From ce6ca38b3dacc0f4690a371452bc5285cbb3131d Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Fri, 25 Jul 2025 22:15:11 +0200 Subject: [PATCH] un-template none like _file somehow? --- machines/dev/fedi203/woodpecker.nix | 159 ++++++++-------------------- 1 file changed, 45 insertions(+), 114 deletions(-) diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix index 53d7e7c3..44eef282 100644 --- a/machines/dev/fedi203/woodpecker.nix +++ b/machines/dev/fedi203/woodpecker.nix @@ -5,14 +5,6 @@ ... }: { - networking = { - firewall.allowedTCPPorts = [ - 22 - 80 - 443 - ]; - }; - security.acme = { acceptTerms = true; defaults.email = "something@fediversity.eu"; @@ -78,6 +70,8 @@ ''; }; + # FIXME: make `WOODPECKER_AGENT_SECRET_FILE` work so i can just do the following again instead of using templates: + # `woodpecker-agents.agents.exec.environment.WOODPECKER_AGENT_SECRET_FILE = config.age.secrets.woodpecker-agent-exec.path;` vars.generators."templates" = rec { dependencies = [ "woodpecker" @@ -110,29 +104,9 @@ '') files ); - # files."woodpecker-server.conf" = { - # secret = true; - # template = pkgs.writeText "woodpecker-server.conf" '' - # WOODPECKER_DATABASE_DRIVER=sqlite3 - # WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=false - # WOODPECKER_OPEN=false - # WOODPECKER_ADMIN=kiara,fricklerhandwerk,niols - # WOODPECKER_HOST=https://woodpecker.fediversity.eu - # WOODPECKER_GITEA=true - # WOODPECKER_GITEA_URL=https://git.fediversity.eu - # WOODPECKER_GITEA_CLIENT_FILE=${config.vars.generators.woodpecker.files.woodpecker-gitea-client.placeholder} - # WOODPECKER_GITEA_SECRET_FILE=${config.vars.generators.woodpecker.files.woodpecker-gitea-secret.placeholder} - # WOODPECKER_AGENT_SECRET_FILE=${config.vars.generators.woodpecker-agent-secret.files.my-secret.placeholder} - # WOODPECKER_GRPC_SECRET_FILE=${config.vars.generators.woodpecker-rpc-secret.files.rpc-secret.placeholder} - # WOODPECKER_LOG_LEVEL=info - # WOODPECKER_DEFAULT_CLONE_PLUGIN=docker.io/woodpeckerci/plugin-git - # WOODPECKER_SERVER_ADDR=:8000 - # WOODPECKER_GRPC_ADDR=:9000 - # ''; - # }; - files = let + # https://woodpecker-ci.org/docs/administration/configuration/agent shared = '' WOODPECKER_SERVER=localhost:9000 WOODPECKER_USERNAME=x-oauth-basic @@ -148,7 +122,29 @@ ''; in { + # https://woodpecker-ci.org/docs/administration/configuration/server + "woodpecker-server.conf" = { + secret = true; + template = pkgs.writeText "woodpecker-server.conf" '' + WOODPECKER_DATABASE_DRIVER=sqlite3 + WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=false + WOODPECKER_OPEN=false + WOODPECKER_ADMIN=kiara,fricklerhandwerk,niols + WOODPECKER_HOST=https://woodpecker.fediversity.eu + WOODPECKER_GITEA=true + WOODPECKER_GITEA_URL=https://git.fediversity.eu + WOODPECKER_GITEA_CLIENT=${config.vars.generators.woodpecker.files.woodpecker-gitea-client.placeholder} + WOODPECKER_GITEA_SECRET=${config.vars.generators.woodpecker.files.woodpecker-gitea-secret.placeholder} + WOODPECKER_AGENT_SECRET=${config.vars.generators.woodpecker-agent-secret.files.my-secret.placeholder} + WOODPECKER_GRPC_SECRET=${config.vars.generators.woodpecker-rpc-secret.files.rpc-secret.placeholder} + WOODPECKER_LOG_LEVEL=info + WOODPECKER_DEFAULT_CLONE_PLUGIN=docker.io/woodpeckerci/plugin-git + WOODPECKER_SERVER_ADDR=:8000 + WOODPECKER_GRPC_ADDR=:9000 + ''; + }; + # https://woodpecker-ci.org/docs/administration/configuration/backends/local#environment-variables "woodpecker-agent-exec.conf" = { secret = true; template = pkgs.writeText "woodpecker-agent-exec.conf" ( @@ -163,6 +159,7 @@ ); }; + # https://woodpecker-ci.org/docs/administration/configuration/backends/docker#environment-variables "woodpecker-agent-podman.conf" = { secret = true; template = pkgs.writeText "woodpecker-agent-podman.conf" ( @@ -204,95 +201,29 @@ woodpecker-server = { enable = true; - - # environmentFile = config.vars.generators."templates".files."woodpecker-server.conf".path; - # https://woodpecker-ci.org/docs/administration/configuration/server - environment = { - WOODPECKER_DATABASE_DRIVER = "sqlite3"; - WOODPECKER_DISABLE_USER_AGENT_REGISTRATION = "false"; - - WOODPECKER_OPEN = "false"; - WOODPECKER_ADMIN = "kiara,fricklerhandwerk,niols"; - WOODPECKER_HOST = "https://woodpecker.fediversity.eu"; - - WOODPECKER_GITEA = "true"; - WOODPECKER_GITEA_URL = "https://git.fediversity.eu"; - WOODPECKER_GITEA_CLIENT_FILE = config.age.secrets.woodpecker-gitea-client.path; - WOODPECKER_GITEA_SECRET_FILE = config.age.secrets.woodpecker-gitea-secret.path; - - WOODPECKER_AGENT_SECRET_FILE = config.vars.generators.woodpecker-agent-secret.files.my-secret.path; - WOODPECKER_GRPC_SECRET_FILE = config.vars.generators.woodpecker-rpc-secret.files.rpc-secret.path; - - WOODPECKER_LOG_LEVEL = "info"; - WOODPECKER_DEFAULT_CLONE_PLUGIN = "docker.io/woodpeckerci/plugin-git"; - WOODPECKER_SERVER_ADDR = ":8000"; - WOODPECKER_GRPC_ADDR = ":9000"; - }; + environmentFile = config.vars.generators."templates".files."woodpecker-server.conf".path; }; # https://woodpecker-ci.org/docs/administration/configuration/agent - woodpecker-agents.agents = - # let - # shared = { - # WOODPECKER_SERVER = "localhost:9000"; - # # TODO: separate to agent-specific tokens? - # # TODO: why will it only accept `WOODPECKER_AGENT_SECRET`, not `WOODPECKER_AGENT_SECRET_FILE`? - # # WOODPECKER_AGENT_SECRET_FILE = config.vars.generators.woodpecker-agent-secret.files.my-secret.path; - # WOODPECKER_USERNAME = "x-oauth-basic"; - # WOODPECKER_HOSTNAME = "https://woodpecker.fediversity.eu"; - # WOODPECKER_MAX_WORKFLOWS = "4"; - # WOODPECKER_LOG_LEVEL = "info"; - # WOODPECKER_DEBUG_PRETTY = "false"; - # WOODPECKER_DEBUG_NOCOLOR = "true"; - # WOODPECKER_GRPC_SECURE = "false"; # TODO: fix - # WOODPECKER_GRPC_VERIFY = "false"; - # WOODPECKER_HEALTHCHECK = "false"; - # }; - # in - { - - # local - - exec = { - enable = true; - path = with pkgs; [ - git - git-lfs - woodpecker-plugin-git - bash - coreutils - nix - attic-client - ]; - environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-exec.conf".path ]; - # # https://woodpecker-ci.org/docs/administration/configuration/backends/local#environment-variables - # environment = lib.mkMerge [ - # shared - # { - # WOODPECKER_BACKEND = "local"; - # WOODPECKER_AGENT_LABELS = "type=local"; - # WOODPECKER_AGENT_SECRET_FILE = config.age.secrets.woodpecker-agent-exec.path; - # } - # ]; - }; - - # container - - docker = { - enable = true; - environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-podman.conf".path ]; - # # https://woodpecker-ci.org/docs/administration/configuration/backends/docker#environment-variables - # environment = lib.mkMerge [ - # shared - # { - # WOODPECKER_BACKEND = "docker"; - # DOCKER_HOST = "unix:///run/podman/podman.sock"; - # WOODPECKER_AGENT_LABELS = "type=docker"; - # WOODPECKER_AGENT_SECRET_FILE = config.age.secrets.woodpecker-agent-container.path; - # } - # ]; - }; + woodpecker-agents.agents = { + exec = { + enable = true; + path = with pkgs; [ + git + git-lfs + woodpecker-plugin-git + bash + coreutils + nix + attic-client + ]; + environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-exec.conf".path ]; }; + docker = { + enable = true; + environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-podman.conf".path ]; + }; + }; }; networking.firewall.allowedTCPPorts = [