golgi/modules/woodpecker/woodpecker-agent.nix

{ config, lib, pkgs, ... }:

with lib;

let cfg = config.services.woodpecker-agent;
    servercfg = config.services.woodpecker-server;
in
{
  options = {
    services.woodpecker-agent = {
      enable = mkOption {
        default = false;
        type = types.bool;
        description = lib.mdDoc "Enable Woodpecker agent.";
      };

      user = mkOption {
        type = types.str;
        default = "woodpecker-agent";
        description = lib.mdDoc "User account under which woodpecker agent runs.";
      };

      agentSecretFile = mkOption {
        type = types.nullOr types.path;
        default = servercfg.agentSecretFile;
        description = lib.mdDoc "Read the agent secret from this file path.";
      };

      maxProcesses = mkOption {
        type = types.int;
        default = 1;
        description = lib.mdDoc "The maximum number of processes per agent.";
      };

      backend = mkOption {
        type = types.enum [ "auto-detect" "docker" "local" "ssh" ];
        default = "auto-detect";
        description = lib.mdDoc "Configures the backend engine to run pipelines on.";
      };

      server = mkOption {
        type = types.str;
        default = "localhost:${if servercfg.enabled then toString servercfg.gRPCPort else "9000"}";
        description = lib.mdDoc "The gPRC address of the server.";
      };
    };
  };

  config = mkIf cfg.enable {
    systemd.services.woodpecker-agent = {
      description = "woodpecker-agent";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        Type = "simple";
        User = cfg.user;
        Group = "woodpecker-agent";
        ExecStart = "${pkgs.woodpecker-agent}/bin/woodpecker-agent";
        Restart = "always";
        # TODO add security/sandbox params.
      };
      environment = mkMerge [
        {
          WOODPECKER_SERVER=true;
          WOODPECKER_MAX_PROCS=cfg.maxProcesses;
          WOODPECKER_BACKEND=cfg.backend;
        }
        (mkIf (cfg.agentSecretFile != null) {
          WOODPECKER_AGENT_SECRET_FILE=cfg.agentSecretFile;
        })
      ];
    };

    users.users = mkIf (cfg.user == "woodpecker-agent") {
      woodpecker-agent = {
        createHome = true;
        home = cfg.stateDir;
        useDefaultShell = true;
        group = "woodpecker-agent";
        extraGroups = [ "woodpecker" ];
        isSystemUser = true;
      };
    };
    users.groups.woodpecker-agent = {  };
  };
}