feat: add gitea-actions role for Gitea act-runner

- Create gitea-runner user with podman access
- Install podman-docker for docker CLI compatibility
- Download and configure act_runner binary
- Systemd service for act_runner daemon
- Host-mode runner labels for Fedora

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

ansible/roles/git/tasks/main.yml

@@ -8,3 +8,8 @@
 - import_tasks: gitea.yml
 # git-daemon no longer needed - commented out
 # - import_tasks: systemd.yml
+
+# Gitea Actions runner
+- include_role:
+    name: gitea-actions
+  tags: gitea-actions

ansible/roles/gitea-actions/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+gitea_runner_user: gitea-runner
+gitea_runner_home: /home/gitea-runner
+gitea_runner_version: "0.2.13"
+gitea_runner_arch: linux-amd64
+gitea_instance_url: https://git.debyl.io
+
+# Paths
+act_runner_bin: /usr/local/bin/act_runner
+act_runner_config_dir: /etc/act_runner
+act_runner_work_dir: /var/lib/act_runner

ansible/roles/gitea-actions/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: restart act_runner
+  become: true
+  ansible.builtin.systemd:
+    name: act_runner
+    state: restarted
+    daemon_reload: true

ansible/roles/gitea-actions/tasks/deps.yml

@@ -0,0 +1,19 @@
+---
+- name: install podman-docker for docker CLI compatibility
+  become: true
+  ansible.builtin.dnf:
+    name:
+      - podman-docker
+      - golang
+    state: present
+  tags: gitea-actions
+
+- name: enable podman socket for gitea-runner
+  become: true
+  become_user: "{{ gitea_runner_user }}"
+  ansible.builtin.systemd:
+    name: podman.socket
+    enabled: true
+    state: started
+    scope: user
+  tags: gitea-actions

ansible/roles/gitea-actions/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+- import_tasks: user.yml
+  tags: gitea-actions
+- import_tasks: deps.yml
+  tags: gitea-actions
+- import_tasks: runner.yml
+  tags: gitea-actions
+- import_tasks: systemd.yml
+  tags: gitea-actions

ansible/roles/gitea-actions/tasks/runner.yml

@@ -0,0 +1,45 @@
+---
+- name: download act_runner binary
+  become: true
+  ansible.builtin.get_url:
+    url: "https://dl.gitea.com/act_runner/{{ gitea_runner_version }}/act_runner-{{ gitea_runner_version }}-{{ gitea_runner_arch }}"
+    dest: "{{ act_runner_bin }}"
+    mode: "0755"
+  tags: gitea-actions
+
+- name: create act_runner config directory
+  become: true
+  ansible.builtin.file:
+    path: "{{ act_runner_config_dir }}"
+    state: directory
+    mode: "0755"
+  tags: gitea-actions
+
+- name: create act_runner working directory
+  become: true
+  ansible.builtin.file:
+    path: "{{ act_runner_work_dir }}"
+    state: directory
+    owner: "{{ gitea_runner_user }}"
+    group: "{{ gitea_runner_user }}"
+    mode: "0755"
+  tags: gitea-actions
+
+- name: create act_runner cache directory
+  become: true
+  ansible.builtin.file:
+    path: "{{ act_runner_work_dir }}/cache"
+    state: directory
+    owner: "{{ gitea_runner_user }}"
+    group: "{{ gitea_runner_user }}"
+    mode: "0755"
+  tags: gitea-actions
+
+- name: deploy act_runner configuration
+  become: true
+  ansible.builtin.template:
+    src: config.yaml.j2
+    dest: "{{ act_runner_config_dir }}/config.yaml"
+    mode: "0644"
+  notify: restart act_runner
+  tags: gitea-actions

ansible/roles/gitea-actions/tasks/systemd.yml

@@ -0,0 +1,17 @@
+---
+- name: deploy act_runner systemd service
+  become: true
+  ansible.builtin.template:
+    src: act_runner.service.j2
+    dest: /etc/systemd/system/act_runner.service
+    mode: "0644"
+  notify: restart act_runner
+  tags: gitea-actions
+
+- name: enable act_runner service
+  become: true
+  ansible.builtin.systemd:
+    name: act_runner
+    daemon_reload: true
+    enabled: true
+  tags: gitea-actions

ansible/roles/gitea-actions/tasks/user.yml

@@ -0,0 +1,34 @@
+---
+- name: create gitea-runner user
+  become: true
+  ansible.builtin.user:
+    name: "{{ gitea_runner_user }}"
+    comment: Gitea Actions runner
+    shell: /bin/bash
+    createhome: true
+    home: "{{ gitea_runner_home }}"
+    groups: docker
+    append: true
+  tags: gitea-actions
+
+- name: check if gitea-runner lingering enabled
+  become: true
+  ansible.builtin.stat:
+    path: "/var/lib/systemd/linger/{{ gitea_runner_user }}"
+  register: gitea_runner_lingering
+  tags: gitea-actions
+
+- name: enable gitea-runner lingering
+  become: true
+  ansible.builtin.command: loginctl enable-linger {{ gitea_runner_user }}
+  when: not gitea_runner_lingering.stat.exists
+  tags: gitea-actions
+
+- name: create .config/systemd/user directory
+  become: true
+  become_user: "{{ gitea_runner_user }}"
+  ansible.builtin.file:
+    path: "{{ gitea_runner_home }}/.config/systemd/user"
+    state: directory
+    mode: "0755"
+  tags: gitea-actions

ansible/roles/gitea-actions/templates/act_runner.service.j2

@@ -0,0 +1,17 @@
+[Unit]
+Description=Gitea Actions runner
+Documentation=https://gitea.com/gitea/act_runner
+After=network.target
+
+[Service]
+ExecStart={{ act_runner_bin }} daemon --config {{ act_runner_config_dir }}/config.yaml
+WorkingDirectory={{ act_runner_work_dir }}
+TimeoutSec=0
+RestartSec=10
+Restart=always
+User={{ gitea_runner_user }}
+Environment="XDG_RUNTIME_DIR=/run/user/%(uid)"
+Environment="DOCKER_HOST=unix:///run/user/%(uid)/podman/podman.sock"
+
+[Install]
+WantedBy=multi-user.target

ansible/roles/gitea-actions/templates/config.yaml.j2

@@ -0,0 +1,30 @@
+log:
+  level: info
+
+runner:
+  file: .runner
+  capacity: 1
+  timeout: 3h
+  insecure: false
+  fetch_timeout: 5s
+  fetch_interval: 2s
+  labels:
+    - ubuntu-latest:host
+    - ubuntu-22.04:host
+    - fedora:host
+
+cache:
+  enabled: true
+  dir: {{ act_runner_work_dir }}/cache
+
+container:
+  network: host
+  privileged: false
+  options:
+  workdir_parent:
+  valid_volumes: []
+  docker_host: ""
+  force_pull: false
+
+host:
+  workdir_parent: {{ act_runner_work_dir }}/workdir