Configure action runner with needed permissions to deploy static sites.

2025-02-19 11:26:34 -06:00 · 2025-02-19 11:26:34 -06:00 · b11ee499f3
commit b11ee499f3
parent a5f06924da
1 changed files with 25 additions and 2 deletions
--- a/hosts/hub/apps/dev.nix
+++ b/hosts/hub/apps/dev.nix
@ -1,4 +1,9 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  utils,
+  ...
+}:

 let
  name = "dev";
@ -43,14 +48,32 @@ in
          "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
          "native:host"
        ];
+        settings = {
+          container = {
+            network = "bridge";
+          };
+        };
+        hostPackages = with pkgs; [
+          bash
+          coreutils
+          curl
+          gawk
+          gitMinimal
+          gnused
+          nodejs
+          rsync
+          wget
+        ];
        tokenFile = config.age.secrets."${name}_runner_linux".path;
      };
    };
  };

+  systemd.services."gitea-runner-${utils.escapeSystemdPath "${name}-linux"}".serviceConfig.ReadWritePaths = "/var/www";
+
  environment.systemPackages = with pkgs; [ unstable.forgejo-runner ];

-  networking.firewall.trustedInterfaces = [ "br-+" ];
+  networking.firewall.trustedInterfaces = [ "podman0" ];

  containers."${name}" = {
    autoStart = true;