feat(virtualisation): enable gvisor for containers

2024-03-07 20:47:24 +01:00 · 2024-03-07 20:47:24 +01:00 · 5da5d66d6a
commit 5da5d66d6a
parent 4eab62fe3b
4 changed files with 12 additions and 1 deletions
--- a/services/collabora-office.nix
+++ b/services/collabora-office.nix
@ -18,6 +18,8 @@ in {
      extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
    };
    extraOptions = [
+      "--runtime-flag=directfs=false"
+      "--runtime-flag=network=host"
      "--uidmap=0:65534:1"
      "--gidmap=0:65534:1"
      "--uidmap=100:${toString uid}:1"
--- a/services/focalboard.nix
+++ b/services/focalboard.nix
@ -59,6 +59,8 @@ in {
    # only secrets need to be included, e.g. FOCALBOARD_DBCONFIG
    environmentFiles = [ config.age.secrets.focalboard-env.path ];
    extraOptions = [
+      "--runtime-flag=directfs=false"
+      "--runtime-flag=network=host"
      "--uidmap=0:65534:1"
      "--gidmap=0:65534:1"
      "--uidmap=65534:${toString uid}:1"
--- a/services/immich.nix
+++ b/services/immich.nix
@ -37,6 +37,8 @@ let
      config.age.secrets.immich-typesense-env.path
    ];
    extraOptions = [
+      "--runtime-flag=directfs=false"
+      "--runtime-flag=network=host"
      "--uidmap=0:65534:1"
      "--gidmap=0:65534:1"
      "--uidmap=${toString uid}:${toString uid}:1"