version: "3.9"
networks:
  default:
    external: false
  traefik:
    external: true
services:
  woodpecker-server:
    image: woodpeckerci/woodpecker-server:next-4198c447fb
    environment:
      - WOODPECKER_OPEN=true
      - WOODPECKER_HOST=[REDACTED]
      - WOODPECKER_BACKEND=docker
      - WOODPECKER_BACKEND_DOCKER_NETWORK=default
      - WOODPECKER_ADMIN=[REDACTED]
      - WOODPECKER_REPO_OWNERS=[REDACTED]
      - WOODPECKER_LOG_LEVEL=debug
      - WOODPECKER_GITEA=true
      - WOODPECKER_GITEA_URL=[REDACTED]
      - WOODPECKER_GITEA_CLIENT=[REDACTED]
      - WOODPECKER_GITEA_SECRET=[REDACTED]
      - WOODPECKER_AGENT_SECRET=[REDACTED]
      - WOODPECKER_DATABASE_DRIVER=mysql
      - WOODPECKER_DATABASE_DATASOURCE=[REDACTED]
    networks:
      - traefik
      - default
    volumes:
      - /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname == macmini1
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.woodpecker.tls=true"
        - "traefik.http.services.woodpecker.loadbalancer.server.port=8000"
        - "traefik.http.routers.woodpecker.rule=Host(`woodpecker.nixc.us`)"
        - "traefik.http.routers.woodpecker.entrypoints=websecure"
        - "traefik.http.routers.woodpecker.tls.certresolver=letsencryptresolver"
        - "traefik.http.routers.woodpecker.service=woodpecker"
        - "traefik.docker.network=traefik"
      update_config:
        order: stop-first
        failure_action: rollback
        delay: 5s
        delay: 10s
        parallelism: 1
      restart_policy:
        condition: on-failure

  db:
    image: mariadb:10.6
    environment:
      - MYSQL_DATABASE=woodpecker
      - MYSQL_USER=woodpecker
      - MYSQL_PASSWORD=woodpecker
      - MYSQL_RANDOM_ROOT_PASSWORD=1
    volumes:
      - /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql
    networks:
      - default
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname == macmini1
      labels:
       - "traefik.enable=false"
      update_config:
        order: stop-first
        failure_action: rollback
        delay: 5s
        delay: 10s
        parallelism: 1
      restart_policy:
        condition: on-failure

  woodpecker-agents:
    image: woodpeckerci/woodpecker-agent:next-4198c447fb
    networks:
      - default
    environment:
      - WOODPECKER_SERVER=woodpecker-server:9000
      - WOODPECKER_AGENT_SECRET=[REDACTED]
      - WOODPECKER_DEBUG=TRUE
      - WOODPECKER_LOG_LEVEL=debug
      - WOODPECKER_BACKEND=docker
      - WOODPECKER_MAX_WORKFLOWS=1
      - WOODPECKER_DEBUG_PRETTY=true
      - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf
      - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}"
    deploy:
      mode: global
      labels:
        - "traefik.enable=false"
      update_config:
        order: start-first
        failure_action: rollback
        delay: 5s
        delay: 10s
        parallelism: 4
      restart_policy:
        condition: on-failure
    volumes:
      - agent-secret:/etc/woodpecker/
      - /var/run/docker.sock:/var/run/docker.sock
volumes:
  agent-secret: