diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix index 1a2bd660..5736642f 100644 --- a/machines/dev/fedi203/woodpecker.nix +++ b/machines/dev/fedi203/woodpecker.nix @@ -5,14 +5,6 @@ ... }: { - networking = { - firewall.allowedTCPPorts = [ - 22 - 80 - 443 - ]; - }; - security.acme = { acceptTerms = true; defaults.email = "something@fediversity.eu"; @@ -64,6 +56,8 @@ ''; }; + # FIXME: make `WOODPECKER_AGENT_SECRET_FILE` work so i can just do the following again instead of using templates: + # `woodpecker-agents.agents.exec.environment.WOODPECKER_AGENT_SECRET_FILE = config.age.secrets.woodpecker-agent-exec.path;` vars.generators."templates" = rec { dependencies = [ "woodpecker" @@ -96,29 +90,9 @@ '') files ); - # files."woodpecker-server.conf" = { - # secret = true; - # template = pkgs.writeText "woodpecker-server.conf" '' - # WOODPECKER_DATABASE_DRIVER=sqlite3 - # WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=false - # WOODPECKER_OPEN=false - # WOODPECKER_ADMIN=kiara,fricklerhandwerk,niols - # WOODPECKER_HOST=https://woodpecker.fediversity.eu - # WOODPECKER_GITEA=true - # WOODPECKER_GITEA_URL=https://git.fediversity.eu - # WOODPECKER_GITEA_CLIENT_FILE=${config.vars.generators.woodpecker.files.woodpecker-gitea-client.placeholder} - # WOODPECKER_GITEA_SECRET_FILE=${config.vars.generators.woodpecker.files.woodpecker-gitea-secret.placeholder} - # WOODPECKER_AGENT_SECRET_FILE=${config.vars.generators.woodpecker-agent-secret.files.my-secret.placeholder} - # WOODPECKER_GRPC_SECRET_FILE=${config.vars.generators.woodpecker-rpc-secret.files.rpc-secret.placeholder} - # WOODPECKER_LOG_LEVEL=info - # WOODPECKER_DEFAULT_CLONE_PLUGIN=docker.io/woodpeckerci/plugin-git - # WOODPECKER_SERVER_ADDR=:8000 - # WOODPECKER_GRPC_ADDR=:9000 - # ''; - # }; - files = let + # https://woodpecker-ci.org/docs/administration/configuration/agent shared = '' WOODPECKER_SERVER=localhost:9000 WOODPECKER_USERNAME=x-oauth-basic @@ -135,6 +109,7 @@ in { + # https://woodpecker-ci.org/docs/administration/configuration/backends/local#environment-variables "woodpecker-agent-exec.conf" = { secret = true; template = pkgs.writeText "woodpecker-agent-exec.conf" ( @@ -149,6 +124,7 @@ ); }; + # https://woodpecker-ci.org/docs/administration/configuration/backends/docker#environment-variables "woodpecker-agent-podman.conf" = { secret = true; template = pkgs.writeText "woodpecker-agent-podman.conf" ( @@ -191,7 +167,6 @@ woodpecker-server = { enable = true; - # environmentFile = config.vars.generators."templates".files."woodpecker-server.conf".path; # https://woodpecker-ci.org/docs/administration/configuration/server environment = { WOODPECKER_DATABASE_DRIVER = "sqlite3"; @@ -217,68 +192,25 @@ }; # https://woodpecker-ci.org/docs/administration/configuration/agent - woodpecker-agents.agents = - # let - # shared = { - # WOODPECKER_SERVER = "localhost:9000"; - # # TODO: separate to agent-specific tokens? - # # TODO: why will it only accept `WOODPECKER_AGENT_SECRET`, not `WOODPECKER_AGENT_SECRET_FILE`? - # # WOODPECKER_AGENT_SECRET_FILE = config.vars.generators.woodpecker-agent-secret.files.my-secret.path; - # WOODPECKER_USERNAME = "x-oauth-basic"; - # WOODPECKER_HOSTNAME = "https://woodpecker.fediversity.eu"; - # WOODPECKER_MAX_WORKFLOWS = "4"; - # WOODPECKER_LOG_LEVEL = "info"; - # WOODPECKER_DEBUG_PRETTY = "false"; - # WOODPECKER_DEBUG_NOCOLOR = "true"; - # WOODPECKER_GRPC_SECURE = "false"; # TODO: fix - # WOODPECKER_GRPC_VERIFY = "false"; - # WOODPECKER_HEALTHCHECK = "false"; - # }; - # in - { - - # local - - exec = { - enable = true; - path = with pkgs; [ - git - git-lfs - woodpecker-plugin-git - bash - coreutils - nix - attic-client - ]; - environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-exec.conf".path ]; - # # https://woodpecker-ci.org/docs/administration/configuration/backends/local#environment-variables - # environment = lib.mkMerge [ - # shared - # { - # WOODPECKER_BACKEND = "local"; - # WOODPECKER_AGENT_LABELS = "type=local"; - # WOODPECKER_AGENT_SECRET_FILE = config.age.secrets.woodpecker-agent-exec.path; - # } - # ]; - }; - - # container - - docker = { - enable = true; - environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-podman.conf".path ]; - # # https://woodpecker-ci.org/docs/administration/configuration/backends/docker#environment-variables - # environment = lib.mkMerge [ - # shared - # { - # WOODPECKER_BACKEND = "docker"; - # DOCKER_HOST = "unix:///run/podman/podman.sock"; - # WOODPECKER_AGENT_LABELS = "type=docker"; - # WOODPECKER_AGENT_SECRET_FILE = config.age.secrets.woodpecker-agent-container.path; - # } - # ]; - }; + woodpecker-agents.agents = { + exec = { + enable = true; + path = with pkgs; [ + git + git-lfs + woodpecker-plugin-git + bash + coreutils + nix + attic-client + ]; + environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-exec.conf".path ]; }; + docker = { + enable = true; + environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-podman.conf".path ]; + }; + }; }; networking.firewall.allowedTCPPorts = [