Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hippocampus: perfect pitch: net tun device

Browse Source
This commit is contained in:
David Crompton
2026-02-11 22:20:03 -05:00
parent 9291300cbd
commit 3ad59a986a
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
machines/hippocampus/servers/public/perfect_pitch.nix
View File

@@ -10,7 +10,7 @@
}; };
script = '' script = ''
exec ${config.systemd.package}/bin/systemd-nspawn --hostname perfectpitch \ exec ${config.systemd.package}/bin/systemd-nspawn --hostname perfectpitch \
--resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse \ --resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse --bind /dev/net/tun \
-nbD /var/lib/machines/perfectpitch --machine perfectpitch -nbD /var/lib/machines/perfectpitch --machine perfectpitch
''; '';
postStart = '' postStart = ''
@@ -22,7 +22,10 @@
Type = "notify"; Type = "notify";
Slice = "machine.slice"; Slice = "machine.slice";
Delegate = true; Delegate = true;
DeviceAllow = "/dev/fuse rwm"; DeviceAllow = [
"/dev/fuse rwm"
"/dev/net/tun rwm"
];
}; };
}; };
networking.nat = { networking.nat = {