hosts: server: fix gitea runner

modules/services/server/gitea_runner.nix

@@ -6,7 +6,10 @@
         enable = true;
         autoPrune.enable = true;
         dockerCompat = true;
-        #defaultNetwork.settings.dns_enabled = true;
+      };
+      containers.containersConf.settings = {
+        # podman seems to not work with systemd-resolved
+        containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
       };
     };
 
@@ -17,17 +20,35 @@
             name = "Server runner";
             tokenFile = config.age.secrets."services/gitea/serverrunner-token".path;
             labels = [ 
+              "server"
               "debian-latest:docker://node:18-bullseye"
+              "ubuntu-latest:docker://node:16-bullseye"
+              "ubuntu-22.04:docker://node:16-bullseye"
+              "ubuntu-20.04:docker://node:16-bullseye"
+              "ubuntu-18.04:docker://node:16-buster"
               "native:host"
             ];
             hostPackages = with pkgs; [
               bash
-              curl
-              gitMinimal
               coreutils
-              wget
+              curl
+              gawk
+              gitMinimal
               gnused
+              nodejs
+              wget
             ];
+            settings = {
+             # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
+               # the default network that also respects our dns server settings
+              container.network = "host";
+              container.privileged = false;
+             # container.valid_volumes = [
+             #   "/nix"
+             #   "${storeDeps}/bin"
+             #   "${storeDeps}/etc/ssl"
+             # ];
+            };
         };
     };
 

modules/services/server/microvm.nix

@@ -3,7 +3,6 @@ let
   name = "gitea-runner";
 in
 {
-
   microvm = {
     autostart = [
       name
@@ -14,11 +13,6 @@ in
         inherit pkgs;
 
         config = {
-          #pkgs = import nixpkgs {
-          #  system = "x86_64-linux";
-          #  config.allowUnfree = true;
-          #};
-
           imports = 
             [ agenix.nixosModules.default ] ++
             [ impermanence.nixosModules.impermanence ] ++
@@ -46,7 +40,6 @@ in
               };
           };
 
-
           users.users.${user} = {                   # System User
             isNormalUser = true;
             extraGroups = [ "wheel" ];
@@ -77,15 +70,27 @@ in
 
           fileSystems."/persist".neededForBoot = lib.mkForce true;
 
-          environment.persistence."/persist" = {
+          environment = {
+            systemPackages = with pkgs; [           # Default packages install system-wide
+               bash
+               coreutils
+               curl
+               gawk
+               gitMinimal
+               gnused
+               nodejs
+               wget
+            ];
+            persistence."/persist" = {
               directories = [
                 "/var/log"
-                "/var/lib"
+                "/var/lib/private"
               ];
 
               files = [
                 "/etc/machine-id"
               ];
+            };
           };
 
           microvm = {