Mark
a9554f3e5d
Merged from veridion-gitea and veridion-act-runner-gitea repos. nult (Null-T) - instant teleportation from Strugatsky's Noon Universe. Like Null-T, this toolkit instantly deploys infrastructure. Roles: - gitea: Gitea server with PostgreSQL (Docker Compose) - act_runner: Gitea Actions runner Playbooks: - gitea.yml: Deploy Gitea server - act-runner.yml: Deploy Act Runner - site.yml: Deploy all services Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
72 lines
1.9 KiB
Django/Jinja
72 lines
1.9 KiB
Django/Jinja
# =============================================================================
|
|
# Gitea Act Runner - Systemd Service Unit
|
|
# =============================================================================
|
|
# Managed by Ansible - DO NOT EDIT MANUALLY
|
|
#
|
|
# Common commands:
|
|
# systemctl status act_runner - Check service status
|
|
# systemctl restart act_runner - Restart the service
|
|
# journalctl -u act_runner -f - Follow service logs
|
|
#
|
|
# See: https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html
|
|
# =============================================================================
|
|
|
|
[Unit]
|
|
# Human-readable description
|
|
Description=Gitea Actions runner
|
|
|
|
# Documentation link
|
|
Documentation=https://gitea.com/gitea/act_runner
|
|
|
|
# Start after Docker and network are available
|
|
After=docker.service network-online.target
|
|
|
|
# Request network-online.target to be started
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
# Simple type: process runs in foreground
|
|
Type=simple
|
|
|
|
# Main command
|
|
ExecStart={{ act_runner_bin_path }} daemon --config {{ act_runner_config_dir }}/config.yaml
|
|
|
|
# Reload command (sends HUP signal)
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
|
|
# Working directory
|
|
WorkingDirectory={{ act_runner_home }}
|
|
|
|
# No timeout for start/stop (jobs may take long)
|
|
TimeoutSec=0
|
|
|
|
# Wait before restarting after failure
|
|
RestartSec=10
|
|
|
|
# Always restart on any exit
|
|
Restart=always
|
|
|
|
# Run as unprivileged user
|
|
User={{ act_runner_user }}
|
|
Group={{ act_runner_group }}
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Security Hardening
|
|
# ---------------------------------------------------------------------------
|
|
|
|
# No new privileges via setuid/setgid
|
|
NoNewPrivileges=true
|
|
|
|
# Make /usr, /boot, /efi read-only
|
|
ProtectSystem=strict
|
|
|
|
# Allow writes only to these paths
|
|
ReadWritePaths={{ act_runner_home }} {{ act_runner_config_dir }}
|
|
|
|
# Private /tmp directory
|
|
PrivateTmp=true
|
|
|
|
[Install]
|
|
# Start on normal boot
|
|
WantedBy=multi-user.target
|