From 54f5856164b7b12a1cba2589907b84c9eb517577 Mon Sep 17 00:00:00 2001
From: TheGeneralist <180094941+thegeneralist01@users.noreply.github.com>
Date: Sat, 24 Jan 2026 15:13:19 +0100
Subject: [PATCH] forgejo: configure actions runner

---
 hosts/thegeneralist-central/forgejo/default.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/hosts/thegeneralist-central/forgejo/default.nix b/hosts/thegeneralist-central/forgejo/default.nix
index 182a54a..a5c5a1f 100644
--- a/hosts/thegeneralist-central/forgejo/default.nix
+++ b/hosts/thegeneralist-central/forgejo/default.nix
@@ -1,3 +1,5 @@
+{ config, pkgs, ... }:
+
 let
   forgejo_root_dir = "/var/lib/forgejo";
   domain = "git.thegeneralist01.com";
@@ -102,9 +104,13 @@ in
       name = "thegeneralist-central";
       url = "https://${domain}";
       tokenFile = config.age.secrets.forgejoRunnerToken.path;
-      labels = [ "central:host" ];
+      labels = [
+        "native:host"
+        # "node-22:docker://node:22-bookworm"
+        # "nixos-latest:docker://nixos/nix"
+      ];
 
-    # Host-executed jobs need nix + ssh in PATH.
+      # Host-executed jobs need nix + ssh in PATH.
       hostPackages = with pkgs; [
         bash
         coreutils
@@ -120,5 +126,7 @@ in
     };
   };
 
+  networking.firewall.trustedInterfaces = [ "br-+" ];
+
   networking.firewall.allowedTCPPorts = [ 2222 ];
 }