# Sources for this configuration:
# - https://woodpecker-ci.org/docs/administration/deployment/nixos
# - https://woodpecker-ci.org/docs/administration/backends/docker
# - https://nixos.wiki/wiki/Podman

{ config, pkgs, ... }:

{
  virtualisation.podman = {
    enable = true;
    defaultNetwork.settings.dns_enabled = true;
  };

  networking.firewall.interfaces."podman0" = {
    # allowedUDPPorts = [ 53 ] gets already set by virtualisation.podman.defaultNetwork.settings.dns_enabled, but set it here explicitly anyway.
    allowedUDPPorts = [ 53 ];
    # For git.hamburg.ccc.de to resolve in the clone step for example, allowedTCPPorts also needs to be set to allow DNS.
    allowedTCPPorts = [ 53 ];
  };
}