70 lines
2.2 KiB
Nix
70 lines
2.2 KiB
Nix
# https://github.com/Mic92/dotfiles/tree/035a2c22e161f4fbe4fcbd038c6464028ddce619/nixos/eve/modules/woodpecker
|
|
{ pkgs, config, ... }:
|
|
|
|
let
|
|
nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { };
|
|
|
|
data = import ./data.secret.nix;
|
|
inherit (data) hostname port grpcPort userServer group database;
|
|
in
|
|
{
|
|
networking.firewall.allowedTCPPorts = [ port grpcPort ];
|
|
|
|
services.postgresql.enable = true;
|
|
|
|
systemd.services.woodpecker-server = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" "postgresql.service" ];
|
|
serviceConfig = {
|
|
# See: https://woodpecker-ci.org/docs/administration/server-config
|
|
EnvironmentFile = [
|
|
config.age.secrets.woodpecker-common-env.path
|
|
config.age.secrets.woodpecker-server-env.path
|
|
];
|
|
Environment = [
|
|
"WOODPECKER_DEBUG_PRETTY=true"
|
|
"WOODPECKER_LOG_LEVEL=trace"
|
|
"WOODPECKER_HOST=https://${hostname}"
|
|
"WOODPECKER_SERVER_ADDR=:${toString port}"
|
|
"WOODPECKER_GRPC_ADDR=:${toString grpcPort}"
|
|
"WOODPECKER_ADMIN=pleshevskiy"
|
|
"WOODPECKER_DATABASE_DRIVER=postgres"
|
|
"WOODPECKER_DATABASE_DATASOURCE=postgres://${userServer}@:${toString config.services.postgresql.port}/${database}?host=/run/postgresql"
|
|
"WOODPECKER_GITEA=true"
|
|
"WOODPECKER_GITEA_URL=https://git.pleshevski.ru"
|
|
"WOODPECKER_DOCKER_CONFIG=${config.age.secrets.woodpecker-docker-config.path}"
|
|
"WOODPECKER_AUTHENTICATE_PUBLIC_REPOS=true"
|
|
];
|
|
ExecStart = "${nextPkgs.woodpecker-server}/bin/woodpecker-server";
|
|
User = userServer;
|
|
Group = group;
|
|
};
|
|
};
|
|
|
|
services.postgresql = {
|
|
ensureDatabases = [ database ];
|
|
ensureUsers = [
|
|
{
|
|
name = userServer;
|
|
ensurePermissions = {
|
|
"DATABASE ${database}" = "ALL PRIVILEGES";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
|
|
services.traefik.dynamicConfigOptions.http = {
|
|
routers.to_woodpecker_server = {
|
|
rule = "Host(`${hostname}`)";
|
|
entryPoints = [ "https" ];
|
|
tls.certResolver = "le";
|
|
service = "woodpecker_server";
|
|
};
|
|
services.woodpecker_server = {
|
|
loadBalancer.servers = [
|
|
{ url = "http://localhost:${toString port}"; }
|
|
];
|
|
};
|
|
};
|
|
}
|