version: "3"

services:
  reverse_caddy:
    image: caddy:2-alpine
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    command: caddy run --config /run/secrets/caddy_config --adapter caddyfile
    volumes:
      - reversecaddydata:/data
      - reversecaddyconfig:/config
    networks:
      - reverse
      - prometheus
    secrets:
      - caddy_config

  woodpecker_server:
    image: woodpeckerci/woodpecker-server:v2.2.2-alpine
    volumes:
      - woodpeckerdata:/var/lib/woodpecker/
    entrypoint: /bin/sh -c "export WOODPECKER_GITEA_CLIENT=$$(cat /run/secrets/woodpecker_gitea_client) && export WOODPECKER_GITEA_SECRET=$$(cat /run/secrets/woodpecker_gitea_secret) && export WOODPECKER_AGENT_SECRET=$$(cat /run/secrets/woodpecker_agent_secret) && /bin/woodpecker-server"
    environment:
      WOODPECKER_ADMIN: qpismont
      WOODPECKER_HOST: https://woodpecker.qpismont.fr
      WOODPECKER_GITEA: "true"
      WOODPECKER_GITEA_URL: https://gitea.qpismont.fr
    networks:
      - reverse
    secrets:
      - woodpecker_agent_secret
      - woodpecker_gitea_client
      - woodpecker_gitea_secret

  woodpecker_agent:
    image: woodpeckerci/woodpecker-agent:v2.2.2-alpine
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    entrypoint: /bin/sh -c "export WOODPECKER_AGENT_SECRET=$$(cat /run/secrets/woodpecker_agent_secret) && /bin/woodpecker-agent"
    environment:
      WOODPECKER_SERVER: woodpecker_server:9000
      WOODPECKER_MAX_WORKFLOWS: 1
      WOODPECKER_LIMIT_CPU_SET: 1
    networks:
      - reverse
    secrets:
      - woodpecker_agent_secret

  gitea:
    image: codeberg.org/forgejo/forgejo:1.21
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
    volumes:
      - giteadata:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - reverse

  my_cv:
    image: gitea.qpismont.fr/qpismont/portfolio:1.0
    networks:
      - reverse

  wireguard_server:
    image: linuxserver/wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      PUID: 1000
      PGID: 1000
      TZ: Europe/Paris
      SERVEURURL: wireguard.qpismont.fr
      SERVERPORT: 51820
      PEERS: 1
      PEERDNS: auto
    volumes:
      - /home/user/wireguard-config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - wireguard

  prometheus:
    image: prom/prometheus:v2.49.1
    command: --config.file=/run/secrets/prometheus_config --storage.tsdb.path=/prometheus --web.console.libraries=/usr/share/prometheus/console_libraries --web.console.templates=/usr/share/prometheus/consoles
    networks:
      - wireguard
      - prometheus
    secrets:
      - prometheus_config

  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:rw
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
    networks:
      - prometheus

secrets:
  woodpecker_agent_secret:
    file: ./secrets/woodpecker_agent_secret
  woodpecker_gitea_secret:
    file: ./secrets/woodpecker_gitea_secret
  woodpecker_gitea_client:
    file: ./secrets/woodpecker_gitea_client
  caddy_config:
    file: ./Caddyfile
  prometheus_config:
    file: ./prometheus.yml

volumes:
  giteadata:
  letsencryptcerts:
  woodpeckerdata:
  reversecaddyconfig:
  reversecaddydata:
    external: true

networks:
  reverse:
  wireguard:
  prometheus: