diff --git a/CLAUDE.md b/CLAUDE.md index 3299458..67a5642 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -30,6 +30,7 @@ eval $(ssh-agent -s) && ssh-add ~/.ssh/homelab | vm-forgejo | 192.168.1.50 | Forgejo :3000 | | vm-nextcloud | 192.168.1.51 | Nextcloud :8080 | | vm-tools | 192.168.1.52 | Stirling PDF :8081 | +| vm-runner | 192.168.1.53 | Forgejo Actions Runner | | VPS Scaleway | 51.158.126.113 | Caddy + WireGuard | | QNAP | 192.168.1.208 | NAS NFS/SMB | @@ -37,7 +38,7 @@ eval $(ssh-agent -s) && ssh-add ~/.ssh/homelab `vault_forgejo_db_password`, `vault_forgejo_domain`, `vault_nextcloud_db_password`, `vault_nextcloud_admin_user`, `vault_nextcloud_admin_password`, `vault_nextcloud_domain`, -`vault_admin_password`, `vault_wg_*` +`vault_admin_password`, `vault_wg_*`, `vault_forgejo_runner_token` ## Pièges connus diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml index db7ce4c..74ce00c 100644 --- a/ansible/inventory/hosts.yml +++ b/ansible/inventory/hosts.yml @@ -27,6 +27,11 @@ all: vm-tools: ansible_host: 192.168.1.52 + runner: + hosts: + vm-runner: + ansible_host: 192.168.1.53 + vps: hosts: vps-gateway: diff --git a/ansible/playbooks/docker.yml b/ansible/playbooks/docker.yml index 9f756b0..af35494 100644 --- a/ansible/playbooks/docker.yml +++ b/ansible/playbooks/docker.yml @@ -3,7 +3,7 @@ # Cible : forgejo, nextcloud, tools (pas gateway) - name: Installation Docker - hosts: forgejo:nextcloud:tools + hosts: forgejo:nextcloud:tools:runner become: true tasks: diff --git a/ansible/playbooks/runner.yml b/ansible/playbooks/runner.yml new file mode 100644 index 0000000..2b3aab8 --- /dev/null +++ b/ansible/playbooks/runner.yml @@ -0,0 +1,80 @@ +# ============================================================================= +# Playbook : runner.yml +# Description: Deploiement du Forgejo Actions Runner (vm-runner) +# Registration automatique si premiere installation, +# puis demarrage du daemon en container Docker. +# +# Usage : +# ansible-playbook playbooks/runner.yml \ +# -i inventories// \ +# --ask-vault-pass +# +# Prerequis : +# - Docker installe (playbook docker.yml execute avant) +# - Token runner genere dans Forgejo : Admin > Actions > Runners +# - vault_forgejo_runner_token defini dans le vault +# - vault_forgejo_domain defini dans le vault +# +# Exemple : +# ansible-playbook playbooks/runner.yml \ +# -i inventories/homelab/ \ +# --ask-vault-pass \ +# --tags runner +# ============================================================================= +--- +- name: Deploiement Forgejo Actions Runner + hosts: runner + become: true + + tasks: + - name: Creation des repertoires runner + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ admin_user }}" + group: "{{ admin_user }}" + mode: "0755" + loop: + - /opt/runner + - /opt/runner/data + tags: [runner] + + - name: Deploiement docker-compose runner + ansible.builtin.copy: + src: ../../docker/runner/docker-compose.yml + dest: /opt/runner/docker-compose.yml + owner: "{{ admin_user }}" + group: "{{ admin_user }}" + mode: "0644" + tags: [runner] + + - name: Verification fichier de registration + ansible.builtin.stat: + path: /opt/runner/data/.runner + register: runner_config + tags: [runner] + + # La registration est une operation unique : elle cree /opt/runner/data/.runner + # Ce fichier contient les credentials du runner, il ne faut pas la rejouer + - name: Registration du runner (premiere fois uniquement) + community.docker.docker_container: + name: forgejo-runner-register + image: code.forgejo.org/forgejo/runner:6 + auto_remove: true + volumes: + - /opt/runner/data:/data + command: > + forgejo-runner register + --no-interactive + --instance "https://{{ vault_forgejo_domain }}" + --token "{{ vault_forgejo_runner_token }}" + --name "vm-runner" + --labels "ubuntu-latest:docker://ubuntu:22.04,self-hosted:host" + when: not runner_config.stat.exists + tags: [runner] + + - name: Demarrage du runner + community.docker.docker_compose_v2: + project_src: /opt/runner + state: present + tags: [runner] diff --git a/ansible/site.yml b/ansible/site.yml index cf6a05b..d3f5b21 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -23,5 +23,8 @@ - name: Deploiement outils ansible.builtin.import_playbook: playbooks/tools.yml +- name: Deploiement Forgejo Actions Runner + ansible.builtin.import_playbook: playbooks/runner.yml + - name: Configuration VPS ansible.builtin.import_playbook: playbooks/vps.yml diff --git a/docker/runner/docker-compose.yml b/docker/runner/docker-compose.yml new file mode 100644 index 0000000..abe818f --- /dev/null +++ b/docker/runner/docker-compose.yml @@ -0,0 +1,10 @@ +services: + runner: + image: code.forgejo.org/forgejo/runner:6 + restart: unless-stopped + user: "0:0" + volumes: + - ./data:/data + - /var/run/docker.sock:/var/run/docker.sock + working_dir: /data + command: forgejo-runner daemon diff --git a/terraform/proxmox/main.tf b/terraform/proxmox/main.tf index 6531807..2a5af21 100644 --- a/terraform/proxmox/main.tf +++ b/terraform/proxmox/main.tf @@ -53,6 +53,14 @@ locals { disk = 10 ip = var.tools_ip } + runner = { + vmid = 204 + cores = 4 + memory = 4096 + balloon = 2048 + disk = 20 + ip = var.runner_ip + } } } diff --git a/terraform/proxmox/terraform.tfvars b/terraform/proxmox/terraform.tfvars index 8cc4e78..7c6911d 100644 --- a/terraform/proxmox/terraform.tfvars +++ b/terraform/proxmox/terraform.tfvars @@ -7,4 +7,5 @@ gateway_ip = "192.168.1.254" forgejo_ip = "192.168.1.50" nextcloud_ip = "192.168.1.51" tools_ip = "192.168.1.52" +runner_ip = "192.168.1.53" diff --git a/terraform/proxmox/variables.tf b/terraform/proxmox/variables.tf index 1f59a11..e90d00a 100644 --- a/terraform/proxmox/variables.tf +++ b/terraform/proxmox/variables.tf @@ -71,6 +71,12 @@ variable "tools_ip" { default = "192.168.1.52" } +variable "runner_ip" { + description = "IP de la VM Forgejo Actions runner" + type = string + default = "192.168.1.53" +} + # --- Cloud-init --- variable "ci_user" { description = "Utilisateur cree par cloud-init"