Update docs for rootless hosting

docs/forgejo-runner.service

@@ -4,7 +4,7 @@ Documentation=https://forgejo.org/docs/latest/admin/actions/
 After=podman-socket.service
 
 [Service]
-ExecStart=/home/forgejo-runner/.local/bin/forgejo-runner daemon
+ExecStart=/home/forgejo-runner/.local/bin/forgejo-runner daemon -c /home/forgejo-runner/config.yml
 ExecReload=/bin/kill -s HUP $MAINPID
 WorkingDirectory=/home/forgejo-runner
 EnvironmentFile=/home/forgejo-runner/.runner-env

docs/hosting-runners-rootless.md

@@ -19,7 +19,60 @@ Note for myself:
 
 For example on the Hetzner cloud.
 
-### 2. Create a new user for the runner
+### 2. Install podman (rootless) FROM SOURCE
+(Hint: You can run all of the build stuff without root privileges, however ``apt install`` and ``make install`` will require sudo. 🙂)
+
+```bash
+# As root
+# Ubuntu (>=23) thinks it is a good idea to disallow user namespaces for non-privileged users forcing us all to either use root or create apparmor profiles tailored for podman and its hundreds of tools.
+echo "kernel.apparmor_restrict_unprivileged_userns = 0" > "/etc/sysctl.d/99-rootless-podman.conf"
+echo "kernel.unprivileged_userns_clone = 1" >> "/etc/sysctl.d/99-rootless-podman.conf"
+```
+
+The podman binaries in the Ubuntu repositories for 24.04 are too outdated (4.X.X) for proper IPv6 support.  
+(According to the Podman devs, all of it is better with Pasta - which is the preferred rootless networking backend for Podman 5+)
+
+__See [their docs](https://podman.io/docs/installation#building-from-source) on how to do that.__  
+(You can skip the 99-userns.conf command because we already did that above ⬆️)
+
+> ⚠️ Please note the following ⚠️
+> * After cloning the podman repository, checkout the latest release tag (the docs forget to mention that!)
+> * Make sure to install ``libapparmor-dev libsystemd-dev`` before compiling so that the compatibility can be included in the installation.  
+>   We recommend running make with ``BUILDTAGS="selinux seccomp apparmor exclude_graphdriver_devicemapper systemd"``  
+> * Run ``make vendor`` before running ``make install`` because for whatever reason it can be left out sometimes??
+
+#### 2.1 Install crun from source
+
+The crun version shipped by Ubuntu 24.04 is too old for Podman 5+. So we need to build it from source too...  
+
+```bash
+git clone https://github.com/containers/crun
+cd crun
+git checkout "<latest-release-version>"
+# <!-- Install dependencies for Ubuntu according to repository readme --!>
+./autogen.sh
+./configure
+make
+sudo make install # We need to change the prefix to overwrite what Ubuntu ships
+```
+
+#### 2.2 Containers configuration file
+
+While the podman package installs the default configuration file below /usr/share/..., the make install command does not.  
+To make configuration easier for you later, please download the default configuration to ``/etc/containers/containers.conf``.
+
+```bash
+# As root
+wget -O /etc/containers/containers.conf https://raw.githubusercontent.com/containers/common/refs/heads/main/pkg/config/containers.conf
+sed -i 's/.*#runtime =.*/runtime = "\/usr\/local\/bin\/crun"/' /etc/containers/containers.conf # This updates the crun version used by podman - it really tries to use the outdated one otherwise.
+
+# Note - This should yield "pasta", even on Ubuntu 24.04, if things worked so far.
+podman info | grep rootlessNetworkCmd
+# Note - This should show a crun version ABOVE 1.17
+podman info | grep crun
+```
+
+### 3. Create a new user for the runner
 
 Since we don't want to the new forgejo runner to be ``root`` on out machine, we create a new user for it:
 ```bash
@@ -28,16 +81,6 @@ useradd -s /bin/bash --create-home forgejo-runner
 loginctl enable-linger forgejo-runner
 ```
 
-### 3. Install podman (rootless)
-
-```bash
-# As root
-apt install -y podman podman-docker
-
-# Ubuntu (>=23) thinks it is a good idea to disallow user namespaces for non-privileged users forcing us all to either use root or create apparmor profiles tailored for podman and its hundreds of tools.
-echo "kernel.apparmor_restrict_unprivileged_userns = 0" > "/etc/sysctl.d/99-rootless-podman.conf"
-```
-
 #### Enable Podman docker-socket on user
 
 ```bash
@@ -49,6 +92,7 @@ machinectl shell --uid forgejo-runner # <-- This is basically "sudo -Hi XXX" but
 ```bash
 systemctl --user enable --now podman.socket podman
 echo 'export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock' >> ~/.profile
+source .profile # Refreshes shell vars, because .profile was modified.
 ```
 
 ### 4. Install the forgejo-runner
@@ -76,8 +120,6 @@ chmod 750 ~/.local/bin/forgejo-runner
 __The official runner registration is__ [here](https://forgejo.org/docs/v8.0/admin/runner-installation/#standard-registration)
 Or, if you're volunteering another runner for our instance, please contact us to receive the necessary registration information. :)
 
-czzHPHIWdsjroPohucX6WeLRo5V6Y9Y1L7CHlna6
-
 ```bash
 # As forgejo-runner (recreate shell to update PATH)
 forgejo-runner generate-config > config.yml