145 lines
3.9 KiB
HCL
145 lines
3.9 KiB
HCL
resource "null_resource" "runner-config" {
|
|
triggers = {
|
|
version = var.forgejo_runner_version
|
|
}
|
|
}
|
|
|
|
resource "null_resource" "runner_generation" {
|
|
for_each = var.forgejo_runners
|
|
triggers = {
|
|
timestamp = "${each.value.generation}"
|
|
}
|
|
}
|
|
|
|
resource "hcloud_placement_group" "forgejo_runners" {
|
|
name = "forgejo-runners"
|
|
type = "spread"
|
|
labels = {
|
|
"cluster" = "forgejo.icb4dc0.de"
|
|
}
|
|
}
|
|
|
|
data "hcloud_image" "forgejo_runner_snapshot_arm64" {
|
|
id = "228451454"
|
|
}
|
|
|
|
data "hcloud_image" "forgejo_runner_snapshot_amd64" {
|
|
id = "228451463"
|
|
}
|
|
|
|
resource "hcloud_server" "forgejo_runner" {
|
|
for_each = var.forgejo_runners
|
|
name = each.key
|
|
server_type = each.value.server_type
|
|
location = each.value.location
|
|
image = startswith(each.value.server_type, "cax") ? data.hcloud_image.forgejo_runner_snapshot_arm64.id : data.hcloud_image.forgejo_runner_snapshot_amd64.id
|
|
placement_group_id = hcloud_placement_group.forgejo_runners.id
|
|
|
|
backups = false
|
|
|
|
user_data = data.cloudinit_config.runner_config[each.key].rendered
|
|
|
|
lifecycle {
|
|
replace_triggered_by = [
|
|
null_resource.runner-config,
|
|
null_resource.runner_generation[each.key]
|
|
]
|
|
}
|
|
|
|
ssh_keys = [
|
|
hcloud_ssh_key.provisioning_key.id,
|
|
hcloud_ssh_key.yubikey.id,
|
|
hcloud_ssh_key.default.id
|
|
]
|
|
|
|
labels = {
|
|
"node_type" = "forgejo_runner"
|
|
"cluster" = "forgejo.icb4dc0.de"
|
|
}
|
|
|
|
network {
|
|
network_id = hcloud_network.k8s_net.id
|
|
ip = each.value.private_ip
|
|
}
|
|
|
|
public_net {
|
|
ipv4_enabled = true
|
|
ipv6_enabled = true
|
|
}
|
|
|
|
connection {
|
|
host = self.ipv4_address
|
|
agent = false
|
|
private_key = tls_private_key.provisioning.private_key_pem
|
|
timeout = "5m"
|
|
}
|
|
}
|
|
|
|
data "azurerm_key_vault_secret" "runner_secret" {
|
|
for_each = var.forgejo_runners
|
|
name = "${each.key}-runner-secret"
|
|
key_vault_id = azurerm_key_vault.forgejo_runners.id
|
|
}
|
|
|
|
data "azurerm_key_vault_secret" "harbor_minion_username" {
|
|
name = "harbor-minion-username"
|
|
key_vault_id = azurerm_key_vault.hetzner.id
|
|
}
|
|
|
|
data "azurerm_key_vault_secret" "harbor_minion_token" {
|
|
name = "harbor-minion-token"
|
|
key_vault_id = azurerm_key_vault.hetzner.id
|
|
}
|
|
|
|
data "cloudinit_config" "runner_config" {
|
|
for_each = var.forgejo_runners
|
|
gzip = true
|
|
base64_encode = true
|
|
|
|
part {
|
|
content_type = "text/cloud-config"
|
|
content = <<-EOF
|
|
write_files:
|
|
- encoding: gzip+base64
|
|
content: ${base64gzip(file("configs/ci-runner/docker-buildx-cleanup.service"))}
|
|
path: /lib/systemd/system/docker-buildx-cleanup.service
|
|
owner: root:root
|
|
permissions: "0640"
|
|
defer: true
|
|
|
|
- encoding: gzip+base64
|
|
content: ${base64gzip(file("configs/ci-runner/docker-buildx-cleanup.timer"))}
|
|
path: /lib/systemd/system/docker-buildx-cleanup.timer
|
|
owner: root:root
|
|
permissions: "0640"
|
|
defer: true
|
|
|
|
- encoding: gzip+base64
|
|
content: ${base64gzip(data.azurerm_key_vault_secret.runner_secret[each.key].value)}
|
|
path: /var/lib/runner/.runner
|
|
owner: runner:runner
|
|
permissions: "0640"
|
|
defer: true
|
|
|
|
- encoding: gzip+base64
|
|
content: ${base64gzip(templatefile("configs/ci-runner/docker-rootless-config.json", {
|
|
registry_auth : base64encode("${data.azurerm_key_vault_secret.harbor_minion_username.value}:${data.azurerm_key_vault_secret.harbor_minion_token.value}")
|
|
}))}
|
|
path: /var/lib/runner/.docker/config.json
|
|
owner: runner:runner
|
|
permissions: "0640"
|
|
defer: true
|
|
EOF
|
|
}
|
|
|
|
part {
|
|
content_type = "text/cloud-config"
|
|
content = <<-EOF
|
|
runcmd:
|
|
- |
|
|
set -e
|
|
systemctl daemon-reload
|
|
systemctl enable --now forgejo-runner.service
|
|
EOF
|
|
}
|
|
}
|