diff --git a/nixos/boxes/vpsfree1/default.nix b/nixos/boxes/vpsfree1/default.nix index 4e4563f3..fbd4dc6b 100644 --- a/nixos/boxes/vpsfree1/default.nix +++ b/nixos/boxes/vpsfree1/default.nix @@ -16,6 +16,7 @@ ./search.nix ./ssh.nix ./syncthing-relay.nix + ./woodpecker.nix ]; systemd.extraConfig = '' diff --git a/nixos/boxes/vpsfree1/gitea.sops b/nixos/boxes/vpsfree1/gitea.sops new file mode 100644 index 00000000..b1a83d8f --- /dev/null +++ b/nixos/boxes/vpsfree1/gitea.sops @@ -0,0 +1,52 @@ +{ + "data": "ENC[AES256_GCM,data:SzT2//HVQ3rx9NTtmpD4h4H5hLuMD1MOMnmye9B+2bYuFqGfpy0IZtWFYOkeLC+GL5FBpNRDjhXI6VffE647QQhfxWkxqXfaMUQmVmhY4c4z8ZKjkUd61skh2l4JLkTBkQK27dVKDZbk9YvDB4nvpJzzhhk4TzdylljHgqTT1LIEQQ==,iv:WQgkDTBvX8fW779ZQFVGgnHyEB2OgwABS64nnf4DzRw=,tag:BkPt9Jnamcz1omHkNNMPjQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNmlpRG14YVpOMmpTL0FV\nWE10TElmSnRuUmJkTDNkL1hpdHU1MzZlRUZrCldzenVWV1NOMmQ0RWJYZWZDblcv\nV0tBYUdpWktkSUlBZzhiVzBHd1pQTmMKLS0tIHFXdjFXWWllVmhjY3hJM215MG5h\nTlZySEl4UnVJNkxGeldpazFINUZ5YzgKqH1DqsVvBY+rQdk34jYFl4vaUkL+RbpY\narfGfgOQqmVohBKpMf31GB+MEiE05zNL5D3NdEJZ2sgukHwkw7CAFA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvRVJLZ0ExNlVHN1padURn\nWWhWZHFUenhRUSsza2pFU25ZYkQ5dXZ4YUJZCjhEeEJ4aVZEM0g5VDczSlYyZjN1\nVFRxUStVdFAwQ3BkU3FDZGJrYzh2S2MKLS0tICtwQTRYbjdOT0RLdkRDZmVZbzI0\nT0dNRGNGcWxZdDg2bURlcTVzdWJaWUUKk02fxHEo8CLS4RrLBe2tY3RYzssYp/9v\n4NOM30EKOxiZi6RQ7Lk3M5CdjwiRO9zsqDn4pJhyhVqc+a97me+IjA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzKzFVYkJvNXQ1dEkwaDJD\nRkc0NVV6YjBYNkM2Uk0vY2F6NDZDSENIYnlBCmlQTjJHQUdqN2lBUTVIVGNTRkVw\nNW81eTNkZDFCTlV4enhwWjZpdmVoUG8KLS0tIC9zOEtLRXUxalorcEgwL0VPWlI0\ncEpkMFZQcUtpU3hFWElxa2thTW5XYkUKsTXkz+ZFvzxhr/Prah85PEeEBFNpiWN5\nDRkgRdCz9UoF1tyYEJZVsVuV/sUNgrLIPa4cvs4e4ErgmYGdiVKVfQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0SHVhQUl1d1ArOUdzbEFH\nbDE1RTViNkRTdGxLY2FxaEhUZTM2YisxbVVZClJKT2d2OEE2cEo2b2F0U0ZCK3BQ\nZjBINVdzZncrVFpaZlF5SDF5VjlFaXcKLS0tIG9ZUkpqNkl6aHk3WVljOXNsTjBj\nN1BieUYwVTM1OWVaYjlhUFAvbHdzcWMKqLm9CUMgkicxYmXGzf9o8Y67+lv/OyRE\nQjqo2RsL+yjR2kN1hBKVLKkpm4rGnddmniPEVjbU1bzk5juFOqpnRA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcGZ3VFZxQ0daNUlXelAy\nNlN2MlI1SlBsQlFxUHZtc2I5VllwRmp2YW5rCmtiOG9VL0ZoOVV5RUhNOTFFS2Vx\nZllWRjJyNHVvNm4xaDJ4VkhCTjI2RTAKLS0tIDRSNG1JT21Deks3ajJsbjMvcW1F\ndHppckVtMkJ4Q2RwWjg1alh2R2NDY0kKJ7a33iu1ZI93ditZzodNLkoEoZ0Nyzvt\nrwNhHv9y5k845WV0LW3ULRm3qbgMqSODj7WwWsJDOutNfoPLkXIqfg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIN1NSUUNnbFR6T1JxRWVB\nRzAyWm5JcEJFMVpsSk5mOHlVaitDeVFkNFU4CnhwWXpTM3diRXBETFZMRitKSjZu\neTl5ZDlzTThpenBFSmg1NGRJaEFQSEUKLS0tIExYRklhSndwdTUxWEFOdDBEbWRL\neVg1a3hHVFM2L3B0SlpEWTd5dmRTcmMKKxwij+C3jvtSt30Pd/5oTVql0YL1OKlx\nXnrpO7n6ejMP/1NYOH6VY24QAU23rR+LCQSqlXET0WMKgXLYZHjbiA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZmEwTkdwUFpzSXdaa25Y\nd2pRZTVzbU9ZaWNYSmErMGVWV2NQNmFZWWkwClF5N1RLd3BDN3lZUVhJaWh6S1h3\nMjN2NktUYlJocFpub0Q5TklGMzM0OFkKLS0tIFBzSWNFZkwwVTVKdlBOMldDOStN\nZ0lYbHo1TnBLWDZ4bGU3alpXVjZjMVUKbk4v8qFMjkKOd+6ctT3JA86m9TIwjedR\n2CaMJTfgNhbRZJY0tn8Tg9r38eTMpGCibsIM9XAVp5gXhkMDSMFQ1A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5d1RZYmNTT0tXWnRvZ1lJ\nQjliUTJBTktHdjJJVTA2ZVBNY1FDN0dSbno0ClR0QlVCRW56THJtNkluQnlYTVYw\ndkY0MUd4amRHdVFtYW1Tb0xWZmI5M0UKLS0tIHJzK29SSjVKeW5XZnNiNWNyZ3du\nKzE4b3pHSFVSQXZKOWhTRlBtRFJ1TXcKcohHoI8PXg8MaMigQ4InE+6YWl3ZDkn/\nuN/MwgYeQt/jJ/UIftUFgLqbaWWbvZsEFEPhHk53Ubm6ZnQeSl0N3g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMU5LQ0ZXODhOd1RGU2hy\nK1pCc2VUcTVRYXJJYSt2RmlEMGlhZ25DekIwCnZBcDVuSngwakM0NVhreGJPZDBa\nbmpwdTc2bTJCVDFyM3owek90Vmhpck0KLS0tIHR0MDBJQW8zSytrdFFzc2lDNU03\nN2d6MTdWanBNZ1JHY3RVb042U1pJUzAKMcGJye9dQ2NhFO9DqRSm2XukE+OduDEg\n55YC1x7eAzLx6GCMMaFanplp4oLQdhZRn+rPMYNsbnNY+r84MhI/JA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2022-11-08T13:29:25Z", + "mac": "ENC[AES256_GCM,data:6zbK7/m1fkH2PZ2X7vtSxUdoqeEs7/MSTYUsbwJdgt8kg/r8eSe9s5IeKZAI3gCC10aGMaPvKf0S07WL66slzkjohDQrGp8WSQwp2jVbnz2+bCKw8jU7SWf15iQdi/YFRgMqSFUVhnbFgr81+xNe5XmgTxR95e1qSQMxHBnPASM=,iv:KguqwgOfK3lI9+mR1oQaLhgLkAFD/AJ05doGH0e06RY=,tag:6C5Fa4GDJQ7sH7Gc4lS3tA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/nixos/boxes/vpsfree1/woodpecker.nix b/nixos/boxes/vpsfree1/woodpecker.nix new file mode 100644 index 00000000..003b8b16 --- /dev/null +++ b/nixos/boxes/vpsfree1/woodpecker.nix @@ -0,0 +1,41 @@ +{ config, pkgs, inputs, lib, ... }: +let + httpPort = 8000; + domain = "ci.cyplo.dev"; + path = "/var/lib/woodpecker"; +in rec { + imports = [ ../nginx.nix ]; + + systemd.services.systemd-sysctl.enable = lib.mkForce true; + + services.nginx = { + virtualHosts = { + "${domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:" + toString httpPort; + }; + }; + }; + }; + + sops.secrets."gitea-env" = { + sopsFile = ./gitea.sops; + format = "binary"; + }; + + virtualisation.oci-containers.containers.woodpecker-server = { + image = + "woodpeckerci/woodpecker-server@sha256:e6027e46a782d50790183b7274a2a2ad3a6c6fb9a645e6af81a16419613c28ea"; + volumes = [ "woodpecker-server-data:${path}" ]; + environmentFiles = [ "${config.sops.secrets.gitea-env.path}" ]; + environment = { + WOODPECKER_OPEN = "true"; + WOODPECKER_HOST = "https://${domain}"; + WOODPECKER_GITEA = "true"; + WOODPECKER_GITEA_URL = "https://git.cyplo.dev"; + }; + ports = [ "${toString httpPort}:${toString httpPort}" ]; + }; +}