jriou/ansible
1
0
Fork 0
Code Issues Pull requests Releases 1 Activity Actions

Initial commit
All checks were successful
/ ansible-docsmith (push) Successful in 41s
Details

Browse source 
Signed-off-by: Julien Riou <julien@riou.xyz>
This commit is contained in:
Julien Riou 2026-03-23 10:48:41 +01:00 committed by Julien Riou
commit f418990e84
Signed by: jriou
GPG key ID: 9A099EDA51316854
85 changed files with 3520 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

146
roles/forgejo_runners/README.md Normal file
View file

@ -0,0 +1,146 @@
# Ansible Role Forgejo Runners
Ansible role to manage [Forgejo](https://forgejo.org/) runners.
## Configuration
See [Variable
precedence](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#ansible-variable-precedence)
to find where you should put your own variables.
Then define at least `forgejo_db_password` with a strong and secure password,
encrypted using
[ansible-vault](https://docs.ansible.com/ansible/latest/cli/ansible-vault.html).
## Table of Content
<!-- ANSIBLE DOCSMITH TOC START -->
* [Role variables](#variables)
* [`forgejo_runners_version`](#variable-forgejo_runners_version)
* [`forgejo_runners_user`](#variable-forgejo_runners_user)
* [`forgejo_runners_home_dir`](#variable-forgejo_runners_home_dir)
* [`forgejo_runners_config_dir`](#variable-forgejo_runners_config_dir)
* [`forgejo_runners_instance`](#variable-forgejo_runners_instance)
* [`forgejo_runners_settings`](#variable-forgejo_runners_settings)
<!-- ANSIBLE DOCSMITH TOC END -->
<!-- ANSIBLE DOCSMITH MAIN START -->
## Role variables<a id="variables"></a>
The following variables can be configured for this role:
| Variable | Type | Required | Default | Description (abstract) |
|----------|------|----------|---------|------------------------|
| `forgejo_runners_version` | `str` | No | `"9.1.1"` | Version of the runners |
| `forgejo_runners_user` | `str` | No | `"forgejo"` | Operating system user to run the runners |
| `forgejo_runners_home_dir` | `str` | No | `"/var/lib/forgejo"` | Home directory of the operating system user |
| `forgejo_runners_config_dir` | `path` | No | `"/etc/forgejo-runners"` | Path to the configuration directory of the runners |
| `forgejo_runners_instance` | `str` | No | N/A | URL of the Forgejo instance to register the runners |
| `forgejo_runners_settings` | `dict` | No | N/A | Dict of runners to configure<br><br>The key is the name of the repository on the instance<br><br>The value is a dict with a `token` key and optionally a dict of `labels` |
### `forgejo_runners_version`<a id="variable-forgejo_runners_version"></a>
[*⇑ Back to ToC ⇑*](#toc)
Version of the runners
- **Type**: `str`
- **Required**: No
- **Default**: `"9.1.1"`
### `forgejo_runners_user`<a id="variable-forgejo_runners_user"></a>
[*⇑ Back to ToC ⇑*](#toc)
Operating system user to run the runners
- **Type**: `str`
- **Required**: No
- **Default**: `"forgejo"`
### `forgejo_runners_home_dir`<a id="variable-forgejo_runners_home_dir"></a>
[*⇑ Back to ToC ⇑*](#toc)
Home directory of the operating system user
- **Type**: `str`
- **Required**: No
- **Default**: `"/var/lib/forgejo"`
### `forgejo_runners_config_dir`<a id="variable-forgejo_runners_config_dir"></a>
[*⇑ Back to ToC ⇑*](#toc)
Path to the configuration directory of the runners
- **Type**: `path`
- **Required**: No
- **Default**: `"/etc/forgejo-runners"`
### `forgejo_runners_instance`<a id="variable-forgejo_runners_instance"></a>
[*⇑ Back to ToC ⇑*](#toc)
URL of the Forgejo instance to register the runners
- **Type**: `str`
- **Required**: No
### `forgejo_runners_settings`<a id="variable-forgejo_runners_settings"></a>
[*⇑ Back to ToC ⇑*](#toc)
Dict of runners to configure
The key is the name of the repository on the instance
The value is a dict with a `token` key and optionally a dict of `labels`
- **Type**: `dict`
- **Required**: No
<!-- ANSIBLE DOCSMITH MAIN END -->
## Usage
Playbook example:
```yaml
- hosts: all
roles:
- jriou.general.forgejo_runners
vars:
forgejo_runners_instance: https://codeberg.org # FIXME
forgejo_runners_settings:
my_runner:
token: **redacted**
labels:
node-latest: docker://data.forgejo.org/oci/node:latest
```
Then run the playbook:
```
ansible-playbook play.yml
```
## Donate
As we all love FOSS projects, you should consider [donating to
Codeberg](https://donate.codeberg.org/), the non-profit organization behind
Forgejo.

39
roles/forgejo_runners/defaults/main.yml Normal file
View file

@ -0,0 +1,39 @@
---
# Version of the runners
#
# - Type: str
# - Required: No
# - Default: 9.1.1
forgejo_runners_version: 9.1.1
# Path to the configuration directory of the runners
#
# - Type: path
# - Required: No
# - Default: /etc/forgejo-runners
forgejo_runners_config_dir: /etc/forgejo-runners
# Dict of runners to configure
#
# The key is the name of the repository on the instance
#
# The value is a dict with a `token` key and optionally a dict of `labels`
#
# - Type: dict
# - Required: No
forgejo_runners_settings: {}
# Operating system user to run the runners
#
# - Type: str
# - Required: No
# - Default: forgejo
forgejo_runners_user: forgejo
# Home directory of the operating system user
#
# - Type: str
# - Required: No
# - Default: /var/lib/forgejo
forgejo_runners_home_dir: /var/lib/forgejo

13
roles/forgejo_runners/handlers/main.yml Normal file
View file

@ -0,0 +1,13 @@
---
- name: Start runners
community.docker.docker_compose_v2:
project_src: "{{ forgejo_runners_config_dir }}"
files:
- docker-compose.yml
- name: Restart runners
community.docker.docker_compose_v2:
project_src: "{{ forgejo_runners_config_dir }}"
files:
- docker-compose.yml
state: restarted

40
roles/forgejo_runners/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,40 @@
---
argument_specs:
main:
short_description: Install and configure Forgejo runners
description:
- Install and configure [Forgejo](https://forgejo.org/) runners.
author:
- jriou
options:
forgejo_runners_version:
description:
- Version of the runners
default: 9.1.1
forgejo_runners_user:
description:
- Operating system user to run the runners
default: forgejo
forgejo_runners_home_dir:
description:
- Home directory of the operating system user
default: /var/lib/forgejo
forgejo_runners_config_dir:
description:
- Path to the configuration directory of the runners
type: path
default: /etc/forgejo-runners
forgejo_runners_instance:
description:
- URL of the Forgejo instance to register the runners
forgejo_runners_settings:
description:
- Dict of runners to configure
- The key is the name of the repository on the instance
- The value is a dict with a `token` key and optionally a dict of `labels`
type: dict

3
roles/forgejo_runners/meta/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
dependencies:
- role: geerlingguy.docker

33
roles/forgejo_runners/tasks/main.yml Normal file
View file

@ -0,0 +1,33 @@
---
- name: Create user
ansible.builtin.user:
name: "{{ forgejo_runners_user }}"
system: true
password: '!'
home: "{{ forgejo_runners_home_dir }}"
create_home: false
- name: Read attributes
ansible.builtin.getent:
database: passwd
key: "{{ forgejo_runners_user }}"
- name: Register runners
ansible.builtin.include_tasks: register-runner.yml
loop: "{{ forgejo_runners_settings | dict2items }}"
loop_control:
label: "{{ item.key }}"
- name: Create runners configuration
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ forgejo_runners_config_dir }}/docker-compose.yml"
owner: "{{ forgejo_runners_user }}"
group: "{{ forgejo_runners_user }}"
mode: "0644"
- name: Start runners service
community.docker.docker_compose_v2:
project_src: "{{ forgejo_runners_config_dir }}"
files:
- docker-compose.yml

39
roles/forgejo_runners/tasks/register-runner.yml Normal file
View file

@ -0,0 +1,39 @@
---
- name: Check variables
ansible.builtin.assert:
that:
- forgejo_runners_instance is defined
- forgejo_runners_version is defined
- forgejo_runners_config_dir is defined
- "'key' in item"
- "'value' in item"
- name: Create runner subdirectory
ansible.builtin.file:
path: "{{ forgejo_runners_config_dir }}/{{ item.key }}"
state: directory
mode: "0755"
owner: "{{ forgejo_runners_user }}"
group: "{{ forgejo_runners_user }}"
- name: Register runner
ansible.builtin.command:
cmd: >-
docker run
-v /var/run/docker.sock:/var/run/docker.sock
-v {{ forgejo_runners_config_dir }}/{{ item.key }}:/data
--rm
--user {{ ansible_facts.getent_passwd[forgejo_runners_user][1] }}:{{ ansible_facts.getent_passwd[forgejo_runners_user][2] }}
code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }}
forgejo-runner register --no-interactive
--token {{ item.value.token }}
--name {{ item.key }}
--instance {{ forgejo_runners_instance }}
creates: "{{ forgejo_runners_config_dir }}/{{ item.key }}/.runner"
notify: Start runners
- name: Create runner configuration
ansible.builtin.template:
src: config.yml.j2
dest: "{{ forgejo_runners_config_dir }}/{{ item.key }}/config.yml"
notify: Restart runners

44
roles/forgejo_runners/templates/config.yml.j2 Normal file
View file

@ -0,0 +1,44 @@
{{ ansible_managed | comment }}
log:
level: info
job_level: info
runner:
file: .runner
capacity: 1
timeout: 3h
shutdown_timeout: 3h
insecure: false
fetch_timeout: 5s
fetch_interval: 2s
report_interval: 1s
{% if item.value.labels | default({}) %}
labels:
{% for label_name, label_value in item.value.labels.items() %}
- "{{ label_name }}:{{ label_value }}"
{% endfor %}
{% endif %}
cache:
enabled: true
port: 0
dir: ""
external_server: ""
secret: ""
host: ""
proxy_port: 0
actions_cache_url_override: ""
container:
network: ""
enable_ipv6: false
privileged: false
options:
workdir_parent:
valid_volumes: []
docker_host: "-"
force_pull: false
force_rebuild: false
host:
workdir_parent:

27
roles/forgejo_runners/templates/docker-compose.yml.j2 Normal file
View file

@ -0,0 +1,27 @@
---
{{ ansible_managed | comment }}
services:
docker:
image: docker:dind
privileged: true
restart: always
volumes:
- certs:/certs
{% for runner in forgejo_runners_settings %}
runner-{{ runner }}:
image: code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }}
user: {{ ansible_facts.getent_passwd[forgejo_runners_user][1] }}:{{ ansible_facts.getent_passwd[forgejo_runners_user][2] }}
environment:
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: /certs/client
restart: always
volumes:
- {{ forgejo_runners_config_dir }}/{{ runner }}:/data
- certs:/certs
command: 'forgejo-runner --config config.yml daemon'
{% endfor %}
volumes:
certs: