alex/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

environment

Browse Source
This commit is contained in:
Alex Mickelson
2026-02-07 13:36:01 -07:00
parent 474b0ac5ad
commit 1a32a3d826
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
nix/home-server.nix
View File

@@ -329,21 +329,27 @@
"/data/runner" "/data/runner"
"/home/github/infrastructure" "/home/github/infrastructure"
]; ];
PrivateDevices = false; PrivateDevices = false;
DeviceAllow = [ "/dev/zfs rw" ]; DeviceAllow = [ "/dev/zfs rw" ];
ProtectProc = "default"; ProtectProc = "default";
ProtectSystem = false; ProtectSystem = false;
PrivateMounts = false; PrivateMounts = false;
PrivateUsers = false; PrivateUsers = false;
ProtectHome = false; ProtectHome = false;
NoNewPrivileges = false; # Add this
Restart = lib.mkForce "always";
# Ensure access to Nix store and system paths
Environment = [ BindReadOnlyPaths = [
"PATH=/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin" "/nix/store"
"/run/current-system"
]; ];
# Set proper PATH
Environment = [
"PATH=/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/bin:/bin"
];
Restart = lib.mkForce "always";
}; };
users.users.gitea-runner = { users.users.gitea-runner = {
isNormalUser = true; isNormalUser = true;