Initial commit - realms platform

2026-01-06 00:26:54 -05:00 · 2026-01-06 00:26:54 -05:00 · b3682b1936
commit b3682b1936
parent 2aa075e842
12 changed files with 148 additions and 100 deletions
--- a/devops/terraform/modules/forgejo/cloud-init.yaml.tpl
+++ b/devops/terraform/modules/forgejo/cloud-init.yaml.tpl
@ -379,16 +379,77 @@ write_files:
              reservations:
                memory: 32M

+        # Forgejo Actions Runner (CI/CD)
+        forgejo-runner:
+          image: code.forgejo.org/forgejo/runner:6.3.1
+          container_name: forgejo-runner
+          restart: unless-stopped
+          depends_on:
+            forgejo:
+              condition: service_healthy
+            docker-dind:
+              condition: service_started
+          environment:
+            DOCKER_HOST: tcp://docker-dind:2376
+            DOCKER_TLS_VERIFY: "1"
+            DOCKER_CERT_PATH: /certs/client
+          volumes:
+            - /mnt/forgejo/runner-data:/data
+            - dind-certs-client:/certs/client:ro
+          networks:
+            - forgejo-internal
+            - dind-network
+          command: >
+            sh -c '
+              if [ ! -f /data/.runner ]; then
+                echo "Runner not registered. Run: docker compose exec forgejo-runner forgejo-runner register"
+                sleep infinity
+              fi
+              forgejo-runner daemon --config /data/config.yaml
+            '
+          deploy:
+            resources:
+              limits:
+                memory: 256M
+              reservations:
+                memory: 128M
+
+        # Docker-in-Docker for Runner (builds images in CI/CD)
+        docker-dind:
+          image: docker:27-dind
+          container_name: forgejo-dind
+          restart: unless-stopped
+          privileged: true
+          environment:
+            DOCKER_TLS_CERTDIR: /certs
+          volumes:
+            - dind-certs-ca:/certs/ca
+            - dind-certs-client:/certs/client
+            - dind-storage:/var/lib/docker
+          networks:
+            - dind-network
+          deploy:
+            resources:
+              limits:
+                memory: 512M
+              reservations:
+                memory: 256M
+
      networks:
        forgejo-internal:
          driver: bridge
          internal: true
        forgejo-public:
          driver: bridge
+        dind-network:
+          driver: bridge

      volumes:
        caddy_data:
        caddy_config:
+        dind-certs-ca:
+        dind-certs-client:
+        dind-storage:
    permissions: '0644'

  # Caddy Dockerfile with rate-limit plugin
@ -516,6 +577,15 @@ write_files:
      |    cd /opt/forgejo && docker compose logs -f                  |
      |    cd /opt/forgejo && docker compose restart                  |
      |                                                               |
+      |  Runner Registration:                                         |
+      |    1. Get token from Forgejo: Site Admin > Actions > Runners  |
+      |    2. Register runner:                                        |
+      |       cd /opt/forgejo && docker compose exec forgejo-runner \ |
+      |         forgejo-runner register --instance https://${domain}  |
+      |         --token YOUR_TOKEN --name realms-runner               |
+      |         --labels ubuntu-latest,docker                         |
+      |    3. Restart: docker compose restart forgejo-runner          |
+      |                                                               |
      +---------------------------------------------------------------+

    permissions: '0644'
@ -580,7 +650,7 @@ runcmd:

  # Start Forgejo stack (build Caddy with rate-limit plugin, pull others)
  - cd /opt/forgejo && docker compose build caddy
-  - cd /opt/forgejo && docker compose pull forgejo forgejo-db
+  - cd /opt/forgejo && docker compose pull forgejo forgejo-db forgejo-runner docker-dind
  - cd /opt/forgejo && docker compose up -d

  # Enable unattended upgrades
--- a/devops/terraform/terraform.tfvars.example
+++ b/devops/terraform/terraform.tfvars.example
@ -1,76 +0,0 @@
-# =============================================================================
-# DigitalOcean Terraform Configuration
-# =============================================================================
-# Copy this file to terraform.tfvars and fill in your values
-# NEVER commit terraform.tfvars to version control!
-#
-# Set the DO token via environment variable:
-#   export TF_VAR_do_token="dop_v1_your_token_here"
-# =============================================================================
-
-# =============================================================================
-# Project Configuration
-# =============================================================================
-
-project_name = "realms"
-environment  = "production"
-region       = "nyc3"
-
-# =============================================================================
-# VPC Configuration
-# =============================================================================
-
-vpc_ip_range = "10.10.0.0/16"
-
-# =============================================================================
-# SSH Configuration
-# =============================================================================
-
-# Add your admin SSH public key(s) here
-# Generate with: ssh-keygen -t ed25519 -C "your_email@example.com"
-admin_ssh_public_keys = {
-  # "admin-name" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINlczdk2KKjY2CyYV1Ql8enjRn8gpBBgSLmbbCUyG5Qs admin@doom.tube"
-}
-
-# SSH ports (non-standard for security)
-jump_host_ssh_port   = 49822  # Jump host public SSH
-forgejo_ssh_port     = 52913  # Forgejo system SSH (VPC only)
-forgejo_git_ssh_port = 2222   # Forgejo Git SSH (public)
-
-# =============================================================================
-# Jump Host Configuration
-# =============================================================================
-
-jump_host_size  = "s-1vcpu-512mb-10gb"  # $4/mo
-jump_host_image = "debian-12-x64"
-
-# =============================================================================
-# Forgejo Configuration
-# =============================================================================
-
-forgejo_droplet_size  = "s-1vcpu-1gb-intel"  # $7/mo - 1GB RAM, 1 Intel vCPU
-forgejo_droplet_image = "debian-12-x64"
-forgejo_volume_size   = 50  # GB for repositories and LFS
-forgejo_domain        = "qbit.realms.pub"
-
-# =============================================================================
-# DNS Configuration (requires domain to be managed by DigitalOcean)
-# =============================================================================
-
-# Set to true to automatically create/update A record for Forgejo
-manage_dns = true
-
-# Base domain managed by DigitalOcean DNS
-dns_zone = "realms.pub"
-
-# =============================================================================
-# Backup Configuration
-# =============================================================================
-
-enable_droplet_backups = true
-
-# =============================================================================
-# Additional Tags
-# =============================================================================
-
-tags = []
--- a/devops/terraform/variables.tf
+++ b/devops/terraform/variables.tf
@ -94,9 +94,9 @@ variable "jump_host_image" {
 # =============================================================================

 variable "forgejo_droplet_size" {
-  description = "Size slug for the Forgejo droplet"
+  description = "Size slug for the Forgejo droplet (2GB+ recommended for Actions Runner)"
  type        = string
-  default     = "s-1vcpu-1gb-intel"
+  default     = "s-2vcpu-2gb-intel"
 }

 variable "forgejo_droplet_image" {