services: woodpecker-server: restart: always container_name: woodpecker-server image: "woodpeckerci/woodpecker-server:v2.7.1" ports: - 8000:8000 volumes: - server-data:/var/lib/woodpecker/ environment: WOODPECKER_OPEN: false WOODPECKER_HOST: https://ci.mgrote.net WOODPECKER_WEBHOOK_HOST: http://docker10.mgrote.net:8000 WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://git.mgrote.net WOODPECKER_GITEA_CLIENT: "{{ lookup('viczem.keepass.keepass', 'woodpecker-oauth2-client-id', 'password') }}" WOODPECKER_GITEA_SECRET: "{{ lookup('viczem.keepass.keepass', 'woodpecker-oauth2-client-secret', 'password') }}" WOODPECKER_AGENT_SECRET: "{{ lookup('viczem.keepass.keepass', 'woodpecker-agent-secret', 'password') }}" WOODPECKER_ADMIN: mg WOODPECKER_LOG_LEVEL: info WOODPECKER_DEBUG_PRETTY: true networks: - intern - traefik labels: traefik.http.routers.woodpecker.rule: Host(`ci.mgrote.net`) traefik.enable: true traefik.http.routers.woodpecker.tls: true traefik.http.routers.woodpecker.tls.certresolver: resolver_letsencrypt traefik.http.routers.woodpecker.entrypoints: entry_https traefik.http.services.woodpecker.loadbalancer.server.port: 8000 traefik.http.routers.woodpecker.middlewares: woodpecker-ipallowlist traefik.http.middlewares.woodpecker-ipallowlist.ipallowlist.sourcerange: "192.168.2.0/24,10.25.25.0/24" traefik.http.middlewares.woodpecker-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth woodpecker-agent: container_name: woodpecker-agent image: "woodpeckerci/woodpecker-agent:v2.7.1" command: agent restart: always depends_on: - woodpecker-server ports: - 3032:3000 volumes: - agent-config:/etc/woodpecker - /var/run/docker.sock:/var/run/docker.sock environment: WOODPECKER_SERVER: woodpecker-server:9000 WOODPECKER_AGENT_SECRET: "{{ lookup('viczem.keepass.keepass', 'woodpecker-agent-secret', 'password') }}" WOODPECKER_MAX_WORKFLOWS: 20 WOODPECKER_DEBUG_PRETTY: true WOODPECKER_LOG_LEVEL: info WOODPECKER_HEALTHCHECK: true WOODPECKER_BACKEND: docker networks: - intern volumes: server-data: agent-config: # git.mgrote.net -> Settings -> Applications -> woodpecker # WOODPECKER_GITEA_CLIENT: "{{ lookup('viczem.keepass.keepass', 'woodpecker-oauth2-client-id', 'password') }}" # WOODPECKER_GITEA_SECRET: "{{ lookup('viczem.keepass.keepass', 'woodpecker-oauth2-client-secret', 'password') }}" # Redirect URL: https://ci.mgrote.net/authorize ######## Networks ######## networks: traefik: external: true intern: driver: bridge