Initial commit: nult - Ansible deployment toolkit

Merged from veridion-gitea and veridion-act-runner-gitea repos.

nult (Null-T) - instant teleportation from Strugatsky's Noon Universe.
Like Null-T, this toolkit instantly deploys infrastructure.

Roles:
- gitea: Gitea server with PostgreSQL (Docker Compose)
- act_runner: Gitea Actions runner

Playbooks:
- gitea.yml: Deploy Gitea server
- act-runner.yml: Deploy Act Runner
- site.yml: Deploy all services

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

group_vars/all/vars.yml

@@ -0,0 +1,53 @@
+---
+# =============================================================================
+# Group Variables - All Hosts
+# =============================================================================
+#
+# Maps vault secrets to role variables and sets common overrides.
+# Vault variables (prefixed with vault_) are stored encrypted in vault.yml.
+#
+# HOW TO USE:
+#   1. Create the vault: ansible-vault create group_vars/all/vault.yml
+#   2. Add your secrets to the vault (see vault.yml.example)
+#   3. The mappings below will reference those vault variables
+#
+# See: https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html
+# =============================================================================
+
+# =============================================================================
+# Gitea Server Configuration
+# =============================================================================
+# Used by: roles/gitea
+
+# Domain configuration
+gitea_domain: "{{ vault_gitea_domain }}"
+gitea_ssh_domain: "{{ gitea_domain }}"
+gitea_root_url: "https://{{ gitea_domain }}"
+
+# Database credentials
+gitea_db_password: "{{ vault_gitea_db_password }}"
+
+# ACME/TLS configuration
+gitea_acme_email: "{{ vault_gitea_acme_email | default('') }}"
+
+# =============================================================================
+# Act Runner Configuration
+# =============================================================================
+# Used by: roles/act_runner
+
+# Gitea instance URL (e.g., "https://git.example.com")
+gitea_instance_url: "{{ vault_gitea_instance_url }}"
+
+# Registration token from Gitea admin panel
+# Get it from: {{ gitea_instance_url }}/-/admin/actions/runners
+act_runner_token: "{{ vault_act_runner_token }}"
+
+# Package registry hostname (usually same as Gitea host, without https://)
+gitea_registry: "{{ vault_gitea_registry }}"
+
+# Service account username for package registry authentication
+gitea_actions_user: "{{ vault_gitea_actions_user }}"
+
+# Personal Access Token (PAT) for package registry
+# Create at: {{ gitea_instance_url }}/user/settings/applications
+gitea_packages_token: "{{ vault_gitea_packages_token }}"

group_vars/all/vault.yml.example

@@ -0,0 +1,29 @@
+---
+# =============================================================================
+# Vault Secrets Example
+# =============================================================================
+#
+# Copy this file and encrypt it:
+#   cp vault.yml.example vault.yml
+#   ansible-vault encrypt vault.yml
+#
+# Or create directly:
+#   ansible-vault create vault.yml
+#
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# Gitea Server Secrets
+# -----------------------------------------------------------------------------
+vault_gitea_domain: "git.example.com"
+vault_gitea_db_password: "your-secure-database-password"
+vault_gitea_acme_email: "admin@example.com"
+
+# -----------------------------------------------------------------------------
+# Act Runner Secrets
+# -----------------------------------------------------------------------------
+vault_gitea_instance_url: "https://git.example.com"
+vault_act_runner_token: "runner-registration-token-from-gitea-admin"
+vault_gitea_registry: "git.example.com"
+vault_gitea_actions_user: "gitea_actions"
+vault_gitea_packages_token: "personal-access-token-for-packages"