From dd4b86aa3c772a5ba840eaa471c2947cb1705227 Mon Sep 17 00:00:00 2001
From: albert <albert@sysctl.io>
Date: Tue, 4 Feb 2025 13:53:56 -0800
Subject: [PATCH] Testing

---
 nixos/common/services/forgejo-runner.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/common/services/forgejo-runner.nix b/nixos/common/services/forgejo-runner.nix
index 50f26d17..be102bb1 100644
--- a/nixos/common/services/forgejo-runner.nix
+++ b/nixos/common/services/forgejo-runner.nix
@@ -41,9 +41,9 @@
           allow-host-namespace = false;
         };
         docker-opts = [
-          "--cap-drop=ALL"  # Drop all caps first
+          "--cap-drop=ALL"      # Drop all caps first
+          "--cap-add=NET_ADMIN" # Required for TUN device access
           "--security-opt=no-new-privileges"
-          "--cap-add=NET_ADMIN"            # Required for TUN device access
         ];
       };
     };