From 8902a360db76edc217d11d28ab14eb95feb2099b Mon Sep 17 00:00:00 2001
From: Pierre Bourdon <delroth@gmail.com>
Date: Sun, 23 Jun 2024 20:27:59 +0200
Subject: [PATCH] bagel-box: fix /run/wrappers not being mounted on boot

---
 hosts/bagel-box/default.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/hosts/bagel-box/default.nix b/hosts/bagel-box/default.nix
index 9928aff..e213bef 100644
--- a/hosts/bagel-box/default.nix
+++ b/hosts/bagel-box/default.nix
@@ -1,8 +1,17 @@
-{ lib, ... }:
+{ config, lib, ... }:
 
 {
   boot.isContainer = true;
-  boot.specialFileSystems = lib.mkForce {};
+
+  # XXX: There's currently no way to remove the "problematic" entries (trying
+  # to override the /proc, /sys, /dev, ... mounts from systemd-nspawn) while
+  # also keeping the entry for the wrappers dir.
+  boot.specialFileSystems = lib.mkForce {
+    "/run/wrappers" = {
+      fsType = "tmpfs";
+      options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ];
+    };
+  };
 
   boot.loader.initScript.enable = true;