Nspawn with a bind mount.

author: Hugo Hörnquist <hugo@lysator.liu.se> 2022-01-02 03:08:29 +0100
committer: Hugo Hörnquist <hugo@lysator.liu.se> 2022-01-02 03:08:29 +0100
commit: 22ba89e796aa44321e68b7f16a2b37a3ee60db2f (patch)
tree: c795f6e1f1f8be0078fc6262b3c5d725d5159cc7
parent: Only run nspawn stuff if machine not running. (diff)
download: nspawn-22ba89e796aa44321e68b7f16a2b37a3ee60db2f.tar.gz
nspawn-22ba89e796aa44321e68b7f16a2b37a3ee60db2f.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/manifests/machine.pp b/manifests/machine.pp
index d747069..1c688f6 100644
--- a/manifests/machine.pp
+++ b/manifests/machine.pp
@@ -15,6 +15,11 @@ define nspawn::machine (
     # /usr/lib/systemd/resolv.conf
     ResolvConf=copy-static
 
+    [Files]
+    # TODO This should only be mounted on puppet servers, in case it
+    # contains secrets
+    BindReadOnly=/usr/local/puppet:/puppet
+
     [Network]
     Bridge=br0
     | EOF
author	Hugo Hörnquist <hugo@lysator.liu.se>	2022-01-02 03:08:29 +0100
committer	Hugo Hörnquist <hugo@lysator.liu.se>	2022-01-02 03:08:29 +0100
commit	22ba89e796aa44321e68b7f16a2b37a3ee60db2f (patch)
tree	c795f6e1f1f8be0078fc6262b3c5d725d5159cc7
parent	Only run nspawn stuff if machine not running. (diff)
download	nspawn-22ba89e796aa44321e68b7f16a2b37a3ee60db2f.tar.gz nspawn-22ba89e796aa44321e68b7f16a2b37a3ee60db2f.tar.xz