nixos/woodpecker-agents: bind network files

Otherwise the agent might experience trouble with DNS resolution [1].

[1]: https://github.com/woodpecker-ci/plugin-git/issues/65

nixos/modules/services/continuous-integration/woodpecker/agents.nix

@@ -83,6 +83,14 @@ let
         PrivateMounts = true;
         SystemCallArchitectures = "native";
         SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
+        BindReadOnlyPaths = [
+          "-/etc/resolv.conf"
+          "-/etc/nsswitch.conf"
+          "-/etc/ssl/certs"
+          "-/etc/static/ssl/certs"
+          "-/etc/hosts"
+          "-/etc/localtime"
+        ];
       };
       inherit (agentCfg) environment;
     };