Try woodpecker CI/CD
parent
b9532ad6e8
commit
e4ac56d530
|
|
@ -11,6 +11,8 @@
|
||||||
|
|
||||||
./fancytypist.com.nix
|
./fancytypist.com.nix
|
||||||
./hydra.fancyTypist.com.nix
|
./hydra.fancyTypist.com.nix
|
||||||
|
|
||||||
|
./woodpecker.fancyTypist.dev.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# when in doubt, clear away the certs with
|
# when in doubt, clear away the certs with
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,68 @@
|
||||||
|
{ config
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
domain = "woodpecker.fancyTypist.dev";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
# This automatically sets up certificates via let's encrypt
|
||||||
|
# security.acme.defaults.email = "admin@fancytypist.dev";
|
||||||
|
# security.acme.acceptTerms = true;
|
||||||
|
# security.acme.certs."${domain}" = { };
|
||||||
|
|
||||||
|
# Setting up a nginx proxy that handles tls for us
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
virtualHosts."${domain}" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://localhost:3007";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.woodpecker-server = {
|
||||||
|
enable = true;
|
||||||
|
environment = {
|
||||||
|
WOODPECKER_HOST = "https://${domain}";
|
||||||
|
WOODPECKER_SERVER_ADDR = ":3007";
|
||||||
|
WOODPECKER_OPEN = "true";
|
||||||
|
};
|
||||||
|
# You can pass a file with env vars to the system it could look like:
|
||||||
|
# WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX
|
||||||
|
# environmentFile = "/path/to/my/secrets/file";
|
||||||
|
};
|
||||||
|
|
||||||
|
# This sets up a woodpecker agent
|
||||||
|
services.woodpecker-agents.agents."docker" = {
|
||||||
|
enable = true;
|
||||||
|
# We need this to talk to the podman socket
|
||||||
|
extraGroups = [ "podman" ];
|
||||||
|
environment = {
|
||||||
|
WOODPECKER_SERVER = "localhost:9000";
|
||||||
|
WOODPECKER_MAX_WORKFLOWS = "4";
|
||||||
|
DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||||
|
WOODPECKER_BACKEND = "docker";
|
||||||
|
};
|
||||||
|
# Same as with woodpecker-server
|
||||||
|
# environmentFile = [ "/var/lib/secrets/woodpecker.env" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Here we setup podman and enable dns
|
||||||
|
virtualisation.podman = {
|
||||||
|
enable = true;
|
||||||
|
defaultNetwork.settings = {
|
||||||
|
dns_enabled = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# This is needed for podman to be able to talk over dns
|
||||||
|
networking.firewall.interfaces."podman0" = {
|
||||||
|
allowedUDPPorts = [ 53 ];
|
||||||
|
allowedTCPPorts = [ 53 ];
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue