From 03dfa2faefd9d65bdf07c5b36a0370f087dd9f71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= <cyplo@cyplo.dev>
Date: Wed, 21 Dec 2022 14:51:21 +0000
Subject: [PATCH] move ci agents to bolty

---
 nixos/boxes/bolty/default.nix          |   1 +
 nixos/boxes/bolty/nix-store-server.nix |   6 +-
 nixos/boxes/bolty/woodpecker-agent.nix | 116 +++++++++++++++++++++++++
 nixos/boxes/vpsfree1/woodpecker.nix    |  82 -----------------
 4 files changed, 120 insertions(+), 85 deletions(-)
 create mode 100644 nixos/boxes/bolty/woodpecker-agent.nix

diff --git a/nixos/boxes/bolty/default.nix b/nixos/boxes/bolty/default.nix
index d11a46e4..1e60e376 100644
--- a/nixos/boxes/bolty/default.nix
+++ b/nixos/boxes/bolty/default.nix
@@ -14,6 +14,7 @@
     ./nix-store-server.nix
     ./print-server.nix
     ./restic-server.nix
+    ./woodpecker-agent.nix
   ];
   boot.binfmt.emulatedSystems = ["aarch64-linux"];
   programs.ccache.enable = true;
diff --git a/nixos/boxes/bolty/nix-store-server.nix b/nixos/boxes/bolty/nix-store-server.nix
index 3f8460e2..37faa40e 100644
--- a/nixos/boxes/bolty/nix-store-server.nix
+++ b/nixos/boxes/bolty/nix-store-server.nix
@@ -3,13 +3,13 @@
   pkgs,
   ...
 }: {
-  networking.firewall.allowedTCPPorts = [9000 9001];
+  networking.firewall.allowedTCPPorts = [10000 10001];
   services.minio = {
     enable = true;
     region = "home";
     dataDir = ["/var/lib/minio/data"];
     configDir = "/var/lib/minio/config";
-    listenAddress = ":9000";
-    consoleAddress = ":9001";
+    listenAddress = ":10000";
+    consoleAddress = ":10001";
   };
 }
diff --git a/nixos/boxes/bolty/woodpecker-agent.nix b/nixos/boxes/bolty/woodpecker-agent.nix
new file mode 100644
index 00000000..43df1f82
--- /dev/null
+++ b/nixos/boxes/bolty/woodpecker-agent.nix
@@ -0,0 +1,116 @@
+{
+  config,
+  pkgs,
+  inputs,
+  lib,
+  ...
+}: let
+  agentPort = 9000;
+  domain = "ci.cyplo.dev";
+  uid = 2061;
+  gid = 3061;
+  systemUserName = "woodpecker";
+  systemGroupName = "woodpecker";
+  podmanGid = 994;
+  secretSettings = {
+    owner = systemUserName;
+    group = systemGroupName;
+  };
+  woodpeckerEnvSecretName = "woodpecker-env";
+  woodpeckerEnvSecretPath = "/run/secrets/${woodpeckerEnvSecretName}";
+  woodpeckerAgentContainer = {
+    autoStart = true;
+    forwardPorts = [
+    ];
+    bindMounts = {
+      "${woodpeckerEnvSecretPath}" = {
+        hostPath = "${woodpeckerEnvSecretPath}";
+        isReadOnly = true;
+      };
+      "/var/run/docker.sock" = {
+        hostPath = "/var/run/podman/podman.sock";
+        isReadOnly = false;
+      };
+    };
+    config = {
+      config,
+      pkgs,
+      lib,
+      ...
+    }: {
+      system.stateVersion = "22.11";
+      users = {
+        mutableUsers = false;
+        allowNoPasswordLogin = true;
+        users."${systemUserName}" = {
+          inherit uid;
+          isSystemUser = true;
+          isNormalUser = false;
+          group = systemGroupName;
+        };
+        groups."${systemGroupName}" = {
+          inherit gid;
+          members = ["${systemUserName}"];
+        };
+        groups."podman" = {
+          gid = podmanGid;
+          members = ["${systemUserName}"];
+        };
+      };
+
+      systemd.services.woodpecker-agent = {
+        wantedBy = ["multi-user.target"];
+        environment = {
+          WOODPECKER_SERVER = "${domain}:${toString agentPort}";
+          WOODPECKER_MAX_PROCS = "1";
+          WOODPECKER_DEBUG_PRETTY = "true";
+          WOODPECKER_LOG_LEVEL = "info";
+        };
+        serviceConfig = {
+          EnvironmentFile = [
+            woodpeckerEnvSecretPath
+          ];
+          ExecStart = "${pkgs.woodpecker-agent}/bin/woodpecker-agent";
+          User = systemUserName;
+          Group = systemGroupName;
+        };
+      };
+    };
+  };
+in {
+  imports = [../nginx.nix];
+
+  users = {
+    users."${systemUserName}" = {
+      inherit uid;
+      isSystemUser = true;
+      isNormalUser = false;
+      group = systemGroupName;
+      extraGroups = ["podman"];
+    };
+    groups."${systemGroupName}" = {
+      inherit gid;
+      members = ["${systemUserName}"];
+    };
+    groups."podman" = {
+      gid = podmanGid;
+      members = ["${systemUserName}"];
+    };
+  };
+
+  sops.secrets."woodpecker-env" =
+    {
+      sopsFile = ../vpsfree1/gitea.sops;
+      format = "binary";
+      path = woodpeckerEnvSecretPath;
+    }
+    // secretSettings;
+
+  virtualisation.podman = {
+    enable = true;
+  };
+  containers.woodpecker-agent1 = woodpeckerAgentContainer;
+  containers.woodpecker-agent2 = woodpeckerAgentContainer;
+  containers.woodpecker-agent3 = woodpeckerAgentContainer;
+  containers.woodpecker-agent4 = woodpeckerAgentContainer;
+}
diff --git a/nixos/boxes/vpsfree1/woodpecker.nix b/nixos/boxes/vpsfree1/woodpecker.nix
index 70d30403..db4ddd03 100644
--- a/nixos/boxes/vpsfree1/woodpecker.nix
+++ b/nixos/boxes/vpsfree1/woodpecker.nix
@@ -14,72 +14,6 @@
   gid = 3061;
   systemUserName = "woodpecker";
   systemGroupName = "woodpecker";
-  podmanGid = 994;
-  secretSettings = {
-    owner = systemUserName;
-    group = systemGroupName;
-  };
-  woodpeckerEnvSecretName = "woodpecker-env";
-  woodpeckerEnvSecretPath = "/run/secrets/${woodpeckerEnvSecretName}";
-  woodpeckerAgentContainer = {
-    autoStart = true;
-    forwardPorts = [
-    ];
-    bindMounts = {
-      "${woodpeckerEnvSecretPath}" = {
-        hostPath = "${woodpeckerEnvSecretPath}";
-        isReadOnly = true;
-      };
-      "/var/run/docker.sock" = {
-        hostPath = "/var/run/podman/podman.sock";
-        isReadOnly = false;
-      };
-    };
-    config = {
-      config,
-      pkgs,
-      lib,
-      ...
-    }: {
-      system.stateVersion = "22.11";
-      users = {
-        mutableUsers = false;
-        allowNoPasswordLogin = true;
-        users."${systemUserName}" = {
-          inherit uid;
-          isSystemUser = true;
-          isNormalUser = false;
-          group = systemGroupName;
-        };
-        groups."${systemGroupName}" = {
-          inherit gid;
-          members = ["${systemUserName}"];
-        };
-        groups."podman" = {
-          gid = podmanGid;
-          members = ["${systemUserName}"];
-        };
-      };
-
-      systemd.services.woodpecker-agent = {
-        wantedBy = ["multi-user.target"];
-        environment = {
-          WOODPECKER_SERVER = "${domain}:${toString agentPort}";
-          WOODPECKER_MAX_PROCS = "1";
-          WOODPECKER_DEBUG_PRETTY = "true";
-          WOODPECKER_LOG_LEVEL = "info";
-        };
-        serviceConfig = {
-          EnvironmentFile = [
-            woodpeckerEnvSecretPath
-          ];
-          ExecStart = "${pkgs.woodpecker-agent}/bin/woodpecker-agent";
-          User = systemUserName;
-          Group = systemGroupName;
-        };
-      };
-    };
-  };
 in {
   imports = [../nginx.nix];
 
@@ -95,10 +29,6 @@ in {
       inherit gid;
       members = ["${systemUserName}"];
     };
-    groups."podman" = {
-      gid = podmanGid;
-      members = ["${systemUserName}"];
-    };
   };
 
   services.nginx = {
@@ -118,14 +48,6 @@ in {
     format = "binary";
   };
 
-  sops.secrets."woodpecker-env" =
-    {
-      sopsFile = ./gitea.sops;
-      format = "binary";
-      path = woodpeckerEnvSecretPath;
-    }
-    // secretSettings;
-
   virtualisation.podman = {
     enable = true;
     defaultNetwork.dnsname.enable = true;
@@ -149,8 +71,4 @@ in {
       ];
     };
   };
-  containers.woodpecker-agent1 = woodpeckerAgentContainer;
-  containers.woodpecker-agent2 = woodpeckerAgentContainer;
-  containers.woodpecker-agent3 = woodpeckerAgentContainer;
-  containers.woodpecker-agent4 = woodpeckerAgentContainer;
 }