From b11ee499f3ca1281983acf32d6a7422dacd90336 Mon Sep 17 00:00:00 2001
From: Nolan Darilek <nolan@thewordnerd.info>
Date: Wed, 19 Feb 2025 11:26:34 -0600
Subject: [PATCH] Configure action runner with needed permissions to deploy
 static sites.

---
 hosts/hub/apps/dev.nix | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/hosts/hub/apps/dev.nix b/hosts/hub/apps/dev.nix
index f309b8c..6b5dec5 100644
--- a/hosts/hub/apps/dev.nix
+++ b/hosts/hub/apps/dev.nix
@@ -1,4 +1,9 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  utils,
+  ...
+}:
 
 let
   name = "dev";
@@ -43,14 +48,32 @@ in
           "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
           "native:host"
         ];
+        settings = {
+          container = {
+            network = "bridge";
+          };
+        };
+        hostPackages = with pkgs; [
+          bash
+          coreutils
+          curl
+          gawk
+          gitMinimal
+          gnused
+          nodejs
+          rsync
+          wget
+        ];
         tokenFile = config.age.secrets."${name}_runner_linux".path;
       };
     };
   };
 
+  systemd.services."gitea-runner-${utils.escapeSystemdPath "${name}-linux"}".serviceConfig.ReadWritePaths = "/var/www";
+
   environment.systemPackages = with pkgs; [ unstable.forgejo-runner ];
 
-  networking.firewall.trustedInterfaces = [ "br-+" ];
+  networking.firewall.trustedInterfaces = [ "podman0" ];
 
   containers."${name}" = {
     autoStart = true;