From a010e77bf1daac44b441911ea824c819f517a750 Mon Sep 17 00:00:00 2001
From: albert <albert@sysctl.io>
Date: Tue, 4 Feb 2025 15:42:08 -0800
Subject: [PATCH] Update container

---
 nixos/common/services/forgejo-runner.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/nixos/common/services/forgejo-runner.nix b/nixos/common/services/forgejo-runner.nix
index be102bb1..f8e621bf 100644
--- a/nixos/common/services/forgejo-runner.nix
+++ b/nixos/common/services/forgejo-runner.nix
@@ -29,6 +29,7 @@
         container = {
           force_pull = true;
           clean_working_directory = true;
+          privileged = true;
         };
         valid_volumes = [
           "/run/podman/podman.sock:/run/podman/podman.sock:rw" # Poadman socket
@@ -41,9 +42,9 @@
           allow-host-namespace = false;
         };
         docker-opts = [
-          "--cap-drop=ALL"      # Drop all caps first
-          "--cap-add=NET_ADMIN" # Required for TUN device access
+          "--cap-drop=ALL"  # Drop all caps first
           "--security-opt=no-new-privileges"
+          "--cap-add=NET_ADMIN"            # Required for TUN device access
         ];
       };
     };