fix: add ESP-IDF to git safe.directory before submodule init

Root-owned /opt/esp-idf triggers git dubious ownership check when
running submodule update. Add safe.directory config beforehand.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

ansible/roles/gitea-actions/defaults/main.yml

@@ -3,7 +3,16 @@ gitea_runner_user: gitea-runner
 gitea_runner_home: /home/gitea-runner
 gitea_runner_version: "0.2.13"
 gitea_runner_arch: linux-amd64
-gitea_instance_url: https://git.debyl.io
+
+# Multiple Gitea instances to run actions runners for
+gitea_runners:
+  - name: debyl
+    instance_url: https://git.debyl.io
+  - name: skudak
+    instance_url: https://git.skudak.com
+
+# Old single-instance format (replaced by gitea_runners list above):
+# gitea_instance_url: https://git.debyl.io
 
 # Paths
 act_runner_bin: /usr/local/bin/act_runner

ansible/roles/gitea-actions/handlers/main.yml

@@ -1,10 +1,11 @@
 ---
-- name: restart act_runner
+- name: restart act_runner services
   become: true
   ansible.builtin.systemd:
-    name: act_runner
+    name: "act_runner-{{ item.name }}"
     state: restarted
     daemon_reload: true
+  loop: "{{ gitea_runners }}"
 
 - name: restart podman socket
   become: true

ansible/roles/gitea-actions/tasks/esp-idf.yml

@@ -35,6 +35,13 @@
   when: not esp_idf_dir.stat.exists
   tags: gitea-actions
 
+- name: add ESP-IDF to git safe.directory
+  become: true
+  ansible.builtin.command:
+    cmd: git config --global --add safe.directory {{ esp_idf_path }}
+  changed_when: false
+  tags: gitea-actions
+
 - name: ensure ESP-IDF submodules are initialized
   become: true
   ansible.builtin.command:

ansible/roles/gitea-actions/tasks/runner.yml

@@ -15,31 +15,36 @@
     mode: "0755"
   tags: gitea-actions
 
-- name: create act_runner working directory
+- name: create per-runner working directory
   become: true
   ansible.builtin.file:
-    path: "{{ act_runner_work_dir }}"
+    path: "{{ act_runner_work_dir }}/{{ item.name }}"
     state: directory
     owner: "{{ gitea_runner_user }}"
     group: "{{ gitea_runner_user }}"
     mode: "0755"
+  loop: "{{ gitea_runners }}"
   tags: gitea-actions
 
-- name: create act_runner cache directory
+- name: create per-runner cache directory
   become: true
   ansible.builtin.file:
-    path: "{{ act_runner_work_dir }}/cache"
+    path: "{{ act_runner_work_dir }}/{{ item.name }}/cache"
     state: directory
     owner: "{{ gitea_runner_user }}"
     group: "{{ gitea_runner_user }}"
     mode: "0755"
+  loop: "{{ gitea_runners }}"
   tags: gitea-actions
 
-- name: deploy act_runner configuration
+- name: deploy per-runner configuration
   become: true
   ansible.builtin.template:
     src: config.yaml.j2
-    dest: "{{ act_runner_config_dir }}/config.yaml"
+    dest: "{{ act_runner_config_dir }}/config-{{ item.name }}.yaml"
     mode: "0644"
-  notify: restart act_runner
+  vars:
+    runner_name: "{{ item.name }}"
+  loop: "{{ gitea_runners }}"
+  notify: restart act_runner services
   tags: gitea-actions

ansible/roles/gitea-actions/tasks/systemd.yml

@@ -1,17 +1,37 @@
 ---
-- name: deploy act_runner systemd service
-  become: true
-  ansible.builtin.template:
-    src: act_runner.service.j2
-    dest: /etc/systemd/system/act_runner.service
-    mode: "0644"
-  notify: restart act_runner
-  tags: gitea-actions
-
-- name: enable act_runner service
+- name: stop and disable legacy act_runner service
   become: true
   ansible.builtin.systemd:
     name: act_runner
+    state: stopped
+    enabled: false
+  failed_when: false
+  tags: gitea-actions
+
+- name: remove legacy act_runner service file
+  become: true
+  ansible.builtin.file:
+    path: /etc/systemd/system/act_runner.service
+    state: absent
+  tags: gitea-actions
+
+- name: deploy per-runner systemd service
+  become: true
+  ansible.builtin.template:
+    src: act_runner.service.j2
+    dest: "/etc/systemd/system/act_runner-{{ item.name }}.service"
+    mode: "0644"
+  vars:
+    runner_name: "{{ item.name }}"
+  loop: "{{ gitea_runners }}"
+  notify: restart act_runner services
+  tags: gitea-actions
+
+- name: enable per-runner services
+  become: true
+  ansible.builtin.systemd:
+    name: "act_runner-{{ item.name }}"
     daemon_reload: true
     enabled: true
+  loop: "{{ gitea_runners }}"
   tags: gitea-actions

ansible/roles/gitea-actions/templates/act_runner.service.j2

@@ -1,11 +1,11 @@
 [Unit]
-Description=Gitea Actions runner
+Description=Gitea Actions runner ({{ runner_name }})
 Documentation=https://gitea.com/gitea/act_runner
 After=network.target podman.socket
 
 [Service]
-ExecStart={{ act_runner_bin }} daemon --config {{ act_runner_config_dir }}/config.yaml
-WorkingDirectory={{ act_runner_work_dir }}
+ExecStart={{ act_runner_bin }} daemon --config {{ act_runner_config_dir }}/config-{{ runner_name }}.yaml
+WorkingDirectory={{ act_runner_work_dir }}/{{ runner_name }}
 TimeoutSec=0
 RestartSec=10
 Restart=always

ansible/roles/gitea-actions/templates/config.yaml.j2

@@ -2,7 +2,7 @@ log:
   level: info
 
 runner:
-  file: {{ act_runner_work_dir }}/.runner
+  file: {{ act_runner_work_dir }}/{{ runner_name }}/.runner
   capacity: 1
   timeout: 3h
   insecure: false
@@ -15,7 +15,7 @@ runner:
 
 cache:
   enabled: true
-  dir: {{ act_runner_work_dir }}/cache
+  dir: {{ act_runner_work_dir }}/{{ runner_name }}/cache
 
 container:
   network: host
@@ -27,4 +27,4 @@ container:
   force_pull: false
 
 host:
-  workdir_parent: {{ act_runner_work_dir }}/workdir
+  workdir_parent: {{ act_runner_work_dir }}/{{ runner_name }}/workdir