From 5cef32cf1e75560b61d34eb0af2e62b6924137e7 Mon Sep 17 00:00:00 2001
From: Jake Hillion <jake@hillion.co.uk>
Date: Fri, 30 Aug 2024 16:35:35 +0100
Subject: [PATCH] gitea actions: use cache for nix

---
 .gitea/workflows/flake.yaml        | 7 ++-----
 modules/services/gitea/actions.nix | 7 +++++++
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/.gitea/workflows/flake.yaml b/.gitea/workflows/flake.yaml
index df2706f..96c39f8 100644
--- a/.gitea/workflows/flake.yaml
+++ b/.gitea/workflows/flake.yaml
@@ -12,11 +12,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Prepare for Nix installation
-        run: |
-          apt-get update
-          apt-get install -y sudo
-      - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
+      - uses: DeterminateSystems/nix-installer-action@v13
+      - uses: DeterminateSystems/magic-nix-cache-action@v7
       - name: lint
         run: |
           nix fmt
diff --git a/modules/services/gitea/actions.nix b/modules/services/gitea/actions.nix
index 14dd8a9..9e5ef1b 100644
--- a/modules/services/gitea/actions.nix
+++ b/modules/services/gitea/actions.nix
@@ -63,6 +63,11 @@ in
               runner = {
                 capacity = 3;
               };
+              cache = {
+                enabled = true;
+                host = "10.108.27.2";
+                port = 41919;
+              };
             };
           };
 
@@ -76,6 +81,8 @@ in
                   chain output {
                     type filter hook output priority 100; policy accept;
 
+                    ct state { established, related } counter accept
+
                     ip daddr 10.0.0.0/8 drop
                     ip daddr 100.64.0.0/10 drop
                     ip daddr 172.16.0.0/12 drop