nix-infra/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix
June 2b276b2c97
Use an agent token for Woodpecker agent to stop it from re-registering
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.

Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
2024-10-21 17:49:03 +02:00

45 lines
1.6 KiB
Nix

# Sources for this configuration:
# - https://woodpecker-ci.org/docs/administration/deployment/nixos
# - https://woodpecker-ci.org/docs/administration/server-config
# - https://woodpecker-ci.org/docs/administration/database
# - https://woodpecker-ci.org/docs/administration/forges/forgejo
# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
{ config, pkgs, pkgs-unstable, ... }:
{
services.woodpecker-server = {
enable = true;
# Use package from unstable to get at least version 2.6.0 for native Forgejo support.
# https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0
package = pkgs-unstable.woodpecker-server;
environment = {
WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
WOODPECKER_SERVER_ADDR = ":8001";
WOODPECKER_GRPC_ADDR = ":9000";
WOODPECKER_ADMIN = "june";
WOODPECKER_OPEN = "true";
WOODPECKER_ORGS = "CCCHH";
WOODPECKER_DATABASE_DRIVER = "postgres";
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
WOODPECKER_FORGEJO = "true";
WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
# Set via enviornmentFile:
# WOODPECKER_FORGEJO_CLIENT
# WOODPECKER_FORGEJO_SECRET
};
environmentFile = [ "/run/secrets/woodpecker_server_environment_file" ];
};
systemd.services.woodpecker-server.serviceConfig = {
User = "woodpecker-server";
Group = "woodpecker-server";
};
sops.secrets."woodpecker_server_environment_file" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "woodpecker-server.service" ];
};
}