docs add nixos install instructions (#2616)

Hi I created a small docs draft adding install instructions for NixOS since I initially wrote the woodpecker NixOS module which is now in stable for ~6 months and multiple people my self included actively use it. cc @ambroisie since we co-maintain it and he did a lot of improvement work on the module.
2025-03-31 08:29:37 +00:00 · 2023-10-23 10:53:13 +02:00 · 2023-10-23 10:53:13 +02:00 · 7cbbedbc06
commit 7cbbedbc06
parent e1b08c2a96
2 changed files with 89 additions and 0 deletions
--- a/docs/docs/30-administration/00-setup.md
+++ b/docs/docs/30-administration/00-setup.md
@ -36,6 +36,7 @@ You can install Woodpecker on multiple ways:

 - Using [docker-compose](#docker-compose) with the official [container images](../80-downloads.md#docker-images)
 - Using [Kubernetes](#kubernetes) via the Woodpeckers Helm chart
+- Using [NixOS](#nixos) via the [NixOS module](https://search.nixos.org/options?channel=unstable&size=200&sort=relevance&query=woodpecker)
 - Using [binaries](../80-downloads.md)

 ### docker-compose
--- a/docs/docs/30-administration/22-backends/50-nixos.md
+++ b/docs/docs/30-administration/22-backends/50-nixos.md
@ -0,0 +1,88 @@
+# NixOS Deployment
+
+:::info
+Note that this module is not maintained by the woodpecker-developers.
+If you experience issues please open a bug report in the [nixpkgs repo](https://github.com/NixOS/nixpkgs/issues/new/choose) where the module is maintained.
+:::
+
+The NixOS install is in theory quite similar to the binary install and supports multiple backends.
+In practice, the settings are specified declaratively in the NixOS configuration and no manual steps need to be taken.
+
+## General Configuration
+
+```nix
+{ config
+, ...
+}:
+let
+  domain = "woodpecker.example.org";
+in
+{
+  # This automatically sets up certificates via let's encrypt
+  security.acme.defaults.email = "acme@example.com";
+  security.acme.acceptTerms = true;
+  security.acme.certs."${domain}" = { };
+
+  # Setting up a nginx proxy that handles tls for us
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    virtualHosts."${domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:3007";
+      };
+    };
+  };
+
+  services.woodpecker-server = {
+    enable = true;
+    environment = {
+      WOODPECKER_HOST = "https://${domain}";
+      WOODPECKER_SERVER_ADDR = ":3007";
+      WOODPECKER_OPEN = "true";
+    };
+    # You can pass a file with env vars to the system it could look like:
+    # WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX
+    environmentFile = "/path/to/my/secrets/file";
+  };
+
+  # This sets up a woodpecker agent
+  services.woodpecker-agents.agents."docker" = {
+    enable = true;
+    # We need this to talk to the podman socket
+    extraGroups = [ "podman" ];
+    environment = {
+      WOODPECKER_SERVER = "localhost:9000";
+      WOODPECKER_MAX_WORKFLOWS = "4";
+      DOCKER_HOST = "unix:///run/podman/podman.sock";
+      WOODPECKER_BACKEND = "docker";
+    };
+    # Same as with woodpecker-server
+    environmentFile = [ "/var/lib/secrets/woodpecker.env" ];
+  };
+
+  # Here we setup podman and enable dns
+  virtualisation.podman = {
+    enable = true;
+    defaultNetwork.settings = {
+      dns_enabled = true;
+    };
+  };
+  # This is needed for podman to be able to talk over dns
+  networking.firewall.interfaces."podman0" = {
+    allowedUDPPorts = [ 53 ];
+    allowedTCPPorts = [ 53 ];
+  };
+}
+```
+
+All configuration options can be found via [NixOS Search](https://search.nixos.org/options?channel=unstable&size=200&sort=relevance&query=woodpecker)
+
+## Tips and tricks
+
+There are some resources on how to utilize Woodpecker more effectively with NixOS on the [Awesome Woodpecker](../../92-awesome.md) page, like using the runners nix-store in the pipeline