From 1a04dec6cc4905d15b44e86113307479f3443c4b Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Mon, 13 Dec 2021 00:56:42 +0000
Subject: [PATCH] Add GitLab runner definition

---
 README.md                      |  4 +--
 inventory/prod                 |  3 ++
 main.yml                       |  8 ++++-
 roles/runner/handlers/main.yml |  4 +++
 roles/runner/tasks/main.yml    | 64 ++++++++++++++++++++++++++++++++++
 vars/runner.yml                |  8 +++++
 6 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 roles/runner/handlers/main.yml
 create mode 100644 roles/runner/tasks/main.yml
 create mode 100644 vars/runner.yml

diff --git a/README.md b/README.md
index 3d859ac..a8d9aad 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Vimium GitLab
 
-Self hosted [GitLab](https://about.gitlab.com/install) instance on Vimium.com. Deployed on Hetzner Cloud in the Helsinki datacentre.
+Self hosted [GitLab](https://about.gitlab.com/install) instance on Vimium.com. Deployed on Hetzner Cloud in the Nuremberg datacentre.
 
 ## Prerequisites
 Create an API key in the Hetzner Cloud GUI (Project -> Security -> API Tokens) with the name `gitlab`. This may already be accessible via `pass api/hetzner/gitlab`.
@@ -47,7 +47,7 @@ Content-Type: application/json
 
 {
   "name": "gitlab-runner-nbg1-1",
-  "server_type": "cx21",
+  "server_type": "cpx11",
   "location": "nbg1",
   "start_after_create": true,
   "image": "debian-10",
diff --git a/inventory/prod b/inventory/prod
index 3e8c3ec..7cbc300 100644
--- a/inventory/prod
+++ b/inventory/prod
@@ -1,2 +1,5 @@
 [primary]
 116.203.134.10
+
+[runners]
+94.130.27.216
\ No newline at end of file
diff --git a/main.yml b/main.yml
index d27c14c..06e9cdb 100644
--- a/main.yml
+++ b/main.yml
@@ -3,4 +3,10 @@
   vars_files:
     - vars/primary.yml
   roles:
-    - geerlingguy.gitlab
\ No newline at end of file
+    - geerlingguy.gitlab
+
+- hosts: runners
+  vars_files:
+    - vars/runner.yml
+  roles:
+    - runner
\ No newline at end of file
diff --git a/roles/runner/handlers/main.yml b/roles/runner/handlers/main.yml
new file mode 100644
index 0000000..926c7f5
--- /dev/null
+++ b/roles/runner/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart_docker
+  service:
+    name: docker
+    state: restarted
\ No newline at end of file
diff --git a/roles/runner/tasks/main.yml b/roles/runner/tasks/main.yml
new file mode 100644
index 0000000..14a0bb2
--- /dev/null
+++ b/roles/runner/tasks/main.yml
@@ -0,0 +1,64 @@
+- name: Install Docker dependencies
+  apt:
+    name: [ 'ca-certificates', 'curl', 'gnupg', 'lsb-release' ]
+    state: latest
+    update_cache: yes
+
+- name: Add Docker GPG key
+  apt_key:
+    url: https://download.docker.com/linux/debian/gpg
+    state: present
+
+- name: Add Docker repository
+  apt_repository:
+    repo: deb https://download.docker.com/linux/debian buster stable
+    state: present
+
+- name: Install Docker
+  apt:
+    name: [ 'docker-ce', 'docker-ce-cli', 'containerd.io' ]
+    state: latest
+    update_cache: yes
+
+- name: Start Docker
+  service:
+    name: docker
+    state: started
+    enabled: yes
+
+- name: Add GitLab repository
+  shell:
+    cmd: curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | bash
+    creates: /etc/apt/sources.list.d/runner_gitlab-runner.list
+
+- name: Pin gitlab-runner package
+  copy:
+    dest: /etc/apt/preferences.d/pin-gitlab-runner.pref
+    content: |
+      Explanation: Prefer GitLab provided packages over the Debian native ones
+      Package: gitlab-runner
+      Pin: origin packages.gitlab.com
+      Pin-Priority: 1001
+
+- name: Install GitLab Runner
+  apt:
+    name: gitlab-runner
+    state: latest
+    update_cache: yes
+
+- name: Register runner with GitLab
+  command: 
+    cmd: >
+      gitlab-runner register
+      --non-interactive
+      --url "https://git.vimium.com"
+      --executor "docker"
+      --docker-image alpine:latest
+      --description "docker-runner"
+      --tag-list "docker,hetzner"
+      --run-untagged="true"
+      --locked="false"
+      --access-level="not_protected"
+      --registration-token '{{ gitlab_runner_registration_token }}' && touch /etc/gitlab-runner-registered
+    creates: /etc/gitlab-runner-registered
+  no_log: true
diff --git a/vars/runner.yml b/vars/runner.yml
new file mode 100644
index 0000000..8803529
--- /dev/null
+++ b/vars/runner.yml
@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+34623334623763356262373535326430666662363435376238383234316334336339633237646438
+6363396235616462346537623838386130396230633037370a366264303766376234343539363863
+61613832663935653439626265626337373133386132663731313336386430363438303334663662
+3439363037626136650a386363396538666539383232373137366134336634623930343166626633
+65663736393739623133383039663966653964326633313033626563646162663065373130336366
+36363531386265383138303462376665373865663662336461626133623762613161303561383063
+383364313233633263363236623333656232