un-template

none like _file somehow?
2025-07-25 22:15:11 +02:00 · 2025-07-25 22:15:11 +02:00 · ce6ca38b3d
commit ce6ca38b3d
parent fedf8cdf54
1 changed files with 45 additions and 114 deletions
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@ -5,14 +5,6 @@
  ...
 }:
 {
-  networking = {
-    firewall.allowedTCPPorts = [
-      22
-      80
-      443
-    ];
-  };
-
  security.acme = {
    acceptTerms = true;
    defaults.email = "something@fediversity.eu";
@ -78,6 +70,8 @@
      '';
    };

+  # FIXME: make `WOODPECKER_AGENT_SECRET_FILE` work so i can just do the following again instead of using templates:
+  # `woodpecker-agents.agents.exec.environment.WOODPECKER_AGENT_SECRET_FILE = config.age.secrets.woodpecker-agent-exec.path;`
  vars.generators."templates" = rec {
    dependencies = [
      "woodpecker"
@ -110,29 +104,9 @@
      '') files
    );

-    # files."woodpecker-server.conf" = {
-    #   secret = true;
-    #   template = pkgs.writeText "woodpecker-server.conf" ''
-    #     WOODPECKER_DATABASE_DRIVER=sqlite3
-    #     WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=false
-    #     WOODPECKER_OPEN=false
-    #     WOODPECKER_ADMIN=kiara,fricklerhandwerk,niols
-    #     WOODPECKER_HOST=https://woodpecker.fediversity.eu
-    #     WOODPECKER_GITEA=true
-    #     WOODPECKER_GITEA_URL=https://git.fediversity.eu
-    #     WOODPECKER_GITEA_CLIENT_FILE=${config.vars.generators.woodpecker.files.woodpecker-gitea-client.placeholder}
-    #     WOODPECKER_GITEA_SECRET_FILE=${config.vars.generators.woodpecker.files.woodpecker-gitea-secret.placeholder}
-    #     WOODPECKER_AGENT_SECRET_FILE=${config.vars.generators.woodpecker-agent-secret.files.my-secret.placeholder}
-    #     WOODPECKER_GRPC_SECRET_FILE=${config.vars.generators.woodpecker-rpc-secret.files.rpc-secret.placeholder}
-    #     WOODPECKER_LOG_LEVEL=info
-    #     WOODPECKER_DEFAULT_CLONE_PLUGIN=docker.io/woodpeckerci/plugin-git
-    #     WOODPECKER_SERVER_ADDR=:8000
-    #     WOODPECKER_GRPC_ADDR=:9000
-    #   '';
-    # };
-
    files =
      let
+        # https://woodpecker-ci.org/docs/administration/configuration/agent
        shared = ''
          WOODPECKER_SERVER=localhost:9000
          WOODPECKER_USERNAME=x-oauth-basic
@ -148,7 +122,29 @@
        '';
      in
      {
+        # https://woodpecker-ci.org/docs/administration/configuration/server
+        "woodpecker-server.conf" = {
+          secret = true;
+          template = pkgs.writeText "woodpecker-server.conf" ''
+            WOODPECKER_DATABASE_DRIVER=sqlite3
+            WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=false
+            WOODPECKER_OPEN=false
+            WOODPECKER_ADMIN=kiara,fricklerhandwerk,niols
+            WOODPECKER_HOST=https://woodpecker.fediversity.eu
+            WOODPECKER_GITEA=true
+            WOODPECKER_GITEA_URL=https://git.fediversity.eu
+            WOODPECKER_GITEA_CLIENT=${config.vars.generators.woodpecker.files.woodpecker-gitea-client.placeholder}
+            WOODPECKER_GITEA_SECRET=${config.vars.generators.woodpecker.files.woodpecker-gitea-secret.placeholder}
+            WOODPECKER_AGENT_SECRET=${config.vars.generators.woodpecker-agent-secret.files.my-secret.placeholder}
+            WOODPECKER_GRPC_SECRET=${config.vars.generators.woodpecker-rpc-secret.files.rpc-secret.placeholder}
+            WOODPECKER_LOG_LEVEL=info
+            WOODPECKER_DEFAULT_CLONE_PLUGIN=docker.io/woodpeckerci/plugin-git
+            WOODPECKER_SERVER_ADDR=:8000
+            WOODPECKER_GRPC_ADDR=:9000
+          '';
+        };

+        # https://woodpecker-ci.org/docs/administration/configuration/backends/local#environment-variables
        "woodpecker-agent-exec.conf" = {
          secret = true;
          template = pkgs.writeText "woodpecker-agent-exec.conf" (
@ -163,6 +159,7 @@
          );
        };

+        # https://woodpecker-ci.org/docs/administration/configuration/backends/docker#environment-variables
        "woodpecker-agent-podman.conf" = {
          secret = true;
          template = pkgs.writeText "woodpecker-agent-podman.conf" (
@ -204,95 +201,29 @@

    woodpecker-server = {
      enable = true;
-
-      # environmentFile = config.vars.generators."templates".files."woodpecker-server.conf".path;
-      # https://woodpecker-ci.org/docs/administration/configuration/server
-      environment = {
-        WOODPECKER_DATABASE_DRIVER = "sqlite3";
-        WOODPECKER_DISABLE_USER_AGENT_REGISTRATION = "false";
-
-        WOODPECKER_OPEN = "false";
-        WOODPECKER_ADMIN = "kiara,fricklerhandwerk,niols";
-        WOODPECKER_HOST = "https://woodpecker.fediversity.eu";
-
-        WOODPECKER_GITEA = "true";
-        WOODPECKER_GITEA_URL = "https://git.fediversity.eu";
-        WOODPECKER_GITEA_CLIENT_FILE = config.age.secrets.woodpecker-gitea-client.path;
-        WOODPECKER_GITEA_SECRET_FILE = config.age.secrets.woodpecker-gitea-secret.path;
-
-        WOODPECKER_AGENT_SECRET_FILE = config.vars.generators.woodpecker-agent-secret.files.my-secret.path;
-        WOODPECKER_GRPC_SECRET_FILE = config.vars.generators.woodpecker-rpc-secret.files.rpc-secret.path;
-
-        WOODPECKER_LOG_LEVEL = "info";
-        WOODPECKER_DEFAULT_CLONE_PLUGIN = "docker.io/woodpeckerci/plugin-git";
-        WOODPECKER_SERVER_ADDR = ":8000";
-        WOODPECKER_GRPC_ADDR = ":9000";
-      };
+      environmentFile = config.vars.generators."templates".files."woodpecker-server.conf".path;
    };

    # https://woodpecker-ci.org/docs/administration/configuration/agent
-    woodpecker-agents.agents =
-      # let
-      #   shared = {
-      #     WOODPECKER_SERVER = "localhost:9000";
-      #     # TODO: separate to agent-specific tokens?
-      #     # TODO: why will it only accept `WOODPECKER_AGENT_SECRET`, not `WOODPECKER_AGENT_SECRET_FILE`?
-      #     # WOODPECKER_AGENT_SECRET_FILE = config.vars.generators.woodpecker-agent-secret.files.my-secret.path;
-      #     WOODPECKER_USERNAME = "x-oauth-basic";
-      #     WOODPECKER_HOSTNAME = "https://woodpecker.fediversity.eu";
-      #     WOODPECKER_MAX_WORKFLOWS = "4";
-      #     WOODPECKER_LOG_LEVEL = "info";
-      #     WOODPECKER_DEBUG_PRETTY = "false";
-      #     WOODPECKER_DEBUG_NOCOLOR = "true";
-      #     WOODPECKER_GRPC_SECURE = "false"; # TODO: fix
-      #     WOODPECKER_GRPC_VERIFY = "false";
-      #     WOODPECKER_HEALTHCHECK = "false";
-      #   };
-      # in
-      {
-
-        # local
-
-        exec = {
-          enable = true;
-          path = with pkgs; [
-            git
-            git-lfs
-            woodpecker-plugin-git
-            bash
-            coreutils
-            nix
-            attic-client
-          ];
-          environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-exec.conf".path ];
-          # # https://woodpecker-ci.org/docs/administration/configuration/backends/local#environment-variables
-          # environment = lib.mkMerge [
-          #   shared
-          #   {
-          #     WOODPECKER_BACKEND = "local";
-          #     WOODPECKER_AGENT_LABELS = "type=local";
-          #     WOODPECKER_AGENT_SECRET_FILE = config.age.secrets.woodpecker-agent-exec.path;
-          #   }
-          # ];
-        };
-
-        # container
-
-        docker = {
-          enable = true;
-          environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-podman.conf".path ];
-          # # https://woodpecker-ci.org/docs/administration/configuration/backends/docker#environment-variables
-          # environment = lib.mkMerge [
-          #   shared
-          #   {
-          #     WOODPECKER_BACKEND = "docker";
-          #     DOCKER_HOST = "unix:///run/podman/podman.sock";
-          #     WOODPECKER_AGENT_LABELS = "type=docker";
-          #     WOODPECKER_AGENT_SECRET_FILE = config.age.secrets.woodpecker-agent-container.path;
-          #   }
-          # ];
-        };
+    woodpecker-agents.agents = {
+      exec = {
+        enable = true;
+        path = with pkgs; [
+          git
+          git-lfs
+          woodpecker-plugin-git
+          bash
+          coreutils
+          nix
+          attic-client
+        ];
+        environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-exec.conf".path ];
      };
+      docker = {
+        enable = true;
+        environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-podman.conf".path ];
+      };
+    };
  };

  networking.firewall.allowedTCPPorts = [