hippocampus: perfect pitch: net tun device

2026-02-11 22:20:03 -05:00
parent 9291300cbd
commit 3ad59a986a
1 changed files with 5 additions and 2 deletions
--- a/machines/hippocampus/servers/public/perfect_pitch.nix
+++ b/machines/hippocampus/servers/public/perfect_pitch.nix
@@ -10,7 +10,7 @@
    };
    script = ''
      exec ${config.systemd.package}/bin/systemd-nspawn --hostname perfectpitch \
-        --resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse \
+        --resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse --bind /dev/net/tun \
        -nbD /var/lib/machines/perfectpitch --machine perfectpitch
    '';
    postStart = ''
@@ -22,7 +22,10 @@
      Type = "notify";
      Slice = "machine.slice";
      Delegate = true;
-      DeviceAllow = "/dev/fuse rwm";
+      DeviceAllow = [
+        "/dev/fuse rwm"
+        "/dev/net/tun rwm"
+      ];
    };
  };
  networking.nat = {