Use an agent token for Woodpecker agent to stop it from re-registering

With the shared system token, every time the Woodpecker host would restart, a new Woodpecker agent registration would be created, because the agent receives a unique ID on first connection using the system token, which it couldn't store however, because it doesn't have a writable config file in NixOS. Use an agent token now, which doesn't require the agent to store a unique ID in a wrtiable config, therefore not making it re-register. Also see: https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
2024-06-22 16:26:58 +02:00 · 2024-06-22 16:26:58 +02:00 · f5432bd682
commit f5432bd682
parent 1aff46745a
3 changed files with 11 additions and 18 deletions
--- a/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix
+++ b/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix
@ -27,12 +27,8 @@
      # Set via enviornmentFile:
      # WOODPECKER_FORGEJO_CLIENT
      # WOODPECKER_FORGEJO_SECRET
-      # WOODPECKER_AGENT_SECRET
    };
-    environmentFile = [
-      "/run/secrets/woodpecker_server_environment_file"
-      "/run/secrets/woodpecker_agent_secret_environment_file"
-    ];
+    environmentFile = [ "/run/secrets/woodpecker_server_environment_file" ];
  };

  systemd.services.woodpecker-server.serviceConfig = {
@ -46,11 +42,4 @@
    group = "root";
    restartUnits = [ "woodpecker-server.service" ];
  };
-
-  sops.secrets."woodpecker_agent_secret_environment_file" = {
-    mode = "0440";
-    owner = "root";
-    group = "root";
-    restartUnits = [ "woodpecker-server.service" ];
-  };
 }