107 lines
2.5 KiB
Nix
107 lines
2.5 KiB
Nix
|
{ config, pkgs, ... }:
|
||
|
|
||
|
let
|
||
|
hostname = "woodpecker.hq.c3d2.de";
|
||
|
in
|
||
|
{
|
||
|
c3d2.deployment.server = "server10";
|
||
|
|
||
|
# microvm.mem = 2 * 1024;
|
||
|
|
||
|
networking.hostName = "woodpecker";
|
||
|
|
||
|
services = {
|
||
|
nginx = {
|
||
|
enable = true;
|
||
|
virtualHosts.${hostname} = {
|
||
|
forceSSL = true;
|
||
|
enableACME = true;
|
||
|
locations."/".proxyPass = "http://localhost:8000";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
postgresql = {
|
||
|
enable = true;
|
||
|
ensureDatabases = [
|
||
|
"woodpecker"
|
||
|
];
|
||
|
ensureUsers = [{
|
||
|
name = "woodpecker";
|
||
|
ensurePermissions = {
|
||
|
"DATABASE woodpecker" = "ALL PRIVILEGES";
|
||
|
};
|
||
|
}];
|
||
|
package = pkgs.postgresql_15;
|
||
|
upgrade.stopServices = [ "woodpecker-server" ];
|
||
|
};
|
||
|
};
|
||
|
|
||
|
systemd.services = {
|
||
|
woodpecker-agent = {
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
after = [ "woodpecker-server.service" ];
|
||
|
requires = [ "woodpecker-server.service" ];
|
||
|
serviceConfig = {
|
||
|
Environment = [
|
||
|
"WOODPECKER_MAX_PROCS=2"
|
||
|
"WOODPECKER_BACKEND=docker"
|
||
|
];
|
||
|
EnvironmentFile = config.sops.secrets."woodpecker/agent/environmentFile".path;
|
||
|
ExecStart = "${pkgs.woodpecker-agent}/bin/woodpecker-agent";
|
||
|
User = "woodpecker";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
woodpecker-server = {
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
after = [ "nginx.service" ];
|
||
|
serviceConfig = {
|
||
|
Environment = [
|
||
|
"WOODPECKER_ADMIN=sandro,astro"
|
||
|
"WOODPECKER_DATABASE_DATASOURCE=postgres:///woodpecker?host=/run/postgresql"
|
||
|
"WOODPECKER_DATABASE_DRIVER=postgres"
|
||
|
"WOODPECKER_GITEA=true"
|
||
|
"WOODPECKER_GITEA_URL=https://gitea.c3d2.de"
|
||
|
"WOODPECKER_HOST=https://${hostname}"
|
||
|
"WOODPECKER_OPEN=false"
|
||
|
"WOODPECKER_ORGS=c3d2"
|
||
|
];
|
||
|
EnvironmentFile = config.sops.secrets."woodpecker/server/environmentFile".path;
|
||
|
ExecStart = "${pkgs.woodpecker-server}/bin/woodpecker-server";
|
||
|
User = "woodpecker";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
sops = {
|
||
|
defaultSopsFile = ./secrets.yaml;
|
||
|
secrets = {
|
||
|
"woodpecker/agent/environmentFile".owner = "woodpecker";
|
||
|
"woodpecker/server/environmentFile".owner = "woodpecker";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
system.stateVersion = "22.11";
|
||
|
|
||
|
users = {
|
||
|
groups.woodpecker = { };
|
||
|
users."woodpecker" = {
|
||
|
group = "woodpecker";
|
||
|
isSystemUser = true;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
|
||
|
virtualisation.docker = {
|
||
|
enable = true;
|
||
|
autoPrune = {
|
||
|
enable = true;
|
||
|
flags = [
|
||
|
"--all"
|
||
|
"--force"
|
||
|
"--volumes"
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
}
|