harness: set sandbox-fallback = true to fix nix builds in containers (fixes #196)
This commit is contained in:
damocles
Mara
parent
3e098c56ff
commit
6974634326
1 changed files with 8 additions and 0 deletions
|
|
@ -347,6 +347,14 @@
|
||||||
"flakes"
|
"flakes"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Containers bind-mount the host's nix-daemon socket. The host daemon
|
||||||
|
# may be configured with remote builders or strict sandbox settings
|
||||||
|
# (sandbox-fallback = false) that make local `nix build` invocations
|
||||||
|
# fail inside the container. Enable sandbox-fallback so builds that
|
||||||
|
# can't set up the sandbox (no user-namespaces in nspawn) fall back
|
||||||
|
# to unsandboxed local builds rather than failing outright.
|
||||||
|
nix.settings.sandbox-fallback = true;
|
||||||
|
|
||||||
# `claude-code` is unfree. Each per-agent container's nixosConfiguration
|
# `claude-code` is unfree. Each per-agent container's nixosConfiguration
|
||||||
# evaluates its own `nixpkgs` instance, so the operator's host-level
|
# evaluates its own `nixpkgs` instance, so the operator's host-level
|
||||||
# `nixpkgs.config.allowUnfreePredicate` does not propagate into here —
|
# `nixpkgs.config.allowUnfreePredicate` does not propagate into here —
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue