forked from CCCHH/nix-infra
Last commit didn't do, switching to Docker instead of podman does
This commit is contained in:
parent
be7f6e4917
commit
026e47d055
|
@ -1,5 +1,5 @@
|
||||||
woodpecker_server_environment_file: ENC[AES256_GCM,data:68Wu0UOHBAGZHSJ0x4wbeDLm626jpumv9w6A65FNKsmzYp6P4/c4g1MF1agQd7l9nKMTRrgyJyfoEZYFQRX6lYSmcsQLfn++uh1JpFoClT5p/5hBkiDq4owUFU+NGUiyl6yjYlEiaxLwC4ZdyISHeEYpbrvGyIXLsFgdrQ0rVX3cCRwIMxFcyCG6d3MZVoqAw1A=,iv:y/+X02aRPBOoR57P9s7y/SijvXVLuiBBfFYqeJLvQEU=,tag:DNwK+M6s3moglkMkrWccyA==,type:str]
|
woodpecker_server_environment_file: ENC[AES256_GCM,data:68Wu0UOHBAGZHSJ0x4wbeDLm626jpumv9w6A65FNKsmzYp6P4/c4g1MF1agQd7l9nKMTRrgyJyfoEZYFQRX6lYSmcsQLfn++uh1JpFoClT5p/5hBkiDq4owUFU+NGUiyl6yjYlEiaxLwC4ZdyISHeEYpbrvGyIXLsFgdrQ0rVX3cCRwIMxFcyCG6d3MZVoqAw1A=,iv:y/+X02aRPBOoR57P9s7y/SijvXVLuiBBfFYqeJLvQEU=,tag:DNwK+M6s3moglkMkrWccyA==,type:str]
|
||||||
woodpecker_agent_environment_file: ENC[AES256_GCM,data:7K+Q59QM9ZIr/SE8VQ9jmshjVSeXGzk+h2T9oIDJASZrYppTFx2N68wsKyFm/Y1GDLY3QEELGXOCa7nSZcdMJTOJ9jj5u7HMw3e0CQGxMUGP,iv:vyDQO7uMxyHpK/cb739sktuAq3zv2MZ9xexAZHD0Of4=,tag:WzNn4iWGlO63aLeStsCdRA==,type:str]
|
woodpecker_agent_environment_file: ENC[AES256_GCM,data:rwp6TYYFJ/IZH+3pGhPxjdZMLoyPMr/W1RXm4IkUGn+SmIjHZcdFZ8nEhvOfnkfrXNPc2MR+X6NXUmVOcBjSCbcBjh9sC653UpKimt9I3/Ec,iv:X9JH7dmTayw8BaEsXYil3PrykCdd+/ANGHVfEyRvc7A=,tag:/ErkX1WnruanNgTTBUT6LA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -15,8 +15,8 @@ sops:
|
||||||
UExiNFNCdkQ4YTNMdEdoWTdxOFZOZVEKZZbNpbyH31z5tyXeINqoNyqy8zvS3mp0
|
UExiNFNCdkQ4YTNMdEdoWTdxOFZOZVEKZZbNpbyH31z5tyXeINqoNyqy8zvS3mp0
|
||||||
YFq6P8kO8CaqUG7KH6yWV0Vq4DryQ9vMcQBnboZOfPf9pZUvhacE/Q==
|
YFq6P8kO8CaqUG7KH6yWV0Vq4DryQ9vMcQBnboZOfPf9pZUvhacE/Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-22T14:24:28Z"
|
lastmodified: "2024-06-22T15:55:25Z"
|
||||||
mac: ENC[AES256_GCM,data:1MCBR0fU1wMwmTqLKi6ybFD5YX/yYFMO1JLUpB+ZB+PYH+lvYUwo7x52BNxDDETq+VtU13CJLIM0LleOWl0h0xP9vbMC/YMn+ffeWVBYC8mjqaKXYVyAW8ksXn+vDQ+ZP/RWGOJdaKIPLgIJiVF5hfkSo6smfH378cH72f5cmU4=,iv:BgKHSsElxULJ2EA+8/5w4J/hNLH2S+jNNRTXAl/96V4=,tag:z1HeWXA6Ryo0SacG9HARhw==,type:str]
|
mac: ENC[AES256_GCM,data:UmDbmxSRj8YfCkKEelQNMJ8mzbu5aQdB9yOr9JfUh5TB9r5Z5ttZ1wgJDJqHNtsII3JGXUvbgHbsmbPikkrj4Ege1rrgr4UttN1rtgeaAKlZIlqb9pOnV4//GJL8jbxCgFp2h2O80G05nAXG54DaY//4Y5hfTyPzgyDlGQ6jlhg=,iv:5e8lpFfGAJh8lTFcY4MlZG7PgnzM0UycsU0tB2KN+zQ=,tag:4xUEHg04wjDbhc9MOItzuQ==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-06-21T22:42:59Z"
|
- created_at: "2024-06-21T22:42:59Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./podman.nix
|
./docker.nix
|
||||||
./woodpecker-agent.nix
|
./woodpecker-agent.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
12
config/hosts/woodpecker/woodpecker-agent/docker.nix
Normal file
12
config/hosts/woodpecker/woodpecker-agent/docker.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# Sources for this configuration:
|
||||||
|
# - https://woodpecker-ci.org/docs/administration/deployment/nixos
|
||||||
|
# - https://woodpecker-ci.org/docs/administration/backends/docker
|
||||||
|
# - https://nixos.wiki/wiki/Docker
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
virtualisation.docker = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,20 +0,0 @@
|
||||||
# Sources for this configuration:
|
|
||||||
# - https://woodpecker-ci.org/docs/administration/deployment/nixos
|
|
||||||
# - https://woodpecker-ci.org/docs/administration/backends/docker
|
|
||||||
# - https://nixos.wiki/wiki/Podman
|
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
virtualisation.podman = {
|
|
||||||
enable = true;
|
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.interfaces."podman0" = {
|
|
||||||
# allowedUDPPorts = [ 53 ] gets already set by virtualisation.podman.defaultNetwork.settings.dns_enabled, but set it here explicitly anyway.
|
|
||||||
allowedUDPPorts = [ 53 ];
|
|
||||||
# For git.hamburg.ccc.de to resolve in the clone step for example, allowedTCPPorts also needs to be set to allow DNS.
|
|
||||||
allowedTCPPorts = [ 53 ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -6,16 +6,15 @@
|
||||||
{ config, pkgs, pkgs-unstable, ... }:
|
{ config, pkgs, pkgs-unstable, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.woodpecker-agents.agents."podman" = {
|
services.woodpecker-agents.agents."docker" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# Since we use woodpecker-server from unstable, use the agent from unstable as well.
|
# Since we use woodpecker-server from unstable, use the agent from unstable as well.
|
||||||
package = pkgs-unstable.woodpecker-agent;
|
package = pkgs-unstable.woodpecker-agent;
|
||||||
extraGroups = [ "podman" ];
|
extraGroups = [ "docker" ];
|
||||||
environment = {
|
environment = {
|
||||||
WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}";
|
WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}";
|
||||||
WOODPECKER_MAX_WORKFLOWS = "4";
|
WOODPECKER_MAX_WORKFLOWS = "4";
|
||||||
WOODPECKER_BACKEND = "docker";
|
WOODPECKER_BACKEND = "docker";
|
||||||
DOCKER_HOST = "unix:///run/podman/podman.sock";
|
|
||||||
# Set via enviornmentFile:
|
# Set via enviornmentFile:
|
||||||
# WOODPECKER_AGENT_SECRET
|
# WOODPECKER_AGENT_SECRET
|
||||||
};
|
};
|
||||||
|
@ -26,6 +25,6 @@
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
owner = "root";
|
owner = "root";
|
||||||
group = "root";
|
group = "root";
|
||||||
restartUnits = [ "woodpecker-agent-podman.service" ];
|
restartUnits = [ "woodpecker-agent-docker.service" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue