Erich Blume
fdf5153130
Some checks failed
Test CI / test (pull_request) Failing after 48s
Architecture: - tailscale_ci_gateway role: Runs Tailscale container on tailnet-jobs network - forgejo_runner role: Runs runner daemon in container on same network - Job containers also use tailnet-jobs network This allows the runner and jobs to reach forge.tail8d86e.ts.net via the Tailscale gateway, avoiding hairpinning issues with localhost. Changes: - Add tailscale_ci_gateway role with launchd management - Refactor forgejo_runner to use containerized daemon - Runner registers with Tailscale URL instead of localhost - Job containers run on tailnet-jobs network - Update playbook role ordering (gateway before runner) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
45 lines
1.4 KiB
Django/Jinja
45 lines
1.4 KiB
Django/Jinja
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>Label</key>
|
|
<string>mcquack.tailscale-ci-gateway</string>
|
|
|
|
<key>ProgramArguments</key>
|
|
<array>
|
|
<string>/bin/bash</string>
|
|
<string>-c</string>
|
|
<string><![CDATA[
|
|
# Stop and remove existing container if present
|
|
docker stop {{ tailscale_ci_gateway_container_name }} 2>/dev/null || true
|
|
docker rm {{ tailscale_ci_gateway_container_name }} 2>/dev/null || true
|
|
|
|
# Run the container (foreground so launchd manages lifecycle)
|
|
exec docker run --rm \
|
|
--name {{ tailscale_ci_gateway_container_name }} \
|
|
--hostname {{ tailscale_ci_gateway_hostname }} \
|
|
--network {{ tailscale_ci_gateway_network }} \
|
|
--cap-add NET_ADMIN \
|
|
--cap-add NET_RAW \
|
|
-v {{ tailscale_ci_gateway_state_dir }}:/var/lib/tailscale \
|
|
-e TS_AUTHKEY="{{ tailscale_ci_gateway_auth_key }}" \
|
|
-e TS_STATE_DIR=/var/lib/tailscale \
|
|
-e TS_USERSPACE=false \
|
|
-e TS_ACCEPT_DNS=true \
|
|
{{ tailscale_ci_gateway_image }}
|
|
]]></string>
|
|
</array>
|
|
|
|
<key>RunAtLoad</key>
|
|
<true/>
|
|
|
|
<key>KeepAlive</key>
|
|
<true/>
|
|
|
|
<key>StandardOutPath</key>
|
|
<string>{{ ansible_env.HOME }}/Library/Logs/mcquack.tailscale-ci-gateway.out.log</string>
|
|
|
|
<key>StandardErrorPath</key>
|
|
<string>{{ ansible_env.HOME }}/Library/Logs/mcquack.tailscale-ci-gateway.err.log</string>
|
|
</dict>
|
|
</plist>
|