1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

{
  inputs,
  pkgs,
  config,
  ...
}:
{
  age.secrets.woodpecker.file = ../secrets/woodpecker.age;
  services = {
    woodpecker-server = {
      enable = true;
      environment = {
        WOODPECKER_HOST = "https://cicd";
        WOODPECKER_OPEN = "true";
        WOODPECKER_ADDON_FORGE = "${pkgs.lib.getExe
          inputs.gitpecker.packages.${pkgs.stdenv.hostPlatform.system}.default
        }";
        WOODPECKER_ADMIN = "jolheiser";
        WOODPECKER_SERVER_ADDR = ":2423";

        GITPECKER_REPOS = "/var/lib/ugit/repos";
        GITPECKER_URL = "https://git.jolheiser.com";
        GITPECKER_PROVIDER = "https://id.jolheiser.com";
        GITPECKER_CLIENT_ID = "6975ecea-ce29-48f0-ad8d-323e419f7732";
        GITPECKER_REDIRECT = "https://cicd/authorize";
        GITPECKER_LOG_FILE = "/var/lib/woodpecker-server/gitpecker.log";
      };
      environmentFile = [ config.age.secrets.woodpecker.path ];
    };
    woodpecker-agents.agents."007" = {
      enable = true;
      path = with pkgs; [
        git
        git-lfs
        woodpecker-plugin-git

        bash
        nix
        uutils-coreutils-noprefix

        cachix
      ];
      environment.WOODPECKER_BACKEND = "local";
      environmentFile = [ config.age.secrets.woodpecker.path ];
    };
    tailproxy.woodpecker = {
      enable = true;
      hostname = "cicd";
      port = 2423;
      authKey = "tskey-auth-kgrGNGArZw11CNTRL-rA3rdahB1dEobvWZraPhcEpHp2BVBcYh"; # One-time key
    };
  };
  systemd.services.woodpecker-server.serviceConfig.SupplementaryGroups = [ "ugit" ];
}