woodpecker agent and server

10 files changed, 256 insertions, 0 deletions

diff --git a/roles/woodpecker/Readme.md b/roles/woodpecker/Readme.md
new file mode 100644
index 0000000..da33f7d
--- /dev/null
+++ b/roles/woodpecker/Readme.md
@@ -0,0 +1,27 @@
+# Woodpecker CI Podman
+
+Woodpecker CI agent and server with Podman Backend
+
+https://woodpecker-ci.org/docs/administration/server-config
+
+https://woodpecker-ci.org/docs/administration/agent-config
+
+```yaml
+---
+woodpecker_ver: '2.3.0'
+
+woodpecker_server_enable: true
+woodpecker_server:
+  WOODPECKER_HOST: http://woodpecker.example.com:8000
+  WOODPECKER_GITEA: true
+  WOODPECKER_GITEA_URL: https://gitea.example.com
+  WOODPECKER_GITEA_CLIENT: CLIENT
+  WOODPECKER_GITEA_SECRET: SECRET
+  WOODPECKER_OPEN: true
+  WOODPECKER_ADMIN: jondoe
+
+woodpecker_agent_enable: false
+woodpecker_agent_type: podman
+woodpecker_agent:
+  WOODPECKER_SERVER: localhost:8000
+```
diff --git a/roles/woodpecker/defaults/main.yaml b/roles/woodpecker/defaults/main.yaml
new file mode 100644
index 0000000..472b76f
--- /dev/null
+++ b/roles/woodpecker/defaults/main.yaml
@@ -0,0 +1,17 @@
+---
+woodpecker_ver: '2.3.0'
+
+woodpecker_server_enable: true
+woodpecker_server:
+  WOODPECKER_HOST: http://woodpecker.example.com:8000
+  WOODPECKER_GITEA: true
+  WOODPECKER_GITEA_URL: https://gitea.example.com
+  WOODPECKER_GITEA_CLIENT: CLIENT
+  WOODPECKER_GITEA_SECRET: SECRET
+  WOODPECKER_OPEN: true
+  WOODPECKER_ADMIN: jondoe
+
+woodpecker_agent_enable: false
+woodpecker_agent_type: podman
+woodpecker_agent:
+  WOODPECKER_SERVER: localhost:8000
diff --git a/roles/woodpecker/files/containers.conf b/roles/woodpecker/files/containers.conf
new file mode 100644
index 0000000..28442b9
--- /dev/null
+++ b/roles/woodpecker/files/containers.conf
@@ -0,0 +1,5 @@
+[containers]
+log_driver="json-file"
+
+[engine]
+events_logger="file"
diff --git a/roles/woodpecker/files/woodpecker-agent.service b/roles/woodpecker/files/woodpecker-agent.service
new file mode 100644
index 0000000..7a4031a
--- /dev/null
+++ b/roles/woodpecker/files/woodpecker-agent.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Woodpecker Agent
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=simple
+User=woodpecker-agent
+Group=woodpecker-agent
+WorkingDirectory=/var/lib/woodpecker-agent/
+ExecStart=/usr/local/bin/woodpecker-agent
+Restart=always
+EnvironmentFile=/etc/woodpecker_agent
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/woodpecker/files/woodpecker-server.service b/roles/woodpecker/files/woodpecker-server.service
new file mode 100644
index 0000000..96abc63
--- /dev/null
+++ b/roles/woodpecker/files/woodpecker-server.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Woodpecker Server
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=simple
+User=woodpecker
+Group=woodpecker
+WorkingDirectory=/var/lib/woodpecker/
+ExecStart=/usr/local/bin/woodpecker-server
+Restart=always
+EnvironmentFile=/etc/woodpecker_server
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/woodpecker/handlers/main.yml b/roles/woodpecker/handlers/main.yml
new file mode 100644
index 0000000..d3f8d99
--- /dev/null
+++ b/roles/woodpecker/handlers/main.yml
@@ -0,0 +1,14 @@
+---
+- name: Handle systemd
+  systemd:
+    name: woodpecker-server
+    enabled: true
+    state: restarted
+  become: true
+
+- name: Handle systemd agent
+  systemd:
+    name: woodpecker-agent
+    enabled: true
+    state: restarted
+  become: true
diff --git a/roles/woodpecker/tasks/agent.yaml b/roles/woodpecker/tasks/agent.yaml
new file mode 100644
index 0000000..a3863ef
--- /dev/null
+++ b/roles/woodpecker/tasks/agent.yaml
@@ -0,0 +1,104 @@
+---
+- name: Install packages
+  apt:
+    name:
+      - podman
+      - dbus-user-session
+      - slirp4netns
+      - rootlesskit
+  become: true
+
+- name: Create agent User
+  user:
+    name: woodpecker-agent
+    home: /var/lib/woodpecker-agent
+    shell: /bin/bash
+    system: true
+    state: present
+  become: true
+  # agent_user.results.uid
+  register: agent_user
+
+- name: Create config dir
+  file:
+    path: /etc/woodpecker
+    state: directory
+    owner: woodpecker-agent
+    group: woodpecker-agent
+  become: true
+
+- name: Enable systemd lingering for woodpecker-agent
+  command: loginctl enable-linger woodpecker-agent
+  #file:
+  #  path: /var/lib/systemd/linger/woodpecker-agent
+  #  state: touch
+  become: true
+
+- name:
+  lineinfile:
+    path: '{{ item.p }}'
+    line: '{{ item.c }}'
+  loop:
+    - p: /etc/subuid
+      c: 'woodpecker-agent:165536:65536'
+    - p: /etc/subgid
+      c: 'woodpecker-agent:165536:65536'
+  become: true
+
+  # this is needed for woodpecker to detect stopeed containers
+  # https://github.com/containers/podman/issues/19581
+- name: Create .config/containes
+  file:
+    path: /var/lib/woodpecker-agent/.config/containers
+    state: directory
+  become_user: woodpecker-agent
+  become: true
+- name: Install containers.conf
+  copy:
+    src: containers.conf
+    dest: /var/lib/woodpecker-agent/.config/containers/containers.conf
+  become: true
+
+- name: Enable docker socket
+  systemd_service:
+    name: podman.socket
+    scope: user
+    enabled: true
+    state: started
+  become_user: woodpecker-agent
+  become: true
+
+- name: Download DEB
+  get_url:
+    url: 'https://github.com/woodpecker-ci/woodpecker/releases/download/v{{ woodpecker_ver }}/woodpecker-agent_{{ woodpecker_ver }}_amd64.deb'
+    dest: /var/lib/woodpecker-agent/agent.deb
+  become: true
+
+- name: Install DEB
+  apt:
+    deb: /var/lib/woodpecker-agent/agent.deb
+  become: true
+  notify:
+    - Handle systemd agent
+
+- name: Install woodpecker unit file
+  copy:
+    src: woodpecker-agent.service
+    dest: /etc/systemd/system/woodpecker-agent.service
+  become: true
+  notify:
+    - Handle systemd agent
+
+- name: Create config file
+  template:
+    src: woodpecker.j2
+    dest: /etc/woodpecker_agent
+    owner: root
+    group: woodpecker-agent
+    mode: '640'
+  become: true
+  loop:
+    - '{{ woodpecker_agent |
+      ansible.builtin.combine({"DOCKER_HOST":"unix:///run/user/{{ agent_user.uid }}/podman/podman.sock"}) }}'
+  notify:
+    - Handle systemd agent
diff --git a/roles/woodpecker/tasks/main.yaml b/roles/woodpecker/tasks/main.yaml
new file mode 100644
index 0000000..522453c
--- /dev/null
+++ b/roles/woodpecker/tasks/main.yaml
@@ -0,0 +1,9 @@
+---
+
+- name: Run server install
+  include_tasks: server.yaml
+  when: woodpecker_server_enable
+
+- name: Run agent install
+  include_tasks: agent.yaml
+  when: woodpecker_agent_enable
diff --git a/roles/woodpecker/tasks/server.yaml b/roles/woodpecker/tasks/server.yaml
new file mode 100644
index 0000000..57b9edf
--- /dev/null
+++ b/roles/woodpecker/tasks/server.yaml
@@ -0,0 +1,43 @@
+---
+- name: Create User
+  user:
+    name: woodpecker
+    home: /var/lib/woodpecker
+    shell: /bin/bash
+    system: true
+    state: present
+  become: true
+
+- name: Download DEB
+  get_url:
+    url: 'https://github.com/woodpecker-ci/woodpecker/releases/download/v{{ woodpecker_ver }}/woodpecker-server_{{ woodpecker_ver }}_amd64.deb'
+    dest: /var/lib/woodpecker/server.deb
+  become: true
+
+- name: Install DEB
+  apt:
+    deb: /var/lib/woodpecker/server.deb
+  become: true
+  notify:
+    - Handle systemd
+
+- name: Install woodpecker unit file
+  copy:
+    src: woodpecker-server.service
+    dest: /etc/systemd/system/woodpecker-server.service
+  become: true
+  notify:
+    - Handle systemd
+
+- name: Create config file
+  template:
+    src: woodpecker.j2
+    dest: /etc/woodpecker_server
+    owner: root
+    group: woodpecker
+    mode: '640'
+  become: true
+  loop:
+    - '{{ woodpecker_server }}'
+  notify:
+    - Handle systemd
diff --git a/roles/woodpecker/templates/woodpecker.j2 b/roles/woodpecker/templates/woodpecker.j2
new file mode 100644
index 0000000..d1e997c
--- /dev/null
+++ b/roles/woodpecker/templates/woodpecker.j2
@@ -0,0 +1,3 @@
+{% for k, v in item.items() %}
+{{ k }}={{ v }}
+{% endfor %}