2023-11-07 16:35:27 +01:00
|
|
|
# https://woodpecker-ci.org/docs/administration/setup
|
|
|
|
version: '3'
|
|
|
|
|
|
|
|
services:
|
|
|
|
woodpecker-server:
|
2023-11-12 21:53:11 +01:00
|
|
|
restart: always
|
2023-11-07 16:35:27 +01:00
|
|
|
container_name: woodpecker-server
|
2024-07-19 02:08:19 +02:00
|
|
|
image: "woodpeckerci/woodpecker-server:v2.7.0"
|
2023-11-07 16:35:27 +01:00
|
|
|
ports:
|
|
|
|
- 8000:8000
|
|
|
|
volumes:
|
|
|
|
- server-data:/var/lib/woodpecker/
|
|
|
|
environment:
|
|
|
|
WOODPECKER_OPEN: false
|
2023-11-08 13:20:55 +01:00
|
|
|
WOODPECKER_HOST: https://ci.mgrote.net
|
2023-11-25 19:08:24 +01:00
|
|
|
WOODPECKER_WEBHOOK_HOST: http://docker10.mgrote.net:8000
|
2023-11-07 16:35:27 +01:00
|
|
|
WOODPECKER_GITEA: true
|
|
|
|
WOODPECKER_GITEA_URL: https://git.mgrote.net
|
2024-07-09 17:35:56 +02:00
|
|
|
WOODPECKER_GITEA_CLIENT: "{{ lookup('viczem.keepass.keepass', 'woodpecker-oauth2-client-id', 'password') }}"
|
|
|
|
WOODPECKER_GITEA_SECRET: "{{ lookup('viczem.keepass.keepass', 'woodpecker-oauth2-client-secret', 'password') }}"
|
|
|
|
WOODPECKER_AGENT_SECRET: "{{ lookup('viczem.keepass.keepass', 'woodpecker-agent-secret', 'password') }}"
|
2023-11-07 16:35:27 +01:00
|
|
|
WOODPECKER_ADMIN: mg
|
|
|
|
WOODPECKER_LOG_LEVEL: info
|
|
|
|
WOODPECKER_DEBUG_PRETTY: true
|
2023-11-08 13:20:55 +01:00
|
|
|
networks:
|
|
|
|
- intern
|
|
|
|
- traefik
|
2023-11-07 16:35:27 +01:00
|
|
|
labels:
|
2023-11-08 13:20:55 +01:00
|
|
|
traefik.http.routers.woodpecker.rule: Host(`ci.mgrote.net`)
|
|
|
|
traefik.enable: true
|
|
|
|
traefik.http.routers.woodpecker.tls: true
|
|
|
|
traefik.http.routers.woodpecker.tls.certresolver: resolver_letsencrypt
|
|
|
|
traefik.http.routers.woodpecker.entrypoints: entry_https
|
|
|
|
traefik.http.services.woodpecker.loadbalancer.server.port: 8000
|
|
|
|
|
2024-02-01 21:29:29 +01:00
|
|
|
traefik.http.routers.woodpecker.middlewares: woodpecker-ipallowlist
|
2023-11-08 13:20:55 +01:00
|
|
|
|
2024-02-01 21:29:29 +01:00
|
|
|
traefik.http.middlewares.woodpecker-ipallowlist.ipallowlist.sourcerange: "192.168.2.0/24,10.25.25.0/24"
|
|
|
|
traefik.http.middlewares.woodpecker-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth
|
2023-11-08 13:20:55 +01:00
|
|
|
|
|
|
|
|
2023-11-07 16:35:27 +01:00
|
|
|
woodpecker-agent:
|
|
|
|
container_name: woodpecker-agent
|
2024-07-19 02:07:40 +02:00
|
|
|
image: "woodpeckerci/woodpecker-agent:v2.7.0"
|
2023-11-07 16:35:27 +01:00
|
|
|
command: agent
|
|
|
|
restart: always
|
|
|
|
depends_on:
|
|
|
|
- woodpecker-server
|
|
|
|
ports:
|
|
|
|
- 3032:3000
|
|
|
|
volumes:
|
|
|
|
- agent-config:/etc/woodpecker
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
environment:
|
|
|
|
WOODPECKER_SERVER: woodpecker-server:9000
|
2024-07-09 17:35:56 +02:00
|
|
|
WOODPECKER_AGENT_SECRET: "{{ lookup('viczem.keepass.keepass', 'woodpecker-agent-secret', 'password') }}"
|
2024-01-26 23:22:12 +01:00
|
|
|
WOODPECKER_MAX_WORKFLOWS: 20
|
2023-11-07 16:35:27 +01:00
|
|
|
WOODPECKER_DEBUG_PRETTY: true
|
|
|
|
WOODPECKER_LOG_LEVEL: info
|
|
|
|
WOODPECKER_HEALTHCHECK: true
|
|
|
|
WOODPECKER_BACKEND: docker
|
2023-11-08 13:20:55 +01:00
|
|
|
networks:
|
|
|
|
- intern
|
|
|
|
|
2023-11-07 16:35:27 +01:00
|
|
|
|
|
|
|
volumes:
|
|
|
|
server-data:
|
|
|
|
agent-config:
|
|
|
|
|
|
|
|
# git.mgrote.net -> Settings -> Applications -> woodpecker
|
2024-07-09 17:35:56 +02:00
|
|
|
# WOODPECKER_GITEA_CLIENT: "{{ lookup('viczem.keepass.keepass', 'woodpecker-oauth2-client-id', 'password') }}"
|
|
|
|
# WOODPECKER_GITEA_SECRET: "{{ lookup('viczem.keepass.keepass', 'woodpecker-oauth2-client-secret', 'password') }}"
|
2023-11-08 13:20:55 +01:00
|
|
|
# Redirect URL: https://ci.mgrote.net/authorize
|
|
|
|
|
|
|
|
######## Networks ########
|
|
|
|
networks:
|
|
|
|
traefik:
|
|
|
|
external: true
|
|
|
|
intern:
|
|
|
|
driver: bridge
|