...

1 files changed, 5 insertions, 3 deletions

diff --git a/modules/netns.nix b/modules/netns.nix
index 18e066e5..d4f07feb 100644
--- a/modules/netns.nix
+++ b/modules/netns.nix
@@ -92,9 +92,11 @@ let
       mkdir -p -m 0755 \
         "/nix/var/nix/profiles/per-container/${containerName}" \
         "/nix/var/nix/gcroots/per-container/${containerName}"
-      credsBind=""
+      credsBind=()
       if [ -n "''${CREDENTIALS_DIRECTORY}" ]; then
-        credsBind="--bind-ro=''${CREDENTIALS_DIRECTORY}:/run/host/credentials"
+        while IFS= read -r -d $'\0' credFile; do
+          credsBind+=("--load-credential=$(basename "''${credFile}"):''${credFile}")
+        done < <(find ''${CREDENTIALS_DIRECTORY} -type f -print0)
       fi
       # Run systemd-nspawn without startup notification (we'll
       # wait for the container systemd to signal readiness).
@@ -105,7 +107,7 @@ let
         --bind-ro=/nix/store \
         --bind-ro=/nix/var/nix/db \
         --bind-ro=/nix/var/nix/daemon-socket \
-        $credsBind \
+        ''${credsBind} \
         --bind="/nix/var/nix/profiles/per-container/${containerName}:/nix/var/nix/profiles" \
         --bind="/nix/var/nix/gcroots/per-container/${containerName}:/nix/var/nix/gcroots" \
         --setenv PATH="$PATH" \