inital version

LICENSE

@@ -0,0 +1,9 @@
+MIT License
+
+Copyright (c) 2025 anima
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1 +1,35 @@
 # Gitea Runner Setup
+Deploys a gitea action runner for hosts.
+
+## state
+At this time only labels will be configerd. 
+Maybe if need i will add some more options later.
+
+## minimal setup
+### playbook
+```yaml
+- hosts: runner
+  roles:
+    - setup-gitea-runner
+```
+
+### vars
+#### host (recommend)
+``yaml
+RUNNER_TOKEN: '1234567890'
+RUNNER_LABELS:
+  - mylabel
+  - otherlabel
+```
+> Before register the runner and run it, you need a registration token. The level of the runner determines where to obtain the registration token.
+
+> Instance level: The admin settings page, like <your_gitea.com>/admin/actions/runners.
+> Organization level: The organization settings page, like <your_gitea.com>/<org>/settings/actions/runners.
+> Repository level: The repository settings page, like <your_gitea.com>/<owner>/<repo>/settings/actions/runners.
+
+#### group (recommend)
+```yaml
+RUNNER_INSTANCE: git.my-domain.com
+```
+
+For all vars look at [defaults](defaults/main.yml)!

defaults/main.yml

@@ -0,0 +1,12 @@
+RUNNER_VERSION: "0.2.11"
+RUNNER_DOWNLOAD_URL: "https://dl.gitea.com/act_runner/{{ RUNNER_VERSION }}/act_runner-{{ RUNNER_VERSION }}-linux-amd64"
+RUNNER_TOKEN: 
+RUNNER_INSTANCE: https://git.exampe.com/
+RUNNER_NAME: gitea-runner
+RUNNER_USER: svc-gitea-runner
+RUNNER_GROUP: "{{ RUNNER_USER }}"
+RUNNER_DIR: "/opt/{{ RUNNER_USER }}"
+RUNNER_SERVICE_NAME: "{{ RUNNER_NAME }}.service"
+RUNNER_DOWNLOAD_DIR: /tmp
+RUNNER_LABELS:
+  - REPLACE_ME

handlers/main.yml

@@ -0,0 +1,11 @@
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/systemd_service_module.html#ansible-collections-ansible-builtin-systemd-service-module
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/service_module.html
+---
+- name: reload daemons
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+
+- name: restart runner
+  ansible.builtin.service:
+    name: "{{ RUNNER_SERVICE_NAME }}"
+    state: restarted

tasks/main.yml

@@ -0,0 +1,71 @@
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/get_url_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/template_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/stat_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/command_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/service_module.html
+---
+- name: check runner token
+  ansible.builtin.fail:
+    msg: no token is set!
+  when: RUNNER_TOKEN == None
+
+- name: create runner user
+  ansible.builtin.user:
+    name: "{{ RUNNER_USER }}"
+    create_home: yes
+    home: "{{ RUNNER_DIR }}"
+
+- name: download runner
+  delegate_to: localhost
+  run_once: true
+  ansible.builtin.get_url: 
+    url: "{{ RUNNER_DOWNLOAD_URL }}"
+    dest: "/{{ RUNNER_DOWNLOAD_DIR }}/{{ RUNNER_NAME }}"
+    mode: '0440'
+
+- name: copy runner binary
+  copy:
+    src: "{{ RUNNER_DOWNLOAD_DIR }}/{{ RUNNER_NAME }}"
+    dest: "{{ RUNNER_DIR }}/{{ RUNNER_NAME }}"
+    owner: "{{ RUNNER_USER }}"
+    group: "{{ RUNNER_GROUP | default(RUNNER_USER) }}"
+    mode: '0770'
+
+- name: create runner config
+  ansible.builtin.template:
+    src: conf.yml.j2
+    dest: "{{ RUNNER_DIR }}/conf.yml"
+    owner: "{{ RUNNER_USER }}"
+    group: "{{ RUNNER_GROUP | default(RUNNER_USER) }}"
+    mode: '0660'
+
+- name: create runner service file
+  notify: reload daemons
+  ansible.builtin.template:
+    src: runner.service.j2
+    dest: "/etc/systemd/system/{{ RUNNER_SERVICE_NAME }}"
+    owner: root
+    group: root
+    mode: '0600'
+
+- name: flush handlers
+  meta: flush_handlers
+
+- name: check if runner registerd
+  stat:
+    path: "{{ RUNNER_DIR }}/.runner"
+  register: stat_result
+
+- name: register runner
+  command: "{{ RUNNER_DIR }}/{{ RUNNER_NAME }} register --no-interactive --instance {{ RUNNER_INSTANCE }} --token {{ RUNNER_TOKEN }}"
+  when: 
+    - not stat_result.stat.exists
+    - RUNNER_TOKEN != None
+
+- name: enable runner
+  notify: restart runner
+  ansible.builtin.service:
+    name: "{{ RUNNER_SERVICE_NAME }}"
+    enabled: yes

templates/conf.yml.j2

@@ -0,0 +1,98 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 1
+  # Extra environment variables to run jobs.
+  envs:
+    A_TEST_ENV_NAME_1: a_test_env_value_1
+    A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # The timeout for the runner to wait for running jobs to finish when shutting down.
+  # Any running jobs that haven't finished after this timeout will be cancelled.
+  shutdown_timeout: 0s
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+  # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  labels:
+  {% for lable in RUNNER_LABELS %}
+    - {{ lable.value }}
+  {% endfor %}
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: ""
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 0
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: ""
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+  # If the path starts with '/', the '/' will be trimmed.
+  # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: true
+  # Rebuild docker image(s) even if already present
+  force_rebuild: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:

templates/runner.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=Gitea Actions runner
+Documentation=https://gitea.com/gitea/act_runner
+After=docker.service
+
+[Service]
+ExecStart={{ RUNNER_DIR }}/{{ RUNNER_NAME }} daemon --config {{ RUNNER_DIR }}/config.yml
+ExecReload=/bin/kill -s HUP $MAINPID
+WorkingDirectory={{ RUNNER_DIR }}
+TimeoutSec=0
+RestartSec=10
+Restart=always
+User={{ RUNNER_USER }}
+
+[Install]
+WantedBy=multi-user.target