Cristian Gutierrez/Using Drone CI/CD with Traefik on NixOS

Created Fri, 15 Jan 2021 00:19:14 +0200 Modified Fri, 05 Aug 2022 18:10:10 +0000
536 Words Reading time 3 min

In this post we are going to see how to configure our own CI/CD environment with Drone, integrated with Traefik as reverse proxy and NixOS as operating system using github repositories.

First we need to create an OAuth application in github and our RPC secret can be seen in this post or also in the drone docs.

To create our RPC secret we will do the following:

$ openssl rand -hex 16 bea26a2221fd8090ea38720fc445eca6

Once we have our client ID and our client secret we proceed to create our docker-compose.yml to deploy our drone container.

version: '3.7'

    container_name: drone-server
    image: drone/drone:1
    restart: unless-stopped
      - ./drone:/data
      - DRONE_GITHUB_CLIENT_ID=<Your_Client_ID>
      - DRONE_GITHUB_CLIENT_SECRET=<Your_Client_secret>
      - DRONE_RPC_SECRET=<Your_RPC_secret>
      - DRONE_SERVER_PROTO=https
      - DRONE_USER_CREATE=username:<Your_Github_username>,admin:true
      - traefik.enable=true
      - traefik.http.routers.drone.entryPoints=web-secure
      - traefik.http.routers.drone.rule=Host(`Your_URL`)
      - traefik.http.routers.drone.tls.certresolver=default

Then we deploy our container with: > $ docker-compose up -d

Once our server is up, we are going to run our host runner executor and for this we download the drone-exec binary from the drone web site:

$ curl -L | tar zx

Once downloaded we have to move it to /root/bin/ and then in the configuration.nix add the following:

environment.etc.drone-runner-exec = {
  target = "drone-runner-exec/config";
  text = ''
}; = {
  description = "Drone Exec Runner";
  startLimitIntervalSec = 5;
  serviceConfig = {
    ExecStart = "/root/bin/drone-runner-exec service run --config /etc/drone-runner-exec/config";
  wantedBy = [ "" ];
  path = [ pkgs.git pkgs.docker pkgs.docker-compose ];


nixos-rebuild switch

Now we access our Drone URL and authenticate with our Github account.

So far we have set up our infrastructure with Drone, from here on everyone can do what they need, in my case let’s see how I have it set up so that every time I create a post and push it to the github repo, the deployment is automatically done and the nginx container is updated with the modifications.

Once inside the web of our drone, we activate the repository that we want in my case the repository of this blog.

To perform the configuration our repository must have 3 essential files in the repository root:


In this file we basically configure the actions to be performed by drone in our case simply performs the docker build and then raises the container.

kind: pipeline
type: exec
name: default

  os: linux
  arch: amd64

- name: build
    - docker build -t bloglord .

- name: run
    - docker-compose down -v
    - docker-compose up -d --build


Little to comment on this file, simply copy the contents of public in the html folder of the nginx container.

FROM nginx:alpine
COPY public/ /usr/share/nginx/html


The compose of the container where we provide traefik labels.

version: '3.7'

    image: bloglord
    container_name: blog
    restart: unless-stopped
      - traefik.enable=true
      - traefik.http.routers.bloglord.entryPoints=web-secure
      - traefik.http.routers.bloglord.rule=Host(``)
      - traefik.http.routers.bloglord.tls.certresolver=default

    name: bloglord-network

Once all this is done we can check it by performing a commit where we will see how we have automated the modifications to the blog.

If something went wrong we could see it in the activity feed of each commit.

And our Drone would be ready for everything we need.

I hope you found it useful.