From e889260e12fd2040ee6700b3ba766128a54e557c Mon Sep 17 00:00:00 2001
From: VC <veretcle+framagit@mateu.be>
Date: Fri, 28 Feb 2025 15:39:53 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8:=20install=20act=5Frunner=20for=20git?=
 =?UTF-8?q?ea?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 inventory/host_vars/git1.dmz.mateu.be.yml     |  1 +
 inventory/production.yml                      |  4 ++
 playbooks/gitea.yml                           |  7 ++++
 roles/act_runner/handlers/main.yml            |  8 ++++
 roles/act_runner/tasks/main.yml               | 40 +++++++++++++++++++
 .../templates/act_runner.service.j2           | 16 ++++++++
 roles/act_runner/vars/main.yml                |  7 ++++
 roles/docker/tasks/main.yml                   | 39 ++++++++++++++++++
 roles/docker/vars/main.yml                    |  4 ++
 roles/gitea/tasks/main.yml                    |  8 ++++
 10 files changed, 134 insertions(+)
 create mode 100644 roles/act_runner/handlers/main.yml
 create mode 100644 roles/act_runner/tasks/main.yml
 create mode 100644 roles/act_runner/templates/act_runner.service.j2
 create mode 100644 roles/act_runner/vars/main.yml
 create mode 100644 roles/docker/tasks/main.yml
 create mode 100644 roles/docker/vars/main.yml

diff --git a/inventory/host_vars/git1.dmz.mateu.be.yml b/inventory/host_vars/git1.dmz.mateu.be.yml
index b672b0d..4af2050 100644
--- a/inventory/host_vars/git1.dmz.mateu.be.yml
+++ b/inventory/host_vars/git1.dmz.mateu.be.yml
@@ -2,6 +2,7 @@
 
 web_hostname:
   - host: giteu.be
+    type: gitea
 
 gitea_pg_password: !vault |
           $ANSIBLE_VAULT;1.1;AES256
diff --git a/inventory/production.yml b/inventory/production.yml
index 67b41f7..ac01db3 100644
--- a/inventory/production.yml
+++ b/inventory/production.yml
@@ -99,6 +99,10 @@ giteaservers:
   hosts:
     git1.dmz.mateu.be:
 
+actrunnerservers:
+  hosts:
+    git1.dmz.mateu.be:
+
 mastodonservers:
   hosts:
     masto1.dmz.mateu.be:
diff --git a/playbooks/gitea.yml b/playbooks/gitea.yml
index 379709d..c07d812 100644
--- a/playbooks/gitea.yml
+++ b/playbooks/gitea.yml
@@ -5,3 +5,10 @@
   diff: true
   roles:
     - gitea
+
+- name: Install act_runner
+  hosts: actrunnerservers
+  diff: true
+  roles:
+    - docker
+    - act_runner
diff --git a/roles/act_runner/handlers/main.yml b/roles/act_runner/handlers/main.yml
new file mode 100644
index 0000000..3f61fc4
--- /dev/null
+++ b/roles/act_runner/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Restart Act_Runner
+  ansible.builtin.systemd:
+    name: act_runner
+    state: restarted
+    enabled: true
+    daemon_reload: true
diff --git a/roles/act_runner/tasks/main.yml b/roles/act_runner/tasks/main.yml
new file mode 100644
index 0000000..a2de266
--- /dev/null
+++ b/roles/act_runner/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+
+- name: Create act_runner user
+  ansible.builtin.user:
+    name: "{{ act_runner_user }}"
+    state: present
+    system: true
+    create_home: true
+    home: "{{ act_runner_home }}"
+    groups:
+      - docker
+
+- name: Download act_runner executable
+  ansible.builtin.get_url:
+    url: "{{ act_runner_url }}"
+    dest: "{{ act_runner_bin }}"
+    owner: root
+    group: root
+    mode: "0o755"
+    force: true
+  notify:
+    - Restart Act_Runner
+
+- name: Put systemd service file
+  ansible.builtin.template:
+    src: "act_runner.service.j2"
+    dest: "/etc/systemd/system/act_runner.service"
+    owner: root
+    group: root
+    mode: "0o755"
+  notify:
+    - Restart Act_Runner
+
+- name: Register act_runner
+  become: true
+  become_user: "{{ act_runner_user }}"
+  ansible.builtin.command:
+    cmd: "{{ act_runner_bin }} register --no-interactive --instance https://giteu.be --token {{ _gitea_runner_token.stdout }}"
+    chdir: "{{ act_runner_home }}"
+    creates: "{{ act_runner_home }}/.runner"
diff --git a/roles/act_runner/templates/act_runner.service.j2 b/roles/act_runner/templates/act_runner.service.j2
new file mode 100644
index 0000000..2954fa0
--- /dev/null
+++ b/roles/act_runner/templates/act_runner.service.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description=Gitea Actions runner
+Documentation=https://gitea.com/gitea/act_runner
+After=docker.service
+
+[Service]
+ExecStart={{ act_runner_bin }} daemon
+ExecReload=/bin/kill -s HUP $MAINPID
+WorkingDirectory={{ act_runner_home }}
+TimeoutSec=0
+RestartSec=10
+Restart=always
+User={{ act_runner_user }}
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/act_runner/vars/main.yml b/roles/act_runner/vars/main.yml
new file mode 100644
index 0000000..36cb4cf
--- /dev/null
+++ b/roles/act_runner/vars/main.yml
@@ -0,0 +1,7 @@
+---
+
+act_runner_version: "0.2.11"
+act_runner_url: "https://gitea.com/gitea/act_runner/releases/download/v{{ act_runner_version }}/act_runner-{{ act_runner_version }}-linux-amd64"
+act_runner_home: "/var/lib/act_runner"
+act_runner_bin: "/usr/local/bin/act_runner"
+act_runner_user: "act_runner"
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
new file mode 100644
index 0000000..56690c3
--- /dev/null
+++ b/roles/docker/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+
+- name: Install prerequired packages
+  ansible.builtin.package:
+    name: fuse-overlayfs
+    state: present
+    update_cache: true
+
+- name: Download gpg key
+  ansible.builtin.get_url:
+    url: "{{ docker_key_url }}"
+    dest: "{{ docker_key_path }}"
+    owner: root
+    group: root
+    mode: "0o644"
+
+- name: Set docker source repo
+  ansible.builtin.copy:
+    content: "deb [arch=amd64 signed-by={{ docker_key_path }}] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+    dest: /etc/apt/sources.list.d/docker.list
+    mode: "0o644"
+
+- name: Install docker packages
+  ansible.builtin.package:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+      - docker-buildx-plugin
+      - docker-compose-plugin
+    state: present
+    update_cache: true
+
+- name: Ensure docker is started
+  ansible.builtin.systemd:
+    name: docker
+    state: started
+    enabled: true
+    daemon_reload: true
diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml
new file mode 100644
index 0000000..354db48
--- /dev/null
+++ b/roles/docker/vars/main.yml
@@ -0,0 +1,4 @@
+---
+
+docker_key_url: "https://download.docker.com/linux/debian/gpg"
+docker_key_path: "/etc/apt/keyrings/docker.asc"
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index d4e5a0f..1a7111c 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -76,3 +76,11 @@
     mode: "0o640"
   notify:
     - Restart Gitea
+
+- name: Retrieve Gitea Act Runner Token
+  become: true
+  become_user: git
+  ansible.builtin.command:
+    cmd: "gitea --config {{ gitea_etc_path }}/app.ini actions generate-runner-token"
+  register: _gitea_runner_token
+  changed_when: false