nix-infra/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix

# Sources for this configuration:
# - https://woodpecker-ci.org/docs/administration/deployment/nixos
# - https://woodpecker-ci.org/docs/administration/server-config
# - https://woodpecker-ci.org/docs/administration/database
# - https://woodpecker-ci.org/docs/administration/forges/forgejo
# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING

{ config, pkgs, pkgs-unstable, ... }:

{
  services.woodpecker-server = {
    enable = true;
    # Use package from unstable to get at least version 2.6.0 for native Forgejo support.
    # https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0
    package = pkgs-unstable.woodpecker-server;
    environment = {
      WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
      WOODPECKER_SERVER_ADDR = ":8001";
      WOODPECKER_GRPC_ADDR = ":9000";
      WOODPECKER_ADMIN = "june";
      WOODPECKER_OPEN = "true";
      WOODPECKER_ORGS = "CCCHH";
      WOODPECKER_DATABASE_DRIVER = "postgres";
      WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
      WOODPECKER_FORGEJO = "true";
      WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
      # Set via enviornmentFile:
      # WOODPECKER_FORGEJO_CLIENT
      # WOODPECKER_FORGEJO_SECRET
      # WOODPECKER_AGENT_SECRET
    };
    environmentFile = [
      "/run/secrets/woodpecker_server_environment_file"
      "/run/secrets/woodpecker_agent_secret_environment_file"
    ];
  };

  systemd.services.woodpecker-server.serviceConfig = {
    User = "woodpecker-server";
    Group = "woodpecker-server";
  };

  sops.secrets."woodpecker_server_environment_file" = {
    mode = "0440";
    owner = "root";
    group = "root";
    restartUnits = [ "woodpecker-server.service" ];
  };

  sops.secrets."woodpecker_agent_secret_environment_file" = {
    mode = "0440";
    owner = "root";
    group = "root";
    restartUnits = [ "woodpecker-server.service" ];
  };
}
Add woodpecker host running a woodpecker-server and -agent for CI 2024-06-22 04:20:38 +02:00			`# Sources for this configuration:`
			`# - https://woodpecker-ci.org/docs/administration/deployment/nixos`
			`# - https://woodpecker-ci.org/docs/administration/server-config`
			`# - https://woodpecker-ci.org/docs/administration/database`
			`# - https://woodpecker-ci.org/docs/administration/forges/forgejo`
			`# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING`

			`{ config, pkgs, pkgs-unstable, ... }:`

			`{`
			`services.woodpecker-server = {`
			`enable = true;`
			`# Use package from unstable to get at least version 2.6.0 for native Forgejo support.`
			`# https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0`
			`package = pkgs-unstable.woodpecker-server;`
			`environment = {`
			`WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";`
			`WOODPECKER_SERVER_ADDR = ":8001";`
			`WOODPECKER_GRPC_ADDR = ":9000";`
			`WOODPECKER_ADMIN = "june";`
			`WOODPECKER_OPEN = "true";`
			`WOODPECKER_ORGS = "CCCHH";`
			`WOODPECKER_DATABASE_DRIVER = "postgres";`
			`WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";`
			`WOODPECKER_FORGEJO = "true";`
			`WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";`
			`# Set via enviornmentFile:`
			`# WOODPECKER_FORGEJO_CLIENT`
			`# WOODPECKER_FORGEJO_SECRET`
			`# WOODPECKER_AGENT_SECRET`
			`};`
			`environmentFile = [`
			`"/run/secrets/woodpecker_server_environment_file"`
			`"/run/secrets/woodpecker_agent_secret_environment_file"`
			`];`
			`};`

			`systemd.services.woodpecker-server.serviceConfig = {`
			`User = "woodpecker-server";`
			`Group = "woodpecker-server";`
			`};`

			`sops.secrets."woodpecker_server_environment_file" = {`
			`mode = "0440";`
			`owner = "root";`
			`group = "root";`
			`restartUnits = [ "woodpecker-server.service" ];`
			`};`

			`sops.secrets."woodpecker_agent_secret_environment_file" = {`
			`mode = "0440";`
			`owner = "root";`
			`group = "root";`
			`restartUnits = [ "woodpecker-server.service" ];`
			`};`
			`}`