From e9de65677ed098d7be22aef31e9d8cfa220c2d61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= <lukas@kucharczyk.xyz>
Date: Thu, 7 Dec 2023 11:28:33 +0100
Subject: [PATCH] drone: encrypt secrets

---
 secrets/drone.env        | Bin 0 -> 243 bytes
 services/drone/drone.env |   1 -
 services/drone/drone.yml |   8 ++++++--
 3 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 secrets/drone.env

diff --git a/secrets/drone.env b/secrets/drone.env
new file mode 100644
index 0000000000000000000000000000000000000000..440de0b61132f9d0a711564fe0b1736ace568012
GIT binary patch
literal 243
zcmV<P01W>CM@dveQdv+`0In({jm(u?;X~1A4kATz#5?xodT751luaRHYRrV)m)!?*
z<bGP?u}*bY4%5K#dYLTH7(MzRj_5TTEnO&9-w<c}Ix%fvTDky&NZV<&%m3lBqPql{
zbG;{kh;WIC@D>WB#T>6&!vrBtq69k4%H4BW^bl}CooqM78~#*mSmWoSmWYE{P6t*m
zw}%wk(#E1V#muC}EA-wrz-&z%UJt_v1Ma{|xjhsv{J;$Iw!wm(1H4M--b;}<<@ej<
tz!m9__52U(?Dn(xqy=a!4j`s3P-&s2>d}#kL)QMvo=cTo7FUK|2bKl?c!~f3

literal 0
HcmV?d00001

diff --git a/services/drone/drone.env b/services/drone/drone.env
index 3744b8a..5779873 100644
--- a/services/drone/drone.env
+++ b/services/drone/drone.env
@@ -1,3 +1,2 @@
-DRONE_RPC_SECRET=c9abde046b241975770a775fca86e4c9
 DRONE_SERVER_HOST=drone.${DOMAIN}
 DRONE_RPC_HOST=${DRONE_SERVER_HOST}
\ No newline at end of file
diff --git a/services/drone/drone.yml b/services/drone/drone.yml
index 7a6b519..72b010b 100644
--- a/services/drone/drone.yml
+++ b/services/drone/drone.yml
@@ -10,12 +10,14 @@ services:
       - ${DOCKER_STORAGE_PATH}/drone:/data
     env_file:
       - drone.env
+      - ../../secrets/drone.env
     environment:
-      - DRONE_GITEA_CLIENT_ID=0d11d359-a420-4a66-a04c-0a136448b7e7
-      - DRONE_GITEA_CLIENT_SECRET=Qx0LqE0Qb-M3MZAiojtlILRY3nfNzOiUUTdOCpW7Feo=
+      - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID_VALUE}
+      - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET_VALUE}
       - DRONE_GITEA_SERVER=https://git.${DOMAIN}
       - DRONE_SERVER_PROTO=https
       - DRONE_USER_CREATE=username:lukas,admin:true
+      - DRONE_RPC_SECRET=${DRONE_RPC_SECRET_VALUE}
     profiles:
       - base
     restart: unless-stopped
@@ -30,10 +32,12 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
     env_file:
       - drone.env
+      - ../../secrets/drone.env
     environment:
       - DRONE_RPC_PROTO=https
       - DRONE_RUNNER_CAPACITY=1
       - DRONE_RUNNER_NAME=nas-docker-runner
+      - DRONE_RPC_SECRET=${DRONE_RPC_SECRET_VALUE}
     profiles:
       - base
     restart: unless-stopped