oss/forgejo-hetzner-runner
1
0
Fork 0
mirror of https://codeberg.org/pierreprinetti/forgejo-hetzner-runner.git synced 2025-06-27 16:25:53 +00:00
Code Wiki Activity
forgejo-hetzner-runner/runner.cloud-init.yaml
Pierre Prinetti b6fc7d59b3
First commit
2023-07-13 14:56:28 +02:00

49 lines
2 KiB
YAML
Raw Permalink Blame History

#cloud-config
package_update: true
package_upgrade: true
packages:
- apparmor
- docker.io
runcmd:
- sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
- sed -i '$a AllowUsers runner' /etc/ssh/sshd_config
- curl -sSL https://code.forgejo.org/forgejo/runner/releases/download/v2.1.0/forgejo-runner-amd64 > /usr/bin/forgejo-runner
- echo 'f0dab69994fcdc3d35ef34b59ff3cff6f44a70112a6e7125f1fb7949d879e02e2a2d1d0a3ac8732b2bae7e47bfb7358a8fa5f409fe4d85e48c4e69b0c38c8e43 /usr/bin/forgejo-runner' | sha512sum -c && chmod +x /usr/bin/forgejo-runner
- mkdir -p /etc/runner
- cd /etc/runner && /usr/bin/forgejo-runner register --no-interactive --token ${runner_token} --name runner --instance https://codeberg.org --labels docker:docker://node:16-bullseye
- /usr/bin/forgejo-runner generate-config > /etc/runner/config.yml
- chown -R runner:runner /etc/runner
- |
cat > /etc/systemd/system/runner.service <<EOF
[Unit]
Description=Forgejo runner
Wants=network.target
After=network.target
[Service]
Type=simple
User=runner
Group=runner
WorkingDirectory=/etc/runner
ExecStart=/usr/bin/forgejo-runner daemon
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
- systemctl enable runner.service
- reboot
users:
- groups: users, admin, docker
name: runner
shell: /bin/bash
ssh_authorized_keys:
- ${authorized_ssh_key}
sudo: ALL=(ALL) NOPASSWD:ALL
View git blame Copy permalink