From e0994bb549019e655aca8375e07027ccfad3d5ff Mon Sep 17 00:00:00 2001
From: buffet <dev@buffet.sh>
Date: Fri, 21 Jun 2024 11:25:02 +0200
Subject: [PATCH] feat: setup woodpecker CI

---
 hosts/ami/acme.nix       |   1 +
 hosts/ami/default.nix    |   1 +
 hosts/ami/forgejo.nix    |   4 ++++
 hosts/ami/woodpecker.nix |  37 +++++++++++++++++++++++++++++++++++++
 secrets.nix              |   1 +
 secrets/woodpecker.age   | Bin 0 -> 358 bytes
 6 files changed, 44 insertions(+)
 create mode 100644 hosts/ami/woodpecker.nix
 create mode 100644 secrets/woodpecker.age

diff --git a/hosts/ami/acme.nix b/hosts/ami/acme.nix
index 447cc2b..7c6c49e 100644
--- a/hosts/ami/acme.nix
+++ b/hosts/ami/acme.nix
@@ -11,6 +11,7 @@
 
       extraDomainNames = [
         "*.buffet.sh"
+        "*.buffets.kitchen"
         "buffets.kitchen"
       ];
     };
diff --git a/hosts/ami/default.nix b/hosts/ami/default.nix
index 58f9ed7..6298506 100644
--- a/hosts/ami/default.nix
+++ b/hosts/ami/default.nix
@@ -19,6 +19,7 @@
     ./murmur.nix
     ./nginx.nix
     ./upgrade.nix
+    ./woodpecker.nix
 
     ../../users/maintainer
   ];
diff --git a/hosts/ami/forgejo.nix b/hosts/ami/forgejo.nix
index 0652551..e2251b4 100644
--- a/hosts/ami/forgejo.nix
+++ b/hosts/ami/forgejo.nix
@@ -69,6 +69,10 @@ in {
           DISABLE_REGISTRATION = true;
           ENABLE_NOTIFY_MAIL = true;
         };
+
+        webhook = {
+          ALLOWED_HOST_LIST = "external,loopback";
+        };
       };
     };
 
diff --git a/hosts/ami/woodpecker.nix b/hosts/ami/woodpecker.nix
new file mode 100644
index 0000000..3c8b380
--- /dev/null
+++ b/hosts/ami/woodpecker.nix
@@ -0,0 +1,37 @@
+{config, ...}: {
+  age.secrets.woodpecker.file = ../../secrets/woodpecker.age;
+
+  services = let
+    port = 3007;
+  in {
+    woodpecker-server = {
+      enable = true;
+
+      environment = {
+        WOODPECKER_OPEN = "true";
+        WOODPECKER_ORGS = "kitchen";
+        WOODPECKER_ADMIN = "chef";
+        WOODPECKER_HOST = "https://ci.buffets.kitchen/";
+        WOODPECKER_SERVER_ADDR = ":${toString port}";
+
+        WOODPECKER_FORGEJO = "true";
+        WOODPECKER_FORGEJO_URL = "https://buffets.kitchen/";
+      };
+
+      environmentFile = config.age.secrets.woodpecker.path;
+    };
+
+    nginx = {
+      virtualHosts."build.buffets.kitchen" = {
+        useACMEHost = "buffet.sh";
+        forceSSL = true;
+
+        locations = {
+          "/" = {
+            proxyPass = "http://localhost:${toString port}";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/secrets.nix b/secrets.nix
index f478d4d..c13cf4a 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -6,4 +6,5 @@ in {
   "secrets/hetzner-dns.age".publicKeys = [buffet];
   "secrets/kitchen-runner-token.age".publicKeys = [buffet];
   "secrets/msmtppassword.age".publicKeys = [buffet];
+  "secrets/woodpecker.age".publicKeys = [buffet];
 }
diff --git a/secrets/woodpecker.age b/secrets/woodpecker.age
new file mode 100644
index 0000000000000000000000000000000000000000..6cf21e705b2d50a12507e11628edf8beb0c1eeea
GIT binary patch
literal 358
zcmV-s0h#_`XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LdQx^!S7#te
zV|p=gOKDSaPeNl_MMQc`PINXydUiohQ!8~yG*oMKL}zejc5Xs6c|i(pcw$#WaBM4B
zHBwh^Y)N=>dUZ5%IZ-ica&JXtcWgy5NNjUXN-<}7dTR<TEiE8%Gg?(kaza8*Omi@0
zbxu}SS4eh9b4PD>ZcKJDQ9*85LU~U{WL9uDO*jfple-XFg^v9BiPxMPSI9qX^;xy$
zjuT`vRF%l669{iO&6NdMSq(No%}N%jXB{T{&TW{|DLSM7zp9YbDiI!K%#9!$$AavG
z`IR>?qk<Sh$raJKO|O;ExC-u7WsZ)9N1m2K&;UVL_zz@2?tfb_x!MiursW{kWo6UN
zxR9?5VGu@mQu`|h71Pz#TunR#*Zvyc$JB-Hu~}Fj9_oNmL+@2Z>SLJjr6!xS6qrGw
E@KFns=>Px#

literal 0
HcmV?d00001