2025-01-04 20:46:22 +04:00
|
|
|
{ config, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
cfg = config.void.server.services.forgejo.woodpecker;
|
|
|
|
domain = "ci.sako.lol";
|
|
|
|
in {
|
|
|
|
options.void.server.services.forgejo.woodpecker = {
|
|
|
|
enable = mkEnableOption false;
|
|
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
|
|
|
|
security.acme.certs."ci.sako.lol" = {
|
|
|
|
credentialsFile = "/srv/secrets/porkbun";
|
|
|
|
dnsProvider = "porkbun";
|
|
|
|
webroot = null;
|
|
|
|
};
|
|
|
|
|
|
|
|
# LOL get it, a man is in a pod LMAO XDDDDD ROFL
|
|
|
|
virtualisation.podman = {
|
|
|
|
enable = true;
|
2025-01-04 21:28:14 +04:00
|
|
|
defaultNetwork.settings = {
|
|
|
|
dns_enabled = true;
|
|
|
|
dns = "127.0.0.1";
|
|
|
|
};
|
2025-01-04 20:46:22 +04:00
|
|
|
};
|
|
|
|
|
2025-01-04 21:22:26 +04:00
|
|
|
# # This is needed for podman to be able to talk over dns
|
|
|
|
# networking.firewall.interfaces."podman0" = {
|
|
|
|
# allowedUDPPorts = [ 53 ];
|
|
|
|
# allowedTCPPorts = [ 53 ];
|
|
|
|
# };
|
2025-01-04 20:46:22 +04:00
|
|
|
|
|
|
|
services = {
|
|
|
|
woodpecker-server = {
|
|
|
|
enable = true;
|
|
|
|
environment = {
|
|
|
|
WOODPECKER_HOST = "https://${domain}";
|
|
|
|
WOODPECKER_SERVER_ADDR = ":3007";
|
2025-01-04 20:47:11 +04:00
|
|
|
WOODPECKER_FORGEJO = "TRUE";
|
2025-01-04 20:46:22 +04:00
|
|
|
WOODPECKER_FORGEJO_URL = "https://git.sako.lol";
|
2025-01-04 20:52:26 +04:00
|
|
|
WOODPECKER_OPEN = "TRUE";
|
2025-01-04 20:59:11 +04:00
|
|
|
WOODPECKER_ADMIN = "sako";
|
2025-01-04 20:46:22 +04:00
|
|
|
};
|
|
|
|
# /srv/secrets/woodpecker-server.env
|
|
|
|
# WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX
|
|
|
|
# WOODPECKER_FORGEJO_CLIENT=YOUR_FORGEJO_CLIENT
|
|
|
|
# WOODPECKER_FORGEJO_SECRET=YOUR_FORGEJO_CLIENT_SECRET
|
|
|
|
environmentFile = "/srv/secrets/woodpecker-server.env";
|
|
|
|
};
|
|
|
|
woodpecker-agents.agents."sakoserver-agent" = {
|
|
|
|
enable = true;
|
|
|
|
# We need this to talk to the podman socket
|
|
|
|
extraGroups = [ "podman" ];
|
|
|
|
environment = {
|
2025-01-04 21:18:47 +04:00
|
|
|
WOODPECKER_SERVER = "localhost:9000";
|
2025-01-04 20:46:22 +04:00
|
|
|
WOODPECKER_MAX_WORKFLOWS = "1";
|
|
|
|
DOCKER_HOST = "unix:///run/podman/podman.sock";
|
|
|
|
WOODPECKER_BACKEND = "docker";
|
2025-01-04 21:18:47 +04:00
|
|
|
WOODPECKER_HEALTHCHECK_ADDR = ":3001";
|
2025-01-04 20:46:22 +04:00
|
|
|
};
|
|
|
|
# Same as with woodpecker-server
|
|
|
|
# WOODPECKER_AGENT_SECRET goes here too idiot
|
2025-01-04 21:05:59 +04:00
|
|
|
environmentFile = [ "/srv/secrets/woodpecker.env" ];
|
2025-01-04 20:46:22 +04:00
|
|
|
};
|
|
|
|
nginx.virtualHosts."${domain}" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = { proxyPass = "http://localhost:3007"; };
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
}
|