From 25ba73e6ddbabd26202b08ee0d4b27a31a3e64d5 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Fri, 10 May 2019 12:09:06 +0200
Subject: [PATCH] run container in privileged mode if needed

---
 defaults/main.yml                         | 2 ++
 templates/services/droneci-compose.yml.j2 | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index bd4c613..c52f4a1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -15,11 +15,13 @@ droneci_server_exposed_ip: 127.0.0.1
 # droneci_server_memory_limit: 512m # defaults to not set
 # droneci_server_memory_reservation: 256m # defaults to not set
 # droneci_server_extra_hosts: []
+droneci_server_privileged: False
 
 droneci_agent_image: "drone/agent:{{ droneci_version }}"
 dronevi_agent_capacity: 2
 # droneci_agent_memory_limit: 512m # defaults to not set
 # droneci_agent_memory_reservation: 256m # defaults to not set
+droneci_agent_privileged: False
 
 droneci_postgres_enabled: False
 droneci_postgres_ssl_mode: disable
diff --git a/templates/services/droneci-compose.yml.j2 b/templates/services/droneci-compose.yml.j2
index 738210a..35a37f9 100644
--- a/templates/services/droneci-compose.yml.j2
+++ b/templates/services/droneci-compose.yml.j2
@@ -20,6 +20,9 @@ services:
       - {{ '"' + host + '"' }}
     {% endfor %}
     {% endif %}
+    {% if droneci_server_privileged %}
+    privileged: true
+    {% endif %}
     environment:
       - DRONE_SERVER_HOST={{ droneci_host | urlsplit('hostname') }}
       - DRONE_SERVER_PROTO={{ droneci_host | urlsplit('scheme') }}
@@ -60,6 +63,9 @@ services:
       - droneserver
     volumes:
       - {{ droneci_docker_socket_path }}:/var/run/docker.sock
+    {% if droneci_agent_privileged %}
+    privileged: true
+    {% endif %}
     environment:
       - DRONE_RPC_SERVER=http://droneserver
       - DRONE_RPC_SECRET={{ droneci_secret }}