diff --git a/stack.yml b/stack.yml index 8f58c17..22f8e94 100644 --- a/stack.yml +++ b/stack.yml @@ -1,80 +1,96 @@ -version: "3.9" networks: - default: - external: false + woodpecker: {} traefik: external: true + services: - server: - image: woodpeckerci/woodpecker-server:v3.8.0 + db: + image: mariadb:10.6 environment: - - WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx - - WOODPECKER_OPEN=true - - WOODPECKER_HOST=https://woodpecker.nixc.us - - WOODPECKER_BACKEND=docker - - WOODPECKER_BACKEND_DOCKER_NETWORK=default - - WOODPECKER_ADMIN=colin - - WOODPECKER_REPO_OWNERS=colin,meta,fansdb,lilsgym,nixius,Nixius,devsecops,mechinae,Mechinae,aenow,aenow-dev,ViperWire,mrc - - WOODPECKER_LOG_LEVEL=error - - WOODPECKER_GITEA=true - - WOODPECKER_GITEA_URL=https://git.nixc.us/ - - WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731 - - WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla - - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG - - WOODPECKER_DATABASE_DRIVER=mysql - - WOODPECKER_DATABASE_DATASOURCE=woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true - - WOODPECKER_LOG_FILE=stdout - networks: - - traefik - - default + MYSQL_DATABASE: "woodpecker" + MYSQL_USER: "woodpecker" + MYSQL_PASSWORD: "woodpecker" + MYSQL_RANDOM_ROOT_PASSWORD: 1 volumes: - - /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/ - - /var/run/docker.sock:/var/run/docker.sock - - /etc/localtime:/etc/localtime:ro + - /mnt/data/nixc.us/woodpecker/production/db:/var/lib/mysql + networks: + - woodpecker deploy: + endpoint_mode: dnsrr replicas: 1 placement: constraints: - node.hostname == macmini1 labels: - - "traefik.enable=true" - - "traefik.http.routers.woodpecker.tls=true" - - "traefik.http.services.woodpecker.loadbalancer.server.port=8000" - - "traefik.http.routers.woodpecker.rule=Host(`woodpecker.nixc.us`)" - - "traefik.http.routers.woodpecker.entrypoints=websecure" - - "traefik.http.routers.woodpecker.tls.certresolver=letsencryptresolver" - - "traefik.http.routers.woodpecker.service=woodpecker" - - "traefik.docker.network=traefik" + - "traefik.enable=false" update_config: order: stop-first failure_action: rollback - delay: 5s + delay: 0s parallelism: 1 restart_policy: condition: any - db: - image: mysql:8.0 + server: + image: woodpeckerci/woodpecker-server:v3.8.0 environment: - - MYSQL_DATABASE=woodpecker - - MYSQL_USER=woodpecker - - MYSQL_PASSWORD=woodpecker - - MYSQL_RANDOM_ROOT_PASSWORD=1 - volumes: - - /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql + WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx" + WOODPECKER_OPEN: "true" + WOODPECKER_HOST: "https://woodpecker.nixc.us" + WOODPECKER_BACKEND: "docker" + WOODPECKER_BACKEND_DOCKER_NETWORK: "default" + WOODPECKER_ADMIN: "colin" + WOODPECKER_REPO_OWNERS: "colin,meta,fansdb,lilsgym,nixius,Nixius,devsecops,mechinae,Mechinae,aenow,aenow-dev,ViperWire,mrc" + # WOODPECKER_LOG_LEVEL: trace + WOODPECKER_LOG_LEVEL: error + WOODPECKER_GITEA: "true" + WOODPECKER_GITEA_URL: "https://git.nixc.us/" + WOODPECKER_GITEA_CLIENT: "56c038d7-64b5-47e4-acae-cb8a69b31731" + WOODPECKER_GITEA_SECRET: "gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DATABASE_DRIVER: "mysql" + WOODPECKER_DATABASE_DATASOURCE: "woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true" + WOODPECKER_LOG_FILE: stdout networks: - - default + - traefik + - woodpecker + volumes: + - /mnt/data/nixc.us/woodpecker/production/data:/var/lib/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + - /etc/localtime:/etc/localtime:ro deploy: + endpoint_mode: dnsrr replicas: 1 placement: constraints: - node.hostname == macmini1 labels: - - "traefik.enable=false" + # Web UI Configuration + traefik.enable: "true" + traefik.http.routers.production_woodpecker_ui.rule: "Host(`woodpecker.nixc.us`)" + traefik.http.routers.production_woodpecker_ui.entrypoints: "websecure" + traefik.http.routers.production_woodpecker_ui.tls.certresolver: "letsencryptresolver" + traefik.http.routers.production_woodpecker_ui.service: "production_woodpecker_ui" + traefik.http.services.production_woodpecker_ui.loadbalancer.server.port: "8000" + + # gRPC service + traefik.http.services.woodpecker-grpc.loadbalancer.server.port: 9000 + traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme: h2c + + traefik.http.routers.woodpecker-grpc-secure.rule: Host(`grpc.woodpecker.nixc.us`) + traefik.http.routers.woodpecker-grpc-secure.tls: "true" + traefik.http.routers.woodpecker-grpc-secure.tls.certresolver: letsencryptresolver + traefik.http.routers.woodpecker-grpc-secure.entrypoints: websecure + traefik.http.routers.woodpecker-grpc-secure.service: woodpecker-grpc + + # Additional Metadata Labels + homepage.group: Infrastructure + homepage.name: woodpecker + homepage.href: "https://woodpecker.nixc.us" + homepage.description: "Woodpecker CI" update_config: - order: stop-first - failure_action: rollback - delay: 5s + # order: stop-first + delay: 60s parallelism: 1 restart_policy: condition: any @@ -82,34 +98,77 @@ services: agents-managers: image: woodpeckerci/woodpecker-agent:v3.8.0 networks: - - default + - woodpecker environment: - - WOODPECKER_LOG_FILE=stdout - - WOODPECKER_SERVER=server:9000 - - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG - - WOODPECKER_DEBUG=true - - WOODPECKER_LOG_LEVEL=error - - WOODPECKER_BACKEND=docker - - WOODPECKER_MAX_WORKFLOWS=1 - - WOODPECKER_DEBUG_PRETTY=true - - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf - - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}" - - WOODPECKER_FILTER_LABELS=location=manager - - WOODPECKER_HEALTHCHECK=true + WOODPECKER_LOG_FILE: stdout + WOODPECKER_SERVER: "server:9000" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DEBUG: "true" + # WOODPECKER_LOG_LEVEL: "trace" + WOODPECKER_LOG_LEVEL: "error" + WOODPECKER_BACKEND: "docker" + WOODPECKER_MAX_WORKFLOWS: 1 + WOODPECKER_DEBUG_PRETTY: "true" + WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf" + WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}" + WOODPECKER_FILTER_LABELS: "location=manager" + WOODPECKER_HEALTHCHECK: "true" deploy: + endpoint_mode: dnsrr placement: constraints: - node.role == manager - node.hostname != ingress.nixc.us mode: global - labels: - - "traefik.enable=false" update_config: + # order: stop-first failure_action: rollback delay: 120s parallelism: 4 restart_policy: condition: any + labels: + traefik.enable: "false" + volumes: + - agent-secret:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + dns: + - 1.1.1.1 + - 8.8.8.8 + + agent-salt: + image: woodpeckerci/woodpecker-agent:v3.8.0 + networks: + - woodpecker + environment: + WOODPECKER_LOG_FILE: stdout + WOODPECKER_SERVER: "woodpecker_server:9000" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DEBUG: "true" + # WOODPECKER_LOG_LEVEL: "trace" + WOODPECKER_LOG_LEVEL: "error" + WOODPECKER_BACKEND: "docker" + WOODPECKER_MAX_WORKFLOWS: 1 + WOODPECKER_DEBUG_PRETTY: "true" + WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf" + WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}" + WOODPECKER_FILTER_LABELS: "location=salt" + WOODPECKER_HEALTHCHECK: "true" + deploy: + endpoint_mode: dnsrr + placement: + constraints: + - node.hostname == ingress.nixc.us + mode: global + update_config: + # order: stop-first + failure_action: rollback + delay: 120s + parallelism: 4 + restart_policy: + condition: any + labels: + traefik.enable: "false" volumes: - agent-secret:/etc/woodpecker/ - /var/run/docker.sock:/var/run/docker.sock @@ -120,27 +179,29 @@ services: agents-workers: image: woodpeckerci/woodpecker-agent:v3.8.0 networks: - - default + - woodpecker environment: - - WOODPECKER_LOG_FILE=stdout - - WOODPECKER_SERVER=server:9000 - - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG - - WOODPECKER_DEBUG=true - - WOODPECKER_LOG_LEVEL=error - - WOODPECKER_BACKEND=docker - - WOODPECKER_MAX_WORKFLOWS=1 - - WOODPECKER_DEBUG_PRETTY=true - - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf - - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}" - - WOODPECKER_FILTER_LABELS=location=agent + WOODPECKER_LOG_FILE: stdout + WOODPECKER_SERVER: "woodpecker_server:9000" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DEBUG: "true" + # WOODPECKER_LOG_LEVEL: trace + WOODPECKER_LOG_LEVEL: error + WOODPECKER_BACKEND: "docker" + WOODPECKER_MAX_WORKFLOWS: "1" + WOODPECKER_DEBUG_PRETTY: "true" + WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf" + WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}" + WOODPECKER_FILTER_LABELS: "location=agent" deploy: + endpoint_mode: dnsrr placement: constraints: - node.role == worker - node.hostname != ingress.nixc.us mode: global labels: - - "traefik.enable=false" + traefik.enable: "false" update_config: order: stop-first failure_action: rollback @@ -156,4 +217,4 @@ services: - 8.8.8.8 volumes: - agent-secret: \ No newline at end of file + agent-secret: {}