eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/ansible/roles/tailscale_ci_gateway/tasks/main.yml
Erich Blume fdf5153130
Some checks failed
Test CI / test (pull_request) Failing after 48s
Details
Containerize forgejo-runner with Tailscale gateway for tailnet access 
Architecture:
- tailscale_ci_gateway role: Runs Tailscale container on tailnet-jobs network
- forgejo_runner role: Runs runner daemon in container on same network
- Job containers also use tailnet-jobs network

This allows the runner and jobs to reach forge.tail8d86e.ts.net via
the Tailscale gateway, avoiding hairpinning issues with localhost.

Changes:
- Add tailscale_ci_gateway role with launchd management
- Refactor forgejo_runner to use containerized daemon
- Runner registers with Tailscale URL instead of localhost
- Job containers run on tailnet-jobs network
- Update playbook role ordering (gateway before runner)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-24 11:28:35 -08:00

46 lines
1.5 KiB
YAML
Raw Blame History

---
# Tailscale CI Gateway role
# Manages a Tailscale container that provides tailnet access for CI job containers
- name: Ensure state directory exists
ansible.builtin.file:
path: "{{ tailscale_ci_gateway_state_dir }}"
state: directory
mode: "0700"
- name: Check if Docker network exists
ansible.builtin.command:
cmd: docker network inspect {{ tailscale_ci_gateway_network }}
register: tailscale_ci_gateway_network_check
failed_when: false
changed_when: false
- name: Create Docker network for CI jobs
ansible.builtin.command:
cmd: >-
docker network create
--driver bridge
--subnet {{ tailscale_ci_gateway_network_subnet }}
{{ tailscale_ci_gateway_network }}
when: tailscale_ci_gateway_network_check.rc != 0
changed_when: true
- name: Pull Tailscale image
ansible.builtin.command:
cmd: docker pull {{ tailscale_ci_gateway_image }}
register: tailscale_ci_gateway_pull
changed_when: "'Downloaded newer image' in tailscale_ci_gateway_pull.stdout or 'Pull complete' in tailscale_ci_gateway_pull.stdout"
- name: Deploy launchd plist for Tailscale CI gateway
ansible.builtin.template:
src: tailscale-ci-gateway.plist.j2
dest: ~/Library/LaunchAgents/mcquack.tailscale-ci-gateway.plist
mode: "0644"
notify: Restart tailscale-ci-gateway
- name: Ensure Tailscale CI gateway is loaded
ansible.builtin.command:
cmd: launchctl load ~/Library/LaunchAgents/mcquack.tailscale-ci-gateway.plist
register: tailscale_ci_gateway_load
failed_when: false
changed_when: tailscale_ci_gateway_load.rc == 0
Reference in a new issue View git blame Copy permalink