changes

hosts/ds9/attic.nix

@@ -0,0 +1,50 @@
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
+{
+  # imports = [ inputs.attic.nixosModules.atticd ];
+  ragon.agenix.secrets.ds9AtticEnv = { };
+  ragon.persist.extraDirectories = [
+    "/var/lib/atticd"
+  ];
+  
+  services.atticd = {
+    enable = true;
+
+    # Replace with absolute path to your environment file
+    environmentFile = config.age.secrets.ds9AtticEnv.path;
+
+    settings = {
+      listen = "[::]:8089";
+
+      jwt = { };
+
+      # Data chunking
+      #
+      # Warning: If you change any of the values here, it will be
+      # difficult to reuse existing chunks for newly-uploaded NARs
+      # since the cutpoints will be different. As a result, the
+      # deduplication ratio will suffer for a while after the change.
+      chunking = {
+        # The minimum NAR size to trigger chunking
+        #
+        # If 0, chunking is disabled entirely for newly-uploaded NARs.
+        # If 1, all NARs are chunked.
+        nar-size-threshold = 64 * 1024; # 64 KiB
+
+        # The preferred minimum size of a chunk, in bytes
+        min-size = 16 * 1024; # 16 KiB
+
+        # The preferred average size of a chunk, in bytes
+        avg-size = 64 * 1024; # 64 KiB
+
+        # The preferred maximum size of a chunk, in bytes
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+}

hosts/ds9/default.nix

@@ -19,6 +19,8 @@ in
     ./samba.nix
     ./paperless.nix
     ./maubot.nix
+    ./woodpecker.nix
+    ./attic.nix
 
     ../../nixos-modules/networking/tailscale.nix
     ../../nixos-modules/services/docker.nix
@@ -236,6 +238,14 @@ in
       handle @mautrix-signal {
         import podmanRedir http://mautrix-signal:29328
       }
+      @woodpecker host woodpecker.hailsatan.eu
+      handle @woodpecker {
+        import podmanRedir http://woodpecker-server:8000
+      }
+      @attic host attic.hailsatan.eu
+      handle @attic {
+        reverse_proxy http://[::1]:8089
+      }
       @auth host auth.hailsatan.eu
       handle @auth {
         import podmanRedir http://authentik-server:9000

hosts/ds9/woodpecker.nix

@@ -0,0 +1,56 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  virtualisation.podman.dockerSocket.enable = true;
+  ragon.agenix.secrets.ds9WoodpeckerEnv = { };
+  ragon.agenix.secrets.ds9WoodpeckerAgentSecretEnv = { };
+  virtualisation.quadlet = {
+    containers = {
+      woodpecker-server = {
+        containerConfig.image = "woodpeckerci/woodpecker-server:v3";
+        containerConfig.volumes = [
+          "woodpecker-server-data:/var/lib/woodpecker"
+        ];
+        containerConfig.networks = [
+          "woodpecker-net"
+          "podman"
+        ];
+        containerConfig.environments = {
+          WOODPECKER_HOST = "https://woodpecker.hailsatan.eu";
+          WOODPECKER_OPEN = "false";
+        };
+        containerConfig.environmentFiles = [
+          config.age.secrets.ds9WoodpeckerEnv.path
+          config.age.secrets.ds9WoodpeckerAgentSecretEnv.path
+        ];
+      };
+      woodpecker-agent = {
+        containerConfig.environmentFiles = [
+          config.age.secrets.ds9WoodpeckerAgentSecretEnv.path
+        ];
+        containerConfig.image = "woodpeckerci/woodpecker-agent:v3";
+        containerConfig.volumes = [
+          "woodpecker-agent-config:/etc/woodpecker"
+          "/var/run/docker.sock:/var/run/docker.sock"
+        ];
+        containerConfig.environments = {
+          WOODPECKER_SERVER = "woodpecker-server:9000";
+        };
+        containerConfig.networks = [
+          "woodpecker-net"
+        ];
+      };
+    };
+    networks = {
+      woodpecker.networkConfig = {
+        ipv6 = true;
+        name = "woodpecker-net";
+        internal = false;
+      };
+    };
+  };
+}