format the repo files

2026-04-26 10:27:50 +02:00
parent 92fd97c9a2
commit b319cd93e9
116 changed files with 4726 additions and 4247 deletions
--- a/modules/services/server/woodpecker.nix
+++ b/modules/services/server/woodpecker.nix
@@ -1,11 +1,14 @@
 #
 # CI/CD Woodpecker
 #
-
-{ config, lib, pkgs, ...  }:
-
 {
-  environment.systemPackages = with pkgs; [           # Default packages install system-wide
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    # Default packages install system-wide
    woodpecker-server
    woodpecker-cli
  ];
@@ -28,35 +31,35 @@
  systemd.services = {
    woodpecker-server = {
      description = "CI/CD Pipeline Server";
-      wantedBy = [ "multi-user.target"  ];
-      after = [ "network.target" "postgresql.service" ];
-      requires = [ "postgresql.service" ];
+      wantedBy = ["multi-user.target"];
+      after = ["network.target" "postgresql.service"];
+      requires = ["postgresql.service"];
      script = "${pkgs.woodpecker-server}/bin/woodpecker-server";
      serviceConfig = {
-        User="woodpecker";
-        Group="woodpecker";
-        Environment="HOME=/var/lib/woodpecker";
-        EnvironmentFile=config.age.secrets."services/woodpecker/environment".path;
-        ReadWritePaths="/var/lib/woodpecker /var/log/woodpecker";
-        NoNewPrivileges=true;
-        MemoryDenyWriteExecute=true;
-        PrivateDevices=true;
-        PrivateTmp=true;
-        ProtectHome=true;
-        ProtectSystem="strict";
-        ProtectControlGroups=true;
-        RestrictSUIDSGID=true;
-        RestrictRealtime=true;
-        LockPersonality=true;
-        ProtectKernelLogs=true;
-        ProtectKernelTunables=true;
-        ProtectHostname=true;
-        ProtectKernelModules=true;
-        PrivateUsers=true;
-        ProtectClock=true;
-        SystemCallArchitectures="native";
-        SystemCallErrorNumber="EPERM";
-        SystemCallFilter="@system-service";
+        User = "woodpecker";
+        Group = "woodpecker";
+        Environment = "HOME=/var/lib/woodpecker";
+        EnvironmentFile = config.age.secrets."services/woodpecker/environment".path;
+        ReadWritePaths = "/var/lib/woodpecker /var/log/woodpecker";
+        NoNewPrivileges = true;
+        MemoryDenyWriteExecute = true;
+        PrivateDevices = true;
+        PrivateTmp = true;
+        ProtectHome = true;
+        ProtectSystem = "strict";
+        ProtectControlGroups = true;
+        RestrictSUIDSGID = true;
+        RestrictRealtime = true;
+        LockPersonality = true;
+        ProtectKernelLogs = true;
+        ProtectKernelTunables = true;
+        ProtectHostname = true;
+        ProtectKernelModules = true;
+        PrivateUsers = true;
+        ProtectClock = true;
+        SystemCallArchitectures = "native";
+        SystemCallErrorNumber = "EPERM";
+        SystemCallFilter = "@system-service";
      };
    };
  };
@@ -81,9 +84,7 @@
  };

  age.secrets."services/woodpecker/environment" = {
-      file = ../../../secrets/services/woodpecker/environment.age;
-      owner = "woodpecker";
+    file = ../../../secrets/services/woodpecker/environment.age;
+    owner = "woodpecker";
  };
-
 }
-