nixos: services: woodpecker: exec: fix NodeJS

I need it for Tree Sitter support...
2024-04-08 21:19:54 +02:00 · 2024-04-08 21:19:54 +02:00 · 6efe2c12ba
parent 6b51b4e2ab
commit 6efe2c12ba
1 changed files with 2 additions and 0 deletions
--- a/modules/nixos/services/woodpecker/agent-exec/default.nix
+++ b/modules/nixos/services/woodpecker/agent-exec/default.nix
@ -44,6 +44,8 @@ in
      serviceConfig = {
        # Same option as upstream, without @setuid
        SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap";
+        # NodeJS requires RWX memory...
+        MemoryDenyWriteExecute = lib.mkForce false;

        BindPaths = [
          "/nix/var/nix/daemon-socket/socket"