Use an agent token for Woodpecker agent to stop it from re-registering

With the shared system token, every time the Woodpecker host would restart, a new Woodpecker agent registration would be created, because the agent receives a unique ID on first connection using the system token, which it couldn't store however, because it doesn't have a writable config file in NixOS. Use an agent token now, which doesn't require the agent to store a unique ID in a wrtiable config, therefore not making it re-register. Also see: https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
2024-06-22 16:26:58 +02:00 · 2024-06-22 16:26:58 +02:00 · f5432bd682
commit f5432bd682
parent 1aff46745a
3 changed files with 11 additions and 18 deletions
--- a/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix
+++ b/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix
@ -19,9 +19,13 @@
      # Set via enviornmentFile:
      # WOODPECKER_AGENT_SECRET
    };
-    environmentFile = [ "/run/secrets/woodpecker_agent_secret_environment_file" ];
+    environmentFile = [ "/run/secrets/woodpecker_agent_environment_file" ];
  };

-  # Remainder defined in ../woodpecker-server/woodpecker-server.nix
-  sops.secrets."woodpecker_agent_secret_environment_file".restartUnits = [ "woodpecker-agent-podman.service" ];
+  sops.secrets."woodpecker_agent_environment_file" = {
+    mode = "0440";
+    owner = "root";
+    group = "root";
+    restartUnits = [ "woodpecker-agent-podman.service" ];
+  };
 }