xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-configs/instances/ds9/services/woodpecker.nix

75 lines
2.1 KiB
Nix
Raw Blame History

{
pkgs,
config,
lib,
...
}:
{
xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.woodpecker.extraConfig =
"reverse_proxy http://[::1]:18000";
xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.woodpecker-agent.extraConfig =
"reverse_proxy h2c://[::1]:19000";
services.postgresql.ensureDatabases = [ "woodpecker" ];
services.postgresql.ensureUsers = [
{
name = "woodpecker";
ensureDBOwnership = true;
}
];
services.woodpecker-server = {
enable = true;
environment = {
GITEA = true;
GITEA_URL = "https://git.xyno.systems";
GRPC_ADDR = ":19000";
SERVER_ADDR = ":18000";
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker@localhost/woodpecker?host=/run/postgresql";
WOODPECKER_DATABASE_DRIVER = "postgres";
WOODPECKER_HOST = "https://woodpecker.hailsatan.eu";
};
environmentFile = [
config.sops.secrets."woodpecker/agent_secret".path
config.sops.secrets."woodpecker/gitea".path
];
};
virtualisation.podman = {
dockerSocket.enable = true;
enable = true;
autoPrune.enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
# This is needed for podman to be able to talk over dns
networking.firewall.interfaces."podman0" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
services.woodpecker-agents.podman = {
environment = {
WOODPECKER_SERVER = "[::1]:19000";
WOODPECKER_BACKEND = "docker";
WOODPECKER_MAX_WORKFLOWS = 4;
DOCKER_HOST = "unix:///run/podman/podman.sock"; # the woodpecker can have a little podman. as a treat
};
environmentFile = [
config.sops.secrets."woodpecker/agent_secret".path
];
extraGroups = [ "podman" ];
};
sops.secrets."woodpecker/agent_secret" = {
sopsFile = ../secrets/woodpecker.yaml;
};
sops.secrets."woodpecker/gitea" = {
sopsFile = ../secrets/woodpecker.yaml;
};
sops.secrets."woodpecker/prometheus" = {
sopsFile = ../secrets/woodpecker.yaml;
};
xyno.impermanence.directories = [
"/var/lib/woodpecker"
"/var/lib/containers"
];
}
Reference in a new issue View git blame Copy permalink