--- title: Setup up Gitea Runner with Podman in LXC desc: "For some time now I already host a gitea instace and now with this blog I finally have some real usage for CI, but setting up gitea actions in an LXC and using Podman instead of Docker Engine was not as straight forward as expected." date: 2025-09-17 img_cov: gitea-logo.png|0.8 listed: true --- # Setup PVE Setup Proxmox, so podman can run in unpreviliged container. Podman uses high user ids for it's containers, so we need to extend the range that is usable by LXCs. It is also required to change the limit explictly in the containers config, and we need to add a kernel module. Those ranges are defined in `/etc/subuid` for user ids and `/etc/subgid` for group ids, in the from of `::`. You could change them manually or change them with (the first number defines the start and the secound the end of ids) ```bash usermod --add-subuids 100000-300000 --add-subgids 100000-300000 root ``` So `/etc/subuid` should contains `root:100000:200000`. We also need to edit the LXC config `/etc/pve/lxc/.conf`. ```yaml # lxc.idmap: u 0 100000 165536 # uids 0..165536 (container) -> 100000..265536 (host) lxc.idmap: g 0 100000 165536 # gids lxc.cgroup2.devices.allow: c 10:200 rwm # cgroup2 for PVE >= 7.0 lxc.mount.entry: /dev/net dev/net none bind,create=dir ``` I got the information from [here](https://forum.proxmox.com/threads/podman-in-rootless-mode-on-lxc-container.141790/) together with infos from the [official docu](https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration). # Setup LXC As we want to run podman as an unpreviliged user, lets create on: ```bash useradd -U ``` ```bash apt install podman systemctl --user -M act@ enable podman.socket ``` First, since we wanna run this rootless, we need a new unpreviliged user. The binary is [here available](https://dl.gitea.com/act_runner/). I placed it there `/usr/local/bin/act_runner` and made it executable by the new created user. ```bash cd /usr/local/bin curl https://dl.gitea.com/act_runner/0.2.13/act_runner-0.2.13-linux-amd64 > act_runner chmod +x act_runner chown act:act act_runner ``` A config that references the regrister file and the podman socket is needed, I placed it in `/etc/act_runner/config.yaml` ``` bash mkdir /etc/act_runner chown -R act:act /etc/act_runner ``` ```yaml # config.yaml runner: file: /etc/act_runner/.runner envs: XDG_RUNTIME_DIR directory: "/run/user/1000" container: docker_host: "unix:///run/user//podman/docker.sock" cache: # Enable cache server to use actions/cache. enabled: true # The directory to store the cache data. # If it's empty, the cache data will be stored in $HOME/.cache/actcache. dir: "/etc/act_runner/cache" ``` And last but not least, we need to regristrate the runner, wich will create the runner file: The token is accsasible through `Settings -> Actions -> Runners -> Create new Runner`. (I'd recommend running the regristration as the unpreviliged user.) ```bash /usr/local/bin/act_runner register -c /etc/act_runner/config.yaml \ --instance --token --no-interactive ``` ### Create Act Runner User Service Create a user service in in the following file: `/usr/lib/systemd/user/act_runner.servic` ```ini Description=Gitea Actions runner Documentation=https://gitea.com/gitea/act_runner After=podman.socket [Service] ExecStart=/usr/local/bin/act_runner daemon -c /etc/act_runner/config.yaml Delegate=true Type=simple [Install] WantedBy=default.target ``` ## Auto start user Services To start the user services, you can add a drop-in and add the Install, by running: ```bash systemctl edit user@1001 --drop-in=start_act_runner ``` and inserting ```ini [Install] WantedBy=multi-user.target ``` In the end, all left to do is, enable the user: ```bash systemctl enable --now user@ ```