diff --git a/ansible/roles/forgejo_runner/tasks/main.yml b/ansible/roles/forgejo_runner/tasks/main.yml index 72e114b..0cce725 100644 --- a/ansible/roles/forgejo_runner/tasks/main.yml +++ b/ansible/roles/forgejo_runner/tasks/main.yml @@ -39,7 +39,7 @@ ansible.builtin.command: cmd: > docker run --rm - --network {{ forgejo_runner_network }} + --network=container:tailscale-ci-gateway -v {{ forgejo_runner_data_dir }}:/data {{ forgejo_runner_image }} forgejo-runner register diff --git a/ansible/roles/forgejo_runner/templates/forgejo-runner.plist.j2 b/ansible/roles/forgejo_runner/templates/forgejo-runner.plist.j2 index adf2288..e0d07a6 100644 --- a/ansible/roles/forgejo_runner/templates/forgejo-runner.plist.j2 +++ b/ansible/roles/forgejo_runner/templates/forgejo-runner.plist.j2 @@ -15,13 +15,14 @@ /usr/local/bin/docker rm {{ forgejo_runner_container_name }} 2>/dev/null || true # Run the forgejo-runner daemon in a container -# - On tailnet-jobs network (can reach Forgejo via Tailscale gateway) -# - Mounts /usr/local/bin/docker socket to spawn job containers +# - Uses gateway's network namespace for tailnet access (to poll Forgejo) +# - Mounts docker socket to spawn job containers # - Mounts config and data directories exec /usr/local/bin/docker run --rm \ --name {{ forgejo_runner_container_name }} \ - --network {{ forgejo_runner_network }} \ - -v /var/run//usr/local/bin/docker.sock:/var/run//usr/local/bin/docker.sock \ + --network=container:tailscale-ci-gateway \ + --user root \ + -v {{ ansible_env.HOME }}/.docker/run/docker.sock:/var/run/docker.sock \ -v {{ forgejo_runner_config_dir }}/config.yaml:/config.yaml:ro \ -v {{ forgejo_runner_data_dir }}:/data \ {{ forgejo_runner_image }} \ diff --git a/ansible/roles/tailscale_ci_gateway/templates/tailscale-ci-gateway.plist.j2 b/ansible/roles/tailscale_ci_gateway/templates/tailscale-ci-gateway.plist.j2 index 287c120..7c223eb 100644 --- a/ansible/roles/tailscale_ci_gateway/templates/tailscale-ci-gateway.plist.j2 +++ b/ansible/roles/tailscale_ci_gateway/templates/tailscale-ci-gateway.plist.j2 @@ -26,6 +26,7 @@ exec /usr/local/bin/docker run --rm \ -e TS_STATE_DIR=/var/lib/tailscale \ -e TS_USERSPACE=false \ -e TS_ACCEPT_DNS=true \ + -e TS_EXTRA_ARGS="--accept-routes" \ {{ tailscale_ci_gateway_image }} ]]>