From 5043a4833778ab9260d228a6a9dd46e0eb2771a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikael=20L=C3=B6vqvist?= Date: Thu, 23 Apr 2026 21:30:16 +0000 Subject: [PATCH] Update planning/automated-tasks.md --- planning/automated-tasks.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/planning/automated-tasks.md b/planning/automated-tasks.md index a5c0542..6fd135f 100644 --- a/planning/automated-tasks.md +++ b/planning/automated-tasks.md @@ -6,4 +6,10 @@ These actions are typically specified as a script that will use a base image, in To address this [`gitea.efforting.tech`](https://gitea.efforting.tech/) will be using a system where you have image declarations and task declarations. Multiple tasks could be using the same image, and the image will be reused. This should make tasks execute faster, invoke less network traffic and be [greener](https://en.wikipedia.org/wiki/Green_computing). -One thing not yet addressed is building for other platforms, like if you want to make sure your project can compile on windows or mac. But if we address this, this would probably be handled by additional VPS since it might be a bit too resource intensive to run multiple [QEMU](https://www.qemu.org/) sub systems for this purpose. But we will burn that bridge once we get to it. \ No newline at end of file +One thing not yet addressed is building for other platforms, like if you want to make sure your project can compile on windows or mac. But if we address this, this would probably be handled by additional VPS since it might be a bit too resource intensive to run multiple [QEMU](https://www.qemu.org/) sub systems for this purpose. But we will burn that bridge once we get to it. + +## Security considerations + +One can essentially go two routes where you either have a network where you block certain subnets to prevent LAN or local access while still allowing WAN access (the runners might need to fetch stuff but we don't want them to fetch internal stuff). + +[This comment](https://gitea.efforting.tech/mikael-lovqvist/claude-docker/issues/2#issuecomment-36) is also relevant here. A custom egress on the VPS might make this easy to reuse across services. \ No newline at end of file