diff --git a/src/routes/blogs/2-gitea-runner-on-podman-in-lxc/+page.svx b/src/routes/blogs/2-gitea-runner-on-podman-in-lxc/+page.svx new file mode 100644 index 0000000..18cfd75 --- /dev/null +++ b/src/routes/blogs/2-gitea-runner-on-podman-in-lxc/+page.svx @@ -0,0 +1,115 @@ +--- +title: Setup up Gitea Runner with Podman in LXC +desc: "For some time now I already host a gitea instace and now with this blog I finally have some real usage for CI, but setting up gitea actions in an LXC and using Podman instead of Docker Engine was not as straight forward as expected." +date: 2025-09-17 +--- + +## Setup Enviorement + +Setup Proxmox, so podman can run in unpreviliged container. +Podman uses high user ids for it's containers, so we need to extend the range that is usable by LXCs. + +``` +PVE> vi /etc/subuid +root:100000:200000 # :: +PVE> vi /etc/subgid +root:100000:200000 +``` + +It is also required to change the limit explictly in the containers config, and we need to add a kernel module. +``` +PVE> vi /etc/pve/lxc/.conf +# +lxc.idmap: u 0 100000 165536 # uids 0..165536 (container) -> 100000..265536 (host) +lxc.idmap: g 0 100000 165536 # gids +lxc.cgroup2.devices.allow: c 10:200 rwm # cgroup2 for PVE >= 7.0 +lxc.mount.entry: /dev/net dev/net none bind,create=dir +``` +``` +LXC> vi /etc/subuid +username:100000:65536 +LXC> vi /etc/subgid +username:100000:65536 +``` +I got the information from [here](https://forum.proxmox.com/threads/podman-in-rootless-mode-on-lxc-container.141790/). + + + +## Setup Podman +```bash +apt install podman +systemctl --user -M act@ enable podman.socket +``` + +## Setup Act Runner + +First, since we wanna run this rootless, we need a new unpreviliged user. + +The binary is [here available](https://dl.gitea.com/act_runner/). +I placed it there `/usr/local/bin/act_runner` and made it executable by the new created user. + + +A config that references the regrister file and the podman socket is needed, I placed it in +`/etc/act_runner/config.yaml` + +```yaml +runner: + file: /etc/act_runner/.runner + +container: + docker_host: "unix:///run/user//podman/docker.sock" + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "/etc/act_runner/cache" +``` + +And last but not least, we need to regristrate the runner, wich will create the runner file: +The token is accsasible through `Settings -> Actions -> Runners -> Create new Runner`. +```bash +sudo -u act /usr/local/bin/act_runner register -c /etc/act_runner/config.yaml \ + --instance --token + --no-interactive +``` + +### Create Act Runner User Service +Create a user service in in the following file: `/usr/lib/systemd/user/act_runner.servic` +```ini +Description=Gitea Actions runner +Documentation=https://gitea.com/gitea/act_runner +After=podman.socket + +[Service] +ExecStart=/usr/local/bin/act_runner daemon -c /etc/act_runner/config.yaml +Delegate=true +Type=simple + +[Install] +WantedBy=default.target +``` + +## Auto start user Services + +To start the user services, you can add a drop-in and add the Install, by running: + +```bash +systemctl edit user@1001 --drop-in=start_act_runner +``` + +and inserting + +```ini +[Unit] +After=gitea.service + +[Install] +WantedBy=multi-user.target +``` + +In the end, all left to do is, enable the user: +```bash +systemctl status user@1001 +```