feat(forgejo): tune runner network

feat(ssh): explicitly open firewall
2024-09-18 18:22:37 +02:00 · 2024-09-18 18:22:22 +02:00
2 changed files with 6 additions and 9 deletions
--- a/config/network.nix
+++ b/config/network.nix
@ -8,7 +8,7 @@
    };
    openssh = {
      enable = true;
-      ports = [ 22 ];
+      openFirewall = true;
      settings = {
        KexAlgorithms = [
          "curve25519-sha256"
--- a/config/services/forgejo.nix
+++ b/config/services/forgejo.nix
@ -20,9 +20,6 @@ in
    "services/forgejo/password-database".owner = config.services.forgejo.user;
  };

-  # forgejo ssh
-  networking.firewall.allowedTCPPorts = [ 22 ];
-
  # indexer
  services.elasticsearch.enable = true;

@ -119,7 +116,11 @@ in
    };
  };

-  virtualisation.podman.enable = true;
+  virtualisation.podman = {
+    enable = true;
+    dockerSocket.enable = true;
+    defaultNetwork.settings.dns_enabled = true;
+  };
  services.gitea-actions-runner = {
    package = pkgs.unstable.forgejo-runner;
    instances.main = {
@ -128,10 +129,6 @@ in
      url = config.services.forgejo.settings.server.ROOT_URL;
      tokenFile = config.age.secrets."services/forgejo/runner-token".path;
      labels = [ "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest" ];
-      settings.container = {
-        network = "host";
-        options = "--add-host=forgejo.winston.sh:host-gateway";
-      };
    };
  };
Author	SHA1	Message	Date
winston	19824e1e67	feat(forgejo): tune runner network Some checks failed / check (push) Has been cancelled Details	2024-09-18 18:22:37 +02:00
winston	a7212d2be3	feat(ssh): explicitly open firewall	2024-09-18 18:22:22 +02:00