UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

gh runner cleanup

Browse Source
This commit is contained in:
Hunter Halloran
2025-12-17 11:15:06 -05:00
parent 1d2430c2c4
commit c01328d826
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
sw/builders/services.nix
View File

@@ -35,11 +35,21 @@ mkIf builderCfg.githubRunner.enable {
# Restart on failure, but not immediately
RestartSec = 10;
# Disable namespace isolation features that don't work in LXC containers
# Disable all namespace isolation features that don't work in LXC containers
PrivateMounts = mkForce false;
MountAPIVFS = mkForce false;
BindPaths = mkForce [ ];
BindReadOnlyPaths = mkForce [ ];
PrivateTmp = mkForce false;
PrivateDevices = mkForce false;
ProtectSystem = mkForce false;
ProtectHome = mkForce false;
ReadOnlyPaths = mkForce [ ];
InaccessiblePaths = mkForce [ ];
PrivateUsers = mkForce false;
ProtectKernelTunables = mkForce false;
ProtectKernelModules = mkForce false;
ProtectControlGroups = mkForce false;
# Override the unconfigure script to be failure-tolerant
# The '-' prefix means the command failure won't cause the service to fail