Add note about tailscale ssh

2025-08-06 00:33:39 +00:00 · 2023-12-19 08:36:13 -05:00
parent 1b2e976dc9
commit 946c2cf8d8
2 changed files with 7 additions and 8 deletions
--- a/content/post/setting-up-gitea-actions-with-tailscale/index.md
+++ b/content/post/setting-up-gitea-actions-with-tailscale/index.md
@@ -140,7 +140,7 @@ After adding the above configuration, running `docker compose up -d` should be e
 ## Connecting a Runner
-I installed the runner by [following the docs](https://docs.gitea.com/usage/actions/quickstart#set-up-runner). I opted for installing it on a separate host (another lxc container) as recommended in the docs. I used the systemd unit file to ensure that the runner comes back online after system reboots. I installed tailscale on this act runner as well, so that it can have the same "networking privileges" as the main instance.
+I installed the runner by [following the docs](https://docs.gitea.com/usage/actions/quickstart#set-up-runner). I opted for installing it on a separate host (another lxc container) as recommended in the docs. I used the systemd unit file to ensure that the runner comes back online after system reboots. I installed tailscale on this gitea runner as well, so that it can have the same "networking privileges" as the main instance.
 After registering this runner and starting the daemon, it appeared in `/admin/actions/runners`:
@@ -188,10 +188,8 @@ jobs:
        with:
          playbook: playbooks/main.yml
          requirements: requirements.yml
          key: ${{ secrets.SSH_PRIVATE_KEY}}
          options: |
            --inventory inventory
            --ssh-extra-args "-o StrictHostKeyChecking=no"
            --limit ${{ matrix.host }}
  send-failure-notification:
    needs: run-ansible-playbook
@@ -217,12 +215,14 @@ And voilà:
 {{< video src="gitea-workflow" >}}
 You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have [tailscale ssh](https://tailscale.com/tailscale-ssh) enabled.
 ## Areas for improvement
 One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this [doesn't seem possible](https://github.com/go-gitea/gitea/issues/23725) without adding logic to each workflow.
 ## Conclusion
-Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantionally more resources (ahem, gitlab). It likely helps that the codebase is largely written in go.
+Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources (ahem, gitlab). It likely helps that the codebase is largely written in go.
 By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.
--- a/public/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/index.html
+++ b/public/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/index.html
@@ -189,7 +189,7 @@
 </span></span></code></pre></div><p>Something to consider is whether or not you want to use ssh with git. One method to get this to work with containers is to use <a href="https://docs.gitea.com/installation/install-with-docker#ssh-container-passthrough">ssh container passthrough</a>. I decided to keep it simple and not use ssh, since communicating over https is perfectly fine for my use case.</p>
 <p>After adding the above configuration, running <code>docker compose up -d</code> should be enough to get an instance up and running. It will be accessible at <a href="https://gitea.my-tailnet-name.ts.net">https://gitea.my-tailnet-name.ts.net</a> from within the tailnet.</p>
 <h2 id="connecting-a-runner">Connecting a Runner<a href="#connecting-a-runner" class="hanchor" ariaLabel="Anchor">#</a></h2>
-<p>I installed the runner by <a href="https://docs.gitea.com/usage/actions/quickstart#set-up-runner">following the docs</a>. I opted for installing it on a separate host (another lxc container) as recommended in the docs. I used the systemd unit file to ensure that the runner comes back online after system reboots. I installed tailscale on this act runner as well, so that it can have the same &ldquo;networking privileges&rdquo; as the main instance.</p>
+<p>I installed the runner by <a href="https://docs.gitea.com/usage/actions/quickstart#set-up-runner">following the docs</a>. I opted for installing it on a separate host (another lxc container) as recommended in the docs. I used the systemd unit file to ensure that the runner comes back online after system reboots. I installed tailscale on this gitea runner as well, so that it can have the same &ldquo;networking privileges&rdquo; as the main instance.</p>
 <p>After registering this runner and starting the daemon, it appeared in <code>/admin/actions/runners</code>:</p>
 <p><img src="gitea-runners.png" alt="image"></p>
 <h2 id="running-a-workflow">Running a workflow<a href="#running-a-workflow" class="hanchor" ariaLabel="Anchor">#</a></h2>
@@ -229,10 +229,8 @@
 </span></span><span style="display:flex;"><span>        <span style="color:#81a1c1">with</span><span style="color:#eceff4">:</span>
 </span></span><span style="display:flex;"><span>          <span style="color:#81a1c1">playbook</span><span style="color:#eceff4">:</span> playbooks/main.yml
 </span></span><span style="display:flex;"><span>          <span style="color:#81a1c1">requirements</span><span style="color:#eceff4">:</span> requirements.yml
 </span></span><span style="display:flex;"><span>          <span style="color:#81a1c1">key</span><span style="color:#eceff4">:</span> ${{ secrets.SSH_PRIVATE_KEY}}
 </span></span><span style="display:flex;"><span>          <span style="color:#81a1c1">options</span><span style="color:#eceff4">:</span> <span style="color:#eceff4">|</span><span style="color:#616e87">
 </span></span></span><span style="display:flex;"><span><span style="color:#616e87">            --inventory inventory
 </span></span></span><span style="display:flex;"><span><span style="color:#616e87">            --ssh-extra-args &#34;-o StrictHostKeyChecking=no&#34;
 </span></span></span><span style="display:flex;"><span><span style="color:#616e87">            --limit ${{ matrix.host }}</span>            
 </span></span><span style="display:flex;"><span>  <span style="color:#81a1c1">send-failure-notification</span><span style="color:#eceff4">:</span>
 </span></span><span style="display:flex;"><span>    <span style="color:#81a1c1">needs</span><span style="color:#eceff4">:</span> run-ansible-playbook
@@ -257,10 +255,11 @@
    <source src="/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-workflow.webm" type="video/webm">
  <span>Your browser doesn't support embedded videos, but don't worry, you can <a href="/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-workflow.webm">download it</a> and watch it with your favorite video player!</span>
 </video>
 <p>You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have <a href="https://tailscale.com/tailscale-ssh">tailscale ssh</a> enabled.</p>
 <h2 id="areas-for-improvement">Areas for improvement<a href="#areas-for-improvement" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p>One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this <a href="https://github.com/go-gitea/gitea/issues/23725">doesn&rsquo;t seem possible</a> without adding logic to each workflow.</p>
 <h2 id="conclusion">Conclusion<a href="#conclusion" class="hanchor" ariaLabel="Anchor">#</a></h2>
-<p>Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantionally more resources (ahem, gitlab). It likely helps that the codebase is largely written in go.</p>
+<p>Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources (ahem, gitlab). It likely helps that the codebase is largely written in go.</p>
 <p>By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.</p></section>
 <script