Add Woodpecker server role

roles/podman_woodpecker/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+podman_woodpecker_version: v2.7.1-alpine
+podman_woodpecker_user: podman

roles/podman_woodpecker/tasks/machinectl.yml

@@ -0,0 +1,63 @@
+---
+- name: Create Woodpecker volume
+  containers.podman.podman_volume:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - woodpecker
+    - logs
+
+- name: Create Woodpecker Forgejo client secret
+  containers.podman.podman_secret:
+    name: woodpecker-forgejo-secret
+    state: present
+    data: "{{ podman_woodpecker_forgejo_client_secret }}"
+    skip_existing: true
+
+- name: Create Woodpecker agent secret
+  containers.podman.podman_secret:
+    state: present
+    name: woodpecker-agent-secret
+    data: "{{ podman_woodpecker_agent_secret }}"
+    skip_existing: true
+
+- name: Create Woodpecker container
+  containers.podman.podman_container:
+    name: woodpecker
+    state: present
+    image: docker.io/woodpeckerci/woodpecker-server:{{ podman_woodpecker_version }}
+    volumes:
+      - 'woodpecker:/var/lib/woodpecker'
+      - 'logs:/var/lib/woodpecker/logs'
+      - '/etc/timezone:/etc/timezone:ro'
+      - '/etc/localtime:/etc/localtime:ro'
+    ports:
+      - "3001:8000"
+      - "3002:9000"
+    env:
+      WOODPECKER_HOST: "{{ podman_woodpecker_host }}"
+      WOODPECKER_ADMIN: "{{ podman_woodpecker_admin }}"
+      WOODPECKER_OPEN: true
+      WOODPECKER_AGENT_SECRET_FILE: /run/secrets/woodpecker-agent-secret
+      WOODPECKER_FORGEJO: true
+      WOODPECKER_FORGEJO_URL: "{{ podman_woodpecker_forgejo_url }}"
+      WOODPECKER_FORGEJO_CLIENT: "{{ podman_woodpecker_forgejo_client_id }}"
+      WOODPECKER_LOG_STORE: file
+      WOODPECKER_LOG_STORE_FILE_PATH: /var/lib/woodpecker/logs
+    secrets:
+      # There is no *_FILE variable to mount the Forgejo secret, so use envvar instead.
+      - woodpecker-forgejo-secret,type=env,target=WOODPECKER_FORGEJO_SECRET
+      - woodpecker-agent-secret
+    # Gracefully stopping the gRPC handler might take some time; 2m30 is excessive but sufficient.
+    stop_timeout: 150
+    generate_systemd:
+      restart_policy: always
+      path: ~/.config/systemd/user
+
+- name: Start and enable Woodpecker
+  ansible.builtin.systemd_service:
+    name: container-woodpecker.service
+    daemon_reload: true
+    state: started
+    enabled: true
+    scope: user

roles/podman_woodpecker/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Configure Woodpecker service
+  ansible.builtin.import_tasks: machinectl.yml
+  become_method: community.general.machinectl
+  become_user: "{{ podman_woodpecker_user }}"
+  become: true