-
Notifications
You must be signed in to change notification settings - Fork 4
/
gitea-runner.yml
146 lines (128 loc) · 4.11 KB
/
gitea-runner.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
---
- hosts: homelab
vars:
application: gitea-runner
docker_network: "{{ networks.pub }}"
handlers:
- name: Restart
community.docker.docker_container:
name: "{{ application }}"
restart: true
comparisons:
'*': ignore
tasks:
- name: Create config folder
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0771"
loop:
- "{{ config_directory }}"
- /var/log/gitea
- name: Create config
ansible.builtin.copy:
content: |
log:
level: info
runner:
capacity: 50
timeout: 30m
fetch_timeout: 5m
container:
network: "{{ networks.user.name }}"
privileged: true
valid_volumes:
- '**'
dest: "{{ config_directory }}/config.yaml"
mode: "0440"
notify: Restart
- name: Create SSH folder
ansible.builtin.file:
path: "{{ config_directory }}/ssh"
state: directory
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0700"
tags:
- ssh
- name: Create SSH key
community.crypto.openssh_keypair:
path: "{{ config_directory }}/ssh/id_ed25519"
type: ed25519
register: _gitea_ssh_key
tags:
- ssh
- name: Set SSH variable
ansible.builtin.set_fact:
gitea_ssh_public_key: "{{ _gitea_ssh_key.public_key }}"
tags:
- ssh
- name: Allow SSH
ansible.posix.authorized_key:
user: "{{ common_user }}"
state: present
key: "{{ gitea_ssh_public_key }}"
tags:
- ssh
- name: Create runner container
ansible.builtin.include_role:
name: docker_container
vars:
image: gitea/act_runner:0.2.10
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- "{{ config_directory }}/data:/data"
- "{{ config_directory }}/cache:/root/.cache"
- "{{ config_directory }}/config.yaml:/config.yaml"
env:
GITEA_INSTANCE_URL: "https://gitea.{{ common_tld }}"
GITEA_RUNNER_REGISTRATION_TOKEN: !vault |
$ANSIBLE_VAULT;1.1;AES256
32383539383235366565633261616136306439656538633738393537343736663265373464643333
3466386436353433613733333062653364333537343461360a306233393264373134303263653633
64356330623330636636643935666632383239653533383538633031336239393439653332666464
6438396265663634340a623339366638396463343639626335313734356535663766633039313630
36323638636566383238333830373833306164646365633263663833393465616438316537323964
3738636230343064663935386637653536316365336466323433
CONFIG_FILE: /config.yaml
- name: Copy Dockerfiles
ansible.builtin.copy:
src: "{{ files_directory }}/Dockerfiles"
dest: "{{ config_directory }}/"
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0751"
register: _gitea_dockerfiles_copy
- name: Locate all Dockerfile folders
ansible.builtin.find:
paths: "{{ config_directory }}/Dockerfiles"
recurse: false
file_type: directory
register: _gitea_dockerfiles_location
- name: Build local Docker images
community.docker.docker_image:
build:
path: "{{ item.path }}"
name: "calvinbui/{{ item.path.split('/') | last }}:localhost"
tag: latest
push: false
source: build
state: present
force_source: "{{ true if _gitea_dockerfiles_copy.changed else false }}"
loop: "{{ _gitea_dockerfiles_location.files }}"
- hosts: nvr:octopi
gather_facts: false
vars:
ssh_user:
nvr: root
octopi: pi
tasks:
- name: Set authorized keys
ansible.posix.authorized_key:
user: "{{ ssh_user[inventory_hostname.split('.')[0]] }}"
state: present
key: "{{ hostvars['homelab.' + common_local_tld]['gitea_ssh_public_key'] }}"
tags:
- ssh