system/nixos/hosts/magenta/services/woodpecker/server.nix

69 lines
2.2 KiB
Nix
Raw Normal View History

# https://github.com/Mic92/dotfiles/tree/035a2c22e161f4fbe4fcbd038c6464028ddce619/nixos/eve/modules/woodpecker
{ pkgs, config, ... }:
let
data = import ./data.secret.nix;
inherit (data) hostname port grpcPort userServer group database;
in
{
networking.firewall.allowedTCPPorts = [ port grpcPort ];
services.postgresql.enable = true;
systemd.services.woodpecker-server = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
# See: https://woodpecker-ci.org/docs/administration/server-config
EnvironmentFile = [
config.age.secrets.woodpecker-common-env.path
config.age.secrets.woodpecker-server-env.path
];
Environment = [
"WOODPECKER_DEBUG_PRETTY=true"
"WOODPECKER_LOG_LEVEL=trace"
"WOODPECKER_HOST=https://${hostname}"
"WOODPECKER_SERVER_ADDR=:${toString port}"
"WOODPECKER_GRPC_ADDR=:${toString grpcPort}"
"WOODPECKER_ADMIN=pleshevskiy"
"WOODPECKER_DATABASE_DRIVER=postgres"
"WOODPECKER_DATABASE_DATASOURCE=postgres://${userServer}@:${toString config.services.postgresql.port}/${database}?host=/run/postgresql"
"WOODPECKER_GITEA=true"
"WOODPECKER_GITEA_URL=https://git.pleshevski.ru"
"WOODPECKER_DOCKER_CONFIG=${config.age.secrets.woodpecker-docker-config.path}"
"WOODPECKER_AUTHENTICATE_PUBLIC_REPOS=true"
];
2023-03-31 17:04:02 +03:00
ExecStart = "${pkgs.unstable.woodpecker-server}/bin/woodpecker-server";
User = userServer;
Group = group;
};
};
services.postgresql = {
ensureDatabases = [ database ];
ensureUsers = [
{
name = userServer;
ensurePermissions = {
"DATABASE ${database}" = "ALL PRIVILEGES";
};
}
];
};
services.traefik.dynamicConfigOptions.http = {
routers.to_woodpecker_server = {
rule = "Host(`${hostname}`)";
entryPoints = [ "https" ];
tls.certResolver = "le";
service = "woodpecker_server";
};
services.woodpecker_server = {
loadBalancer.servers = [
{ url = "http://host.docker.internal:${toString port}"; }
];
};
};
}