CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 2
Code Issues 1 Pull requests 1 Wiki Activity

Use an agent token for Woodpecker agent to stop it from re-registering

Browse source 
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.

Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
This commit is contained in:
June 2024-06-22 16:26:58 +02:00 committed by echtnurich
commit 2b276b2c97
Signed by: echtnurich
SSH key fingerprint: SHA256:1eIkxME0VPeXC2WMl9Haus+q0SLFymSAWU7f6Z+A8Aw
3 changed files with 11 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

13
config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix
View file

@ -27,12 +27,8 @@
# Set via enviornmentFile:
# WOODPECKER_FORGEJO_CLIENT
# WOODPECKER_FORGEJO_SECRET
# WOODPECKER_AGENT_SECRET
};
environmentFile = [
"/run/secrets/woodpecker_server_environment_file"
"/run/secrets/woodpecker_agent_secret_environment_file"
];
environmentFile = [ "/run/secrets/woodpecker_server_environment_file" ];
};
systemd.services.woodpecker-server.serviceConfig = {
@ -46,11 +42,4 @@
group = "root";
restartUnits = [ "woodpecker-server.service" ];
};
sops.secrets."woodpecker_agent_secret_environment_file" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "woodpecker-server.service" ];
};
}