# {{ ansible_managed }}
services:
  runner:
    image: gitea/act_runner:latest-dind-rootless
    container_name: runner
    restart: always
    privileged: true
    volumes:
      - {{ docker_dir }}/runner:/data
      - {{ docker_dir }}/runner/daemon.json:/home/rootless/.config/docker/daemon.json
      - {{ docker_dir }}/runner/daemon.json:/etc/docker/daemon.json
#    security_opt:
#      - no-new-privileges
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Singapore
      - DOCKER_HOST={{ docker_host }}
      - GITEA_INSTANCE_URL=https://git.opnxng.com
      - GITEA_RUNNER_NAME=runner
      - GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_registration_token }}
      - GITEA_RUNNER_LABELS=ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye,ubuntu-20.04:docker://node:16-bullseye,ubuntu-18.04:docker://node:16-buster,runner:host
    networks:
      - runner

networks:
  runner:
    name: runner

# DinD containers cannot resolve *.github.com unless daemon.json is mounted
# https://gitea.com/gitea/act_runner/issues/381#issuecomment-755182