Revert "try store mounted read-only"

This reverts commit 586be6f309.
try store mounted read-only
2025-08-04 17:55:05 +02:00 · 2025-08-04 17:49:42 +02:00 · 2025-08-04 17:47:57 +02:00 · 2025-08-04 17:10:22 +02:00 · 2025-08-04 17:00:56 +02:00 · 2025-08-04 16:57:59 +02:00
11 changed files with 29 additions and 7 deletions
--- a/.woodpecker/cd.yaml
+++ b/.woodpecker/cd.yaml
@ -1,3 +1,5 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
 when:
  - event: manual
  - event: push
@ -7,16 +9,12 @@ steps:
  - name: build
    image: nixos/nix
    commands:
-      - whoami
-      - pwd
-      - ls
-      - env
      - |
        mkdir -p ~/.ssh
        echo "$CD_SSH_KEY" > ~/.ssh/id_ed25519
        ls -l ~/.ssh/id_ed25519
        chmod 600 ~/.ssh/id_ed25519
-      - bash -c "nix-shell -p strace --run 'strace -f -o ssh-agent.log ssh-agent -s'"
+      - nix-shell -p strace --run 'strace -f -o ssh-agent.log ssh-agent -s'
      - cat ssh-agent.log
      - |
        eval "$(ssh-agent -s)"
--- a/.woodpecker/check-data-model.yaml
+++ b/.woodpecker/check-data-model.yaml
@ -1,3 +1,5 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
 when:
  - event: manual
  - event: pull_request
--- a/.woodpecker/check-deployment-basic.yaml
+++ b/.woodpecker/check-deployment-basic.yaml
@ -1,3 +1,5 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
 when:
  - event: manual
  - event: pull_request
--- a/.woodpecker/check-deployment-cli.yaml
+++ b/.woodpecker/check-deployment-cli.yaml
@ -1,3 +1,5 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
 when:
  - event: manual
  - event: pull_request
--- a/.woodpecker/check-deployment-panel.yaml
+++ b/.woodpecker/check-deployment-panel.yaml
@ -1,3 +1,5 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
 when:
  - event: manual
  - event: pull_request
--- a/.woodpecker/check-mastodon.yaml
+++ b/.woodpecker/check-mastodon.yaml
@ -1,3 +1,5 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
 when:
  - event: manual
  - event: pull_request
--- a/.woodpecker/check-panel.yaml
+++ b/.woodpecker/check-panel.yaml
@ -1,3 +1,5 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
 when:
  - event: manual
  - event: pull_request
--- a/.woodpecker/check-peertube.yaml
+++ b/.woodpecker/check-peertube.yaml
@ -1,3 +1,5 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
 when:
  - event: manual
  - event: pull_request
--- a/.woodpecker/check-pre-commit.yaml
+++ b/.woodpecker/check-pre-commit.yaml
@ -1,3 +1,5 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
 when:
  - event: manual
  - event: pull_request
--- a/.woodpecker/check-resources.yaml
+++ b/.woodpecker/check-resources.yaml
@ -1,3 +1,5 @@
+$schema: https://raw.githubusercontent.com/woodpecker-ci/woodpecker/refs/heads/main/pipeline/frontend/yaml/linter/schema/schema.json
+
 when:
  - event: manual
  - event: push
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@ -111,7 +111,7 @@
          WOODPECKER_SERVER=localhost:9000
          WOODPECKER_USERNAME=x-oauth-basic
          WOODPECKER_HOSTNAME=https://woodpecker.fediversity.eu
-          WOODPECKER_MAX_WORKFLOWS=4
+          WOODPECKER_MAX_WORKFLOWS=5
          WOODPECKER_LOG_LEVEL=info
          WOODPECKER_DEBUG_PRETTY=false
          WOODPECKER_DEBUG_NOCOLOR=true
@ -202,8 +202,8 @@
  };

  networking = {
-    nftables.enable = lib.mkForce false;
    firewall = {
+      enable = lib.mkForce true;
      allowedTCPPorts = [
        22
        80
@ -215,6 +215,8 @@
        allowedTCPPorts = [ 53 ];
      };
    };
+    # helps make sure DNS resolves from the containers
+    nftables.enable = lib.mkForce false;
  };

  virtualisation.podman = {
@ -223,6 +225,10 @@
      enable = true;
      dates = "weekly";
    };
+    defaultNetwork.settings = {
+      dns_enabled = true;
+      ipv6_enabled = true;
+    };
  };

  systemd.services = {
Author	SHA1	Message	Date
Kiara Grouwstra	d2759ae4b2	Revert "try store mounted read-only" Some checks failed ci/woodpecker/manual/check-deployment-panel Pipeline is pending Details ci/woodpecker/manual/check-mastodon Pipeline is pending Details ci/woodpecker/manual/check-panel Pipeline is pending Details ci/woodpecker/manual/check-peertube Pipeline is pending Details ci/woodpecker/manual/check-pre-commit Pipeline is pending Details ci/woodpecker/manual/check-resources Pipeline is pending Details ci/woodpecker/manual/update Pipeline is pending Details ci/woodpecker/manual/check-data-model Pipeline failed Details ci/woodpecker/manual/cd Pipeline failed Details ci/woodpecker/manual/check-deployment-cli Pipeline failed Details ci/woodpecker/manual/check-deployment-basic Pipeline failed Details This reverts commit `586be6f309`.	2025-08-04 17:55:05 +02:00
Kiara Grouwstra	586be6f309	try store mounted read-only - `--store` as per https://blog.kotatsu.dev/posts/2023-04-21-woodpecker-nix-caching/ - `--eval-store` as per https://kevincox.ca/2022/01/02/nix-in-docker-caching/	2025-08-04 17:49:42 +02:00
Kiara Grouwstra	aafc4069d5	schema	2025-08-04 17:47:57 +02:00
Kiara Grouwstra	035558faec	max 5	2025-08-04 17:10:22 +02:00
Kiara Grouwstra	4f661adbc4	un-bash strace Some checks failed ci/woodpecker/manual/check-data-model Pipeline was successful Details ci/woodpecker/manual/check-deployment-basic Pipeline failed Details ci/woodpecker/manual/check-deployment-cli Pipeline failed Details ci/woodpecker/manual/check-mastodon Pipeline failed Details ci/woodpecker/manual/check-peertube Pipeline failed Details ci/woodpecker/manual/check-pre-commit Pipeline was successful Details ci/woodpecker/manual/check-resources Pipeline failed Details ci/woodpecker/manual/check-panel Pipeline failed Details ci/woodpecker/manual/update Pipeline was successful Details ci/woodpecker/manual/check-deployment-panel Pipeline failed Details ci/woodpecker/manual/cd Pipeline failed Details	2025-08-04 17:00:56 +02:00
Kiara Grouwstra	715da01e90	container dns rm dns	2025-08-04 16:57:59 +02:00
Kiara Grouwstra	d9f8b3c48c	enable firewall	2025-08-04 16:57:59 +02:00
Kiara Grouwstra	590d5a747e	document nftables	2025-08-04 16:57:59 +02:00