Try woodpecker CI/CD

.vscode/settings.json

@@ -1,6 +1,12 @@
 {
   "cSpell.words": [
+    "Aeson",
+    "axios",
+    "dhall",
+    "HLINT",
+    "jquery",
     "pandoc",
-    "photoframe"
+    "photoframe",
+    "unrecognised"
   ]
 }

nixos-apps/default.nix

@@ -11,6 +11,8 @@
 
     ./fancytypist.com.nix
     ./hydra.fancyTypist.com.nix
+
+    ./woodpecker.fancyTypist.dev.nix
   ];
 
   # when in doubt, clear away the certs with

nixos-apps/fancytypist.com.nix

@@ -35,18 +35,18 @@ in
         '';
       };
 
-      "fancytypist.dev" = {
-        serverAliases = [ "www.fancytypist.dev" ];
-        extraConfig = ''
-          reverse_proxy ${HOST}:${toString PORT}
-        '';
-      };
+      # "fancytypist.dev" = {
+      #   serverAliases = [ "www.fancytypist.dev" ];
+      #   extraConfig = ''
+      #     reverse_proxy ${HOST}:${toString PORT}
+      #   '';
+      # };
     };
   };
 
   systemd.services = {
     fancyTypistDotDev-site = {
-      enable = true;
+      enable = false;
       description = "The Haskell Servant executable server that hosts my FancyTypist.dev site.";
       path = with pkgs; [ nix git ];
       script = ''

nixos-apps/woodpecker.fancyTypist.dev.nix

@@ -0,0 +1,68 @@
+{ config
+, ...
+}:
+let
+  domain = "woodpecker.fancyTypist.dev";
+in
+{
+  # This automatically sets up certificates via let's encrypt
+  # security.acme.defaults.email = "admin@fancytypist.dev";
+  # security.acme.acceptTerms = true;
+  # security.acme.certs."${domain}" = { };
+
+  # Setting up a nginx proxy that handles tls for us
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    virtualHosts."${domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:3007";
+      };
+    };
+  };
+
+  services.woodpecker-server = {
+    enable = true;
+    environment = {
+      WOODPECKER_HOST = "https://${domain}";
+      WOODPECKER_SERVER_ADDR = ":3007";
+      WOODPECKER_OPEN = "true";
+    };
+    # You can pass a file with env vars to the system it could look like:
+    # WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX
+    # environmentFile = "/path/to/my/secrets/file";
+  };
+
+  # This sets up a woodpecker agent
+  services.woodpecker-agents.agents."docker" = {
+    enable = true;
+    # We need this to talk to the podman socket
+    extraGroups = [ "podman" ];
+    environment = {
+      WOODPECKER_SERVER = "localhost:9000";
+      WOODPECKER_MAX_WORKFLOWS = "4";
+      DOCKER_HOST = "unix:///run/podman/podman.sock";
+      WOODPECKER_BACKEND = "docker";
+    };
+    # Same as with woodpecker-server
+    # environmentFile = [ "/var/lib/secrets/woodpecker.env" ];
+  };
+
+  # Here we setup podman and enable dns
+  virtualisation.podman = {
+    enable = true;
+    defaultNetwork.settings = {
+      dns_enabled = true;
+    };
+  };
+  # This is needed for podman to be able to talk over dns
+  networking.firewall.interfaces."podman0" = {
+    allowedUDPPorts = [ 53 ];
+    allowedTCPPorts = [ 53 ];
+  };
+}