diff options
| author | Bruno BELANYI <bruno@belanyi.fr> | 2023-03-18 17:05:05 +0000 |
|---|---|---|
| committer | Bruno BELANYI <bruno@belanyi.fr> | 2023-03-23 14:16:45 +0000 |
| commit | cd116db45e8e31e01f9c20d4fbb7785febed74d8 (patch) | |
| tree | bfc6fb213c30eeaf548485fed92057d28940e1c1 /nixos/modules/services/continuous-integration | |
| parent | eb3bea6359b56048835f2a31bb1505eb6f793908 (diff) | |
| download | nixlib-cd116db45e8e31e01f9c20d4fbb7785febed74d8.tar nixlib-cd116db45e8e31e01f9c20d4fbb7785febed74d8.tar.gz nixlib-cd116db45e8e31e01f9c20d4fbb7785febed74d8.tar.bz2 nixlib-cd116db45e8e31e01f9c20d4fbb7785febed74d8.tar.lz nixlib-cd116db45e8e31e01f9c20d4fbb7785febed74d8.tar.xz nixlib-cd116db45e8e31e01f9c20d4fbb7785febed74d8.tar.zst nixlib-cd116db45e8e31e01f9c20d4fbb7785febed74d8.zip | |
nixos/woodpecker-agents: bind network files
Otherwise the agent might experience trouble with DNS resolution [1]. [1]: https://github.com/woodpecker-ci/plugin-git/issues/65
Diffstat (limited to 'nixos/modules/services/continuous-integration')
| -rw-r--r-- | nixos/modules/services/continuous-integration/woodpecker/agents.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/nixos/modules/services/continuous-integration/woodpecker/agents.nix b/nixos/modules/services/continuous-integration/woodpecker/agents.nix index 10ad94cee7bd..ac6ec45c0ba7 100644 --- a/nixos/modules/services/continuous-integration/woodpecker/agents.nix +++ b/nixos/modules/services/continuous-integration/woodpecker/agents.nix @@ -83,6 +83,14 @@ let PrivateMounts = true; SystemCallArchitectures = "native"; SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; + BindReadOnlyPaths = [ + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/ssl/certs" + "-/etc/static/ssl/certs" + "-/etc/hosts" + "-/etc/localtime" + ]; }; inherit (agentCfg) environment; }; |