Add infra setup: Terraform for DO droplet + Cloudflare DNS, Ansible roles for Gitea, Vaultwarden, and Gitea runner

2026-03-31 06:08:21 -05:00
parent bde3ad64fd
commit fe3c7646d6
33 changed files with 6435 additions and 0 deletions
--- a/infra/ansible/roles/gitea-runner/defaults/main.yml
+++ b/infra/ansible/roles/gitea-runner/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+gitea_runner_version: "0.2.11"
+gitea_runner_data_dir: /var/lib/gitea-runner
+gitea_instance_url: "https://git.example.com"
+
+# Generate in Gitea: Site Admin → Actions → Runners → Create new runner
+gitea_runner_token: ""
+
+gitea_runner_name: "{{ inventory_hostname }}"
+gitea_runner_labels: "ubuntu-latest:docker://node:20"
--- a/infra/ansible/roles/gitea-runner/handlers/main.yml
+++ b/infra/ansible/roles/gitea-runner/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Restart gitea-runner
+  community.docker.docker_compose_v2:
+    project_src: "{{ gitea_runner_data_dir }}"
+    state: present
+    recreate: always
--- a/infra/ansible/roles/gitea-runner/tasks/main.yml
+++ b/infra/ansible/roles/gitea-runner/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Create gitea-runner data directory
+  file:
+    path: "{{ gitea_runner_data_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "0700"
+
+- name: Deploy docker-compose file
+  template:
+    src: docker-compose.yml.j2
+    dest: "{{ gitea_runner_data_dir }}/docker-compose.yml"
+    mode: "0600"
+  notify: Restart gitea-runner
+
+- name: Deploy runner config
+  template:
+    src: config.yml.j2
+    dest: "{{ gitea_runner_data_dir }}/config.yml"
+    mode: "0600"
+  notify: Restart gitea-runner
+
+- name: Start gitea-runner
+  community.docker.docker_compose_v2:
+    project_src: "{{ gitea_runner_data_dir }}"
+    state: present
--- a/infra/ansible/roles/gitea-runner/templates/config.yml.j2
+++ b/infra/ansible/roles/gitea-runner/templates/config.yml.j2
@@ -0,0 +1,17 @@
+log:
+  level: info
+
+runner:
+  file: /data/.runner
+  capacity: 2          # max concurrent jobs — lower if droplet is under load
+  labels:
+    - "ubuntu-latest:docker://node:20"
+    - "ubuntu-22.04:docker://node:20"
+
+cache:
+  enabled: true
+  dir: /data/cache
+
+container:
+  network: bridge
+  force_pull: false    # reuse cached images to speed up builds
--- a/infra/ansible/roles/gitea-runner/templates/docker-compose.yml.j2
+++ b/infra/ansible/roles/gitea-runner/templates/docker-compose.yml.j2
@@ -0,0 +1,14 @@
+services:
+  gitea-runner:
+    image: gitea/act_runner:{{ gitea_runner_version }}
+    container_name: gitea-runner
+    restart: unless-stopped
+    volumes:
+      - {{ gitea_runner_data_dir }}/config.yml:/config.yml
+      - {{ gitea_runner_data_dir }}/data:/data
+      - /var/run/docker.sock:/var/run/docker.sock  # allows runner to spin up job containers
+    environment:
+      CONFIG_FILE: /config.yml
+      GITEA_INSTANCE_URL: "{{ gitea_instance_url }}"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "{{ gitea_runner_token }}"
+      GITEA_RUNNER_NAME: "{{ gitea_runner_name }}"