diff --git a/pages/02.linux/woodpecker-ci/default.en.md b/pages/02.linux/woodpecker-ci/default.en.md index 22cdcf1..580cd5f 100644 --- a/pages/02.linux/woodpecker-ci/default.en.md +++ b/pages/02.linux/woodpecker-ci/default.en.md @@ -5,10 +5,15 @@ visible: true [toc] +This page details installation instructions for Woodpecker CI with a connection to a self-hosted [Gitea](/linux/gitea) instance. +Woodpecker will be deployed as a container. + ## Podman ### Network and Pod +Multiple containers will be created. To separate them from other containers while also simplifying access between member containers, a container network and pod are created. + ```sh podman network create net_woodpecker podman pod create --name pod_woodpecker --network net_woodpecker -p 8000:8000 -p 9000:9000 @@ -16,6 +21,8 @@ podman pod create --name pod_woodpecker --network net_woodpecker -p 8000:8000 -p #### Port Mappings +Woodpecker CI uses these ports for outside communication by default. + ``` 8000: Woodpecker HTTP listener, Configurable with "WOODPECKER_SERVER_ADDR" 9000: Woodpecker gRPC listener, Configurable with "WOODPECKER_GRPC_ADDR" @@ -23,6 +30,8 @@ podman pod create --name pod_woodpecker --network net_woodpecker -p 8000:8000 -p ### Database +The database container is standard PostgreSQL. + ```sh podman run --name woodpeckerdb \ -e PGDATA=/var/lib/postgresql/data/pgdata \ @@ -38,6 +47,8 @@ podman run --name woodpeckerdb \ > [Official Documentation](https://woodpecker-ci.org/docs/administration/server-config) +These options apply regardless of the Git Forge you want to use. + ```sh podman run --name woodpecker-server -t \ -e WOODPECKER_HOST=https://(hostname/ip address) \ @@ -57,10 +68,6 @@ If one wanted to add a user manually: `$ woodpecker-cli user add` Generate `WOODPECKER_AGENT_SECRET` with this command: `$ openssl rand -hex 32` -#### GitHub - -_TODO_ - #### Gitea > [Documentation](https://woodpecker-ci.org/docs/administration/vcs/gitea) @@ -75,10 +82,10 @@ Add these environment variables to enable Woodpecker for a gitea server. -e WOODPECKER_GITEA_SKIP_VERIFY=false \ ``` -I run gitea and woodpecker behind an OPNsense firewall. The default NAT configuration alerts due to a suspected DNS rebind attack. -Therefor I set added an override rule for my gitea url in OPNsense (Services > Unbound DNS > Overrides) +I run gitea and woodpecker behind an OPNsense firewall. The default NAT configuration is blocking the connection due to a suspected DNS rebind attack. +A simple workaround is adding an override rule in OPNsense under `Services > Unbound DNS > Overrides`. -> [Reddit post I used as guidance](https://www.reddit.com/r/OPNsenseFirewall/comments/lrmtsz/a_potential_dns_rebind_attack/) +> [Helpful Reddit post](https://www.reddit.com/r/OPNsenseFirewall/comments/lrmtsz/a_potential_dns_rebind_attack/) #### GitLab @@ -95,6 +102,10 @@ Add these environment variables to enable GitLab in Woodpecker. > [Official Documentation](https://woodpecker-ci.org/docs/administration/agent-config) +The Woodpecker agent must be deployed as a separate container. +It needs access to the docker socket to spawn new container processes on the host. +Podman isn't well supported currently, so I'll be using Docker for this one container instead (See below). + ```sh docker run --name woodpecker-agent -t \ -e WOODPECKER_SERVER=(url/ip):(grpc port) \ @@ -107,11 +118,9 @@ docker run --name woodpecker-agent -t \ -d docker.io/woodpeckerci/woodpecker-agent:latest ``` -The Woodpecker agent needs access to the docker socket to spawn new container processes on the host. -For now I'll be using docker to run my agents. +#### Podman Socket Notes Podman has support for using sockets since version 3.4.0. -_TODO: try out socket access once Podman 3.4.0 is on my servers_ _Recommended by Woodpecker is at least Podman 4.0_ [Podman socket activation](https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md)