{ config, pkgs, inputs, lib, ... }: let httpPort = 8000; domain = "ci.cyplo.dev"; path = "/var/lib/woodpecker"; in rec { imports = [ ../nginx.nix ]; systemd.services.systemd-sysctl.enable = lib.mkForce true; services.nginx = { virtualHosts = { "${domain}" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://localhost:" + toString httpPort; }; }; }; }; sops.secrets."gitea-env" = { sopsFile = ./gitea.sops; format = "binary"; }; virtualisation.oci-containers.containers.woodpecker-server = { image = "woodpeckerci/woodpecker-server@sha256:e6027e46a782d50790183b7274a2a2ad3a6c6fb9a645e6af81a16419613c28ea"; volumes = [ "woodpecker-server-data:${path}" ]; environmentFiles = [ "${config.sops.secrets.gitea-env.path}" ]; environment = { WOODPECKER_OPEN = "true"; WOODPECKER_HOST = "https://${domain}"; WOODPECKER_GITEA = "true"; WOODPECKER_GITEA_URL = "https://git.cyplo.dev"; }; ports = [ "${toString httpPort}:${toString httpPort}" ]; }; }