feat: contiuned act runner blog

src/routes/blogs/2-gitea-runner-on-podman-in-lxc/+page.svx

@@ -4,57 +4,78 @@ desc: "For some time now I already host a gitea instace and now with this blog I
 date: 2025-09-17
 ---
 
-## Setup Enviorement
+# Setup PVE
+
 
 Setup Proxmox, so podman can run in unpreviliged container.
 Podman uses high user ids for it's containers, so we need to extend the range that is usable by LXCs.
 
-```
-PVE> vi /etc/subuid
-root:100000:200000   # <usr>:<start_uid>:<count>
-PVE> vi /etc/subgid
-root:100000:200000
-```
 
 It is also required to change the limit explictly in the containers config, and we need to add a kernel module.
+Those ranges are defined in `/etc/subuid` for user ids and  `/etc/subgid` for group ids,
+in the from of `<usr>:<start_uid>:<count>`.
+You could change them manually or change them with
+
+(the first number defines the start and the secound the end of ids)
+
+```bash
+usermod --add-subuids 100000-300000 --add-subgids 100000-300000 root
 ```
-PVE> vi /etc/pve/lxc/<VMID>.conf
+
+So `/etc/subuid` should contains `root:100000:200000`.
+
+We also need to edit the LXC config `/etc/pve/lxc/<VMID>.conf`.
+
+```yaml
 # <container_uid> <host_uid> <count>
 lxc.idmap: u 0 100000 165536 # uids 0..165536 (container) -> 100000..265536 (host)
 lxc.idmap: g 0 100000 165536 # gids
 lxc.cgroup2.devices.allow: c 10:200 rwm  # cgroup2 for PVE >= 7.0
 lxc.mount.entry: /dev/net dev/net none bind,create=dir
 ```
+
+I got the information from [here](https://forum.proxmox.com/threads/podman-in-rootless-mode-on-lxc-container.141790/)
+together with infos from the [official docu](https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration).
+
+
+# Setup LXC
+
+As we want to run podman as an unpreviliged user, lets create on:
+```bash
+useradd -U <USER_NAME>
 ```
-LXC> vi /etc/subuid
-username:100000:65536
-LXC> vi /etc/subgid
-username:100000:65536
-```
-I got the information from [here](https://forum.proxmox.com/threads/podman-in-rootless-mode-on-lxc-container.141790/).
 
-
-
-## Setup Podman
 ```bash
 apt install podman
 systemctl --user -M act@ enable podman.socket
 ```
 
-## Setup Act Runner
-
 First, since we wanna run this rootless, we need a new unpreviliged user.
 
 The binary is [here available](https://dl.gitea.com/act_runner/).
 I placed it there `/usr/local/bin/act_runner` and made it executable by the new created user.
-
+```bash
+cd /usr/local/bin
+curl https://dl.gitea.com/act_runner/0.2.13/act_runner-0.2.13-linux-amd64 > act_runner
+chmod +x act_runner
+chown act:act act_runner
+```
 
 A config that references the regrister file and the podman socket is needed, I placed it in
 `/etc/act_runner/config.yaml`
 
+``` bash
+mkdir /etc/act_runner
+chown -R act:act /etc/act_runner
+```
+
+
 ```yaml
+# config.yaml
 runner:
   file: /etc/act_runner/.runner
+  envs:
+    XDG_RUNTIME_DIR directory: "/run/user/1000"
 
 container:
   docker_host: "unix:///run/user/<USER_ID>/podman/docker.sock"
@@ -69,8 +90,10 @@ cache:
 
 And last but not least, we need to regristrate the runner, wich will create the runner file:
 The token is accsasible through `Settings -> Actions -> Runners -> Create new Runner`. 
+
+(I'd recommend running the regristration as the unpreviliged user.)
 ```bash
-sudo -u act /usr/local/bin/act_runner register -c /etc/act_runner/config.yaml \
+/usr/local/bin/act_runner register -c /etc/act_runner/config.yaml \
     --instance <GITEA ADRESS> --token <TOKEN>
     --no-interactive
 ```