This commit is contained in:
parent
6cc70e117d
commit
1153ad1fc5
@ -12,11 +12,8 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||||
- name: Prepare for Nix installation
|
- uses: DeterminateSystems/nix-installer-action@v13
|
||||||
run: |
|
- uses: DeterminateSystems/magic-nix-cache-action@v7
|
||||||
apt-get update
|
|
||||||
apt-get install -y sudo
|
|
||||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
|
||||||
- name: lint
|
- name: lint
|
||||||
run: |
|
run: |
|
||||||
nix fmt
|
nix fmt
|
||||||
|
|||||||
@ -63,6 +63,11 @@ in
|
|||||||
runner = {
|
runner = {
|
||||||
capacity = 3;
|
capacity = 3;
|
||||||
};
|
};
|
||||||
|
cache = {
|
||||||
|
enabled = true;
|
||||||
|
host = "10.108.27.2";
|
||||||
|
port = 41919;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -76,6 +81,10 @@ in
|
|||||||
chain output {
|
chain output {
|
||||||
type filter hook output priority 100; policy accept;
|
type filter hook output priority 100; policy accept;
|
||||||
|
|
||||||
|
# Allow access to the cache
|
||||||
|
ip daddr 10.108.27.2 tcp dport 41919 accept
|
||||||
|
|
||||||
|
# Drop all private traffic
|
||||||
ip daddr 10.0.0.0/8 drop
|
ip daddr 10.0.0.0/8 drop
|
||||||
ip daddr 100.64.0.0/10 drop
|
ip daddr 100.64.0.0/10 drop
|
||||||
ip daddr 172.16.0.0/12 drop
|
ip daddr 172.16.0.0/12 drop
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user