fix: runner stability and resource limits (#8)

## Summary - Add 2G swap on runner to prevent OOM crashes - Limit job container memory to 1536MB - Restrict runner concurrency to 1 job at a time - Disable cache to avoid Docker network connectivity issues (`ETIMEDOUT 172.17.0.2`) - Configure job containers with `--add-host` for private network gitea resolution ## Test plan - [x] Runner survives Go builds that previously OOM-killed the server - [ ] Verify swap is active after fresh provision (`swapon --show`) - [ ] Confirm job containers respect memory limit 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: #8 Co-authored-by: M.V. Hutz <git@maximhutz.me> Co-committed-by: M.V. Hutz <git@maximhutz.me>
2026-03-16 02:52:08 +00:00
parent 3f724dbdfd
commit 565b7889d8
2 changed files with 119 additions and 77 deletions
--- a/playbooks/runner.yml
+++ b/playbooks/runner.yml
@@ -89,6 +89,46 @@
          - docker-buildx-plugin
          - docker-compose-plugin

+- name: Configure swap on runner.
+  hosts: runner
+  gather_facts: false
+  tasks:
+    - name: Create swapfile.
+      ansible.builtin.command:
+        cmd: fallocate -l 2G /swapfile
+        creates: /swapfile
+
+    - name: Set swapfile permissions.
+      ansible.builtin.file:
+        path: /swapfile
+        mode: "0600"
+
+    - name: Check if swap is active.
+      ansible.builtin.command:
+        cmd: swapon --show=NAME --noheadings
+      register: swap_status
+      changed_when: false
+
+    - name: Format swapfile.
+      ansible.builtin.command:
+        cmd: mkswap /swapfile
+      when: "'/swapfile' not in swap_status.stdout"
+      changed_when: true
+
+    - name: Enable swapfile.
+      ansible.builtin.command:
+        cmd: swapon /swapfile
+      when: "'/swapfile' not in swap_status.stdout"
+      changed_when: true
+
+    - name: Add swapfile to fstab.
+      ansible.posix.mount:
+        path: none
+        src: /swapfile
+        fstype: swap
+        opts: sw
+        state: present
+
 - name: Register and start Gitea runner.
  hosts: runner
  gather_facts: false
@@ -99,11 +139,6 @@
    gitea_hostname: "{{ server_fqdn.value }}"
    gitea_internal_url: "https://{{ gitea_hostname }}"
  tasks:
-    - name: Remove stale runner data.
-      community.docker.docker_volume:
-        name: runner-data
-        state: absent
-
    - name: Create runner data volume.
      community.docker.docker_volume:
        name: runner-data
@@ -116,6 +151,13 @@
        content: |
          runner:
            insecure: true
+            capacity: 1
+          cache:
+            enabled: false
+          container:
+            options: "--add-host {{ gitea_hostname }}:10.0.1.2 --memory=1536m"
+            valid_volumes:
+              - /var/run/docker.sock

    - name: Start Gitea runner container.
      community.docker.docker_container: