From 79b37f17e2cf47d20e4f8e1a0ff770679f783fc7 Mon Sep 17 00:00:00 2001
From: "M. V. Hutz" <git@maximhutz.me>
Date: Wed, 8 Oct 2025 20:11:49 -0400
Subject: [PATCH] feat: deployment for runner

---
 Taskfile.yml          |  16 ++++--
 playbooks/deploy.yml  |   3 +-
 playbooks/restore.yml |   2 +-
 playbooks/runner.yml  | 116 +++++++++++++++++++++++++++++++++++++-----
 4 files changed, 116 insertions(+), 21 deletions(-)

diff --git a/Taskfile.yml b/Taskfile.yml
index 9e46e48..55f189c 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -8,7 +8,8 @@ tasks:
 
   vault: ansible-vault edit vault.yml {{.CLI_ARGS}}
   provision: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}}
-  deploy: ansible-playbook playbooks/deploy.yml {{.CLI_ARGS}}
+  deploy:gitea: ansible-playbook playbooks/deploy.yml {{.CLI_ARGS}}
+  deploy:runner: ansible-playbook playbooks/runner.yml {{.CLI_ARGS}}
   restore: ansible-playbook playbooks/restore.yml {{.CLI_ARGS}}
 
   assets:
@@ -18,8 +19,13 @@ tasks:
     - cp ./assets/logo.svg ./gitea/custom/public/assets/img/favicon.svg
     - cp ./assets/logo.png ./gitea/custom/public/assets/img/apple-touch-icon.png
   
-  gitea:
-    cmd: ssh -i {{.KEY}} -p 2222 root@{{.IP}}
+  enter:gitea:
+    cmd: ssh {{.GITEA}}
     vars:
-      KEY: { sh: ansible-vault view vault.yml | yq -r ".secret.private_gitea_ssh_key_path" }
-      IP: { sh: cat dist/terraform_outputs.yml | jq -r ".server_ip.value" }
+      GITEA: { sh: cat ./variables.yml | yq -r ".variables.gitea_host" }
+  
+  enter:runner:
+    cmd: ssh -J {{.GITEA}} {{.RUNNER}}
+    vars:
+      GITEA: { sh: cat ./variables.yml | yq -r ".variables.gitea_host" }
+      RUNNER: { sh: cat ./variables.yml | yq -r ".variables.runner_host" }
diff --git a/playbooks/deploy.yml b/playbooks/deploy.yml
index 98574d4..8fa2963 100644
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@@ -41,7 +41,7 @@
     - name: Add remote host.
       ansible.builtin.add_host:
         name: server
-        ansible_ssh_host: repository_gitea
+        ansible_ssh_host: "{{ variables.gitea_host }}"
 
 - name: Install Docker.
   gather_facts: true
@@ -55,6 +55,7 @@
         name:
           - python3-pip
         state: present
+        update_cache: true
 
     - name: Install needed packages.
       ansible.builtin.pip:
diff --git a/playbooks/restore.yml b/playbooks/restore.yml
index 843bd1b..5f96f2c 100644
--- a/playbooks/restore.yml
+++ b/playbooks/restore.yml
@@ -8,7 +8,7 @@
     - name: Add remote host.
       ansible.builtin.add_host:
         name: server
-        ansible_ssh_host: repository_gitea
+        ansible_ssh_host: "{{ variables.gitea_host }}"
 
 - name: Deploy artifact to instance.
   hosts: server
diff --git a/playbooks/runner.yml b/playbooks/runner.yml
index e0fb47a..e4ff091 100644
--- a/playbooks/runner.yml
+++ b/playbooks/runner.yml
@@ -1,25 +1,113 @@
 - name: Set up for fresh host.
   gather_facts: false
   hosts: localhost
+  vars_files:
+    - ../vault.yml
+    - ../variables.yml
+  tasks:
+    - name: Add runner host.
+      ansible.builtin.add_host:
+        name: runner
+        ansible_ssh_host: "{{ variables.runner_host }}"
+        ansible_ssh_extra_args: "-J {{ variables.gitea_host }}"
+
+    - name: Add Gitea host.
+      ansible.builtin.add_host:
+        name: gitea
+        ansible_ssh_host: "{{ variables.gitea_host }}"
+
+- name: Install Docker.
+  gather_facts: true
+  hosts: runner
   vars_files:
     - ../vault.yml
     - ../dist/terraform_outputs.yml
   tasks:
-    - name: Add remote host.
-      ansible.builtin.add_host:
-        name: server
-        ansible_ssh_host: repository_runner
-        ansible_ssh_extra_args: -J repository_gitea
+    - name: Install PIP.
+      ansible.builtin.apt:
+        name:
+          - python3-pip
+        state: present
+        update_cache: true
 
-- name: Deploy runner.
-  hosts: server
+    - name: Install needed packages.
+      ansible.builtin.pip:
+        name:
+          - botocore
+          - boto3
+          - packaging
+        state: present
+        break_system_packages: true
+
+    - name: Download Docker repository key.
+      ansible.builtin.apt_key:
+        url: https://download.docker.com/linux/debian/gpg
+        state: present
+
+    - name: Download Docker repository.
+      ansible.builtin.apt_repository:
+        repo: "deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+        state: present
+
+    - name: Remove bad packages.
+      ansible.builtin.apt:
+        state: absent
+        package:
+          - docker.io
+          - docker-doc
+          - docker-compose
+          - podman-docker
+          - containerd
+          - runc
+
+    - name: Download Docker dependencies.
+      ansible.builtin.apt:
+        state: present
+        package:
+          - ca-certificates
+          - curl
+
+    - name: Download Docker packages.
+      ansible.builtin.apt:
+        state: present
+        update_cache: true
+        package:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
+
+- name: Get registration token for Runner.
+  hosts: gitea
   gather_facts: false
   tasks:
-    - name: Test
-      ansible.builtin.raw: hostname
-      register: test
-      changed_when: false
+    - name: Get registration token.
+      community.docker.docker_container_exec:
+        container: server
+        command: gitea actions grt
+      register: output
 
-    - name: Debug
-      ansible.builtin.debug:
-        var: test
+    - name: Set fact.
+      ansible.builtin.set_fact:
+        registration_token: "{{ output.stdout }}"
+      delegate_to: localhost
+      delegate_facts: true
+
+- name: Deploy Runner.
+  hosts: runner
+  gather_facts: true
+  tasks:
+    - name: Deploy image.
+      community.docker.docker_container:
+        name: runner
+        image: docker.io/gitea/act_runner:nightly
+        env:
+          CONFIG_FILE: /config.yaml
+          GITEA_INSTANCE_URL: git.maximhutz.com
+          GITEA_RUNNER_REGISTRATION_TOKEN: "{{ hostvars['localhost']['registration_token'] }}"
+          GITEA_RUNNER_NAME: "Main Runner"
+        volumes:
+          - ./config.yaml:/config.yaml
+          - ./data:/data
+          - /var/run/docker.sock:/var/run/docker.sock