From e0530694e67f84e5bc10d759ff30a8f03069c523 Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Sun, 5 Dec 2021 12:01:47 -0500
Subject: [PATCH] add a container, stub

---
 containers/hercules.nix | 13 +++++++++++++
 hosts/thick.nix         |  1 +
 2 files changed, 14 insertions(+)
 create mode 100644 containers/hercules.nix

diff --git a/containers/hercules.nix b/containers/hercules.nix
new file mode 100644
index 0000000..b1fb45f
--- /dev/null
+++ b/containers/hercules.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, lib, ... }:
+
+# A separate container to run Hercules effects
+# https://docs.hercules-ci.com/hercules-ci/effects/
+{
+  containers.hercules = {
+    ephemeral = false;
+    autoStart = true;
+    config = { config, pkgs, ... }: {
+      networking.firewall.allowedTCPPorts = [ ];
+    };
+  };
+}
diff --git a/hosts/thick.nix b/hosts/thick.nix
index b129cf4..651f046 100644
--- a/hosts/thick.nix
+++ b/hosts/thick.nix
@@ -4,6 +4,7 @@
   imports =
     [
       (modulesPath + "/installer/scan/not-detected.nix")
+      (../containers/hercules.nix)
     ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];