aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Completely disable sandboxing for build service
Some checks failed
nix-bitcoin tests / build_test_drivers (push) Has been cancelled
Details
nix-bitcoin tests / check_flake (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (default) (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (joinmarket-bitcoind-29) (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (netns) (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (netnsRegtest) (push) Has been cancelled
Details

Browse source
This commit is contained in:
Patrick Mulligan 2026-01-09 22:47:07 +01:00
parent 05f5971eed
commit a4da436061
1 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/lamassu-lnbits.nix
View file

@ -328,11 +328,20 @@ in
Group = cfg.group; Group = cfg.group;
# Build can take a while, especially on first run # Build can take a while, especially on first run
TimeoutStartSec = "30min"; TimeoutStartSec = "30min";
# Allow write access to data directory for cloning and building # Completely disable sandboxing for build (npm scripts need full access)
ReadWritePaths = [ cfg.dataDir "/tmp" ];
# Relax sandboxing for build scripts
PrivateTmp = false; PrivateTmp = false;
PrivateDevices = false;
ProtectSystem = false;
ProtectHome = false;
NoNewPrivileges = false; NoNewPrivileges = false;
ProtectKernelTunables = false;
ProtectKernelModules = false;
ProtectControlGroups = false;
RestrictNamespaces = false;
RestrictSUIDSGID = false;
LockPersonality = false;
# Don't restrict syscalls
SystemCallFilter = "";
}; };
script = '' script = ''