From 24f9f87734762a0e619cb021fd5493ed307392ac Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sat, 24 Dec 2022 17:41:27 +0100
Subject: [PATCH] add bundle:woodpecker-agent

---
 .../files/woodpecker-agent.service            | 42 ++++++++++++++++++
 bundles/woodpecker-agent/items.py             | 43 +++++++++++++++++++
 bundles/woodpecker-agent/metadata.py          | 28 ++++++++++++
 nodes/woodpecker-agent-1.toml                 | 24 +++++++++++
 4 files changed, 137 insertions(+)
 create mode 100644 bundles/woodpecker-agent/files/woodpecker-agent.service
 create mode 100644 bundles/woodpecker-agent/items.py
 create mode 100644 bundles/woodpecker-agent/metadata.py
 create mode 100644 nodes/woodpecker-agent-1.toml

diff --git a/bundles/woodpecker-agent/files/woodpecker-agent.service b/bundles/woodpecker-agent/files/woodpecker-agent.service
new file mode 100644
index 0000000..096a891
--- /dev/null
+++ b/bundles/woodpecker-agent/files/woodpecker-agent.service
@@ -0,0 +1,42 @@
+[Unit]
+Description=woodpecker ci agent
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=simple
+User=woodpecker
+Group=woodpecker
+WorkingDirectory=/var/lib/woodpecker
+ExecStart=/usr/local/bin/woodpecker-agent
+Restart=always
+ReadWritePaths=/var/lib/woodpecker
+CapabilityBoundingSet=
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+PrivateUsers=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+PrivateMounts=true
+SystemCallArchitectures=native
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap
+
+% for k, v in sorted(env.items()):
+Environment=${k}=${v}
+% endfor
+
+[Install]
+WantedBy=multi-user.target
diff --git a/bundles/woodpecker-agent/items.py b/bundles/woodpecker-agent/items.py
new file mode 100644
index 0000000..d33df40
--- /dev/null
+++ b/bundles/woodpecker-agent/items.py
@@ -0,0 +1,43 @@
+version = node.metadata.get('woodpecker-agent/version')
+
+directories['/var/lib/woodpecker'] = {
+    'owner': 'woodpecker',
+}
+
+actions['install_woodpecker-agent'] = {
+    'command': ' && '.join([
+        f'wget -q -O/tmp/woodpecker-agent.deb https://github.com/woodpecker-ci/woodpecker/releases/download/v{version}/woodpecker-agent_{version}_amd64.deb',
+        'dpkg -i /tmp/woodpecker-agent.deb',
+    ]),
+    'unless': f'''bash -c "[[ \"$(woodpecker-agent --version | cut -d' ' -f3)\" == "{version}" ]]"''',
+    'triggers': {i
+        'svc_systemd:woodpecker-agent:restart',
+    },
+}
+
+files['/usr/local/lib/systemd/system/woodpecker-agent.service'] = {
+    'content_type': 'mako',
+    'context': {
+        'env': node.metadata.get('woodpecker-agent/environment'),
+    },
+    'triggers': {
+        'action:systemd-reload',
+        'svc_systemd:woodpecker-agent:restart',
+    },
+}
+
+svc_systemd['woodpecker-agent'] = {
+    'after': {
+        # to make sure we have docker and other eventual dependencies
+        'pkg_apt:',
+    },
+    'needs': {
+        'action:install_woodpecker-agent',
+        'file:/usr/local/lib/systemd/system/woodpecker-agent.service',
+        'user:woodpecker',
+    },
+}
+
+users['woodpecker'] = {
+    'home': '/var/lib/woodpecker',
+}
diff --git a/bundles/woodpecker-agent/metadata.py b/bundles/woodpecker-agent/metadata.py
new file mode 100644
index 0000000..7a78beb
--- /dev/null
+++ b/bundles/woodpecker-agent/metadata.py
@@ -0,0 +1,28 @@
+@metadata_reactor.provides(
+    'woodpecker-agent/environment',
+    'woodpecker-agent/version',
+)
+def nginx(metadata):
+    env = {}
+    server = repo.get_node(metadata.get('woodpecker-agent/server'))
+
+    domain = server.metadata.get('woodpecker-server/domain')
+    port = server.metadata.get('woodpecker-server/environment/WOODPECKER_GRPC_ADDR')
+    env['WOODPECKER_SERVER'] = f'{domain}{port}'
+
+    env['WOODPECKER_AGENT_SECRET'] = server.metadata.get('woodpecker-server/environment/WOODPECKER_AGENT_SECRET')
+
+    env['WOODPECKER_MAX_PROCS'] = int(int(metadata.get('vm/cpu'))/2)
+
+    env['WOODPECKER_HOSTNAME'] = metadata.get('hostname')
+
+    debug = server.metadata.get('woodpecker-server/environment/GODEBUG', None)
+    if debug:
+        env['GODEBUG'] = debug
+
+    return {
+        'woodpecker-agent': {
+            'environment': env,
+            'version': server.metadata.get('woodpecker-server/version'),
+        },
+    }
diff --git a/nodes/woodpecker-agent-1.toml b/nodes/woodpecker-agent-1.toml
new file mode 100644
index 0000000..d2d6c60
--- /dev/null
+++ b/nodes/woodpecker-agent-1.toml
@@ -0,0 +1,24 @@
+hostname = "31.47.232.108"
+bundles = [
+    "docker-ce",
+    "woodpecker-agent",
+]
+groups = ["debian-bullseye"]
+
+[metadata.backups]
+exclude_from_backups = true
+
+[metadata.interfaces.enp1s0]
+ips = [
+    "31.47.232.108/29",
+    "2a00:f820:528::5/64",
+]
+gateway4 = "31.47.232.105"
+gateway6 = "2a00:f820:528::1"
+
+[metadata.woodpecker-agent]
+server = "rx300"
+
+[metadata.vm]
+cpu = 8
+ram = 16