main.yml

- name: install dependencies
  pacman: name=docker,python-docker,python-gitlab,gitlab-runner state=latest update_cache=yes
  notify: restart gitlab-runner

- name: install docker.slice
  copy: src=docker.slice dest=/etc/systemd/system/ owner=root group=root mode=0644
  notify: systemd daemon-reload

- name: start docker
  systemd: name=docker enabled=yes state=started daemon_reload=yes

- name: configure Docker daemon for IPv6
  copy: src=daemon.json dest=/etc/docker/daemon.json owner=root group=root mode=0644
  notify: restart docker

# We want to give our gitlab-runners full IPv6 capabilities. Sadly, IPv6 and Docker aren't friends. :(
# https://medium.com/@skleeschulte/how-to-enable-ipv6-for-docker-containers-on-ubuntu-18-04-c68394a219a2
# https://github.com/docker/docker.github.io/blob/c0eb65aabe4de94d56bbc20249179f626df5e8c3/engine/userguide/networking/default_network/ipv6.md
# https://github.com/moby/moby/issues/36954
- name: add IPv6 NAT for docker
  ansible.posix.firewalld:
    zone: public
    permanent: true
    state: enabled
    immediate: true
    rich_rule: rule family="ipv6" destination not address="fd00::1/80" source address="fd00::/80" masquerade
  when: configure_firewall
  tags:
    - firewall


# Please register the runner with this command and save the token as a host var:
# gitlab-runner register \
#   --non-interactive \
#   --url=https://gitlab.archlinux.org/ \
#   --docker-image=archlinux:latest \
#   --tag-list=docker \ # Use docker,secure for secure runners and docker,secure-vm for secure VM runners
#   --registration-token="{{ vault_gitlab_runner_registration_token }}" \
#   --executor=docker \
#   --description="{{ inventory_hostname }}" \
#   --run-untagged=true \ # Use false for secure runners
#   --locked=false \ # Use true for secure runners
#   --access-level=not_protected # Use ref_protected for secure runners
# Note: Secure runners must be added manually to the relevant projects
- name: install runner configuration
  template: src=config.toml.j2 dest=/etc/gitlab-runner/config.toml owner=root group=root mode=0600
  notify: restart gitlab-runner

- name: install gitlab-runner-docker-cleanup.{service,timer}
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  loop:
    - gitlab-runner-docker-cleanup.service
    - gitlab-runner-docker-cleanup.timer
  notify:
    - restart gitlab-runner-docker-cleanup.timer

- name: enable and start gitlab-runner-docker-cleanup.timer
  systemd: name=gitlab-runner-docker-cleanup.timer state=started enabled=yes daemon_reload=yes

- name: enable and start gitlab runner service
  systemd: name=gitlab-runner state=started enabled=yes daemon_reload=yes

- name: setup libvirt-executor
  block:
    - name: install libvirt-executor-update-base-image dependencies
      pacman: name=arch-install-scripts,sequoia-sq state=present

    - name: create libvirt-executor configuration and data directories
      file: path={{ item }} state=directory owner=root group=root mode=0755
      loop: