alex/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Alex Mickelson
2026-02-18 21:08:00 -07:00
parent 49156df8b4
commit cedd54f901
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
nix/modules/gitea-runner.nix
View File

@@ -90,6 +90,8 @@
User = lib.mkForce "gitea-runner"; User = lib.mkForce "gitea-runner";
Group = lib.mkForce "gitea-runner"; Group = lib.mkForce "gitea-runner";
Environment = lib.mkForce [ "PATH=/run/wrappers/bin:/run/current-system/sw/bin" ];
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;
PrivateDevices = lib.mkForce false; PrivateDevices = lib.mkForce false;
PrivateMounts = lib.mkForce false; PrivateMounts = lib.mkForce false;
@@ -114,7 +116,6 @@
RestrictAddressFamilies = lib.mkForce [ ]; RestrictAddressFamilies = lib.mkForce [ ];
ReadWritePaths = lib.mkForce [ ]; ReadWritePaths = lib.mkForce [ ];
BindReadOnlyPaths = lib.mkForce [ ]; BindReadOnlyPaths = lib.mkForce [ ];
BindPaths = lib.mkForce [ "/run/wrappers" ];
DeviceAllow = lib.mkForce [ "/dev/zfs rw" ]; DeviceAllow = lib.mkForce [ "/dev/zfs rw" ];
DevicePolicy = lib.mkForce "auto"; DevicePolicy = lib.mkForce "auto";