nix-infra/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix

# Sources for this configuration:
# - https://woodpecker-ci.org/docs/administration/deployment/nixos
# - https://woodpecker-ci.org/docs/administration/agent-config
# - https://woodpecker-ci.org/docs/administration/backends/docker

{ config, pkgs, pkgs-unstable, ... }:

{
  services.woodpecker-agents.agents."podman" = {
    enable = true;
    # Since we use woodpecker-server from unstable, use the agent from unstable as well.
    package = pkgs-unstable.woodpecker-agent;
    extraGroups = [ "podman" ];
    environment = {
      WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}";
      WOODPECKER_MAX_WORKFLOWS = "4";
      WOODPECKER_BACKEND = "docker";
      DOCKER_HOST = "unix:///run/podman/podman.sock";
      # Set via enviornmentFile:
      # WOODPECKER_AGENT_SECRET
    };
    environmentFile = [ "/run/secrets/woodpecker_agent_environment_file" ];
  };

  sops.secrets."woodpecker_agent_environment_file" = {
    mode = "0440";
    owner = "root";
    group = "root";
    restartUnits = [ "woodpecker-agent-podman.service" ];
  };
}