# Sources for this configuration:
# - https://woodpecker-ci.org/docs/administration/deployment/nixos
# - https://woodpecker-ci.org/docs/administration/server-config
# - https://woodpecker-ci.org/docs/administration/database
# - https://woodpecker-ci.org/docs/administration/forges/forgejo
# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING

{ config, pkgs, pkgs-unstable, ... }:

{
  services.woodpecker-server = {
    enable = true;
    # Use package from unstable to get at least version 2.6.0 for native Forgejo support.
    # https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0
    package = pkgs-unstable.woodpecker-server;
    environment = {
      WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
      WOODPECKER_SERVER_ADDR = ":8001";
      WOODPECKER_GRPC_ADDR = ":9000";
      WOODPECKER_ADMIN = "june";
      WOODPECKER_OPEN = "true";
      WOODPECKER_ORGS = "CCCHH";
      WOODPECKER_DATABASE_DRIVER = "postgres";
      WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
      WOODPECKER_FORGEJO = "true";
      WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
      # Set via enviornmentFile:
      # WOODPECKER_FORGEJO_CLIENT
      # WOODPECKER_FORGEJO_SECRET
    };
    environmentFile = [ "/run/secrets/woodpecker_server_environment_file" ];
  };

  systemd.services.woodpecker-server.serviceConfig = {
    User = "woodpecker-server";
    Group = "woodpecker-server";
  };

  sops.secrets."woodpecker_server_environment_file" = {
    mode = "0440";
    owner = "root";
    group = "root";
    restartUnits = [ "woodpecker-server.service" ];
  };
}