From 201506ff9ab311789f52c5e46ebf5ba7b33f66d6 Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Tue, 12 Dec 2023 21:31:10 +0100
Subject: [PATCH] wip: try to declare trusted actions runner network

---
 hosts/flora-6/apps/drone.nix                  | 2 --
 hosts/flora-6/apps/forgejo-actions-runner.nix | 3 +++
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hosts/flora-6/apps/drone.nix b/hosts/flora-6/apps/drone.nix
index be38a5d..e8408e7 100644
--- a/hosts/flora-6/apps/drone.nix
+++ b/hosts/flora-6/apps/drone.nix
@@ -113,6 +113,4 @@
       };
     };
   };
-
-  networking.firewall.trustedInterfaces = [ "docker0" ];
 }
diff --git a/hosts/flora-6/apps/forgejo-actions-runner.nix b/hosts/flora-6/apps/forgejo-actions-runner.nix
index 2f7cba4..e93650f 100644
--- a/hosts/flora-6/apps/forgejo-actions-runner.nix
+++ b/hosts/flora-6/apps/forgejo-actions-runner.nix
@@ -10,6 +10,8 @@
     mode = "644";
   };
 
+  networking.firewall.trustedInterfaces = [ "gitea-actions" ];
+
   # forgejo actions runner
   # https://forgejo.org/docs/latest/admin/actions/
   # https://docs.gitea.com/usage/actions/quickstart
@@ -20,6 +22,7 @@
       name = config.networking.hostName;
       url = "https://git.pub.solar";
       tokenFile = config.age.secrets.forgejo-actions-runner-token.path;
+      settings.container.network = "gitea-actions";
       labels = [
         # provide a debian 12 bookworm base with Node.js for actions
         "debian-latest:docker://node:20-bookworm"