feat: add Gitea Actions runner (#6)
## Summary - Adds a private runner server on the Hetzner private network (no public IP) - NAT through the gitea server for outbound internet access via `hcloud_network_route` and iptables forwarding rules - Runner connects to gitea over HTTPS on the private network with TLS verification disabled - Includes Taskfile commands for runner deployment and SSH access ## Test plan - [x] Runner registers with gitea instance - [x] Private network connectivity verified - [ ] Run a test workflow to confirm end-to-end CI 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: #6 Co-authored-by: M.V. Hutz <git@maximhutz.me> Co-committed-by: M.V. Hutz <git@maximhutz.me>
This commit was merged in pull request #6.
This commit is contained in:
@@ -60,3 +60,23 @@ resource "hcloud_firewall_attachment" "server_fw_attachment" {
|
||||
firewall_id = hcloud_firewall.server_firewall.id
|
||||
server_ids = [hcloud_server.server_instance.id]
|
||||
}
|
||||
|
||||
resource "hcloud_server" "runner_instance" {
|
||||
name = "runner-server"
|
||||
image = local.server_image
|
||||
server_type = local.server_type
|
||||
datacenter = local.datacenter
|
||||
ssh_keys = [hcloud_ssh_key.ssh_key.id]
|
||||
|
||||
public_net {
|
||||
ipv4_enabled = false
|
||||
ipv6_enabled = false
|
||||
}
|
||||
|
||||
network {
|
||||
network_id = hcloud_network.private_network.id
|
||||
ip = local.runner_ip
|
||||
}
|
||||
|
||||
depends_on = [hcloud_network_subnet.private_subnet]
|
||||
}
|
||||
|
||||
24
terraform/network.tf
Normal file
24
terraform/network.tf
Normal file
@@ -0,0 +1,24 @@
|
||||
resource "hcloud_network" "private_network" {
|
||||
name = "repository-network"
|
||||
ip_range = local.network_cidr
|
||||
}
|
||||
|
||||
resource "hcloud_network_subnet" "private_subnet" {
|
||||
network_id = hcloud_network.private_network.id
|
||||
type = "cloud"
|
||||
network_zone = local.network_zone
|
||||
ip_range = local.subnet_cidr
|
||||
}
|
||||
|
||||
resource "hcloud_server_network" "server_network" {
|
||||
server_id = hcloud_server.server_instance.id
|
||||
network_id = hcloud_network.private_network.id
|
||||
ip = local.server_ip
|
||||
}
|
||||
|
||||
resource "hcloud_network_route" "nat_route" {
|
||||
network_id = hcloud_network.private_network.id
|
||||
destination = "0.0.0.0/0"
|
||||
gateway = local.server_ip
|
||||
}
|
||||
|
||||
@@ -1,11 +1,17 @@
|
||||
output "server_ip" {
|
||||
description = "The public address of the server."
|
||||
value = hcloud_server.server_instance.ipv4_address
|
||||
sensitive = false
|
||||
value = hcloud_server.server_instance.ipv4_address
|
||||
sensitive = false
|
||||
}
|
||||
|
||||
output "server_fqdn" {
|
||||
description = "The public domain of the server."
|
||||
value = "${local.subdomain}.${local.domain}"
|
||||
sensitive = false
|
||||
value = "${local.subdomain}.${local.domain}"
|
||||
sensitive = false
|
||||
}
|
||||
|
||||
output "runner_ip" {
|
||||
description = "The private network address of the runner."
|
||||
value = local.runner_ip
|
||||
sensitive = false
|
||||
}
|
||||
|
||||
@@ -5,6 +5,12 @@ locals {
|
||||
|
||||
domain = "maximhutz.com"
|
||||
subdomain = "git"
|
||||
|
||||
network_zone = "eu-central"
|
||||
network_cidr = "10.0.0.0/16"
|
||||
subnet_cidr = "10.0.1.0/24"
|
||||
server_ip = "10.0.1.2"
|
||||
runner_ip = "10.0.1.3"
|
||||
}
|
||||
|
||||
# ---------------------------------------------------------------------------- #
|
||||
|
||||
Reference in New Issue
Block a user