log:
  level: info

runner:
  file: {{ act_runner_work_dir }}/{{ runner_name }}/.runner
  capacity: {{ runner_capacity | default(gitea_runner_capacity) | default(4) }}
  timeout: 3h
  insecure: false
  fetch_timeout: 5s
  fetch_interval: 2s
  labels:
{% for label in runner_labels | default(gitea_runner_labels) %}
    - {{ label }}
{% endfor %}

cache:
  enabled: true
  dir: {{ act_runner_work_dir }}/{{ runner_name }}/cache

container:
  # Each job runs in its own ephemeral container (docker:// labels) backed by
  # the gitea-runner user's rootless podman socket — this is what isolates the
  # per-job Go module/build caches and fixes cross-repo cache poisoning.
  network: host
  privileged: false
  options:
  workdir_parent:
  valid_volumes: []
  # Point act at the real rootless socket so it mounts the correct path into
  # job containers (the documented rootless-podman gotcha).
  docker_host: "unix:///run/user/{{ gitea_runner_uid }}/podman/podman.sock"
  force_pull: false

host:
  workdir_parent: {{ act_runner_work_dir }}/{{ runner_name }}/workdir