X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fpub%2Frestrict;h=b2f3be369f1a60fb0efb56d7d04e8cdcc0a687c2;hb=fffbbb5623649ca7c7b32b74558a26ec5cf11abb;hp=4a3e2152c3162e0817a8539aacea196b16c287b8;hpb=43e28479827d6363cece1ff1123417f7ac720799;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/pub/restrict b/nixops/modules/pub/restrict
index 4a3e215..b2f3be3 100644
--- a/nixops/modules/pub/restrict
+++ b/nixops/modules/pub/restrict
@@ -2,7 +2,6 @@
 user="$1"
 rootuser="$HOME/$user/"
 mkdir -p $rootuser
-mkdir -p $HOME/$user-nixstore
 
 orig="$SSH_ORIGINAL_COMMAND"
 if [ -z "$orig" ]; then
@@ -29,7 +28,6 @@ rsync*)
 
         set -euo pipefail
         (exec -c bwrap --ro-bind /usr /usr \
-              --bind /var/lib/pub/$user-nixstore /nix \
               --args 10 \
               --dir /tmp \
               --dir /var \
@@ -44,7 +42,8 @@ rsync*)
               --ro-bind /run/current-system/sw/bin /bin \
               --ro-bind /etc/profiles/per-user/pub/bin /bin-pub \
               --bind /var/lib/pub/$user /var/lib/pub \
-              --ro-bind $TMUX_RESTRICT /var/lib/pub/.tmux.restrict.conf \
+              --dir /var/lib/commons \
+              --ro-bind $TMUX_RESTRICT /var/lib/commons/tmux.restrict.conf \
               --chdir /var/lib/pub \
               --unshare-all \
               --share-net \