Flesh out Woodpecker CI article

pages/02.linux/woodpecker-ci/default.en.md

@@ -5,10 +5,15 @@ visible: true
 
 [toc]
 
+This page details installation instructions for Woodpecker CI with a connection to a self-hosted [Gitea](/linux/gitea) instance.  
+Woodpecker will be deployed as a container.
+
 ## Podman
 
 ### Network and Pod
 
+Multiple containers will be created. To separate them from other containers while also simplifying access between member containers, a container network and pod are created.
+
 ```sh
 podman network create net_woodpecker
 podman pod create --name pod_woodpecker --network net_woodpecker -p 8000:8000 -p 9000:9000
@@ -16,6 +21,8 @@ podman pod create --name pod_woodpecker --network net_woodpecker -p 8000:8000 -p
 
 #### Port Mappings
 
+Woodpecker CI uses these ports for outside communication by default.
+
 ```
 8000: Woodpecker HTTP listener, Configurable with "WOODPECKER_SERVER_ADDR"
 9000: Woodpecker gRPC listener, Configurable with "WOODPECKER_GRPC_ADDR"
@@ -23,6 +30,8 @@ podman pod create --name pod_woodpecker --network net_woodpecker -p 8000:8000 -p
 
 ### Database
 
+The database container is standard PostgreSQL.  
+
 ```sh
 podman run --name woodpeckerdb \
     -e PGDATA=/var/lib/postgresql/data/pgdata \
@@ -38,6 +47,8 @@ podman run --name woodpeckerdb \
 
 > [Official Documentation](https://woodpecker-ci.org/docs/administration/server-config)
 
+These options apply regardless of the Git Forge you want to use.  
+
 ```sh
 podman run --name woodpecker-server -t \
     -e WOODPECKER_HOST=https://(hostname/ip address) \
@@ -57,10 +68,6 @@ If one wanted to add a user manually: `$ woodpecker-cli user add`
 Generate `WOODPECKER_AGENT_SECRET` with this command:  
 `$ openssl rand -hex 32`
 
-#### GitHub
-
-_TODO_
-
 #### Gitea
 
 > [Documentation](https://woodpecker-ci.org/docs/administration/vcs/gitea)
@@ -75,10 +82,10 @@ Add these environment variables to enable Woodpecker for a gitea server.
     -e WOODPECKER_GITEA_SKIP_VERIFY=false \
 ```
 
-I run gitea and woodpecker behind an OPNsense firewall. The default NAT configuration alerts due to a suspected DNS rebind attack.  
+I run gitea and woodpecker behind an OPNsense firewall. The default NAT configuration is blocking the connection due to a suspected DNS rebind attack.  
-Therefor I set added an override rule for my gitea url in OPNsense (Services > Unbound DNS > Overrides)
+A simple workaround is adding an override rule in OPNsense under `Services > Unbound DNS > Overrides`.
 
-> [Reddit post I used as guidance](https://www.reddit.com/r/OPNsenseFirewall/comments/lrmtsz/a_potential_dns_rebind_attack/)
+> [Helpful Reddit post](https://www.reddit.com/r/OPNsenseFirewall/comments/lrmtsz/a_potential_dns_rebind_attack/)
 
 #### GitLab
 
@@ -95,6 +102,10 @@ Add these environment variables to enable GitLab in Woodpecker.
 
 > [Official Documentation](https://woodpecker-ci.org/docs/administration/agent-config)
 
+The Woodpecker agent must be deployed as a separate container.  
+It needs access to the docker socket to spawn new container processes on the host.  
+Podman isn't well supported currently, so I'll be using Docker for this one container instead (See below).
+
 ```sh
 docker run --name woodpecker-agent -t \
     -e WOODPECKER_SERVER=(url/ip):(grpc port) \
@@ -107,11 +118,9 @@ docker run --name woodpecker-agent -t \
     -d docker.io/woodpeckerci/woodpecker-agent:latest
 ```
 
-The Woodpecker agent needs access to the docker socket to spawn new container processes on the host.  
+#### Podman Socket Notes
-For now I'll be using docker to run my agents.
 
 Podman has support for using sockets since version 3.4.0.  
-_TODO: try out socket access once Podman 3.4.0 is on my servers_  
 _Recommended by Woodpecker is at least Podman 4.0_  
 [Podman socket activation](https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md)