Switch CI to woodpecker
This commit is contained in:
parent
0d85e6934f
commit
d65073c697
SSH key fingerprint:
SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
3 changed files with 72 additions and 8 deletions
|
|
@ -11,12 +11,13 @@
|
|||
enable = true;
|
||||
server = true;
|
||||
};
|
||||
docker.enable = true;
|
||||
drone.enable = true;
|
||||
# docker.enable = true;
|
||||
# drone.enable = true;
|
||||
nix-common = {
|
||||
enable = true;
|
||||
remote-builders = true;
|
||||
};
|
||||
woodpecker.enable = true;
|
||||
};
|
||||
|
||||
boot.isContainer = true;
|
||||
|
|
@ -54,9 +55,9 @@
|
|||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets = {
|
||||
drone = { };
|
||||
drone-runner = { };
|
||||
woodpecker-server = { };
|
||||
woodpecker-agent = { };
|
||||
};
|
||||
|
||||
system.stateVersion = "21.11";
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
drone: ENC[AES256_GCM,data:PZPChq/iQDw7gOfdmSOB4ZvtWgnT55lMc1/kSKVoh5kTkIX+FdNE7uJlhKJQHryYWdrbyoRu09RhhPLr27oWeiCvN4Z0QmM9ofrM4CfuUPotp3niZIjfXrLIiX2s1JlxT2eElEwkX2h1UCIC+tNqFCL+ThLkP4iMmeXRXwFBIOahYscskwbmutbyraj/yQq3KcwUyFLd618pDT+0VWiBETQudauWdmJXFDW/rKW7STTVhe/7ixCIw3O5BYThOin9YhZSZxje225+bBB8vPM6NfdvNCHEtzAwxTjtm3n0beqsAAxd6hzQXk3L7a2X6Y+mmK1XMjmLhsGgI5B6Zssmv3/3oTSczn+YdtfT9bz0KxaZtJdQrYEfVowKEQMTcWO5H55F5Mv+qShweIAcWqKInFb6+EDjyPzABlN/S9/XJakQsPxcCwBKKusYr3P3IFjNnzdZD18ayhc6frs4TJmSGcQIkW/cCWNjwpct/yVbkIrIXZEWb7DoZ0M=,iv:F++KLxnqAtBhcSdj5rZhGpVvCKfI8y5HhvlejCfwi/k=,tag:YdiiZUN7wGn9yA1evMu5jg==,type:str]
|
||||
drone-runner: ENC[AES256_GCM,data:Uh7OQSDtV0M5j00oHHm4uz4zwi+1W1k2qd5uXoROj5tcgNs76YBcfkU7d+1qXj/Hma7++HOcga0LvF1+Dl/GJQyj47kVFi/+h6I9yiuoO5sW3nxh5pW5W1Ws1qchKqVhoyZLf0K4AnYE2puleKcYXfogJ1hjnB3vn5F/eOKA/QB+7KfaVPRUGZsUYQw3rHLdTbTFHXPv//z8xxYqY5JcG+vvWsHXiI/sKSTZBWoPJEZnKK2mo8+dbZn3nSj29luG,iv:40JTvOJ7isGcHGg9KI5ED8Ju5knmIWP1m/i/dwlpG/M=,tag:GHbkLIeuiGVlNsR2EW/PGw==,type:str]
|
||||
woodpecker-server: ENC[AES256_GCM,data:cW108wxYT2b65pCRcwZBoRi6eQsB4NrcUNLirfQkkqPPOymT4QFyE5Zmx6K1P33dUSAj5nA0Eh0HOsS8RhFQIOPZA9za4Ffs51Ex0HkQozduqusDGaENWR+zBOTgRhgIrwQlDSHh8UgLTzOgN8hpEqR8fFVsiWCcCAuOFjDNyczywtbbu2jNHzG6FMz2fdXy7p1dRmyTq1sFjoMEkJM5Ix8oRB8zWV+O3l6XE7Uw1vD3QbOsJiqcbWFoNw==,iv:VIlHVVvuBSZiO/tMgd/4HpT2uecn1WqJE60SkHaX+80=,tag:+xfTfq2FgSrPUVXeH4tJkQ==,type:str]
|
||||
woodpecker-agent: ENC[AES256_GCM,data:YO9MCMIPVOEU+6euiCHuAN+tFFs8JkRRmb9+AIhMEuQE2ObajfJZ3NN5LsccIT9z1axA/gfjLrxM,iv:UDimHs2cKyCvy0XGdDzgX2ry114qz3V1KaXlXL3yYgI=,tag:OGITUerrT0nWU85fxcpEig==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -33,8 +35,8 @@ sops:
|
|||
UHFBcS9PbGRkNzk1R1ppYUIwOGFhaTgKNOmhKLNm3HZ1xU/xY3ImDqiLDSqZvw/V
|
||||
w5IaQNmgUt/TDBCxkLcnyynHkmgwMUZjRihIukC7yvxncHc2hQrrDA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2021-12-29T21:03:09Z"
|
||||
mac: ENC[AES256_GCM,data:WIoK7hdVGdIleSvlRO6OniQ8z94NtDOTw7g7bWDRL+M+fnaGwU7J5JeW6fuUyX45Kh/PbDVDWh8KSbbU/gCbhI6hhyFsccFI1imDvTJ4ryoLO8+yoRmBd9+aaIbjcrM8PfZITlJdyu7NewnuQ4kesfwWh07m2IxB2xerErrkayw=,iv:iBYU/PPe/NqIAUhEwSNVwHdeijs8sRZVx5d7qoNzAE8=,tag:D04BxYAjsS/+EXbjfIi1EQ==,type:str]
|
||||
lastmodified: "2023-06-12T09:28:02Z"
|
||||
mac: ENC[AES256_GCM,data:mE0O44Sa+RMqRoCqXftn3GuPFLHiyGn3tVlYgBGc973nP7mz5ZwClNgja1gk+MNolnztsrwgso5ZiNpriyI7pGKd/dG6DJQrGixqhRvgyNyIESGEuN9n6bfhYNNSzV1yRb9V6Z7iELkut03gvVU9by0MosJ7SJPMyDyZZ4tMFeA=,iv:rzrvGwJQAdbMcHQ7U/JFB08V7o2keLI1kUrUs9RaClA=,tag:UpE7ZeG7S32CNKsgT+rMMQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
||||
version: 3.7.3
|
||||
|
|
|
|||
61
modules/woodpecker/default.nix
Normal file
61
modules/woodpecker/default.nix
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.eboskma.woodpecker;
|
||||
in
|
||||
{
|
||||
options.eboskma.woodpecker = { enable = mkEnableOption "Woodpecker CI"; };
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.woodpecker-server = {
|
||||
enable = true;
|
||||
environment = {
|
||||
WOODPECKER_GITEA = "true";
|
||||
WOODPECKER_GITEA_URL = "https://git.datarift.nl";
|
||||
WOODPECKER_HOST = "https://drone.datarift.nl";
|
||||
WOODPECKER_SERVER_ADDR = ":8100";
|
||||
WOODPECKER_ADMIN = "erwin";
|
||||
WOODPECKER_SESSION_EXPIRES = "48h";
|
||||
};
|
||||
environmentFile = config.sops.secrets.woodpecker-server.path;
|
||||
};
|
||||
services.woodpecker-agents.agents.local = {
|
||||
enable = true;
|
||||
environment = {
|
||||
WOODPECKER_SERVER = "localhost:9000";
|
||||
WOODPECKER_MAX_PROCS = "2";
|
||||
WOODPECKER_BACKEND = "docker";
|
||||
DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||
};
|
||||
environmentFile = [ config.sops.secrets.woodpecker-agent.path ];
|
||||
extraGroups = [ "podman" ];
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.woodpecker-cli ];
|
||||
|
||||
# virtualisation.docker = {
|
||||
# enable = true;
|
||||
# autoPrune = {
|
||||
# enable = true;
|
||||
# };
|
||||
# };
|
||||
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
autoPrune = {
|
||||
enable = true;
|
||||
};
|
||||
defaultNetwork.settings.dns_enable = true;
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 8100 ];
|
||||
|
||||
interfaces."podman+" = {
|
||||
allowedUDPPorts = [ 53 ];
|
||||
allowedTCPPorts = [ 53 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Reference in a new issue