gitea actions: use cache for nix

.gitea/workflows/flake.yaml

@@ -12,11 +12,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Prepare for Nix installation
+      - uses: DeterminateSystems/nix-installer-action@v13
-        run: |
+      - uses: DeterminateSystems/magic-nix-cache-action@v7
-          apt-get update
-          apt-get install -y sudo
-      - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
       - name: lint
         run: |
           nix fmt

modules/services/gitea/actions.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, nixpkgs-unstable, ... }:
 
 let
   cfg = config.custom.services.gitea.actions;
@@ -63,6 +63,11 @@ in
               runner = {
                 capacity = 3;
               };
+              cache = {
+                enabled = true;
+                host = "172.18.0.1";
+                port = 41919;
+              };
             };
           };
 
@@ -70,12 +75,17 @@ in
           networking = {
             firewall.enable = lib.mkForce false;
             nftables = {
-              enable = true;
+              enable = false;
               ruleset = ''
                 table inet filter {
+                  chain input {
+                    type filter hook input priority filter; policy accept;
+                  }
                   chain output {
                     type filter hook output priority 100; policy accept;
 
+                    ct state { established, related } counter accept
+
                     ip daddr 10.0.0.0/8 drop
                     ip daddr 100.64.0.0/10 drop
                     ip daddr 172.16.0.0/12 drop