ci(netty): disable NoNewPrivileges on runner so sudo works for deploy

Made-with: Cursor
2026-04-19 11:03:47 +00:00 · 2026-04-18 22:48:37 -04:00 · 2026-04-18 22:48:37 -04:00 · bac6f96814
commit bac6f96814
parent a1f22bd7b4
1 changed files with 4 additions and 0 deletions
--- a/hosts/netty/forgejo-runner.nix
+++ b/hosts/netty/forgejo-runner.nix
@ -8,6 +8,10 @@ let
  cacheRoot = "/var/cache/forgejo-runner";
 in
 {
+  systemd.services.gitea-runner-netty.serviceConfig = {
+    NoNewPrivileges = lib.mkForce false;
+  };
+
  security.sudo.extraRules = [
    {
      users = [ "gitea-runner" ];