diff options
author | Vincent Ambo <tazjin@tvl.su> | 2023-10-01T21·53+0300 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2023-10-01T22·15+0000 |
commit | 63d3d8cc35c58f8cde5f57f4fc551cb15e9bed1f (patch) | |
tree | 25bbce12e30d279f4ace396b892052305feb1fbe /users/tazjin/nixos/koptevo | |
parent | ac94bf46a62d32066f47c88b965f98cb2b01fe5e (diff) |
fix(tazjin/koptevo): let gonic access /etc/resolv.conf r/6684
Without this line, accessing external APIs from Gonic (e.g. scrobbling to Listenbrainz) does not work (unless a local resolver exists). This is because in the pure Go DNS implementation used in gonic, only /etc/resolv.conf can provide resolvers. Change-Id: I26dd9a845b0a70c4cfb983c68da2b76b7e57dfec Reviewed-on: https://cl.tvl.fyi/c/depot/+/9502 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
Diffstat (limited to 'users/tazjin/nixos/koptevo')
-rw-r--r-- | users/tazjin/nixos/koptevo/default.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/users/tazjin/nixos/koptevo/default.nix b/users/tazjin/nixos/koptevo/default.nix index 8149070a8d53..c1ac3571fd64 100644 --- a/users/tazjin/nixos/koptevo/default.nix +++ b/users/tazjin/nixos/koptevo/default.nix @@ -146,6 +146,12 @@ in }; }; + # hack to work around the strict sandboxing of the gonic module + # breaking DNS resolutino + systemd.services.gonic.serviceConfig.BindReadOnlyPaths = [ + "-/etc/resolv.conf" + ]; + services.nginx.virtualHosts."music.tazj.in" = { addSSL = true; enableACME = true; |