Initial commit - realms platform

2026-01-06 00:26:54 -05:00 · 2026-01-06 00:26:54 -05:00 · b3682b1936
commit b3682b1936
parent 2aa075e842
12 changed files with 148 additions and 100 deletions
--- a/devops/terraform/modules/forgejo/cloud-init.yaml.tpl
+++ b/devops/terraform/modules/forgejo/cloud-init.yaml.tpl
@ -379,16 +379,77 @@ write_files:
              reservations:
                memory: 32M

+        # Forgejo Actions Runner (CI/CD)
+        forgejo-runner:
+          image: code.forgejo.org/forgejo/runner:6.3.1
+          container_name: forgejo-runner
+          restart: unless-stopped
+          depends_on:
+            forgejo:
+              condition: service_healthy
+            docker-dind:
+              condition: service_started
+          environment:
+            DOCKER_HOST: tcp://docker-dind:2376
+            DOCKER_TLS_VERIFY: "1"
+            DOCKER_CERT_PATH: /certs/client
+          volumes:
+            - /mnt/forgejo/runner-data:/data
+            - dind-certs-client:/certs/client:ro
+          networks:
+            - forgejo-internal
+            - dind-network
+          command: >
+            sh -c '
+              if [ ! -f /data/.runner ]; then
+                echo "Runner not registered. Run: docker compose exec forgejo-runner forgejo-runner register"
+                sleep infinity
+              fi
+              forgejo-runner daemon --config /data/config.yaml
+            '
+          deploy:
+            resources:
+              limits:
+                memory: 256M
+              reservations:
+                memory: 128M
+
+        # Docker-in-Docker for Runner (builds images in CI/CD)
+        docker-dind:
+          image: docker:27-dind
+          container_name: forgejo-dind
+          restart: unless-stopped
+          privileged: true
+          environment:
+            DOCKER_TLS_CERTDIR: /certs
+          volumes:
+            - dind-certs-ca:/certs/ca
+            - dind-certs-client:/certs/client
+            - dind-storage:/var/lib/docker
+          networks:
+            - dind-network
+          deploy:
+            resources:
+              limits:
+                memory: 512M
+              reservations:
+                memory: 256M
+
      networks:
        forgejo-internal:
          driver: bridge
          internal: true
        forgejo-public:
          driver: bridge
+        dind-network:
+          driver: bridge

      volumes:
        caddy_data:
        caddy_config:
+        dind-certs-ca:
+        dind-certs-client:
+        dind-storage:
    permissions: '0644'

  # Caddy Dockerfile with rate-limit plugin
@ -516,6 +577,15 @@ write_files:
      |    cd /opt/forgejo && docker compose logs -f                  |
      |    cd /opt/forgejo && docker compose restart                  |
      |                                                               |
+      |  Runner Registration:                                         |
+      |    1. Get token from Forgejo: Site Admin > Actions > Runners  |
+      |    2. Register runner:                                        |
+      |       cd /opt/forgejo && docker compose exec forgejo-runner \ |
+      |         forgejo-runner register --instance https://${domain}  |
+      |         --token YOUR_TOKEN --name realms-runner               |
+      |         --labels ubuntu-latest,docker                         |
+      |    3. Restart: docker compose restart forgejo-runner          |
+      |                                                               |
      +---------------------------------------------------------------+

    permissions: '0644'
@ -580,7 +650,7 @@ runcmd:

  # Start Forgejo stack (build Caddy with rate-limit plugin, pull others)
  - cd /opt/forgejo && docker compose build caddy
-  - cd /opt/forgejo && docker compose pull forgejo forgejo-db
+  - cd /opt/forgejo && docker compose pull forgejo forgejo-db forgejo-runner docker-dind
  - cd /opt/forgejo && docker compose up -d

  # Enable unattended upgrades