Blog/src/routes/blogs/2-gitea-runner-on-podman-in-lxc/+page.svx

---
title: Setup up Gitea Runner with Podman in LXC
desc: "For some time now I already host a gitea instace and now with this blog I finally have some real usage for CI, but setting up gitea actions in an LXC and using Podman instead of Docker Engine was not as straight forward as expected."
date: 2025-09-17
img_cov: gitea-logo.png|0.8
listed: true
---

# Setup PVE


Setup Proxmox, so podman can run in unpreviliged container.
Podman uses high user ids for it's containers, so we need to extend the range that is usable by LXCs.


It is also required to change the limit explictly in the containers config, and we need to add a kernel module.
Those ranges are defined in `/etc/subuid` for user ids and  `/etc/subgid` for group ids,
in the from of `<usr>:<start_uid>:<count>`.
You could change them manually or change them with

(the first number defines the start and the secound the end of ids)

```bash
usermod --add-subuids 100000-300000 --add-subgids 100000-300000 root
```

So `/etc/subuid` should contains `root:100000:200000`.

We also need to edit the LXC config `/etc/pve/lxc/<VMID>.conf`.

```yaml
# <container_uid> <host_uid> <count>
lxc.idmap: u 0 100000 165536 # uids 0..165536 (container) -> 100000..265536 (host)
lxc.idmap: g 0 100000 165536 # gids
lxc.cgroup2.devices.allow: c 10:200 rwm  # cgroup2 for PVE >= 7.0
lxc.mount.entry: /dev/net dev/net none bind,create=dir
```

I got the information from [here](https://forum.proxmox.com/threads/podman-in-rootless-mode-on-lxc-container.141790/)
together with infos from the [official docu](https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration).


# Setup LXC

As we want to run podman as an unpreviliged user, lets create on:
```bash
useradd -U <USER_NAME>
```

```bash
apt install podman
systemctl --user -M act@ enable podman.socket
```

First, since we wanna run this rootless, we need a new unpreviliged user.

The binary is [here available](https://dl.gitea.com/act_runner/).
I placed it there `/usr/local/bin/act_runner` and made it executable by the new created user.
```bash
cd /usr/local/bin
curl https://dl.gitea.com/act_runner/0.2.13/act_runner-0.2.13-linux-amd64 > act_runner
chmod +x act_runner
chown act:act act_runner
```

A config that references the regrister file and the podman socket is needed, I placed it in
`/etc/act_runner/config.yaml`

``` bash
mkdir /etc/act_runner
chown -R act:act /etc/act_runner
```


```yaml
# config.yaml
runner:
  file: /etc/act_runner/.runner
  envs:
    XDG_RUNTIME_DIR directory: "/run/user/1000"

container:
  docker_host: "unix:///run/user/<USER_ID>/podman/docker.sock"

cache:
  # Enable cache server to use actions/cache.
  enabled: true
  # The directory to store the cache data.
  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
  dir: "/etc/act_runner/cache"
```

And last but not least, we need to regristrate the runner, wich will create the runner file:
The token is accsasible through `Settings -> Actions -> Runners -> Create new Runner`. 

(I'd recommend running the regristration as the unpreviliged user.)
```bash
/usr/local/bin/act_runner register -c /etc/act_runner/config.yaml \
    --instance <GITEA ADRESS> --token <TOKEN>
    --no-interactive
```

### Create Act Runner User Service
Create a user service in in the following file: `/usr/lib/systemd/user/act_runner.servic`
```ini
Description=Gitea Actions runner
Documentation=https://gitea.com/gitea/act_runner
After=podman.socket

[Service]
ExecStart=/usr/local/bin/act_runner daemon -c /etc/act_runner/config.yaml
Delegate=true
Type=simple

[Install]
WantedBy=default.target
```

## Auto start user Services

To start the user services, you can add a drop-in and add the Install, by running:

```bash
systemctl edit user@1001 --drop-in=start_act_runner
```

and inserting

```ini
[Install]
WantedBy=multi-user.target
```

In the end, all left to do is, enable the user:
```bash
systemctl enable --now user@<USER_ID>
```