From 5484553a87924ec0e070a6a1e9ea797ef1353662 Mon Sep 17 00:00:00 2001
From: Alex Mickelson <alexmickelson96@gmail.com>
Date: Sat, 7 Feb 2026 14:02:00 -0700
Subject: [PATCH] environment

---
 nix/modules/gitea-runner.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nix/modules/gitea-runner.nix b/nix/modules/gitea-runner.nix
index 8baab51..d13cc6f 100644
--- a/nix/modules/gitea-runner.nix
+++ b/nix/modules/gitea-runner.nix
@@ -65,7 +65,9 @@
       "/data/runner"
       "/home/github/infrastructure"
     ];
-    
+    BindReadOnlyPaths = [
+      "/nix/store"
+    ];
     # Disable all sandboxing features
     DynamicUser = lib.mkForce false;
     PrivateDevices = lib.mkForce false;