-09-28 16:50:39 +02:00
0380712545
compose(drone-server): set cpu,mem limits
2022-09-28 16:47:03 +02:00
ae9d9a4324
compose: mount /etc/localtime into containers
2022-09-28 16:41:09 +02:00
d6fc9bd9f8
compose(drone-gc): don't run in debug mode
2022-09-28 16:40:01 +02:00
665dbda834
compose(drone-gc): set cpu,mem limits
2022-09-28 16:38:56 +02:00
50700b8021
compose: adjust GC_INTERVAL
2022-09-28 16:38:17 +02:00
5cfb2979cb
compose: pin revisions
2022-09-28 16:37:47 +02:00
61c2db54d2
compose: add labels for traefik to ignore
2022-09-28 16:36:40 +02:00
594825aa53
systemd,compose: adjust restart policy
2022-09-28 16:35:26 +02:00
260ad07626
systemd(SystemCallFilter=~): allow resources group
2022-09-28 16:32:40 +02:00
0229ed60ec
systemd: add ExecStartPre directive
2022-09-28 16:31:50 +02:00
0747bb247b
systemd: increase restart timeout to 15s
2022-09-28 16:31:19 +02:00
1687d49526
systemd: adjust dependency relations
2022-09-28 16:31:01 +02:00
f461367c73
systemd: stop delegating cgroups
2022-09-28 16:29:50 +02:00
ea51959b59
systemd: use Environment for DRYness
2022-09-28 16:28:38 +02:00
ab4e6375e0
set RestrictAddressFamilies to unix,ipv4,ipv6
2022-04-20 16:54:52 +02:00
c27499e2d3
rm forgotten comment
2022-04-20 16:53:46 +02:00
2ddfd699c3
restrict all namespaces
2022-04-20 16:52:59 +02:00
02098c63d4
set ProtectProc,ProcSubset
2022-04-20 16:52:11 +02:00
9b6bc98086
tighten Capabilities and SystemCallFilter list
2022-04-20 16:51:14 +02:00
1d34e711f6
run service with "--remove-orphans"
2022-04-20 16:49:23 +02:00
358a77d168
update README.md
2022-03-26 03:13:07 +01:00
38e53c1060
create proper folder structer
2022-03-26 02:55:00 +01:00
e6e2a0233e
runner: {add,enable} tmate
2022-03-20 22:03:56 +01:00
8946441587
adjust runner {capacity,logs,labels,dash ui} conf
2022-03-20 22:01:11 +01:00
efb717f4f5
configure shorter timeout for the zombie reaper
2022-03-20 21:52:02 +01:00
9c91a662fc
expose metrics endpoint for anonymous scrapes
2022-03-20 21:51:26 +01:00
3fa9780020
make self-enrollment explicitly enabled
2022-03-20 21:50:00 +01:00
fd5af2d374
rm ssl host hardcode (available as onion as well)
2022-03-20 21:48:24 +01:00
a4752d70c1
add cookie configuration
2022-03-20 21:47:09 +01:00
c6acd44ffe
add user filter
...
basic sanity check to prevent anybody from registering and running a
cryptominer or similar BS in CI.
note:
any new users in need of access to CI are encouraged to leave us a PR
with appropriate changes to this config line for review
2022-03-20 21:11:29 +01:00
9a671da53b
starlark{ON}, jsonnet{OFF}
...
favour explicit configuration
2022-03-20 21:10:20 +01:00
06c126f270
disable debug and trace logs
2022-03-20 21:07:49 +01:00
88f8739cc7
set cron interval to 10m
2022-03-20 21:06:47 +01:00
8838510ec0
chore(vim): set filetype
2022-03-20 21:03:24 +01:00
2c3835d445
manage system access of the service using systemd
...
* add drone.slice (control resource usage)
* restrict can be accessed by the service
* adjust IO priority and NICEness of processes created withing the
service
* use "-p" with docker-compose invocation to specify a project that the
newly-spawned containers belong to (best practice)
* add commented override
2022-03-20 20:54:52 +01:00
ce2c05646a
feat: as a precaution, have some runner dirs under tmpfs
2020-05-30 11:10:30 +02:00
2c4c23362b
feat: added Unit file for drone
2020-05-29 12:58:04 +02:00
9ae38b5851
feat: added docker-compose.yml + env files
2020-05-29 12:57:21 +02:00
7bbf94a3af
feat: added .gitignore
2020-05-29 12:56:12 +02:00
6ec71e87cd
initial commit
2020-05-29 12:52:54 +02:00
