feat: add Gitea Actions runner on private compute

Adds a private runner server on the Hetzner private network with NAT through the gitea server for outbound internet access. Includes Terraform resources, Ansible playbooks, and iptables forwarding rules. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-15 21:40:08 -04:00
parent af5d40d84e
commit 4cb6eaf091
10 changed files with 312 additions and 73 deletions
--- a/terraform/network.tf
+++ b/terraform/network.tf
@@ -0,0 +1,24 @@
+resource "hcloud_network" "private_network" {
+  name     = "repository-network"
+  ip_range = local.network_cidr
+}
+
+resource "hcloud_network_subnet" "private_subnet" {
+  network_id   = hcloud_network.private_network.id
+  type         = "cloud"
+  network_zone = local.network_zone
+  ip_range     = local.subnet_cidr
+}
+
+resource "hcloud_server_network" "server_network" {
+  server_id  = hcloud_server.server_instance.id
+  network_id = hcloud_network.private_network.id
+  ip         = local.server_ip
+}
+
+resource "hcloud_network_route" "nat_route" {
+  network_id  = hcloud_network.private_network.id
+  destination = "0.0.0.0/0"
+  gateway     = local.server_ip
+}
+