diff --git a/cluster/apps/gitea/gitea-act.yml b/cluster/apps/gitea/gitea-act.yml
index e6b5317..4737281 100644
--- a/cluster/apps/gitea/gitea-act.yml
+++ b/cluster/apps/gitea/gitea-act.yml
@@ -16,6 +16,8 @@ spec:
       labels:
         app: gitea-actions-runner
     spec:
+      securityContext:
+        fsGroup: 1000
       initContainers:
       - name: wait-for-gitea
         image: busybox
@@ -29,7 +31,9 @@ spec:
             done
       containers:
       - name: runner
-        image: gitea/act_runner:latest
+        image: gitea/act_runner:0.2.11-dind-rootless
+        securityContext:
+          privileged: true
         env:
         - name: GITEA_INSTANCE_URL
           value: "http://gitea-int-service:3000/"
@@ -38,28 +42,16 @@ spec:
             secretKeyRef:
               name: gitea-runner-token
               key: token
-        - name: GITEA_RUNNER_NAME
-          value: "k3s-dind-runner"
-        - name: GITEA_RUNNER_LABELS
-          value: "ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye,ubuntu-20.04:docker://node:16-bullseye"
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
         volumeMounts:
-        - name: var-run
-          mountPath: /var/run
-      - name: dind
-        image: docker:dind
-        securityContext:
-          privileged: true
-        env:
-        - name: DOCKER_TLS_CERTDIR
-          value: ""
-        volumeMounts:
-        - name: dind-storage
-          mountPath: /var/lib/docker
-        - name: var-run
-          mountPath: /var/run
+        - name: storage
+          mountPath: /data
       volumes:
-      - name: dind-storage
+      - name: storage
         persistentVolumeClaim:
           claimName: longhorn-gitea-dind
-      - name: var-run
-        emptyDir: {}