tec/golgi
tec
/
golgi
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix oversights/issues in woodpecker module

This commit is contained in:
TEC 2022-08-14 15:39:04 +08:00
parent 5511b8b30a
commit 1708ddf21a
Signed by: tec
SSH Key Fingerprint: SHA256:eobz41Mnm0/iYWBvWThftS0ElEs1ftBr6jamutnXc/A
3 changed files with 67 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/woodpecker/default.nix
View File

@ -21,6 +21,7 @@
age.secrets.woodpecker-agent-secret = {
owner = "woodpecker-server";
group = "users";
mode = "0440";
file = ../../secrets/woodpecker-agent-secret.age;
};
@ -28,6 +29,7 @@
enable = true;
rootUrl = "https://ci.tecosaur.net";
httpPort = 3030;
admins = "tec";
database = {
type = "postgres";
};
@ -37,6 +39,6 @@
};
services.woodpecker-agent = {
enable = true;
enable = false;
};
}

10
modules/woodpecker/woodpecker-agent.nix
View File

@ -40,7 +40,7 @@ in
server = mkOption {
type = types.str;
default = "localhost:${if servercfg.enabled then toString servercfg.gRPCPort else "9000"}";
default = "localhost:${if servercfg.enable then toString servercfg.gRPCPort else "9000"}";
description = lib.mdDoc "The gPRC address of the server.";
};
};
@ -61,8 +61,8 @@ in
};
environment = mkMerge [
{
WOODPECKER_SERVER=true;
WOODPECKER_MAX_PROCS=cfg.maxProcesses;
WOODPECKER_SERVER=cfg.server;
WOODPECKER_MAX_PROCS=toString cfg.maxProcesses;
WOODPECKER_BACKEND=cfg.backend;
}
(mkIf (cfg.agentSecretFile != null) {
@ -73,8 +73,8 @@ in
users.users = mkIf (cfg.user == "woodpecker-agent") {
woodpecker-agent = {
createHome = true;
home = cfg.stateDir;
# createHome = true;
# home = cfg.stateDir;
useDefaultShell = true;
group = "woodpecker-agent";
extraGroups = [ "woodpecker" ];

80
modules/woodpecker/woodpecker-server.nix
View File

@ -36,13 +36,13 @@ in
};
httpPort = mkOption {
type = types.int;
type = types.port;
default = 3030;
description = lib.mdDoc "HTTP listen port.";
};
gRPCPort = mkOption {
type = types.int;
type = types.port;
default = 9000;
description = lib.mdDoc "The gPRC listener port.";
};
@ -75,7 +75,7 @@ in
port = mkOption {
type = types.port;
default = (if !usePostgresql then 3306 else pg.port);
default = (if !usePostgresql then 3306 else config.services.postgresql.port);
defaultText = literalExpression ''
if config.${opt.database.type} != "postgresql"
then 3306
@ -86,7 +86,7 @@ in
name = mkOption {
type = types.str;
default = "woodpecker-server";
default = "woodpecker_server";
description = lib.mdDoc "Database name.";
};
@ -121,14 +121,32 @@ in
};
};
limitMem = mkOption {
type = types.int;
default = 0;
description = lib.mdDoc "The maximum amount of memory a single pipeline container can use, configured in bytes. There is no limit if 0.";
};
limitSwap = mkOption {
type = types.int;
default = 0;
description = lib.mdDoc "The maximum amount of memory a single pipeline container is allowed to swap to disk, configured in bytes. There is no limit if 0.";
};
limitCPU = mkOption {
type = types.int;
default = 0;
description = lib.mdDoc "The number of microseconds per CPU period that the container is limited to before throttled. There is no limit if 0.";
};
useGitea = mkOption {
default = options.services.gitea.enabled;
default = config.services.gitea.enable;
type = types.bool;
description = lib.mkDoc "Whether to integrate with gitea.";
};
giteaUrl = mkOption {
default = options.services.gitea.rootUrl;
default = config.services.gitea.rootUrl;
type = types.str;
description = lib.mkDoc "Full public URL of gitea server.";
};
@ -146,37 +164,57 @@ in
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.database.createDatabase -> cfg.database.user == cfg.user;
message = "services.woodpecker-server.database.user must match services.woodpecker-server.user if the database is to be automatically provisioned";
}
];
systemd.services.woodpecker-server = {
description = "woodpecker-server";
after = [ "network.target" ] ++ lib.optional usePostgresql "postgresql.service" ++ lib.optional useMysql "mysql.service";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = "woodpecker-server";
WorkingDirectory = cfg.stateDir;
ExecStart = "${pkgs.woodpecker-server}/bin/woodpecker-server";
Restart = "always";
# TODO add security/sandbox params.
};
serviceConfig = mkMerge [
{
Type = "simple";
User = cfg.user;
Group = "woodpecker-server";
WorkingDirectory = cfg.stateDir;
Restart = "always";
# TODO add security/sandbox params.
}
(if cfg.useGitea then {
# HACK For some godforsaken reason this seems to be needed.
ExecStart="/bin/sh -c '" +
"WOODPECKER_GITEA_CLIENT=$(cat \"${cfg.giteaClientIdFile}\") " +
"WOODPECKER_GITEA_SECRET=$(cat \"${cfg.giteaClientSecretFile}\") " +
"\"${pkgs.woodpecker-server}/bin/woodpecker-server\"'";
} else {
ExecStart = "${pkgs.woodpecker-server}/bin/woodpecker-server";
})
];
environment = mkMerge [
{
WOODPECKER_OPEN=true;
WOODPECKER_OPEN="false";
WOODPECKER_ADMIN=cfg.admins;
WOODPECKER_HOST=cfg.rootUrl;
WOODPECKER_SERVER_ADDR=":${toString cfg.httpPort}";
WOODPECKER_GRPC_ADDR=cfg.gRPCPort;
WOODPECKER_GRPC_ADDR=":${toString cfg.gRPCPort}";
WOODPECKER_LIMIT_MEM_SWAP=toString cfg.limitSwap;
WOODPECKER_LIMIT_MEM=toString cfg.limitMem;
WOODPECKER_LIMIT_CPU_QUOTA=toString cfg.limitCPU;
}
(mkIf cfg.useGitea {
WOODPECKER_GITEA=true;
WOODPECKER_GITEA="true";
WOODPECKER_GITEA_URL=cfg.giteaUrl;
WOODPECKER_GITEA_CLIENT_FILE=cfg.giteaClientIdFile;
WOODPECKER_GITEA_SECRET_FILE=cfg.giteaClientSecretFile;
# WOODPECKER_GITEA_CLIENT_FILE=cfg.giteaClientIdFile;
# WOODPECKER_GITEA_SECRET_FILE=cfg.giteaClientSecretFile;
})
(mkIf usePostgresql {
WOODPECKER_DATABASE_DRIVER="postgres";
WOODPECKER_DATABASE_DATASOURCE=
"postgres://${cfg.database.user}:${cfg.database.password}/${cfg.database.name}" +
"postgres://${cfg.database.user}:${cfg.database.password}" +
"@/${cfg.database.name}" +
"?host=${if cfg.database.socket != null then cfg.database.socket else cfg.database.host + ":" + toString cfg.database.port}";
})
(mkIf (cfg.agentSecretFile != null) {