hyl.st / helm
this repo has no description
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

more woodpecker updates

Anish Lakhwara 47e073f9 a309cf3f

+26 -8
+1
dns/dnsconfig.js
··· 16 16 A('bridge', '69.61.38.225', TTL(300)), 17 17 A('rss', '69.61.38.225', TTL(300)), 18 18 A('git', '69.61.38.225', TTL(300)), 19 + A('ci', '69.61.38.225', TTL(300)), 19 20 // vultr -> nulled: lituus 20 21 A('@', '45.77.48.108', TTL(300)), 21 22 A('jitsi', '45.77.48.108', TTL(300)),
+1
hosts/helix/default.nix
··· 6 6 ../profiles/server 7 7 ../profiles/metrics 8 8 ../profiles/gitea 9 + ../profiles/woodpecker-server 9 10 ../profiles/rss-bridge 10 11 ../profiles/mount-mossnet 11 12 ../profiles/freshrss
+8 -2
hosts/profiles/woodpecker-agent/default.nix
··· 3 3 users.users.woodpecker-runner = { 4 4 isSystemUser = true; 5 5 group = "woodpecker-runner"; 6 + home = "/var/lib/woodpecker"; 7 + createHome = true; 6 8 }; 7 9 users.groups.woodpecker-runner = { }; 8 10 # Allow the exec runner to write to build with nix ··· 33 35 ]; 34 36 serviceConfig = { 35 37 Environment = [ 36 - "WOODPECKER_RUNNER_CAPACITY=2" 38 + "WOODPECKER_RUNNER_CAPACITY=6" 37 39 "WOODPECKER_RUNNER_NAME=woodpecker-agent" 40 + "WOODPECKER_SERVER=https://ci.sealight.xyz/" 41 + "WOODPECKER_HOSTNAME=mossnet" 42 + "WOODPECKER_BACKEND=local" 38 43 "NIX_REMOTE=daemon" 39 44 "PAGER=cat" 40 45 ]; 41 46 BindPaths = [ 42 47 "/nix/var/nix/daemon-socket/socket" 43 48 "/run/nscd/socket" 44 - # "/var/lib/woodpecker" 49 + "/var/lib/woodpecker" 50 + "/var/empty/usr" 45 51 ]; 46 52 BindReadOnlyPaths = [ 47 53 "/etc/passwd:/etc/passwd"
+15 -4
hosts/profiles/woodpecker-server/default.nix
··· 1 + { self, ... }: 1 2 { 3 + age.secrets.woodpecker-server-secrets.owner = "woodpecker"; 4 + age.secrets.woodpecker-server-secrets.file = "${self}/secrets/woodpecker-server-secrets.age"; 5 + 6 + age.secrets.woodpecker-agent-secret.owner = "woodpecker"; 7 + age.secrets.woodpecker-agent-secret.file = "${self}/secrets/woodpecker-agent-secret.age"; 2 8 users.users.woodpecker = { 3 - group = woodpecker; 9 + group = "woodpecker"; 4 10 description = "woodpecker user"; 5 11 home = "/var/lib/woodpecker"; 6 12 createHome = true; ··· 28 34 wantedBy = [ "multi-user.target" ]; 29 35 serviceConfig = { 30 36 EnvironmentFile = [ 31 - # GITEA_CLIENT_SECRET etc 32 - # /run/agenix/woodpecker 37 + /run/agenix/woodpecker-server-secrets 38 + /run/agenix/woodpecker-agent-secret 33 39 ]; 34 40 Environment = [ 35 41 "WOODPECKER_OPEN=true" 36 - "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}" 37 42 38 43 "WOODPECKER_GITEA=true" 39 44 "WOODPECKER_GITEA_URL=https://git.sealight.xyz" ··· 42 47 "WOODPECKER_DATABASE_DRIVER=postgres" 43 48 "WOODPECKER_SERVER_PORT=:3030" 44 49 "WOODPECKER_USER_CREATE=username:aynish,admin:true" # set your admin username 50 + "${config.environment.etc."ssl/certs/ca-certificates.crt".source}:/etc/ssl/certs/ca-certificates.crt" 51 + "${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts" 52 + "${builtins.toFile "ssh_config" '' 53 + Host git.sealight.xyz 54 + ForwardAgent yes 55 + ''}:/etc/ssh/ssh_config" 45 56 ]; 46 57 ExecStart = "${pkgs.woodpecker-server}/bin/woodpecker-server"; 47 58 User = woodpecker;
+1 -2
secrets/secrets.nix
··· 26 26 27 27 "wallabag.age".publicKeys = [ mossnet ]; 28 28 "woodpecker-agent-secret.age".publicKeys = [ mossnet helix ]; 29 - "woodpecker-client-id.age".publicKeys = [ helix ]; 30 - "woodpecker-client-secret.age".publicKeys = [ helix ]; 29 + "woodpecker-server-secrets.age".publicKeys = [ helix ]; 31 30 "gitea-dbpass.age".publicKeys = [ helix ]; 32 31 }
secrets/woodpecker-server-secrets.age

This is a binary file and will not be displayed.