# https://woodpecker-ci.org/docs/administration/setup version: '3' services: woodpecker-server: restart: always container_name: woodpecker-server image: "woodpeckerci/woodpecker-server:v2.3.0@sha256:50b4d16adae91a9be2d73efb093c8a5df43bde228e416efcd71620822478d4a1" ports: - 8000:8000 volumes: - server-data:/var/lib/woodpecker/ environment: WOODPECKER_OPEN: false WOODPECKER_HOST: https://ci.mgrote.net WOODPECKER_WEBHOOK_HOST: http://docker10.mgrote.net:8000 WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://git.mgrote.net WOODPECKER_GITEA_CLIENT: "{{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}" WOODPECKER_GITEA_SECRET: "{{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}" WOODPECKER_AGENT_SECRET: "{{ lookup('keepass', 'woodpecker-agent-secret', 'password') }}" WOODPECKER_ADMIN: mg WOODPECKER_LOG_LEVEL: info WOODPECKER_DEBUG_PRETTY: true networks: - intern - traefik labels: com.centurylinklabs.watchtower.enable: true traefik.http.routers.woodpecker.rule: Host(`ci.mgrote.net`) traefik.enable: true traefik.http.routers.woodpecker.tls: true traefik.http.routers.woodpecker.tls.certresolver: resolver_letsencrypt traefik.http.routers.woodpecker.entrypoints: entry_https traefik.http.services.woodpecker.loadbalancer.server.port: 8000 traefik.http.routers.woodpecker.middlewares: woodpecker-ipwhitelist traefik.http.middlewares.woodpecker-ipwhitelist.ipwhitelist.sourcerange: "192.168.2.0/24,10.25.25.0/24" traefik.http.middlewares.woodpecker-ipwhitelist.ipwhitelist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/#ipstrategydepth woodpecker-agent: container_name: woodpecker-agent image: "woodpeckerci/woodpecker-agent:v2.3.0@sha256:d64898cf9cfa5ae735e904dc421baf6fa1f36df24800793d8f4a455ba964e65f" command: agent restart: always depends_on: - woodpecker-server ports: - 3032:3000 volumes: - agent-config:/etc/woodpecker - /var/run/docker.sock:/var/run/docker.sock environment: WOODPECKER_SERVER: woodpecker-server:9000 WOODPECKER_AGENT_SECRET: "{{ lookup('keepass', 'woodpecker-agent-secret', 'password') }}" WOODPECKER_MAX_WORKFLOWS: 20 WOODPECKER_DEBUG_PRETTY: true WOODPECKER_LOG_LEVEL: info WOODPECKER_HEALTHCHECK: true WOODPECKER_BACKEND: docker labels: com.centurylinklabs.watchtower.enable: true networks: - intern volumes: server-data: agent-config: # git.mgrote.net -> Settings -> Applications -> woodpecker # WOODPECKER_GITEA_CLIENT: "{{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}" # WOODPECKER_GITEA_SECRET: "{{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}" # Redirect URL: https://ci.mgrote.net/authorize ######## Networks ######## networks: traefik: external: true intern: driver: bridge