diff --git a/services/collabora-office.nix b/services/collabora-office.nix index 0147704..6b6bba8 100644 --- a/services/collabora-office.nix +++ b/services/collabora-office.nix @@ -18,6 +18,8 @@ in { extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; }; extraOptions = [ + "--runtime-flag=directfs=false" + "--runtime-flag=network=host" "--uidmap=0:65534:1" "--gidmap=0:65534:1" "--uidmap=100:${toString uid}:1" diff --git a/services/focalboard.nix b/services/focalboard.nix index 6e400a5..2ac56c9 100644 --- a/services/focalboard.nix +++ b/services/focalboard.nix @@ -59,6 +59,8 @@ in { # only secrets need to be included, e.g. FOCALBOARD_DBCONFIG environmentFiles = [ config.age.secrets.focalboard-env.path ]; extraOptions = [ + "--runtime-flag=directfs=false" + "--runtime-flag=network=host" "--uidmap=0:65534:1" "--gidmap=0:65534:1" "--uidmap=65534:${toString uid}:1" diff --git a/services/immich.nix b/services/immich.nix index f4b89c9..9435959 100644 --- a/services/immich.nix +++ b/services/immich.nix @@ -37,6 +37,8 @@ let config.age.secrets.immich-typesense-env.path ]; extraOptions = [ + "--runtime-flag=directfs=false" + "--runtime-flag=network=host" "--uidmap=0:65534:1" "--gidmap=0:65534:1" "--uidmap=${toString uid}:${toString uid}:1" diff --git a/virtualisation/containers.nix b/virtualisation/containers.nix index b22e3ec..2b9b0b5 100644 --- a/virtualisation/containers.nix +++ b/virtualisation/containers.nix @@ -1,4 +1,4 @@ -_: +{ pkgs, lib, ... }: { # Enable /etc/containers configuration (used by podman, cri-o, etc.) @@ -6,6 +6,11 @@ _: virtualisation.containers.containersConf.settings = { # Create unique User Namespace for the container containers.userns = "auto"; + engine = { + conmon_env_vars = [ "PATH=${lib.makeBinPath [ pkgs.gvisor ]}" ]; + runtimes.runsc = [ "${pkgs.gvisor}/bin/runsc" ]; + runtime = "runsc"; + }; }; virtualisation.containers.storage.settings = { # defaults