dotya.ml/ drone-ci-configs
2
0
Fork 0
Code Issues Pull Requests Releases Activity
28 Commits 1 Branch 0 Tags 77 KiB
Commit Graph

28 Commits

Author SHA1 Message Date
surtur f461367c73
systemd: stop delegating cgroups 2022-09-28 16:29:50 +02:00
surtur ea51959b59
systemd: use Environment for DRYness 2022-09-28 16:28:38 +02:00
surtur ab4e6375e0
set RestrictAddressFamilies to unix,ipv4,ipv6 2022-04-20 16:54:52 +02:00
surtur c27499e2d3
rm forgotten comment 2022-04-20 16:53:46 +02:00
surtur 2ddfd699c3
restrict all namespaces 2022-04-20 16:52:59 +02:00
surtur 02098c63d4
set ProtectProc,ProcSubset 2022-04-20 16:52:11 +02:00
surtur 9b6bc98086
tighten Capabilities and SystemCallFilter list 2022-04-20 16:51:14 +02:00
surtur 1d34e711f6
run service with "--remove-orphans" 2022-04-20 16:49:23 +02:00
surtur 358a77d168
update README.md 2022-03-26 03:13:07 +01:00
surtur 38e53c1060
create proper folder structer 2022-03-26 02:55:00 +01:00
surtur e6e2a0233e
runner: {add,enable} tmate 2022-03-20 22:03:56 +01:00
surtur 8946441587
adjust runner {capacity,logs,labels,dash ui} conf 2022-03-20 22:01:11 +01:00
surtur efb717f4f5
configure shorter timeout for the zombie reaper 2022-03-20 21:52:02 +01:00
surtur 9c91a662fc
expose metrics endpoint for anonymous scrapes 2022-03-20 21:51:26 +01:00
surtur 3fa9780020
make self-enrollment explicitly enabled 2022-03-20 21:50:00 +01:00
surtur fd5af2d374
rm ssl host hardcode (available as onion as well) 2022-03-20 21:48:24 +01:00
surtur a4752d70c1
add cookie configuration 2022-03-20 21:47:09 +01:00
surtur c6acd44ffe
add user filter 
basic sanity check to prevent anybody from registering and running a
cryptominer or similar BS in CI.

note:
any new users in need of access to CI are encouraged to leave us a PR
with appropriate changes to this config line for review
 2022-03-20 21:11:29 +01:00
surtur 9a671da53b
starlark{ON}, jsonnet{OFF} 
favour explicit configuration
 2022-03-20 21:10:20 +01:00
surtur 06c126f270
disable debug and trace logs 2022-03-20 21:07:49 +01:00
surtur 88f8739cc7
set cron interval to 10m 2022-03-20 21:06:47 +01:00
surtur 8838510ec0
chore(vim): set filetype 2022-03-20 21:03:24 +01:00
surtur 2c3835d445
manage system access of the service using systemd 
* add drone.slice (control resource usage)
* restrict can be accessed by the service
* adjust IO priority and NICEness of processes created withing the
  service
* use "-p" with docker-compose invocation to specify a project that the
  newly-spawned containers belong to (best practice)
* add commented override
 2022-03-20 20:54:52 +01:00
surtur ce2c05646a
feat: as a precaution, have some runner dirs under tmpfs 2020-05-30 11:10:30 +02:00
surtur 2c4c23362b
feat: added Unit file for drone 2020-05-29 12:58:04 +02:00
surtur 9ae38b5851
feat: added docker-compose.yml + env files 2020-05-29 12:57:21 +02:00
surtur 7bbf94a3af
feat: added .gitignore 2020-05-29 12:56:12 +02:00
surtur 6ec71e87cd
initial commit 2020-05-29 12:52:54 +02:00