From 87b5b7ab00f41f9d5fdfceaa86631024a2cd94e1 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 1 Feb 2025 16:02:27 +0100 Subject: [PATCH 1/3] policy.json in extra file, default to reject --- home/vinzenz/.config/containers/policy.json | 16 ++++++++++++++++ home/vinzenz/default.nix | 17 +---------------- 2 files changed, 17 insertions(+), 16 deletions(-) create mode 100644 home/vinzenz/.config/containers/policy.json diff --git a/home/vinzenz/.config/containers/policy.json b/home/vinzenz/.config/containers/policy.json new file mode 100644 index 0000000..d13844e --- /dev/null +++ b/home/vinzenz/.config/containers/policy.json @@ -0,0 +1,16 @@ +{ + "default": [ + { + "type": "reject" + } + ], + "transports": { + "docker-daemon": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + } + } +} \ No newline at end of file diff --git a/home/vinzenz/default.nix b/home/vinzenz/default.nix index 6cd8b3a..0b06468 100644 --- a/home/vinzenz/default.nix +++ b/home/vinzenz/default.nix @@ -48,22 +48,7 @@ inputs@{ pkgs, ... }: home.file."policy.json" = { target = ".config/containers/policy.json"; - text = '' - { - "default": [ - { - "type": "insecureAcceptAnything" - } - ], - "transports": - { - "docker-daemon": - { - "": [{"type":"insecureAcceptAnything"}] - } - } - } - ''; + text = builtins.readFile ./.config/containers/policy.json; }; }; } From 28f2315edee4232e5816fec954cae025daae23d9 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 1 Feb 2025 16:02:33 +0100 Subject: [PATCH 2/3] update flake --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index c38e837..e616973 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ ] }, "locked": { - "lastModified": 1735344290, - "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "613691f285dad87694c2ba1c9e6298d04736292d", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1735388221, - "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", + "lastModified": 1738391520, + "narHash": "sha256-6HI58PKjddsC0RA0gBQlt6ox47oH//jLUHwx05RO8g0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", + "rev": "34b64e4e1ddb14e3ffc7db8d4a781396dbbab773", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735922141, - "narHash": "sha256-vk0xwGZSlvZ/596yxOtsk4gxsIx2VemzdjiU8zhjgWw=", + "lastModified": 1738277201, + "narHash": "sha256-6L+WXKCw5mqnUIExvqkD99pJQ41xgyCk6z/H9snClwk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d29ab98cd4a70a387b8ceea3e930b3340d41ac5a", + "rev": "666e1b3f09c267afd66addebe80fb05a5ef2b554", "type": "github" }, "original": { From c9f4e9ac56d493fe3a8a700bc958c6e5f3d2f800 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 1 Feb 2025 16:06:36 +0100 Subject: [PATCH 3/3] add forgejo-runner on forgejo vm --- hosts/forgejo-runner-1/default.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/hosts/forgejo-runner-1/default.nix b/hosts/forgejo-runner-1/default.nix index 4c2666e..3029e52 100644 --- a/hosts/forgejo-runner-1/default.nix +++ b/hosts/forgejo-runner-1/default.nix @@ -11,8 +11,8 @@ nixpkgs.lib.nixosSystem { } { services.tailscale.useRoutingFeatures = "both"; - } - { + system.autoUpgrade.allowReboot = true; + users.users = { root.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' @@ -20,9 +20,10 @@ nixpkgs.lib.nixosSystem { ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' ]; }; - } - { - system.autoUpgrade.allowReboot = true; + + environment.systemPackages = with nixpkgs; [ + forgejo-runner + ]; } ]; }