mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

Woodpecker: finetuning (#595)

Browse source 
Reviewed-on: #595
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2023-11-08 13:20:55 +01:00 committed by mg
parent 04a75ae752
commit 41170511de
3 changed files with 31 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -1 +1,3 @@
# ansible_heimserver # ansible_heimserver
[![status-badge](https://ci.mgrote.net/api/badges/2/status.svg)](https://ci.mgrote.net/repos/2)

31
docker-compose/woodpecker/docker-compose.yml.j2
View file

@ -11,7 +11,7 @@ services:
- server-data:/var/lib/woodpecker/ - server-data:/var/lib/woodpecker/
environment: environment:
WOODPECKER_OPEN: false WOODPECKER_OPEN: false
WOODPECKER_HOST: http://docker10.grote.lan:8000 WOODPECKER_HOST: https://ci.mgrote.net
WOODPECKER_GITEA: true WOODPECKER_GITEA: true
WOODPECKER_GITEA_URL: https://git.mgrote.net WOODPECKER_GITEA_URL: https://git.mgrote.net
WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }} WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}
@ -20,10 +20,25 @@ services:
WOODPECKER_ADMIN: mg WOODPECKER_ADMIN: mg
WOODPECKER_LOG_LEVEL: info WOODPECKER_LOG_LEVEL: info
WOODPECKER_DEBUG_PRETTY: true WOODPECKER_DEBUG_PRETTY: true
networks:
- intern
- traefik
labels: labels:
com.centurylinklabs.watchtower.enable: true com.centurylinklabs.watchtower.enable: true
traefik.http.routers.woodpecker.rule: Host(`ci.mgrote.net`)
traefik.enable: true
traefik.http.routers.woodpecker.tls: true
traefik.http.routers.woodpecker.tls.certresolver: resolver_letsencrypt
traefik.http.routers.woodpecker.entrypoints: entry_https
traefik.http.services.woodpecker.loadbalancer.server.port: 8000
traefik.http.routers.woodpecker.middlewares: woodpecker-ipwhitelist
traefik.http.middlewares.woodpecker-ipwhitelist.ipwhitelist.sourcerange: 192.168.2.0/24
traefik.http.middlewares.woodpecker-ipwhitelist.ipwhitelist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/#ipstrategydepth
woodpecker-agent: woodpecker-agent:
container_name: woodpecker-agent container_name: woodpecker-agent
image: woodpeckerci/woodpecker-agent:latest image: woodpeckerci/woodpecker-agent:latest
@ -46,6 +61,9 @@ services:
WOODPECKER_BACKEND: docker WOODPECKER_BACKEND: docker
labels: labels:
com.centurylinklabs.watchtower.enable: true com.centurylinklabs.watchtower.enable: true
networks:
- intern
volumes: volumes:
server-data: server-data:
@ -54,4 +72,11 @@ volumes:
# git.mgrote.net -> Settings -> Applications -> woodpecker # git.mgrote.net -> Settings -> Applications -> woodpecker
# WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }} # WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}
# WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }} # WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}
# Redirect URL: http://docker10.grote.lan:8000/authorize # Redirect URL: https://ci.mgrote.net/authorize
######## Networks ########
networks:
traefik:
external: true
intern:
driver: bridge

1
host_vars/docker10.grote.lan.yml
View file

@ -56,6 +56,7 @@ compose_files:
network: mail-relay network: mail-relay
- name: woodpecker - name: woodpecker
state: present state: present
network: traefik
### oefenweb.ufw ### oefenweb.ufw
ufw_rules: ufw_rules: