web/git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
565b7889d8d06e801c4a9d77f1731d960de5075d
git/Taskfile.yml
M.V. Hutz 04ca230bee feat: add Gitea Actions runner (#6) 
## Summary
- Adds a private runner server on the Hetzner private network (no public IP)
- NAT through the gitea server for outbound internet access via `hcloud_network_route` and iptables forwarding rules
- Runner connects to gitea over HTTPS on the private network with TLS verification disabled
- Includes Taskfile commands for runner deployment and SSH access

## Test plan
- [x] Runner registers with gitea instance
- [x] Private network connectivity verified
- [ ] Run a test workflow to confirm end-to-end CI

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #6
Co-authored-by: M.V. Hutz <git@maximhutz.me>
Co-committed-by: M.V. Hutz <git@maximhutz.me>
2026-03-16 01:40:44 +00:00

36 lines
1.5 KiB
YAML
Raw Blame History

version: 3
tasks:
dev:
- docker compose down
- docker volume prune -f
- docker compose up --build --force-recreate
vault: ansible-vault edit vault.yml {{.CLI_ARGS}}
provision: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}}
deploy: ansible-playbook playbooks/deploy.yml {{.CLI_ARGS}}
destroy: ansible-playbook playbooks/destroy.yml {{.CLI_ARGS}}
restore: ansible-playbook playbooks/restore.yml {{.CLI_ARGS}}
runner: ansible-playbook playbooks/runner.yml {{.CLI_ARGS}}
assets:
- cp ./assets/icon.png ./gitea/custom/public/assets/img/logo.png
- cp ./assets/icon.svg ./gitea/custom/public/assets/img/logo.svg
- cp ./assets/logo.png ./gitea/custom/public/assets/img/favicon.png
- cp ./assets/logo.svg ./gitea/custom/public/assets/img/favicon.svg
- cp ./assets/logo.png ./gitea/custom/public/assets/img/apple-touch-icon.png
enter:
cmd: ssh -i {{.KEY}} -p 2222 root@{{.IP}}
vars:
KEY: { sh: ansible-vault view vault.yml | yq -r ".secret.private_ssh_key_path" }
IP: { sh: cat dist/terraform_outputs.yml | jq -r ".server_ip.value" }
enter-runner:
cmd: ssh -i {{.KEY}} -o ProxyCommand="ssh -i {{.KEY}} -p 2222 -W %h:%p root@{{.IP}}" root@{{.RUNNER_IP}}
vars:
KEY: { sh: ansible-vault view vault.yml | yq -r ".secret.private_ssh_key_path" }
IP: { sh: cat dist/terraform_outputs.yml | jq -r ".server_ip.value" }
RUNNER_IP: { sh: cat dist/terraform_outputs.yml | jq -r ".runner_ip.value" }
Reference in New Issue View Git Blame Copy Permalink