feat(forgejo): tune runner network

2024-09-18 18:22:37 +02:00 · 2024-09-18 18:22:37 +02:00 · 19824e1e67
commit 19824e1e67
parent a7212d2be3
1 changed files with 5 additions and 8 deletions
--- a/config/services/forgejo.nix
+++ b/config/services/forgejo.nix
@ -20,9 +20,6 @@ in
    "services/forgejo/password-database".owner = config.services.forgejo.user;
  };

-  # forgejo ssh
-  networking.firewall.allowedTCPPorts = [ 22 ];
-
  # indexer
  services.elasticsearch.enable = true;

@ -119,7 +116,11 @@ in
    };
  };

-  virtualisation.podman.enable = true;
+  virtualisation.podman = {
+    enable = true;
+    dockerSocket.enable = true;
+    defaultNetwork.settings.dns_enabled = true;
+  };
  services.gitea-actions-runner = {
    package = pkgs.unstable.forgejo-runner;
    instances.main = {
@ -128,10 +129,6 @@ in
      url = config.services.forgejo.settings.server.ROOT_URL;
      tokenFile = config.age.secrets."services/forgejo/runner-token".path;
      labels = [ "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest" ];
-      settings.container = {
-        network = "host";
-        options = "--add-host=forgejo.winston.sh:host-gateway";
-      };
    };
  };