130 lines
3.9 KiB
YAML
130 lines
3.9 KiB
YAML
---
|
|
|
|
- hosts: woodpeckers
|
|
vars:
|
|
- WOODPECKER_VERSION: "2.4.1"
|
|
- WOODPECKER_AGENT_SECRET: "{{ vault_woodpecker_agent_secret }}"
|
|
- WOODPECKER_GITEA_SECRET: "{{ vault_woodpecker_gitea_secret }}"
|
|
- WOODPECKER_GITEA_CLIENT: "78903dbe-f90e-4c8d-947a-f6839a1d11c9"
|
|
|
|
handlers:
|
|
- name: restart woodpecker
|
|
service:
|
|
name: woodpecker
|
|
state: restarted
|
|
daemon_reload: yes
|
|
|
|
- name: restart woodpecker agent
|
|
service:
|
|
name: woodpecker-agent
|
|
state: restarted
|
|
daemon_reload: yes
|
|
|
|
tasks:
|
|
- name: Basic setup
|
|
include_role: name=common
|
|
|
|
- name: Setup nginx
|
|
include_role: name=nginx
|
|
vars:
|
|
nginx_domain: woodpecker.afpy.org
|
|
nginx_certificates: ['woodpecker.afpy.org']
|
|
nginx_conf: |
|
|
server
|
|
{
|
|
listen [::]:80; listen 80;
|
|
server_name woodpecker.afpy.org;
|
|
access_log /var/log/nginx/woodpecker.afpy.org-access.log;
|
|
error_log /var/log/nginx/woodpecker.afpy.org-error.log;
|
|
return 301 https://woodpecker.afpy.org$request_uri;
|
|
}
|
|
|
|
server
|
|
{
|
|
listen [::]:443 ssl; listen 443 ssl;
|
|
server_name woodpecker.afpy.org;
|
|
access_log /var/log/nginx/woodpecker.afpy.org-access.log;
|
|
error_log /var/log/nginx/woodpecker.afpy.org-error.log;
|
|
include snippets/letsencrypt-woodpecker.afpy.org.conf;
|
|
client_max_body_size 16M;
|
|
|
|
location / {
|
|
proxy_pass http://localhost:8000;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
|
|
- name: Download woodpecker
|
|
get_url:
|
|
dest: /root/
|
|
url: "https://github.com/woodpecker-ci/woodpecker/releases/download/v{{WOODPECKER_VERSION}}/woodpecker-server_{{WOODPECKER_VERSION}}_amd64.deb"
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Install woodpecker
|
|
apt:
|
|
deb: "/root/woodpecker-server_{{WOODPECKER_VERSION}}_amd64.deb"
|
|
state: present
|
|
notify: restart woodpecker
|
|
|
|
- name: Create woodpecker group
|
|
group:
|
|
name: woodpecker
|
|
state: present
|
|
|
|
- name: Woodpecker user
|
|
user:
|
|
system: true
|
|
password: '!'
|
|
home: /var/lib/woodpecker
|
|
shell: /bin/bash
|
|
group: woodpecker
|
|
name: woodpecker
|
|
|
|
- name: Create SQLite directory
|
|
file:
|
|
path: '/var/lib/woodpecker'
|
|
state: directory
|
|
mode: 0755
|
|
owner: woodpecker
|
|
group: woodpecker
|
|
|
|
- name: woodpecker systemd service
|
|
notify: restart woodpecker
|
|
copy:
|
|
dest: /etc/systemd/system/woodpecker.service
|
|
content: |
|
|
[Unit]
|
|
Description=Woodpecker
|
|
After=network.target
|
|
|
|
[Service]
|
|
User=woodpecker
|
|
Group=woodpecker
|
|
WorkingDirectory=/var/lib/woodpecker/
|
|
Environment="WOODPECKER_AGENT_SECRET={{ WOODPECKER_AGENT_SECRET }}"
|
|
Environment="WOODPECKER_ADMIN=mdk"
|
|
Environment="WOODPECKER_LOG_LEVEL=debug"
|
|
Environment="WOODPECKER_OPEN=true"
|
|
Environment="WOODPECKER_HOST=https://woodpecker.afpy.org"
|
|
Environment="WOODPECKER_GITEA=true"
|
|
Environment="WOODPECKER_GITEA_URL=https://git.afpy.org"
|
|
Environment="WOODPECKER_GITEA_CLIENT={{WOODPECKER_GITEA_CLIENT}}"
|
|
Environment="WOODPECKER_GITEA_SECRET={{WOODPECKER_GITEA_SECRET}}"
|
|
ExecStart=/usr/local/bin/woodpecker-server
|
|
PrivateTmp=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
- name: Run Woodpecker server
|
|
service:
|
|
name: woodpecker
|
|
enabled: yes
|
|
state: started
|
|
daemon_reload: yes
|