Initial commit: Ansible playbook for Gitea Act Runner deployment

Automated deployment of act_runner on Ubuntu 20.04+ servers:
- Docker CE installation (DEB822 format)
- Node.js 24.x via NodeSource
- act_runner binary with SHA256 verification
- systemd service with security hardening
- CI: ansible-lint via Gitea Actions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

roles/act_runner/templates/config.yaml.j2

@@ -0,0 +1,113 @@
+# =============================================================================
+# Gitea Act Runner - Configuration File
+# =============================================================================
+# Managed by Ansible - DO NOT EDIT MANUALLY
+#
+# To modify settings, update the role variables and re-run the playbook.
+#
+# Reference: https://docs.gitea.com/usage/actions/act-runner
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# Logging Configuration
+# -----------------------------------------------------------------------------
+log:
+  # Log verbosity level.
+  # Valid values: trace, debug, info, warn, error, fatal
+  level: info
+
+# -----------------------------------------------------------------------------
+# Runner Core Configuration
+# -----------------------------------------------------------------------------
+runner:
+  # Path to the runner registration state file.
+  # Created during 'act_runner register'. DO NOT DELETE.
+  file: {{ act_runner_home }}/.runner
+
+  # Maximum number of concurrent jobs.
+  capacity: 1
+
+  # Environment variables injected into every job.
+  envs:
+    # Package registry hostname
+    registry: {{ gitea_registry }}
+
+    # Service account username
+    actions_user: {{ gitea_actions_user }}
+
+    # PAT for package registry authentication
+    PACKAGES_TOKEN: {{ gitea_packages_token }}
+
+  # Optional file for additional environment variables.
+  env_file: .env
+
+  # Maximum job duration (also limited by Gitea instance).
+  timeout: 3h
+
+  # Grace period for jobs during shutdown.
+  shutdown_timeout: 0s
+
+  # Skip TLS verification. WARNING: Security risk if true.
+  insecure: false
+
+  # Job polling settings.
+  fetch_timeout: 5s
+  fetch_interval: 2s
+
+  # Labels determine which jobs this runner handles.
+  labels:
+{% for label in act_runner_labels %}
+    - "{{ label }}"
+{% endfor %}
+
+# -----------------------------------------------------------------------------
+# Cache Server Configuration
+# -----------------------------------------------------------------------------
+cache:
+  # Enable built-in cache server for actions/cache.
+  enabled: true
+
+  # Cache storage directory (empty = default).
+  dir: ""
+
+  # Network settings (empty = auto-detect).
+  host: ""
+  port: 0
+
+  # External cache server URL (empty = use built-in).
+  external_server: ""
+
+# -----------------------------------------------------------------------------
+# Container Execution Configuration
+# -----------------------------------------------------------------------------
+container:
+  # Docker network (empty = isolated per job).
+  network: ""
+
+  # Privileged mode. WARNING: Security risk if true.
+  privileged: false
+
+  # Additional docker run options.
+  options:
+
+  # Working directory inside containers.
+  workdir_parent:
+
+  # Allowed volume mounts (empty = none, ["**"] = any).
+  valid_volumes: []
+
+  # Docker daemon (empty = auto-detect).
+  docker_host: ""
+
+  # Always pull images before jobs.
+  force_pull: {{ act_runner_container_force_pull | lower }}
+
+  # Rebuild images even if they exist.
+  force_rebuild: false
+
+# -----------------------------------------------------------------------------
+# Host Execution Configuration
+# -----------------------------------------------------------------------------
+host:
+  # Working directory for host execution.
+  workdir_parent: