chore(gitea-runner): clean up binary/credentials, update docs

- Remove act_runner binary (download on install)
- Remove .runner (auto-generated credentials)
- Remove data/ directory (root-owned temp)
- Remove docker-compose.yml (not needed for systemd setup)
- Update README with systemd installation steps
- Update register.sh to download binary + systemd workflow
- Update gitea-runner.service with PATH env var
- Add comprehensive .gitignore for terraform/ansible/runners/secrets

.gitignore

@@ -1,2 +1,82 @@
-.runner
-token.txt
+# ===========================================
+# Terraform
+# ===========================================
+*.tfstate
+*.tfstate.*
+*.tfplan
+.terraform/
+.terraform.lock.hcl
+crash.log
+crash.*.log
+
+# Override files
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfvars files (may contain sensitive data)
+*.tfvars
+*.tfvars.json
+
+# ===========================================
+# Ansible
+# ===========================================
+*.retry
+ansible vault password file
+.vault_pass
+
+# ===========================================
+# Gitea Runner
+# ===========================================
+gitea-runner/act_runner
+gitea-runner/.runner
+gitea-runner/data/
+
+# ===========================================
+# Environment & Secrets
+# ===========================================
+.env
+.env.*
+*.pem
+*.key
+id_rsa*
+id_ed25519*
+*.secret
+*.token
+
+# ===========================================
+# OS & Editor
+# ===========================================
+.DS_Store
+Thumbs.db
+*.swp
+*.swo
+*~
+.idea/
+.vscode/
+*.code-workspace
+
+# ===========================================
+# Reports & Output (não é código)
+# ===========================================
+reports/
+output/
+tmp/
+temp/
+
+# ===========================================
+# Downloads & Build artifacts
+# ===========================================
+*.tar
+*.tar.gz
+*.zip
+downloads/
+
+# ===========================================
+# Terraform Cloud / Remote
+# ===========================================
+.tfrun

gitea-runner/README.md

@@ -4,66 +4,96 @@ Este diretório contém a configuração do runner de Gitea Actions para executa
 
 ## Visão Geral
 
-O **act_runner** é o agente que executa os jobs definidos nos workflows `.gitea/workflows/*.yml`. Ele roda no Hestia (10.0.0.50) usando Docker.
+O **act_runner** é o agente que executa os jobs definidos nos workflows `.gitea/workflows/*.yml`. Ele roda no Hestia (10.0.0.50) como serviço systemd.
 
 ## Arquivos
 
 ```
 gitea-runner/
-├── docker-compose.yml   # Serviço do runner
-├── config.yaml          # Configuração (gerado no registro)
-├── register.sh         # Script de registro
-└── data/               # Dados persistentes do runner
+├── config.yaml              # Configuração do runner
+├── gitea-runner.service    # Serviço systemd
+├── register.sh             # Script de registro
+└── README.md               # Este arquivo
 ```
 
+## Pré-requisitos
+
+- Docker instalado e acessível ao usuário
+- Usuário `iamferreirajp` no grupo `docker`
+- Node.js em `$HOME/.local/bin` (path do Hermes)
+
 ## Instalação
 
-### 1. Obter Token de Registro
-
-Acesse o Gitea como admin:
-```
-https://gitea.hackerfortress.cc/admin/runners
-```
-
-Clique em **"New Runner"** e copie o token.
-
-### 2. Registrar o Runner
+### 1. Download do act_runner
 
 ```bash
 cd gitea-runner
-export RUNNER_TOKEN="seu-token-aqui"
+curl -L https://codeberg.org/pressman/act_runner/releases/latest/download/act_runner-linux-amd64 -o act_runner
+chmod +x act_runner
+```
+
+### 2. Obter Token de Registro
+
+Acesse o Gitea como admin:
+```
+https://gitea.hackerfortress.cc/gaia/homelab/settings/actions/runners
+```
+
+Clique em **"Create new Runner"**, configure o nome e copie o token.
+
+### 3. Registrar o Runner
+
+```bash
+cd ~/homelab/gitea-runner
+export RUNNER_TOKEN="<token_copiado>"
 ./register.sh
 ```
 
-### 3. Iniciar o Runner
+O `register.sh` vai:
+- Baixar o act_runner (se não existir)
+- Registrar no Gitea
+- Gerar `config.yaml` e `.runner`
+
+### 4. Instalar o Serviço systemd
 
 ```bash
-docker compose up -d
+sudo cp gitea-runner.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable --now gitea-runner
 ```
 
-### 4. Verificar
+### 5. Verificar
+
+```bash
+sudo systemctl status gitea-runner
+```
 
 Acesse:
 ```
-https://gitea.hackerfortress.cc/admin/runners
+https://gitea.hackerfortress.cc/gaia/homelab/settings/actions/runners
 ```
 
-O runner deve aparecer como **"Active"**.
+O runner deve aparecer como **"Idle"**.
 
-## Labels Disponíveis
+## Configuração
 
-| Label | Descrição |
-|-------|-----------|
-| `gitea-runner-Hestia` | Runner principal |
-| `ubuntu-latest` | Container Ubuntu para jobs |
+O `config.yaml` controla:
+- Labels disponíveis (`ubuntu-latest`, etc.)
+- Capacidade de jobs paralelos
+- Docker host (unix socket)
+
+O PATH do serviço systemd inclui:
+```
+/home/iamferreirajp/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+```
 
 ## Troubleshooting
 
-### Runner não aparece como active
+### Runner não aparece como idle
 
 ```bash
 # Ver logs
-docker compose logs -f act_runner
+journalctl -u gitea-runner -f --no-pager
 
 # Verificar configuração
 cat config.yaml
@@ -72,20 +102,30 @@ cat config.yaml
 ### Docker socket permission denied
 
 ```bash
-# No host (Hestia), adicionar usuário ao grupo docker
-sudo usermod -aG docker $USER
+# Adicionar usuário ao grupo docker
+sudo usermod -aG docker iamferreirajp
+# Faça logout e login novamente
 ```
 
-### Jobs ficam em "Pending"
+### Jobs falham com "Cannot find: node in PATH"
 
-- Verificar se runner está online
-- Verificar se o token está correto
-- Verificar se o runner tem labels necessárias
+O PATH do systemd precisa incluir `~/.local/bin`. Verifique se o `gitea-runner.service` tem:
+
+```systemd
+Environment=PATH=/home/iamferreirajp/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+```
+
+### Jobs ficam em "Waiting"
+
+Verificar se o runner está online no Gitea e se o workflow pede labels que o runner tem.
 
 ## Atualização
 
 ```bash
-cd gitea-runner
-docker compose pull
-docker compose up -d
+cd ~/homelab/gitea-runner
+# Baixar nova versão
+curl -L https://codeberg.org/pressman/act_runner/releases/latest/download/act_runner-linux-amd64 -o act_runner
+chmod +x act_runner
+# Reiniciar
+sudo systemctl restart gitea-runner
 ```

gitea-runner/docker-compose.yml

@@ -1,18 +0,0 @@
-version: '3.8'
-
-services:
-  act_runner:
-    image: gitea/act_runner:latest
-    container_name: gitea-runner
-    restart: unless-stopped
-    environment:
-      - CONFIG_FILE=/runner/config.yaml
-      - INSTANCE_URL=https://gitea.hackerfortress.cc
-      - RUNNER_TOKEN=${RUNNER_TOKEN}
-      - RUNNER_NAME=gitea-runner-hestia
-      - RUNNER_LABELS=gitea-runner-hestia
-    volumes:
-      - ./data:/data
-      - ./config.yaml:/runner/config.yaml
-      - /var/run/docker.sock:/var/run/docker.sock
-    network_mode: host

gitea-runner/gitea-runner.service

@@ -5,8 +5,10 @@ After=network.target
 [Service]
 Type=simple
 User=iamferreirajp
+SupplementaryGroups=docker
 WorkingDirectory=/home/iamferreirajp/homelab/gitea-runner
 ExecStart=/home/iamferreirajp/homelab/gitea-runner/act_runner daemon
+Environment=PATH=/home/iamferreirajp/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 Restart=always
 RestartSec=5
 

gitea-runner/register.sh

@@ -3,32 +3,40 @@
 # Gitea Runner Registration Script
 # ============================================
 # Usage:
-#   1. Get token from Gitea Admin > Runners
-#   2. Run: RUNNER_TOKEN="your-token" ./register.sh
+#   1. Get token from Gitea Settings > Actions > Runners
+#   2. Run: RUNNER_TOKEN="<token>" ./register.sh
 
 set -e
 
-GITEA_URL="${INSTANCE_URL:-https://gitea.hackerfortress.cc}"
-TOKEN="${RUNNER_TOKEN}"
+GITEA_URL="https://gitea.hackerfortress.cc"
+RUNNER_NAME="gitea-runner-hestia"
+TOKEN="${RUNNER_TOKEN:-}"
 
 if [ -z "$TOKEN" ]; then
     echo "❌ RUNNER_TOKEN not set"
-    echo "   Get token from: ${GITEA_URL}/admin/runners"
+    echo "   Get token from: ${GITEA_URL}/gaia/homelab/settings/actions/runners"
     exit 1
 fi
 
-echo "📡 Registering runner with Gitea at ${GITEA_URL}..."
+# Download act_runner if not present
+if [ ! -f "./act_runner" ]; then
+    echo "📥 Downloading act_runner..."
+    curl -L https://codeberg.org/pressman/act_runner/releases/latest/download/act_runner-linux-amd64 -o act_runner
+    chmod +x act_runner
+fi
 
-# Register and get the runner config
-docker compose run --rm act_runner \
-    act_runner generate-config \
+echo "📡 Registering runner '${RUNNER_NAME}' with Gitea at ${GITEA_URL}..."
+
+./act_runner register \
     --instance "${GITEA_URL}" \
     --token "${TOKEN}" \
-    --name "gitea-runner-dockerino" \
-    > config.yaml
+    --name "${RUNNER_NAME}" \
+    --no-interactive
 
+echo ""
 echo "✅ Runner registered successfully!"
 echo ""
 echo "Next steps:"
 echo "1. Review config.yaml"
-echo "2. Run: docker compose up -d"
+echo "2. Install service: sudo cp gitea-runner.service /etc/systemd/system/"
+echo "3. Enable: sudo systemctl enable --now gitea-runner"