June
2b276b2c97
With the shared system token, every time the Woodpecker host would restart, a new Woodpecker agent registration would be created, because the agent receives a unique ID on first connection using the system token, which it couldn't store however, because it doesn't have a writable config file in NixOS. Use an agent token now, which doesn't require the agent to store a unique ID in a wrtiable config, therefore not making it re-register. Also see: https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
45 lines
1.6 KiB
Nix
45 lines
1.6 KiB
Nix
# Sources for this configuration:
|
|
# - https://woodpecker-ci.org/docs/administration/deployment/nixos
|
|
# - https://woodpecker-ci.org/docs/administration/server-config
|
|
# - https://woodpecker-ci.org/docs/administration/database
|
|
# - https://woodpecker-ci.org/docs/administration/forges/forgejo
|
|
# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
|
|
|
|
{ config, pkgs, pkgs-unstable, ... }:
|
|
|
|
{
|
|
services.woodpecker-server = {
|
|
enable = true;
|
|
# Use package from unstable to get at least version 2.6.0 for native Forgejo support.
|
|
# https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0
|
|
package = pkgs-unstable.woodpecker-server;
|
|
environment = {
|
|
WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
|
|
WOODPECKER_SERVER_ADDR = ":8001";
|
|
WOODPECKER_GRPC_ADDR = ":9000";
|
|
WOODPECKER_ADMIN = "june";
|
|
WOODPECKER_OPEN = "true";
|
|
WOODPECKER_ORGS = "CCCHH";
|
|
WOODPECKER_DATABASE_DRIVER = "postgres";
|
|
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
|
|
WOODPECKER_FORGEJO = "true";
|
|
WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
|
|
# Set via enviornmentFile:
|
|
# WOODPECKER_FORGEJO_CLIENT
|
|
# WOODPECKER_FORGEJO_SECRET
|
|
};
|
|
environmentFile = [ "/run/secrets/woodpecker_server_environment_file" ];
|
|
};
|
|
|
|
systemd.services.woodpecker-server.serviceConfig = {
|
|
User = "woodpecker-server";
|
|
Group = "woodpecker-server";
|
|
};
|
|
|
|
sops.secrets."woodpecker_server_environment_file" = {
|
|
mode = "0440";
|
|
owner = "root";
|
|
group = "root";
|
|
restartUnits = [ "woodpecker-server.service" ];
|
|
};
|
|
}
|