infra

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14


diff --git a/dragonwell/caddy.nix b/dragonwell/caddy.nix
index 911aae6f0e901e27f36d4959f407ec6959ea89ca..3f36e5dcbbe5daf33f90a423cc2c3f5862fc07ca 100644
--- a/dragonwell/caddy.nix
+++ b/dragonwell/caddy.nix
@@ -59,9 +59,6 @@       };
       "git.jolheiser.com".extraConfig = ''
         reverse_proxy localhost:8449
       '';
-      "ci.jolheiser.com".extraConfig = ''
-        reverse_proxy localhost:2423
-      '';
       "pr.jolheiser.com".extraConfig = ''
         reverse_proxy localhost:7449
       '';

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57


diff --git a/dragonwell/woodpecker.nix b/dragonwell/woodpecker.nix
index 30cd814e6b748d48e590e6dd66247878ca73c18b..bd96aff4674e604d4ebc064f58a897869223a7a4 100644
--- a/dragonwell/woodpecker.nix
+++ b/dragonwell/woodpecker.nix
@@ -5,16 +5,17 @@   services = {
     woodpecker-server = {
       enable = true;
       environment = {
-        WOODPECKER_HOST = "https://ci.jolheiser.com";
+        WOODPECKER_HOST = "https://cicd";
         WOODPECKER_OPEN = "true";
         WOODPECKER_ADDON_FORGE = "${pkgs.lib.getExe pkgs.jolheiser.gitpecker}";
         WOODPECKER_ADMIN = "jolheiser";
         WOODPECKER_SERVER_ADDR = ":2423";
+
         GITPECKER_REPOS = "/var/lib/ugit/repos";
         GITPECKER_URL = "https://git.jolheiser.com";
         GITPECKER_PROVIDER = "https://id.jolheiser.com";
         GITPECKER_CLIENT_ID = "6975ecea-ce29-48f0-ad8d-323e419f7732";
-        GITPECKER_REDIRECT = "https://ci.jolheiser.com/authorize";
+        GITPECKER_REDIRECT = "https://cicd/authorize";
         GITPECKER_LOG_FILE = "/var/lib/woodpecker-server/gitpecker.log";
       };
       environmentFile = [ config.age.secrets.woodpecker.path ];
@@ -28,8 +29,32 @@         bash
         coreutils
         woodpecker-plugin-git
       ];
+      environment = {
+        WOODPECKER_BACKEND = "docker";
+        DOCKER_HOST = "unix:///run/podman/podman.sock";
+      };
+      extraGroups = [ "podman" ];
       environmentFile = [ config.age.secrets.woodpecker.path ];
     };
+    tailproxy.woodpecker = {
+      enable = true;
+      hostname = "cicd";
+      port = 2423;
+      authKey = "tskey-auth-kgrGNGArZw11CNTRL-rA3rdahB1dEobvWZraPhcEpHp2BVBcYh"; # One-time key
+    };
   };
   systemd.services.woodpecker-server.serviceConfig.SupplementaryGroups = [ "ugit" ];
+
+  virtualisation = {
+    containers.enable = true;
+    podman = {
+      enable = true;
+      dockerCompat = true;
+      defaultNetwork.settings.dns_enable = true;
+    };
+  };
+  networking.firewall.interfaces."podman+" = {
+    allowedUDPPorts = [ 53 ];
+    allowedTCPPorts = [ 53 ];
+  };
 }

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33


diff --git a/flake.lock b/flake.lock
index 0b47f8a1d1fce44ef4a307f7f92a099b870c9df1..e1557a28603893d956bad33e8df02f2fdb3358ab 100644
--- a/flake.lock
+++ b/flake.lock
@@ -454,11 +454,11 @@       }
     },
     "nixpkgs_14": {
       "locked": {
-        "lastModified": 1765186076,
-        "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=",
+        "lastModified": 1770562336,
+        "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8",
+        "rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
         "type": "github"
       },
       "original": {
@@ -964,10 +964,10 @@         "tailwind-ctp": "tailwind-ctp",
         "tailwind-ctp-lsp": "tailwind-ctp-lsp"
       },
       "locked": {
-        "lastModified": 1770468130,
-        "narHash": "sha256-MiAxb2zUgnNO95iqCMEsWUzDscjSrI/jmCEjixK8EmU=",
+        "lastModified": 1770755698,
+        "narHash": "sha256-46X+QSz7exOsePPmu6THZVBF/ptYBLyKwwF1j6StKYQ=",
         "ref": "refs/heads/main",
-        "rev": "4ffe885f97514eefbf6f6f53417ea44c916ce8eb",
+        "rev": "2492c5bc2aee1529d819e347ee1e5728cf25a888",
         "revCount": 101,
         "type": "git",
         "url": "https://git.jolheiser.com/ugit.git"

1
2
3


diff --git a/secrets/pocket-id.age b/secrets/pocket-id.age
index 318784e282e82f32fbe091cf1f7f7e95a5001b46..06f9e487984427022eb88fe0f40b81a3307504b3 100644
Binary files a/secrets/pocket-id.age and b/secrets/pocket-id.age differ

1
2
3


diff --git a/secrets/woodpecker.age b/secrets/woodpecker.age
index 34aa96968839dff5385b125e21366c3d1b507678..8d47f847258846ba9e68b508ab57f1d29a2e8719 100644
Binary files a/secrets/woodpecker.age and b/secrets/woodpecker.age differ

Home