Set WOODPECKER_LIMIT_MEM to 6 GB for woodpecker

so pipelines don't get killed by OOM.
fix: use tar file
2024-11-17 22:43:51 +01:00 · 2024-11-17 21:15:05 +01:00 · 2024-11-17 21:06:27 +01:00 · 2024-11-17 20:33:38 +01:00 · 2024-11-17 20:25:16 +01:00
4 changed files with 79 additions and 61 deletions
--- a/config/common/users.nix
+++ b/config/common/users.nix
@ -6,14 +6,9 @@
 # - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
 # - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, authorizedKeysRepo, ... }:
 let
  authorizedKeysRepo = builtins.fetchGit {
    url = "forgejo@git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git"; 
    ref = "trunk";
    rev = "686a6af22f6696f0c0595c56f463c078550049fc";
  };
  authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
 in
 {
--- a/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix
+++ b/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix
@ -22,6 +22,7 @@
      WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
      WOODPECKER_FORGEJO = "true";
      WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
      WOODPECKER_LIMIT_MEM = "6442450944"; # 6GB
      # Set via enviornmentFile:
      # WOODPECKER_FORGEJO_CLIENT
      # WOODPECKER_FORGEJO_SECRET
--- a/flake.lock
+++ b/flake.lock
@ -1,12 +1,26 @@
 {
  "nodes": {
    "authorizedKeysRepo": {
      "flake": false,
      "locked": {
        "lastModified": 1731276342,
        "narHash": "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=",
        "rev": "686a6af22f6696f0c0595c56f463c078550049fc",
        "type": "tarball",
        "url": "https://git.hamburg.ccc.de/api/v1/repos/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz?rev=686a6af22f6696f0c0595c56f463c078550049fc"
      },
      "original": {
        "type": "tarball",
        "url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz"
      }
    },
    "nixlib": {
      "locked": {
-        "lastModified": 1729386149,
+        "lastModified": 1731200463,
-        "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
+        "narHash": "sha256-qDaAweJjdFbVExqs8aG27urUgcgKufkIngHW3Rzustg=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
+        "rev": "e04234d263750db01c78a412690363dc2226e68a",
        "type": "github"
      },
      "original": {
@ -18,16 +32,14 @@
    "nixos-generators": {
      "inputs": {
        "nixlib": "nixlib",
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs"
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1729472750,
+        "lastModified": 1731546190,
-        "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
+        "narHash": "sha256-kJix8nLyFIJ3EC7VtoXK/85C4ZN2dC5oWoS8+ErehqI=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
+        "rev": "06ffce1a8d95e95c06a4bcfa117dd960b14a7101",
        "type": "github"
      },
      "original": {
@ -38,11 +50,27 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1731133565,
+        "lastModified": 1731245184,
-        "narHash": "sha256-tCErjTdCUWK06LzkcvwUM+3pyrrmdf8e0VDBBTgqznE=",
+        "narHash": "sha256-vmLS8+x+gHRv1yzj3n+GTAEObwmhxmkkukB2DwtJRdU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "aebe249544837ce42588aa4b2e7972222ba12e8f",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1731842749,
        "narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "11f65b4b0405cff5b54c813626bddcf5435d7ad2",
+        "rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682",
        "type": "github"
      },
      "original": {
@ -52,26 +80,11 @@
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1730602179,
        "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "authorizedKeysRepo": "authorizedKeysRepo",
        "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "sops-nix": "sops-nix"
      }
    },
@ -79,15 +92,14 @@
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
-        ],
+        ]
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1731213149,
+        "lastModified": 1731862312,
-        "narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=",
+        "narHash": "sha256-NVUTFxKrJp/hjehlF1IvkPnlRYg/O9HFVutbxOM8zNM=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7",
+        "rev": "472741cf3fee089241ac9ea705bb2b9e0bfa2978",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -11,7 +11,7 @@
    # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
    nixos-generators = {
      url = "github:nix-community/nixos-generators";
-      inputs.nixpkgs.follows = "nixpkgs";
+      #inputs.nixpkgs.follows = "nixpkgs";
    };
    # Add sops-nix as an input for secret management.
@ -20,10 +20,18 @@
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    authorizedKeysRepo = {
      url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz";
      flake = false;
    };
  };
-  outputs = { self, nixpkgs, nixos-generators, sops-nix, ... }:
+  outputs = { self, nixpkgs, nixos-generators, sops-nix, authorizedKeysRepo, ... }:
    let
      specialArgs = {
        inherit authorizedKeysRepo;
      };
      system = "x86_64-linux";
    in
    {
@ -43,7 +51,7 @@
      };
      nixosConfigurations = {
        audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -53,7 +61,7 @@
        };
        audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -63,7 +71,7 @@
        };
        esphome = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -72,7 +80,7 @@
        };
        public-reverse-proxy = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -81,7 +89,7 @@
        };
        netbox = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -92,7 +100,7 @@
        };
        matrix = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -103,7 +111,7 @@
        };
        public-web-static = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -114,7 +122,7 @@
        };
        git = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -125,7 +133,7 @@
        };
        forgejo-actions-runner = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -136,7 +144,7 @@
        };
        ptouch-print-server = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -145,7 +153,7 @@
        };
        eh22-wiki = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -155,7 +163,7 @@
        };
        nix-box-june = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -165,7 +173,7 @@
        };
        yate = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -174,7 +182,7 @@
        };
        mqtt = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -183,7 +191,7 @@
        };
        mjolnir = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -194,7 +202,7 @@
        };
        woodpecker = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -205,7 +213,7 @@
        };
        status = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -215,7 +223,7 @@
        };
        penpot = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -226,7 +234,7 @@
        };
        hydra = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
          modules = [
            self.nixosModules.common
            self.nixosModules.proxmox-vm
@ -238,6 +246,7 @@
      packages.x86_64-linux = {
        proxmox-nixos-template = nixos-generators.nixosGenerate {
          inherit specialArgs;
          system = "x86_64-linux";
          modules = [
            ./config/nixos-generators/proxmox.nix
@ -248,6 +257,7 @@
        };
        proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
          inherit specialArgs;
          system = "x86_64-linux";
          modules = [
            ./config/nixos-generators/proxmox-chaosknoten.nix
Author	SHA1	Message	Date
christian	c78c278627	Set WOODPECKER_LIMIT_MEM to 6 GB for woodpecker so pipelines don't get killed by OOM.	2024-11-17 22:43:51 +01:00
jopejoe1	e3c677ea9b	fix: use tar file	2024-11-17 21:15:05 +01:00
christian	ecd9fe4adf	fix: use http clone url from forgejo	2024-11-17 21:06:27 +01:00
jopejoe1	2003367108	move authorized keys to flake input	2024-11-17 20:33:38 +01:00
christian	53e33a6641	flake.lock: Update Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565' (2024-10-21) → 'github:nix-community/nixos-generators/06ffce1a8d95e95c06a4bcfa117dd960b14a7101' (2024-11-14) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/cce4521b6df014e79a7b7afc58c703ed683c916e' (2024-10-20) → 'github:nix-community/nixpkgs.lib/e04234d263750db01c78a412690363dc2226e68a' (2024-11-10) • Updated input 'nixos-generators/nixpkgs': follows 'nixpkgs' → 'github:NixOS/nixpkgs/aebe249544837ce42588aa4b2e7972222ba12e8f' (2024-11-10) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/11f65b4b0405cff5b54c813626bddcf5435d7ad2' (2024-11-09) → 'github:nixos/nixpkgs/bf6132dc791dbdff8b6894c3a85eb27ad8255682' (2024-11-17) • Updated input 'sops-nix': 'github:Mic92/sops-nix/f1675e3b0e1e663a4af49be67ecbc9e749f85eb7' (2024-11-10) → 'github:Mic92/sops-nix/472741cf3fee089241ac9ea705bb2b9e0bfa2978' (2024-11-17) • Removed input 'sops-nix/nixpkgs-stable'	2024-11-17 20:25:16 +01:00