Gitea repo init; Woodpecker pipeline init; much CI/CD structure outlined in ./infra, incl. docker-compose.yaml, cicd-playbook.yaml, new cicd vault, & config files for gitea, woodpecker & ansible

2026-02-10 21:16:00 -05:00
parent 4e1feddb45
commit fec1cfcb30
12 changed files with 245 additions and 26 deletions
--- a/infra/cicd/.env.j2
+++ b/infra/cicd/.env.j2
@@ -0,0 +1,4 @@
+WOODPECKER_ADMIN={{ woodpecker_admin }}
+WOODPECKER_AGENT_SECRET={{ woodpecker_agent_secret }}
+WOODPECKER_GITEA_CLIENT={{ woodpecker_gitea_client }}
+WOODPECKER_GITEA_SECRET={{ woodpecker_gitea_secret }}
--- a/infra/cicd/docker-compose.yaml
+++ b/infra/cicd/docker-compose.yaml
@@ -0,0 +1,58 @@
+services:
+  gitea:
+    image: docker.gitea.com/gitea:1.24
+    restart: unless-stopped
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__server__ROOT_URL=https://gitea.earthmanrpg.me/
+      - GITEA__server__DOMAIN=gitea.earthmanrpg.me
+      - GITEA__server__SSH_DOMAIN=gitea.earthmanrpg.me
+      - GITEA__webhook__ALLOWED_HOST_LIST=external,loopback
+    volumes:
+      - ./data/gitea:/data # Gitea stores repos, db, config here
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "127.0.0.1:3000:3000" # http (only localhost, nginx proxies)
+      - "222:22" # ssh (public, for git push)
+    networks:
+      - cicd
+
+  woodpecker-server:
+    image: woodpeckerci/woodpecker-server:v3
+    restart: unless-stopped
+    depends_on: 
+      - gitea
+    environment:
+      - WOODPECKER_HOST=https://ci.earthmanrpg.me
+      - WOODPECKER_OPEN=false
+      - WOODPECKER_ADMIN=${WOODPECKER_ADMIN}
+      - WOODPECKER_GITEA=true
+      - WOODPECKER_GITEA_URL=https://gitea.earthmanrpg.me
+      - WOODPECKER_GITEA_CLIENT=${WOODPECKER_GITEA_CLIENT}
+      - WOODPECKER_GITEA_SECRET=${WOODPECKER_GITEA_SECRET}
+      - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
+    volumes:
+      - ./data/woodpecker-server:/var/lib/woodpecker
+    ports:
+      - "127.0.0.1:8000:8000" # (only nginx proxies)
+    networks:
+      - cicd
+  
+  woodpecker-agent:
+    image: woodpeckerci/woodpecker-agent:v3
+    restart: unless-stopped
+    depends_on:
+      - woodpecker-server
+    environment:
+      - WOODPECKER_SERVER=woodpecker-server:9000
+      - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
+      - WOODPECKER_MAX_WORKFLOWS=2
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - cicd
+  
+networks:
+  cicd: 
--- a/infra/cicd/nginx/gitea.conf
+++ b/infra/cicd/nginx/gitea.conf
@@ -0,0 +1,14 @@
+server {
+    listen 80;
+    server_name gitea.earthmanrpg.me;
+
+    client_max_body_size 100m;
+
+    location / {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
--- a/infra/cicd/nginx/woodpecker.conf
+++ b/infra/cicd/nginx/woodpecker.conf
@@ -0,0 +1,16 @@
+server {
+    listen 80;
+    server_name ci.earthmanrpg.me;
+
+    location / {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket support (Woodpecker live log streaming)
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}