From f3f8c8fc3f04c8638ba62368156d708a96cf7ee7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 13 Sep 2023 12:39:39 +0000 Subject: [PATCH 1/2] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index cdfdef7..3d28d8d 100644 --- a/flake.lock +++ b/flake.lock @@ -70,11 +70,11 @@ ] }, "locked": { - "lastModified": 1690933134, - "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", + "lastModified": 1693611461, + "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", + "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", "type": "github" }, "original": { @@ -89,11 +89,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1692260837, - "narHash": "sha256-2FpkX1zl+7ni7djK7NeE1ZGupRUwZgjW+RPCSBgDf4k=", + "lastModified": 1694585439, + "narHash": "sha256-70BlfEsdURx5f8sioj8JuM+R4/SZFyE8UYrULMknxlI=", "owner": "nix-community", "repo": "home-manager", - "rev": "6a94c1a59737783c282c4031555a289c28b961e4", + "rev": "a0ddf43b6268f1717afcda54133dea30435eb178", "type": "github" }, "original": { @@ -147,11 +147,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1692356644, - "narHash": "sha256-AYkPFT+CbCVSBmh0WwIzPpwhEJ4Yy3A7JZvUkGJIg5o=", + "lastModified": 1694422566, + "narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8ecc900b2f695d74dea35a92f8a9f9b32c8ea33d", + "rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb", "type": "github" }, "original": { @@ -163,11 +163,11 @@ }, "nur": { "locked": { - "lastModified": 1692437027, - "narHash": "sha256-gWtVFoPw7HhbKGLp7vupVbCNAvNMQS5+2PujOt2QbRk=", + "lastModified": 1694601892, + "narHash": "sha256-rGK2Y9vQJQ+v729LfpvTuxDfTE7ns2g34XAPSr9+Z0E=", "owner": "nix-community", "repo": "NUR", - "rev": "b47c7b8d313f9739a7fbb572413c959a362c244a", + "rev": "71a739d93f1e95967e9d641623cbb97d0c8b801a", "type": "github" }, "original": { @@ -192,11 +192,11 @@ ] }, "locked": { - "lastModified": 1692274144, - "narHash": "sha256-BxTQuRUANQ81u8DJznQyPmRsg63t4Yc+0kcyq6OLz8s=", + "lastModified": 1694364351, + "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa", + "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7", "type": "github" }, "original": { From e9795891740c741188afed2fa384a8e2e621af3f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 13 Sep 2023 12:40:19 +0000 Subject: [PATCH 2/2] modules: services: woodpecker: use 'path' option One less thing to modify in the systemd service. --- .../woodpecker/agent-exec/default.nix | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/services/woodpecker/agent-exec/default.nix b/modules/services/woodpecker/agent-exec/default.nix index ad30188..7ae21c8 100644 --- a/modules/services/woodpecker/agent-exec/default.nix +++ b/modules/services/woodpecker/agent-exec/default.nix @@ -21,6 +21,17 @@ in PAGER = "cat"; }; + path = with pkgs; [ + woodpecker-plugin-git + bash + coreutils + git + git-lfs + gnutar + gzip + nix + ]; + environmentFile = [ cfg.sharedSecretFile ]; }; }; @@ -30,17 +41,6 @@ in # Might break deployment restartIfChanged = false; - path = with pkgs; [ - woodpecker-plugin-git - bash - coreutils - git - git-lfs - gnutar - gzip - nix - ]; - serviceConfig = { # Same option as upstream, without @setuid SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap";