modules: services: woodpecker: allow setuid
All checks were successful
ci/woodpecker/push/check Pipeline was successful

I need it to be able to use `ssh-agent`, for some of my workflows.
This commit is contained in:
Bruno BELANYI 2023-04-01 21:05:20 +02:00
parent 0da267664c
commit f15b3aa23d

View file

@ -45,6 +45,9 @@ in
];
serviceConfig = {
# Same option as upstream, without @setuid
SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap";
BindPaths = [
"/nix/var/nix/daemon-socket/socket"
"/run/nscd/socket"