version: "3.7"
services:
  drone-server:
    # drone server application
    deploy:
      placement:
        constraints: [node.labels.com.sigyl.git-stack == yes]
      replicas: 1
      restart_policy:
        condition: any
    image: ${LOCAL_DOCKER_REGISTRY}drone/drone:2.4.0
    volumes:
      - drone-5:/var/lib/drone
      - drone-data-5:/data
    environment:
      - DRONE_LOGS_DEBUG=true
      - DRONE_LOGS_PRETTY=true
      - DRONE_GITEA_SERVER=${DRONE_GITEA_SERVER}
      - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
      - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
      - DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname       
      - DRONE_ADMIN=giles
      - DRONE_SERVER_PROTO=${SCHEME} # tunnel adds https on top
      - DRONE_SERVER_PORT=:8080
      - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
      - DRONE_USER_CREATE=username:giles,admin:true
      - DRONE_AGENTS_ENABLED=true
      - DRONE_JSONNET_ENABLED=true
    networks:
      - appnet
      - externalnet
  drone-docker-runner:
    # drone runner performs builds
    deploy:
      placement:
        constraints: [node.labels.com.sigyl.git-stack == yes]
      replicas: 1
      restart_policy:
        condition: any
    image: ${LOCAL_DOCKER_REGISTRY}drone/drone-runner-docker:1.6.3
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_RPC_PROTO=http
      - DRONE_RPC_HOST=drone-server:8080
      - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
      - DRONE_RUNNER_CAPACITY=8
      - DRONE_RUNNER_NAME="docker-runner"
      - DRONE_RUNNER_ENVIRON=SCHEME:$SCHEME,DOMAIN:$DOMAIN,REGISTRY_DOMAIN:$REGISTRY_DOMAIN,REGISTRY_PORT:$REGISTRY_PORT,REGISTRY_PASSWORD:$REGISTRY_PASSWORD,SSH_HOST:$SSH_HOST,SSH_PORT:$SSH_PORT,SSH_USERNAME:$SSH_USERNAME,SSH_KEY:$SSH_KEY
    networks:
      - appnet
volumes:
  drone-5:
  drone-data-5:

networks:
  appnet:
    driver: overlay
    #external: true
  externalnet:
    driver: overlay
    external: true