red_alert/act-runner-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6982bcf37202acb50b62df1941bd1d838bc3a4d1
act-runner-gitea/group_vars/all/vault.yml.example
Mark 6982bcf372
Some checks failed
Ansible Lint / Ansible Lint Check (push) Has been cancelled
Details
Initial commit: Ansible playbook for Gitea Act Runner deployment 
Automated deployment of act_runner on Ubuntu 20.04+ servers:
- Docker CE installation (DEB822 format)
- Node.js 24.x via NodeSource
- act_runner binary with SHA256 verification
- systemd service with security hardening
- CI: ansible-lint via Gitea Actions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 16:01:06 +01:00

95 lines
4.0 KiB
Plaintext
Raw Blame History

---
# =============================================================================
# Ansible Vault - Encrypted Secrets (EXAMPLE)
# =============================================================================
#
# This is an EXAMPLE file showing what should go in your encrypted vault.
# DO NOT commit actual secrets to version control.
#
# HOW TO CREATE THE REAL VAULT:
# 1. Copy this file's contents
# 2. Run: ansible-vault create group_vars/vault.yml
# 3. Paste and edit with your actual values
# 4. Save and exit
#
# HOW TO MANAGE THE VAULT:
# - Edit: ansible-vault edit group_vars/vault.yml
# - View: ansible-vault view group_vars/vault.yml
# - Rekey: ansible-vault rekey group_vars/vault.yml
#
# SECURITY NOTES:
# - Never commit the vault password to version control
# - Store vault password in a secure location (password manager, etc.)
# - Consider using --vault-password-file for automation
# - Add vault.yml to .gitignore (this example file is safe to commit)
#
# =============================================================================
# -----------------------------------------------------------------------------
# Gitea Instance Configuration
# -----------------------------------------------------------------------------
# URL of your Gitea instance (including https://).
# This is where the runner will connect to pick up jobs.
# Example: "https://git.example.com"
vault_gitea_instance_url: "https://git.karmaxplan.ru"
# -----------------------------------------------------------------------------
# Runner Registration Token
# -----------------------------------------------------------------------------
# Registration token from Gitea for authenticating new runners.
#
# HOW TO GET THIS TOKEN:
# 1. Log into Gitea as admin
# 2. Go to: Site Administration > Actions > Runners
# URL: {{ vault_gitea_instance_url }}/-/admin/actions/runners
# 3. Click "Create new Runner"
# 4. Copy the displayed token
#
# IMPORTANT:
# - Tokens are SINGLE-USE: one token = one runner registration
# - Generate a new token for each server you deploy to
# - Token expires if not used within a certain time
vault_act_runner_token: "<your-registration-token-here>"
# -----------------------------------------------------------------------------
# Package Registry Configuration
# -----------------------------------------------------------------------------
# These values enable the runner to authenticate with Gitea's package registry.
# This is needed if your workflows push/pull container images or packages.
# Hostname of the Gitea package registry.
# Usually the same as your Gitea instance hostname (without https://).
vault_gitea_registry: "git.karmaxplan.ru"
# Service account username for package registry operations.
# Best practice: Create a dedicated "actions" user in Gitea for CI/CD.
# This user should have appropriate permissions for your repositories.
vault_gitea_actions_user: "actions"
# Personal Access Token (PAT) for package registry authentication.
#
# HOW TO CREATE THE PAT:
# 1. Log into Gitea as the service account (e.g., "actions")
# 2. Go to: User Settings > Applications
# URL: {{ vault_gitea_instance_url }}/user/settings/applications
# 3. Under "Generate New Token", enter a name (e.g., "act-runner-packages")
# 4. Select scopes:
# - read:package (required for pulling images)
# - write:package (required for pushing images)
# 5. Click "Generate Token"
# 6. Copy the token immediately (it won't be shown again)
#
# SECURITY NOTES:
# - This token grants package access - keep it secret
# - Rotate tokens periodically
# - Use the minimum required scopes
vault_gitea_packages_token: "<your-packages-pat-here>"
# -----------------------------------------------------------------------------
# Optional: Sudo Password (if using non-root user with password sudo)
# -----------------------------------------------------------------------------
# Uncomment if your ansible_user requires a password for sudo.
# vault_sudo_password: "<your-sudo-password-here>"
Reference in New Issue View Git Blame Copy Permalink