Initial commit: Ansible playbook for Gitea Act Runner deployment
Some checks failed
Ansible Lint / Ansible Lint Check (push) Has been cancelled
Some checks failed
Ansible Lint / Ansible Lint Check (push) Has been cancelled
Automated deployment of act_runner on Ubuntu 20.04+ servers: - Docker CE installation (DEB822 format) - Node.js 24.x via NodeSource - act_runner binary with SHA256 verification - systemd service with security hardening - CI: ansible-lint via Gitea Actions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
54
roles/act_runner/tasks/user.yml
Normal file
54
roles/act_runner/tasks/user.yml
Normal file
@@ -0,0 +1,54 @@
|
||||
---
|
||||
# =============================================================================
|
||||
# Gitea Act Runner - System User Setup
|
||||
# =============================================================================
|
||||
#
|
||||
# Creates a dedicated system user for running the act_runner service.
|
||||
# Running as an unprivileged user improves security by:
|
||||
# - Limiting what the service can access
|
||||
# - Isolating it from other services
|
||||
# - Following the principle of least privilege
|
||||
#
|
||||
# =============================================================================
|
||||
|
||||
# Create the act_runner system group.
|
||||
- name: Create act_runner group
|
||||
ansible.builtin.group:
|
||||
name: "{{ act_runner_group }}"
|
||||
state: present
|
||||
system: true
|
||||
|
||||
# Create the act_runner system user.
|
||||
- name: Create act_runner user
|
||||
ansible.builtin.user:
|
||||
name: "{{ act_runner_user }}"
|
||||
group: "{{ act_runner_group }}"
|
||||
# Add to docker group for container access.
|
||||
groups: docker
|
||||
append: true
|
||||
# Use bash shell for better compatibility with actions.
|
||||
shell: /bin/bash
|
||||
# Home directory for runner data.
|
||||
home: "{{ act_runner_home }}"
|
||||
create_home: true
|
||||
# System user (no login, low UID).
|
||||
system: true
|
||||
state: present
|
||||
|
||||
# Ensure home directory has correct permissions.
|
||||
- name: Set permissions on home directory
|
||||
ansible.builtin.file:
|
||||
path: "{{ act_runner_home }}"
|
||||
state: directory
|
||||
owner: "{{ act_runner_user }}"
|
||||
group: "{{ act_runner_group }}"
|
||||
mode: '0750'
|
||||
|
||||
# Create configuration directory.
|
||||
- name: Create configuration directory
|
||||
ansible.builtin.file:
|
||||
path: "{{ act_runner_config_dir }}"
|
||||
state: directory
|
||||
owner: "{{ act_runner_user }}"
|
||||
group: "{{ act_runner_group }}"
|
||||
mode: '0750'
|
||||
Reference in New Issue
Block a user