- name: Set up runner host via jumphost. gather_facts: false hosts: localhost vars_files: - ../vault.yml - ../dist/terraform_outputs.yml tasks: - name: Add gitea server as jumphost. ansible.builtin.add_host: name: server ansible_ssh_host: "{{ server_ip.value }}" ansible_user: root ansible_port: 2222 ansible_private_key_file: "{{ secret.private_ssh_key_path }}" - name: Add runner host (via jumphost). ansible.builtin.add_host: name: runner ansible_ssh_host: "{{ runner_ip.value }}" ansible_user: root ansible_private_key_file: "{{ secret.private_ssh_key_path }}" ansible_ssh_common_args: >- -o ProxyCommand="ssh -i {{ secret.private_ssh_key_path }} -p 2222 -W %h:%p root@{{ server_ip.value }}" - name: Install Docker on runner. gather_facts: true hosts: runner vars_files: - ../vault.yml - ../dist/terraform_outputs.yml tasks: - name: Set DNS resolver. ansible.builtin.copy: content: "nameserver 185.12.64.2\n" dest: /etc/resolv.conf mode: "0644" - name: Install PIP. ansible.builtin.apt: state: present update_cache: true name: - python3-pip - name: Install needed packages. ansible.builtin.pip: name: - packaging state: present break_system_packages: true - name: Download Docker repository key. ansible.builtin.apt_key: url: https://download.docker.com/linux/debian/gpg state: present - name: Download Docker repository. ansible.builtin.apt_repository: repo: "deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" state: present - name: Remove bad packages. ansible.builtin.apt: state: absent package: - docker.io - docker-doc - docker-compose - podman-docker - containerd - runc - name: Download Docker dependencies. ansible.builtin.apt: state: present package: - ca-certificates - curl - jq - name: Download Docker packages. ansible.builtin.apt: state: present update_cache: true package: - docker-ce - docker-ce-cli - containerd.io - docker-buildx-plugin - docker-compose-plugin - name: Configure swap on runner. hosts: runner gather_facts: false tasks: - name: Create swapfile. ansible.builtin.command: cmd: fallocate -l 2G /swapfile creates: /swapfile - name: Set swapfile permissions. ansible.builtin.file: path: /swapfile mode: "0600" - name: Check if swap is active. ansible.builtin.command: cmd: swapon --show=NAME --noheadings register: swap_status changed_when: false - name: Format swapfile. ansible.builtin.command: cmd: mkswap /swapfile when: "'/swapfile' not in swap_status.stdout" changed_when: true - name: Enable swapfile. ansible.builtin.command: cmd: swapon /swapfile when: "'/swapfile' not in swap_status.stdout" changed_when: true - name: Add swapfile to fstab. ansible.posix.mount: path: none src: /swapfile fstype: swap opts: sw state: present - name: Register and start Gitea runner. hosts: runner gather_facts: false vars_files: - ../vault.yml - ../dist/terraform_outputs.yml vars: gitea_hostname: "{{ server_fqdn.value }}" gitea_internal_url: "https://{{ gitea_hostname }}" tasks: - name: Create runner data volume. community.docker.docker_volume: name: runner-data state: present - name: Generate runner config. ansible.builtin.copy: dest: /root/runner-config.yaml mode: "0644" content: | runner: insecure: true capacity: 1 cache: enabled: false container: options: "--add-host {{ gitea_hostname }}:10.0.1.2 --memory=1536m" valid_volumes: - /var/run/docker.sock - name: Start Gitea runner container. community.docker.docker_container: name: gitea-runner image: gitea/act_runner:latest state: started recreate: true restart_policy: unless-stopped etc_hosts: "{{ {gitea_hostname: '10.0.1.2'} }}" volumes: - runner-data:/data - /var/run/docker.sock:/var/run/docker.sock - /root/runner-config.yaml:/config.yaml:ro env: GITEA_INSTANCE_URL: "{{ gitea_internal_url }}" GITEA_RUNNER_REGISTRATION_TOKEN: "{{ secret.runner_registration_token }}" GITEA_RUNNER_NAME: "runner-01" CONFIG_FILE: "/config.yaml"