summaryrefslogtreecommitdiff
path: root/modules/netns.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/netns.nix')
-rw-r--r--modules/netns.nix8
1 files changed, 5 insertions, 3 deletions
diff --git a/modules/netns.nix b/modules/netns.nix
index 18e066e5..d4f07feb 100644
--- a/modules/netns.nix
+++ b/modules/netns.nix
@@ -92,9 +92,11 @@ let
92 mkdir -p -m 0755 \ 92 mkdir -p -m 0755 \
93 "/nix/var/nix/profiles/per-container/${containerName}" \ 93 "/nix/var/nix/profiles/per-container/${containerName}" \
94 "/nix/var/nix/gcroots/per-container/${containerName}" 94 "/nix/var/nix/gcroots/per-container/${containerName}"
95 credsBind="" 95 credsBind=()
96 if [ -n "''${CREDENTIALS_DIRECTORY}" ]; then 96 if [ -n "''${CREDENTIALS_DIRECTORY}" ]; then
97 credsBind="--bind-ro=''${CREDENTIALS_DIRECTORY}:/run/host/credentials" 97 while IFS= read -r -d $'\0' credFile; do
98 credsBind+=("--load-credential=$(basename "''${credFile}"):''${credFile}")
99 done < <(find ''${CREDENTIALS_DIRECTORY} -type f -print0)
98 fi 100 fi
99 # Run systemd-nspawn without startup notification (we'll 101 # Run systemd-nspawn without startup notification (we'll
100 # wait for the container systemd to signal readiness). 102 # wait for the container systemd to signal readiness).
@@ -105,7 +107,7 @@ let
105 --bind-ro=/nix/store \ 107 --bind-ro=/nix/store \
106 --bind-ro=/nix/var/nix/db \ 108 --bind-ro=/nix/var/nix/db \
107 --bind-ro=/nix/var/nix/daemon-socket \ 109 --bind-ro=/nix/var/nix/daemon-socket \
108 $credsBind \ 110 ''${credsBind} \
109 --bind="/nix/var/nix/profiles/per-container/${containerName}:/nix/var/nix/profiles" \ 111 --bind="/nix/var/nix/profiles/per-container/${containerName}:/nix/var/nix/profiles" \
110 --bind="/nix/var/nix/gcroots/per-container/${containerName}:/nix/var/nix/gcroots" \ 112 --bind="/nix/var/nix/gcroots/per-container/${containerName}:/nix/var/nix/gcroots" \
111 --setenv PATH="$PATH" \ 113 --setenv PATH="$PATH" \
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-24 07:59:34 +0000