feat: Deploy server and runners independently

Signed-off-by: Julien Riou <julien@riou.xyz>
2025-08-25 16:58:33 +02:00 · 2025-08-25 16:58:33 +02:00 · 5f90be4299
commit 5f90be4299
parent 6c7280b213
5 changed files with 64 additions and 66 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,4 +1,5 @@
 ---
+forgejo_server: true
 forgejo_version: 11
 forgejo_home_dir: /var/lib/forgejo
 forgejo_config_dir: /etc/forgejo
@ -11,6 +12,7 @@ forgejo_manage_iptables: false
 forgejo_allowed_sources: []
 forgejo_runners_version: 9.1.1
 forgejo_runners_config_dir: /etc/forgejo-runners
+# forgejo_runners_instance:
 # forgejo_runners:
 #   repository: token
 forgejo_runners: {}
--- a/tasks/deploy-server.yml
+++ b/tasks/deploy-server.yml
@ -0,0 +1,57 @@
+---
+- name: create directories
+  ansible.builtin.file:
+    state: directory
+    path: "{{ item }}"
+    owner: forgejo
+    group: forgejo
+    mode: "0755"
+  loop: &forgejo_directories
+    - "{{ forgejo_config_dir }}"
+    - "{{ forgejo_home_dir }}"
+    - "{{ forgejo_home_dir }}/server"
+    - "{{ forgejo_home_dir }}/db"
+
+- name: ensure permissions on those directories
+  ansible.builtin.command:
+    cmd: "chown -R forgejo:forgejo {{ item }}"
+  loop: *forgejo_directories
+
+- name: create docker-compose configuration
+  ansible.builtin.template:
+    src: "{{ item.name }}.j2"
+    dest: "{{ forgejo_config_dir }}/{{ item.name }}"
+    owner: root
+    group: root
+    mode: "{{ item.mode }}"
+  loop:
+    - name: docker-compose.yml
+      mode: "0644"
+    - name: server.env
+      mode: "0600"
+    - name: db.env
+      mode: "0600"
+
+- name: start service
+  community.docker.docker_compose_v2:
+    project_src: "{{ forgejo_config_dir }}"
+    files:
+      - docker-compose.yml
+
+- name: allow with iptables
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    source: "{{ item }}"
+    destination_ports:
+      - "{{ forgejo_web_port }}"
+      - "{{ forgejo_ssh_port }}"
+    jump: ACCEPT
+    comment: forgejo
+  loop: "{{ forgejo_allowed_sources }}"
+  notify: save iptables
+  when: forgejo_manage_iptables
+
+- name: deploy runners
+  ansible.builtin.include_tasks: deploy-runners.yml
+  when: forgejo_runners
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -12,58 +12,9 @@
    database: passwd
    key: forgejo

- name: create directories
-  ansible.builtin.file:
-    state: directory
-    path: "{{ item }}"
-    owner: forgejo
-    group: forgejo
-    mode: "0755"
-  loop: &forgejo_directories
-    - "{{ forgejo_config_dir }}"
-    - "{{ forgejo_home_dir }}"
-    - "{{ forgejo_home_dir }}/server"
-    - "{{ forgejo_home_dir }}/db"
-
- name: ensure permissions on those directories
-  ansible.builtin.command:
-    cmd: "chown -R forgejo:forgejo {{ item }}"
-  loop: *forgejo_directories
-
- name: create docker-compose configuration
-  ansible.builtin.template:
-    src: "{{ item.name }}.j2"
-    dest: "{{ forgejo_config_dir }}/{{ item.name }}"
-    owner: root
-    group: root
-    mode: "{{ item.mode }}"
-  loop:
-    - name: docker-compose.yml
-      mode: "0644"
-    - name: server.env
-      mode: "0600"
-    - name: db.env
-      mode: "0600"
-
- name: start service
-  community.docker.docker_compose_v2:
-    project_src: "{{ forgejo_config_dir }}"
-    files:
-      - docker-compose.yml
-
- name: allow with iptables
-  ansible.builtin.iptables:
-    chain: INPUT
-    protocol: tcp
-    source: "{{ item }}"
-    destination_ports:
-      - "{{ forgejo_web_port }}"
-      - "{{ forgejo_ssh_port }}"
-    jump: ACCEPT
-    comment: forgejo
-  loop: "{{ forgejo_allowed_sources }}"
-  notify: save iptables
-  when: forgejo_manage_iptables
+- name: deploy server
+  ansible.builtin.include_tasks: deploy-server.yml
+  when: forgejo_server

 - name: deploy runners
  ansible.builtin.include_tasks: deploy-runners.yml
--- a/tasks/register-runner.yml
+++ b/tasks/register-runner.yml
@ -2,7 +2,7 @@
 - name: check variables
  ansible.builtin.assert:
    that:
-      - forgejo_web_port | mandatory
+      - forgejo_runners_instance | mandatory
      - forgejo_runners_version | mandatory
      - forgejo_runners_config_dir | mandatory
      - item.key | mandatory
@ -23,13 +23,12 @@
        -v /var/run/docker.sock:/var/run/docker.sock
        -v {{ forgejo_runners_config_dir }}/{{ item.key }}:/data
        --rm
-        --network forgejo_forgejo
        --user {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }}
        code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }}
        forgejo-runner register --no-interactive
          --token {{ item.value }}
          --name {{ item.key }}
-          --instance http://forgejo-server:{{ forgejo_web_port }}
+          --instance {{ forgejo_runners_instance }}
    creates: "{{ forgejo_runners_config_dir }}/{{ item.key }}/.runner"
  notify: start runners

--- a/templates/runners/docker-compose.yml.j2
+++ b/templates/runners/docker-compose.yml.j2
@ -2,17 +2,13 @@
 {{ ansible_managed | comment }}
 services:
  docker:
-    container_name: forgejo-docker
    image: docker:dind
    privileged: true
    volumes:
      - certs:/certs
-    networks:
-      - forgejo

 {% for runner in forgejo_runners %}
  runner-{{ runner }}:
-    container_name: forgejo-runners-{{ runner }}
    image: code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }}
    user: {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }}
    environment:
@ -23,14 +19,7 @@ services:
      - {{ forgejo_runners_config_dir }}/{{ runner }}:/data
      - certs:/certs
    command: 'forgejo-runner --config config.yml daemon'
-    networks:
-      - forgejo
 {% endfor %}

 volumes:
  certs:
-
-networks:
-  forgejo:
-    external: true
-    name: forgejo_forgejo