Amy/Blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: contiuned act runner blog

Browse Source
This commit is contained in:
Amy Retzerau
2025-09-23 15:25:54 +02:00
parent 8fa6fff160
commit 0afc9d7144
1 changed files with 44 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
src/routes/blogs/2-gitea-runner-on-podman-in-lxc/+page.svx
View File

@@ -4,57 +4,78 @@ desc: "For some time now I already host a gitea instace and now with this blog I
date: 2025-09-17 date: 2025-09-17
--- ---
## Setup Enviorement # Setup PVE
Setup Proxmox, so podman can run in unpreviliged container. Setup Proxmox, so podman can run in unpreviliged container.
Podman uses high user ids for it's containers, so we need to extend the range that is usable by LXCs. Podman uses high user ids for it's containers, so we need to extend the range that is usable by LXCs.
```
PVE> vi /etc/subuid
root:100000:200000 # <usr>:<start_uid>:<count>
PVE> vi /etc/subgid
root:100000:200000
```
It is also required to change the limit explictly in the containers config, and we need to add a kernel module. It is also required to change the limit explictly in the containers config, and we need to add a kernel module.
Those ranges are defined in `/etc/subuid` for user ids and `/etc/subgid` for group ids,
in the from of `<usr>:<start_uid>:<count>`.
You could change them manually or change them with
(the first number defines the start and the secound the end of ids)
```bash
usermod --add-subuids 100000-300000 --add-subgids 100000-300000 root
``` ```
PVE> vi /etc/pve/lxc/<VMID>.conf
So `/etc/subuid` should contains `root:100000:200000`.
We also need to edit the LXC config `/etc/pve/lxc/<VMID>.conf`.
```yaml
# <container_uid> <host_uid> <count> # <container_uid> <host_uid> <count>
lxc.idmap: u 0 100000 165536 # uids 0..165536 (container) -> 100000..265536 (host) lxc.idmap: u 0 100000 165536 # uids 0..165536 (container) -> 100000..265536 (host)
lxc.idmap: g 0 100000 165536 # gids lxc.idmap: g 0 100000 165536 # gids
lxc.cgroup2.devices.allow: c 10:200 rwm # cgroup2 for PVE >= 7.0 lxc.cgroup2.devices.allow: c 10:200 rwm # cgroup2 for PVE >= 7.0
lxc.mount.entry: /dev/net dev/net none bind,create=dir lxc.mount.entry: /dev/net dev/net none bind,create=dir
``` ```
I got the information from [here](https://forum.proxmox.com/threads/podman-in-rootless-mode-on-lxc-container.141790/)
together with infos from the [official docu](https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration).
# Setup LXC
As we want to run podman as an unpreviliged user, lets create on:
```bash
useradd -U <USER_NAME>
``` ```
LXC> vi /etc/subuid
username:100000:65536
LXC> vi /etc/subgid
username:100000:65536
```
I got the information from [here](https://forum.proxmox.com/threads/podman-in-rootless-mode-on-lxc-container.141790/).
## Setup Podman
```bash ```bash
apt install podman apt install podman
systemctl --user -M act@ enable podman.socket systemctl --user -M act@ enable podman.socket
``` ```
## Setup Act Runner
First, since we wanna run this rootless, we need a new unpreviliged user. First, since we wanna run this rootless, we need a new unpreviliged user.
The binary is [here available](https://dl.gitea.com/act_runner/). The binary is [here available](https://dl.gitea.com/act_runner/).
I placed it there `/usr/local/bin/act_runner` and made it executable by the new created user. I placed it there `/usr/local/bin/act_runner` and made it executable by the new created user.
```bash
cd /usr/local/bin
curl https://dl.gitea.com/act_runner/0.2.13/act_runner-0.2.13-linux-amd64 > act_runner
chmod +x act_runner
chown act:act act_runner
```
A config that references the regrister file and the podman socket is needed, I placed it in A config that references the regrister file and the podman socket is needed, I placed it in
`/etc/act_runner/config.yaml` `/etc/act_runner/config.yaml`
``` bash
mkdir /etc/act_runner
chown -R act:act /etc/act_runner
```
```yaml ```yaml
# config.yaml
runner: runner:
file: /etc/act_runner/.runner file: /etc/act_runner/.runner
envs:
XDG_RUNTIME_DIR directory: "/run/user/1000"
container: container:
docker_host: "unix:///run/user/<USER_ID>/podman/docker.sock" docker_host: "unix:///run/user/<USER_ID>/podman/docker.sock"
@@ -69,8 +90,10 @@ cache:
And last but not least, we need to regristrate the runner, wich will create the runner file: And last but not least, we need to regristrate the runner, wich will create the runner file:
The token is accsasible through `Settings -> Actions -> Runners -> Create new Runner`. The token is accsasible through `Settings -> Actions -> Runners -> Create new Runner`.
(I'd recommend running the regristration as the unpreviliged user.)
```bash ```bash
sudo -u act /usr/local/bin/act_runner register -c /etc/act_runner/config.yaml \ /usr/local/bin/act_runner register -c /etc/act_runner/config.yaml \
--instance <GITEA ADRESS> --token <TOKEN> --instance <GITEA ADRESS> --token <TOKEN>
--no-interactive --no-interactive
``` ```