diff --git a/.vscode/settings.json b/.vscode/settings.json index a85b452..29b929d 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,12 @@ { "cSpell.words": [ + "Aeson", + "axios", + "dhall", + "HLINT", + "jquery", "pandoc", - "photoframe" + "photoframe", + "unrecognised" ] } \ No newline at end of file diff --git a/nixos-apps/default.nix b/nixos-apps/default.nix index 8c5e9e2..cdfd8d3 100644 --- a/nixos-apps/default.nix +++ b/nixos-apps/default.nix @@ -11,6 +11,8 @@ ./fancytypist.com.nix ./hydra.fancyTypist.com.nix + + ./woodpecker.fancyTypist.dev.nix ]; # when in doubt, clear away the certs with diff --git a/nixos-apps/fancytypist.com.nix b/nixos-apps/fancytypist.com.nix index 0f6dcf8..7d1eea0 100644 --- a/nixos-apps/fancytypist.com.nix +++ b/nixos-apps/fancytypist.com.nix @@ -35,18 +35,18 @@ in ''; }; - "fancytypist.dev" = { - serverAliases = [ "www.fancytypist.dev" ]; - extraConfig = '' - reverse_proxy ${HOST}:${toString PORT} - ''; - }; + # "fancytypist.dev" = { + # serverAliases = [ "www.fancytypist.dev" ]; + # extraConfig = '' + # reverse_proxy ${HOST}:${toString PORT} + # ''; + # }; }; }; systemd.services = { fancyTypistDotDev-site = { - enable = true; + enable = false; description = "The Haskell Servant executable server that hosts my FancyTypist.dev site."; path = with pkgs; [ nix git ]; script = '' diff --git a/nixos-apps/woodpecker.fancyTypist.dev.nix b/nixos-apps/woodpecker.fancyTypist.dev.nix new file mode 100644 index 0000000..5f21cad --- /dev/null +++ b/nixos-apps/woodpecker.fancyTypist.dev.nix @@ -0,0 +1,68 @@ +{ config +, ... +}: +let + domain = "woodpecker.fancyTypist.dev"; +in +{ + # This automatically sets up certificates via let's encrypt + # security.acme.defaults.email = "admin@fancytypist.dev"; + # security.acme.acceptTerms = true; + # security.acme.certs."${domain}" = { }; + + # Setting up a nginx proxy that handles tls for us + networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:3007"; + }; + }; + }; + + services.woodpecker-server = { + enable = true; + environment = { + WOODPECKER_HOST = "https://${domain}"; + WOODPECKER_SERVER_ADDR = ":3007"; + WOODPECKER_OPEN = "true"; + }; + # You can pass a file with env vars to the system it could look like: + # WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX + # environmentFile = "/path/to/my/secrets/file"; + }; + + # This sets up a woodpecker agent + services.woodpecker-agents.agents."docker" = { + enable = true; + # We need this to talk to the podman socket + extraGroups = [ "podman" ]; + environment = { + WOODPECKER_SERVER = "localhost:9000"; + WOODPECKER_MAX_WORKFLOWS = "4"; + DOCKER_HOST = "unix:///run/podman/podman.sock"; + WOODPECKER_BACKEND = "docker"; + }; + # Same as with woodpecker-server + # environmentFile = [ "/var/lib/secrets/woodpecker.env" ]; + }; + + # Here we setup podman and enable dns + virtualisation.podman = { + enable = true; + defaultNetwork.settings = { + dns_enabled = true; + }; + }; + # This is needed for podman to be able to talk over dns + networking.firewall.interfaces."podman0" = { + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; + }; +}