From ed77b340c80b43bd8acc34a3378b88f01ec22ecb Mon Sep 17 00:00:00 2001
From: Gabriel Simmer <g@gmem.ca>
Date: Tue, 15 Aug 2023 21:38:06 +0100
Subject: [PATCH] Forgejo action caching with static ports

---
 krops/nas/configuration.nix                 |  8 ++++++--
 krops/oracle-gitea-runner/configuration.nix | 21 ++++++++++++++++++---
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/krops/nas/configuration.nix b/krops/nas/configuration.nix
index 9f3cc45..0249bd3 100644
--- a/krops/nas/configuration.nix
+++ b/krops/nas/configuration.nix
@@ -229,16 +229,20 @@
       };
     };
     gitea-actions-runner = {
-      package = pkgs.gitea-actions-runner;
+      # package = pkgs.forgejo-actions-runner;
       instances = {
         vancouver = {
           name = "vancouver";
           enable = true;
           labels = [
             "debian-latest:docker://node:18-bullseye"
+            "docker:docker://gitea/act_runner:nightly-dind-rootless"
             "nix:docker://nixos/nix"
           ];
           url = "https://git.gmem.ca/";
+          settings = {
+            cache.port = 4328;
+          };
         };
       };
     };
@@ -253,7 +257,7 @@
       trustedInterfaces = ["tailscale0" "virbr0"];
       checkReversePath = "loose";
       enable = true;
-      allowedTCPPorts = [ 22 53 80 443 2049 ];
+      allowedTCPPorts = [ 22 53 80 443 2049 4328 ];
       allowedUDPPorts = [ 53 41641 ];
     };
     useDHCP = false;
diff --git a/krops/oracle-gitea-runner/configuration.nix b/krops/oracle-gitea-runner/configuration.nix
index fb77161..5a1284d 100644
--- a/krops/oracle-gitea-runner/configuration.nix
+++ b/krops/oracle-gitea-runner/configuration.nix
@@ -8,9 +8,6 @@
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
-  networking.hostName = "gitea-arm-runner";
-  networking.domain = "gmem.ca";
-  networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
   environment.systemPackages = with pkgs; [
     vim
     wget
@@ -40,9 +37,13 @@
           wget
           docker
           nix
+          zstd
         ];
         url = "https://vancouver.scorpion-ghost.ts.net/git";
         token = "";
+        settings = {
+          cache.port = 4328;
+        };
       };
     };
   };
@@ -51,6 +52,20 @@
   programs.fish.enable = true;
   environment.shells = with pkgs; [ zsh fish ];
 
+  networking = {
+    hostName = "gitea-arm-runner";
+    domain = "gmem.ca";
+    nameservers = [ "1.1.1.1" "1.0.0.1" ];
+    firewall = {
+      trustedInterfaces = ["tailscale0"];
+      checkReversePath = "loose";
+      enable = true;
+      allowedTCPPorts = [ 22 80 443 4328 ];
+      allowedUDPPorts = [ ];
+    };
+    nftables.enable = true;
+  };
+  
   users.users = {
     root.openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr"