Merge pull request 'feat(Drone): Add more configuration and split it' (#22) from drone into main

## Détails - intégration d'option pour l'utilisation de Drone - séparation des docker-compose en plusieurs fichiers ## Pourquoi - Pour permettre une configuration plus avancé de Drone - Pour nous permettre d'intégrer facilement Drone avec les options que l'on veut Reviewed-on: https://git.weko.io/resilien/services/pulls/22 Reviewed-by: killian <developer@killiankemps.fr>
2022-01-26 10:54:06 +01:00 · 2022-01-26 10:54:06 +01:00 · cb5d8cf5ff
parent 87554f4ada 567349390c
commit cb5d8cf5ff
24 changed files with 389 additions and 111 deletions
--- a/README.md
+++ b/README.md
@ -12,7 +12,7 @@ Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien

 ### Pour les devs / ops

- [Drone](./drone) ⏸️ `en pause` : Un service d'intégration continue
+- [Drone](./drone) : Un service d'intégration continue
 - [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
 - [Grafana](./grafana) : Un outil de supervision simple et élégant
 - [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet.
--- a/drone/.env
+++ b/drone/.env
@ -1,37 +0,0 @@
-## DOCKER
-
-COMPOSE_FILE=./docker-compose.yml:./docker-compose.gitea.yml:./docker-compose.traefik.yml
-TRAEFIK_NETWORK_NAME=kifeart
-
-
-## DRONE SERVER
-
-# https://hub.docker.com/r/drone/drone/tags
-DRONE_SERVER_IMAGE=drone/drone:1.7.0
-
-DRONE_SERVER_VOLUME_NAME=drone-server
-DRONE_SERVER_CONTAINER_NAME=drone-server
-
-# https://docs.drone.io/server/reference/
-DRONE_GIT_ALWAYS_AUTH=true
-DRONE_RPC_SECRET=9VjG2Dj34Kdo2JYvn5iVxd7JjT5
-DRONE_SERVER_HOST=ci.cool.life
-DRONE_SERVER_PROTO=https
-
-# https://docs.drone.io/server/provider/gitea/
-DRONE_GITEA_SERVER=gitea.cool.life
-DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
-DRONE_GITEA_CLIENT_SECRET=y9ruXnEqluXjKUcfs5yIFlH83yb1OpP32NCf0h5YJwg=
-
-
-
-## DRONE RUNNER
-
-# https://hub.docker.com/r/drone/drone-runner-docker/tags
-DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.3.0
-DRONE_RUNNER_CONTAINER_NAME=drone-runner
-DRONE_RUNNER_CAPACITY=2
-DRONE_RUNNER_HOST=ci-runner.cool.life
-DRONE_RUNNER_NAME=ci-runner.cool.life
-DRONE_RUNNER_UI_USERNAME=kosssi
-DRONE_RUNNER_UI_PASSWORD=$not$a$password
--- a/drone/README.md
+++ b/drone/README.md
@ -4,6 +4,22 @@
 >
 > <cite>[Codeflow][article]</cite>

+## Documentation
+
+Drone est un logiciel d'intégration continue léger. Il est utilisé comme plate-forme de test et/ou de livraison automatisée.
+
+Le service est basé sur 2 briques :
+- le coté serveur qui prend en compte les demande de l'extérieur avec une interface (_[server](./server)_)
+- le coté exécution des tâches (_[runner](./runner)_).
+
+### Génération de clé
+
+Dans la documentation officielle, il est conseillé de générer les clés avec la commande :
+
+```
+openssl rand -hex 16
+```
+
 ## Liens

 - [Site internet][site]
--- a/drone/docker-compose.gitea.yml
+++ b/drone/docker-compose.gitea.yml
@ -1,10 +0,0 @@
-version: "3.8"
-
-# https://docs.drone.io/server/provider/gitea/
-
-services:
-  drone-server:
-    environment:
-      DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER}
-      DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID}
-      DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET}
--- a/drone/docker-compose.traefik.yml
+++ b/drone/docker-compose.traefik.yml
@ -1,22 +0,0 @@
-version: "3.8"
-
-networks:
-  default:
-    name: ${TRAEFIK_NETWORK_NAME}
-
-services:
-  drone-server:
-    labels:
-      traefik.enable: 'true'
-      traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
-
-      traefik.http.routers.drone-server.rule: 'Host(`${DRONE_SERVER_HOST}`)'
-      traefik.http.routers.drone-server.entrypoints: 'web'
-
-  drone-runner:
-    labels:
-      traefik.enable: 'true'
-      traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
-
-      traefik.http.routers.drone-runner.rule: 'Host(`${DRONE_RUNNER_HOST}`)'
-      traefik.http.routers.drone-runner.entrypoints: 'web'
--- a/drone/docker-compose.yml
+++ b/drone/docker-compose.yml
@ -1,41 +0,0 @@
-version: "3.8"
-
-volumes:
-  drone-server:
-    name: ${DRONE_SERVER_VOLUME_NAME}
-
-services:
-  drone-server:
-    container_name: ${DRONE_SERVER_CONTAINER_NAME}
-    image: ${DRONE_SERVER_IMAGE}
-    restart: always
-    environment:
-      DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH}
-      DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
-      DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
-      DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO}
-      DRONE_LOGS_DEBUG: 'true'
-    volumes:
-      - drone-server:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-
-  drone-runner:
-    container_name: ${DRONE_RUNNER_CONTAINER_NAME}
-    image: ${DRONE_RUNNER_IMAGE}
-    restart: always
-    depends_on:
-      - drone-server
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    environment:
-      DRONE_RPC_PROTO: http
-      DRONE_RPC_HOST: ${DRONE_SERVER_CONTAINER_NAME}
-      DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
-      DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY}
-      DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
-      DRONE_UI_USERNAME: ${DRONE_RUNNER_UI_USERNAME}
-      DRONE_UI_PASSWORD: ${DRONE_RUNNER_UI_PASSWORD}
-      DRONE_DEBUG: 'true'
--- a/drone/runner/.env
+++ b/drone/runner/.env
@ -0,0 +1,36 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=../..
+COMPOSE_FILE=${SERVICES_DIR}/drone/runner/docker-compose.yml:${SERVICES_DIR}/drone/runner/docker-compose.traefik.yml:${SERVICES_DIR}/drone/runner/docker-compose.dashboard.yml
+#COMPOSE_PROJECT_NAME=
+
+
+## DRONE RUNNER
+#https://docs.drone.io/runner/docker/configuration/reference/
+
+### Docker
+# https://hub.docker.com/r/drone/drone-runner-docker/tags
+DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.8.0
+DRONE_RUNNER_CONTAINER_NAME=drone-server
+
+### Drone
+# https://docs.drone.io/runner/docker/installation/linux/
+DRONE_RPC_HOST=drone.cool.life
+DRONE_RPC_PROTO=https
+DRONE_RPC_SECRET=change-me
+DRONE_RUNNER_HOST=ci-runner.cool.life
+DRONE_RUNNER_CAPACITY=2
+DRONE_RUNNER_NAME=drone-runner
+DRONE_UI_USERNAME=resilien
+DRONE_UI_PASSWORD=change-me
+DRONE_UI_DISABLE=false
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ENTRYPOINTS=
--- a/drone/runner/README.md
+++ b/drone/runner/README.md
@ -0,0 +1,11 @@
+# Drone CI Runner
+
+Il existe plusieurs _runner_ nous parlerons ici que du _runner_ Docker.
+
+## Installation
+
+L'installation de la partie _runner_ a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
+
+Il est possible de mettre en place une interface utilisateur pour visualiser les logs, les tâches exécutées. C'est pratique pour débugger.
+
+Le coté multiplatforme permet d'avoir plusieurs _runner_ sur des architectures différentes selon là où on les déploie.
--- a/drone/runner/docker-compose.dashboard.yml
+++ b/drone/runner/docker-compose.dashboard.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/runner/docker/configuration/dashboard/
+
+services:
+  drone-runner:
+    environment:
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-ui-username/
+      DRONE_UI_USERNAME: ${DRONE_UI_USERNAME:?err}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-ui-password/
+      DRONE_UI_PASSWORD: ${DRONE_UI_PASSWORD:?err}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-ui-disable/
+      DRONE_UI_DISABLE: ${DRONE_UI_DISABLE:-false}
--- a/drone/runner/docker-compose.local.yml
+++ b/drone/runner/docker-compose.local.yml
@ -0,0 +1,8 @@
+---
+
+version: "3.8"
+
+services:
+  drone-runner:
+    ports:
+      - "3000:3000"
--- a/drone/runner/docker-compose.logging.yml
+++ b/drone/runner/docker-compose.logging.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/runner/docker/configuration/logging/
+
+services:
+  drone-runner:
+    environment:
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-debug/
+      DRONE_DEBUG: ${DRONE_DEBUG:-false}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http/
+      DRONE_RPC_DUMP_HTTP: ${DRONE_RPC_DUMP_HTTP:-false}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http-body/
+      DRONE_RPC_DUMP_HTTP_BODY: ${DRONE_RPC_DUMP_HTTP_BODY-:false}
--- a/drone/runner/docker-compose.traefik.yml
+++ b/drone/runner/docker-compose.traefik.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME}
+
+services:
+  drone-runner:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.rule=Host(`${DRONE_RUNNER_HOST:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
--- a/drone/runner/docker-compose.yml
+++ b/drone/runner/docker-compose.yml
@ -0,0 +1,26 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/runner/docker/installation/linux/
+
+services:
+  drone-runner:
+    container_name: ${DRONE_RUNNER_CONTAINER_NAME}
+    image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0}
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-host/
+      DRONE_RPC_HOST: ${DRONE_RPC_HOST:?err}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-proto/
+      DRONE_RPC_PROTO: ${DRONE_RPC_PROTO:-https}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-secret/
+      DRONE_RPC_SECRET: ${DRONE_RPC_SECRET:?err}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-runner-capacity/
+      DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY:-2}
+      # https://docs.drone.io/runner/docker/configuration/reference/drone-runner-name/
+      DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
--- a/drone/server/.env
+++ b/drone/server/.env
@ -0,0 +1,65 @@
+########
+# DOCKER
+
+#DOCKER_CONTEXT=
+#DOCKER_HOST=
+SERVICES_DIR=../..
+COMPOSE_FILE=${SERVICES_DIR}/drone/server/docker-compose.yml:${SERVICES_DIR}/drone/server/docker-compose.user.yml:${SERVICES_DIR}/drone/server/docker-compose.traefik.yml:${SERVICES_DIR}/drone/server/docker-compose.postgres.yml:${SERVICES_DIR}/drone/server/docker-compose.header.yml:${SERVICES_DIR}/drone/server/docker-compose.gitea.yml:${SERVICES_DIR}/drone/server/docker-compose.cookie.yml:${SERVICES_DIR}/postgres/docker-compose.yml
+#COMPOSE_PROJECT_NAME=
+
+
+## DRONE SERVER
+# https://docs.drone.io/server/reference/
+
+### Docker
+# https://hub.docker.com/r/drone/drone/tags
+DRONE_SERVER_IMAGE=drone/drone:2.8.0
+DRONE_SERVER_VOLUME_NAME=drone-server
+DRONE_SERVER_CONTAINER_NAME=drone-server
+
+### Drone
+
+DRONE_RPC_SECRET=change-me
+DRONE_SERVER_HOST=ci.cool.life
+DRONE_SERVER_PROTO=https
+
+### User
+DRONE_ADMIN_USER=resilien
+DRONE_ADMIN_TOKEN=change-me
+DRONE_USER_FILTER=resilien
+DRONE_REGISTRATION_CLOSED=true
+
+### Gitea
+# https://docs.drone.io/server/provider/gitea/
+#DRONE_GIT_ALWAYS_AUTH=
+DRONE_GITEA_SERVER=gitea.cool.life
+DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
+DRONE_GITEA_CLIENT_SECRET=change-me
+
+## Header
+# https://docs.drone.io/server/headers/
+#DRONE_HTTP_SSL_REDIRECT=
+#DRONE_HTTP_SSL_TEMPORARY_REDIRECT=
+#DRONE_HTTP_SSL_HOST=
+#DRONE_HTTP_STS_SECONDS=
+
+### Cookie
+# https://docs.drone.io/server/cookie/
+DRONE_COOKIE_SECRET=change-me
+#DRONE_COOKIE_TIMEOUT=720h
+
+### POSTGRES
+# https://docs.drone.io/server/storage/encryption/
+DRONE_DATABASE_SECRET=change-me
+POSTGRES_USER=user
+POSTGRES_PASSWORD=password
+POSTGRES_VOLUME_NAME=postgres
+POSTGRES_CONTAINER_NAME=postgres
+POSTGRES_DB=drone
+
+#########
+# TRAEFIK
+
+#TRAEFIK_NETWORK_NAME=
+#TRAEFIK_ROUTER_NAME=                                       # Don't use char '.'
+#TRAEFIK_ENTRYPOINTS=
--- a/drone/server/README.md
+++ b/drone/server/README.md
@ -0,0 +1,41 @@
+# Drone CI Server
+
+## Installation
+
+L'installation de la partie serveur a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
+
+## Configuration
+
+Une fois un Drone installé il faut le configurer avec l'utilisation du CLI.
+
+### Installation du CLI
+
+Voir la [documentation officielle](https://docs.drone.io/cli/install/#install-on-linux).
+
+### Configuration du CLI en local
+
+Il faut :
+- l'url de l'instance (`DRONE_SERVER_HOST`)
+- le protocol de l'instance (`DRONE_SERVER_PROTO`)
+- le token de l'administrateur (`DRONE_ADMIN_TOKEN`)
+
+```
+export DRONE_SERVER=${DRONE_SERVER_PROTO}://${DRONE_SERVER_HOST}
+export DRONE_TOKEN=${DRONE_ADMIN_TOKEN}
+```
+
+[Documentation officielle](https://docs.drone.io/cli/configure/)
+
+### Les utilisateurs
+
+Il faut ajouter les utilisateurs non admin :
+
+```
+drone user add kosssi
+drone user add killian
+drone user add prometheus --machine --token=${PROMETHEUS_TOKEN}
+```
+
+En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}`
+
+[Documentation officielle](https://docs.drone.io/cli/user/drone-user-add/)
--- a/drone/server/docker-compose.cookie.yml
+++ b/drone/server/docker-compose.cookie.yml
@ -0,0 +1,13 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/cookie/
+
+services:
+  drone-server:
+    environment:
+      # https://docs.drone.io/server/reference/drone-cookie-secret/
+      DRONE_COOKIE_SECRET: ${DRONE_COOKIE_SECRET:?err}
+      # https://docs.drone.io/server/reference/drone-cookie-timeout/
+      DRONE_COOKIE_TIMEOUT: ${DRONE_COOKIE_TIMEOUT:-720h} # Default value 30 days
--- a/drone/server/docker-compose.gitea.yml
+++ b/drone/server/docker-compose.gitea.yml
@ -0,0 +1,17 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/provider/gitea/
+
+services:
+  drone-server:
+    environment:
+      # https://docs.drone.io/server/reference/drone-git-always-auth/
+      DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH:-true}
+      # https://docs.drone.io/server/reference/drone-gitea-server/
+      DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER:?err}
+      # https://docs.drone.io/server/reference/drone-gitea-client-id/
+      DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID:?err}
+      # https://docs.drone.io/server/reference/drone-gitea-client-secret/
+      DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET:?err}
--- a/drone/server/docker-compose.header.yml
+++ b/drone/server/docker-compose.header.yml
@ -0,0 +1,13 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/headers/
+
+services:
+  drone-server:
+    environment:
+      DRONE_HTTP_SSL_REDIRECT: ${DRONE_HTTP_SSL_REDIRECT:-true}
+      DRONE_HTTP_SSL_TEMPORARY_REDIRECT: ${DRONE_HTTP_SSL_TEMPORARY_REDIRECT:-true}
+      DRONE_HTTP_SSL_HOST: ${DRONE_SERVER_HOST}
+      DRONE_HTTP_STS_SECONDS: ${DRONE_HTTP_STS_SECONDS:-315360000}
--- a/drone/server/docker-compose.local.yml
+++ b/drone/server/docker-compose.local.yml
@ -0,0 +1,8 @@
+---
+
+version: "3.8"
+
+services:
+  drone-server:
+    ports:
+      - "3000:3000"
--- a/drone/server/docker-compose.logging.yml
+++ b/drone/server/docker-compose.logging.yml
@ -0,0 +1,19 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/logging/
+
+services:
+  drone-server:
+    environment:
+      # https://docs.drone.io/server/reference/drone-logs-debug/
+      DRONE_LOGS_DEBUG: ${DRONE_LOGS_DEBUG:-true}
+      # https://docs.drone.io/server/reference/drone-logs-text/
+      DRONE_LOGS_TEXT: ${DRONE_LOGS_TEXT:-true}
+      # https://docs.drone.io/server/reference/drone-logs-pretty/
+      DRONE_LOGS_PRETTY: ${DRONE_LOGS_PRETTY:-true}
+      # https://docs.drone.io/server/reference/drone-logs-color/
+      DRONE_LOGS_COLOR: ${DRONE_LOGS_COLOR:-true}
+      # https://docs.drone.io/server/reference/drone-logs-trace/
+      DRONE_LOGS_TRACE: ${DRONE_LOGS_TRACE:-false}
--- a/drone/server/docker-compose.postgres.yml
+++ b/drone/server/docker-compose.postgres.yml
@ -0,0 +1,16 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/storage/database/
+# https://docs.drone.io/server/storage/encryption/
+
+services:
+  drone-server:
+    environment:
+      # https://docs.drone.io/server/reference/drone-database-secret/
+      DRONE_DATABASE_SECRET: ${DRONE_DATABASE_SECRET}
+      # https://docs.drone.io/server/reference/drone-database-driver/
+      DRONE_DATABASE_DRIVER: postgres
+      # https://docs.drone.io/server/reference/drone-database-datasource/
+      DRONE_DATABASE_DATASOURCE: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}?sslmode=disable
--- a/drone/server/docker-compose.traefik.yml
+++ b/drone/server/docker-compose.traefik.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+networks:
+  default:
+    name: ${TRAEFIK_NETWORK_NAME}
+
+services:
+  drone-server:
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.rule=Host(`${DRONE_SERVER_HOST:?err}`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
--- a/drone/server/docker-compose.user.yml
+++ b/drone/server/docker-compose.user.yml
@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+# https://docs.drone.io/server/user/registration/
+
+services:
+  drone-server:
+    environment:
+      # https://docs.drone.io/server/reference/drone-user-create/
+      DRONE_USER_CREATE: username:${DRONE_ADMIN_USER:?err},machine:false,admin:true,token:${DRONE_ADMIN_TOKEN:?err}
+      # https://docs.drone.io/server/reference/drone-user-filter/
+      DRONE_USER_FILTER: ${DRONE_USER_FILTER:?err}
+      # https://docs.drone.io/server/reference/drone-registration-closed/
+      DRONE_REGISTRATION_CLOSED: ${DRONE_REGISTRATION_CLOSED:-true}
--- a/drone/server/docker-compose.yml
+++ b/drone/server/docker-compose.yml
@ -0,0 +1,24 @@
+---
+
+version: "3.8"
+
+volumes:
+  drone-server:
+    name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}
+
+services:
+  drone-server:
+    container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
+    image: ${DRONE_SERVER_IMAGE:-drone/drone:2.8.0}
+    restart: always
+    environment:
+      # https://docs.drone.io/server/reference/drone-rpc-secret/
+      DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
+      # https://docs.drone.io/server/reference/drone-server-host/
+      DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
+      # https://docs.drone.io/server/reference/drone-server-proto/
+      DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO:-https}
+    volumes:
+      - drone-server:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro