Nixius
/
woodpecker
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit: Woodpecker CI configuration from macmini7

This commit is contained in:
Colin 2025-10-10 15:27:29 -04:00
commit 020bda3405
Signed by: colin
SSH Key Fingerprint: SHA256:nRPCQTeMFLdGytxRQmPVK9VXY3/ePKQ5lGRyJhT5DY8
6 changed files with 1069 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
README.md Normal file
View File

@ -0,0 +1,94 @@
# Getting started with running a Drone
https://blog.ruanbekker.com/blog/2021/03/09/cicd-with-droneci-and-gitea-using-docker-compose/
https://docs.drone.io/server/provider/gitea/
# CI CD Pipelines
## From https://www.youtube.com/watch?v=PXM63rU7NJ4
kind: pipeline
type: docker
name: sshd-base
trigger:
branch:
- main
event:
- push
image_pull_secrets:
- global_dockerconfig
## Cloning https://docs.drone.io/pipeline/digitalocean/syntax/cloning/
token:
from_secret: token
clone:
depth: 50
## Hello World Step
# steps:
# - name: say-hello
# image: busybox
# commands:
# - echo hello-world
## Steps https://docs.drone.io/pipeline/digitalocean/syntax/steps/
steps:
## Submodules --recursive flag https://docs.drone.io/pipeline/digitalocean/syntax/cloning/#the---recursive-flag
- name: submodules
commands:
- git submodule update --recursive --remote
## Basic Docker In Docker Example https://docs.drone.io/pipeline/docker/examples/services/docker_dind/
## TRUSTED REPOS ONLY DUE TO ROOT POWERS ##
- name: test
image: docker:dind
volumes:
- name: dockersock
path: /var/run
commands:
- sleep 5 # give docker enough time to start
- docker ps -a
- docker compose build
- docker compose push
services:
- name: docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
## Random build step for examples
- name: build
image: git.nixc.us/colin/sshd-base:latest
commands:
- echo hello-world
## Conditions https://docs.drone.io/pipeline/digitalocean/syntax/conditions/
when:
branch:
- main
- staging
- production
- name: publish
image: plugins/docker
settings:
username: colin
password:
from_secret: colin_docker_password
repo: git.nixc.us/colin/sshd-base:latest
tags:
- 1.0.0
- 1.0
## Parallelism https://docs.drone.io/pipeline/digitalocean/syntax/parallelism/
depends_on:
- build
## Build docker image and re-use in the next step
https://discourse.drone.io/t/build-docker-image-and-re-use-in-the-next-step/6190

106
tmp.yml Normal file
View File

@ -0,0 +1,106 @@
version: "3.9"
services:
woodpecker-server:
image: woodpeckerci/woodpecker-server:next-alpine
environment:
environment:
- WOODPECKER_HOST=https://woodpecker.nixc.us
- WOODPECKER_SERVER_ADDR=:8000
- WOODPECKER_PROTO=https
- WOODPECKER_DATABASE_DRIVER=mysql
- WOODPECKER_DATABASE_DATASOURCE=/data/database.sqlite
- WOODPECKER_GIT_ALWAYS_AUTH=false
- WOODPECKER_AGENT_SECRET=redacted
- WOODPECKER_ADMIN=colin
- WOODPECKER_REPO_OWNERS=colin,meta
- WOODPECKER_OPEN=true
# - WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json
# https://github.com/go-sql-driver/mysql#dsn-data-source-name
- WOODPECKER_DATABASE_DATASOURCE=woodpecker:woodpecker@tcp(db:3306)/woodpecker?parseTime=true
## Gitea config
- WOODPECKER_GITEA=true
- WOODPECKER_GITEA_URL=https://git.nixc.us/
- WOODPECKER_GITEA_CLIENT=redacted
- WOODPECKER_GITEA_SECRET=redacted
networks:
- traefik
- default
volumes:
- /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/
# - /root/.docker/config.json:/home/user/.docker/config.json:rw
deploy:
replicas: 1
deploy:
placement:
constraints:
# - node.role == manager
- node.hostname == ingress.nixc.us
labels:
- "traefik.enable=true"
- "traefik.http.routers.woodpecker.tls=true"
- "traefik.http.services.woodpecker.loadbalancer.server.port=8000"
- "traefik.http.routers.woodpecker.rule=Host(`woodpecker.nixc.us`)"
- "traefik.http.routers.woodpecker.entrypoints=websecure"
- "traefik.http.routers.woodpecker.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.woodpecker.service=woodpecker"
- "traefik.docker.network=traefik"
# - 'traefik.http.routers.woodpecker.middlewares=authelia@docker'
woodpecker-agent:
image: woodpeckerci/woodpecker-agent:next-alpine
networks:
- default
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
# - WOODPECKER_AGENT_HOST=https://woodpecker.nixc.us
# - WOODPECKER_AGENT_PROTO=http
- WOODPECKER_SERVER=woodpecker-server:9000
- WOODPECKER_AGENT_SECRET=redacted
- WOODPECKER_MAX_WORKFLOWS=4
- WOODPECKER_DEBUG=TRUE
- WOODPECKER_LOG_LEVEL=error
- WOODPECKER_DEBUG_PRETTY=true
deploy:
replicas: 1
placement:
constraints:
# - node.labels.role == db
# - node.hostname == macmini14
- node.labels.mac-rack == true
# - node.role == manager
labels:
- "traefik.enable=false"
db:
image: mariadb:10.6
environment:
- MYSQL_DATABASE=woodpecker
- MYSQL_USER=woodpecker
- MYSQL_PASSWORD=woodpecker
- MYSQL_RANDOM_ROOT_PASSWORD=1
volumes:
- /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql
networks:
- default
deploy:
replicas: 1
placement:
constraints:
## - node.labels.role == db
# - node.hostname == macmini8
- node.labels.mac-rack == true
labels:
- "traefik.enable=false"
networks:
default:
external: false
traefik:
external: true
# volumes:
# woodpeckerdata:
# external: true

220
woodpecker.yml Normal file
View File

@ -0,0 +1,220 @@
networks:
woodpecker: {}
traefik:
external: true
services:
db:
image: mariadb:10.6
environment:
MYSQL_DATABASE: "woodpecker"
MYSQL_USER: "woodpecker"
MYSQL_PASSWORD: "woodpecker"
MYSQL_RANDOM_ROOT_PASSWORD: 1
volumes:
- /mnt/data/nixc.us/woodpecker/production/db:/var/lib/mysql
networks:
- woodpecker
deploy:
endpoint_mode: dnsrr
replicas: 1
placement:
constraints:
- node.hostname == macmini1
labels:
- "traefik.enable=false"
update_config:
order: stop-first
failure_action: rollback
delay: 0s
parallelism: 1
restart_policy:
condition: on-failure
server:
image: woodpeckerci/woodpecker-server:v3.8.0
environment:
WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx"
WOODPECKER_OPEN: "true"
WOODPECKER_HOST: "https://woodpecker.nixc.us"
WOODPECKER_BACKEND: "docker"
WOODPECKER_BACKEND_DOCKER_NETWORK: "default"
WOODPECKER_ADMIN: "colin"
WOODPECKER_REPO_OWNERS: "colin,meta,fansdb,lilsgym,nixius,Nixius,devsecops,mechinae,Mechinae,aenow,aenow-dev,ViperWire,mrc"
# WOODPECKER_LOG_LEVEL: trace
WOODPECKER_LOG_LEVEL: error
WOODPECKER_GITEA: "true"
WOODPECKER_GITEA_URL: "https://git.nixc.us/"
WOODPECKER_GITEA_CLIENT: "56c038d7-64b5-47e4-acae-cb8a69b31731"
WOODPECKER_GITEA_SECRET: "gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla"
WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
WOODPECKER_DATABASE_DRIVER: "mysql"
WOODPECKER_DATABASE_DATASOURCE: "woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true"
WOODPECKER_LOG_FILE: stdout
networks:
- traefik
- woodpecker
volumes:
- /mnt/data/nixc.us/woodpecker/production/data:/var/lib/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
deploy:
endpoint_mode: dnsrr
replicas: 1
placement:
constraints:
- node.hostname == macmini1
labels:
# Web UI Configuration
traefik.enable: "true"
traefik.http.routers.production_woodpecker_ui.rule: "Host(`woodpecker.nixc.us`)"
traefik.http.routers.production_woodpecker_ui.entrypoints: "websecure"
traefik.http.routers.production_woodpecker_ui.tls.certresolver: "letsencryptresolver"
traefik.http.routers.production_woodpecker_ui.service: "production_woodpecker_ui"
traefik.http.services.production_woodpecker_ui.loadbalancer.server.port: "8000"
# gRPC service
traefik.http.services.woodpecker-grpc.loadbalancer.server.port: 9000
traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme: h2c
traefik.http.routers.woodpecker-grpc-secure.rule: Host(`grpc.woodpecker.nixc.us`)
traefik.http.routers.woodpecker-grpc-secure.tls: "true"
traefik.http.routers.woodpecker-grpc-secure.tls.certresolver: letsencryptresolver
traefik.http.routers.woodpecker-grpc-secure.entrypoints: websecure
traefik.http.routers.woodpecker-grpc-secure.service: woodpecker-grpc
# Additional Metadata Labels
homepage.group: Infrastructure
homepage.name: woodpecker
homepage.href: "https://woodpecker.nixc.us"
homepage.description: "Woodpecker CI"
update_config:
# order: stop-first
delay: 60s
parallelism: 1
# restart_policy:
# condition: on-failure
agents-managers:
image: woodpeckerci/woodpecker-agent:v3.8.0
networks:
- woodpecker
environment:
WOODPECKER_LOG_FILE: stdout
WOODPECKER_SERVER: "server:9000"
WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
WOODPECKER_DEBUG: "true"
# WOODPECKER_LOG_LEVEL: "trace"
WOODPECKER_LOG_LEVEL: "error"
WOODPECKER_BACKEND: "docker"
WOODPECKER_MAX_WORKFLOWS: 1
WOODPECKER_DEBUG_PRETTY: "true"
WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf"
WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}"
WOODPECKER_FILTER_LABELS: "location=manager"
WOODPECKER_HEALTHCHECK: "true"
deploy:
endpoint_mode: dnsrr
placement:
constraints:
- node.role == manager
- node.hostname != ingress.nixc.us
mode: global
update_config:
# order: stop-first
failure_action: rollback
delay: 120s
parallelism: 4
restart_policy:
condition: on-failure
labels:
traefik.enable: "false"
volumes:
- agent-secret:/etc/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
dns:
- 1.1.1.1
- 8.8.8.8
agent-salt:
image: woodpeckerci/woodpecker-agent:v3.8.0
networks:
- woodpecker
environment:
WOODPECKER_LOG_FILE: stdout
WOODPECKER_SERVER: "woodpecker_server:9000"
WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
WOODPECKER_DEBUG: "true"
# WOODPECKER_LOG_LEVEL: "trace"
WOODPECKER_LOG_LEVEL: "error"
WOODPECKER_BACKEND: "docker"
WOODPECKER_MAX_WORKFLOWS: 1
WOODPECKER_DEBUG_PRETTY: "true"
WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf"
WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}"
WOODPECKER_FILTER_LABELS: "location=salt"
WOODPECKER_HEALTHCHECK: "true"
deploy:
endpoint_mode: dnsrr
placement:
constraints:
- node.hostname == ingress.nixc.us
mode: global
update_config:
# order: stop-first
failure_action: rollback
delay: 120s
parallelism: 4
restart_policy:
condition: on-failure
labels:
traefik.enable: "false"
volumes:
- agent-secret:/etc/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
dns:
- 1.1.1.1
- 8.8.8.8
agents-workers:
image: woodpeckerci/woodpecker-agent:v3.8.0
networks:
- woodpecker
environment:
WOODPECKER_LOG_FILE: stdout
WOODPECKER_SERVER: "woodpecker_server:9000"
WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
WOODPECKER_DEBUG: "true"
# WOODPECKER_LOG_LEVEL: trace
WOODPECKER_LOG_LEVEL: error
WOODPECKER_BACKEND: "docker"
WOODPECKER_MAX_WORKFLOWS: "1"
WOODPECKER_DEBUG_PRETTY: "true"
WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf"
WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}"
WOODPECKER_FILTER_LABELS: "location=agent"
deploy:
endpoint_mode: dnsrr
placement:
constraints:
- node.role == worker
- node.hostname != ingress.nixc.us
mode: global
labels:
traefik.enable: "false"
update_config:
order: stop-first
failure_action: rollback
delay: 120s
parallelism: 4
restart_policy:
condition: on-failure
volumes:
- agent-secret:/etc/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
dns:
- 1.1.1.1
- 8.8.8.8
volumes:
agent-secret: {}

208
woodpecker.yml.2024.09.10 Normal file
View File

@ -0,0 +1,208 @@
networks:
default:
external: false
traefik:
external: true
services:
server:
# image: woodpeckerci/woodpecker-server:next-alpine
# image: woodpeckerci/woodpecker-server:next-4198c447fb
# image: woodpeckerci/woodpecker-server:v2.0.0
# image: woodpeckerci/woodpecker-server:next
# image: woodpeckerci/woodpecker-server:v2.4.1
image: woodpeckerci/woodpecker-server:v2.7.1
environment:
- WOODPECKER_OPEN=true
- WOODPECKER_HOST=https://woodpecker.nixc.us
- WOODPECKER_BACKEND=docker
- WOODPECKER_BACKEND_DOCKER_NETWORK=default
- WOODPECKER_ADMIN=colin
- WOODPECKER_REPO_OWNERS=colin,meta,fansdb,lilsgym,nixius,Nixius
- WOODPECKER_LOG_LEVEL=debug
# ## Gitea config
- WOODPECKER_GITEA=true
- WOODPECKER_GITEA_URL=https://git.nixc.us/
- WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731
- WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla
- WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
# environment:
# - WOODPECKER_HOST=https://woodpecker.nixc.us
# - WOODPECKER_SERVER_ADDR=:8000
# - WOODPECKER_PROTO=https
- WOODPECKER_DATABASE_DRIVER=mysql
# - WOODPECKER_BACKEND=docker
# - WOODPECKER_BACKEND_DOCKER_NETWORK=default
# # - WOODPECKER_DATABASE_DATASOURCE=/data/database.sqlite
# - WOODPECKER_GIT_ALWAYS_AUTH=false
# - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
# - WOODPECKER_ADMIN=colin
# - WOODPECKER_REPO_OWNERS=colin,meta
# - WOODPECKER_OPEN=true
# # - WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json
# # https://github.com/go-sql-driver/mysql#dsn-data-source-name
- WOODPECKER_DATABASE_DATASOURCE=woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true
# ## Gitea config
# - WOODPECKER_GITEA=true
# - WOODPECKER_GITEA_URL=https://git.nixc.us/
# - WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731
# - WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla
networks:
- traefik
- default
# dns:
# - "176.103.130.130"
# - "1.1.1.1"
volumes:
- /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
deploy:
replicas: 1
placement:
constraints:
# - node.role == manager
- node.hostname == macmini1
labels:
homepage.group: Infrastructure
homepage.name: woodpecker
homepage.href: https://woodpecker.nixc.us
homepage.description: Woodpecker CI
traefik.enable: "true"
traefik.http.routers.production_woodpecker.tls: "true"
traefik.http.services.production_woodpecker.loadbalancer.server.port: "8000"
traefik.http.routers.production_woodpecker.rule: "Host(`woodpecker.nixc.us`)"
traefik.http.routers.production_woodpecker.entrypoints: "websecure"
traefik.http.routers.production_woodpecker.tls.certresolver: "letsencryptresolver"
traefik.http.routers.production_woodpecker.service: "production_woodpecker"
traefik.docker.network: traefik
update_config:
order: stop-first
delay: 60s
parallelism: 1
restart_policy:
condition: on-failure
# logging:
# driver: "gelf"
# options:
# gelf-address: "udp://log.nixc.us:15124"
# tag: "woodpecker_server"
db:
image: mariadb:10.6
environment:
- MYSQL_DATABASE=woodpecker
- MYSQL_USER=woodpecker
- MYSQL_PASSWORD=woodpecker
- MYSQL_RANDOM_ROOT_PASSWORD=1
volumes:
- /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql
networks:
- default
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini1
labels:
- "traefik.enable=false"
update_config:
order: stop-first
failure_action: rollback
delay: 0s
parallelism: 1
restart_policy:
condition: on-failure
# logging:
# driver: "gelf"
# options:
# gelf-address: "udp://log.nixc.us:15124"
# tag: "woodpecker_db"
agents-managers:
# image: woodpeckerci/woodpecker-agent:next-4198c447fb
# image: woodpeckerci/woodpecker-agent:v2.0.0
# image: woodpeckerci/woodpecker-agent:next
image: woodpeckerci/woodpecker-agent:v2.7.1
networks:
- default
environment:
- WOODPECKER_SERVER=woodpecker_server:9000
- WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
- WOODPECKER_DEBUG=TRUE
- WOODPECKER_LOG_LEVEL=debug
- WOODPECKER_BACKEND=docker
- WOODPECKER_MAX_WORKFLOWS=1
# - WOODPECKER_LOG_LEVEL=error
- WOODPECKER_DEBUG_PRETTY=true
# - WOODPECKER_BACKEND_DOCKER_NETWORK=default
- WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf
- "WOODPECKER_HOSTNAME={{ .Node.Hostname }}"
- WOODPECKER_FILTER_LABELS="location=manager"
deploy:
placement:
constraints:
- node.role == manager
mode: global
labels:
- "traefik.enable=false"
update_config:
order: stop-first
# failure_action: rollback
delay: 120s
parallelism: 4
restart_policy:
condition: any
# logging:
# driver: "gelf"
# options:
# gelf-address: "udp://log.nixc.us:15124"
# tag: woodpecker_agents
volumes:
- agent-secret:/etc/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
# agents-workers:
## image: woodpeckerci/woodpecker-agent:next-4198c447fb
## image: woodpeckerci/woodpecker-agent:v2.0.0
## image: woodpeckerci/woodpecker-agent:next
# image: woodpeckerci/woodpecker-agent:v2.7.1
# networks:
# - default
# environment:
# - WOODPECKER_SERVER=woodpecker_server:9000
# - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
# - WOODPECKER_DEBUG=TRUE
# - WOODPECKER_LOG_LEVEL=debug
# - WOODPECKER_BACKEND=docker
# - WOODPECKER_MAX_WORKFLOWS=1
# # - WOODPECKER_LOG_LEVEL=error
# - WOODPECKER_DEBUG_PRETTY=true
# # - WOODPECKER_BACKEND_DOCKER_NETWORK=default
# - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf
# - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}"
# - WOODPECKER_FILTER_LABELS="location=manager"
# deploy:
# placement:
# constraints:
# - node.role == worker
# mode: global
# labels:
# - "traefik.enable=false"
# update_config:
# order: stop-first
# failure_action: rollback
# delay: 120s
# parallelism: 4
# restart_policy:
# condition: on-failure
# # logging:
# # driver: "gelf"
# # options:
# # gelf-address: "udp://log.nixc.us:15124"
# # tag: woodpecker_agents
# volumes:
# - agent-secret:/etc/woodpecker/
# - /var/run/docker.sock:/var/run/docker.sock
volumes:
agent-secret:

232
woodpecker.yml.backup.20250519144353 Normal file
View File

@ -0,0 +1,232 @@
networks:
woodpecker: {}
traefik:
external: true
services:
db:
image: mariadb:10.6
environment:
MYSQL_DATABASE: "woodpecker"
MYSQL_USER: "woodpecker"
MYSQL_PASSWORD: "woodpecker"
MYSQL_RANDOM_ROOT_PASSWORD: 1
volumes:
- /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql
networks:
- woodpecker
deploy:
endpoint_mode: dnsrr
replicas: 1
placement:
constraints:
- node.hostname == macmini1
labels:
- "traefik.enable=false"
update_config:
order: stop-first
failure_action: rollback
delay: 0s
parallelism: 1
restart_policy:
condition: on-failure
server:
image: woodpeckerci/woodpecker-server:next
environment:
WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx"
WOODPECKER_OPEN: "true"
WOODPECKER_HOST: "https://woodpecker.nixc.us"
WOODPECKER_BACKEND: "docker"
WOODPECKER_BACKEND_DOCKER_NETWORK: "default"
WOODPECKER_ADMIN: "colin"
WOODPECKER_REPO_OWNERS: "colin,meta,fansdb,lilsgym,nixius,Nixius,devsecops,mechinae,Mechinae,aenow,aenow-dev,ViperWire"
# WOODPECKER_LOG_LEVEL: trace
WOODPECKER_LOG_LEVEL: error
WOODPECKER_GITEA: "true"
WOODPECKER_GITEA_URL: "https://git.nixc.us/"
WOODPECKER_GITEA_CLIENT: "56c038d7-64b5-47e4-acae-cb8a69b31731"
WOODPECKER_GITEA_SECRET: "gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla"
WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
WOODPECKER_DATABASE_DRIVER: "mysql"
WOODPECKER_DATABASE_DATASOURCE: "woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true"
WOODPECKER_LOG_FILE: stdout
networks:
- traefik
- woodpecker
volumes:
- /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
deploy:
endpoint_mode: dnsrr
replicas: 1
placement:
constraints:
- node.hostname == macmini1
labels:
# homepage.group: Infrastructure
# homepage.name: woodpecker
# homepage.href: "https://woodpecker.nixc.us"
# homepage.description: "Woodpecker CI"
# traefik.enable: "true"
# traefik.http.routers.production_woodpecker.tls: "true"
# traefik.http.services.production_woodpecker.loadbalancer.server.port: "8000"
# traefik.http.routers.production_woodpecker.rule: "Host(`woodpecker.nixc.us`)"
# traefik.http.routers.production_woodpecker.entrypoints: "websecure"
# traefik.http.routers.production_woodpecker.tls.certresolver: "letsencryptresolver"
# traefik.http.routers.production_woodpecker.service: "production_woodpecker"
# traefik.docker.network: "traefik"
# Web UI Configuration
traefik.enable: "true"
traefik.http.routers.production_woodpecker_ui.rule: "Host(`woodpecker.nixc.us`)"
traefik.http.routers.production_woodpecker_ui.entrypoints: "websecure"
traefik.http.routers.production_woodpecker_ui.tls.certresolver: "letsencryptresolver"
traefik.http.routers.production_woodpecker_ui.service: "production_woodpecker_ui"
traefik.http.services.production_woodpecker_ui.loadbalancer.server.port: "8000"
# gRPC service
traefik.http.services.woodpecker-grpc.loadbalancer.server.port: 9000
traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme: h2c
traefik.http.routers.woodpecker-grpc-secure.rule: Host(`grpc.woodpecker.nixc.us`)
traefik.http.routers.woodpecker-grpc-secure.tls: "true"
traefik.http.routers.woodpecker-grpc-secure.tls.certresolver: letsencrypt
traefik.http.routers.woodpecker-grpc-secure.entrypoints: websecure
traefik.http.routers.woodpecker-grpc-secure.service: woodpecker-grpc
# Additional Metadata Labels
homepage.group: Infrastructure
homepage.name: woodpecker
homepage.href: "https://woodpecker.nixc.us"
homepage.description: "Woodpecker CI"
update_config:
# order: stop-first
delay: 60s
parallelism: 1
# restart_policy:
# condition: on-failure
agents-managers:
image: woodpeckerci/woodpecker-agent:next
networks:
- woodpecker
environment:
WOODPECKER_LOG_FILE: stdout
WOODPECKER_SERVER: "woodpecker_server:9000"
WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
WOODPECKER_DEBUG: "true"
# WOODPECKER_LOG_LEVEL: "trace"
WOODPECKER_LOG_LEVEL: "error"
WOODPECKER_BACKEND: "docker"
WOODPECKER_MAX_WORKFLOWS: 1
WOODPECKER_DEBUG_PRETTY: "true"
WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf"
WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}"
WOODPECKER_FILTER_LABELS: "location=manager"
WOODPECKER_HEALTHCHECK: "true"
deploy:
endpoint_mode: dnsrr
placement:
constraints:
- node.role == manager
- node.hostname != ingress.nixc.us
mode: global
update_config:
# order: stop-first
failure_action: rollback
delay: 120s
parallelism: 4
restart_policy:
condition: on-failure
labels:
traefik.enable: "false"
volumes:
- agent-secret:/etc/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
dns:
- 1.1.1.1
- 8.8.8.8
agent-salt:
image: woodpeckerci/woodpecker-agent:next
networks:
- woodpecker
environment:
WOODPECKER_LOG_FILE: stdout
WOODPECKER_SERVER: "woodpecker_server:9000"
WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
WOODPECKER_DEBUG: "true"
# WOODPECKER_LOG_LEVEL: "trace"
WOODPECKER_LOG_LEVEL: "error"
WOODPECKER_BACKEND: "docker"
WOODPECKER_MAX_WORKFLOWS: 1
WOODPECKER_DEBUG_PRETTY: "true"
WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf"
WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}"
WOODPECKER_FILTER_LABELS: "location=salt"
WOODPECKER_HEALTHCHECK: "true"
deploy:
endpoint_mode: dnsrr
placement:
constraints:
- node.hostname == ingress.nixc.us
mode: global
update_config:
# order: stop-first
failure_action: rollback
delay: 120s
parallelism: 4
restart_policy:
condition: on-failure
labels:
traefik.enable: "false"
volumes:
- agent-secret:/etc/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
dns:
- 1.1.1.1
- 8.8.8.8
agents-workers:
image: woodpeckerci/woodpecker-agent:next
networks:
- woodpecker
environment:
WOODPECKER_LOG_FILE: stdout
WOODPECKER_SERVER: "woodpecker_server:9000"
WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
WOODPECKER_DEBUG: "true"
# WOODPECKER_LOG_LEVEL: trace
WOODPECKER_LOG_LEVEL: error
WOODPECKER_BACKEND: "docker"
WOODPECKER_MAX_WORKFLOWS: "1"
WOODPECKER_DEBUG_PRETTY: "true"
WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf"
WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}"
WOODPECKER_FILTER_LABELS: "location=agent"
deploy:
endpoint_mode: dnsrr
placement:
constraints:
- node.role == worker
- node.hostname != ingress.nixc.us
mode: global
labels:
traefik.enable: "false"
update_config:
order: stop-first
failure_action: rollback
delay: 120s
parallelism: 4
restart_policy:
condition: on-failure
volumes:
- agent-secret:/etc/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
dns:
- 1.1.1.1
- 8.8.8.8
volumes:
agent-secret: {}

209
woodpecker.yml.save Normal file
View File

@ -0,0 +1,209 @@
version: "3.9"
networks:
default:
external: false
traefik:
external: true
services:
server:
# image: woodpeckerci/woodpecker-server:next-alpine
# image: woodpeckerci/woodpecker-server:next-4198c447fb
# image: woodpeckerci/woodpecker-server:v2.0.0
# image: woodpeckerci/woodpecker-server:next
# image: woodpeckerci/woodpecker-server:v2.4.1
image: woodpeckerci/woodpecker-server:v2.6.0
environment:
- WOODPECKER_OPEN=true
- WOODPECKER_HOST=https://woodpecker.nixc.us
- WOODPECKER_BACKEND=docker
- WOODPECKER_BACKEND_DOCKER_NETWORK=default
- WOODPECKER_ADMIN=colin
- WOODPECKER_REPO_OWNERS=colin,meta,fansdb,lilsgym,nixius,Nixius
- WOODPECKER_LOG_LEVEL=debug
# ## Gitea config
- WOODPECKER_GITEA=true
- WOODPECKER_GITEA_URL=https://git.nixc.us/
- WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731
- WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla
- WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
# environment:
# - WOODPECKER_HOST=https://woodpecker.nixc.us
# - WOODPECKER_SERVER_ADDR=:8000
# - WOODPECKER_PROTO=https
- WOODPECKER_DATABASE_DRIVER=mysql
# - WOODPECKER_BACKEND=docker
# - WOODPECKER_BACKEND_DOCKER_NETWORK=default
# # - WOODPECKER_DATABASE_DATASOURCE=/data/database.sqlite
# - WOODPECKER_GIT_ALWAYS_AUTH=false
# - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
# - WOODPECKER_ADMIN=colin
# - WOODPECKER_REPO_OWNERS=colin,meta
# - WOODPECKER_OPEN=true
# # - WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json
# # https://github.com/go-sql-driver/mysql#dsn-data-source-name
- WOODPECKER_DATABASE_DATASOURCE=woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true
# ## Gitea config
# - WOODPECKER_GITEA=true
# - WOODPECKER_GITEA_URL=https://git.nixc.us/
# - WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731
# - WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla
networks:
- traefik
- default
# dns:
# - "176.103.130.130"
# - "1.1.1.1"
volumes:
- /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
deploy:
replicas: 1
placement:
constraints:
# - node.role == manager
- node.hostname == macmini1
labels:
homepage.group: Infrastructure
homepage.name: woodpecker
homepage.href: https://woodpecker.nixc.us
homepage.description: Woodpecker CI
traefik.enable: "true"
traefik.http.routers.production_woodpecker.tls: "true"
traefik.http.services.production_woodpecker.loadbalancer.server.port: "8000"
traefik.http.routers.production_woodpecker.rule: "Host(`woodpecker.nixc.us`)"
traefik.http.routers.production_woodpecker.entrypoints: "websecure"
traefik.http.routers.production_woodpecker.tls.certresolver: "letsencryptresolver"
traefik.http.routers.production_woodpecker.service: "production_woodpecker"
traefik.docker.network: traefik
update_config:
order: stop-first
delay: 60s
parallelism: 1
restart_policy:
condition: on-failure
# logging:
# driver: "gelf"
# options:
# gelf-address: "udp://log.nixc.us:15124"
# tag: "woodpecker_server"
db:
image: mariadb:10.6
environment:
- MYSQL_DATABASE=woodpecker
- MYSQL_USER=woodpecker
- MYSQL_PASSWORD=woodpecker
- MYSQL_RANDOM_ROOT_PASSWORD=1
volumes:
- /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql
networks:
- default
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini1
labels:
- "traefik.enable=false"
update_config:
order: stop-first
failure_action: rollback
delay: 0s
parallelism: 1
restart_policy:
condition: on-failure
# logging:
# driver: "gelf"
# options:
# gelf-address: "udp://log.nixc.us:15124"
# tag: "woodpecker_db"
agents-managers:
# image: woodpeckerci/woodpecker-agent:next-4198c447fb
# image: woodpeckerci/woodpecker-agent:v2.0.0
# image: woodpeckerci/woodpecker-agent:next
image: woodpeckerci/woodpecker-agent:v2.6.0
networks:
- default
environment:
- WOODPECKER_SERVER=woodpecker_server:9000
- WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
- WOODPECKER_DEBUG=TRUE
- WOODPECKER_LOG_LEVEL=debug
- WOODPECKER_BACKEND=docker
- WOODPECKER_MAX_WORKFLOWS=1
# - WOODPECKER_LOG_LEVEL=error
- WOODPECKER_DEBUG_PRETTY=true
# - WOODPECKER_BACKEND_DOCKER_NETWORK=default
- WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf
- "WOODPECKER_HOSTNAME={{ .Node.Hostname }}"
- WOODPECKER_FILTER_LABELS="master"
deploy:
placement:
constraints:
- node.role == manager
mode: global
labels:
- "traefik.enable=false"
update_config:
order: stop-first
failure_action: rollback
delay: 120s
parallelism: 4
restart_policy:
condition: on-failure
# logging:
# driver: "gelf"
# options:
# gelf-address: "udp://log.nixc.us:15124"
# tag: woodpecker_agents
volumes:
- agent-secret:/etc/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
agents-workers:
# image: woodpeckerci/woodpecker-agent:next-4198c447fb
# image: woodpeckerci/woodpecker-agent:v2.0.0
# image: woodpeckerci/woodpecker-agent:next
image: woodpeckerci/woodpecker-agent:v2.6.0
networks:
- default
environment:
- WOODPECKER_SERVER=woodpecker_server:9000
- WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
- WOODPECKER_DEBUG=TRUE
- WOODPECKER_LOG_LEVEL=debug
- WOODPECKER_BACKEND=docker
- WOODPECKER_MAX_WORKFLOWS=1
# - WOODPECKER_LOG_LEVEL=error
- WOODPECKER_DEBUG_PRETTY=true
# - WOODPECKER_BACKEND_DOCKER_NETWORK=default
- WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf
- "WOODPECKER_HOSTNAME={{ .Node.Hostname }}"
- WOODPECKER_FILTER_LABELS="master=false"
deploy:
placement:
constraints:
- node.role == manager
mode: global
labels:
- "traefik.enable=false"
update_config:
order: stop-first
failure_action: rollback
delay: 120s
parallelism: 4
restart_policy:
condition: on-failure
# logging:
# driver: "gelf"
# options:
# gelf-address: "udp://log.nixc.us:15124"
# tag: woodpecker_agents
volumes:
- agent-secret:/etc/woodpecker/
- /var/run/docker.sock:/var/run/docker.sock
volumes:
agent-secret: