version: "3.9"
networks:
  default:
    external: false
  traefik:
    external: true
services:
  server:
    image: woodpeckerci/woodpecker-server:v3.8.0
    environment:
      - WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx
      - WOODPECKER_OPEN=true
      - WOODPECKER_HOST=https://woodpecker.nixc.us
      - WOODPECKER_BACKEND=docker
      - WOODPECKER_BACKEND_DOCKER_NETWORK=default
      - WOODPECKER_ADMIN=colin
      - WOODPECKER_REPO_OWNERS=colin,meta,fansdb,lilsgym,nixius,Nixius,devsecops,mechinae,Mechinae,aenow,aenow-dev,ViperWire,mrc
      - WOODPECKER_LOG_LEVEL=error
      - WOODPECKER_GITEA=true
      - WOODPECKER_GITEA_URL=https://git.nixc.us/
      - WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731
      - WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla
      - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
      - WOODPECKER_DATABASE_DRIVER=mysql
      - WOODPECKER_DATABASE_DATASOURCE=woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true
      - WOODPECKER_LOG_FILE=stdout
    networks:
      - traefik
      - default
    volumes:
      - /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname == macmini1
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.woodpecker.tls=true"
        - "traefik.http.services.woodpecker.loadbalancer.server.port=8000"
        - "traefik.http.routers.woodpecker.rule=Host(`woodpecker.nixc.us`)"
        - "traefik.http.routers.woodpecker.entrypoints=websecure"
        - "traefik.http.routers.woodpecker.tls.certresolver=letsencryptresolver"
        - "traefik.http.routers.woodpecker.service=woodpecker"
        - "traefik.docker.network=traefik"
      update_config:
        order: stop-first
        failure_action: rollback
        delay: 5s
        parallelism: 1
      restart_policy:
        condition: on-failure

  db:
    image: mariadb:10.6
    environment:
      - MYSQL_DATABASE=woodpecker
      - MYSQL_USER=woodpecker
      - MYSQL_PASSWORD=woodpecker
      - MYSQL_RANDOM_ROOT_PASSWORD=1
    volumes:
      - /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql
    networks:
      - default
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname == macmini1
      labels:
       - "traefik.enable=false"
      update_config:
        order: stop-first
        failure_action: rollback
        delay: 5s
        parallelism: 1
      restart_policy:
        condition: on-failure

  agents-managers:
    image: woodpeckerci/woodpecker-agent:v3.8.0
    networks:
      - default
    environment:
      - WOODPECKER_LOG_FILE=stdout
      - WOODPECKER_SERVER=server:9000
      - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
      - WOODPECKER_DEBUG=true
      - WOODPECKER_LOG_LEVEL=error
      - WOODPECKER_BACKEND=docker
      - WOODPECKER_MAX_WORKFLOWS=1
      - WOODPECKER_DEBUG_PRETTY=true
      - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf
      - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}"
      - WOODPECKER_FILTER_LABELS=location=manager
      - WOODPECKER_HEALTHCHECK=true
    deploy:
      placement:
        constraints:
          - node.role == manager
          - node.hostname != ingress.nixc.us
      mode: global
      labels:
        - "traefik.enable=false"
      update_config:
        failure_action: rollback
        delay: 120s
        parallelism: 4
      restart_policy:
        condition: on-failure
    volumes:
      - agent-secret:/etc/woodpecker/
      - /var/run/docker.sock:/var/run/docker.sock
    dns:
      - 1.1.1.1
      - 8.8.8.8

  agents-workers:
    image: woodpeckerci/woodpecker-agent:v3.8.0
    networks:
      - default
    environment:
      - WOODPECKER_LOG_FILE=stdout
      - WOODPECKER_SERVER=server:9000
      - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG
      - WOODPECKER_DEBUG=true
      - WOODPECKER_LOG_LEVEL=error
      - WOODPECKER_BACKEND=docker
      - WOODPECKER_MAX_WORKFLOWS=1
      - WOODPECKER_DEBUG_PRETTY=true
      - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf
      - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}"
      - WOODPECKER_FILTER_LABELS=location=agent
    deploy:
      placement:
        constraints:
          - node.role == worker
          - node.hostname != ingress.nixc.us
      mode: global
      labels:
        - "traefik.enable=false"
      update_config:
        order: stop-first
        failure_action: rollback
        delay: 120s
        parallelism: 4
      restart_policy:
        condition: on-failure
    volumes:
      - agent-secret:/etc/woodpecker/
      - /var/run/docker.sock:/var/run/docker.sock
    dns:
      - 1.1.1.1
      - 8.8.8.8

volumes:
  agent-secret: