Amy/Blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: new blog entry

Browse Source
This commit is contained in:
Amy Retzerau
2025-09-18 11:42:26 +02:00
parent be8731e48e
commit 11809f93ad
1 changed files with 115 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
src/routes/blogs/2-gitea-runner-on-podman-in-lxc/+page.svx Normal file
View File

@@ -0,0 +1,115 @@
---
title: Setup up Gitea Runner with Podman in LXC
desc: "For some time now I already host a gitea instace and now with this blog I finally have some real usage for CI, but setting up gitea actions in an LXC and using Podman instead of Docker Engine was not as straight forward as expected."
date: 2025-09-17
---
## Setup Enviorement
Setup Proxmox, so podman can run in unpreviliged container.
Podman uses high user ids for it's containers, so we need to extend the range that is usable by LXCs.
```
PVE> vi /etc/subuid
root:100000:200000 # <usr>:<start_uid>:<count>
PVE> vi /etc/subgid
root:100000:200000
```
It is also required to change the limit explictly in the containers config, and we need to add a kernel module.
```
PVE> vi /etc/pve/lxc/<VMID>.conf
# <container_uid> <host_uid> <count>
lxc.idmap: u 0 100000 165536 # uids 0..165536 (container) -> 100000..265536 (host)
lxc.idmap: g 0 100000 165536 # gids
lxc.cgroup2.devices.allow: c 10:200 rwm # cgroup2 for PVE >= 7.0
lxc.mount.entry: /dev/net dev/net none bind,create=dir
```
```
LXC> vi /etc/subuid
username:100000:65536
LXC> vi /etc/subgid
username:100000:65536
```
I got the information from [here](https://forum.proxmox.com/threads/podman-in-rootless-mode-on-lxc-container.141790/).
## Setup Podman
```bash
apt install podman
systemctl --user -M act@ enable podman.socket
```
## Setup Act Runner
First, since we wanna run this rootless, we need a new unpreviliged user.
The binary is [here available](https://dl.gitea.com/act_runner/).
I placed it there `/usr/local/bin/act_runner` and made it executable by the new created user.
A config that references the regrister file and the podman socket is needed, I placed it in
`/etc/act_runner/config.yaml`
```yaml
runner:
file: /etc/act_runner/.runner
container:
docker_host: "unix:///run/user/<USER_ID>/podman/docker.sock"
cache:
# Enable cache server to use actions/cache.
enabled: true
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
dir: "/etc/act_runner/cache"
```
And last but not least, we need to regristrate the runner, wich will create the runner file:
The token is accsasible through `Settings -> Actions -> Runners -> Create new Runner`.
```bash
sudo -u act /usr/local/bin/act_runner register -c /etc/act_runner/config.yaml \
--instance <GITEA ADRESS> --token <TOKEN>
--no-interactive
```
### Create Act Runner User Service
Create a user service in in the following file: `/usr/lib/systemd/user/act_runner.servic`
```ini
Description=Gitea Actions runner
Documentation=https://gitea.com/gitea/act_runner
After=podman.socket
[Service]
ExecStart=/usr/local/bin/act_runner daemon -c /etc/act_runner/config.yaml
Delegate=true
Type=simple
[Install]
WantedBy=default.target
```
## Auto start user Services
To start the user services, you can add a drop-in and add the Install, by running:
```bash
systemctl edit user@1001 --drop-in=start_act_runner
```
and inserting
```ini
[Unit]
After=gitea.service
[Install]
WantedBy=multi-user.target
```
In the end, all left to do is, enable the user:
```bash
systemctl status user@1001
```