add woodpecker ci
This commit is contained in:
parent
ce69b57687
commit
bc9ffbef89
3 changed files with 94 additions and 0 deletions
|
@ -16,6 +16,7 @@
|
|||
./search.nix
|
||||
./ssh.nix
|
||||
./syncthing-relay.nix
|
||||
./woodpecker.nix
|
||||
];
|
||||
|
||||
systemd.extraConfig = ''
|
||||
|
|
52
nixos/boxes/vpsfree1/gitea.sops
Normal file
52
nixos/boxes/vpsfree1/gitea.sops
Normal file
|
@ -0,0 +1,52 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:SzT2//HVQ3rx9NTtmpD4h4H5hLuMD1MOMnmye9B+2bYuFqGfpy0IZtWFYOkeLC+GL5FBpNRDjhXI6VffE647QQhfxWkxqXfaMUQmVmhY4c4z8ZKjkUd61skh2l4JLkTBkQK27dVKDZbk9YvDB4nvpJzzhhk4TzdylljHgqTT1LIEQQ==,iv:WQgkDTBvX8fW779ZQFVGgnHyEB2OgwABS64nnf4DzRw=,tag:BkPt9Jnamcz1omHkNNMPjQ==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNmlpRG14YVpOMmpTL0FV\nWE10TElmSnRuUmJkTDNkL1hpdHU1MzZlRUZrCldzenVWV1NOMmQ0RWJYZWZDblcv\nV0tBYUdpWktkSUlBZzhiVzBHd1pQTmMKLS0tIHFXdjFXWWllVmhjY3hJM215MG5h\nTlZySEl4UnVJNkxGeldpazFINUZ5YzgKqH1DqsVvBY+rQdk34jYFl4vaUkL+RbpY\narfGfgOQqmVohBKpMf31GB+MEiE05zNL5D3NdEJZ2sgukHwkw7CAFA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvRVJLZ0ExNlVHN1padURn\nWWhWZHFUenhRUSsza2pFU25ZYkQ5dXZ4YUJZCjhEeEJ4aVZEM0g5VDczSlYyZjN1\nVFRxUStVdFAwQ3BkU3FDZGJrYzh2S2MKLS0tICtwQTRYbjdOT0RLdkRDZmVZbzI0\nT0dNRGNGcWxZdDg2bURlcTVzdWJaWUUKk02fxHEo8CLS4RrLBe2tY3RYzssYp/9v\n4NOM30EKOxiZi6RQ7Lk3M5CdjwiRO9zsqDn4pJhyhVqc+a97me+IjA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzKzFVYkJvNXQ1dEkwaDJD\nRkc0NVV6YjBYNkM2Uk0vY2F6NDZDSENIYnlBCmlQTjJHQUdqN2lBUTVIVGNTRkVw\nNW81eTNkZDFCTlV4enhwWjZpdmVoUG8KLS0tIC9zOEtLRXUxalorcEgwL0VPWlI0\ncEpkMFZQcUtpU3hFWElxa2thTW5XYkUKsTXkz+ZFvzxhr/Prah85PEeEBFNpiWN5\nDRkgRdCz9UoF1tyYEJZVsVuV/sUNgrLIPa4cvs4e4ErgmYGdiVKVfQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0SHVhQUl1d1ArOUdzbEFH\nbDE1RTViNkRTdGxLY2FxaEhUZTM2YisxbVVZClJKT2d2OEE2cEo2b2F0U0ZCK3BQ\nZjBINVdzZncrVFpaZlF5SDF5VjlFaXcKLS0tIG9ZUkpqNkl6aHk3WVljOXNsTjBj\nN1BieUYwVTM1OWVaYjlhUFAvbHdzcWMKqLm9CUMgkicxYmXGzf9o8Y67+lv/OyRE\nQjqo2RsL+yjR2kN1hBKVLKkpm4rGnddmniPEVjbU1bzk5juFOqpnRA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcGZ3VFZxQ0daNUlXelAy\nNlN2MlI1SlBsQlFxUHZtc2I5VllwRmp2YW5rCmtiOG9VL0ZoOVV5RUhNOTFFS2Vx\nZllWRjJyNHVvNm4xaDJ4VkhCTjI2RTAKLS0tIDRSNG1JT21Deks3ajJsbjMvcW1F\ndHppckVtMkJ4Q2RwWjg1alh2R2NDY0kKJ7a33iu1ZI93ditZzodNLkoEoZ0Nyzvt\nrwNhHv9y5k845WV0LW3ULRm3qbgMqSODj7WwWsJDOutNfoPLkXIqfg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIN1NSUUNnbFR6T1JxRWVB\nRzAyWm5JcEJFMVpsSk5mOHlVaitDeVFkNFU4CnhwWXpTM3diRXBETFZMRitKSjZu\neTl5ZDlzTThpenBFSmg1NGRJaEFQSEUKLS0tIExYRklhSndwdTUxWEFOdDBEbWRL\neVg1a3hHVFM2L3B0SlpEWTd5dmRTcmMKKxwij+C3jvtSt30Pd/5oTVql0YL1OKlx\nXnrpO7n6ejMP/1NYOH6VY24QAU23rR+LCQSqlXET0WMKgXLYZHjbiA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZmEwTkdwUFpzSXdaa25Y\nd2pRZTVzbU9ZaWNYSmErMGVWV2NQNmFZWWkwClF5N1RLd3BDN3lZUVhJaWh6S1h3\nMjN2NktUYlJocFpub0Q5TklGMzM0OFkKLS0tIFBzSWNFZkwwVTVKdlBOMldDOStN\nZ0lYbHo1TnBLWDZ4bGU3alpXVjZjMVUKbk4v8qFMjkKOd+6ctT3JA86m9TIwjedR\n2CaMJTfgNhbRZJY0tn8Tg9r38eTMpGCibsIM9XAVp5gXhkMDSMFQ1A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5d1RZYmNTT0tXWnRvZ1lJ\nQjliUTJBTktHdjJJVTA2ZVBNY1FDN0dSbno0ClR0QlVCRW56THJtNkluQnlYTVYw\ndkY0MUd4amRHdVFtYW1Tb0xWZmI5M0UKLS0tIHJzK29SSjVKeW5XZnNiNWNyZ3du\nKzE4b3pHSFVSQXZKOWhTRlBtRFJ1TXcKcohHoI8PXg8MaMigQ4InE+6YWl3ZDkn/\nuN/MwgYeQt/jJ/UIftUFgLqbaWWbvZsEFEPhHk53Ubm6ZnQeSl0N3g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMU5LQ0ZXODhOd1RGU2hy\nK1pCc2VUcTVRYXJJYSt2RmlEMGlhZ25DekIwCnZBcDVuSngwakM0NVhreGJPZDBa\nbmpwdTc2bTJCVDFyM3owek90Vmhpck0KLS0tIHR0MDBJQW8zSytrdFFzc2lDNU03\nN2d6MTdWanBNZ1JHY3RVb042U1pJUzAKMcGJye9dQ2NhFO9DqRSm2XukE+OduDEg\n55YC1x7eAzLx6GCMMaFanplp4oLQdhZRn+rPMYNsbnNY+r84MhI/JA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2022-11-08T13:29:25Z",
|
||||
"mac": "ENC[AES256_GCM,data:6zbK7/m1fkH2PZ2X7vtSxUdoqeEs7/MSTYUsbwJdgt8kg/r8eSe9s5IeKZAI3gCC10aGMaPvKf0S07WL66slzkjohDQrGp8WSQwp2jVbnz2+bCKw8jU7SWf15iQdi/YFRgMqSFUVhnbFgr81+xNe5XmgTxR95e1qSQMxHBnPASM=,iv:KguqwgOfK3lI9+mR1oQaLhgLkAFD/AJ05doGH0e06RY=,tag:6C5Fa4GDJQ7sH7Gc4lS3tA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.3"
|
||||
}
|
||||
}
|
41
nixos/boxes/vpsfree1/woodpecker.nix
Normal file
41
nixos/boxes/vpsfree1/woodpecker.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ config, pkgs, inputs, lib, ... }:
|
||||
let
|
||||
httpPort = 8000;
|
||||
domain = "ci.cyplo.dev";
|
||||
path = "/var/lib/woodpecker";
|
||||
in rec {
|
||||
imports = [ ../nginx.nix ];
|
||||
|
||||
systemd.services.systemd-sysctl.enable = lib.mkForce true;
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"${domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:" + toString httpPort;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets."gitea-env" = {
|
||||
sopsFile = ./gitea.sops;
|
||||
format = "binary";
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers.woodpecker-server = {
|
||||
image =
|
||||
"woodpeckerci/woodpecker-server@sha256:e6027e46a782d50790183b7274a2a2ad3a6c6fb9a645e6af81a16419613c28ea";
|
||||
volumes = [ "woodpecker-server-data:${path}" ];
|
||||
environmentFiles = [ "${config.sops.secrets.gitea-env.path}" ];
|
||||
environment = {
|
||||
WOODPECKER_OPEN = "true";
|
||||
WOODPECKER_HOST = "https://${domain}";
|
||||
WOODPECKER_GITEA = "true";
|
||||
WOODPECKER_GITEA_URL = "https://git.cyplo.dev";
|
||||
};
|
||||
ports = [ "${toString httpPort}:${toString httpPort}" ];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue