diff --git a/machines/dev/forgejo-ci/forgejo-actions-runner.nix b/machines/dev/forgejo-ci/forgejo-actions-runner.nix index 1f5ac1d7..0d1e1e50 100644 --- a/machines/dev/forgejo-ci/forgejo-actions-runner.nix +++ b/machines/dev/forgejo-ci/forgejo-actions-runner.nix @@ -49,7 +49,7 @@ in name = config.networking.fqdn; url = "https://git.fediversity.eu"; tokenFile = config.age.secrets.forgejo-runner-token.path; - ## This runner supports Docker (with a default Ubuntu image) and native + ## This runner supports podman (with a default Ubuntu image) and native ## modes. In native mode, it contains a few default packages. labels = [ "nix:docker://gitea-runner-nix" @@ -97,9 +97,7 @@ in groups.nixuser = { }; }; virtualisation = { - ## For the Docker mode of the runner. - ## Podman seemed to error on: `requested access to the resource is denied`. - docker.enable = true; + podman.enable = true; containers.containersConf.settings = { # podman (at least) seems to not work with systemd-resolved containers.dns_servers = [ @@ -112,10 +110,10 @@ in { gitea-runner-nix-image = { wantedBy = [ "multi-user.target" ]; - after = [ "docker.service" ]; - requires = [ "docker.service" ]; + after = [ "podman.service" ]; + requires = [ "podman.service" ]; path = [ - pkgs.docker + config.virtualisation.podman.package pkgs.gnutar pkgs.shadow pkgs.getent @@ -154,7 +152,7 @@ in # list the content as it will be imported into the container tar -cv . | tar -tvf - - tar -cv . | docker import - gitea-runner-nix + tar -cv . | podman import - gitea-runner-nix ''; serviceConfig = { RuntimeDirectory = "gitea-runner-nix-image"; @@ -215,7 +213,7 @@ in "~setdomainname" "~sethostname" ]; - SupplementaryGroups = [ "docker" ]; + SupplementaryGroups = [ "podman" ]; RestrictAddressFamilies = [ "AF_INET" "AF_INET6"