Use working woodpecker config with proper networking and restart policies set to 'any'

2025-10-10 16:13:09 -04:00 · 2025-10-10 16:13:09 -04:00 · f75d8425f3
parent d3e24bd05c
commit f75d8425f3
1 changed files with 139 additions and 78 deletions
--- a/stack.yml
+++ b/stack.yml
@ -1,70 +1,22 @@
 version: "3.9"
 networks:
-  default:
+  woodpecker: {}
    external: false
  traefik:
    external: true
 services:
  server:
    image: woodpeckerci/woodpecker-server:v3.8.0
    environment:
      - WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx
      - WOODPECKER_OPEN=true
      - WOODPECKER_HOST=https://woodpecker.nixc.us
      - WOODPECKER_BACKEND=docker
      - WOODPECKER_BACKEND_DOCKER_NETWORK=default
      - WOODPECKER_ADMIN=colin
      - WOODPECKER_REPO_OWNERS=colin,meta,fansdb,lilsgym,nixius,Nixius,devsecops,mechinae,Mechinae,aenow,aenow-dev,ViperWire,mrc
      - WOODPECKER_LOG_LEVEL=error
      - WOODPECKER_GITEA=true
      - WOODPECKER_GITEA_URL=https://git.nixc.us/
      - WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731
      - WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla
      - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
      - WOODPECKER_DATABASE_DRIVER=mysql
      - WOODPECKER_DATABASE_DATASOURCE=woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true
      - WOODPECKER_LOG_FILE=stdout
    networks:
      - traefik
      - default
    volumes:
      - /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname == macmini1
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.woodpecker.tls=true"
        - "traefik.http.services.woodpecker.loadbalancer.server.port=8000"
        - "traefik.http.routers.woodpecker.rule=Host(`woodpecker.nixc.us`)"
        - "traefik.http.routers.woodpecker.entrypoints=websecure"
        - "traefik.http.routers.woodpecker.tls.certresolver=letsencryptresolver"
        - "traefik.http.routers.woodpecker.service=woodpecker"
        - "traefik.docker.network=traefik"
      update_config:
        order: stop-first
        failure_action: rollback
        delay: 5s
        parallelism: 1
      restart_policy:
        condition: any
 services:
  db:
-    image: mysql:8.0
+    image: mariadb:10.6
    environment:
-      - MYSQL_DATABASE=woodpecker
+      MYSQL_DATABASE: "woodpecker"
-      - MYSQL_USER=woodpecker
+      MYSQL_USER: "woodpecker"
-      - MYSQL_PASSWORD=woodpecker
+      MYSQL_PASSWORD: "woodpecker"
-      - MYSQL_RANDOM_ROOT_PASSWORD=1
+      MYSQL_RANDOM_ROOT_PASSWORD: 1
    volumes:
-      - /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql
+      - /mnt/data/nixc.us/woodpecker/production/db:/var/lib/mysql
    networks:
-      - default
+      - woodpecker
    deploy:
      endpoint_mode: dnsrr
      replicas: 1
      placement:
        constraints:
@ -74,7 +26,71 @@ services:
      update_config:
        order: stop-first
        failure_action: rollback
-        delay: 5s
+        delay: 0s
        parallelism: 1
      restart_policy:
        condition: any
  server:
    image: woodpeckerci/woodpecker-server:v3.8.0
    environment:
      WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx"
      WOODPECKER_OPEN: "true"
      WOODPECKER_HOST: "https://woodpecker.nixc.us"
      WOODPECKER_BACKEND: "docker"
      WOODPECKER_BACKEND_DOCKER_NETWORK: "default"
      WOODPECKER_ADMIN: "colin"
      WOODPECKER_REPO_OWNERS: "colin,meta,fansdb,lilsgym,nixius,Nixius,devsecops,mechinae,Mechinae,aenow,aenow-dev,ViperWire,mrc"
      # WOODPECKER_LOG_LEVEL: trace
      WOODPECKER_LOG_LEVEL: error
      WOODPECKER_GITEA: "true"
      WOODPECKER_GITEA_URL: "https://git.nixc.us/"
      WOODPECKER_GITEA_CLIENT: "56c038d7-64b5-47e4-acae-cb8a69b31731"
      WOODPECKER_GITEA_SECRET: "gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla"
      WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
      WOODPECKER_DATABASE_DRIVER: "mysql"
      WOODPECKER_DATABASE_DATASOURCE: "woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true"
      WOODPECKER_LOG_FILE: stdout
    networks:
      - traefik
      - woodpecker
    volumes:
      - /mnt/data/nixc.us/woodpecker/production/data:/var/lib/woodpecker/
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    deploy:
      endpoint_mode: dnsrr
      replicas: 1
      placement:
        constraints:
          - node.hostname == macmini1
      labels:
        # Web UI Configuration
        traefik.enable: "true"
        traefik.http.routers.production_woodpecker_ui.rule: "Host(`woodpecker.nixc.us`)"
        traefik.http.routers.production_woodpecker_ui.entrypoints: "websecure"
        traefik.http.routers.production_woodpecker_ui.tls.certresolver: "letsencryptresolver"
        traefik.http.routers.production_woodpecker_ui.service: "production_woodpecker_ui"
        traefik.http.services.production_woodpecker_ui.loadbalancer.server.port: "8000"
        # gRPC service
        traefik.http.services.woodpecker-grpc.loadbalancer.server.port: 9000
        traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme: h2c
        traefik.http.routers.woodpecker-grpc-secure.rule: Host(`grpc.woodpecker.nixc.us`)
        traefik.http.routers.woodpecker-grpc-secure.tls: "true"
        traefik.http.routers.woodpecker-grpc-secure.tls.certresolver: letsencryptresolver
        traefik.http.routers.woodpecker-grpc-secure.entrypoints: websecure
        traefik.http.routers.woodpecker-grpc-secure.service: woodpecker-grpc
        # Additional Metadata Labels
        homepage.group: Infrastructure
        homepage.name: woodpecker
        homepage.href: "https://woodpecker.nixc.us"
        homepage.description: "Woodpecker CI"
      update_config:
        # order: stop-first
        delay: 60s
        parallelism: 1
      restart_policy:
        condition: any
@ -82,34 +98,77 @@ services:
  agents-managers:
    image: woodpeckerci/woodpecker-agent:v3.8.0
    networks:
-      - default
+      - woodpecker
    environment:
-      - WOODPECKER_LOG_FILE=stdout
+      WOODPECKER_LOG_FILE: stdout
-      - WOODPECKER_SERVER=server:9000
+      WOODPECKER_SERVER: "server:9000"
-      - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
+      WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
-      - WOODPECKER_DEBUG=true
+      WOODPECKER_DEBUG: "true"
-      - WOODPECKER_LOG_LEVEL=error
+      # WOODPECKER_LOG_LEVEL: "trace"
-      - WOODPECKER_BACKEND=docker
+      WOODPECKER_LOG_LEVEL: "error"
-      - WOODPECKER_MAX_WORKFLOWS=1
+      WOODPECKER_BACKEND: "docker"
-      - WOODPECKER_DEBUG_PRETTY=true
+      WOODPECKER_MAX_WORKFLOWS: 1
-      - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf
+      WOODPECKER_DEBUG_PRETTY: "true"
-      - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}"
+      WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf"
-      - WOODPECKER_FILTER_LABELS=location=manager
+      WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}"
-      - WOODPECKER_HEALTHCHECK=true
+      WOODPECKER_FILTER_LABELS: "location=manager"
      WOODPECKER_HEALTHCHECK: "true"
    deploy:
      endpoint_mode: dnsrr
      placement:
        constraints:
          - node.role == manager
          - node.hostname != ingress.nixc.us
      mode: global
      labels:
        - "traefik.enable=false"
      update_config:
        # order: stop-first
        failure_action: rollback
        delay: 120s
        parallelism: 4
      restart_policy:
        condition: any
      labels:
        traefik.enable: "false"
    volumes:
      - agent-secret:/etc/woodpecker/
      - /var/run/docker.sock:/var/run/docker.sock
    dns:
      - 1.1.1.1
      - 8.8.8.8
  agent-salt:
    image: woodpeckerci/woodpecker-agent:v3.8.0
    networks:
      - woodpecker
    environment:
      WOODPECKER_LOG_FILE: stdout
      WOODPECKER_SERVER: "woodpecker_server:9000"
      WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
      WOODPECKER_DEBUG: "true"
      # WOODPECKER_LOG_LEVEL: "trace"
      WOODPECKER_LOG_LEVEL: "error"
      WOODPECKER_BACKEND: "docker"
      WOODPECKER_MAX_WORKFLOWS: 1
      WOODPECKER_DEBUG_PRETTY: "true"
      WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf"
      WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}"
      WOODPECKER_FILTER_LABELS: "location=salt"
      WOODPECKER_HEALTHCHECK: "true"
    deploy:
      endpoint_mode: dnsrr
      placement:
        constraints:
          - node.hostname == ingress.nixc.us
      mode: global
      update_config:
        # order: stop-first
        failure_action: rollback
        delay: 120s
        parallelism: 4
      restart_policy:
        condition: any
      labels:
        traefik.enable: "false"
    volumes:
      - agent-secret:/etc/woodpecker/
      - /var/run/docker.sock:/var/run/docker.sock
@ -120,27 +179,29 @@ services:
  agents-workers:
    image: woodpeckerci/woodpecker-agent:v3.8.0
    networks:
-      - default
+      - woodpecker
    environment:
-      - WOODPECKER_LOG_FILE=stdout
+      WOODPECKER_LOG_FILE: stdout
-      - WOODPECKER_SERVER=server:9000
+      WOODPECKER_SERVER: "woodpecker_server:9000"
-      - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
+      WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG"
-      - WOODPECKER_DEBUG=true
+      WOODPECKER_DEBUG: "true"
-      - WOODPECKER_LOG_LEVEL=error
+      # WOODPECKER_LOG_LEVEL: trace
-      - WOODPECKER_BACKEND=docker
+      WOODPECKER_LOG_LEVEL: error
-      - WOODPECKER_MAX_WORKFLOWS=1
+      WOODPECKER_BACKEND: "docker"
-      - WOODPECKER_DEBUG_PRETTY=true
+      WOODPECKER_MAX_WORKFLOWS: "1"
-      - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf
+      WOODPECKER_DEBUG_PRETTY: "true"
-      - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}"
+      WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf"
-      - WOODPECKER_FILTER_LABELS=location=agent
+      WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}"
      WOODPECKER_FILTER_LABELS: "location=agent"
    deploy:
      endpoint_mode: dnsrr
      placement:
        constraints:
          - node.role == worker
          - node.hostname != ingress.nixc.us
      mode: global
      labels:
-        - "traefik.enable=false"
+        traefik.enable: "false"
      update_config:
        order: stop-first
        failure_action: rollback
@ -156,4 +217,4 @@ services:
      - 8.8.8.8
 volumes:
-  agent-secret:
+  agent-secret: {}