albert/nix
albert/nix
1
0
Fork 0
Code Issues Pull requests Activity Actions

Update container

Browse source
This commit is contained in:
albert 2025-02-04 15:42:08 -08:00
parent 7b1b9d179b
commit a010e77bf1
Signed by: albert
GPG key ID: 3895DD267CA11BA9
1 changed files with 3 additions and 2 deletions

5
nixos/common/services/forgejo-runner.nix
View file

@ -29,6 +29,7 @@
container = {
force_pull = true;
clean_working_directory = true;
privileged = true;
};
valid_volumes = [
"/run/podman/podman.sock:/run/podman/podman.sock:rw" # Poadman socket
@ -41,9 +42,9 @@
allow-host-namespace = false;
};
docker-opts = [
"--cap-drop=ALL" # Drop all caps first
"--cap-add=NET_ADMIN" # Required for TUN device access
"--cap-drop=ALL" # Drop all caps first
"--security-opt=no-new-privileges"
"--cap-add=NET_ADMIN" # Required for TUN device access
];
};
};