added: vm runner iac and doc

CLAUDE.md

@@ -30,6 +30,7 @@ eval $(ssh-agent -s) && ssh-add ~/.ssh/homelab
 | vm-forgejo | 192.168.1.50 | Forgejo :3000 |
 | vm-nextcloud | 192.168.1.51 | Nextcloud :8080 |
 | vm-tools | 192.168.1.52 | Stirling PDF :8081 |
+| vm-runner | 192.168.1.53 | Forgejo Actions Runner |
 | VPS Scaleway | 51.158.126.113 | Caddy + WireGuard |
 | QNAP | 192.168.1.208 | NAS NFS/SMB |
 
@@ -37,7 +38,7 @@ eval $(ssh-agent -s) && ssh-add ~/.ssh/homelab
 
 `vault_forgejo_db_password`, `vault_forgejo_domain`, `vault_nextcloud_db_password`,
 `vault_nextcloud_admin_user`, `vault_nextcloud_admin_password`, `vault_nextcloud_domain`,
-`vault_admin_password`, `vault_wg_*`
+`vault_admin_password`, `vault_wg_*`, `vault_forgejo_runner_token`
 
 ## Pièges connus
 

ansible/inventory/hosts.yml

@@ -27,6 +27,11 @@ all:
         vm-tools:
           ansible_host: 192.168.1.52
 
+    runner:
+      hosts:
+        vm-runner:
+          ansible_host: 192.168.1.53
+
     vps:
       hosts:
         vps-gateway:

ansible/playbooks/docker.yml

@@ -3,7 +3,7 @@
 # Cible : forgejo, nextcloud, tools (pas gateway)
 
 - name: Installation Docker
-  hosts: forgejo:nextcloud:tools
+  hosts: forgejo:nextcloud:tools:runner
   become: true
 
   tasks:

ansible/playbooks/runner.yml

@@ -0,0 +1,80 @@
+# =============================================================================
+# Playbook   : runner.yml
+# Description: Deploiement du Forgejo Actions Runner (vm-runner)
+#              Registration automatique si premiere installation,
+#              puis demarrage du daemon en container Docker.
+#
+# Usage      :
+#   ansible-playbook playbooks/runner.yml \
+#     -i inventories/<inventaire>/ \
+#     --ask-vault-pass
+#
+# Prerequis :
+#   - Docker installe (playbook docker.yml execute avant)
+#   - Token runner genere dans Forgejo : Admin > Actions > Runners
+#   - vault_forgejo_runner_token defini dans le vault
+#   - vault_forgejo_domain defini dans le vault
+#
+# Exemple :
+#   ansible-playbook playbooks/runner.yml \
+#     -i inventories/homelab/ \
+#     --ask-vault-pass \
+#     --tags runner
+# =============================================================================
+---
+- name: Deploiement Forgejo Actions Runner
+  hosts: runner
+  become: true
+
+  tasks:
+    - name: Creation des repertoires runner
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: "0755"
+      loop:
+        - /opt/runner
+        - /opt/runner/data
+      tags: [runner]
+
+    - name: Deploiement docker-compose runner
+      ansible.builtin.copy:
+        src: ../../docker/runner/docker-compose.yml
+        dest: /opt/runner/docker-compose.yml
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: "0644"
+      tags: [runner]
+
+    - name: Verification fichier de registration
+      ansible.builtin.stat:
+        path: /opt/runner/data/.runner
+      register: runner_config
+      tags: [runner]
+
+    # La registration est une operation unique : elle cree /opt/runner/data/.runner
+    # Ce fichier contient les credentials du runner, il ne faut pas la rejouer
+    - name: Registration du runner (premiere fois uniquement)
+      community.docker.docker_container:
+        name: forgejo-runner-register
+        image: code.forgejo.org/forgejo/runner:6
+        auto_remove: true
+        volumes:
+          - /opt/runner/data:/data
+        command: >
+          forgejo-runner register
+          --no-interactive
+          --instance "https://{{ vault_forgejo_domain }}"
+          --token "{{ vault_forgejo_runner_token }}"
+          --name "vm-runner"
+          --labels "ubuntu-latest:docker://ubuntu:22.04,self-hosted:host"
+      when: not runner_config.stat.exists
+      tags: [runner]
+
+    - name: Demarrage du runner
+      community.docker.docker_compose_v2:
+        project_src: /opt/runner
+        state: present
+      tags: [runner]

ansible/site.yml

@@ -23,5 +23,8 @@
 - name: Deploiement outils
   ansible.builtin.import_playbook: playbooks/tools.yml
 
+- name: Deploiement Forgejo Actions Runner
+  ansible.builtin.import_playbook: playbooks/runner.yml
+
 - name: Configuration VPS
   ansible.builtin.import_playbook: playbooks/vps.yml

docker/runner/docker-compose.yml

@@ -0,0 +1,10 @@
+services:
+  runner:
+    image: code.forgejo.org/forgejo/runner:6
+    restart: unless-stopped
+    user: "0:0"
+    volumes:
+      - ./data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    working_dir: /data
+    command: forgejo-runner daemon

terraform/proxmox/main.tf

@@ -53,6 +53,14 @@ locals {
       disk    = 10
       ip      = var.tools_ip
     }
+    runner = {
+      vmid    = 204
+      cores   = 4
+      memory  = 4096
+      balloon = 2048
+      disk    = 20
+      ip      = var.runner_ip
+    }
   }
 }
 

terraform/proxmox/terraform.tfvars

@@ -7,4 +7,5 @@ gateway_ip      = "192.168.1.254"
 forgejo_ip      = "192.168.1.50"
 nextcloud_ip    = "192.168.1.51"
 tools_ip        = "192.168.1.52"
+runner_ip       = "192.168.1.53"
 

terraform/proxmox/variables.tf

@@ -71,6 +71,12 @@ variable "tools_ip" {
   default     = "192.168.1.52"
 }
 
+variable "runner_ip" {
+  description = "IP de la VM Forgejo Actions runner"
+  type        = string
+  default     = "192.168.1.53"
+}
+
 # --- Cloud-init ---
 variable "ci_user" {
   description = "Utilisateur cree par cloud-init"