diff --git a/.drone.yml b/.drone.yml
deleted file mode 100644
index 1f271998..00000000
--- a/.drone.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-kind: pipeline
-type: docker
-name: gitleaks
-
-steps:
-  - name: gitleaks
-    image: plugins/gitleaks
-    settings:
-      path: .
-    when:
-      event:
-        exclude:
-          - tag
-
----
-kind: pipeline
-type: docker
-name: ansible-lint
-steps:
-  - name: ansible-lint
-    image: quay.io/ansible/creator-ee
-    commands:
-      - ansible-lint --version
-      - echo $ANSIBLE_VAULT_PASSWORD > ./vault-pass.yml
-      - ansible-galaxy install -r requirements.yml
-      - ansible-lint --force-color --format pep8
-    when:
-      event:
-        exclude:
-          - tag
-    environment:
-      ANSIBLE_VAULT_PASSWORD:
-        from_secret: vault-pass
diff --git a/.woodpecker/ansible-lint.yml b/.woodpecker/ansible-lint.yml
new file mode 100644
index 00000000..53bd46f2
--- /dev/null
+++ b/.woodpecker/ansible-lint.yml
@@ -0,0 +1,19 @@
+---
+kind: pipeline
+type: docker
+name: ansible-lint
+depends_on:
+  - gitleaks
+steps:
+  ansible-lint:
+    image: quay.io/ansible/creator-ee
+    commands:
+      - ansible-lint --version
+      - echo $VAULT-PASS > ./vault-pass.yml # nach des Secret in Großschreibung
+      - ansible-galaxy install -r requirements.yml
+      - ansible-lint --force-color --format pep8
+    when:
+      event:
+        exclude:
+          - tag
+    secret: [vault-pass] #dieses Secret darf verwendet werden
diff --git a/.woodpecker/gitleaks.yml b/.woodpecker/gitleaks.yml
new file mode 100644
index 00000000..fd095d7f
--- /dev/null
+++ b/.woodpecker/gitleaks.yml
@@ -0,0 +1,13 @@
+---
+kind: pipeline
+type: docker
+name: gitleaks
+steps:
+  gitleaks:
+    image: zricethezav/gitleaks:latest
+    commands:
+      - gitleaks detect --no-git --verbose --source $CI_WORKSPACE
+    when:
+      event:
+        exclude:
+          - tag
diff --git a/docker-compose/drone/docker-compose.yml.j2 b/docker-compose/drone/docker-compose.yml.j2
deleted file mode 100644
index 66faab36..00000000
--- a/docker-compose/drone/docker-compose.yml.j2
+++ /dev/null
@@ -1,54 +0,0 @@
-version: '3.3'
-services:
-# server
-    drone:
-        volumes:
-            - 'data:/data'
-        environment:
-            DRONE_GITEA_SERVER: https://git.mgrote.net
-            DRONE_GITEA_CLIENT_ID: f8f0db2a-0089-4e23-9f5a-a5e52f20d765
-            DRONE_GITEA_CLIENT_SECRET: {{ lookup('keepass', 'drone_gitea_client_secret', 'password') }}
-            DRONE_RPC_SECRET: {{ lookup('keepass', 'drone_rpc_secret', 'password') }}
-            DRONE_SERVER_HOST: docker10.grote.lan:81
-            DRONE_SERVER_PROTO: http
-            DRONE_USER_CREATE: username:mg,admin:true # Gitea-Nutzer "mg" als Admin
-            #DRONE_LOGS_DEBUG: true
-        ports:
-            - '81:80'
-            - '444:443'
-        restart: always
-        container_name: drone-server
-        image: 'drone/drone:2'
-        networks:
-          - intern
-        labels:
-          com.centurylinklabs.watchtower.enable: true
-
-# runner
-    drone-runner-docker:
-        volumes:
-            - '/var/run/docker.sock:/var/run/docker.sock'
-        environment:
-            DRONE_RPC_PROTO: http
-            # container-name des servers
-            DRONE_RPC_HOST: drone-server
-            DRONE_RPC_SECRET: {{ lookup('keepass', 'drone_rpc_secret', 'password') }}
-            DRONE_RUNNER_CAPACITY: 8
-            DRONE_RUNNER_NAME: drone-runner
-        ports:
-            - '3000:3000'
-        restart: always
-        container_name: drone-runner
-        image: 'drone/drone-runner-docker:latest'
-        networks:
-          - intern
-        labels:
-          com.centurylinklabs.watchtower.enable: true
-          com.centurylinklabs.watchtower.depends-on: drone-server
-
-######## Volumes ########
-volumes:
-  data:
-######## Networks ########
-networks:
-  intern: # hier kommunizieren Runner + Server
diff --git a/docker-compose/homer/assets/config.yml b/docker-compose/homer/assets/config.yml
index 22029a68..768f2b59 100644
--- a/docker-compose/homer/assets/config.yml
+++ b/docker-compose/homer/assets/config.yml
@@ -33,14 +33,14 @@ services:
 #      - name: "Weather"
 #        location: "Burg" # your location.
 #        locationId: "2941501" # OpenWeatherMap city ID.
-#        apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" # insert your own API key here. Request one from https://o#penweathermap.org/api. # key deactiviert
+#        apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" # insert your own API key here. Request one from https://o#penweathermap.org/api. # key deactiviert #gitleaks:allow
 #        units: "metric" # units to display temperature. Can be one of: metric, imperial, kelvin. Defaults to kelvin.
 #        background: "none" # choose which type of background you want behind the image. Can be one of: square, cicle, none. Defaults to none.
 #        type: "OpenWeather"
 #      - name: "Weather"
 #        location: "Magdeburg"
 #        locationId: "2874545"
-#        apiKey: "c1ec4c040abfa80b991c72d48b49d4a0"
+#        apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" #gitleaks:allow
 #        units: "metric"
 #        background: "none"
 #        type: "OpenWeather"
diff --git a/docker-compose/homer/assets/icons/woodpecker.svg b/docker-compose/homer/assets/icons/woodpecker.svg
new file mode 100644
index 00000000..7cf777c4
--- /dev/null
+++ b/docker-compose/homer/assets/icons/woodpecker.svg
@@ -0,0 +1,10 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="22" height="22" viewBox="0 0 22 22">
+  <style>
+    @media (prefers-color-scheme: dark) {
+      path {
+        fill: white;
+      }
+    }
+  </style>
+  <path d="M1.263 2.744C2.41 3.832 2.845 4.932 4.118 5.08l.036.007c-.588.606-1.09 1.402-1.443 2.423-.38 1.096-.488 2.285-.614 3.659-.19 2.046-.401 4.364-1.556 7.269-2.486 6.258-1.12 11.63.332 17.317.664 2.604 1.348 5.297 1.642 8.107a.857.857 0 00.633.744.86.86 0 00.922-.323c.227-.313.524-.797.86-1.424.84 3.323 1.355 6.13 1.783 8.697a.866.866 0 001.517.41c2.88-3.463 3.763-8.636 2.184-12.674.459-2.433 1.402-4.45 2.398-6.583.536-1.15 1.08-2.318 1.55-3.566.228-.084.569-.314.79-.441l1.707-.981-.256 1.052a.864.864 0 001.678.408l.68-2.858 1.285-2.95a.863.863 0 10-1.581-.687l-1.152 2.669-2.383 1.372a18.97 18.97 0 00.508-2.981c.432-4.86-.718-9.074-3.066-11.266-.163-.157-.208-.281-.247-.26.095-.12.249-.26.358-.374 2.283-1.693 6.047-.147 8.319.75.589.232.876-.337.316-.67-1.95-1.153-5.948-4.196-8.188-6.193-.313-.275-.527-.607-.89-.913C9.825.555 4.072 3.057 1.355 2.569c-.102-.018-.166.103-.092.175m10.98 5.899c-.06 1.242-.603 1.8-1 2.208-.217.224-.426.436-.524.738-.236.714.008 1.51.66 2.143 1.974 1.84 2.925 5.527 2.538 9.86-.291 3.288-1.448 5.763-2.671 8.385-1.031 2.207-2.096 4.489-2.577 7.259a.853.853 0 00.056.48c1.02 2.434 1.135 6.197-.672 9.46a96.586 96.586 0 00-1.97-8.711c1.964-4.488 4.203-11.75 2.919-17.668-.325-1.497-1.304-3.276-2.387-4.207-.208-.18-.402-.237-.495-.167-.084.06-.151.238-.062.444.55 1.266.879 2.599 1.226 4.276 1.125 5.443-.956 12.49-2.835 16.782l-.116.259-.457.982c-.356-2.014-.85-3.95-1.33-5.84-1.38-5.406-2.68-10.515-.401-16.254 1.247-3.137 1.483-5.692 1.672-7.746.116-1.263.216-2.355.526-3.252.905-2.605 3.062-3.178 4.744-2.852 1.632.316 3.24 1.593 3.156 3.42zm-2.868.62a1.177 1.177 0 10.736-2.236 1.178 1.178 0 10-.736 2.237z" />
+</svg>
diff --git a/docker-compose/homer/assets/mgmt.yml b/docker-compose/homer/assets/mgmt.yml
index 4b319722..16ff7c72 100644
--- a/docker-compose/homer/assets/mgmt.yml
+++ b/docker-compose/homer/assets/mgmt.yml
@@ -51,11 +51,6 @@ services:
         url: "https://docker10.grote.lan:8443"
         target: "_blank"
         subtitle: "WLAN"
-      - name: "drone.io"
-        logo: "assets/icons/drone.png"
-        url: "http://docker10.grote.lan:81"
-        target: "_blank"
-        subtitle: "CI/CD"
       - name: "httpd"
         logo: "assets/icons/roundcube.png"
         url: "http://docker10.grote.lan:3344"
@@ -66,6 +61,11 @@ services:
         url: "https://registry.mgrote.net/ui/index.html"
         target: "_blank"
         subtitle: "Container-Registry"
+      - name: "Woodpecker"
+        logo: "assets/icons/woodpecker.svg"
+        url: "http://docker10.grote.lan:8000"
+        target: "_blank"
+        subtitle: "CI/CD"
 
   - name: "Infra"
     icon: "fas fa-cloud"
diff --git a/docker-compose/woodpecker/docker-compose.yml.j2 b/docker-compose/woodpecker/docker-compose.yml.j2
new file mode 100644
index 00000000..f31e1b94
--- /dev/null
+++ b/docker-compose/woodpecker/docker-compose.yml.j2
@@ -0,0 +1,57 @@
+# https://woodpecker-ci.org/docs/administration/setup
+version: '3'
+
+services:
+  woodpecker-server:
+    container_name: woodpecker-server
+    image: woodpeckerci/woodpecker-server:latest
+    ports:
+      - 8000:8000
+    volumes:
+      - server-data:/var/lib/woodpecker/
+    environment:
+      WOODPECKER_OPEN: false
+      WOODPECKER_HOST: http://docker10.grote.lan:8000
+      WOODPECKER_GITEA: true
+      WOODPECKER_GITEA_URL: https://git.mgrote.net
+      WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}
+      WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}
+      WOODPECKER_AGENT_SECRET: {{ lookup('keepass', 'woodpecker-agent-secret', 'password') }}
+      WOODPECKER_ADMIN: mg
+      WOODPECKER_LOG_LEVEL: info
+      WOODPECKER_DEBUG_PRETTY: true
+
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+
+  woodpecker-agent:
+    container_name: woodpecker-agent
+    image: woodpeckerci/woodpecker-agent:latest
+    command: agent
+    restart: always
+    depends_on:
+      - woodpecker-server
+    ports:
+      - 3032:3000
+    volumes:
+      - agent-config:/etc/woodpecker
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      WOODPECKER_SERVER: woodpecker-server:9000
+      WOODPECKER_AGENT_SECRET: {{ lookup('keepass', 'woodpecker-agent-secret', 'password') }}
+      WOODPECKER_MAX_WORKFLOWS: 4
+      WOODPECKER_DEBUG_PRETTY: true
+      WOODPECKER_LOG_LEVEL: info
+      WOODPECKER_HEALTHCHECK: true
+      WOODPECKER_BACKEND: docker
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+
+volumes:
+  server-data:
+  agent-config:
+
+# git.mgrote.net -> Settings -> Applications -> woodpecker
+# WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}
+# WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}
+# Redirect URL: http://docker10.grote.lan:8000/authorize
diff --git a/host_vars/docker10.grote.lan.yml b/host_vars/docker10.grote.lan.yml
index df5d2e69..c128054a 100644
--- a/host_vars/docker10.grote.lan.yml
+++ b/host_vars/docker10.grote.lan.yml
@@ -31,8 +31,6 @@ compose_files:
     network: traefik
   - name: homer
     state: present
-  - name: drone
-    state: present
   - name: nextcloud
     state: present
     network: traefik
@@ -56,6 +54,8 @@ compose_files:
   - name: mail-relay
     state: present
     network: mail-relay
+  - name: woodpecker
+    state: present
 
 ### oefenweb.ufw
 ufw_rules:
diff --git a/keepass_db.kdbx b/keepass_db.kdbx
index d3116b1a..ec25079f 100644
Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ