nix-config/hosts/woodpecker/default.nix

{ config, pkgs, ... }:

let
  hostname = "woodpecker.hq.c3d2.de";
in
{
  c3d2.deployment.server = "server10";

  # microvm.mem = 2 * 1024;

  networking.hostName = "woodpecker";

  services = {
    nginx = {
      enable = true;
      virtualHosts.${hostname} = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://localhost:8000";
      };
    };

    postgresql = {
      enable = true;
      ensureDatabases = [
        "woodpecker"
      ];
      ensureUsers = [{
        name = "woodpecker";
        ensurePermissions = {
          "DATABASE woodpecker" = "ALL PRIVILEGES";
        };
      }];
      package = pkgs.postgresql_15;
      upgrade.stopServices = [ "woodpecker-server" ];
    };
  };

  systemd.services = {
    woodpecker-agent = {
      wantedBy = [ "multi-user.target" ];
      after = [ "woodpecker-server.service" ];
      requires = [ "woodpecker-server.service" ];
      serviceConfig = {
        Environment = [
          "WOODPECKER_MAX_PROCS=2"
          "WOODPECKER_BACKEND=docker"
        ];
        EnvironmentFile = config.sops.secrets."woodpecker/agent/environmentFile".path;
        ExecStart = "${pkgs.woodpecker-agent}/bin/woodpecker-agent";
        User = "woodpecker";
      };
    };

    woodpecker-server = {
      wantedBy = [ "multi-user.target" ];
      after = [ "nginx.service" ];
      serviceConfig = {
        Environment = [
          "WOODPECKER_ADMIN=sandro,astro"
          "WOODPECKER_DATABASE_DATASOURCE=postgres:///woodpecker?host=/run/postgresql"
          "WOODPECKER_DATABASE_DRIVER=postgres"
          "WOODPECKER_GITEA=true"
          "WOODPECKER_GITEA_URL=https://gitea.c3d2.de"
          "WOODPECKER_HOST=https://${hostname}"
          "WOODPECKER_OPEN=false"
          "WOODPECKER_ORGS=c3d2"
        ];
        EnvironmentFile = config.sops.secrets."woodpecker/server/environmentFile".path;
        ExecStart = "${pkgs.woodpecker-server}/bin/woodpecker-server";
        User = "woodpecker";
      };
    };
  };

  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets = {
      "woodpecker/agent/environmentFile".owner = "woodpecker";
      "woodpecker/server/environmentFile".owner = "woodpecker";
    };
  };

  system.stateVersion = "22.11";

  users = {
    groups.woodpecker = { };
    users."woodpecker" = {
      group = "woodpecker";
      isSystemUser = true;
    };
  };


  virtualisation.docker = {
    enable = true;
    autoPrune = {
      enable = true;
      flags = [
        "--all"
        "--force"
        "--volumes"
      ];
    };
  };
}