{ config, pkgs, ... }: { age.secrets.woodpecker.file = ../../secrets/woodpecker.age; services = let port = 3007; grpc-port = 9000; in { woodpecker-server = { enable = true; package = pkgs.unstable.woodpecker-server; environment = { WOODPECKER_OPEN = "true"; WOODPECKER_ORGS = "kitchen"; WOODPECKER_ADMIN = "chef"; WOODPECKER_HOST = "https://build.buffets.kitchen/"; WOODPECKER_SERVER_ADDR = ":${toString port}"; WOODPECKER_GRPC_ADDR = ":${toString port}"; WOODPECKER_GITEA = "true"; WOODPECKER_GITEA_URL = "https://buffets.kitchen/"; }; environmentFile = config.age.secrets.woodpecker.path; }; woodpecker-agents.agents = { podman = { package = pkgs.unstable.woodpecker-agent; environment = { WOODPECKER_SERVER = "localhost:${toString grpc-port}"; WOODPECKER_BACKEND = "docker"; DOCKER_HOST = "unix:///run/podman/podman.sock"; }; environmentFile = config.age.secrets.woodpecker.path; extraGroups = ["podman"]; }; }; nginx = { virtualHosts."build.buffets.kitchen" = { useACMEHost = "buffet.sh"; forceSSL = true; locations = { "/" = { proxyPass = "http://localhost:${toString port}"; }; }; }; }; }; }