infrastructure/roles/gitlab_runner/tasks/main.yml

---

- name: install dependencies
  pacman: name=docker,python-docker,python-gitlab,gitlab-runner state=latest update_cache=yes
  notify: restart gitlab-runner

- name: start docker
  systemd: name=docker enabled=yes state=started daemon_reload=yes

- name: configure Docker daemon for IPv6
  copy: src=daemon.json dest=/etc/docker/daemon.json owner=root group=root mode=0644
  notify: restart docker

# We want to give our gitlab-runners full IPv6 capabilities. Sadly, IPv6 and Docker aren't friends. :(
# https://medium.com/@skleeschulte/how-to-enable-ipv6-for-docker-containers-on-ubuntu-18-04-c68394a219a2
# https://github.com/docker/docker.github.io/blob/c0eb65aabe4de94d56bbc20249179f626df5e8c3/engine/userguide/networking/default_network/ipv6.md
# https://github.com/moby/moby/issues/36954
- name: add IPv6 NAT for docker
  ansible.posix.firewalld:
    zone: public
    permanent: true
    state: enabled
    immediate: true
    rich_rule: rule family="ipv6" destination not address="fd00::1/80" source address="fd00::/80" masquerade
  when: configure_firewall
  tags:
    - firewall

- name: register gitlab-runner
  command: >
    gitlab-runner register
    --non-interactive
    --url=https://gitlab.archlinux.org/
    --docker-image=alpine:latest
    --tag-list=docker
    --registration-token="{{ vault_gitlab_runner_registration_token }}"
    --executor=docker
    --description="{{ inventory_hostname }}"
    --run-untagged=false
    --docker-tlsverify=true
    --locked=false
    --access-level=not_protected    
  args:
    creates: /etc/gitlab-runner/config.toml

- name: increase concurrency
  lineinfile:
    path: /etc/gitlab-runner/config.toml
    owner: root
    group: root
    mode: 0600
    regexp: '^concurrent = .*'
    line: concurrent = 100
  notify: restart gitlab-runner

- name: enable prometheus exporter
  lineinfile:
    path: /etc/gitlab-runner/config.toml
    insertbefore: '^concurrent'
    line: listen_address = ":{{ gitlab_runner_exporter_port }}"
  notify: restart gitlab-runner

- name: enable and start gitlab runner service
  systemd: name=gitlab-runner state=started enabled=yes daemon_reload=yes