docs add nixos install instructions (#2616)

Hi I created a small docs draft adding install instructions for NixOS
since I initially wrote the woodpecker NixOS module which is now in
stable for ~6 months and multiple people my self included actively use
it. cc @ambroisie since we co-maintain it and he did a lot of
improvement work on the module.
This commit is contained in:
Janik 2023-10-23 10:53:13 +02:00 committed by GitHub
parent e1b08c2a96
commit 7cbbedbc06
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 89 additions and 0 deletions

View file

@ -36,6 +36,7 @@ You can install Woodpecker on multiple ways:
- Using [docker-compose](#docker-compose) with the official [container images](../80-downloads.md#docker-images)
- Using [Kubernetes](#kubernetes) via the Woodpeckers Helm chart
- Using [NixOS](#nixos) via the [NixOS module](https://search.nixos.org/options?channel=unstable&size=200&sort=relevance&query=woodpecker)
- Using [binaries](../80-downloads.md)
### docker-compose

View file

@ -0,0 +1,88 @@
# NixOS Deployment
:::info
Note that this module is not maintained by the woodpecker-developers.
If you experience issues please open a bug report in the [nixpkgs repo](https://github.com/NixOS/nixpkgs/issues/new/choose) where the module is maintained.
:::
The NixOS install is in theory quite similar to the binary install and supports multiple backends.
In practice, the settings are specified declaratively in the NixOS configuration and no manual steps need to be taken.
## General Configuration
```nix
{ config
, ...
}:
let
domain = "woodpecker.example.org";
in
{
# This automatically sets up certificates via let's encrypt
security.acme.defaults.email = "acme@example.com";
security.acme.acceptTerms = true;
security.acme.certs."${domain}" = { };
# Setting up a nginx proxy that handles tls for us
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3007";
};
};
};
services.woodpecker-server = {
enable = true;
environment = {
WOODPECKER_HOST = "https://${domain}";
WOODPECKER_SERVER_ADDR = ":3007";
WOODPECKER_OPEN = "true";
};
# You can pass a file with env vars to the system it could look like:
# WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX
environmentFile = "/path/to/my/secrets/file";
};
# This sets up a woodpecker agent
services.woodpecker-agents.agents."docker" = {
enable = true;
# We need this to talk to the podman socket
extraGroups = [ "podman" ];
environment = {
WOODPECKER_SERVER = "localhost:9000";
WOODPECKER_MAX_WORKFLOWS = "4";
DOCKER_HOST = "unix:///run/podman/podman.sock";
WOODPECKER_BACKEND = "docker";
};
# Same as with woodpecker-server
environmentFile = [ "/var/lib/secrets/woodpecker.env" ];
};
# Here we setup podman and enable dns
virtualisation.podman = {
enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
# This is needed for podman to be able to talk over dns
networking.firewall.interfaces."podman0" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
}
```
All configuration options can be found via [NixOS Search](https://search.nixos.org/options?channel=unstable&size=200&sort=relevance&query=woodpecker)
## Tips and tricks
There are some resources on how to utilize Woodpecker more effectively with NixOS on the [Awesome Woodpecker](../../92-awesome.md) page, like using the runners nix-store in the pipeline