# https://github.com/Mic92/dotfiles/tree/035a2c22e161f4fbe4fcbd038c6464028ddce619/nixos/eve/modules/woodpecker { pkgs, config, ... }: let nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { }; data = import ./data.secret.nix; inherit (data) hostname port grpcPort userServer group database; in { networking.firewall.allowedTCPPorts = [ port grpcPort ]; services.postgresql.enable = true; systemd.services.woodpecker-server = { wantedBy = [ "multi-user.target" ]; after = [ "network.target" "postgresql.service" ]; serviceConfig = { # See: https://woodpecker-ci.org/docs/administration/server-config EnvironmentFile = [ config.age.secrets.woodpecker-common-env.path config.age.secrets.woodpecker-server-env.path ]; Environment = [ "WOODPECKER_DEBUG_PRETTY=true" "WOODPECKER_LOG_LEVEL=trace" "WOODPECKER_HOST=https://${hostname}" "WOODPECKER_SERVER_ADDR=:${toString port}" "WOODPECKER_GRPC_ADDR=:${toString grpcPort}" "WOODPECKER_ADMIN=pleshevskiy" "WOODPECKER_DATABASE_DRIVER=postgres" "WOODPECKER_DATABASE_DATASOURCE=postgres://${userServer}@:${toString config.services.postgresql.port}/${database}?host=/run/postgresql" "WOODPECKER_GITEA=true" "WOODPECKER_GITEA_URL=https://git.pleshevski.ru" "WOODPECKER_DOCKER_CONFIG=${config.age.secrets.woodpecker-docker-config.path}" "WOODPECKER_AUTHENTICATE_PUBLIC_REPOS=true" ]; ExecStart = "${nextPkgs.woodpecker-server}/bin/woodpecker-server"; User = userServer; Group = group; }; }; services.postgresql = { ensureDatabases = [ database ]; ensureUsers = [ { name = userServer; ensurePermissions = { "DATABASE ${database}" = "ALL PRIVILEGES"; }; } ]; }; services.traefik.dynamicConfigOptions.http = { routers.to_woodpecker_server = { rule = "Host(`${hostname}`)"; entryPoints = [ "https" ]; tls.certResolver = "le"; service = "woodpecker_server"; }; services.woodpecker_server = { loadBalancer.servers = [ { url = "http://host.docker.internal:${toString port}"; } ]; }; }; }