From 5f90be429992880abd596c5e5337a228866e076f Mon Sep 17 00:00:00 2001 From: Julien Riou Date: Mon, 25 Aug 2025 16:58:33 +0200 Subject: [PATCH] feat: Deploy server and runners independently Signed-off-by: Julien Riou --- defaults/main.yml | 2 + tasks/deploy-server.yml | 57 +++++++++++++++++++++++++ tasks/main.yml | 55 ++---------------------- tasks/register-runner.yml | 5 +-- templates/runners/docker-compose.yml.j2 | 11 ----- 5 files changed, 64 insertions(+), 66 deletions(-) create mode 100644 tasks/deploy-server.yml diff --git a/defaults/main.yml b/defaults/main.yml index 0a68f23..3785d42 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,4 +1,5 @@ --- +forgejo_server: true forgejo_version: 11 forgejo_home_dir: /var/lib/forgejo forgejo_config_dir: /etc/forgejo @@ -11,6 +12,7 @@ forgejo_manage_iptables: false forgejo_allowed_sources: [] forgejo_runners_version: 9.1.1 forgejo_runners_config_dir: /etc/forgejo-runners +# forgejo_runners_instance: # forgejo_runners: # repository: token forgejo_runners: {} diff --git a/tasks/deploy-server.yml b/tasks/deploy-server.yml new file mode 100644 index 0000000..7f13938 --- /dev/null +++ b/tasks/deploy-server.yml @@ -0,0 +1,57 @@ +--- +- name: create directories + ansible.builtin.file: + state: directory + path: "{{ item }}" + owner: forgejo + group: forgejo + mode: "0755" + loop: &forgejo_directories + - "{{ forgejo_config_dir }}" + - "{{ forgejo_home_dir }}" + - "{{ forgejo_home_dir }}/server" + - "{{ forgejo_home_dir }}/db" + +- name: ensure permissions on those directories + ansible.builtin.command: + cmd: "chown -R forgejo:forgejo {{ item }}" + loop: *forgejo_directories + +- name: create docker-compose configuration + ansible.builtin.template: + src: "{{ item.name }}.j2" + dest: "{{ forgejo_config_dir }}/{{ item.name }}" + owner: root + group: root + mode: "{{ item.mode }}" + loop: + - name: docker-compose.yml + mode: "0644" + - name: server.env + mode: "0600" + - name: db.env + mode: "0600" + +- name: start service + community.docker.docker_compose_v2: + project_src: "{{ forgejo_config_dir }}" + files: + - docker-compose.yml + +- name: allow with iptables + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + source: "{{ item }}" + destination_ports: + - "{{ forgejo_web_port }}" + - "{{ forgejo_ssh_port }}" + jump: ACCEPT + comment: forgejo + loop: "{{ forgejo_allowed_sources }}" + notify: save iptables + when: forgejo_manage_iptables + +- name: deploy runners + ansible.builtin.include_tasks: deploy-runners.yml + when: forgejo_runners diff --git a/tasks/main.yml b/tasks/main.yml index d6680c2..72f051d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -12,58 +12,9 @@ database: passwd key: forgejo -- name: create directories - ansible.builtin.file: - state: directory - path: "{{ item }}" - owner: forgejo - group: forgejo - mode: "0755" - loop: &forgejo_directories - - "{{ forgejo_config_dir }}" - - "{{ forgejo_home_dir }}" - - "{{ forgejo_home_dir }}/server" - - "{{ forgejo_home_dir }}/db" - -- name: ensure permissions on those directories - ansible.builtin.command: - cmd: "chown -R forgejo:forgejo {{ item }}" - loop: *forgejo_directories - -- name: create docker-compose configuration - ansible.builtin.template: - src: "{{ item.name }}.j2" - dest: "{{ forgejo_config_dir }}/{{ item.name }}" - owner: root - group: root - mode: "{{ item.mode }}" - loop: - - name: docker-compose.yml - mode: "0644" - - name: server.env - mode: "0600" - - name: db.env - mode: "0600" - -- name: start service - community.docker.docker_compose_v2: - project_src: "{{ forgejo_config_dir }}" - files: - - docker-compose.yml - -- name: allow with iptables - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - source: "{{ item }}" - destination_ports: - - "{{ forgejo_web_port }}" - - "{{ forgejo_ssh_port }}" - jump: ACCEPT - comment: forgejo - loop: "{{ forgejo_allowed_sources }}" - notify: save iptables - when: forgejo_manage_iptables +- name: deploy server + ansible.builtin.include_tasks: deploy-server.yml + when: forgejo_server - name: deploy runners ansible.builtin.include_tasks: deploy-runners.yml diff --git a/tasks/register-runner.yml b/tasks/register-runner.yml index 8630841..6dbee47 100644 --- a/tasks/register-runner.yml +++ b/tasks/register-runner.yml @@ -2,7 +2,7 @@ - name: check variables ansible.builtin.assert: that: - - forgejo_web_port | mandatory + - forgejo_runners_instance | mandatory - forgejo_runners_version | mandatory - forgejo_runners_config_dir | mandatory - item.key | mandatory @@ -23,13 +23,12 @@ -v /var/run/docker.sock:/var/run/docker.sock -v {{ forgejo_runners_config_dir }}/{{ item.key }}:/data --rm - --network forgejo_forgejo --user {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }} code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }} forgejo-runner register --no-interactive --token {{ item.value }} --name {{ item.key }} - --instance http://forgejo-server:{{ forgejo_web_port }} + --instance {{ forgejo_runners_instance }} creates: "{{ forgejo_runners_config_dir }}/{{ item.key }}/.runner" notify: start runners diff --git a/templates/runners/docker-compose.yml.j2 b/templates/runners/docker-compose.yml.j2 index 17b95ce..2447695 100644 --- a/templates/runners/docker-compose.yml.j2 +++ b/templates/runners/docker-compose.yml.j2 @@ -2,17 +2,13 @@ {{ ansible_managed | comment }} services: docker: - container_name: forgejo-docker image: docker:dind privileged: true volumes: - certs:/certs - networks: - - forgejo {% for runner in forgejo_runners %} runner-{{ runner }}: - container_name: forgejo-runners-{{ runner }} image: code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }} user: {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }} environment: @@ -23,14 +19,7 @@ services: - {{ forgejo_runners_config_dir }}/{{ runner }}:/data - certs:/certs command: 'forgejo-runner --config config.yml daemon' - networks: - - forgejo {% endfor %} volumes: certs: - -networks: - forgejo: - external: true - name: forgejo_forgejo