From 8595eac107ef1385ecd1f2cf47921b8e609867d2 Mon Sep 17 00:00:00 2001
From: Ryan Moon <moonryan2009@gmail.com>
Date: Tue, 31 Mar 2026 18:54:51 -0500
Subject: [PATCH] Pin gitea domain to private IP in /etc/hosts to avoid
 Cloudflare egress

---
 ansible/roles/gitea-runner/tasks/main.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ansible/roles/gitea-runner/tasks/main.yml b/ansible/roles/gitea-runner/tasks/main.yml
index 0c967e7..d84c1a5 100644
--- a/ansible/roles/gitea-runner/tasks/main.yml
+++ b/ansible/roles/gitea-runner/tasks/main.yml
@@ -1,4 +1,11 @@
 ---
+- name: Resolve Gitea domain to private IP (avoid Cloudflare for internal traffic)
+  lineinfile:
+    path: /etc/hosts
+    line: "{{ ansible_eth0.ipv4.address }} {{ gitea_domain }}"
+    regexp: "{{ gitea_domain }}"
+    state: present
+
 - name: Create gitea-runner data directory
   file:
     path: "{{ gitea_runner_data_dir }}"