nixos/woodpecker-agents: bind network files
Otherwise the agent might experience trouble with DNS resolution [1]. [1]: https://github.com/woodpecker-ci/plugin-git/issues/65
This commit is contained in:
parent
eb3bea6359
commit
cd116db45e
|
@ -83,6 +83,14 @@ let
|
||||||
PrivateMounts = true;
|
PrivateMounts = true;
|
||||||
SystemCallArchitectures = "native";
|
SystemCallArchitectures = "native";
|
||||||
SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
|
SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
|
||||||
|
BindReadOnlyPaths = [
|
||||||
|
"-/etc/resolv.conf"
|
||||||
|
"-/etc/nsswitch.conf"
|
||||||
|
"-/etc/ssl/certs"
|
||||||
|
"-/etc/static/ssl/certs"
|
||||||
|
"-/etc/hosts"
|
||||||
|
"-/etc/localtime"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
inherit (agentCfg) environment;
|
inherit (agentCfg) environment;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue