add woodpecker agent instructions

cluster/prod/app/woodpecker-ci/integration/README.md

@@ -0,0 +1,54 @@
+## Install Debian
+
+We recommend Debian Bullseye
+
+## Install Docker CE from docker.io
+
+Do not use the docker engine shipped by Debian
+
+Doc:
+
+  - https://docs.docker.com/engine/install/debian/
+  - https://docs.docker.com/compose/install/
+
+On a fresh install, as root:
+
+```bash
+# Remove all pre-existing packages
+for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do apt-get remove $pkg; done
+
+# Add Docker's official GPG key:
+apt-get update
+apt-get install ca-certificates curl
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+
+# Add the repository to Apt sources:
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+      tee /etc/apt/sources.list.d/docker.list > /dev/null
+      apt-get update
+
+# Install Docker
+apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+```
+
+## Install the runner
+
+```bash
+wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/woodpecker-ci/integration/nix.conf
+wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/woodpecker-ci/integration/docker-compose.yml
+```
+
+Create a new Agent for your runner in the Woodpecker admin, and copy the agent secret value.
+
+Edit `docker-compose.yml` and insert your agent secret as the value for WOODPECKER_AGENT_SECRET.
+Update other values including hostname and max workflows for your runner.
+
+```bash
+COMPOSE_PROJECT_NAME=woodpecker docker-compose up -d
+```
+
+That's all folks.

cluster/prod/app/woodpecker-ci/integration/docker-compose.yml

@@ -0,0 +1,33 @@
+version: '3.4'
+services:
+  nix-daemon:
+    image: nixpkgs/nix:nixos-22.05
+    restart: always
+    command: nix-daemon
+    privileged: true
+    volumes:
+      - "nix:/nix"
+      - "./nix.conf:/etc/nix/nix.conf:ro"
+
+  woodpecker-runner:
+    image: woodpeckerci/woodpecker-agent:v2.3.0
+    restart: always
+    environment:
+      # -- change these for each agent
+      - WOODPECKER_HOSTNAME=i_forgot_to_change_my_runner_name
+      - WOODPECKER_AGENT_SECRET=xxxx
+      - WOODPECKER_MAX_WORKFLOWS=4
+      # -- if not using COMPOSE_PROJECT_NAME=woodpecker, change name of volume to mount
+      - WOODPECKER_BACKEND_DOCKER_VOLUMES=woodpecker_nix:/nix:ro
+      # -- should not need change
+      - WOODPECKER_SERVER=woodpecker-grpc.deuxfleurs.fr:14453
+      - WOODPECKER_HEALTHCHECK=false
+      - WOODPECKER_GRPC_SECURE=true
+      - WOODPECKER_LOG_LEVEL=info
+      - WOODPECKER_DEBUG_PRETTY=true
+      - WOODPECKER_ENVIRONMENT=NIX_REMOTE:daemon
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+
+volumes:
+  nix:

cluster/prod/app/woodpecker-ci/integration/nix.conf

@@ -0,0 +1,9 @@
+substituters = https://cache.nixos.org https://nix.web.deuxfleurs.fr
+trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=
+max-jobs = auto
+cores = 0
+log-lines = 200
+filter-syscalls = true
+sandbox = true
+keep-outputs = true
+keep-derivations = true