7 changed files with 82 additions and 349 deletions
--- a/.env.example
+++ b/.env.example
@ -4,6 +4,3 @@ PORKBUN_SECRET_KEY=sk1_your_key_here
 # K3s node token for agent join
 K3S_NODE_TOKEN=your_token_here
 # Gitea runner token for CI/CD
 GITEA_RUNNER_TOKEN=your_token_here
--- a/ansible/playbooks/setup-gitea-runner.yaml
+++ b/ansible/playbooks/setup-gitea-runner.yaml
@ -1,15 +0,0 @@
 ---
 # Run: ansible-playbook ansible/playbooks/setup-gitea-runner.yaml
 #
 # What this does:
 #   - Installs act_runner as a systemd service on Minisforum
 #   - Registers runner with Gitea
 - name: Deploy Gitea Actions Runner on Minisforum
  hosts: minisforum
  gather_facts: true
  vars:
    gitea_runner_token: "{{ lookup('env', 'GITEA_RUNNER_TOKEN') }}"
  roles:
    - gitea-runner
--- a/ansible/roles/gitea-runner/handlers/main.yaml
+++ b/ansible/roles/gitea-runner/handlers/main.yaml
@ -1,6 +0,0 @@
 ---
 - name: Restart act_runner
  ansible.builtin.systemd:
    name: act_runner
    state: restarted
  become: true
--- a/ansible/roles/gitea-runner/tasks/main.yaml
+++ b/ansible/roles/gitea-runner/tasks/main.yaml
@ -1,104 +0,0 @@
 ---
 - name: Download act_runner binary
  ansible.builtin.get_url:
    url: https://gitea.com/gitea/act_runner/releases/download/v0.2.11/act_runner-0.2.11-linux-amd64
    dest: /usr/local/bin/act_runner
    mode: "0755"
  become: true
 - name: Create act_runner config directory
  ansible.builtin.file:
    path: /etc/act_runner
    state: directory
    mode: "0755"
  become: true
 - name: Write act_runner config
  ansible.builtin.copy:
    dest: /etc/act_runner/config.yaml
    content: |
      log:
        level: info
      runner:
        fetch_timeout: 5s
        fetch_interval: 2s
        labels:
          - "ubuntu-latest:host"
          - "ubuntu-22.04:host"
      container:
        network: host
        privileged: true
        valid_volumes:
          - "**"
      host:
        workdir_parent: /tmp/act-runner-work
    mode: "0644"
  become: true
 - name: Install internal CA certificate
  ansible.builtin.copy:
    src: /etc/rancher/k3s/homelab-ca.crt
    dest: /usr/local/share/ca-certificates/homelab-ca.crt
    mode: "0644"
    remote_src: true
  become: true
 - name: Update CA certificates
  ansible.builtin.command: update-ca-certificates
  become: true
  changed_when: false
 - name: Create act_runner systemd service
  ansible.builtin.copy:
    dest: /etc/systemd/system/act_runner.service
    content: |
      [Unit]
      Description=Gitea Actions Runner
      After=network.target
      [Service]
      Environment=GITEA_INSTANCE_URL=https://gitea.home.arpa
      Environment=GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_token }}
      Environment=GITEA_RUNNER_NAME=minisforum
      Environment=SSL_CERT_FILE=/etc/ssl/certs/homelab-ca.pem
      Environment=GIT_SSL_CAINFO=/etc/ssl/certs/homelab-ca.pem
      ExecStartPre=/bin/sh -c 'if [ ! -f /etc/act_runner/.runner ]; then cp ~/.runner /etc/act_runner/.runner 2>/dev/null || act_runner register --no-interactive --config /etc/act_runner/config.yaml --instance $GITEA_INSTANCE_URL --token $GITEA_RUNNER_REGISTRATION_TOKEN --name $GITEA_RUNNER_NAME; fi'
      ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml
      WorkingDirectory=/etc/act_runner
      Restart=always
      RestartSec=5
      [Install]
      WantedBy=multi-user.target
    mode: "0644"
  become: true
  notify: Restart act_runner
 - name: Copy runner registration file if exists
  ansible.builtin.shell: |
    if [ -f ~/.runner ] && [ ! -f /etc/act_runner/.runner ]; then
      cp ~/.runner /etc/act_runner/.runner
    fi
  become: false
  changed_when: false
 - name: Remove docker.sock if it is a directory
  ansible.builtin.file:
    path: /run/docker.sock
    state: absent
  become: true
 - name: Enable and start Docker
  ansible.builtin.systemd:
    name: docker
    enabled: true
    state: started
  become: true
 - name: Enable and start act_runner
  ansible.builtin.systemd:
    name: act_runner
    enabled: true
    state: started
    daemon_reload: true
  become: true
--- a/config/dashy/conf.yml
+++ b/config/dashy/conf.yml
@ -38,8 +38,6 @@ appConfig:
      border-radius: 14px !important;
    }
 sections:
 ##################### At a Glance #####################
  - name: At a Glance
    icon: mdi-home-variant-outline
    widgets:
@ -77,8 +75,88 @@ sections:
      cols: 2
      collapsed: false
      hideForGuests: false
  - name: System — Minisforum
    icon: mdi-server
    widgets:
      - type: gl-current-cpu
        label: CPU
        options:
          hostname: https://glances.home.arpa
          apiVersion: 4
      - type: gl-current-mem
        label: Memory
        options:
          hostname: https://glances.home.arpa
          apiVersion: 4
      - type: gl-cpu-history
        label: CPU History
        options:
          hostname: https://glances.home.arpa
          apiVersion: 4
          limit: 60
      - type: gl-mem-history
        label: Memory History
        options:
          hostname: https://glances.home.arpa
          apiVersion: 4
          limit: 60
-##################### Services #####################
+  - name: System — Debian
    icon: mdi-harddisk
    widgets:
      - type: gl-current-cpu
        label: CPU
        options:
          hostname: https://glances-debian.home.arpa
          apiVersion: 4
      - type: gl-current-mem
        label: Memory
        options:
          hostname: https://glances-debian.home.arpa
          apiVersion: 4
      - type: gl-disk-space
        label: Debian Storage
        options:
          hostname: https://glances-debian.home.arpa
          apiVersion: 4
  - name: Shortcuts
    icon: mdi-bookmark-outline
    items:
      - title: Facebook
        icon: favicon
        url: https://www.facebook.com/
        target: newtab
        id: 2_975_facebook
      - title: X (Twitter)
        icon: favicon
        url: https://twitter.com/
        target: newtab
        id: 1_975_xtwitter
      - title: Remote Desktop
        icon: favicon
        url: https://remotedesktop.google.com/access/
        target: newtab
        id: 0_975_remotedesktop
      - title: Nyaa
        icon: favicon
        url: https://nyaa.si/
        target: newtab
        id: 3_975_nyaa
      - title: YouTube
        icon: favicon
        url: https://www.youtube.com/
        target: newtab
        id: 4_975_youtube
      - title: Amazon Japan
        icon: favicon
        url: https://www.amazon.co.jp/
        target: newtab
        id: 5_975_amazonjapan
    displayData:
      sectionLayout: grid
      itemCountX: 2
      itemSize: large
      cutToHeight: true
  - name: Services
    icon: mdi-apps
    items:
@ -119,102 +197,3 @@ sections:
        id: 1_836_qbittorrent
    displayData:
      cutToHeight: true
      rows: 1
      cols: 1
 ##################### System — Minisforum #####################
  - name: System — Minisforum
    icon: mdi-server
    widgets:
      - type: gl-current-cpu
        label: CPU
        options:
          hostname: https://glances.home.arpa
          apiVersion: 4
      - type: gl-current-mem
        label: Memory
        options:
          hostname: https://glances.home.arpa
          apiVersion: 4
      - type: gl-cpu-history
        label: CPU History
        options:
          hostname: https://glances.home.arpa
          apiVersion: 4
          limit: 60
      - type: gl-mem-history
        label: Memory History
        options:
          hostname: https://glances.home.arpa
          apiVersion: 4
          limit: 60
    displayData:
      sortBy: default
      rows: 3
      cols: 1
 ##################### System — Debian #####################
  - name: System — Debian
    icon: mdi-harddisk
    widgets:
      - type: gl-current-cpu
        label: CPU
        options:
          hostname: https://glances-debian.home.arpa
          apiVersion: 4
      - type: gl-current-mem
        label: Memory
        options:
          hostname: https://glances-debian.home.arpa
          apiVersion: 4
      - type: gl-disk-space
        label: Debian Storage
        options:
          hostname: https://glances-debian.home.arpa
          apiVersion: 4
    displayData:
      sortBy: default
      rows: 3
      cols: 1
 ##################### Shortcuts #####################
  - name: Shortcuts
    icon: mdi-bookmark-outline
    items:
      - title: Facebook
        icon: favicon
        url: https://www.facebook.com/
        target: newtab
        id: 2_975_facebook
      - title: X (Twitter)
        icon: favicon
        url: https://twitter.com/
        target: newtab
        id: 1_975_xtwitter
      - title: Remote Desktop
        icon: favicon
        url: https://remotedesktop.google.com/access/
        target: newtab
        id: 0_975_remotedesktop
      - title: Nyaa
        icon: favicon
        url: https://nyaa.si/
        target: newtab
        id: 3_975_nyaa
      - title: YouTube
        icon: favicon
        url: https://www.youtube.com/
        target: newtab
        id: 4_975_youtube
      - title: Amazon Japan
        icon: favicon
        url: https://www.amazon.co.jp/
        target: newtab
        id: 5_975_amazonjapan
    displayData:
      sectionLayout: grid
      itemCountX: 2
      itemSize: large
      cutToHeight: true
      rows: 1
      cols: 1
--- a/manifests/gitea-runner-secret.sh
+++ b/manifests/gitea-runner-secret.sh
@ -1,13 +0,0 @@
 #!/bin/bash
 # Usage: bash manifests/gitea-runner-secret.sh
 # Creates gitea-runner-secret from .env
 set -e
 source "$(dirname "$0")/../.env"
 kubectl create secret generic gitea-runner-secret \
  --namespace gitea-runner \
  --from-literal=token="${GITEA_RUNNER_TOKEN}" \
  --dry-run=client -o yaml | kubectl apply -f -
 echo "gitea-runner-secret applied"
--- a/manifests/gitea-runner.yaml
+++ b/manifests/gitea-runner.yaml
@ -1,105 +0,0 @@
 # Gitea Actions Runner
 # Apply: kubectl apply -f manifests/gitea-runner.yaml
 apiVersion: v1
 kind: Namespace
 metadata:
  name: gitea-runner
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: gitea-runner
  namespace: gitea-runner
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: gitea-runner
  namespace: gitea-runner
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea-runner
  template:
    metadata:
      labels:
        app: gitea-runner
    spec:
      serviceAccountName: gitea-runner
      nodeSelector:
        node-role: primary
      containers:
        - name: runner
          image: gitea/act_runner:latest
          env:
            - name: GITEA_INSTANCE_URL
              value: "https://gitea.home.arpa"
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: gitea-runner-secret
                  key: token
            - name: GITEA_RUNNER_NAME
              value: "minisforum"
            - name: GITEA_RUNNER_LABELS
              value: "ubuntu-latest:host,ubuntu-22.04:host"
            - name: CONFIG_FILE
              value: /config/config.yaml
            - name: NODE_EXTRA_CA_CERTS
              value: /certs/ca.crt
            - name: SSL_CERT_FILE
              value: /certs/ca.crt
          volumeMounts:
            - name: config
              mountPath: /config
            - name: containerd-sock
              mountPath: /var/run/docker.sock
            - name: runner-data
              mountPath: /data
            - name: internal-ca
              mountPath: /certs
            - name: usr-bin
              mountPath: /usr/local/bin/node
              subPath: node
      dnsConfig:
        nameservers:
          - 192.168.7.77
      volumes:
        - name: config
          configMap:
            name: gitea-runner-config
        - name: containerd-sock
          hostPath:
            path: /run/k3s/containerd/containerd.sock
        - name: runner-data
          emptyDir: {}
        - name: internal-ca
          secret:
            secretName: internal-ca-cert
        - name: usr-bin
          hostPath:
            path: /usr/bin/node
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: gitea-runner-config
  namespace: gitea-runner
 data:
  config.yaml: |
    log:
      level: info
    runner:
      fetch_timeout: 5s
      fetch_interval: 2s
      env_vars:
        PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
        SSL_CERT_FILE: "/certs/ca.crt"
        GIT_SSL_CAINFO: "/certs/ca.crt"
    container:
      network: host
      privileged: true
      options: "--add-host=gitea.home.arpa:192.168.7.77"
      valid_volumes:
        - "**"