harness: set sandbox-fallback = true to fix nix builds in containers (fixes #196)
This commit is contained in:
damocles
Mara
parent
3e098c56ff
commit
6974634326
1 changed files with 8 additions and 0 deletions
|
|
@ -347,6 +347,14 @@
|
|||
"flakes"
|
||||
];
|
||||
|
||||
# Containers bind-mount the host's nix-daemon socket. The host daemon
|
||||
# may be configured with remote builders or strict sandbox settings
|
||||
# (sandbox-fallback = false) that make local `nix build` invocations
|
||||
# fail inside the container. Enable sandbox-fallback so builds that
|
||||
# can't set up the sandbox (no user-namespaces in nspawn) fall back
|
||||
# to unsandboxed local builds rather than failing outright.
|
||||
nix.settings.sandbox-fallback = true;
|
||||
|
||||
# `claude-code` is unfree. Each per-agent container's nixosConfiguration
|
||||
# evaluates its own `nixpkgs` instance, so the operator's host-level
|
||||
# `nixpkgs.config.allowUnfreePredicate` does not propagate into here —
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue