## Summary
- Fix `etc_hosts` templating — dict key was rendered as literal `{{ server_fqdn.value }}` instead of the actual domain
- Clear runner data volume on each deploy to prevent stale registration errors when the token changes
- Use instance-level registration token for global runner access
## Test plan
- [x] `/etc/hosts` in runner container shows `git.maximhutz.com` mapped to `10.0.1.2`
- [x] Runner registers and connects successfully
- [ ] Verify runner picks up jobs from any repo
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Reviewed-on: #7
Co-authored-by: M.V. Hutz <git@maximhutz.me>
Co-committed-by: M.V. Hutz <git@maximhutz.me>
## Summary
- Adds a private runner server on the Hetzner private network (no public IP)
- NAT through the gitea server for outbound internet access via `hcloud_network_route` and iptables forwarding rules
- Runner connects to gitea over HTTPS on the private network with TLS verification disabled
- Includes Taskfile commands for runner deployment and SSH access
## Test plan
- [x] Runner registers with gitea instance
- [x] Private network connectivity verified
- [ ] Run a test workflow to confirm end-to-end CI
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Reviewed-on: #6
Co-authored-by: M.V. Hutz <git@maximhutz.me>
Co-committed-by: M.V. Hutz <git@maximhutz.me>
Fixes the following issues with the `web/git` Ansible scripts.
- Updates cache before installing `python3-pip`.
- Forces `terraform init` configuration during provisioning.
- Requires user to set an `endpoint_url` to get the backup file from S3.
In addition, I'm removing the last of AWS from the repository:
- The routing uses Hetzner now, so let's get rid of all of that.
Reviewed-on: #4
Co-authored-by: Max <git@maximhutz.me>
Co-committed-by: Max <git@maximhutz.me>
- Instance in Hetzner.
- Data stored in Backblaze B2.
Reviewed-on: #2
Co-authored-by: M. V. Hutz <git@maximhutz.me>
Co-committed-by: M. V. Hutz <git@maximhutz.me>
