From e758e43b727a1ea8b1f5fab2b01c04fadcb95fb6 Mon Sep 17 00:00:00 2001
From: Jakob Meier <comcloudway@ccw.icu>
Date: Mon, 12 Jun 2023 20:17:30 +0200
Subject: [PATCH] Added woodpecker-ci ansible config

---
 roles/containers/woodpecker-ci/README.org     | 17 ++++++++
 .../woodpecker-ci/defaults/main.yml           | 13 ++++++
 .../containers/woodpecker-ci/tasks/caddy.yml  | 24 +++++++++++
 roles/containers/woodpecker-ci/tasks/main.yml |  3 ++
 .../containers/woodpecker-ci/tasks/setup.yml  | 42 +++++++++++++++++++
 run.yml                                       | 13 ++++--
 6 files changed, 109 insertions(+), 3 deletions(-)
 create mode 100644 roles/containers/woodpecker-ci/README.org
 create mode 100644 roles/containers/woodpecker-ci/defaults/main.yml
 create mode 100644 roles/containers/woodpecker-ci/tasks/caddy.yml
 create mode 100644 roles/containers/woodpecker-ci/tasks/main.yml
 create mode 100644 roles/containers/woodpecker-ci/tasks/setup.yml

diff --git a/roles/containers/woodpecker-ci/README.org b/roles/containers/woodpecker-ci/README.org
new file mode 100644
index 0000000..3d4b7a5
--- /dev/null
+++ b/roles/containers/woodpecker-ci/README.org
@@ -0,0 +1,17 @@
+* /roles/containers/woodpecker-ci
+[[woodpecker-ci.org/][Woodpecker CI]] module.
+
+Before using this,
+you probably want to set/edit the following variables
+in your ~secret.yml~ (or your unencrypted config):
+#+begin_src yaml
+woodpecker_port: 8000
+woodpecker_host: https://ci.ccw.icu
+woodpecker_gitea: https://codeberg.org
+woodpecker_gitea_client: changeme
+woodpecker_gitea_secret: changeme
+woodpecker_orgs: ""
+woodpecker_admin: "{{ username }}"
+woodpecker_repo_owners: "{{ username }}"
+woodpecker_agent_secret: changeme
+#+end_src
diff --git a/roles/containers/woodpecker-ci/defaults/main.yml b/roles/containers/woodpecker-ci/defaults/main.yml
new file mode 100644
index 0000000..36dedb3
--- /dev/null
+++ b/roles/containers/woodpecker-ci/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+woodpecker_project_dir: "ci"
+woodpecker_port: "8000"
+woodpecker_open: "false"
+woodpecker_domain: "ci.ccw.icu"
+woodpecker_host: "https://{{ woodpecker_domain }}"
+woodpecker_gitea: "https://codeberg.org"
+woodpecker_gitea_client: "changeme"
+woodpecker_gitea_secret: "changeme"
+woodpecker_orgs: ""
+woodpecker_admin: "{{ username }}"
+woodpecker_repo_owners: "{{ username }}"
+woodpecker_agent_secret: "changeme"
diff --git a/roles/containers/woodpecker-ci/tasks/caddy.yml b/roles/containers/woodpecker-ci/tasks/caddy.yml
new file mode 100644
index 0000000..d2452c3
--- /dev/null
+++ b/roles/containers/woodpecker-ci/tasks/caddy.yml
@@ -0,0 +1,24 @@
+---
+- name: Make sure woodpecker-caddy reverse proxy config exists
+  become: true
+  vars:
+    domain: "{{ woodpecker_domain }}"
+    port: "{{ woodpecker_port }}"
+  template:
+    src: ../../../network/caddy/templates/reverse-proxy.template
+    dest: /etc/caddy/woodpecker
+    validate: caddy validate --adapter caddyfile --config %s
+
+- name: Make sure caddy links to the woodpecker config
+  become: true
+  lineinfile:
+    path: /etc/caddy/Caddyfile
+    search_string: "^import /etc/caddy/woodpecker"
+    line: "import /etc/caddy/woodpecker"
+    validate: caddy validate --adapter caddyfile --config %s
+  notify: Restart caddy
+
+- name: Restart caddy
+  service:
+    name: caddy
+    state: restarted
diff --git a/roles/containers/woodpecker-ci/tasks/main.yml b/roles/containers/woodpecker-ci/tasks/main.yml
new file mode 100644
index 0000000..415dc21
--- /dev/null
+++ b/roles/containers/woodpecker-ci/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- include_tasks: setup.yml
+- include_tasks: caddy.yml
diff --git a/roles/containers/woodpecker-ci/tasks/setup.yml b/roles/containers/woodpecker-ci/tasks/setup.yml
new file mode 100644
index 0000000..76f2ed4
--- /dev/null
+++ b/roles/containers/woodpecker-ci/tasks/setup.yml
@@ -0,0 +1,42 @@
+---
+- name: Ensure woodpecker-project-dir "{{ woodpecker_project_dir }}" exists
+  file:
+    path: "{{ container_dir }}/{{ woodpecker_project_dir }}"
+    state: directory
+    recurse: true
+
+- name: Setup woodpecker-server
+  docker_container:
+    name: woodpecker-server
+    restart_policy: unless-stopped
+    image: woodpeckerci/woodpecker-server:next-alpine
+    ports:
+      - "{{ woodpecker_port }}:8000"
+    volumes:
+      - "{{ container_dir }}\
+        /{{ woodpecker_project_dir }}\
+        /woodpecker-server-data\
+        :/var/lib/woodpecker"
+    env:
+      WOODPECKER_OPEN: "{{ woodpecker_open }}"
+      WOODPECKER_HOST: "{{ woodpecker_host }}"
+      WOODPECKER_GITEA: "true"
+      WOODPECKER_GITEA_URL: "{{ woodpecker_gitea }}"
+      WOODPECKER_GITEA_CLIENT: "{{ woodpecker_gitea_client }}"
+      WOODPECKER_GITEA_SECRET: "{{ woodpecker_gitea_secret }}"
+      WOODPECKER_ORGS: "{{ woodpecker_orgs }}"
+      WOODPECKER_ADMIN: "{{ woodpecker_admin }}"
+      WOODPECKER_REPO_OWNERS: "{{ woodpecker_repo_owners }}"
+
+- name: Setup woodpecker-agent
+  docker_container:
+    name: woodpecker-agent
+    restart_policy: unless-stopped
+    image: woodpeckerci/woodpecker-agent:next-alpine
+    command: agent
+    links: woodpecker-server
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    env:
+      WOODPECKER_SERVER: "woodpecker-server:9000"
+      WOODPECKER_AGENT_SECRET: "{{ woodpecker_agent_secret }}"
diff --git a/run.yml b/run.yml
index f2db50b..961bcf1 100644
--- a/run.yml
+++ b/run.yml
@@ -1,6 +1,13 @@
 ---
-- hosts: all
-  become: yes
-
+- name: Setup base system
+  hosts: all
+  become: true
   roles:
     - role: system
+      tags: system
+
+- name: Woodpecker CI
+  hosts: all
+  roles:
+    - role: containers/woodpecker-ci
+      tags: woodpecker-ci
-- 
2.38.5