diff --git a/modules/forgejo/actions.nix b/modules/forgejo/actions.nix index 97addd7..16d6d24 100644 --- a/modules/forgejo/actions.nix +++ b/modules/forgejo/actions.nix @@ -16,6 +16,15 @@ tokenFile = config.sops.secrets."forgejo/runner-token".path; url = "https://git.ifsr.de"; name = "quitte"; + settings = { + container = { + # use podman's default network, otherwise dns was not working for some reason + network = "podman"; + # don't mount the docker socket into the build containers, + # this would basically mean root on the host... + docker_host = "-"; + }; + }; }; }; } diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index 8ed9c77..9fdbfdc 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -9,7 +9,7 @@ portunus: admin-password: ENC[AES256_GCM,data:fESE6vrKhtslQO6ZJGv0T9t+leOSrgkY291orkwY+HPnOh26g2PSMX3j,iv:qmbCmjg0WsbOzfv6LsKcY3S1ssVXmaRB3lE6ZWzKSww=,tag:t8cP8XRTtto3EnNLEdz0yw==,type:str] search-password: ENC[AES256_GCM,data:xtbWS98IkQbnBu67sN413VNHZLg6eedbStE2uZ2pljS30uoM3coO2d32,iv:lKMTNnQJJfjAG7aX+G0eNnL36Cxmn+cWMRAlTovMJ4Y=,tag:FQGRBqsmY2c9VVIdBvGwCw==,type:str] forgejo: - runner-token: ENC[AES256_GCM,data:oH8oRzpXPlqqWGYKZuP92DWHrtVgrQ7Zp+AsTePxdPJShCAGyfwJ/A==,iv:sz4w03wdpBwlKJ2jI4J6iq2yZYOfYiNXsE1plO89I8o=,tag:5QXeakrAP5yWlAjACavw+w==,type:str] + runner-token: ENC[AES256_GCM,data:6m2iTuIffqWqVnyD3lo8EazKU4NnKsqvafLF3CpN5qgLshG5ouseaf2RJaX0og==,iv:Nou0N5Z4k4+R9ZdFlTKRBmEJSlIGIPlCQ6E/6i1vdts=,tag:otDe67Hwccoxz1dGmnIqAw==,type:str] sssd: env: ENC[AES256_GCM,data:ng189+ulH79xCZKOn9N5kN3KqED9dWqLM8dErukJH3a3ivxhUjyy3Tpa+uSnJDh8tAyOesT1j71mlTgKQKb3phylVEdL,iv:i8NEGR+eQ42q5be4gJdNMf/9DCCcjr3gwkEW/+hrgxs=,tag:16EvtkTu+0M5bIlgxC2j9Q==,type:str] dovecot_ldap_search: ENC[AES256_GCM,data:xip5KREy8oqH+58DOtw9QLcVdDlO5Nr0IHki8X0i9J1rrI/BreH2tVPC8aRTDHFPRgpBxiL6,iv:98PSXajEis7sSJ4+IkPuBC05y8w7/XRYQVFH1cripEU=,tag:LcId5rlzz3JjjZIHwoh+AA==,type:str] @@ -52,8 +52,8 @@ sops: c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-04T13:36:52Z" - mac: ENC[AES256_GCM,data:uSpu82wJBDzFLyrX1An1OObnX2Rif38/Y/gEOOf3mWP3e6G98ldZatBWuUAiN6oCD9SFM95YnTf5gusypnURWaRC33rHaRKU92HDdbCoTt/8BColiu+2NBLfX3eTi20PsNEE1Bcq6QN83aul3nMT4/ahYeghE1LAH82a4bhshP0=,iv:N6ACDgKelZYrGAZefC+WyQVsanhecwIp74DtWiHlmBg=,tag:e0NUzEAh1FvlcNVmImm9/w==,type:str] + lastmodified: "2024-10-05T14:28:41Z" + mac: ENC[AES256_GCM,data:rkIVXeppwihaq8BhvuVr5MF24fxFXFEXxNHRuVOI13Dzgr6oFAaXoyf7YP2Y2smU5kMNy3mg+NhaCEGwu0kmjZwxmK67sxNEs1rw4AvBT4qRljTOpc5WonpVOPVJqFMNG98567Igqhs2hYmkcTKaU62D0BWhTM62YQ7HJhmBIjg=,iv:nO72BycPOLZk2CMCjfOnp76iL+4YnQMuazqwEjKgotA=,tag:pb+sya01Z8NhTXML9PcVCQ==,type:str] pgp: - created_at: "2024-02-29T15:23:23Z" enc: |-