From 4115774d98f4f8036564628e3ddc7efc694a9df3 Mon Sep 17 00:00:00 2001
From: brooke <brooke@myco.systems>
Date: Sat, 7 Jun 2025 16:16:38 -0400
Subject: [PATCH] basic setup

---
 compose.yml   | 63 ++++++++++++++++++++++++++++++++-------------------
 entrypoint.sh | 17 ++++++++++++++
 2 files changed, 57 insertions(+), 23 deletions(-)
 create mode 100644 entrypoint.sh

diff --git a/compose.yml b/compose.yml
index b3d59e1..1c68184 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,35 +1,52 @@
 ---
 services:
   app:
-    image: nginx:1.27.5
+    image: data.forgejo.org/forgejo/runner:4.0.0
     networks:
-      - proxy
+      - internal
+    environment:
+      DOCKER_HOST: tcp://dind:2375
     deploy:
       restart_policy:
         condition: on-failure
       labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        ## Redirect from EXTRA_DOMAINS to DOMAIN
-        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        ## Redirect HTTP to HTTPS
-        # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
-        # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
-        ## When you're ready for release, run "abra recipe sync <name>" to set this
         - "coop-cloud.${STACK_NAME}.version="
-        ## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
-        # - "backupbot.backup=true"
-        # - "backupbot.backup.path=/some/path"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
+    entrypoint: /custom-entrypoint.sh
+    configs:
+      - source: entrypoint
+        target: /custom-entrypoint.sh
+        mode: 0555
+    volumes:
+      - data:/data
+    secrets:
+      - act_runner_instance
+      - act_runner_token
+
+  dind:
+    image: docker:dind
+    privileged: 'true'
+    command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false']
+    deploy:
+      restart_policy:
+        condition: on-failure
+    networks:
+      - internal
 
 networks:
-  proxy:
+  internal:
+
+volumes:
+  data:
+
+secrets:
+  act_runner_instance:
     external: true
+    name: ${STACK_NAME}_act_runner_instance_${SECRET_ACT_RUNNER_INSTANCE_VERSION}
+  act_runner_token:
+    external: true
+    name: ${STACK_NAME}_act_runner_token_${SECRET_ACT_RUNNER_TOKEN_VERSION}
+
+configs:
+  entrypoint:
+    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
+    file: entrypoint.sh
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..314cefd
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+# Read instance and token from Docker secrets
+INSTANCE=$(cat /run/secrets/act_runner_instance)
+TOKEN=$(cat /run/secrets/act_runner_token)
+
+# Check if .runner file exists
+if [ ! -f .runner ]; then
+    echo "No .runner file exists. Running registration..."
+    forgejo-runner register --instance "${INSTANCE}" --token "${TOKEN}" --no-interactive
+else
+    echo ".runner file exists. Skipping registration."
+fi
+
+# Run forgejo-runner daemon
+exec forgejo-runner daemon