about summary refs log tree commit diff
path: root/users/tazjin/nixos/koptevo/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'users/tazjin/nixos/koptevo/default.nix')
-rw-r--r--users/tazjin/nixos/koptevo/default.nix6
1 files changed, 6 insertions, 0 deletions
diff --git a/users/tazjin/nixos/koptevo/default.nix b/users/tazjin/nixos/koptevo/default.nix
index 8149070a8d53..c1ac3571fd64 100644
--- a/users/tazjin/nixos/koptevo/default.nix
+++ b/users/tazjin/nixos/koptevo/default.nix
@@ -146,6 +146,12 @@ in
     };
   };
 
+  # hack to work around the strict sandboxing of the gonic module
+  # breaking DNS resolutino
+  systemd.services.gonic.serviceConfig.BindReadOnlyPaths = [
+    "-/etc/resolv.conf"
+  ];
+
   services.nginx.virtualHosts."music.tazj.in" = {
     addSSL = true;
     enableACME = true;
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-01T10ยท45+0000