Add woodpecker host running a woodpecker-server and -agent for CI

2024-06-22 04:20:38 +02:00 · 2024-06-22 04:20:38 +02:00 · df17b25009
commit df17b25009
parent dfcb961fd3
15 changed files with 503 additions and 0 deletions
--- a/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix
+++ b/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix
@ -0,0 +1,56 @@
+# Sources for this configuration:
+# - https://woodpecker-ci.org/docs/administration/deployment/nixos
+# - https://woodpecker-ci.org/docs/administration/server-config
+# - https://woodpecker-ci.org/docs/administration/database
+# - https://woodpecker-ci.org/docs/administration/forges/forgejo
+# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
+
+{ config, pkgs, pkgs-unstable, ... }:
+
+{
+  services.woodpecker-server = {
+    enable = true;
+    # Use package from unstable to get at least version 2.6.0 for native Forgejo support.
+    # https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0
+    package = pkgs-unstable.woodpecker-server;
+    environment = {
+      WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
+      WOODPECKER_SERVER_ADDR = ":8001";
+      WOODPECKER_GRPC_ADDR = ":9000";
+      WOODPECKER_ADMIN = "june";
+      WOODPECKER_OPEN = "true";
+      WOODPECKER_ORGS = "CCCHH";
+      WOODPECKER_DATABASE_DRIVER = "postgres";
+      WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
+      WOODPECKER_FORGEJO = "true";
+      WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
+      # Set via enviornmentFile:
+      # WOODPECKER_FORGEJO_CLIENT
+      # WOODPECKER_FORGEJO_SECRET
+      # WOODPECKER_AGENT_SECRET
+    };
+    environmentFile = [
+      "/run/secrets/woodpecker_server_environment_file"
+      "/run/secrets/woodpecker_agent_secret_environment_file"
+    ];
+  };
+
+  systemd.services.woodpecker-server.serviceConfig = {
+    User = "woodpecker-server";
+    Group = "woodpecker-server";
+  };
+
+  sops.secrets."woodpecker_server_environment_file" = {
+    mode = "0440";
+    owner = "root";
+    group = "root";
+    restartUnits = [ "woodpecker-server.service" ];
+  };
+
+  sops.secrets."woodpecker_agent_secret_environment_file" = {
+    mode = "0440";
+    owner = "root";
+    group = "root";
+    restartUnits = [ "woodpecker-server.service" ];
+  };
+}