qpismont/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add herald + upgrade gitea and woodpecker

Browse Source
This commit is contained in:
qpismont
2026-06-12 23:47:50 +02:00
parent 041eb5196f
commit 17c1d39cc2
2 changed files with 166 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.devcontainer/devcontainer.json
+3 -2
View File
@@ -1,11 +1,12 @@
{
"workspaceFolder": "/workspace",
"workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,Z",
"runArgs": ["--userns=keep-id", "--security-opt", "label=disable"],
"mounts": [
"source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,readonly"
"source=${localEnv:HOME}/.ssh,target=/root/.ssh,type=bind,readonly"
],
"build": {
"dockerfile": "Dockerfile"
},
"postAttachCommand": "docker context create prod --docker \"host=ssh://user@62.210.212.10\""
}
}
docker-compose.yml
+163 -124
View File
@@ -1,142 +1,181 @@
version: "3"
services:
reverse_caddy:
image: caddy:2.11-alpine
ports:
- "80:80"
- "443:443"
- "443:443/udp"
configs:
- source: caddy_config
target: /etc/caddy/Caddyfile
volumes:
- reversecaddydata:/data
- reversecaddyconfig:/config
networks:
- reverse_network
- prometheus_network
reverse_caddy:
image: caddy:2.11-alpine
ports:
- "80:80"
- "443:443"
- "443:443/udp"
configs:
- source: caddy_config
target: /etc/caddy/Caddyfile
volumes:
- reversecaddydata:/data
- reversecaddyconfig:/config
networks:
- reverse_network
- prometheus_network
woodpecker_server:
image: woodpeckerci/woodpecker-server:v3.13.0-alpine
volumes:
- woodpeckerdata:/var/lib/woodpecker/
entrypoint: /bin/sh -c "export WOODPECKER_GITEA_CLIENT=$$(cat /run/secrets/woodpecker_gitea_client) && export WOODPECKER_GITEA_SECRET=$$(cat /run/secrets/woodpecker_gitea_secret) && export WOODPECKER_AGENT_SECRET=$$(cat /run/secrets/woodpecker_agent_secret) && /bin/woodpecker-server"
environment:
WOODPECKER_ADMIN: qpismont
WOODPECKER_HOST: https://woodpecker.qpismont.fr
WOODPECKER_GITEA: "true"
WOODPECKER_GITEA_URL: https://gitea.qpismont.fr
networks:
- reverse_network
secrets:
- woodpecker_agent_secret
- woodpecker_gitea_client
- woodpecker_gitea_secret
woodpecker_server:
image: woodpeckerci/woodpecker-server:v3.15-alpine
volumes:
- woodpeckerdata:/var/lib/woodpecker/
entrypoint: /bin/sh -c "export WOODPECKER_GITEA_CLIENT=$$(cat /run/secrets/woodpecker_gitea_client) && export WOODPECKER_GITEA_SECRET=$$(cat /run/secrets/woodpecker_gitea_secret) && export WOODPECKER_AGENT_SECRET=$$(cat /run/secrets/woodpecker_agent_secret) && /bin/woodpecker-server"
environment:
WOODPECKER_ADMIN: qpismont
WOODPECKER_HOST: https://woodpecker.qpismont.fr
WOODPECKER_GITEA: "true"
WOODPECKER_GITEA_URL: https://gitea.qpismont.fr
networks:
- reverse_network
secrets:
- woodpecker_agent_secret
- woodpecker_gitea_client
- woodpecker_gitea_secret
woodpecker_agent:
image: woodpeckerci/woodpecker-agent:v3.13.0-alpine
volumes:
- /var/run/docker.sock:/var/run/docker.sock
entrypoint: /bin/sh -c "export WOODPECKER_AGENT_SECRET=$$(cat /run/secrets/woodpecker_agent_secret) && /bin/woodpecker-agent"
environment:
WOODPECKER_SERVER: woodpecker_server:9000
WOODPECKER_MAX_WORKFLOWS: 1
WOODPECKER_LIMIT_CPU_SET: 1
networks:
- reverse_network
secrets:
- woodpecker_agent_secret
woodpecker_agent:
image: woodpeckerci/woodpecker-agent:v3.15-alpine
volumes:
- /var/run/docker.sock:/var/run/docker.sock
entrypoint: /bin/sh -c "export WOODPECKER_AGENT_SECRET=$$(cat /run/secrets/woodpecker_agent_secret) && /bin/woodpecker-agent"
environment:
WOODPECKER_SERVER: woodpecker_server:9000
WOODPECKER_MAX_WORKFLOWS: 1
WOODPECKER_LIMIT_CPU_SET: 1
networks:
- reverse_network
secrets:
- woodpecker_agent_secret
gitea:
image: docker.gitea.com/gitea:1.25.2
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
volumes:
- giteadata:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
- reverse_network
gitea:
image: docker.gitea.com/gitea:1.26.2
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
volumes:
- giteadata:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
- reverse_network
wireguard_server:
image: linuxserver/wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
PUID: 1000
PGID: 1000
TZ: Europe/Paris
SERVEURURL: wireguard.qpismont.fr
SERVERPORT: 51820
PEERS: 1
PEERDNS: auto
volumes:
- /home/user/wireguard-config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
networks:
- wireguard_network
wireguard_server:
image: linuxserver/wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
PUID: 1000
PGID: 1000
TZ: Europe/Paris
SERVEURURL: wireguard.qpismont.fr
SERVERPORT: 51820
PEERS: 1
PEERDNS: auto
volumes:
- /home/user/wireguard-config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
networks:
- wireguard_network
perses:
image: persesdev/perses:latest
networks:
- wireguard_network
- prometheus_network
perses:
image: persesdev/perses:latest
networks:
- wireguard_network
- prometheus_network
prometheus:
image: prom/prometheus:v3.9.1
configs:
- source: prometheus_config
target: /etc/prometheus/prometheus.yml
networks:
- prometheus_network
prometheus:
image: prom/prometheus:v3.9.1
configs:
- source: prometheus_config
target: /etc/prometheus/prometheus.yml
networks:
- prometheus_network
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
networks:
- prometheus_network
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
networks:
- prometheus_network
herald:
image: tintounn/herald:1.0
entrypoint:
- /bin/sh
- -c
- >-
export GITEA_TOKEN=$$(cat /run/secrets/herald_gitea_token) &&
export OPEN_ROUTER_API_KEY=$$(cat /run/secrets/herald_openrouter_token) &&
export WEBHOOK_SIG_HEADER_SECRET=$$(cat /run/secrets/herald_gitea_header_secret) &&
export SENTRY_DSN=$$(cat /run/secrets/herald_sentry_dsn) &&
/app/herald
networks:
- reverse_network
secrets:
- herald_gitea_token
- herald_openrouter_token
- herald_gitea_header_secret
- herald_sentry_dsn
environment:
HTTP_PORT: 3000
BOT_NAME: Herald
BOT_MAX_CONCURRENT: 5
GITEA_URL: http://gitea:3000
GITEA_TIMEOUT: 60
OPEN_ROUTER_MODEL: deepseek/deepseek-v4-flash
OPEN_ROUTER_TIMEOUT: 600
secrets:
woodpecker_agent_secret:
name: woodpecker_agent_secret_${DATETIME}
file: ./secrets/woodpecker_agent_secret
woodpecker_gitea_secret:
name: woodpecker_gitea_secret_${DATETIME}
file: ./secrets/woodpecker_gitea_secret
woodpecker_gitea_client:
name: woodpecker_gitea_client_${DATETIME}
file: ./secrets/woodpecker_gitea_client
woodpecker_agent_secret:
name: woodpecker_agent_secret_${DATETIME}
file: ./secrets/woodpecker_agent_secret
woodpecker_gitea_secret:
name: woodpecker_gitea_secret_${DATETIME}
file: ./secrets/woodpecker_gitea_secret
woodpecker_gitea_client:
name: woodpecker_gitea_client_${DATETIME}
file: ./secrets/woodpecker_gitea_client
herald_gitea_token:
name: herald_gitea_token_${DATETIME}
file: ./secrets/herald/herald_gitea_token
herald_openrouter_token:
name: herald_openrouter_token_${DATETIME}
file: ./secrets/herald/herald_openrouter_token
herald_gitea_header_secret:
name: herald_gitea_header_secret_${DATETIME}
file: ./secrets/herald/herald_gitea_header_secret
herald_sentry_dsn:
name: herald_sentry_dsn_${DATETIME}
file: ./secrets/herald/herald_sentry_dsn
configs:
caddy_config:
name: caddy_config_${DATETIME}
file: ./Caddyfile
prometheus_config:
name: prometheus_config_${DATETIME}
file: ./prometheus.yml
caddy_config:
name: caddy_config_${DATETIME}
file: ./Caddyfile
prometheus_config:
name: prometheus_config_${DATETIME}
file: ./prometheus.yml
volumes:
giteadata:
woodpeckerdata:
reversecaddyconfig:
reversecaddydata:
giteadata:
woodpeckerdata:
reversecaddyconfig:
reversecaddydata:
networks:
reverse_network:
external: true
wireguard_network:
external: true
prometheus_network:
external: true
reverse_network:
external: true
wireguard_network:
external: true
prometheus_network:
external: true