From 13f0788b8138c7dcdac1ca7de37ca83ae4d9adf9 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Fri, 25 Jul 2025 22:15:01 +0200
Subject: [PATCH] fix container agent

---
 machines/dev/fedi203/woodpecker.nix | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix
index f7babce9..1a2bd660 100644
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@@ -157,8 +157,8 @@
               ''
                 WOODPECKER_AGENT_SECRET=${config.vars.generators.woodpecker.files.woodpecker-agent-container.placeholder}
                 WOODPECKER_BACKEND=docker
-                DOCKER_HOST=unix:///run/podman/podman.sock
                 WOODPECKER_AGENT_LABELS=type=docker
+                DOCKER_HOST=unix:///run/podman/podman.sock
               ''
             ]
           );
@@ -264,7 +264,7 @@
 
         # container
 
-        podman = {
+        docker = {
           enable = true;
           environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-podman.conf".path ];
           # # https://woodpecker-ci.org/docs/administration/configuration/backends/docker#environment-variables
@@ -281,7 +281,13 @@
       };
   };
 
-  virtualisation.docker = {
+  networking.firewall.allowedTCPPorts = [
+    22
+    80
+    443
+  ];
+
+  virtualisation.podman = {
     enable = true;
     autoPrune = {
       enable = true;
@@ -290,10 +296,8 @@
   };
 
   systemd.services.woodpecker-agent-docker = {
-    after = [ "docker.socket" ];
-    restartIfChanged = false;
-    serviceConfig = {
-      BindPaths = [ "/var/run/docker.sock" ];
-    };
+    wants = [ "podman.socket" ];
+    after = [ "podman.socket" ];
+    serviceConfig.SupplementaryGroups = [ "podman" ];
   };
 }