From f56231e1a1d45c46290c2edb24ed772487b65378 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Fri, 20 Sep 2024 21:34:52 +0200
Subject: [PATCH] Pin versions of docker images

---
 hosts/stratus/containers/docker/actualbudget/default.nix | 2 +-
 hosts/stratus/containers/docker/default.nix              | 2 +-
 hosts/stratus/containers/docker/onlyoffice/default.nix   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hosts/stratus/containers/docker/actualbudget/default.nix b/hosts/stratus/containers/docker/actualbudget/default.nix
index 9aad54a..ec59782 100644
--- a/hosts/stratus/containers/docker/actualbudget/default.nix
+++ b/hosts/stratus/containers/docker/actualbudget/default.nix
@@ -19,7 +19,7 @@ in
 
   virtualisation.oci-containers.containers = {
     ${serviceName} = {
-      image = "ghcr.io/actualbudget/actual-server:latest";
+      image = "ghcr.io/actualbudget/actual-server@sha256:90a670b73ce539ca4bf70e3740756f106ec815d3933cabf2414ae2e26e031d65";
       volumes = [ "/data/${serviceName}:/data" ];
     };
 
diff --git a/hosts/stratus/containers/docker/default.nix b/hosts/stratus/containers/docker/default.nix
index cb795ce..e650e58 100644
--- a/hosts/stratus/containers/docker/default.nix
+++ b/hosts/stratus/containers/docker/default.nix
@@ -15,7 +15,7 @@ in
     containers = lib.mapAttrs' (
       name: _:
       lib.nameValuePair "tailscale-${name}" {
-        image = "ghcr.io/tailscale/tailscale:latest";
+        image = "ghcr.io/tailscale/tailscale@sha256:83a6faec34866f70914a7d241d6ca749e6914f08f4f9059d942e1c3088dc001b";
         environment = {
           TS_STATE_DIR = "/var/lib/tailscale";
           TS_SERVE_CONFIG = "/config/tailscale-serve.json";
diff --git a/hosts/stratus/containers/docker/onlyoffice/default.nix b/hosts/stratus/containers/docker/onlyoffice/default.nix
index 9a0de03..c52a704 100644
--- a/hosts/stratus/containers/docker/onlyoffice/default.nix
+++ b/hosts/stratus/containers/docker/onlyoffice/default.nix
@@ -19,7 +19,7 @@ in
 
   virtualisation.oci-containers.containers = {
     ${serviceName} = {
-      image = "onlyoffice/documentserver";
+      image = "onlyoffice/documentserver@sha256:b9e3c35eab182d3de822a53b109b0f27070f6eacea3b1388b9c50d1182f638f2";
       environmentFiles = [
         # Contains "JWT_SECRET=<token>"
         config.sops.secrets."container/${serviceName}/jwt-secret".path