From c1f62e9827efe7c8e303e3cfa70dac8f544312b1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 9 Aug 2022 11:23:00 +0300
Subject: ...

---
 modules/netns.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'modules/netns.nix')

diff --git a/modules/netns.nix b/modules/netns.nix
index 18e066e5..d4f07feb 100644
--- a/modules/netns.nix
+++ b/modules/netns.nix
@@ -92,9 +92,11 @@ let
       mkdir -p -m 0755 \
         "/nix/var/nix/profiles/per-container/${containerName}" \
         "/nix/var/nix/gcroots/per-container/${containerName}"
-      credsBind=""
+      credsBind=()
       if [ -n "''${CREDENTIALS_DIRECTORY}" ]; then
-        credsBind="--bind-ro=''${CREDENTIALS_DIRECTORY}:/run/host/credentials"
+        while IFS= read -r -d $'\0' credFile; do
+          credsBind+=("--load-credential=$(basename "''${credFile}"):''${credFile}")
+        done < <(find ''${CREDENTIALS_DIRECTORY} -type f -print0)
       fi
       # Run systemd-nspawn without startup notification (we'll
       # wait for the container systemd to signal readiness).
@@ -105,7 +107,7 @@ let
         --bind-ro=/nix/store \
         --bind-ro=/nix/var/nix/db \
         --bind-ro=/nix/var/nix/daemon-socket \
-        $credsBind \
+        ''${credsBind} \
         --bind="/nix/var/nix/profiles/per-container/${containerName}:/nix/var/nix/profiles" \
         --bind="/nix/var/nix/gcroots/per-container/${containerName}:/nix/var/nix/gcroots" \
         --setenv PATH="$PATH" \
-- 
cgit v1.2.3