From 9d2bff27fd89842a67e19b8f13c1242bb1c1fdad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Sun, 2 Jan 2022 03:08:29 +0100
Subject: Nspawn with a bind mount.

---
 modules/nspawn/manifests/machine.pp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/nspawn/manifests/machine.pp b/modules/nspawn/manifests/machine.pp
index d747069..1c688f6 100644
--- a/modules/nspawn/manifests/machine.pp
+++ b/modules/nspawn/manifests/machine.pp
@@ -15,6 +15,11 @@ define nspawn::machine (
     # /usr/lib/systemd/resolv.conf
     ResolvConf=copy-static
 
+    [Files]
+    # TODO This should only be mounted on puppet servers, in case it
+    # contains secrets
+    BindReadOnly=/usr/local/puppet:/puppet
+
     [Network]
     Bridge=br0
     | EOF
-- 
cgit v1.2.3