mv woodpecker

mount /dev/kvm
This reverts commit 32a8c011133045f624f23d0cacd6e2b81ccc78eb.
2025-08-04 22:56:03 +02:00 · 2025-08-04 22:56:03 +02:00 · 2025-08-04 22:56:03 +02:00 · 2025-08-04 22:56:03 +02:00 · 2025-08-04 22:56:03 +02:00 · 2025-08-04 22:56:03 +02:00
11 changed files with 121 additions and 12 deletions
--- a/.woodpecker/cd.yaml
+++ b/.woodpecker/cd.yaml
@ -8,14 +8,12 @@ when:
 steps:
  - name: build
    image: nixos/nix
-    volumes:
-      - /nix:/mnt/nix:ro
    commands:
      - |
        mkdir -p ~/.ssh
        echo "$CD_SSH_KEY" > ~/.ssh/id_ed25519
        chmod 600 ~/.ssh/id_ed25519
-      - nix-shell --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --run 'eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519 && ssh-agent -s && SHELL=$(which sh) nixops4 apply -v default'
+      - nix-shell --run 'eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519 && ssh-agent -s && SHELL=$(which bash) nixops4 apply -v default'
    environment:
      CD_SSH_KEY:
        from_secret: cd_ssh_key
--- a/.woodpecker/check-data-model.yaml
+++ b/.woodpecker/check-data-model.yaml
@ -9,7 +9,5 @@ when:
 steps:
  - name: check-data-model
    image: nixos/nix
-    volumes:
-      - /nix:/mnt/nix:ro
    commands:
-      - nix-shell --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --run 'nix-unit ./deployment/data-model-test.nix'
+      - nix-shell --run 'nix-unit ./deployment/data-model-test.nix'
--- a/.woodpecker/check-deployment-basic.yaml
+++ b/.woodpecker/check-deployment-basic.yaml
@ -0,0 +1,15 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
+when:
+  - event: manual
+  - event: pull_request
+  - event: push
+    branch: main
+
+steps:
+  - name: check-deployment-basic
+    image: nixos/nix
+    commands:
+      - nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-basic -L
+    devices:
+      - /dev/kvm:/dev/kvm
--- a/.woodpecker/check-deployment-cli.yaml
+++ b/.woodpecker/check-deployment-cli.yaml
@ -0,0 +1,15 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
+when:
+  - event: manual
+  - event: pull_request
+  - event: push
+    branch: main
+
+steps:
+  - name: check-deployment-cli
+    image: nixos/nix
+    commands:
+      - nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-cli -L
+    devices:
+      - /dev/kvm:/dev/kvm
--- a/.woodpecker/check-deployment-panel.yaml
+++ b/.woodpecker/check-deployment-panel.yaml
@ -0,0 +1,15 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
+when:
+  - event: manual
+  - event: pull_request
+  - event: push
+    branch: main
+
+steps:
+  - name: check-deployment-panel
+    image: nixos/nix
+    commands:
+      - nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-panel -L
+    devices:
+      - /dev/kvm:/dev/kvm
--- a/.woodpecker/check-mastodon.yaml
+++ b/.woodpecker/check-mastodon.yaml
@ -9,7 +9,5 @@ when:
 steps:
  - name: check-mastodon
    image: nixos/nix
-    volumes:
-      - /nix:/mnt/nix:ro
    commands:
-      - nix build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.test-mastodon-service -L
+      - nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.test-mastodon-service -L
--- a/.woodpecker/check-panel.yaml
+++ b/.woodpecker/check-panel.yaml
@ -0,0 +1,13 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
+when:
+  - event: manual
+  - event: pull_request
+  - event: push
+    branch: main
+
+steps:
+  - name: check-panel
+    image: nixos/nix
+    commands:
+      - nix-build -A tests.panel
--- a/.woodpecker/check-peertube.yaml
+++ b/.woodpecker/check-peertube.yaml
@ -0,0 +1,13 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
+when:
+  - event: manual
+  - event: pull_request
+  - event: push
+    branch: main
+
+steps:
+  - name: check-peertube
+    image: nixos/nix
+    commands:
+      - nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.test-peertube-service -L
--- a/.woodpecker/check-pre-commit.yaml
+++ b/.woodpecker/check-pre-commit.yaml
@ -0,0 +1,13 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
+when:
+  - event: manual
+  - event: pull_request
+  - event: push
+    branch: main
+
+steps:
+  - name: check-pre-commit
+    image: nixos/nix
+    commands:
+      - nix-build -A tests
--- a/.woodpecker/check-resources.yaml
+++ b/.woodpecker/check-resources.yaml
@ -0,0 +1,33 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
+when:
+  - event: manual
+  - event: push
+    branch: main
+
+## NOTE: NixOps4 does not provide a good “dry run” mode, so we instead check
+## proxies for resources, namely whether their `.#vmOptions.<machine>` and
+## `.#nixosConfigurations.<machine>` outputs evaluate and build correctly, and
+## whether we can dry run `infra/proxmox-*.sh` on them. This will not catch
+## everything, and in particular not issues in how NixOps4 wires up the
+## resources, but that is still something.
+steps:
+  - name: check-resources
+    image: nixos/nix
+    commands:
+      - echo ==================== [ VM Options ] ====================
+      - |
+        set -euC
+        machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).vmOptions)')
+        for machine in $machines; do
+          echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
+          nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.vmOptions-$machine
+        done
+      - echo ==================== [ NixOS Configurations ] ====================
+      - |
+        set -euC
+        machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)')
+        for machine in $machines; do
+          echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
+          nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.nixosConfigurations-$machine
+        done
--- a/.woodpecker/update.yaml
+++ b/.woodpecker/update.yaml
@ -8,10 +8,8 @@ when:
 steps:
  - name: lockfile
    image: nixos/nix
-    volumes:
-      - /nix:/mnt/nix:ro
    commands:
-      - nix-shell --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --run "npins update"
+      - nix-shell --run "npins update"
      # - name: Create PR
      #   uses: https://github.com/KiaraGrouwstra/gitea-create-pull-request@f9f80aa5134bc5c03c38f5aaa95053492885b397
      #   with:
Author	SHA1	Message	Date
Kiara Grouwstra	37c8bdc348	mv woodpecker Some checks failed ci/woodpecker/manual/check-deployment-basic Pipeline failed Details ci/woodpecker/manual/check-deployment-cli Pipeline failed Details ci/woodpecker/manual/check-deployment-panel Pipeline failed Details ci/woodpecker/manual/check-mastodon Pipeline failed Details ci/woodpecker/manual/check-peertube Pipeline failed Details ci/woodpecker/manual/check-pre-commit Pipeline was successful Details ci/woodpecker/manual/check-resources Pipeline failed Details ci/woodpecker/manual/check-data-model Pipeline was successful Details ci/woodpecker/manual/cd Pipeline failed Details ci/woodpecker/manual/check-panel Pipeline failed Details ci/woodpecker/manual/update Pipeline was successful Details	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	a8f5571dae	mount /dev/kvm This reverts commit 32a8c011133045f624f23d0cacd6e2b81ccc78eb.	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	3c1971c6a4	container dns rm dns	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	dd095fc3a4	enable firewall	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	633deebfec	document nftables	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	ae7a285b1e	generalize firewall hole	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	2b1b6a90a4	rm agent exec plug hole in firewall format	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	a6dd45518f	disable firewall nftables disables nftables for woodpecker, just like for forgejo-ci	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	2bf5c008d3	disable exec agent make service group setting conditional make secrets conditional make things conditional rm group	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	f2c001ccaa	set service groups add agent groups	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	319d3fc1e1	un-template none like _file somehow?	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	cd42bd91c4	fix container agent	2025-08-04 22:56:03 +02:00
Kiara Grouwstra	dce216c87c	add woodpecker CI add woodpecker status: agents error `agent could not auth: individual agent not found by token: sql: no rows in result set` allow manual set `image: bash` to initally test `local` woodpecker back-end split CI jobs image: `bash` (`local` back-end) -> `nixos/nix` (`docker` back-end) add debugging lines to CD pipeline to debug error `Could not open a connection to your authentication agent` add more debug prints to CD even more debugging continue debugging debug harder explicitly specify flakes as nixos/nix image is missing this rm /home update fedi203 wrap faulty statement fix check-resources split strace pkg un-strace un-test cd dedupe image max 5 un-bash strace configure user simplify secrets set just group for system users unverbose npins schema	2025-08-04 22:56:03 +02:00