wip: try to declare trusted actions runner network

hosts/flora-6/apps/drone.nix

@@ -113,6 +113,4 @@
       };
     };
   };
-
-  networking.firewall.trustedInterfaces = [ "docker0" ];
 }

hosts/flora-6/apps/forgejo-actions-runner.nix

@@ -10,6 +10,8 @@
     mode = "644";
   };
 
+  networking.firewall.trustedInterfaces = [ "gitea-actions" ];
+
   # forgejo actions runner
   # https://forgejo.org/docs/latest/admin/actions/
   # https://docs.gitea.com/usage/actions/quickstart
@@ -20,6 +22,7 @@
       name = config.networking.hostName;
       url = "https://git.pub.solar";
       tokenFile = config.age.secrets.forgejo-actions-runner-token.path;
+      settings.container.network = "gitea-actions";
       labels = [
         # provide a debian 12 bookworm base with Node.js for actions
         "debian-latest:docker://node:20-bookworm"