Commit 52829b3

HPCesia <me@hpcesia.com>
2026-03-12 15:56:18
fix: forgejo runner firewall config for nftable
1 parent 282a844
Changed files (1)
modules
services
forgejo-runner
modules/services/forgejo-runner/default.nix
@@ -51,7 +51,10 @@
     # If you would like to use docker runners in combination with cache actions,
     # be sure to add docker bridge interfaces “br-*” to the firewalls’ trusted interfaces.
     # See https://forgejo.org/docs/next/admin/actions/runner-installation/#nixos
-    networking.firewall.trustedInterfaces = ["br-+"];
+    networking.firewall.trustedInterfaces =
+      if (config.networking.nftables.enable)
+      then ["br-*"]
+      else ["br-+"];
 
     vaultix.templates.forgejo-runner-token-file = {
       content = "TOKEN=${config.vaultix.placeholder.forgejo-runner-token}";