diff --git a/.gitignore b/.gitignore
index 78d3e8d..9885591 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,9 +21,11 @@
 /watchtower/
 /webdis/
 /wiki-js/
+/woodpecker/
 
 /caddy/config/conf.002.d/acme.serguzim.me.conf
 /caddy/config/conf.002.d/analytics.serguzim.me.conf
+/caddy/config/conf.002.d/ci.serguzim.me.conf
 /caddy/config/conf.002.d/coder.serguzim.me.conf
 /caddy/config/conf.002.d/faas.serguzim.me.conf
 /caddy/config/conf.002.d/git.serguzim.me.conf
diff --git a/_ansible/node002.yml b/_ansible/node002.yml
index e974fdd..e76b4e3 100644
--- a/_ansible/node002.yml
+++ b/_ansible/node002.yml
@@ -19,3 +19,4 @@
     - watchtower
     - webdis
     - wiki-js
+    - woodpecker
diff --git a/_ansible/roles/telegraf/vars/main.yml b/_ansible/roles/telegraf/vars/main.yml
index 5cc52c7..727c9d1 100644
--- a/_ansible/roles/telegraf/vars/main.yml
+++ b/_ansible/roles/telegraf/vars/main.yml
@@ -7,6 +7,7 @@ svc:
     bucket: metrics
   prometheus:
     urls:
+      - https://ci.serguzim.me/metrics
       - https://git.serguzim.me/metrics
       - https://matrix.msrg.cc/_synapse/metrics
       - https://tick.serguzim.me/metrics
diff --git a/_ansible/roles/woodpecker/tasks/main.yml b/_ansible/roles/woodpecker/tasks/main.yml
new file mode 100644
index 0000000..9c9604d
--- /dev/null
+++ b/_ansible/roles/woodpecker/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - woodpecker
+    - ci
+  block:
+    - import_tasks: deploy-common-service.yml
diff --git a/_ansible/roles/woodpecker/vars/main.yml b/_ansible/roles/woodpecker/vars/main.yml
new file mode 100644
index 0000000..7e27513
--- /dev/null
+++ b/_ansible/roles/woodpecker/vars/main.yml
@@ -0,0 +1,53 @@
+svc:
+  domain: "ci.serguzim.me"
+  name: woodpecker
+  port: 8000
+  extra_svcs:
+  - domain: agents.ci.serguzim.me
+    docker_host: h2c://woodpecker
+    port: 9000
+  db:
+    host: "{{ postgres.host }}"
+    port: "{{ postgres.port }}"
+    database: woodpecker
+    user: "{{ vault_woodpecker.db.user }}"
+    pass: "{{ vault_woodpecker.db.pass }}"
+
+svc_env:
+  WOODPECKER_OPEN: true
+  WOODPECKER_HOST: "https://{{ svc.domain }}"
+  WOODPECKER_ADMIN: "serguzim"
+  WOODPECKER_AGENT_SECRET: "{{ vault_woodpecker.agent_secret }}"
+  WOODPECKER_PROMETHEUS_AUTH_TOKEN: "{{ vault_metrics_token }}"
+
+  WOODPECKER_SERVER: "{{ svc.extra_svcs[0].domain }}:443"
+  WOODPECKER_GRPC_SECURE: true
+
+  WOODPECKER_GITEA: true
+  WOODPECKER_GITEA_URL: "https://git.serguzim.me"
+  WOODPECKER_GITEA_CLIENT: "{{ vault_woodpecker.gitea.client }}"
+  WOODPECKER_GITEA_SECRET: "{{ vault_woodpecker.gitea.secret }}"
+
+  WOODPECKER_DATABASE_DRIVER: "postgres"
+  WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full"
+
+compose:
+  watchtower: true
+  image: woodpeckerci/woodpecker-server
+  env: true
+  file:
+    services:
+      agent:
+        image: woodpeckerci/woodpecker-agent:latest
+        restart: always
+        labels:
+          com.centurylinklabs.watchtower.enable: true
+        command: agent
+        env_file:
+          - service.env
+        depends_on:
+          - app
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+        networks:
+          local-net:
diff --git a/caddy/config/conf.002.d/ci.serguzim.me.conf b/caddy/config/conf.002.d/ci.serguzim.me.conf
deleted file mode 100644
index bb6ca3a..0000000
--- a/caddy/config/conf.002.d/ci.serguzim.me.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-ci.serguzim.me {
-	import default
-	reverse_proxy woodpecker:8000
-}
-
-agents.ci.serguzim.me {
-	import default
-	reverse_proxy h2c://woodpecker:9000
-}
diff --git a/woodpecker/.env b/woodpecker/.env
deleted file mode 100644
index 8fd57bf..0000000
--- a/woodpecker/.env
+++ /dev/null
@@ -1,16 +0,0 @@
-WOODPECKER_OPEN="true"
-WOODPECKER_HOST="https://ci.serguzim.me"
-WOODPECKER_ADMIN="serguzim"
-WOODPECKER_AGENT_SECRET=
-WOODPECKER_PROMETHEUS_AUTH_TOKEN=
-
-WOODPECKER_SERVER="agents.ci.serguzim.me:443"
-WOODPECKER_GRPC_SECURE="true"
-
-WOODPECKER_GITEA="true"
-WOODPECKER_GITEA_URL="https://git.serguzim.me"
-WOODPECKER_GITEA_CLIENT=
-WOODPECKER_GITEA_SECRET=
-
-WOODPECKER_DATABASE_DRIVER="postgres"
-WOODPECKER_DATABASE_DATASOURCE="postgres://woodpecker:xxxxxx@db.serguzim.me:5432/woodpecker?sslmode=verify-full"
diff --git a/woodpecker/docker-compose.yml b/woodpecker/docker-compose.yml
deleted file mode 100644
index 1aefb3e..0000000
--- a/woodpecker/docker-compose.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-version: '3'
-
-services:
-  server:
-    image: woodpeckerci/woodpecker-server:latest
-    restart: always
-    labels:
-      com.centurylinklabs.watchtower.enable: true
-    env_file:
-      - .env
-      - .secret.env
-    networks:
-      local-net:
-      apps:
-        aliases:
-          - woodpecker
-
-  agent:
-    image: woodpeckerci/woodpecker-agent:latest
-    restart: always
-    labels:
-      com.centurylinklabs.watchtower.enable: true
-    command: agent
-    env_file:
-      - .env
-      - .secret.env
-    depends_on:
-      - server
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-    networks:
-      local-net:
-
-networks:
-  local-net:
-  apps:
-    external: true