gitea actions: use cache for nix

2024-08-30 16:35:35 +01:00 · 2024-08-30 16:35:35 +01:00 · 82bb52f61c
commit 82bb52f61c
parent 6cc70e117d
2 changed files with 14 additions and 7 deletions
--- a/.gitea/workflows/flake.yaml
+++ b/.gitea/workflows/flake.yaml
@ -12,11 +12,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Prepare for Nix installation
-        run: |
-          apt-get update
-          apt-get install -y sudo
-      - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
+      - uses: DeterminateSystems/nix-installer-action@v13
+      - uses: DeterminateSystems/magic-nix-cache-action@v7
      - name: lint
        run: |
          nix fmt
--- a/modules/services/gitea/actions.nix
+++ b/modules/services/gitea/actions.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, nixpkgs-unstable, ... }:

 let
  cfg = config.custom.services.gitea.actions;
@ -63,6 +63,11 @@ in
              runner = {
                capacity = 3;
              };
+              cache = {
+                enabled = true;
+                host = "10.108.27.2";
+                port = 41919;
+              };
            };
          };

@ -70,12 +75,17 @@ in
          networking = {
            firewall.enable = lib.mkForce false;
            nftables = {
-              enable = true;
+              enable = false;
              ruleset = ''
                table inet filter {
+                  chain input {
+                    type filter hook input priority filter; policy accept;
+                  }
                  chain output {
                    type filter hook output priority 100; policy accept;

+                    ct state { established, related } counter accept
+
                    ip daddr 10.0.0.0/8 drop
                    ip daddr 100.64.0.0/10 drop
                    ip daddr 172.16.0.0/12 drop