add woodpecker

woodpecker/docker-compose.yml

@@ -0,0 +1,95 @@
+version: "3.8"
+
+services:
+  woodpecker-server:
+    image: woodpeckerci/woodpecker-server:v3.10.0
+    container_name: woodpecker-server
+    restart: unless-stopped
+    cpus: 0.5
+    mem_limit: 512m
+    networks:
+      - woodpecker
+    environment:
+      - WOODPECKER_OPEN=true
+      - WOODPECKER_HOST=${WOODPECKER_HOST}
+      - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
+      - WOODPECKER_ADMIN=${WOODPECKER_ADMIN}
+      - WOODPECKER_GITEA=true
+      - WOODPECKER_GITEA_URL=${WOODPECKER_GITEA_URL}
+      - WOODPECKER_GITEA_CLIENT=${WOODPECKER_GITEA_CLIENT}
+      - WOODPECKER_GITEA_SECRET=${WOODPECKER_GITEA_SECRET}
+      - WOODPECKER_GITEA_SKIP_VERIFY=true
+    # 只把 gRPC(容器 9000) 绑定到本机 Tailscale IP 的 8419
+    ports:
+      - "${LOCAL_TS_IP}:8419:9000"
+      - "${LOCAL_TS_IP}:8420:8000"
+    volumes:
+      - "./data:/var/lib/woodpecker"
+
+  woodpecker-agent:
+    container_name: woodpecker-agent
+    image: woodpeckerci/woodpecker-agent:v3.10.0
+    restart: unless-stopped
+    # cpus: 0.5
+    # mem_limit: 1024m
+    depends_on:
+      - woodpecker-server
+    networks:
+      - woodpecker
+    environment:
+      # 内网 agent 仍然走容器网络直连 server:9000
+      - "WOODPECKER_SERVER=woodpecker-server:9000"
+      - "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+
+  # === gRPC TCP 注册：HostSNI(`${WOODPECKER_GRPC_HOST}`) -> tcp -> LOCAL_TS_IP:8419 ===
+  woodpecker-grpc-registrar:
+    image: hashicorp/consul:1.21
+    container_name: woodpecker-grpc-registrar
+    restart: unless-stopped
+    networks:
+      - woodpecker
+    environment:
+      - CONSUL_HTTP_ADDR=http://${CONSUL_SERVER_IP}:8500
+      - SERVICE_NAME=woodpecker-grpc
+      - SERVICE_ADDR=${LOCAL_TS_IP}
+      - SERVICE_PORT=8419          # 对外注册用 8419
+      - ROUTE_HOST=${WOODPECKER_GRPC_HOST}
+      - SERVICE_PROTOCOL=tcp
+      - CHECK_TYPE=tcp
+      - CHECK_INTERVAL=${CHECK_INTERVAL}
+      - CHECK_TIMEOUT=${CHECK_TIMEOUT}
+      - DEREG_AFTER=${DEREG_AFTER}
+      - TRAEFIK_TCP_ENTRYPOINT=${TRAEFIK_TCP_ENTRYPOINT}
+    volumes:
+      - ./registrar.sh:/registrar.sh:ro
+    entrypoint: ["/bin/sh","/registrar.sh"]
+
+  # === 可选：Web(HTTP) 注册（默认注释掉；若需要对外暴露 Web，再开启） ===
+  woodpecker-web-registrar:
+    image: hashicorp/consul:1.21
+    container_name: woodpecker-web-registrar
+    restart: unless-stopped
+    networks:
+      - woodpecker
+    environment:
+      - CONSUL_HTTP_ADDR=http://${CONSUL_SERVER_IP}:8500
+      - SERVICE_NAME=woodpecker-web
+      - SERVICE_ADDR=${LOCAL_TS_IP}
+      - SERVICE_PORT=8420        # 若要暴露 Web，请同时在 woodpecker-server 里把 8420:8000 也映射
+      - ROUTE_HOST=${WOODPECKER_HOSTNAME}
+      - SERVICE_PROTOCOL=http
+      - CHECK_TYPE=http
+      - CHECK_PATH=${CHECK_PATH}
+      - CHECK_INTERVAL=${CHECK_INTERVAL}
+      - CHECK_TIMEOUT=${CHECK_TIMEOUT}
+      - DEREG_AFTER=${DEREG_AFTER}
+      - TRAEFIK_HTTP_ENTRYPOINT=${TRAEFIK_HTTP_ENTRYPOINT}
+    volumes:
+      - ./registrar.sh:/registrar.sh:ro
+    entrypoint: ["/bin/sh","/registrar.sh"]
+
+networks:
+  woodpecker:
+    driver: bridge