-
Notifications
You must be signed in to change notification settings - Fork 5
/
gitea-runner.yml
148 lines (130 loc) · 4.17 KB
/
gitea-runner.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
---
- hosts: homelab
vars:
application: gitea-runner
docker_network: "{{ networks.pub }}"
handlers:
- name: Restart
community.docker.docker_container:
name: "{{ application }}"
restart: true
comparisons:
'*': ignore
tasks:
- name: Create config folder
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0771"
loop:
- "{{ config_directory }}"
- /var/log/gitea
- name: Create config
ansible.builtin.copy:
content: |
log:
level: info
runner:
capacity: 50
timeout: 30m
fetch_timeout: 5m
container:
network: "{{ networks.user.name }}"
privileged: true
valid_volumes:
- '**'
dest: "{{ config_directory }}/config.yaml"
mode: "0440"
notify: Restart
- name: Create SSH folder
ansible.builtin.file:
path: "{{ config_directory }}/ssh"
state: directory
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0700"
tags:
- ssh
- name: Create SSH key
community.crypto.openssh_keypair:
path: "{{ config_directory }}/ssh/id_ed25519"
type: ed25519
register: _gitea_ssh_key
tags:
- ssh
- name: Set SSH variable
ansible.builtin.set_fact:
gitea_ssh_public_key: "{{ _gitea_ssh_key.public_key }}"
tags:
- ssh
- name: Allow SSH
ansible.posix.authorized_key:
user: "{{ common_user }}"
state: present
key: "{{ gitea_ssh_public_key }}"
comment: gitea-runner
tags:
- ssh
- name: Create runner container
ansible.builtin.include_role:
name: docker_container
vars:
image: gitea/act_runner:0.2.11
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- "{{ config_directory }}/data:/data"
- "{{ config_directory }}/cache:/root/.cache"
- "{{ config_directory }}/config.yaml:/config.yaml"
env:
GITEA_INSTANCE_URL: "https://gitea.{{ common_tld }}"
GITEA_RUNNER_REGISTRATION_TOKEN: !vault |
$ANSIBLE_VAULT;1.1;AES256
66343538306337613362663061383565376631646132666337643838363134323338303830663761
3335396266653135373132376630383232393334646563650a633039363362626433323363376662
30653262313533616464636161633435646461373264336366313563386337343432633831643633
3865313362386336310a666531333963373131656439653330613536383539336637653538636337
64353766613539333433373731626434343236323461646333333065666366633666366165323632
3931373632376536366430646265633335336435646630396366
CONFIG_FILE: /config.yaml
- name: Copy Dockerfiles
ansible.builtin.copy:
src: "{{ files_directory }}/Dockerfiles"
dest: "{{ config_directory }}/"
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0751"
register: _gitea_dockerfiles_copy
- name: Locate all Dockerfile folders
ansible.builtin.find:
paths: "{{ config_directory }}/Dockerfiles"
recurse: false
file_type: directory
register: _gitea_dockerfiles_location
- name: Build local Docker images
community.docker.docker_image:
build:
path: "{{ item.path }}"
name: "calvinbui/{{ item.path.split('/') | last }}:localhost"
tag: latest
push: false
source: build
state: present
force_source: "{{ true if _gitea_dockerfiles_copy.changed else false }}"
loop: "{{ _gitea_dockerfiles_location.files }}"
- hosts: nvr:octopi
gather_facts: false
vars:
ssh_user:
nvr: root
octopi: pi
tasks:
- name: Set authorized keys
ansible.posix.authorized_key:
user: "{{ ssh_user[inventory_hostname.split('.')[0]] }}"
state: present
key: "{{ hostvars['homelab.' + common_local_tld]['gitea_ssh_public_key'] }}"
comment: gitea-runner
tags:
- ssh