add forgejo-runner on forgejo vm

update flake
policy.json in extra file, default to reject
2025-02-01 16:06:36 +01:00 · 2025-02-01 16:02:33 +01:00 · 2025-02-01 16:02:27 +01:00
4 changed files with 32 additions and 30 deletions
--- a/flake.lock
+++ b/flake.lock
@ -40,11 +40,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1735344290,
-        "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
+        "lastModified": 1736373539,
+        "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "613691f285dad87694c2ba1c9e6298d04736292d",
+        "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
        "type": "github"
      },
      "original": {
@ -91,11 +91,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1735388221,
-        "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=",
+        "lastModified": 1738391520,
+        "narHash": "sha256-6HI58PKjddsC0RA0gBQlt6ox47oH//jLUHwx05RO8g0=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "7c674c6734f61157e321db595dbfcd8523e04e19",
+        "rev": "34b64e4e1ddb14e3ffc7db8d4a781396dbbab773",
        "type": "github"
      },
      "original": {
@ -107,11 +107,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1735922141,
-        "narHash": "sha256-vk0xwGZSlvZ/596yxOtsk4gxsIx2VemzdjiU8zhjgWw=",
+        "lastModified": 1738277201,
+        "narHash": "sha256-6L+WXKCw5mqnUIExvqkD99pJQ41xgyCk6z/H9snClwk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d29ab98cd4a70a387b8ceea3e930b3340d41ac5a",
+        "rev": "666e1b3f09c267afd66addebe80fb05a5ef2b554",
        "type": "github"
      },
      "original": {
--- a/home/vinzenz/.config/containers/policy.json
+++ b/home/vinzenz/.config/containers/policy.json
@ -0,0 +1,16 @@
+{
+    "default": [
+        {
+            "type": "reject"
+        }
+    ],
+    "transports": {
+        "docker-daemon": {
+            "": [
+                {
+                    "type": "insecureAcceptAnything"
+                }
+            ]
+        }
+    }
+}
--- a/home/vinzenz/default.nix
+++ b/home/vinzenz/default.nix
@ -48,22 +48,7 @@ inputs@{ pkgs, ... }:

    home.file."policy.json" = {
      target = ".config/containers/policy.json";
-      text = ''
-        {
-            "default": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ],
-            "transports":
-                {
-                    "docker-daemon":
-                        {
-                            "": [{"type":"insecureAcceptAnything"}]
-                        }
-                }
-        }
-      '';
+      text = builtins.readFile ./.config/containers/policy.json;
    };
  };
 }
--- a/hosts/forgejo-runner-1/default.nix
+++ b/hosts/forgejo-runner-1/default.nix
@ -11,8 +11,8 @@ nixpkgs.lib.nixosSystem {
    }
    {
      services.tailscale.useRoutingFeatures = "both";
-    }
-    {
+      system.autoUpgrade.allowReboot = true;
+
      users.users = {
        root.openssh.authorizedKeys.keys = [
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
@ -20,9 +20,10 @@ nixpkgs.lib.nixosSystem {
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
        ];
      };
-    }
-    {
-      system.autoUpgrade.allowReboot = true;
+
+      environment.systemPackages = with nixpkgs; [
+        forgejo-runner
+      ];
    }
  ];
 }
Author	SHA1	Message	Date
Vinzenz Schroeter	c9f4e9ac56	add forgejo-runner on forgejo vm	2025-02-01 16:06:36 +01:00
Vinzenz Schroeter	28f2315ede	update flake	2025-02-01 16:02:33 +01:00
Vinzenz Schroeter	87b5b7ab00	policy.json in extra file, default to reject	2025-02-01 16:02:27 +01:00