Set up a runner VM

ansible/roles/byggmester/files/config.yml

@@ -0,0 +1,76 @@
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 1
+  # Extra environment variables to run jobs.
+  envs:
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Forgejo instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Forgejo instance if it's timeout is shorter than this.
+  timeout: 12h
+  # Whether skip verifying the TLS certificate of the Forgejo instance.
+  insecure: false
+  # The timeout for fetching the job from the Forgejo instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Forgejo instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `deamon`, will use labels in `.runner` file.
+  labels: ["ubuntu"]
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: ""
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 0
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, create a network automatically.
+  network: ""
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.forgejo.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:

ansible/roles/byggmester/files/forgejo-runner.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Forgejo-runner
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=simple
+User=forgejo-runner
+Group=forgejo-runner
+WorkingDirectory=/home/forgejo-runner
+ExecStart=/home/forgejo-runner/forgejo-runner daemon --config config.yml
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+
+
+

ansible/roles/byggmester/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Restart forgejo-runner
+  ansible.builtin.service:
+    name: forgejo-runner
+    state: restarted
+  become: true
+
+- name: Daemon reload
+  ansible.builtin.systemd:
+    daemon_reload: true
+  become: true

ansible/roles/byggmester/meta/main.yml

@@ -0,0 +1,4 @@
+---
+dependencies:
+  - common
+  - docker

ansible/roles/byggmester/tasks/main.yml

@@ -0,0 +1,94 @@
+---
+- name: Create groups
+  ansible.builtin.group:
+    name: "{{ item }}"
+  loop:
+    - docker
+    - forgejo-runner
+  become: true
+
+- name: Create forgejo-runner user
+  ansible.builtin.user:
+    name: forgejo-runner
+    groups: docker
+    group: forgejo-runner
+    password: "!"
+    home: "/home/forgejo-runner"
+    create_home: true
+    system: true
+    shell: /bin/bash
+    comment: "forgejo-runner system user"
+  become: true
+  notify: Restart forgejo-runner
+
+- name: Download
+  ansible.builtin.get_url:
+    url: "{{ byggmester_download_url }}"
+    dest: /home/forgejo-runner/forgejo-runner
+    mode: "774"
+    owner: forgejo-runner
+  become: true
+  notify: Restart forgejo-runner
+
+- name: Copy runner service
+  ansible.builtin.copy:
+    src: forgejo-runner.service
+    dest: /etc/systemd/system/forgejo-runner.service
+    mode: "0644"
+    owner: root
+  become: true
+  notify: Daemon reload
+
+- name: Copy config
+  ansible.builtin.copy:
+    src: config.yml
+    dest: /home/forgejo-runner/config.yml
+    mode: "0744"
+    owner: forgejo-runner
+  become: true
+  notify: Restart forgejo-runner
+
+- name: See if runner file already exists
+  ansible.builtin.stat:
+    path: /home/forgejo-runner/.runner
+  register: is_registered
+  become: true
+
+- name: Regisert new runner
+  when: "not is_registered.stat.exists"
+  block:
+    - name: Generate secret
+      delegate_to: forgejo
+      ansible.builtin.command: >-
+        /usr/local/bin/forgejo/forgejo forgejo-cli actions generate-secret
+      register: generated_secret
+      become: true
+      become_user: forgejo
+
+    - name: Create a runner on forgejo server
+      delegate_to: forgejo
+      ansible.builtin.command: >-
+        /usr/local/bin/forgejo/forgejo --config /etc/forgejo/app.ini forgejo-cli actions register
+          --name    byggmester
+          --labels  ubuntu
+          --secret  {{ generated_secret.stdout }}
+      become: true
+      become_user: forgejo
+
+    - name: Join byggmester runner
+      ansible.builtin.command: >-
+        ./forgejo-runner create-runner-file --instance https://code.polsevev.dev
+          --secret {{ generated_secret.stdout }}
+      args:
+        chdir: "/home/forgejo-runner"
+      become: true
+      become_user: forgejo-runner
+      notify: Restart forgejo-runner
+
+- name: Ensure runnner service is started
+  ansible.builtin.service:
+    name: forgejo-runner.service
+    state: started
+    enabled: true
+  become: true
+

ansible/roles/byggmester/vars/main/vars.yml

@@ -0,0 +1,4 @@
+---
+byggmester_runner_version: 3.5.1
+byggmester_download_url: "https://code.forgejo.org/forgejo/runner/releases/download/v3.5.1/forgejo-runner-{{ byggmester_runner_version }}-linux-amd64"
+byggmester_checksum: sha1:badd86f725c507dac37a28f03dbd4d7350195554

ansible/setup.yml

@@ -60,3 +60,15 @@
   roles:
     - olympus_entry
     - headscale
+
+- name: Setup forgejo
+  hosts:
+    - forgejo
+  roles:
+    - forgejo
+
+- name: Setup Forgejo actions
+  hosts:
+    - byggmester
+  roles:
+    - byggmester