# https://woodpecker-ci.org/docs/administration/setup version: '3' services: woodpecker-server: restart: always container_name: woodpecker-server image: woodpeckerci/woodpecker-server:v2.2.2 ports: - 8000:8000 volumes: - server-data:/var/lib/woodpecker/ environment: WOODPECKER_OPEN: false WOODPECKER_HOST: https://ci.mgrote.net WOODPECKER_WEBHOOK_HOST: http://docker10.mgrote.net:8000 WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://git.mgrote.net WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }} WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }} WOODPECKER_AGENT_SECRET: {{ lookup('keepass', 'woodpecker-agent-secret', 'password') }} WOODPECKER_ADMIN: mg WOODPECKER_LOG_LEVEL: info WOODPECKER_DEBUG_PRETTY: true networks: - intern - traefik labels: com.centurylinklabs.watchtower.enable: true traefik.http.routers.woodpecker.rule: Host(`ci.mgrote.net`) traefik.enable: true traefik.http.routers.woodpecker.tls: true traefik.http.routers.woodpecker.tls.certresolver: resolver_letsencrypt traefik.http.routers.woodpecker.entrypoints: entry_https traefik.http.services.woodpecker.loadbalancer.server.port: 8000 traefik.http.routers.woodpecker.middlewares: woodpecker-ipwhitelist traefik.http.middlewares.woodpecker-ipwhitelist.ipwhitelist.sourcerange: "192.168.2.0/24,10.25.25.0/24" traefik.http.middlewares.woodpecker-ipwhitelist.ipwhitelist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/#ipstrategydepth woodpecker-agent: container_name: woodpecker-agent image: woodpeckerci/woodpecker-agent:v2.2.2 command: agent restart: always depends_on: - woodpecker-server ports: - 3032:3000 volumes: - agent-config:/etc/woodpecker - /var/run/docker.sock:/var/run/docker.sock environment: WOODPECKER_SERVER: woodpecker-server:9000 WOODPECKER_AGENT_SECRET: {{ lookup('keepass', 'woodpecker-agent-secret', 'password') }} WOODPECKER_MAX_WORKFLOWS: 4 WOODPECKER_DEBUG_PRETTY: true WOODPECKER_LOG_LEVEL: info WOODPECKER_HEALTHCHECK: true WOODPECKER_BACKEND: docker labels: com.centurylinklabs.watchtower.enable: true networks: - intern volumes: server-data: agent-config: # git.mgrote.net -> Settings -> Applications -> woodpecker # WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }} # WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }} # Redirect URL: https://ci.mgrote.net/authorize ######## Networks ######## networks: traefik: external: true intern: driver: bridge