v0.3.0-5: fix UID/GID to 125, wait for user manager and podman socket

- Fix gitea-runner UID/GID to 125 for stable user@125.service unit name - Use BindsTo= for gitea-runner-podman.service dependency - Wait for user@125.service and Podman socket before runner starts - Add ExecStartPre socket wait loop (60s timeout) - Ship commented-out limits.conf drop-in for resource caps
2026-04-08 10:35:40 +02:00
parent c741ce2aaf
commit 04091ede75
5 changed files with 57 additions and 6 deletions
--- a/limits.conf
+++ b/limits.conf
@@ -0,0 +1,33 @@
+# Resource limits drop-in for gitea-act_runner@.service
+# ======================================================
+#
+# Installed to:
+#   /etc/systemd/system/gitea-act_runner@.service.d/limits.conf
+#
+# This file is shipped with all values commented out as examples.
+# Uncomment and adjust to protect the host from runaway CI jobs.
+#
+# A runaway build can exhaust memory and take down user@125.service
+# (the rootless user manager), which kills the Podman socket and
+# breaks all running runners until the service is restarted.
+#
+# Setting MemoryHigh/MemoryMax caps the cgroup, so the kernel OOM
+# killer targets the runner's children first instead of user@.service.
+#
+# Recommended starting points for a dedicated CI host:
+#   MemoryHigh : soft limit — kernel throttles above this
+#   MemoryMax  : hard limit — kernel kills processes above this
+#   TasksMax   : max number of tasks (processes + threads)
+#
+# Also consider adding matching limits in your runner config.yaml
+# under container.options, e.g.:
+#   options: --memory=8g --memory-swap=8g -v /var/cache/act-runner/pnpm-store:/cache/pnpm-store:z
+#
+# After editing, reload systemd:
+#   systemctl daemon-reload
+#   systemctl restart gitea-act_runner@<instance>.service
+
+[Service]
+# MemoryHigh=10G
+# MemoryMax=12G
+# TasksMax=4096