Switch CI to woodpecker
This commit is contained in:
parent
0d85e6934f
commit
d65073c697
SSH key fingerprint:
SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
3 changed files with 72 additions and 8 deletions
|
|
@ -11,12 +11,13 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
server = true;
|
server = true;
|
||||||
};
|
};
|
||||||
docker.enable = true;
|
# docker.enable = true;
|
||||||
drone.enable = true;
|
# drone.enable = true;
|
||||||
nix-common = {
|
nix-common = {
|
||||||
enable = true;
|
enable = true;
|
||||||
remote-builders = true;
|
remote-builders = true;
|
||||||
};
|
};
|
||||||
|
woodpecker.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
|
|
@ -54,9 +55,9 @@
|
||||||
|
|
||||||
sops.defaultSopsFile = ./secrets.yaml;
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
drone = { };
|
woodpecker-server = { };
|
||||||
drone-runner = { };
|
woodpecker-agent = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "21.11";
|
system.stateVersion = "23.11";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,7 @@
|
||||||
drone: ENC[AES256_GCM,data:PZPChq/iQDw7gOfdmSOB4ZvtWgnT55lMc1/kSKVoh5kTkIX+FdNE7uJlhKJQHryYWdrbyoRu09RhhPLr27oWeiCvN4Z0QmM9ofrM4CfuUPotp3niZIjfXrLIiX2s1JlxT2eElEwkX2h1UCIC+tNqFCL+ThLkP4iMmeXRXwFBIOahYscskwbmutbyraj/yQq3KcwUyFLd618pDT+0VWiBETQudauWdmJXFDW/rKW7STTVhe/7ixCIw3O5BYThOin9YhZSZxje225+bBB8vPM6NfdvNCHEtzAwxTjtm3n0beqsAAxd6hzQXk3L7a2X6Y+mmK1XMjmLhsGgI5B6Zssmv3/3oTSczn+YdtfT9bz0KxaZtJdQrYEfVowKEQMTcWO5H55F5Mv+qShweIAcWqKInFb6+EDjyPzABlN/S9/XJakQsPxcCwBKKusYr3P3IFjNnzdZD18ayhc6frs4TJmSGcQIkW/cCWNjwpct/yVbkIrIXZEWb7DoZ0M=,iv:F++KLxnqAtBhcSdj5rZhGpVvCKfI8y5HhvlejCfwi/k=,tag:YdiiZUN7wGn9yA1evMu5jg==,type:str]
|
drone: ENC[AES256_GCM,data:PZPChq/iQDw7gOfdmSOB4ZvtWgnT55lMc1/kSKVoh5kTkIX+FdNE7uJlhKJQHryYWdrbyoRu09RhhPLr27oWeiCvN4Z0QmM9ofrM4CfuUPotp3niZIjfXrLIiX2s1JlxT2eElEwkX2h1UCIC+tNqFCL+ThLkP4iMmeXRXwFBIOahYscskwbmutbyraj/yQq3KcwUyFLd618pDT+0VWiBETQudauWdmJXFDW/rKW7STTVhe/7ixCIw3O5BYThOin9YhZSZxje225+bBB8vPM6NfdvNCHEtzAwxTjtm3n0beqsAAxd6hzQXk3L7a2X6Y+mmK1XMjmLhsGgI5B6Zssmv3/3oTSczn+YdtfT9bz0KxaZtJdQrYEfVowKEQMTcWO5H55F5Mv+qShweIAcWqKInFb6+EDjyPzABlN/S9/XJakQsPxcCwBKKusYr3P3IFjNnzdZD18ayhc6frs4TJmSGcQIkW/cCWNjwpct/yVbkIrIXZEWb7DoZ0M=,iv:F++KLxnqAtBhcSdj5rZhGpVvCKfI8y5HhvlejCfwi/k=,tag:YdiiZUN7wGn9yA1evMu5jg==,type:str]
|
||||||
drone-runner: ENC[AES256_GCM,data:Uh7OQSDtV0M5j00oHHm4uz4zwi+1W1k2qd5uXoROj5tcgNs76YBcfkU7d+1qXj/Hma7++HOcga0LvF1+Dl/GJQyj47kVFi/+h6I9yiuoO5sW3nxh5pW5W1Ws1qchKqVhoyZLf0K4AnYE2puleKcYXfogJ1hjnB3vn5F/eOKA/QB+7KfaVPRUGZsUYQw3rHLdTbTFHXPv//z8xxYqY5JcG+vvWsHXiI/sKSTZBWoPJEZnKK2mo8+dbZn3nSj29luG,iv:40JTvOJ7isGcHGg9KI5ED8Ju5knmIWP1m/i/dwlpG/M=,tag:GHbkLIeuiGVlNsR2EW/PGw==,type:str]
|
drone-runner: ENC[AES256_GCM,data:Uh7OQSDtV0M5j00oHHm4uz4zwi+1W1k2qd5uXoROj5tcgNs76YBcfkU7d+1qXj/Hma7++HOcga0LvF1+Dl/GJQyj47kVFi/+h6I9yiuoO5sW3nxh5pW5W1Ws1qchKqVhoyZLf0K4AnYE2puleKcYXfogJ1hjnB3vn5F/eOKA/QB+7KfaVPRUGZsUYQw3rHLdTbTFHXPv//z8xxYqY5JcG+vvWsHXiI/sKSTZBWoPJEZnKK2mo8+dbZn3nSj29luG,iv:40JTvOJ7isGcHGg9KI5ED8Ju5knmIWP1m/i/dwlpG/M=,tag:GHbkLIeuiGVlNsR2EW/PGw==,type:str]
|
||||||
|
woodpecker-server: ENC[AES256_GCM,data:cW108wxYT2b65pCRcwZBoRi6eQsB4NrcUNLirfQkkqPPOymT4QFyE5Zmx6K1P33dUSAj5nA0Eh0HOsS8RhFQIOPZA9za4Ffs51Ex0HkQozduqusDGaENWR+zBOTgRhgIrwQlDSHh8UgLTzOgN8hpEqR8fFVsiWCcCAuOFjDNyczywtbbu2jNHzG6FMz2fdXy7p1dRmyTq1sFjoMEkJM5Ix8oRB8zWV+O3l6XE7Uw1vD3QbOsJiqcbWFoNw==,iv:VIlHVVvuBSZiO/tMgd/4HpT2uecn1WqJE60SkHaX+80=,tag:+xfTfq2FgSrPUVXeH4tJkQ==,type:str]
|
||||||
|
woodpecker-agent: ENC[AES256_GCM,data:YO9MCMIPVOEU+6euiCHuAN+tFFs8JkRRmb9+AIhMEuQE2ObajfJZ3NN5LsccIT9z1axA/gfjLrxM,iv:UDimHs2cKyCvy0XGdDzgX2ry114qz3V1KaXlXL3yYgI=,tag:OGITUerrT0nWU85fxcpEig==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -33,8 +35,8 @@ sops:
|
||||||
UHFBcS9PbGRkNzk1R1ppYUIwOGFhaTgKNOmhKLNm3HZ1xU/xY3ImDqiLDSqZvw/V
|
UHFBcS9PbGRkNzk1R1ppYUIwOGFhaTgKNOmhKLNm3HZ1xU/xY3ImDqiLDSqZvw/V
|
||||||
w5IaQNmgUt/TDBCxkLcnyynHkmgwMUZjRihIukC7yvxncHc2hQrrDA==
|
w5IaQNmgUt/TDBCxkLcnyynHkmgwMUZjRihIukC7yvxncHc2hQrrDA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2021-12-29T21:03:09Z"
|
lastmodified: "2023-06-12T09:28:02Z"
|
||||||
mac: ENC[AES256_GCM,data:WIoK7hdVGdIleSvlRO6OniQ8z94NtDOTw7g7bWDRL+M+fnaGwU7J5JeW6fuUyX45Kh/PbDVDWh8KSbbU/gCbhI6hhyFsccFI1imDvTJ4ryoLO8+yoRmBd9+aaIbjcrM8PfZITlJdyu7NewnuQ4kesfwWh07m2IxB2xerErrkayw=,iv:iBYU/PPe/NqIAUhEwSNVwHdeijs8sRZVx5d7qoNzAE8=,tag:D04BxYAjsS/+EXbjfIi1EQ==,type:str]
|
mac: ENC[AES256_GCM,data:mE0O44Sa+RMqRoCqXftn3GuPFLHiyGn3tVlYgBGc973nP7mz5ZwClNgja1gk+MNolnztsrwgso5ZiNpriyI7pGKd/dG6DJQrGixqhRvgyNyIESGEuN9n6bfhYNNSzV1yRb9V6Z7iELkut03gvVU9by0MosJ7SJPMyDyZZ4tMFeA=,iv:rzrvGwJQAdbMcHQ7U/JFB08V7o2keLI1kUrUs9RaClA=,tag:UpE7ZeG7S32CNKsgT+rMMQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.1
|
version: 3.7.3
|
||||||
|
|
|
||||||
61
modules/woodpecker/default.nix
Normal file
61
modules/woodpecker/default.nix
Normal file
|
|
@ -0,0 +1,61 @@
|
||||||
|
{ pkgs, config, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.eboskma.woodpecker;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.eboskma.woodpecker = { enable = mkEnableOption "Woodpecker CI"; };
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.woodpecker-server = {
|
||||||
|
enable = true;
|
||||||
|
environment = {
|
||||||
|
WOODPECKER_GITEA = "true";
|
||||||
|
WOODPECKER_GITEA_URL = "https://git.datarift.nl";
|
||||||
|
WOODPECKER_HOST = "https://drone.datarift.nl";
|
||||||
|
WOODPECKER_SERVER_ADDR = ":8100";
|
||||||
|
WOODPECKER_ADMIN = "erwin";
|
||||||
|
WOODPECKER_SESSION_EXPIRES = "48h";
|
||||||
|
};
|
||||||
|
environmentFile = config.sops.secrets.woodpecker-server.path;
|
||||||
|
};
|
||||||
|
services.woodpecker-agents.agents.local = {
|
||||||
|
enable = true;
|
||||||
|
environment = {
|
||||||
|
WOODPECKER_SERVER = "localhost:9000";
|
||||||
|
WOODPECKER_MAX_PROCS = "2";
|
||||||
|
WOODPECKER_BACKEND = "docker";
|
||||||
|
DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||||
|
};
|
||||||
|
environmentFile = [ config.sops.secrets.woodpecker-agent.path ];
|
||||||
|
extraGroups = [ "podman" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.woodpecker-cli ];
|
||||||
|
|
||||||
|
# virtualisation.docker = {
|
||||||
|
# enable = true;
|
||||||
|
# autoPrune = {
|
||||||
|
# enable = true;
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
|
||||||
|
virtualisation.podman = {
|
||||||
|
enable = true;
|
||||||
|
dockerCompat = true;
|
||||||
|
autoPrune = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
defaultNetwork.settings.dns_enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = [ 8100 ];
|
||||||
|
|
||||||
|
interfaces."podman+" = {
|
||||||
|
allowedUDPPorts = [ 53 ];
|
||||||
|
allowedTCPPorts = [ 53 ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue