jfraeysd/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
19 commits 1 branch 0 tags 261 KiB
Commit graph

7 commits

Author SHA1 Message Date
Jeremie Fraeys
d36d3db10d
Add Redis cache to Forgejo 2026-02-21 18:27:04 -05:00
Jeremie Fraeys
0c6d09abcd
fix(ssh): allow dual-stack runner source for restricted keys 
- Include web IPv6 alongside IPv4 in authorized_keys from= allowlist\n- Write web public IPv6 into inventory/host_vars/web.yml from Terraform outputs
 2026-01-21 15:08:36 -05:00
Jeremie Fraeys
92003e8f1c
fix(forgejo-runner): prevent duplicate runner registrations 
- Persist runner registration state by setting container working_dir to /data\n- Add post-register assertion that /opt/forgejo-runner/data/.runner exists
 2026-01-20 18:06:51 -05:00
Jeremie Fraeys
a22381492e
feat(infra-controller): add restricted SSH access role 
- Add infra_controller role to provision a dedicated user\n- Install register/deregister forced-command authorized_keys entries\n- Read SSH public keys from vault/env and restrict access by source IP
 2026-01-20 17:14:31 -05:00
Jeremie Fraeys
a3da8deb0f
feat(actions-ssh): use register/deregister keys for services access 
- Add app_ssh_access role to install forced-command keys for infra-register-stdin and infra-deregister\n- Ensure required infra-controller runtime directories exist on services host\n- Add helper script to generate/register both Actions SSH secrets and update vault public keys
 2026-01-20 17:10:02 -05:00
Jeremie Fraeys
c2056d4cd4
fix(forgejo-runner): validate label executor scheme 
- Set default runner label to 'self-hosted:docker://…'\n- Add an early assert to fail fast when labels use an invalid executor scheme
 2026-01-20 17:09:17 -05:00
Jeremie Fraeys
997aff6be3
initial infra commit 2026-01-19 15:02:13 -05:00