From 2f82c1b44b3f02943442be8f518a86dcb0f853f4 Mon Sep 17 00:00:00 2001
From: Sakooooo <78461130+Sakooooo@users.noreply.github.com>
Date: Sat, 4 Jan 2025 20:46:22 +0400
Subject: [PATCH] those 2ho know

---
 modules/server/services/forgejo/default.nix   |  2 +-
 .../server/services/forgejo/woodpecker.nix    | 67 +++++++++++++++++++
 2 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 modules/server/services/forgejo/woodpecker.nix

diff --git a/modules/server/services/forgejo/default.nix b/modules/server/services/forgejo/default.nix
index cff7116a..6f846b20 100644
--- a/modules/server/services/forgejo/default.nix
+++ b/modules/server/services/forgejo/default.nix
@@ -2,7 +2,7 @@
 with lib;
 let cfg = config.void.server.services.forgejo;
 in {
-  imports = [ ./runner.nix ];
+  imports = [ ./runner.nix ./woodpecker.nix ];
   options.void.server.services.forgejo = { enable = mkEnableOption false; };
 
   config = mkIf cfg.enable {
diff --git a/modules/server/services/forgejo/woodpecker.nix b/modules/server/services/forgejo/woodpecker.nix
new file mode 100644
index 00000000..36e9d295
--- /dev/null
+++ b/modules/server/services/forgejo/woodpecker.nix
@@ -0,0 +1,67 @@
+{ config, lib, ... }:
+with lib;
+let
+  cfg = config.void.server.services.forgejo.woodpecker;
+  domain = "ci.sako.lol";
+in {
+  options.void.server.services.forgejo.woodpecker = {
+    enable = mkEnableOption false;
+  };
+  config = mkIf cfg.enable {
+
+    security.acme.certs."ci.sako.lol" = {
+      credentialsFile = "/srv/secrets/porkbun";
+      dnsProvider = "porkbun";
+      webroot = null;
+    };
+
+    # LOL get it, a man is in a pod LMAO XDDDDD ROFL
+    virtualisation.podman = {
+      enable = true;
+      defaultNetwork.settings = { dns_enabled = true; };
+    };
+
+    # This is needed for podman to be able to talk over dns
+    networking.firewall.interfaces."podman0" = {
+      allowedUDPPorts = [ 53 ];
+      allowedTCPPorts = [ 53 ];
+    };
+
+    services = {
+      woodpecker-server = {
+        enable = true;
+        environment = {
+          WOODPECKER_HOST = "https://${domain}";
+          WOODPECKER_SERVER_ADDR = ":3007";
+          WOODPECKER_FORGEJO = true;
+          WOODPECKER_FORGEJO_URL = "https://git.sako.lol";
+        };
+        # /srv/secrets/woodpecker-server.env
+        # WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX
+        # WOODPECKER_FORGEJO_CLIENT=YOUR_FORGEJO_CLIENT
+        # WOODPECKER_FORGEJO_SECRET=YOUR_FORGEJO_CLIENT_SECRET
+        environmentFile = "/srv/secrets/woodpecker-server.env";
+      };
+      woodpecker-agents.agents."sakoserver-agent" = {
+        enable = true;
+        # We need this to talk to the podman socket
+        extraGroups = [ "podman" ];
+        environment = {
+          WOODPECKER_SERVER = "localhost:3007";
+          WOODPECKER_MAX_WORKFLOWS = "1";
+          DOCKER_HOST = "unix:///run/podman/podman.sock";
+          WOODPECKER_BACKEND = "docker";
+        };
+        # Same as with woodpecker-server
+        # WOODPECKER_AGENT_SECRET goes here too idiot
+        environmentFile = [ "/var/lib/secrets/woodpecker.env" ];
+      };
+      nginx.virtualHosts."${domain}" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = { proxyPass = "http://localhost:3007"; };
+      };
+    };
+
+  };
+}