Initial commit: nult - Ansible deployment toolkit
Merged from veridion-gitea and veridion-act-runner-gitea repos. nult (Null-T) - instant teleportation from Strugatsky's Noon Universe. Like Null-T, this toolkit instantly deploys infrastructure. Roles: - gitea: Gitea server with PostgreSQL (Docker Compose) - act_runner: Gitea Actions runner Playbooks: - gitea.yml: Deploy Gitea server - act-runner.yml: Deploy Act Runner - site.yml: Deploy all services Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
71
roles/act_runner/templates/act_runner.service.j2
Normal file
71
roles/act_runner/templates/act_runner.service.j2
Normal file
@@ -0,0 +1,71 @@
|
||||
# =============================================================================
|
||||
# Gitea Act Runner - Systemd Service Unit
|
||||
# =============================================================================
|
||||
# Managed by Ansible - DO NOT EDIT MANUALLY
|
||||
#
|
||||
# Common commands:
|
||||
# systemctl status act_runner - Check service status
|
||||
# systemctl restart act_runner - Restart the service
|
||||
# journalctl -u act_runner -f - Follow service logs
|
||||
#
|
||||
# See: https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html
|
||||
# =============================================================================
|
||||
|
||||
[Unit]
|
||||
# Human-readable description
|
||||
Description=Gitea Actions runner
|
||||
|
||||
# Documentation link
|
||||
Documentation=https://gitea.com/gitea/act_runner
|
||||
|
||||
# Start after Docker and network are available
|
||||
After=docker.service network-online.target
|
||||
|
||||
# Request network-online.target to be started
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
# Simple type: process runs in foreground
|
||||
Type=simple
|
||||
|
||||
# Main command
|
||||
ExecStart={{ act_runner_bin_path }} daemon --config {{ act_runner_config_dir }}/config.yaml
|
||||
|
||||
# Reload command (sends HUP signal)
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
|
||||
# Working directory
|
||||
WorkingDirectory={{ act_runner_home }}
|
||||
|
||||
# No timeout for start/stop (jobs may take long)
|
||||
TimeoutSec=0
|
||||
|
||||
# Wait before restarting after failure
|
||||
RestartSec=10
|
||||
|
||||
# Always restart on any exit
|
||||
Restart=always
|
||||
|
||||
# Run as unprivileged user
|
||||
User={{ act_runner_user }}
|
||||
Group={{ act_runner_group }}
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Security Hardening
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
# No new privileges via setuid/setgid
|
||||
NoNewPrivileges=true
|
||||
|
||||
# Make /usr, /boot, /efi read-only
|
||||
ProtectSystem=strict
|
||||
|
||||
# Allow writes only to these paths
|
||||
ReadWritePaths={{ act_runner_home }} {{ act_runner_config_dir }}
|
||||
|
||||
# Private /tmp directory
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
# Start on normal boot
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user