feat: add Gitea Actions runner on private compute

Adds a private runner server on the Hetzner private network with NAT through the gitea server for outbound internet access. Includes Terraform resources, Ansible playbooks, and iptables forwarding rules. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-15 21:40:08 -04:00
parent af5d40d84e
commit 4cb6eaf091
10 changed files with 312 additions and 73 deletions
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -60,3 +60,23 @@ resource "hcloud_firewall_attachment" "server_fw_attachment" {
  firewall_id = hcloud_firewall.server_firewall.id
  server_ids  = [hcloud_server.server_instance.id]
 }
+
+resource "hcloud_server" "runner_instance" {
+  name        = "runner-server"
+  image       = local.server_image
+  server_type = local.server_type
+  datacenter  = local.datacenter
+  ssh_keys    = [hcloud_ssh_key.ssh_key.id]
+
+  public_net {
+    ipv4_enabled = false
+    ipv6_enabled = false
+  }
+
+  network {
+    network_id = hcloud_network.private_network.id
+    ip         = local.runner_ip
+  }
+
+  depends_on = [hcloud_network_subnet.private_subnet]
+}