conditional sandbox relaxation for safe default import
Only set sandbox = "relaxed" when vmix.namespaces is non-empty. Safe to import as a default module on all hosts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
0d86585245
commit
7dd67bc893
1 changed files with 2 additions and 1 deletions
|
|
@ -7,7 +7,8 @@ in
|
|||
{
|
||||
imports = [ (import ./networks args) (import ./vms args) ];
|
||||
|
||||
config.nix.settings.sandbox = "relaxed"; # for vm customize to work properly
|
||||
# only relax sandbox on hosts that actually define VM namespaces
|
||||
config.nix.settings.sandbox = mkIf (config.vmix.namespaces != {}) "relaxed";
|
||||
|
||||
options.vmix.namespaces = mkOption {
|
||||
type = types.attrsOf
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue